cve-update: Keep mtime stamp in the database itself

This should help to avoid problems that will occur if the modification time of database file itself is altered e.g. by unassociated process(es) on the file system which hosts the database file. Since this change updates the database structure by adding a new table, bump the 'minor' version number in database file names to enforce full database fetch. This should also iron out e.g. situation where the database might have inconspicuously omitted entries due to way in which the mtime of database file itself was relied upon. (From OE-Core rev: 740b66cc7a4784b2f85f3a6a7cf8c21b7ba5db77) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Niko Mauno <niko.mauno@vaisala.com> 2025-11-04 08:33:33 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-11-07 13:15:35 +0000
commit: 0e2b42c8da4fdd2064601fadb4ae0753057f6e1e (patch)
tree: 381500bbd24deb1c0223ff913c94acec30845c25 /meta/classes/cve-check.bbclass
parent: 26fbfb432cce1e8e4e9a136bdb60fba538d92c84 (diff)
download: poky-0e2b42c8da4fdd2064601fadb4ae0753057f6e1e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 259c699af2..7252c4ecdc 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -35,7 +35,7 @@ CVE_VERSION ??= "${PV}"
 NVD_DB_VERSION ?= "FKIE"
 # Use different file names for each database source, as they synchronize at different moments, so may be slightly different
-CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-1.db'}"
+CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-2.db'}"
 CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"
 CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
author	Niko Mauno <niko.mauno@vaisala.com>	2025-11-04 08:33:33 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-11-07 13:15:35 +0000
commit	0e2b42c8da4fdd2064601fadb4ae0753057f6e1e (patch)
tree	381500bbd24deb1c0223ff913c94acec30845c25 /meta/classes/cve-check.bbclass
parent	26fbfb432cce1e8e4e9a136bdb60fba538d92c84 (diff)
download	poky-0e2b42c8da4fdd2064601fadb4ae0753057f6e1e.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 259c699af2..7252c4ecdc 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -35,7 +35,7 @@ CVE_VERSION ??= "${PV}"
35	NVD_DB_VERSION ?= "FKIE"	35	NVD_DB_VERSION ?= "FKIE"
36		36
37	# Use different file names for each database source, as they synchronize at different moments, so may be slightly different	37	# Use different file names for each database source, as they synchronize at different moments, so may be slightly different
38	CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-1.db'}"	38	CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-2.db'}"
39	CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"	39	CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}"
40	CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"	40	CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
41	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"	41	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"