summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-07-16 13:46:50 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-17 09:36:35 +0100
commit0c0a056db8c0f918a0daf9145b162e50f1a44124 (patch)
treeef228af2798735c349a36ecc6e54a6eb9b60f0e3
parent91f6c9f3ee51f3dd290993748cda9da5b53cb834 (diff)
downloadpoky-0c0a056db8c0f918a0daf9145b162e50f1a44124.tar.gz
cve-check-tool: remove
(From OE-Core rev: 5388ed6d1378d647a65912dbd537f9ef3cb5760a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb62
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch50
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch215
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch135
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch52
-rw-r--r--meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch51
6 files changed, 0 insertions, 565 deletions
diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
deleted file mode 100644
index 1c84fb1cf2..0000000000
--- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
+++ /dev/null
@@ -1,62 +0,0 @@
1SUMMARY = "cve-check-tool"
2DESCRIPTION = "cve-check-tool is a tool for checking known (public) CVEs.\
3The tool will identify potentially vunlnerable software packages within Linux distributions through version matching."
4HOMEPAGE = "https://github.com/ikeydoherty/cve-check-tool"
5SECTION = "Development/Tools"
6LICENSE = "GPL-2.0+"
7LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6"
8
9SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
10 file://check-for-malloc_trim-before-using-it.patch \
11 file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \
12 file://0001-curl-allow-overriding-default-CA-certificate-file.patch \
13 file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \
14 file://0001-Fix-freeing-memory-allocated-by-sqlite.patch \
15 "
16
17SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155"
18SRC_URI[sha256sum] = "b8f283be718af8d31232ac1bfc10a0378fb958aaaa49af39168f8acf501e6a5b"
19
20UPSTREAM_CHECK_URI = "https://github.com/ikeydoherty/cve-check-tool/releases"
21
22DEPENDS = "libcheck glib-2.0 json-glib curl libxml2 sqlite3 openssl ca-certificates"
23
24RDEPENDS_${PN} = "ca-certificates"
25
26inherit pkgconfig autotools
27
28EXTRA_OECONF = "--disable-coverage --enable-relative-plugins"
29CFLAGS_append = " -Wno-error=pedantic"
30
31do_populate_cve_db() {
32 if [ "${BB_NO_NETWORK}" = "1" ] ; then
33 bbwarn "BB_NO_NETWORK is set; Can't update cve-check-tool database, new CVEs won't be detected"
34 return
35 fi
36
37 # In case we don't inherit cve-check class, use default values defined in the class.
38 cve_dir="${CVE_CHECK_DB_DIR}"
39 cve_file="${CVE_CHECK_TMP_FILE}"
40
41 [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK"
42 [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check"
43
44 unused="${@bb.utils.export_proxies(d)}"
45 bbdebug 2 "Updating cve-check-tool database located in $cve_dir"
46 # --cacert works around curl-native not finding the CA bundle
47 if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then
48 printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file"
49 else
50 bbwarn "Error in executing cve-check-update"
51 if [ "${@'1' if bb.data.inherits_class('cve-check', d) else '0'}" -ne 0 ] ; then
52 bbwarn "Failed to update cve-check-tool database, CVEs won't be checked"
53 fi
54 fi
55}
56
57addtask populate_cve_db after do_populate_sysroot
58do_populate_cve_db[depends] = "cve-check-tool-native:do_populate_sysroot"
59do_populate_cve_db[nostamp] = "1"
60do_populate_cve_db[progress] = "percent"
61
62BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch b/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
deleted file mode 100644
index 4a82cf2dde..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From a3353429652f83bb8b0316500faa88fa2555542d Mon Sep 17 00:00:00 2001
2From: Peter Marko <peter.marko@siemens.com>
3Date: Thu, 13 Apr 2017 23:09:52 +0200
4Subject: [PATCH] Fix freeing memory allocated by sqlite
5
6Upstream-Status: Backport
7Signed-off-by: Peter Marko <peter.marko@siemens.com>
8---
9 src/core.c | 8 ++++----
10 1 file changed, 4 insertions(+), 4 deletions(-)
11
12diff --git a/src/core.c b/src/core.c
13index 6263031..6788f16 100644
14--- a/src/core.c
15+++ b/src/core.c
16@@ -82,7 +82,7 @@ static bool ensure_table(CveDB *self)
17 rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
18 if (rc != SQLITE_OK) {
19 fprintf(stderr, "ensure_table(): %s\n", err);
20- free(err);
21+ sqlite3_free(err);
22 return false;
23 }
24
25@@ -91,7 +91,7 @@ static bool ensure_table(CveDB *self)
26 rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
27 if (rc != SQLITE_OK) {
28 fprintf(stderr, "ensure_table(): %s\n", err);
29- free(err);
30+ sqlite3_free(err);
31 return false;
32 }
33
34@@ -99,11 +99,11 @@ static bool ensure_table(CveDB *self)
35 rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
36 if (rc != SQLITE_OK) {
37 fprintf(stderr, "ensure_table(): %s\n", err);
38- free(err);
39+ sqlite3_free(err);
40 return false;
41 }
42 if (err) {
43- free(err);
44+ sqlite3_free(err);
45 }
46
47 return true;
48--
492.1.4
50
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch b/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
deleted file mode 100644
index 3d8ebd1bd2..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
+++ /dev/null
@@ -1,215 +0,0 @@
1From 825a9969dea052b02ba868bdf39e676349f10dce Mon Sep 17 00:00:00 2001
2From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Thu, 9 Feb 2017 14:51:28 +0200
4Subject: [PATCH] curl: allow overriding default CA certificate file
5
6Similar to curl, --cacert can now be used in cve-check-tool and
7cve-check-update to override the default CA certificate file. Useful
8in cases where the system default is unsuitable (for example,
9out-dated) or broken (as in OE's current native libcurl, which embeds
10a path string from one build host and then uses it on another although
11the right path may have become something different).
12
13Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/45]
14
15Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
16
17
18Took Patrick Ohlys original patch from meta-security-isafw, rebased
19on top of other patches.
20
21Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
22---
23 src/library/cve-check-tool.h | 1 +
24 src/library/fetch.c | 10 +++++++++-
25 src/library/fetch.h | 3 ++-
26 src/main.c | 5 ++++-
27 src/update-main.c | 4 +++-
28 src/update.c | 12 +++++++-----
29 src/update.h | 2 +-
30 7 files changed, 27 insertions(+), 10 deletions(-)
31
32diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h
33index e4bb5b1..f89eade 100644
34--- a/src/library/cve-check-tool.h
35+++ b/src/library/cve-check-tool.h
36@@ -43,6 +43,7 @@ typedef struct CveCheckTool {
37 bool bugs; /**<Whether bug tracking is enabled */
38 GHashTable *mapping; /**<CVE Mapping */
39 const char *output_file; /**<Output file, if any */
40+ const char *cacert_file; /**<Non-default SSL certificate file, if any */
41 } CveCheckTool;
42
43 /**
44diff --git a/src/library/fetch.c b/src/library/fetch.c
45index 0fe6d76..8f998c3 100644
46--- a/src/library/fetch.c
47+++ b/src/library/fetch.c
48@@ -60,7 +60,8 @@ static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow
49 }
50
51 FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
52- unsigned int start_percent, unsigned int end_percent)
53+ unsigned int start_percent, unsigned int end_percent,
54+ const char *cacert_file)
55 {
56 FetchStatus ret = FETCH_STATUS_FAIL;
57 CURLcode res;
58@@ -74,6 +75,13 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
59 return ret;
60 }
61
62+ if (cacert_file) {
63+ res = curl_easy_setopt(curl, CURLOPT_CAINFO, cacert_file);
64+ if (res != CURLE_OK) {
65+ goto bail;
66+ }
67+ }
68+
69 if (stat(target, &st) == 0) {
70 res = curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
71 if (res != CURLE_OK) {
72diff --git a/src/library/fetch.h b/src/library/fetch.h
73index 4cce5d1..836c7d7 100644
74--- a/src/library/fetch.h
75+++ b/src/library/fetch.h
76@@ -29,7 +29,8 @@ typedef enum {
77 * @return A FetchStatus, indicating the operation taken
78 */
79 FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
80- unsigned int this_percent, unsigned int next_percent);
81+ unsigned int this_percent, unsigned int next_percent,
82+ const char *cacert_file);
83
84 /**
85 * Attempt to extract the given gzipped file
86diff --git a/src/main.c b/src/main.c
87index 8e6f158..ae69d47 100644
88--- a/src/main.c
89+++ b/src/main.c
90@@ -280,6 +280,7 @@ static bool csv_mode = false;
91 static char *modified_stamp = NULL;
92 static gchar *mapping_file = NULL;
93 static gchar *output_file = NULL;
94+static gchar *cacert_file = NULL;
95
96 static GOptionEntry _entries[] = {
97 { "not-patched", 'n', 0, G_OPTION_ARG_NONE, &hide_patched, "Hide patched/addressed CVEs", NULL },
98@@ -294,6 +295,7 @@ static GOptionEntry _entries[] = {
99 { "csv", 'c', 0, G_OPTION_ARG_NONE, &csv_mode, "Output CSV formatted data only", NULL },
100 { "mapping", 'M', 0, G_OPTION_ARG_STRING, &mapping_file, "Path to a mapping file", NULL},
101 { "output-file", 'o', 0, G_OPTION_ARG_STRING, &output_file, "Path to the output file (output plugin specific)", NULL},
102+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL},
103 { .short_name = 0 }
104 };
105
106@@ -492,6 +494,7 @@ int main(int argc, char **argv)
107
108 quiet = csv_mode || !no_html;
109 self->output_file = output_file;
110+ self->cacert_file = cacert_file;
111
112 if (!csv_mode && self->output_file) {
113 quiet = false;
114@@ -530,7 +533,7 @@ int main(int argc, char **argv)
115 if (status) {
116 fprintf(stderr, "Update of db forced\n");
117 cve_db_unlock();
118- if (!update_db(quiet, db_path->str)) {
119+ if (!update_db(quiet, db_path->str, self->cacert_file)) {
120 fprintf(stderr, "DB update failure\n");
121 goto cleanup;
122 }
123diff --git a/src/update-main.c b/src/update-main.c
124index 2379cfa..c52d9d0 100644
125--- a/src/update-main.c
126+++ b/src/update-main.c
127@@ -43,11 +43,13 @@ the Free Software Foundation; either version 2 of the License, or\n\
128 static gchar *nvds = NULL;
129 static bool _show_version = false;
130 static bool _quiet = false;
131+static const char *_cacert_file = NULL;
132
133 static GOptionEntry _entries[] = {
134 { "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL },
135 { "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL },
136 { "quiet", 'q', 0, G_OPTION_ARG_NONE, &_quiet, "Run silently", NULL },
137+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &_cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL},
138 { .short_name = 0 }
139 };
140
141@@ -88,7 +90,7 @@ int main(int argc, char **argv)
142 goto end;
143 }
144
145- if (update_db(_quiet, db_path->str)) {
146+ if (update_db(_quiet, db_path->str, _cacert_file)) {
147 ret = EXIT_SUCCESS;
148 } else {
149 fprintf(stderr, "Failed to update database\n");
150diff --git a/src/update.c b/src/update.c
151index 070560a..8cb4a39 100644
152--- a/src/update.c
153+++ b/src/update.c
154@@ -267,7 +267,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok)
155
156 static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db,
157 bool db_exist, bool verbose,
158- unsigned int this_percent, unsigned int next_percent)
159+ unsigned int this_percent, unsigned int next_percent,
160+ const char *cacert_file)
161 {
162 const char nvd_uri[] = URI_PREFIX;
163 autofree(cve_string) *uri_meta = NULL;
164@@ -331,14 +332,14 @@ refetch:
165 }
166
167 /* Fetch NVD META file */
168- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent);
169+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent, cacert_file);
170 if (st == FETCH_STATUS_FAIL) {
171 fprintf(stderr, "Failed to fetch %s\n", uri_meta->str);
172 return -1;
173 }
174
175 /* Fetch NVD XML file */
176- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent);
177+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent, cacert_file);
178 switch (st) {
179 case FETCH_STATUS_FAIL:
180 fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str);
181@@ -391,7 +392,7 @@ refetch:
182 return 0;
183 }
184
185-bool update_db(bool quiet, const char *db_file)
186+bool update_db(bool quiet, const char *db_file, const char *cacert_file)
187 {
188 autofree(char) *db_dir = NULL;
189 autofree(CveDB) *cve_db = NULL;
190@@ -466,7 +467,8 @@ bool update_db(bool quiet, const char *db_file)
191 if (!quiet)
192 fprintf(stderr, "completed: %u%%\r", start_percent);
193 rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet,
194- start_percent, end_percent);
195+ start_percent, end_percent,
196+ cacert_file);
197 switch (rc) {
198 case 0:
199 if (!quiet)
200diff --git a/src/update.h b/src/update.h
201index b8e9911..ceea0c3 100644
202--- a/src/update.h
203+++ b/src/update.h
204@@ -15,7 +15,7 @@ cve_string *get_db_path(const char *path);
205
206 int update_required(const char *db_file);
207
208-bool update_db(bool quiet, const char *db_file);
209+bool update_db(bool quiet, const char *db_file, const char *cacert_file);
210
211
212 /*
213--
2142.1.4
215
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch b/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
deleted file mode 100644
index 8ea6f686e3..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
+++ /dev/null
@@ -1,135 +0,0 @@
1From e9ed26cde63f8ca7607a010a518329339f8c02d3 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
3Date: Mon, 26 Sep 2016 12:12:41 +0100
4Subject: [PATCH] print progress in percent when downloading CVE db
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Upstream-Status: Pending
10Signed-off-by: André Draszik <git@andred.net>
11---
12 src/library/fetch.c | 28 +++++++++++++++++++++++++++-
13 src/library/fetch.h | 3 ++-
14 src/update.c | 16 ++++++++++++----
15 3 files changed, 41 insertions(+), 6 deletions(-)
16
17diff --git a/src/library/fetch.c b/src/library/fetch.c
18index 06d4b30..0fe6d76 100644
19--- a/src/library/fetch.c
20+++ b/src/library/fetch.c
21@@ -37,13 +37,37 @@ static size_t write_func(void *ptr, size_t size, size_t nmemb, struct fetch_t *f
22 return fwrite(ptr, size, nmemb, f->f);
23 }
24
25-FetchStatus fetch_uri(const char *uri, const char *target, bool verbose)
26+struct percent_t {
27+ unsigned int start;
28+ unsigned int end;
29+};
30+
31+static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow)
32+{
33+ (void) ultotal;
34+ (void) ulnow;
35+
36+ struct percent_t *percent = (struct percent_t *) ptr;
37+
38+ if (dltotal && percent && percent->end >= percent->start) {
39+ unsigned int diff = percent->end - percent->start;
40+ if (diff) {
41+ fprintf(stderr,"completed: %"CURL_FORMAT_CURL_OFF_T"%%\r", percent->start + (diff * dlnow / dltotal));
42+ }
43+ }
44+
45+ return 0;
46+}
47+
48+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
49+ unsigned int start_percent, unsigned int end_percent)
50 {
51 FetchStatus ret = FETCH_STATUS_FAIL;
52 CURLcode res;
53 struct stat st;
54 CURL *curl = NULL;
55 struct fetch_t *f = NULL;
56+ struct percent_t percent = { .start = start_percent, .end = end_percent };
57
58 curl = curl_easy_init();
59 if (!curl) {
60@@ -67,6 +91,8 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose)
61 }
62 if (verbose) {
63 (void)curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
64+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &percent);
65+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_callback_new);
66 }
67 res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)write_func);
68 if (res != CURLE_OK) {
69diff --git a/src/library/fetch.h b/src/library/fetch.h
70index 70c3779..4cce5d1 100644
71--- a/src/library/fetch.h
72+++ b/src/library/fetch.h
73@@ -28,7 +28,8 @@ typedef enum {
74 * @param verbose Whether to be verbose
75 * @return A FetchStatus, indicating the operation taken
76 */
77-FetchStatus fetch_uri(const char *uri, const char *target, bool verbose);
78+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose,
79+ unsigned int this_percent, unsigned int next_percent);
80
81 /**
82 * Attempt to extract the given gzipped file
83diff --git a/src/update.c b/src/update.c
84index 30fbe96..eaeeefd 100644
85--- a/src/update.c
86+++ b/src/update.c
87@@ -266,7 +266,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok)
88 }
89
90 static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db,
91- bool db_exist, bool verbose)
92+ bool db_exist, bool verbose,
93+ unsigned int this_percent, unsigned int next_percent)
94 {
95 const char nvd_uri[] = URI_PREFIX;
96 autofree(cve_string) *uri_meta = NULL;
97@@ -330,14 +331,14 @@ refetch:
98 }
99
100 /* Fetch NVD META file */
101- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose);
102+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent);
103 if (st == FETCH_STATUS_FAIL) {
104 fprintf(stderr, "Failed to fetch %s\n", uri_meta->str);
105 return -1;
106 }
107
108 /* Fetch NVD XML file */
109- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose);
110+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent);
111 switch (st) {
112 case FETCH_STATUS_FAIL:
113 fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str);
114@@ -459,10 +460,17 @@ bool update_db(bool quiet, const char *db_file)
115 for (int i = YEAR_START; i <= year+1; i++) {
116 int y = i > year ? -1 : i;
117 int rc;
118+ unsigned int start_percent = ((i+0 - YEAR_START) * 100) / (year+2 - YEAR_START);
119+ unsigned int end_percent = ((i+1 - YEAR_START) * 100) / (year+2 - YEAR_START);
120
121- rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet);
122+ if (!quiet)
123+ fprintf(stderr, "completed: %u%%\r", start_percent);
124+ rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet,
125+ start_percent, end_percent);
126 switch (rc) {
127 case 0:
128+ if (!quiet)
129+ fprintf(stderr,"completed: %u%%\r", end_percent);
130 continue;
131 case ENOMEM:
132 goto oom;
133--
1342.9.3
135
diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch b/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
deleted file mode 100644
index 458c0cc84e..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001
2From: Sergey Popovich <popovich_sergei@mail.ua>
3Date: Fri, 21 Apr 2017 07:32:23 -0700
4Subject: [PATCH] update: Compare computed vs expected sha256 digit string
5 ignoring case
6
7We produce sha256 digest string using %x snprintf()
8qualifier for each byte of digest which uses alphabetic
9characters from "a" to "f" in lower case to represent
10integer values from 10 to 15.
11
12Previously all of the NVD META files supply sha256
13digest string for corresponding XML file in lower case.
14
15However due to some reason this changed recently to
16provide digest digits in upper case causing fetched
17data consistency checks to fail. This prevents database
18from being updated periodically.
19
20While commit c4f6e94 (update: Do not treat sha256 failure
21as fatal if requested) adds useful option to skip
22digest validation at all and thus provides workaround for
23this situation, it might be unacceptable for some
24deployments where we need to ensure that downloaded
25data is consistent before start parsing it and update
26SQLite database.
27
28Use strcasecmp() to compare two digest strings case
29insensitively and addressing this case.
30
31Upstream-Status: Backport
32Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
33---
34 src/update.c | 2 +-
35 1 file changed, 1 insertion(+), 1 deletion(-)
36
37diff --git a/src/update.c b/src/update.c
38index 8588f38..3cc6b67 100644
39--- a/src/update.c
40+++ b/src/update.c
41@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data)
42 snprintf(&csum_data[idx], len, "%02hhx", digest[i]);
43 }
44
45- ret = streq(csum_meta, csum_data);
46+ ret = !strcasecmp(csum_meta, csum_data);
47
48 err_unmap:
49 munmap(buffer, length);
50--
512.11.0
52
diff --git a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch b/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
deleted file mode 100644
index 0774ad946a..0000000000
--- a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From ce64633b9733e962b8d8482244301f614d8b5845 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 22 Aug 2016 22:54:24 -0700
4Subject: [PATCH] Check for malloc_trim before using it
5
6malloc_trim is gnu specific and not all libc
7implement it, threfore write a configure check
8to poke for it first and use the define to
9guard its use.
10
11Helps in compiling on musl based systems
12
13Signed-off-by: Khem Raj <raj.khem@gmail.com>
14---
15Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/48]
16 configure.ac | 2 ++
17 src/core.c | 4 ++--
18 2 files changed, 4 insertions(+), 2 deletions(-)
19
20diff --git a/configure.ac b/configure.ac
21index d3b66ce..79c3542 100644
22--- a/configure.ac
23+++ b/configure.ac
24@@ -19,6 +19,8 @@ m4_define([json_required_version], [0.16.0])
25 m4_define([openssl_required_version],[1.0.0])
26 # TODO: Set minimum sqlite
27
28+AC_CHECK_FUNCS_ONCE(malloc_trim)
29+
30 PKG_CHECK_MODULES(CVE_CHECK_TOOL,
31 [
32 glib-2.0 >= glib_required_version,
33diff --git a/src/core.c b/src/core.c
34index 6263031..0d5df29 100644
35--- a/src/core.c
36+++ b/src/core.c
37@@ -498,9 +498,9 @@ bool cve_db_load(CveDB *self, const char *fname)
38 }
39
40 b = true;
41-
42+#ifdef HAVE_MALLOC_TRIM
43 malloc_trim(0);
44-
45+#endif
46 xmlFreeTextReader(r);
47 if (fd) {
48 close(fd);
49--
502.9.3
51