diff options
| author |   Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> | 2019-07-18 14:41:19 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-18 23:34:41 +0100 |
| commit | 78de2cb39d74b030cd4ec811bf6f9a6daa003d19 (patch) | |
| tree | 7a5c9c81910a40962024d0761a1bcfe397fca268 /meta/classes/cve-check.bbclass | |
| parent | 7069302a4ccbb5b72e1902f284cf078516fd7294 (diff) | |
| download | openembedded-core-contrib-78de2cb39d74b030cd4ec811bf6f9a6daa003d19.tar.gz | |
cve-update-db-native: Remove hash column from database.
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 512d4c7302..c00d2910be 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" @@ -200,11 +200,11 @@ def check_cves(d, patched_cves): c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) for row in c: - cve = row[1] - version_start = row[4] - operator_start = row[5] - version_end = row[6] - operator_end = row[7] + cve = row[0] + version_start = row[3] + operator_start = row[4] + version_end = row[5] + operator_end = row[6] if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) |