[Buildroot] [PATCH v2 1/2] support/scripts/cve: replace distutils with looseversion

[Anton Bengtsson]

The package 'distutils' was removed in Python 3.12[1] and looseversion[2]
appears to be a good drop-in replacement for distutils.version.LooseVersion.

Also added inline script requirements suitable for uv, similar to the one
added for utils/check-package in 6ffcdb52e80b63e68c890aed52ff7f4d00e079b8.

[1] https://docs.python.org/3/library/distutils.html
[2] https://pypi.org/project/looseversion

Signed-off-by: Anton Bengtsson <anton.bengtsson at plejd.com>

---
Changes v1 -> v2:
  - Added inline scripts requirements for uv                (suggested by Arnout)
  - Added python3-looseversion to support/docker/Dockerfile (suggested by Arnout)

Signed-off-by: Anton Bengtsson <anton.bengtsson at plejd.com>
---
 support/scripts/cve.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/support/scripts/cve.py b/support/scripts/cve.py
index ba41762fa0..524f08f48f 100755
--- a/support/scripts/cve.py
+++ b/support/scripts/cve.py
@@ -16,14 +16,20 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# /// script
+# dependencies = [
+#     "looseversion==1.3.0",
+# ]
+# ///
 
 import datetime
 import os
-import distutils.version
 import json
 import subprocess
 import sys
 import operator
+from looseversion import LooseVersion
 
 sys.path.append('utils/')
 
@@ -190,7 +196,7 @@ class CVE:
         by this CVE.
         """
 
-        pkg_version = distutils.version.LooseVersion(version)
+        pkg_version = LooseVersion(version)
         if not hasattr(pkg_version, "version"):
             print("Cannot parse package '%s' version '%s'" % (name, version))
             pkg_version = None
@@ -202,7 +208,7 @@ class CVE:
         # version, as they might be different due to
         # <pkg>_CPE_ID_VERSION
         else:
-            pkg_version = distutils.version.LooseVersion(cpe_version(cpeid))
+            pkg_version = LooseVersion(cpe_version(cpeid))
 
         for cpe in self.each_cpe():
             if not cpe_matches(cpe['id'], cpeid):
@@ -214,7 +220,7 @@ class CVE:
 
             if cpe['v_start']:
                 try:
-                    cve_affected_version = distutils.version.LooseVersion(cpe['v_start'])
+                    cve_affected_version = LooseVersion(cpe['v_start'])
                     inrange = ops.get(cpe['op_start'])(pkg_version, cve_affected_version)
                 except TypeError:
                     return self.CVE_UNKNOWN
@@ -226,7 +232,7 @@ class CVE:
 
             if cpe['v_end']:
                 try:
-                    cve_affected_version = distutils.version.LooseVersion(cpe['v_end'])
+                    cve_affected_version = LooseVersion(cpe['v_end'])
                     inrange = ops.get(cpe['op_end'])(pkg_version, cve_affected_version)
                 except TypeError:
                     return self.CVE_UNKNOWN
-- 
2.51.0