cve-update-db-native: Remove hash column from database.

djb2 hash algorithm was found to do collisions, so the database was sometime missing data. Remove this hash mechanism, clear and populate elements from scratch in PRODUCTS table if the current year needs an update. (From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> 2019-07-18 14:41:19 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-19 08:41:40 +0100
commit: 050a96fe030f5669898e8cc6589d37b1e3da365b (patch)
tree: f65ed3eaa95003459e624fec75eaa588dc41cce4 /meta/classes
parent: 4b8a6f4929eb2b843fa237e21fc5c5dce3b1f9f0 (diff)
download: poky-050a96fe030f5669898e8cc6589d37b1e3da365b.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 512d4c7302..c00d2910be 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
            c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
        for row in c:
-            cve = row[1]
+            cve = row[0]
-            version_start = row[4]
+            version_start = row[3]
-            operator_start = row[5]
+            operator_start = row[4]
-            version_end = row[6]
+            version_end = row[5]
-            operator_end = row[7]
+            operator_end = row[6]
            if cve in cve_whitelist:
                bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
author	Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>	2019-07-18 14:41:19 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-19 08:41:40 +0100
commit	050a96fe030f5669898e8cc6589d37b1e3da365b (patch)
tree	f65ed3eaa95003459e624fec75eaa588dc41cce4 /meta/classes
parent	4b8a6f4929eb2b843fa237e21fc5c5dce3b1f9f0 (diff)
download	poky-050a96fe030f5669898e8cc6589d37b1e3da365b.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
26	CVE_VERSION ??= "${PV}"	26	CVE_VERSION ??= "${PV}"
27		27
28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"	28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"	29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
30		30
31	CVE_CHECK_LOG ?= "${T}/cve.log"	31	CVE_CHECK_LOG ?= "${T}/cve.log"
32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"	32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
200	c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))	200	c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
201		201
202	for row in c:	202	for row in c:
203	cve = row[1]	203	cve = row[0]
204	version_start = row[4]	204	version_start = row[3]
205	operator_start = row[5]	205	operator_start = row[4]
206	version_end = row[6]	206	version_end = row[5]
207	operator_end = row[7]	207	operator_end = row[6]
208		208
209	if cve in cve_whitelist:	209	if cve in cve_whitelist:
210	bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))	210	bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))