mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

cve-check: Modify judgment processing using "=" in version comparison

Browse Source 
Judgment processing of vulnerable using "=" compares characters as strings rather than numbers,
and misjudges "cases that do not match in strings but do match in numbers" as "Patched".
(e.g. PV = "1.2.0" and Vulnerabilities Affected Versions (registered with NVD) = "1.2")

Therefore, if the comparison operator used in the judgment processing of vulnerable is "=",
add numeric comparison processing.

(From OE-Core rev: a1989e4197178c2431ceca499e0b4876b233b131)

Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Matsunaga-Shinji
2023-11-29 11:19:15 +09:00
committed by Richard Purdie
parent 2364a81460
commit 291bc9e96a
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/classes/cve-check.bbclass
View File

@@ -375,6 +375,7 @@ def check_cves(d, patched_cves):
try:
vulnerable_start = (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))
vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))
vulnerable_start |= (operator_start == '=' and Version(pv,suffix) == Version(version_start,suffix))
except:
bb.warn("%s: Failed to compare %s %s %s for %s" %
(product, pv, operator_start, version_start, cve))