cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning

add CVE_VERSION_SUFFIX to indicate the version suffix type, currently works in two value, "alphabetical" if the version string uses single alphabetical character suffix as incremental release, blank to not consider the unidentified suffixes. This can be expand when more suffix pattern identified. refactor cve_check.Version class to use functools and add parameter to handle suffix condition. Also update testcases to cover new changes. (From OE-Core rev: 37a40c30709bf80c74948f47361b2be2c646c9d8) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5dfd5ad5144708b474ef31eaa89a846c57be8ac0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2021-01-29 11:51:15 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-02-10 23:55:53 +0000
commit: 2b526d90791da501c9870dd6d3993fcfa7d15249 (patch)
tree: b6c0848703b8b94d8ab95d68ca09808a4f58e218 /meta/classes/cve-check.bbclass
parent: f829419105c8a85dd403ab61d70ce730f5bf9103 (diff)
download: poky-2b526d90791da501c9870dd6d3993fcfa7d15249.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 93af667544..dbff852e18 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -50,6 +50,9 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # 
 CVE_CHECK_WHITELIST ?= ""
+# set to "alphabetical" for version using single alphabetical character as increament release
+CVE_VERSION_SUFFIX ??= ""
 python cve_save_summary_handler () {
    import shutil
    import datetime
@@ -207,6 +210,7 @@ def check_cves(d, patched_cves):
    pn = d.getVar("PN")
    real_pv = d.getVar("PV")
+    suffix = d.getVar("CVE_VERSION_SUFFIX")
    cves_unpatched = []
    # CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
@@ -260,8 +264,8 @@ def check_cves(d, patched_cves):
                else:
                    if operator_start:
                        try:
-                            vulnerable_start =  (operator_start == '>=' and Version(pv) >= Version(version_start))
+                            vulnerable_start =  (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))
-                            vulnerable_start |= (operator_start == '>' and Version(pv) > Version(version_start))
+                            vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))
                        except:
                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                    (product, pv, operator_start, version_start, cve))
@@ -271,8 +275,8 @@ def check_cves(d, patched_cves):
                    if operator_end:
                        try:
-                            vulnerable_end  = (operator_end == '<=' and Version(pv) <= Version(version_end) )
+                            vulnerable_end  = (operator_end == '<=' and Version(pv,suffix) <= Version(version_end,suffix) )
-                            vulnerable_end |= (operator_end == '<' and Version(pv) < Version(version_end) )
+                            vulnerable_end |= (operator_end == '<' and Version(pv,suffix) < Version(version_end,suffix) )
                        except:
                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                    (product, pv, operator_end, version_end, cve))
author	Lee Chee Yang <chee.yang.lee@intel.com>	2021-01-29 11:51:15 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-10 23:55:53 +0000
commit	2b526d90791da501c9870dd6d3993fcfa7d15249 (patch)
tree	b6c0848703b8b94d8ab95d68ca09808a4f58e218 /meta/classes/cve-check.bbclass
parent	f829419105c8a85dd403ab61d70ce730f5bf9103 (diff)
download	poky-2b526d90791da501c9870dd6d3993fcfa7d15249.tar.gz