diff mbox series

[2/2] improve_kernel_cve_report: do not use custom version

Message ID 20250704130255.1157673-2-daniel.turull@ericsson.com
State Accepted, archived
Commit 3942d40e96989268e8d1030f9d8c3859044d9635
Headers show
Series [1/2] improve_kernel_cve_report: do not override backported-patch | expand

Commit Message

Daniel Turull July 4, 2025, 1:02 p.m. UTC 
From: Daniel Turull <daniel.turull@ericsson.com>

When using the version specified in cve-summary.json, we need to
remove the suffix containing the custom version to match the
versions from the CVEs.

This patch truncates the version from cve-summary.json to use only
the base version of the kernel.

This is only applicable for kernels where the user has added their
own version.

Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
---
 scripts/contrib/improve_kernel_cve_report.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py
index a81aa0ff94..5c39df05a5 100755
--- a/scripts/contrib/improve_kernel_cve_report.py
+++ b/scripts/contrib/improve_kernel_cve_report.py
@@ -445,10 +445,12 @@  def main():
                 is_kernel=True
         if not is_kernel:
             continue
-
+        # We remove custom versions after -
+        upstream_version = Version(pkg["version"].split("-")[0])
+        logging.info("Checking kernel %s", upstream_version)
         kernel_cves = get_kernel_cves(args.datadir,
                                       compiled_files,
-                                      Version(pkg["version"]))
+                                      upstream_version)
         logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))
         cves = {issue["id"]: issue for issue in pkg["issue"]}
         logging.info("Total kernel before processing cves: %s", len(cves))