mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
52,829 Commits 38 Branches 623 Tags
47925dc5f93c19d44dcecacb3afb5893a851a4e4
Commit Graph

11 Commits

Author SHA1 Message Date
Konstantin Shemyak
2e07b1c0bb cve-check-tool: correctly exported web proxies 
The binary 'cve-check-update' downloads the CVE database from the Internet.
If the system is behind a web proxy, the download fails, as proxy-related
variables are not exported.
In turn, 'cve-check-tool' does not connect to the network and correspondingly
does not need exported proxies.

Exported all proxy-related environment variables to 'cve-check-update' and
removed the unneeded export from 'cve-check-tool'.

(From OE-Core rev: 17db210975c740aff12732c511cf4fb32b507365)

Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-02-24 10:31:46 +00:00
Mikko Rapeli
4efeceb8a6 cve-check-tool: change BB_NO_NETWORK error to a warning 
It is perfectly fine to execute cve_check tasks against a cached
CVE database during a BB_NO_NETWORK build.

(From OE-Core rev: acc9994a77972c49a98aabbfd579973885c95f10)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-09-11 17:30:29 +01:00
Jussi Kukkonen
a09aa675bb cve-check-tool: Fix progress bar patch for curl 7.55 
CURL_FORMAT_OFF_T does not seem to exist anymore, use
CURL_FORMAT_CURL_OFF_T instead. This works with old and new curl.

(From OE-Core rev: 5548f9c87c6a10cda2baf6f198762380e55f6ae2)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-08-19 22:15:38 +01:00
Peter Marko
5a9cc41a3b cve-check-tool: fix crash on exceptions 
This fixes cve-check-tool crashes on exceptions.

(From OE-Core rev: 06bea09755ebda9bcfa49bf87249f80cb019157e)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-06-12 15:08:30 +01:00
Chen Qi
ef506f58da cve-check-tool: backport a patch to make CVE checking work 
CVE checking in OE didn't work as do_populate_cve_db failed with the following
error message.

  [snip]/downloads/CVE_CHECK/nvdcve-2.0-2002.xml is not consistent

Backport a patch to fix this error.

(From OE-Core rev: ee55b5685aaa4be92d6d51f8641a559d4e34ce64)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 14:01:48 +01:00
Jussi Kukkonen
d887c24d5a cve-check-tool: Use CA cert bundle in correct sysroot 
Native libcurl looks for CA certs in the wrong place by
default.
* Add patch that allows overriding the default CA certificate
  location. Patch is originally from meta-security-isafw.
* Use the new --cacert to set the correct CA bundle path

(From OE-Core rev: 73bd11d5190a072064128cc13b4537154d07b129)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-02-15 09:29:56 -08:00
Jussi Kukkonen
ea616d1226 cve-check-tool: Fixes for recipe sysroots 
* Use --enable-relative-plugins so cve-check-tool looks for
  loadable modules relative to binary location instead of
  hard-coding a wrong sysroot location
* do_populate_cve_db() assumes that the binary cve-check-update is in
  the sysroot. Ensure that this is true by adding a task dependency

(From OE-Core rev: 2da6b01893d0afe8750bd0b12a8d55aafa82f58c)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-02-15 09:29:56 -08:00
Alexander Kanavin
2fda4c9b2e cve-check-tool: fix upstream version check 
(From OE-Core rev: 4f96180ef525ad2b2cad935bd7253a5a0a079ff4)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-10-28 16:15:18 +01:00
André Draszik
e01466f91c cve-check-tool: report progress when downloading CVE database 
We add a patch to report the progress, and at the same time
inform bitbake that progress can be extracted via the simple
'percent' progress handler.

(From OE-Core rev: 145a29ca99d9fec5eff97d77c8cff6356fe88ba5)

Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-30 16:51:15 +01:00
André Draszik
0466c81f91 cve-check-tool: convert do_populate_cve_db() from python to sh 
This will allow us to easily incorporate progress support
via bb.process.run()

(From OE-Core rev: 1bf0137ac84e5d324fd84dadfa962fbc166b5d4b)

Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-30 16:51:15 +01:00
Mariano Lopez
189673244b cve-check-tool: Add recipe 
cve-check-tool is a program for public CVEs checking.
This tool also seek to determine if a vulnerability has
been addressed by a patch.

The recipe also includes the do_populate_cve_db task
that will populate the database used by the tool.

[YOCTO #7515]

(From OE-Core rev: 5deadfe634638b99420342950bc544547f7121dc)

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-09-16 15:24:02 +01:00