Hello, Please ignore this serie, it is not ready, and was sent by mistake... Really sorry.
On Thursday, November 20, 2025 at 10:19 AM, Benjamin Robin (Schneider Electric) wrote: > From: "Benjamin Robin" <[email protected]> > > The goal of this backport is to be able to extract all CVE annotations > provided by the CVE_STATUS and the CVE_STATUS_GROUPS variables. > > Currently only CVEs with "Patched" status are exported in SPDX 3.0 files. > And CVE annotations provided by the CVE_STATUS_GROUPS variable are not > exported, since previously this was only handled by cve-check.bbclass. > > Also backport the vex.bbclass, which will help users to extract all the > information needed to do a CVE analysis outside of Yocto. > > With this backport, great care has been taken to avoid breaking > compatibility. This is why the get_patched_cves() API was not changed. > Everything that was needed is implemented in the associated .bbclass. > > Benjamin Robin (5): > spdx30: provide all CVE_STATUS, not only Patched status > vex.bbclass: add a new class > cve-check: extract extending CVE_STATUS to library function > spdx: extend CVE_STATUS variables > vex: fix rootfs manifest > > meta/classes/cve-check.bbclass | 17 +- > meta/classes/spdx-common.bbclass | 5 + > meta/classes/vex.bbclass | 319 +++++++++++++++++++++++++++++++ > meta/lib/oe/cve_check.py | 22 +++ > meta/lib/oe/spdx30_tasks.py | 31 +-- > 5 files changed, 365 insertions(+), 29 deletions(-) > create mode 100644 meta/classes/vex.bbclass -- Benjamin Robin, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#226636): https://lists.openembedded.org/g/openembedded-core/message/226636 Mute This Topic: https://lists.openembedded.org/mt/116394697/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
