mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

spdx30: handle Unknown CVE_STATUS

Browse Source 
CVE_STATUS can be also "Unknown" since oe-core commit
d25f1817752bc8a84c40dcbef75f7559801ce15e

When this status type is used, build fails with e.g.
ERROR: openssl-3.4.1-r0 do_create_spdx: Unknown CVE-2025-0001 status 'Unknown'

Since this is now a valid status, it needs to be handled.
It cannot be mapped to any VEX status (see below), so just skip it.
Possible VEX statuses are: NOT AFFECTED, AFFECTED, FIXED, and UNDER INVESTIGATION.

(From OE-Core rev: 2d3081ef63c8a54df62a2a08bd36008c20eed65a)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
cc: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2025-03-31 13:11:28 +02:00
committed by Richard Purdie
parent 07ab691bd9
commit 057049c1b6
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/lib/oe/spdx30_tasks.py
+2
View File
@@ -724,6 +724,8 @@ def create_spdx(d):
)
else:
bb.fatal(f"Unknown detail '{detail}' for ignored {cve}")
elif status == "Unknown":
bb.note(f"Skipping {cve} with status 'Unknown'")
else:
bb.fatal(f"Unknown {cve} status '{status}'")