On Wed, 2021-01-27 at 09:12 +0000, Mikko Rapeli wrote: > On Wed, Jan 27, 2021 at 05:03:54PM +0800, Lee Chee Yang wrote: > > From: Lee Chee Yang <chee.yang....@intel.com> > > > > Signed-off-by: Lee Chee Yang <chee.yang....@intel.com> > > --- > > meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb > > b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb > > index 52e96b7831..9ff80b3d4f 100644 > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb > > @@ -230,6 +230,8 @@ BBCLASSEXTEND = "native nativesdk" > > > > > > > > > > CVE_PRODUCT = "openssl:openssl" > > > > > > > > > > +CVE_VERSION_SUFFIX = "alphabetical" > > + > > I have to say that I don't like this. I'd prefer automation > which works like dpkg --compare-versions: > > --compare-versions ver1 op ver2 > Compare version numbers, where op is a binary operator. dpkg > returns true (0) if the specified condition is satisfied, > and false (1) otherwise. There are two groups of > operators, which differ in how they treat an empty ver1 or ver2. > These treat an empty version as earlier than any version: lt le > eq ne ge gt. These treat an empty version as later > than any version: lt-nl le-nl ge-nl gt-nl. These are provided > only for compatibility with control file syntax: < << <= > = >= >> >. The < and > operators are obsolete and should not be > used, due to confusing semantics. To illustrate: 0.1 < > 0.1 evaluates to true.
The trouble is we have no control over what versions end up in the CPEs and I suspect that even dpkg's version comparison doesn't work for some of our test cases? If it does, it would be useful to understand how they're managing to do that as I think some of the patterns conflict as I understand it. Debian can make it work for their packages since they control what version they ultimately assign to them. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147357): https://lists.openembedded.org/g/openembedded-core/message/147357 Mute This Topic: https://lists.openembedded.org/mt/80153216/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
