cve_check: do not break old CVE_PRODUCT with escaped +

For now, until all layer are fixed, replace already escaped plus (+)
with a simple + before doing the escaping.

Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 22b5062c977cdd9f3887e47d94a9a455a3827033..e6104a279d5ee3ffef97b1bd26af72856ac8083c 100644 (file)
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -227,6 +227,9 @@ def cpe_escape(value):
     if not value:
         return value
 
+    # Do not break compatibility
+    value = value.replace("\\+", "+")
+
     return value.translate(_CPE23_ENCODE_TRANS_TABLE)