<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/classes/cve-check.bbclass, branch yocto-3.4.3</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-3.4.3</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-3.4.3'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2022-03-10T16:39:50+00:00</updated>
<entry>
<title>Revert "cve-check: add lockfile to task"</title>
<updated>2022-03-10T16:39:50+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross@burtonini.com</email>
</author>
<published>2022-02-23T12:54:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9b0407c45cac8a0857cc0c0279c7870ae03ac050'/>
<id>urn:sha1:9b0407c45cac8a0857cc0c0279c7870ae03ac050</id>
<content type='text'>
Now that all of the functions in cve-check open the database read-only,
we can remove this lockfile.

This means cve-check can run in parallal again, improving runtimes
massively.

This reverts commit d55fbf4779483d2cfd71df78d0f733b599fef739.

(From OE-Core rev: ecec5339a35f0578669642fc72cbaad2f83bb272)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit d3d3e7b324698ec3e6fce1951aba389805f3edd3)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: get_cve_info should open the database read-only</title>
<updated>2022-03-10T16:39:50+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross@burtonini.com</email>
</author>
<published>2022-02-23T12:54:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=16b4a5c2cbcad0edee3a36f90b1c713ded0dde7a'/>
<id>urn:sha1:16b4a5c2cbcad0edee3a36f90b1c713ded0dde7a</id>
<content type='text'>
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db.  However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.

(From OE-Core rev: 3c79237085169b96cc56910b08263437cad09e4d)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: create directory of CVE_CHECK_MANIFEST before copy</title>
<updated>2022-02-24T11:12:39+00:00</updated>
<author>
<name>Stefan Herbrechtsmeier</name>
<email>stefan.herbrechtsmeier@weidmueller.com</email>
</author>
<published>2022-02-02T07:35:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=69c71187f3dc61b7da412ceaeaebccb690c4bd10'/>
<id>urn:sha1:69c71187f3dc61b7da412ceaeaebccb690c4bd10</id>
<content type='text'>
Create directory of the CVE_CHECK_MANIFEST variable before copy to it,
so that the variable can use an arbitrary directory name.

(From OE-Core rev: 74888f3ba0c31d635930d94b066750e5440cc906)

Signed-off-by: Stefan Herbrechtsmeier &lt;stefan.herbrechtsmeier@weidmueller.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 9829c16301bf2dce39fa046401a984f112fa0322)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: add lockfile to task</title>
<updated>2022-01-19T11:11:57+00:00</updated>
<author>
<name>Konrad Weihmann</name>
<email>kweihmann@outlook.com</email>
</author>
<published>2022-01-07T09:48:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=79a6976be6a69a2c9f21d99b30d5a04310a94ada'/>
<id>urn:sha1:79a6976be6a69a2c9f21d99b30d5a04310a94ada</id>
<content type='text'>
this should prevent running into the very rare error
sqlite3.OperationalError: attempt to write a readonly database

As highlighted by https://www.sqlite.org/faq.html#q5
it is likely that the adapter won't allow use multiple exec calls
at the same time.

So it's best to prevent multiple accesses at a time, by reusing
the already in place CVE_CHECK_DB_FILE_LOCK

YOCTO #14110

(From OE-Core rev: 53dc9b10eb5f064c68120337126f1542c1e0c832)

Signed-off-by: Konrad Weihmann &lt;kweihmann@outlook.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 677f5741bd265be49d4a5bb933b3e8d8c4eec653)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>classes/cve-check: Move get_patches_cves to library</title>
<updated>2021-08-13T13:44:06+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>JPEWhacker@gmail.com</email>
</author>
<published>2021-08-11T14:51:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fa6c07bc1a585f204dbdc28704f61448edb8fdc8'/>
<id>urn:sha1:fa6c07bc1a585f204dbdc28704f61448edb8fdc8</id>
<content type='text'>
Moving the function will allow other classes to capture which CVEs have
been patched, in particular SBoM generation.

Also add a function to capture the CPE ID from the CVE Product and
Version

(From OE-Core rev: 75d34259a715120be1d023e4fd7b6b4b125f2443)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: remove deprecated CVE_CHECK_CVE_WHITELIST</title>
<updated>2021-08-12T05:26:15+00:00</updated>
<author>
<name>Michael Opdenacker</name>
<email>michael.opdenacker@bootlin.com</email>
</author>
<published>2021-08-06T10:53:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a99473976d9dae0e5e446f696d3176a09a2fb61f'/>
<id>urn:sha1:a99473976d9dae0e5e446f696d3176a09a2fb61f</id>
<content type='text'>
This variable has been deprecated since Yocto Project version 3.0.

(From OE-Core rev: f8ac58568b2dceef54a743369460019b3a3eeccd)

Signed-off-by: Michael Opdenacker &lt;michael.opdenacker@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: improve comment about CVE patch file names</title>
<updated>2021-08-06T05:34:58+00:00</updated>
<author>
<name>Michael Opdenacker</name>
<email>michael.opdenacker@bootlin.com</email>
</author>
<published>2021-08-05T16:50:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ae55dea68d2e0bde2a1ed02e78dc55c2f420cf37'/>
<id>urn:sha1:ae55dea68d2e0bde2a1ed02e78dc55c2f420cf37</id>
<content type='text'>
(From OE-Core rev: 8aa613480663e11ecc62278d8c57ca719eb23899)

Signed-off-by: Michael Opdenacker &lt;michael.opdenacker@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: update link to NVD website for CVE details</title>
<updated>2021-08-06T05:34:58+00:00</updated>
<author>
<name>Michael Opdenacker</name>
<email>michael.opdenacker@bootlin.com</email>
</author>
<published>2021-08-05T15:51:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4c28645c04ff3f51141a5fa3032353cac6c266c0'/>
<id>urn:sha1:4c28645c04ff3f51141a5fa3032353cac6c266c0</id>
<content type='text'>
The old URL schema
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-ID
now redirects to
https://nvd.nist.gov/vuln/detail/CVE-ID

(From OE-Core rev: 57adb57a9d9b08c08ab606ec7b561792e4f4ff2d)

Signed-off-by: Michael Opdenacker &lt;michael.opdenacker@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>cve-check: fix comments</title>
<updated>2021-08-06T05:34:58+00:00</updated>
<author>
<name>Michael Opdenacker</name>
<email>michael.opdenacker@bootlin.com</email>
</author>
<published>2021-08-05T15:51:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fce14b90e302fed5f2b9276ae3f3efd0c9eecfd5'/>
<id>urn:sha1:fce14b90e302fed5f2b9276ae3f3efd0c9eecfd5</id>
<content type='text'>
This implements various fixes in comments in cve-check.bbclass
In particular, the "whitlisted" typo is important as the "whitelisted"
word is going to be replaced in a near future.

(From OE-Core rev: 5eecd2bf942254d08c252388594e5ec7ae330f45)

Signed-off-by: Michael Opdenacker &lt;michael.opdenacker@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Convert to new override syntax</title>
<updated>2021-08-02T14:44:10+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2021-07-28T22:28:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bb6ddc3691ab04162ec5fd69a2d5e7876713fd15'/>
<id>urn:sha1:bb6ddc3691ab04162ec5fd69a2d5e7876713fd15</id>
<content type='text'>
This is the result of automated script conversion:

scripts/contrib/convert-overrides.py &lt;oe-core directory&gt;

converting the metadata to use ":" as the override character instead of "_".

(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
