cve-update-db-native: Remove hash column from database.

djb2 hash algorithm was found to do collisions, so the database was sometime missing data. Remove this hash mechanism, clear and populate elements from scratch in PRODUCTS table if the current year needs an update. (From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19) (From OE-Core rev: e6541c6add1714938a81cca394886893cf24cdb0) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> 2019-11-06 17:37:36 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-11-07 19:47:26 +0000
commit: 731e27f75eb513a064d9b074ed14497b40ffc729 (patch)
tree: 3286b166e65b2cf92c6ece6bc3fa6b9c2c435422 /meta/classes
parent: 1fd5cfa59d191bd11cc57dffb6c6e381d6abac60 (diff)
download: poky-731e27f75eb513a064d9b074ed14497b40ffc729.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 512d4c7302..c00d2910be 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
            c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
        for row in c:
-            cve = row[1]
+            cve = row[0]
-            version_start = row[4]
+            version_start = row[3]
-            operator_start = row[5]
+            operator_start = row[4]
-            version_end = row[6]
+            version_end = row[5]
-            operator_end = row[7]
+            operator_end = row[6]
            if cve in cve_whitelist:
                bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
author	Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>	2019-11-06 17:37:36 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-07 19:47:26 +0000
commit	731e27f75eb513a064d9b074ed14497b40ffc729 (patch)
tree	3286b166e65b2cf92c6ece6bc3fa6b9c2c435422 /meta/classes
parent	1fd5cfa59d191bd11cc57dffb6c6e381d6abac60 (diff)
download	poky-731e27f75eb513a064d9b074ed14497b40ffc729.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
26	CVE_VERSION ??= "${PV}"	26	CVE_VERSION ??= "${PV}"
27		27
28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"	28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"	29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
30		30
31	CVE_CHECK_LOG ?= "${T}/cve.log"	31	CVE_CHECK_LOG ?= "${T}/cve.log"
32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"	32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
200	c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))	200	c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
201		201
202	for row in c:	202	for row in c:
203	cve = row[1]	203	cve = row[0]
204	version_start = row[4]	204	version_start = row[3]
205	operator_start = row[5]	205	operator_start = row[4]
206	version_end = row[6]	206	version_end = row[5]
207	operator_end = row[7]	207	operator_end = row[6]
208		208
209	if cve in cve_whitelist:	209	if cve in cve_whitelist:
210	bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))	210	bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))