summaryrefslogtreecommitdiffstats
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorPierre Le Magourou <pierre.lemagourou@softbankrobotics.com>2019-07-18 14:41:19 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-19 08:41:40 +0100
commit050a96fe030f5669898e8cc6589d37b1e3da365b (patch)
treef65ed3eaa95003459e624fec75eaa588dc41cce4 /meta/classes/cve-check.bbclass
parent4b8a6f4929eb2b843fa237e21fc5c5dce3b1f9f0 (diff)
downloadpoky-050a96fe030f5669898e8cc6589d37b1e3da365b.tar.gz
cve-update-db-native: Remove hash column from database.
djb2 hash algorithm was found to do collisions, so the database was sometime missing data. Remove this hash mechanism, clear and populate elements from scratch in PRODUCTS table if the current year needs an update. (From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass12
1 files changed, 6 insertions, 6 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 512d4c7302..c00d2910be 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
26CVE_VERSION ??= "${PV}" 26CVE_VERSION ??= "${PV}"
27 27
28CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" 28CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
29CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db" 29CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
30 30
31CVE_CHECK_LOG ?= "${T}/cve.log" 31CVE_CHECK_LOG ?= "${T}/cve.log"
32CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" 32CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
200 c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) 200 c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
201 201
202 for row in c: 202 for row in c:
203 cve = row[1] 203 cve = row[0]
204 version_start = row[4] 204 version_start = row[3]
205 operator_start = row[5] 205 operator_start = row[4]
206 version_end = row[6] 206 version_end = row[5]
207 operator_end = row[7] 207 operator_end = row[6]
208 208
209 if cve in cve_whitelist: 209 if cve in cve_whitelist:
210 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) 210 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))