From: Benjamin Robin <benjamin.robin@bootlin.com>
Date: Fri, 10 Apr 2026 13:10:44 +0000 (+0200)
Subject: cve_check: do not break old CVE_PRODUCT with escaped +
X-Git-Tag: yocto-6.0~126
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b86c5ecdc0699cf6ab50e2a24e2b32e42ee7ed54;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

cve_check: do not break old CVE_PRODUCT with escaped +

For now, until all layer are fixed, replace already escaped plus (+)
with a simple + before doing the escaping.

Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 22b5062c97..e6104a279d 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -227,6 +227,9 @@ def cpe_escape(value):
     if not value:
         return value
 
+    # Do not break compatibility
+    value = value.replace("\\+", "+")
+
     return value.translate(_CPE23_ENCODE_TRANS_TABLE)