[Buildroot] [PATCH 6/9] package/pkg-utils: cve.py: Handle exception when version comparison fails

Gregory CLEMENT gregory.clement at bootlin.com
Wed Jul 8 16:40:03 UTC 2020


With python 3, when a package has a version number x-y-z instead of
x.y.z, then the version returned by LooseVersion can't be compared
which raises an exception.

This patch handles this exception by adding a new return value when
the comparison can't be done.

Signed-off-by: Gregory CLEMENT <gregory.clement at bootlin.com>
---
 support/scripts/cve.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/support/scripts/cve.py b/support/scripts/cve.py
index b754a17991..03afdeb54a 100755
--- a/support/scripts/cve.py
+++ b/support/scripts/cve.py
@@ -203,12 +203,21 @@ class CVE:
                 continue
 
             if cpe['v_start']:
+                try:
                     cve_affected_version = distutils.version.LooseVersion(cpe['v_start'])
                     affected = ops.get(cpe['op_start'])(pkg_version, cve_affected_version)
+                    break
+                except:
+                    return 'Unknown'
 
             if (affected and cpe['v_end']):
+                try:
                     cve_affected_version = distutils.version.LooseVersion(cpe['v_end'])
                     affected = ops.get(cpe['op_end'])(pkg_version, cve_affected_version)
+                    break
+                except:
+                    return 'Unknown'
+
             if (affected):
                 return True
         return False
-- 
2.27.0




More information about the buildroot mailing list