diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2023-03-29 12:02:56 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-04-01 11:36:26 +0100 |
commit | 15dc92a4b19baedbb9bfa95fbe2c8b6a7c9987c8 (patch) | |
tree | e0724c7e005cb996ffc793a275ed8538ae7bd117 /meta/classes/cve-check.bbclass | |
parent | d59756912cd450b0af3d8893b822c66dafe42544 (diff) | |
download | poky-15dc92a4b19baedbb9bfa95fbe2c8b6a7c9987c8.tar.gz |
cve-update-nvd2-native: new CVE database fetcher
Add new fetcher for the NVD database using the 2.0 API [1].
The implementation changes as little as possible, keeping the current
database format (but using a different database file for the transition
period), with a notable exception of not using the META table.
Minor changes that could be visible:
- the database starts in 1999 instead of 2002
- the complete fetch is longer (30 minutes typically)
[1] https://nvd.nist.gov/developers/vulnerabilities
(From OE-Core rev: fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5e2da56046..bd9e7e7445 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}" | |||
32 | CVE_VERSION ??= "${PV}" | 32 | CVE_VERSION ??= "${PV}" |
33 | 33 | ||
34 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 34 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
35 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" | 35 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" |
36 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" | 36 | CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" |
37 | 37 | ||
38 | CVE_CHECK_LOG ?= "${T}/cve.log" | 38 | CVE_CHECK_LOG ?= "${T}/cve.log" |
@@ -161,7 +161,7 @@ python do_cve_check () { | |||
161 | } | 161 | } |
162 | 162 | ||
163 | addtask cve_check before do_build | 163 | addtask cve_check before do_build |
164 | do_cve_check[depends] = "cve-update-db-native:do_fetch" | 164 | do_cve_check[depends] = "cve-update-nvd2-native:do_fetch" |
165 | do_cve_check[nostamp] = "1" | 165 | do_cve_check[nostamp] = "1" |
166 | 166 | ||
167 | python cve_check_cleanup () { | 167 | python cve_check_cleanup () { |