From: Daniel Turull <[email protected]> When using the version specified in cve-summary.json, we need to remove the suffix containing the custom version to match the versions from the CVEs.
This patch truncates the version from cve-summary.json to use only the base version of the kernel. This is only applicable for kernels where the user has added their own version. Signed-off-by: Daniel Turull <[email protected]> Signed-off-by: Antonin Godard <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 3942d40e96989268e8d1030f9d8c3859044d9635) Signed-off-by: Himanshu Jadon <[email protected]> --- scripts/contrib/improve_kernel_cve_report.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py index a81aa0ff94..5c39df05a5 100755 --- a/scripts/contrib/improve_kernel_cve_report.py +++ b/scripts/contrib/improve_kernel_cve_report.py @@ -445,10 +445,12 @@ def main(): is_kernel=True if not is_kernel: continue - + # We remove custom versions after - + upstream_version = Version(pkg["version"].split("-")[0]) + logging.info("Checking kernel %s", upstream_version) kernel_cves = get_kernel_cves(args.datadir, compiled_files, - Version(pkg["version"])) + upstream_version) logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves)) cves = {issue["id"]: issue for issue in pkg["issue"]} logging.info("Total kernel before processing cves: %s", len(cves)) -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232692): https://lists.openembedded.org/g/openembedded-core/message/232692 Mute This Topic: https://lists.openembedded.org/mt/118218205/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
