mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity

cve-update-db-native: Remove hash column from database.

Browse Source 
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.

(From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19)

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Pierre Le Magourou
2019-07-18 14:41:19 +02:00
committed by Richard Purdie
parent 4b8a6f4929
commit 050a96fe03
2 changed files with 13 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/cve-check.bbclass
+6 -6
View File
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve.db"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
CVE_CHECK_LOG ?= "${T}/cve.log"
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
@@ -200,11 +200,11 @@ def check_cves(d, patched_cves):
c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,))
for row in c:
cve = row[1]
version_start = row[4]
operator_start = row[5]
version_end = row[6]
operator_end = row[7]
cve = row[0]
version_start = row[3]
operator_start = row[4]
version_end = row[5]
operator_end = row[6]
if cve in cve_whitelist:
bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))