From: Lee Chee Yang <[email protected]> version string from NVD might not constant all the time, cast them to Version whenever possible while compare for equal operator.
CVE-2010-0426 "cpe23Uri" : "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*" CVE-2010-1646 "cpe23Uri" : "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*" Signed-off-by: Lee Chee Yang <[email protected]> --- meta/classes/cve-check.bbclass | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 112ee3379d..e0c8321e99 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -269,8 +269,15 @@ def check_cves(d, patched_cves): (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) - if (operator_start == '=' and pv == version_start) or version_start == '-': + if version_start == '-': + # '-' can be any version vulnerable = True + elif operator_start == '=': + # it could be unexpected version string which cannot be parse, compare them string to string only in such case + try: + vulnerable = (Version(pv,suffix) == Version(version_start,suffix)) + except: + vulnerable = (pv == version_start) else: if operator_start: try: -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148936): https://lists.openembedded.org/g/openembedded-core/message/148936 Mute This Topic: https://lists.openembedded.org/mt/81077950/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
