From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 27 Apr 2025 09:43:02 +0000 (+0200)
Subject: linux/cve-exclusion: do not shift first_affected
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cbb0103bbf5f567ceeb01abb48869d29f74be1d;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

linux/cve-exclusion: do not shift first_affected

Stop shifting first_affected if backport is indicated. This does not
have effect on generated list, but makes the logic cleaner as it will
not shift it to "first affected on our branch" and also make it behave
like in defaultStatus==affected case.

Cc: daniel.turull@ericsson.com
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc1ecb69389dd79354084757ba6b9af0781afcc0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index 5c85c0db88..302ec8ebc9 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -69,7 +69,6 @@ def get_fixed_versions(cve_info, base_version):
                     first_affected = v
                 fixed = less_than
                 if base_version < v and v < next_version:
-                    first_affected = v
                     fixed_backport = less_than
 
     return first_affected, fixed, fixed_backport