Commit 6ced85e9 authored Jan 22, 2021 by Lee Chee Yang Committed by Richard Purdie Jan 23, 2021

cve-check: replace Looseversion with custom version class



The way distutils.version.LooseVersion compare version are tricky, it treat
all these ( "1.0-beta2", "1.0-rc1", "1.0A", "1.0p2" and "1.0pre1") as greater
version than "1.0". This might be right for "1.0A" and "1.0p1" but not for
the rest, also these version could be confusing, the "p" in "1.0p1" can be
"pre" or "patched" version or even other meaning.

Replace Looseversion with custom class, it uses regex to capture common
version format like "1.1.1" or tag format using date like "2020-12-12" as
release section, check for following known string/tags ( beta, rc, pre, dev,
alpha, preview) as pre-release section, any other trailing characters
are difficult to understand/define so ignore them. Compare release
section and pre-release section saperately.

included selftest for the version class.

[YOCTO#14127]

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

parent 58f8debd

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 02a44b50
· Feb 07, 2021

mentioned in commit 02a44b50

mentioned in commit 02a44b507a1e49a4c460f3e1bec92832b71dfe08

Toggle commit list
mirror @mirror
mentioned in commit 294baea4
· Feb 23, 2021

mentioned in commit 294baea4

mentioned in commit 294baea424472341d2ec880f13699076315d8274

Toggle commit list

Please register or to comment