diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-04-27 11:43:00 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-07-04 07:50:16 -0700 |
| commit | f6680f7eb74f852d6bfed6391d21b0316126d0d7 (patch) | |
| tree | 953c06f3e4d176d7b233ca95b27cec114cf65da4 /meta | |
| parent | ad8cb5c2b29c1ba5289b859fd5d72b4e821922ac (diff) | |
| download | poky-f6680f7eb74f852d6bfed6391d21b0316126d0d7.tar.gz | |
linux/cve-exclusion: correct fixed-version calculation
Current code takes the first version found as "fixed-version".
That is not correct as it is almost always only the oldest backport.
Fix it by unconditionally shift the assigmnet of variable "fixed" so
that we take last instead of first version.
Cc: daniel.turull@ericsson.com
(From OE-Core rev: 4e2c441b64675933cc5f684d0e19cdc18ceaab18)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68f8e58a249c8adef18e63f0841e8bfea16f354e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
| -rwxr-xr-x | meta/recipes-kernel/linux/generate-cve-exclusions.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 82fb4264e3..5c85c0db88 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py | |||
| @@ -67,10 +67,9 @@ def get_fixed_versions(cve_info, base_version): | |||
| 67 | 67 | ||
| 68 | if not first_affected: | 68 | if not first_affected: |
| 69 | first_affected = v | 69 | first_affected = v |
| 70 | fixed = less_than | 70 | fixed = less_than |
| 71 | if base_version < v and v < next_version: | 71 | if base_version < v and v < next_version: |
| 72 | first_affected = v | 72 | first_affected = v |
| 73 | fixed = less_than | ||
| 74 | fixed_backport = less_than | 73 | fixed_backport = less_than |
| 75 | 74 | ||
| 76 | return first_affected, fixed, fixed_backport | 75 | return first_affected, fixed, fixed_backport |