improve_kernel_cve_report: do not use custom version

When using the version specified in cve-summary.json, we need to remove the suffix containing the custom version to match the versions from the CVEs. This patch truncates the version from cve-summary.json to use only the base version of the kernel. This is only applicable for kernels where the user has added their own version. (From OE-Core rev: 3942d40e96989268e8d1030f9d8c3859044d9635) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 21:09:03 +02:00 · 2025-07-04 15:02:55 +02:00 · 2025-07-04 15:02:55 +02:00 · 348ef80f27
commit 348ef80f27
parent dac57535d9
1 changed files with 4 additions and 2 deletions
--- a/scripts/contrib/improve_kernel_cve_report.py
+++ b/scripts/contrib/improve_kernel_cve_report.py
@ -445,10 +445,12 @@ def main():
                is_kernel=True
        if not is_kernel:
            continue
-
+        # We remove custom versions after -
+        upstream_version = Version(pkg["version"].split("-")[0])
+        logging.info("Checking kernel %s", upstream_version)
        kernel_cves = get_kernel_cves(args.datadir,
                                      compiled_files,
-                                      Version(pkg["version"]))
+                                      upstream_version)
        logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))
        cves = {issue["id"]: issue for issue in pkg["issue"]}
        logging.info("Total kernel before processing cves: %s", len(cves))