From: Ross Burton <ross.burton@arm.com>
Date: Fri, 23 Jun 2023 12:32:50 +0000 (+0100)
Subject: cve-update-nvd2-native: use exact times, don't truncate
X-Git-Tag: uninative-4.1~337
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9aa0ec37f5f74252588d2494a71c71a7d8e68df9;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

cve-update-nvd2-native: use exact times, don't truncate

When requesting updates in a specific range, use the actual current time
and database mtime instead of truncating to midnight, and explicitly set
the timezone to UTC so that NIST don't treat the timestamps as _their_ local
time when they're _our_ local time.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 0c627ef2623..61f4d47f961 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -172,8 +172,8 @@ def update_db_file(db_tmp_file, d, database_time):
     # The maximum range for time is 120 days
     # Force a complete update if our range is longer
     if (database_time != 0):
-        database_date = datetime.datetime.combine(datetime.date.fromtimestamp(database_time), datetime.time())
-        today_date = datetime.datetime.combine(datetime.date.today(), datetime.time())
+        database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc)
+        today_date = datetime.datetime.now(tz=datetime.timezone.utc)
         delta = today_date - database_date
         if delta.days < 120:
             bb.debug(2, "CVE database: performing partial update")