2 files changed, 16 insertions, 6 deletions
diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py
index 829cc4cd30..5c39df05a5 100755
--- a/scripts/contrib/improve_kernel_cve_report.py
+++ b/scripts/contrib/improve_kernel_cve_report.py
@@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry):
    if cve_data[cve]['status'] == entry['status']:
        return
    if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched":
+        # Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch)
+        # has priority over unpatch from CNA
+        if cve_data[cve]['detail'] == "backported-patch":
+            return
        logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve)
        cve_data[cve] = copy_data(cve_data[cve], entry)
        return
@@ -441,10 +445,12 @@ def main():
                is_kernel=True
        if not is_kernel:
            continue
+        # We remove custom versions after -
+        upstream_version = Version(pkg["version"].split("-")[0])
+        logging.info("Checking kernel %s", upstream_version)
        kernel_cves = get_kernel_cves(args.datadir,
                                      compiled_files,
-                                      Version(pkg["version"]))
+                                      upstream_version)
        logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))
        cves = {issue["id"]: issue for issue in pkg["issue"]}
        logging.info("Total kernel before processing cves: %s", len(cves))
diff --git a/scripts/oe-test b/scripts/oe-test
index 55985b0b24..3a00369e01 100755
--- a/scripts/oe-test
+++ b/scripts/oe-test
@@ -7,14 +7,18 @@
 # SPDX-License-Identifier: MIT
 #
-import os
-import sys
 import argparse
+import glob
 import logging
+import os
+import sys
 scripts_path = os.path.dirname(os.path.realpath(__file__))
-lib_path = scripts_path + '/lib'
+lib_path = os.path.join(scripts_path, 'lib')
-sys.path = sys.path + [lib_path]
+sys.path.append(lib_path)
+meta_lib_paths = glob.glob(scripts_path + '/*/lib', recursive=True)
+for p in meta_lib_paths:
+    sys.path.append(p)
 import argparse_oe
 import scriptutils

diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py index 829cc4cd30..5c39df05a5 100755 --- a/scripts/contrib/improve_kernel_cve_report.py +++ b/scripts/contrib/improve_kernel_cve_report.py
@@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry):
340	if cve_data[cve]['status'] == entry['status']:	340	if cve_data[cve]['status'] == entry['status']:
341	return	341	return
342	if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched":	342	if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched":
		343	# Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch)
		344	# has priority over unpatch from CNA
		345	if cve_data[cve]['detail'] == "backported-patch":
		346	return
343	logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve)	347	logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve)
344	cve_data[cve] = copy_data(cve_data[cve], entry)	348	cve_data[cve] = copy_data(cve_data[cve], entry)
345	return	349	return
@@ -441,10 +445,12 @@ def main():
441	is_kernel=True	445	is_kernel=True
442	if not is_kernel:	446	if not is_kernel:
443	continue	447	continue
444		448	# We remove custom versions after -
		449	upstream_version = Version(pkg["version"].split("-")[0])
		450	logging.info("Checking kernel %s", upstream_version)
445	kernel_cves = get_kernel_cves(args.datadir,	451	kernel_cves = get_kernel_cves(args.datadir,
446	compiled_files,	452	compiled_files,
447	Version(pkg["version"]))	453	upstream_version)
448	logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))	454	logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))
449	cves = {issue["id"]: issue for issue in pkg["issue"]}	455	cves = {issue["id"]: issue for issue in pkg["issue"]}
450	logging.info("Total kernel before processing cves: %s", len(cves))	456	logging.info("Total kernel before processing cves: %s", len(cves))


diff --git a/scripts/oe-test b/scripts/oe-test index 55985b0b24..3a00369e01 100755 --- a/scripts/oe-test +++ b/scripts/oe-test
@@ -7,14 +7,18 @@
7	# SPDX-License-Identifier: MIT	7	# SPDX-License-Identifier: MIT
8	#	8	#
9		9
10	import os
11	import sys
12	import argparse	10	import argparse
		11	import glob
13	import logging	12	import logging
		13	import os
		14	import sys
14		15
15	scripts_path = os.path.dirname(os.path.realpath(__file__))	16	scripts_path = os.path.dirname(os.path.realpath(__file__))
16	lib_path = scripts_path + '/lib'	17	lib_path = os.path.join(scripts_path, 'lib')
17	sys.path = sys.path + [lib_path]	18	sys.path.append(lib_path)
		19	meta_lib_paths = glob.glob(scripts_path + '/*/lib', recursive=True)
		20	for p in meta_lib_paths:
		21	sys.path.append(p)
18	import argparse_oe	22	import argparse_oe
19	import scriptutils	23	import scriptutils
20		24