On Thu, 2026-02-19 at 21:34 -0800, Het Patel via lists.openembedded.org wrote: > From: Marta Rybczynska <[email protected]> > > CVE_STATUS contains assesment of a given CVE, but until now it didn't have > include the affected vendor/product. In the case of a global system include, > that CVE_STATUS was visible in all recipes. > > This patch allows encoding of affected product/vendor to each CVE_STATUS > assessment, also for groups. We can then filter them later and use only > CVEs that correspond to the recipe. > > This is going to be used in meta/conf/distro/include/cve-extra-exclusions.inc > and similar places. > > Backport Changes: > - Discarded the changes to meta/lib/oe/spdx30_tasks.py, as the > commit history for this file diverges from the base commit > itself (9c9b9545049a in the scarthgap branch). > - Additionally, the changes do not introduce any major features > and are primarily focused on code restructuring. > > Signed-off-by: Marta Rybczynska <[email protected]> > Signed-off-by: Richard Purdie <[email protected]> > (cherry picked from commit abca80a716e92fc18d3085aba1a15f4bac72379c) > Signed-off-by: Het Patel <[email protected]>
Hi, When sending a long list of backport patches like this, please include a cover letter explaining the benefit you see to having these on the stable branch and include some test results. Have you confirmed that all the patches in your series are also on the whinlatter branch as well as master? Best regards, -- Paul Barker
signature.asc
Description: This is a digitally signed message part
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231661): https://lists.openembedded.org/g/openembedded-core/message/231661 Mute This Topic: https://lists.openembedded.org/mt/117905842/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
