summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2021-03-04 22:44:07 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-04-19 12:55:20 +0100
commitebd1ea905d2c0c12f631902e825af899fa51253d (patch)
treefcf0d4225a78f8d1deb5f3091e4b350be1ddaec8
parent748958855900cf663a2656d2f27a7ab6edfc63eb (diff)
downloadpoky-ebd1ea905d2c0c12f631902e825af899fa51253d.tar.gz
cve-check: CVE_VERSION_SUFFIX to work with patched release
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX" or "patchX" as patched release. also update testcases to cover this changes and set CVE_VERSION_SUFFIX for sudo. (From OE-Core rev: 7e75801c9a76d7bcd2fed3a6522214f483966166) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8076815fc2ffc8f632e73527ce2b7d158a29e9ea) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/lib/oe/cve_check.py7
-rw-r--r--meta/lib/oeqa/selftest/cases/cve_check.py8
-rw-r--r--meta/recipes-extended/sudo/sudo.inc2
3 files changed, 16 insertions, 1 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index ce755f940a..a1d7c292af 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -11,8 +11,13 @@ _Version = collections.namedtuple(
11class Version(): 11class Version():
12 12
13 def __init__(self, version, suffix=None): 13 def __init__(self, version, suffix=None):
14
15 suffixes = ["alphabetical", "patch"]
16
14 if str(suffix) == "alphabetical": 17 if str(suffix) == "alphabetical":
15 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" 18 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
19 elif str(suffix) == "patch":
20 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(p|patch)(?P<patch_l>[0-9]+))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
16 else: 21 else:
17 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" 22 version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
18 regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE) 23 regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
@@ -23,7 +28,7 @@ class Version():
23 28
24 self._version = _Version( 29 self._version = _Version(
25 release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")), 30 release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")),
26 patch_l=match.group("patch_l") if str(suffix) == "alphabetical" and match.group("patch_l") else "", 31 patch_l=match.group("patch_l") if str(suffix) in suffixes and match.group("patch_l") else "",
27 pre_l=match.group("pre_l"), 32 pre_l=match.group("pre_l"),
28 pre_v=match.group("pre_v") 33 pre_v=match.group("pre_v")
29 ) 34 )
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index 3f343a2841..d1947baffc 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -34,3 +34,11 @@ class CVECheck(OESelftestTestCase):
34 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' < '1.0r'") 34 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' < '1.0r'")
35 result = Version("1.0b","alphabetical") > Version("1.0","alphabetical") 35 result = Version("1.0b","alphabetical") > Version("1.0","alphabetical")
36 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' > '1.0'") 36 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' > '1.0'")
37
38 # consider the trailing "p" and "patch" as patched released when comparing
39 result = Version("1.0","patch") < Version("1.0p1","patch")
40 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0' < '1.0p1'")
41 result = Version("1.0p2","patch") > Version("1.0p1","patch")
42 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
43 result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
44 self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index 86a18be7e2..8b50f5eee5 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -49,3 +49,5 @@ do_compile_prepend () {
49do_install_prepend (){ 49do_install_prepend (){
50 mkdir -p ${D}/${localstatedir}/lib 50 mkdir -p ${D}/${localstatedir}/lib
51} 51}
52
53CVE_VERSION_SUFFIX = "patch"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-03-03 21:10:30 +0000