cve-check: Modify judgment processing using "=" in version comparison

Judgment processing of vulnerable using "=" compares characters as strings rather than numbers, and misjudges "cases that do not match in strings but do match in numbers" as "Patched". (e.g. PV = "1.2.0" and Vulnerabilities Affected Versions (registered with NVD) = "1.2") Therefore, if the comparison operator used in the judgment processing of vulnerable is "=", add numeric comparison processing. (From OE-Core rev: a1989e4197178c2431ceca499e0b4876b233b131) Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com> Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Matsunaga-Shinji <shin.matsunaga@fujitsu.com> 2023-11-29 11:19:15 +0900
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-12-02 17:18:57 +0000
commit: 291bc9e96a1fa60b036c7b99cd9c3822bfd92caa (patch)
tree: d8ba7812e7fc9c8fbec9b74a9460954576a37c75
parent: 2364a81460bd676fe9a67d642ab4e197f8ad68f5 (diff)
download: poky-291bc9e96a1fa60b036c7b99cd9c3822bfd92caa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5191d04303..086d87687f 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -375,6 +375,7 @@ def check_cves(d, patched_cves):
                        try:
                            vulnerable_start =  (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))
                            vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))
+                            vulnerable_start |= (operator_start == '=' and Version(pv,suffix) == Version(version_start,suffix))
                        except:
                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                    (product, pv, operator_start, version_start, cve))
author	Matsunaga-Shinji <shin.matsunaga@fujitsu.com>	2023-11-29 11:19:15 +0900
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-02 17:18:57 +0000
commit	291bc9e96a1fa60b036c7b99cd9c3822bfd92caa (patch)
tree	d8ba7812e7fc9c8fbec9b74a9460954576a37c75
parent	2364a81460bd676fe9a67d642ab4e197f8ad68f5 (diff)
download	poky-291bc9e96a1fa60b036c7b99cd9c3822bfd92caa.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5191d04303..086d87687f 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -375,6 +375,7 @@ def check_cves(d, patched_cves):
375	try:	375	try:
376	vulnerable_start = (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))	376	vulnerable_start = (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))
377	vulnerable_start \|= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))	377	vulnerable_start \|= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))
		378	vulnerable_start \|= (operator_start == '=' and Version(pv,suffix) == Version(version_start,suffix))
378	except:	379	except:
379	bb.warn("%s: Failed to compare %s %s %s for %s" %	380	bb.warn("%s: Failed to compare %s %s %s for %s" %
380	(product, pv, operator_start, version_start, cve))	381	(product, pv, operator_start, version_start, cve))