From patchwork Sun Nov 24 23:50:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180133 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443103ilf; Sun, 24 Nov 2019 15:51:08 -0800 (PST) X-Google-Smtp-Source: APXvYqzkfjE83xOYqXkX7HSkNvJdJjPxoyBmcRaumvqTM/RBPtW6sU3L12qbUNdP0MLfBS3+9dcb X-Received: by 2002:a63:4721:: with SMTP id u33mr29213812pga.159.1574639467894; Sun, 24 Nov 2019 15:51:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639467; cv=none; d=google.com; s=arc-20160816; b=oYiX4PBYGoYtvTi26yDL51gjLa1KxMxoC7igpLcXiQp/X5Tm8Sy+GP8XWc4ss56K8V pBu87BHnzqRu2Sbus2yqz1tpl9J2CNBr8JrUL4cvVWNcuy4FFvVy+FExjVBx6/+xft8b pVBjo/WwZm/DLK1K8Uj5xjrLSZl/nXPbRF5h0mYTl1MzVoshv3gA0aLLKee6oXQZzHcX 1eMSx6GwKh4z+adgGLh8B0C35sDdZ+tGT58v4A83QafDMAVbIhE+voqZapjCRs707iIW fBPpHVaQMWGugWSPs2lz9HelvAE+IQ5tRTsEjMv5tY+TPaVvzbNCgITlHmRGfEST/wWb 32ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=6dmW8NxNtZqL87I4EmAT0H1zJ/+gTbeBxHeIEH1x+nM=; b=zL+Q6kiTcAdiWzWDO892TWGyL1vFKmlm3oGoRajMe0Psj9XFWqRfoxTlwtU/FC7VzG W6fmThrfL5vOo1/Jh+wYns+o3it0U6FqJr756X7/uKe2LNXA+03pHmpLNj5MBEwL0y5d 2d8X1o1KYrm26CDEwSG6F5g82lMlI0OZVPJev3+AWBlYFtfxdLe6tdbRjNr1kKpSjvuy qEczVRmrW8TKVRNLmZ+epypb++FofJdAsXvJUZfYZ0I9KG8H2lyASKghftHOoLdRCAkx 6MoXGcUqwQX/uRfw/wvJiQWqJl0Ah8CqYKI2x4VfG6jrw2H/gn2WFSbUZrT/JnpXA2u2 kXkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=troxKw9c; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id x27si5847206pfq.247.2019.11.24.15.51.07; Sun, 24 Nov 2019 15:51:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=troxKw9c; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 993DD7FC5B; Sun, 24 Nov 2019 23:51:02 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mail.openembedded.org (Postfix) with ESMTP id EDD347FBF9 for ; Sun, 24 Nov 2019 23:50:44 +0000 (UTC) Received: by mail-pl1-f170.google.com with SMTP id s10so5611990plp.2 for ; Sun, 24 Nov 2019 15:50:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=fpjJ1oG4eLQ/WQlT/fCoQGFzfHyNGL4y7EoLl7wFyD8=; b=troxKw9cF+cqgrQEPb4jlmLPW+7riR4IGlCApABqoAtyjWrIlVIT3ZReKX9RLIu5d9 ycbeFti2ISMW9w7eFQ1S4mP4Rh6cT3fiCTKTfQYSJsh0CWS/9lQheXPQTNuQ7esFlTFp AuWv8eTuGhxgXxJT0vRbmxncPZNdOMV+WPQhSESwAj9DBaLe/I8/fIOtTv224R9E1QFm JCKJqNRHgGba+Ejdzfp64jymdBBwDiSrYSpcWuYedaXzsjGbU9UZX6g5KpuDMymmKewg 5ywVLb5ZPdTSAEGulwO6+uGrU7+qheFPG5ETH+4VBrOxy1J2WPUXviELiU3usapRpKAc noCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=fpjJ1oG4eLQ/WQlT/fCoQGFzfHyNGL4y7EoLl7wFyD8=; b=Bc8YMjEHzHOkTZLRb+MyCm3fM/K/Y4c5xNxg4dUKnqrL3Tcmt+l5QXrCGy48/nK2k8 o+1Uo8/AFHJe5ZFB9vrxREkfHWJLqE/f9+3HVC0+CJkMbdoW4NFI862rCHsK6/FfApaV P2AraGUR7fih0cSktPsh5PDlbqjR4n22uXlMmHhyT7tcfBmyl+hs+gKw72SRtsGNTzhw PCHLnMS+12iwbFw2LXNxzb95nVyBn4qJlw0tMIWiX/r9cmWtA3UF4aLXr6p3na5QVHyq 9hp1NupiOQBIONPHWWW3jnrGqeNLjKsuIkoYVSBHupQ4ej3O1pRSPL0Plmxnf94K9Fey 23pQ== X-Gm-Message-State: APjAAAXqgbyYbW1DD5i9CQw3O5kPwvv6QMXD53g5EA5NuznBm7Du8G7b 9F6Q7aoYtnLMzSat37xGhaMfBFmq X-Received: by 2002:a17:90a:bc41:: with SMTP id t1mr35831378pjv.89.1574639445903; Sun, 24 Nov 2019 15:50:45 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:45 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:07 -0800 Message-Id: <91948de716d5eb03c1c3bdaca7bc95d9159ab1f4.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 02/35] libsoup: set CVE_PRODUCT X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal --- meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb | 2 ++ 1 file changed, 2 insertions(+) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb index 357f2fd..3a735cf 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb @@ -15,6 +15,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ SRC_URI[md5sum] = "66c2ae89d6031b01337d78a2c57c75d5" SRC_URI[sha256sum] = "bd2ea602eba642509672812f3c99b77cbec2f3de02ba1cc8cb7206bf7de0ae2a" +CVE_PRODUCT = "libsoup" + S = "${WORKDIR}/libsoup-${PV}" inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc From patchwork Sun Nov 24 23:50:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180134 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443170ilf; Sun, 24 Nov 2019 15:51:14 -0800 (PST) X-Google-Smtp-Source: APXvYqz8ypODKExgfaEPXqvU7V2W0jPDXIR2W76ae21GFNcGV2cFcG+CBsg5XQlf7rq3d0WozDky X-Received: by 2002:a17:902:690a:: with SMTP id j10mr25794727plk.67.1574639474034; Sun, 24 Nov 2019 15:51:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639474; cv=none; d=google.com; s=arc-20160816; b=z28Ol6nUuCdqUEm4UQDeoVHgtCZNSSIcV7+zcC/1Ng1QacOXzdZTZCCoW6y0JofCzk EJD6c/dhQAD0jqm+PKWfwVle+hH2UuFRZl4zFArgrM6O+IHzTCichlfLD/xSYwonzSZo uWrj9v32HLzROyVxKERfdCQT1yE0oGZd9QAtde9GN52Eo+q8VYd1gZT4BzJtB0LtQg9g OWKB9OW5Qzx4AC/+bxuKZD/u0VfEpxVmiea87n4jqg/lDWG7GREauL8x+6LXXCFJ0ZxR 1WfjCbtcqDRC2ePnjOXMbCw4kLEiBlvTUupy/aSnkkTyagjaznSGuiy1aX4jRXd7uPke UKKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=2EET2NOoIXGthkAt5pNjgAKLVJhOYkXSFkR0LUSsi0U=; b=wHMLuL9MSc6GZGhRYZpEXJiNsxjX05VtpZG8SodP2cbGVCSIwOIVV7mHapLATDMMoy aFWULAlIsVMOJVPoCHTuydZXk+7ABLCMc/E5XN6lBY2NbFFRT9zS8FSGriHmklOZcq35 dXjOH0sC4kMGUmX5rc42JrtoUpI3J/gu8OHI63gOOq9nu61RcG2Hyoh1gsU1SITjU7T2 Cm8efzhg/oB5w3s1O6/h2uuOLjuCsMomKTWavRnA2XTIymh5NdAVYRlfqcJbEzSWKMKW W2w70YMGWGC3NlV88wCdR1cHXJAKCUcraa+Bfcl4apT+z9Xbf6RYNFu/BkmwTDE5MysH 6kQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=eYuInl6U; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id y12si5507289pfe.138.2019.11.24.15.51.13; Sun, 24 Nov 2019 15:51:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=eYuInl6U; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id C41457FCB1; Sun, 24 Nov 2019 23:51:03 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mail.openembedded.org (Postfix) with ESMTP id CFF387FC42 for ; Sun, 24 Nov 2019 23:50:45 +0000 (UTC) Received: by mail-pj1-f51.google.com with SMTP id m71so5587102pjb.12 for ; Sun, 24 Nov 2019 15:50:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=urdAEMBZ6yRmHE0UtVFbdcYWbc+yJFsrlKjcLVC5Yuc=; b=eYuInl6UKyKQhQSc7wBUnXHFTwS8PveynwGa9/HsSufbnkKIsjxM+WEYJKTDxLnbax ef2T3lZPh8KFWdHJ4XjREgZ7HYdmjUQByREs7CDPpZtPOnLmgBqY4fYnIj8etq4YIF4Y jUmVmiaayZ96gOhy1WAjrzPtO0kIT8X0aVktZSDlFXivyikL88XgqR/1VRn6ErSEu6Yf +TRm4m0pGNi9dlgImCJVpmrJ975YgH+N5NEMi3yJTIJx7ePTcSEGSKEauw71sOhFvUli iNd1mqr9OvZ+H8NAuH/E4NXyzRel3/TMFkoVYCd9gzHpc+6ku+20SMI0hESMBrv64h/R 3XFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=urdAEMBZ6yRmHE0UtVFbdcYWbc+yJFsrlKjcLVC5Yuc=; b=nlY0H8er2u2GR4oc9yRN3MjerDnXpi54SRYvXAx3QbsAxcaihrkVL71Pg6MP2wigR3 0QPlSSes42FPjw6IonHJL4axXsy7lY+D5DN8j7OVLg5YTA/MhYFzSID73OcciW1xGoZV ctvaeZ98gunL2ifiO+EFGxIfZ509QM4NGeR68NFGsEGjhTbN6X0InxRpilyHMoztHBdC UTfFxGHzmgSPL5+lspAVTI2LpqR4igDZaevN8pp9K+c/pcZmVr59OV26W5O22KnS1T6j 8xgXfXlEVEybqDqAcqQwPVEVDDr6uNzGN2i2xO/nUo8xFdw9v9fuaF4oLwGge80s4CT2 OEQQ== X-Gm-Message-State: APjAAAVmlX+6GG5BGfkDiK+jNl25XKCrDM7zuJXOLObrR17RXtlqZlHi DkFRiEfu/x+hTqiLrE8czDX3YQh9 X-Received: by 2002:a17:90a:fa96:: with SMTP id cu22mr35000351pjb.121.1574639446715; Sun, 24 Nov 2019 15:50:46 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:46 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:08 -0800 Message-Id: <923a8736ddaddce1fa611aea586b4d22a32bc7bd.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 03/35] cve-check: we don't actually need to unpack to check X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton The patch scanner works with patch files in the layer, not in the workdir, so it doesn't need to unpack. (From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/classes/cve-check.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 1c8b222..3326944 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -62,7 +62,7 @@ python do_cve_check () { } -addtask cve_check after do_unpack before do_build +addtask cve_check before do_build do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db" do_cve_check[nostamp] = "1" @@ -70,7 +70,6 @@ python cve_check_cleanup () { """ Delete the file used to gather all the CVE information. """ - bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE")) } From patchwork Sun Nov 24 23:50:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180135 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443235ilf; Sun, 24 Nov 2019 15:51:21 -0800 (PST) X-Google-Smtp-Source: APXvYqxBL1EVXKSzp98fOS8qpG2lTbUU9dzmfCum+AUfd7MOjJRkWeyg1KJaaPTBhf9A4JKLkpL/ X-Received: by 2002:aa7:9804:: with SMTP id e4mr31138612pfl.21.1574639481095; Sun, 24 Nov 2019 15:51:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639481; cv=none; d=google.com; s=arc-20160816; b=fhQ+2WSNjn7D/nON9Cc5HxYuNR/IZ6chH0AY5+7y0/Q3K8IAvMHn125lADx4RTSzU+ /JtYTs8VJ1kcQLOwk6L+6IXORV7CWFxO0UPudXxXDEyJ2Ziww/zWNn/4J/MMTYZ/1MqZ fT0uwPvjE8t2oMZ9rl1/yoaoROPc85QB92RT3Y13tOUoD750PL8ZCgXE5Rcy4uttWxWF QXrFxDJ+/1lHe0d6Yg0N5ElxzFmIjGeqQj3p2JRaeNmr5rS3OhFkWO3x0+X2Kniy7f9j UCww+aEhgfHNIbg+EFF+7Jwj3Mu+CdNOBzDotwT/zpCMel38Io72Unb1gPXlAY7DSHa0 fVkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=g8GCJZ5P0fAm9H+O717g/kw8xvFjkeg0UkiT9nfbexU=; b=uULmSfr+ZXTAGz4Qm9vaR4u4OEy97uGrJ1B4KtaxSoFuFVBwH06p5qD/WxJdn6Dedp cl5duGgjtzithW2cfWHS+cX4hFF5LS9a4blOYbhM2MgREBHm9Xr0shFsegwc17sSVYpk 6tSqP2SYdU68dtmdKS7Aj9CV0+wO1t+Mj0FT8ma5S1AjuUB8+G6hhmjFwe0xgYoy3hBu 2litJRZsN1/s6WcmbVjJz6bFgR1blKskZ1rlYKCp3fbnahOL0p0M1SceG35fEqI76hN9 RgvmhJwvXCzaQXGoQZjPqtLypxr1rnACrImDGwefjy4+3t6aMxz+QAL67XEcg2W5OCYH EDug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=gRjC1nKd; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id n199si6043404pfd.5.2019.11.24.15.51.20; Sun, 24 Nov 2019 15:51:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=gRjC1nKd; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 1101A7FCB8; Sun, 24 Nov 2019 23:51:05 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by mail.openembedded.org (Postfix) with ESMTP id AB1737FC0D for ; Sun, 24 Nov 2019 23:50:46 +0000 (UTC) Received: by mail-pg1-f195.google.com with SMTP id k1so6114160pgg.12 for ; Sun, 24 Nov 2019 15:50:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=m6WXuYliFc4NAHX2pyjpHeXX0Z/MRv1j6x95jeDeZpA=; b=gRjC1nKdRAlHj73gON4UkbXErDXPIqJL+ummzwaZPmSCZR6xloZA0ytLKq6n9KZGXv HzMLS8Q11xzxVY9JfM1GeGkRGhXnU95cwM9U5yghbFklvXfQEpVFza8YAypcTpnRfk+C vRym+ZGTG2fk5mQX2bjB74OPpJ58dIbfw53b8OmAz9tNMDj7K1kawUXiUsBia0TFQwxY RAYw2rnNx/V3Zw+3RaLTb80LC+hEO457zg3/l/e7FOIU2nGQYKgsgwh0XG+Z9Dep0Jss i2klR7c+WT8lEBkNz9wa4kOtjQ63zL2b8+HAtMkiXTrpgWrRAInJhUcTyVRatOKwnD0t kLFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=m6WXuYliFc4NAHX2pyjpHeXX0Z/MRv1j6x95jeDeZpA=; b=qe0608AQ7s07Wrjkyl9dLnf4Ck3R2vqBWLw8vQVUst7slq9zda3Kb3U8n7z2PUlYch wjOhDuHCaFk7DqcNOn+EHJKJm9HhE+drSphKxSFblrzr1YDw0RozWAZ2+pz3gg2UHjm4 c2yi4HMvauZ4c0xF588w9lsnUJfQsGZav3mR/TQ+rSIVeWe6fVxIAljf1JK/p46iN87S oieBD7GRUFOIVYyjLEh9baHh5y7pewImK2l0nFmzVj0shQsqSWyaMf5LMk7/ojCoJBff UKgeINaFXuiosXiau2YQYSb6ZaPXImvE7zzjMAQOYHuo5C/TcitZy4M/IthaU46UfivM k+KA== X-Gm-Message-State: APjAAAX3A8APSFMJ+J8bf8jwlU4dwVy783zGoHXFZsOc/uHW0GI+WxqH pPinshCoyM0mohm2Qbv5MC7Z0GrX X-Received: by 2002:a65:46c1:: with SMTP id n1mr29562432pgr.257.1574639447592; Sun, 24 Nov 2019 15:50:47 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:47 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:09 -0800 Message-Id: <12300501f410c3d1e3c48f1c568ce4098cd3ef5a.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 04/35] cve-update-db-native: don't refresh more than once an hour X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-core/meta/cve-update-db-native.bb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 2c427a5..19875a4 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -31,8 +31,16 @@ python do_populate_cve_db() { db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK') db_file = os.path.join(db_dir, 'nvdcve_1.0.db') json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') - proxy = d.getVar("https_proxy") + # Don't refresh the database more than once an hour + try: + import time + if time.time() - os.path.getmtime(db_file) < (60*60): + return + except OSError: + pass + + proxy = d.getVar("https_proxy") if proxy: # instantiate an opener but do not install it as the global # opener unless if we're really sure it's applicable for all From patchwork Sun Nov 24 23:50:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180136 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443313ilf; Sun, 24 Nov 2019 15:51:29 -0800 (PST) X-Google-Smtp-Source: APXvYqw+5TpEkaSopIFK1v6SljSiqOU8tX4JlKkonN6mBUNKwnZsuqtdOYp7HphLpW5bEhgBwBuz X-Received: by 2002:a63:9d07:: with SMTP id i7mr11480194pgd.344.1574639488906; Sun, 24 Nov 2019 15:51:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639488; cv=none; d=google.com; s=arc-20160816; b=NP4QhEaWRL+XaCMZMSrcwn1VZqtHKfpChceNx0EIhmqihiaDlIs8ZK04wPUDlL/vwk E69YCZuwsuxpGfRduQ/naLE3S7uxMDNO+b256lclgc3fj4Wc+RDzdTjHt/LrFk4K67KW I142hn7+yLRR53PpPtNy/piuObPT1d9R3TU3CsiHGzcYN1JmNU5ipU6Wp5GdbQAbWDiC EAg9x50MvqUC3aaceoEQ/XvnlH2w+bWbbqsHDINDlCJpeo4u+ssL1BNCtcXImjz0MBNG wxeXBYdFEU/3M2IoWeqqt6+FcSBcyzN2uvXdaunp4iB0pKfQBzLqbUV79CQ4wEqi6XOT IB/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=VZDttuIl3pzvSWzI49TRHuOBRC5/1tOWcuLIh9jqmhc=; b=qKE/CyVIgi8McAzY8JHChLw8BWE0KcZGFDyd7sVAhPE+aJiJ9VdtgxyHP9NlzACgbC 2UCnQ0EhuuQSciRI60KUSVECghiH635M2XO6Sh+NpGH88TUYug2OKmxKxQZ8Mk3aVrEP 7jnYLQxLEEOhoGQ9Kz7N2Cazjno9mD53KLw5QK2N3MChR99EtaVc9r/b40T3iOsTukIQ Kx2fEx5yUAjI/IWWFq+YjF6FX5iVmfMTLQ9T2vbSewzxfAa4GUlAbU5/K6fz1BMz0+c9 6KL2Omb4udcDFZD6lGH4sF/XMKVVweNHpkzAQSQyVI5piPgyp+gxVcL92OhlPcJ8tAWt 4xzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=b6hgeCVC; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id w197si6023694pfd.106.2019.11.24.15.51.28; Sun, 24 Nov 2019 15:51:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=b6hgeCVC; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 4DA497FCC0; Sun, 24 Nov 2019 23:51:06 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mail.openembedded.org (Postfix) with ESMTP id AB0317FC0A for ; Sun, 24 Nov 2019 23:50:47 +0000 (UTC) Received: by mail-pj1-f48.google.com with SMTP id w8so5585005pjh.11 for ; Sun, 24 Nov 2019 15:50:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=TqNrn9U3D+Iq4V2VGhGE7YQXx3GiAI4JY7mRHk1+n48=; b=b6hgeCVCvAFDgfN9hTS+MnIFmdUW6XjhoJBdxfvdCLrx1MVz9btMuwtTW49Zbm0VY1 4QB4liCT6SmBM1Xs5bVBO67Y+5PNb6yID6u9g9qvXzBuCEtaaaqJMKCdroAPTGcJlzIE NKkKeFyESNa0zXxWGETnQ2AppG4zAWS5PDAQirs4/Xj0tzZ4hMn8DHG/xz+S3yms7f/y 2TdFCTkNcjnW8Hos5FalO12BOsWvkTvlfip01azpydTtsySvVPlGso66uwiPtPV0s/bo 11i70no/TL8CkA0KI0EvuDs46m6c6lQ5iMnT3+/2iyJ9UwAwYUWNRvqCyTl89v//s4wq +yGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=TqNrn9U3D+Iq4V2VGhGE7YQXx3GiAI4JY7mRHk1+n48=; b=UZ3LVl1WAMfRkJvysm5MrVWQB+VdlbsT0r5R3RYDttxrRerDS1eVyESvTNKiTjNQ55 LIfsklfZIQJmM9x3Yq1BYAn0jU3Ts2wE0vrIzLg9gT4feC2YLRapL0NExQ9axI4qbgOt lTiK95vi0wRZJk75RhJhjFKEZdjIVKtdc0mROIDdNCiVbP4oYvgpoLDBghVzviSVxvWX K0tPpgEzPmbHT26NcI7mwQYHni5dfJI4CGq208XIm00807BIc1RR1TcEwEzwt6Go060w EgCVcQihpljavidjWjNuWofz+FmrdudwRlfck4Cj48QGE+TxJj36yx6NpG3vQ9/smTXN PF/A== X-Gm-Message-State: APjAAAV0lz7tCGw/ZIa4Ut8rVAlpuzZ4QU9dA/cV/vtwgIi9pzGp0kiI kwWyeS8TBN7NoRVLjk+UD1iIGLw8 X-Received: by 2002:a17:90a:a00d:: with SMTP id q13mr34726932pjp.106.1574639448634; Sun, 24 Nov 2019 15:50:48 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:48 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:10 -0800 Message-Id: <00b322e35a7f5b95f3e3c5189796f7901ca596a1.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 05/35] cve-update-db-native: don't hardcode the database name X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Don't hardcode the database filename, there's a variable for this in cve-check.bbclass. (From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-core/meta/cve-update-db-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 19875a4..c15534d 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -28,8 +28,8 @@ python do_populate_cve_db() { BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" YEAR_START = 2002 - db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK') - db_file = os.path.join(db_dir, 'nvdcve_1.0.db') + db_file = d.getVar("CVE_CHECK_DB_FILE") + db_dir = os.path.dirname(db_file) json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') # Don't refresh the database more than once an hour From patchwork Sun Nov 24 23:50:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180137 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443382ilf; Sun, 24 Nov 2019 15:51:36 -0800 (PST) X-Google-Smtp-Source: APXvYqxGxo3Meig1GC0Lo+JlOjJbCtCAuzGPVt02aapIfMVuSIyEJSAd6/xt2JO1lTbeGTToqGDK X-Received: by 2002:a17:902:8494:: with SMTP id c20mr26118672plo.123.1574639495840; Sun, 24 Nov 2019 15:51:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639495; cv=none; d=google.com; s=arc-20160816; b=H5EWy1Ly44DwHaykvrUQZDo187r0473SIXIik5TCeQ4Zwm5YARzgrbPFt/Py4ONvp4 az7ikx0ejcjgvyYOITmuc71PBAkjeEQGsQc0uSEAP2rAYshJVK99Tr/jz9SBNVRMxYoX NtZUfjYmNjoHZLPa0GHIiDkq2Ek7mLvn2Bfdh7lsEM539p7v8dRaaK5KWSsHx0m9vbkg wTxCYcAeWJv4C7bErjs8S77tEpY1v6+QmvDJsUpUXOAC5AE1lcC0BnDCzUSfiM0u9Ac0 zQzpl9/AJJjhLvhZW6Bb/JDYq/Nm4jAN5dbopvbRQ69IcNevwD630GN98gVas/TcrrLF ITiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=R7hWQUFV4NHG2P8eB9afkYDZIsS/qbt98MuXkomFxlc=; b=ndLwl1SWD+nNlR06sjuS0+0F7uL2KJHpd61tQ+DhiK02rQTkL8bzZIGYxM1keFuBQ5 cYVhon5oGfiTM0Cs1MB/bjl4APN03mvK5WV9LRDb48pl+J3eLObFl5zcbC9c8JuAeZ5d JFkShlFIouzqy1ODYvOl54nPtSh00AhYdlIjkYLzZy3jiURmDnzjj6NSGwDUybYjCPj/ fDYw32p17Dg4O4QSFTpmchWAym5bu1Pha/NXmVcKzjgL2gBpfWiqqdN+wu8xhhI/USjn 20sQvNf5bb5xANRmL9CwCAHdQJhO/qsmnGRDje66eeHpG+14cZsOoQ6VI47ZtNlOgP+a zDqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Y5ghSVe/"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id az2si5174383plb.120.2019.11.24.15.51.35; Sun, 24 Nov 2019 15:51:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Y5ghSVe/"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 83A807FCC4; Sun, 24 Nov 2019 23:51:07 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mail.openembedded.org (Postfix) with ESMTP id 6A1757FC50 for ; Sun, 24 Nov 2019 23:50:48 +0000 (UTC) Received: by mail-pj1-f54.google.com with SMTP id cq11so5612172pjb.3 for ; Sun, 24 Nov 2019 15:50:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=Cg4ckRcTmWbznFYo1v+ip3JEdDP5iM/tv32hOxb5mXc=; b=Y5ghSVe/Eh+dbjaWzPMPl8PReaU97yq2WI3dUF5qOpaK02tvG/3MYbF9rhYAR9FNPq LibgDdFULmy4msChhFZEugaYetRtxrKAqYmfguM7kdOoVPEA3TT7mnh3InXS60rqRcw7 0CP9liRpMHJtVhe1epy81itWsEuyl46S9Kqz59sm5sJ/asDrotR/bL8oBQSnT1UK0lOa JbIifYAHG1NRBWNyhMBw2ywL5ia59msSBfsb7IWjYNSCB03NedjvAvBi64xPgdJeYvwe QzU6q2yhQrWeVrnebd3T/o8e/Gxu9zKTXwK4aYAJ+avsTS3poLr561PWPMrSgINHMM4C 2ueA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=Cg4ckRcTmWbznFYo1v+ip3JEdDP5iM/tv32hOxb5mXc=; b=Va5sA8UStPUaQ553O+Cy6hGF0it+MqFKdHcVW5sSPK641CAJIQ3KfZE8uYXIafjzLe DPuxTNiha3+YHunhiHmEG0hS3xHJZeLhaY+AM561St7rDKgF05dZP3/dHRpNvZ33KrIn 7sINjB6Rm/JFJyP6/F5I1ZkWUcxQOtAw4/L+d+eZyHWl/TYXHa4JjjnXffmrQLHcJAyH rbekayFZ14iiDJcysLV4HUvv38s1GV2nmV8ou8aAfV7cbOKqohkJB7B4gLQfhLI8g3Hf PZynv79rxNgpg6RpNTYZZupxSR+B0AvLrvSfa56S+3adIsLOO0rG8v+KOslqnsVsZN/o r8SA== X-Gm-Message-State: APjAAAUCHRSClOWgOCYLfZnKB+2nMSYg6ttXsMRpvm0/aI9AG2KzoUAP hBuhVeLANmriOwLqofildyXNNkF2 X-Received: by 2002:a17:902:bd03:: with SMTP id p3mr25075457pls.115.1574639449368; Sun, 24 Nov 2019 15:50:49 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:48 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:11 -0800 Message-Id: X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 06/35] cve-update-db-native: add an index on the CVE ID column X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Create an index on the PRODUCTS table which contains a row for each CPE, drastically increasing the performance of lookups for a specific CVE. (From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-core/meta/cve-update-db-native.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index c15534d..08b18f0 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -120,11 +120,14 @@ python do_populate_cve_db() { def initialize_db(c): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ VERSION_END TEXT, OPERATOR_END TEXT)") + c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") def parse_node_and_insert(c, node, cveId): # Parse children node if needed From patchwork Sun Nov 24 23:50:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180138 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443450ilf; Sun, 24 Nov 2019 15:51:43 -0800 (PST) X-Google-Smtp-Source: APXvYqwSXJVgni7iapNW31rz6PG9R9/mNegGIUgRcIbU1SsUuYkzg8aHJPKPYtxdC6TLgcj9y+zP X-Received: by 2002:a62:8748:: with SMTP id i69mr31397833pfe.224.1574639503608; Sun, 24 Nov 2019 15:51:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639503; cv=none; d=google.com; s=arc-20160816; b=bmYqJ/+x6Xt/xOAEllmbujwGRBkklFej0esHDySnQd/UxdcqgewCHf53auP6boKrR3 t/1IcU+9kWnBXy9nWbFZGkIFYx6+Bm1gOCKyBhlew5+HxUe36zqL0700dklpZcs2HGus DdYGxpJNYIxVurdbTVJaani65k8JMss27KrHwD0moRILKiA5Q6GWZJgNgrPqEESErs9f HYTWB6ERAN+VgFs+0+aYTog2AEN+qgNO28qdvCmuiHKX3f27EI7k82PvOY5cF1xMQTw6 8NKjQE24qhyx3TR9zrEhLZBezzgIqZlY7qHyYQAmHvcWji2gV95rCz1d+o+QLztD+d07 E63w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=1USudQKJstZR156XthNhpqH69Odh9D+AUs5lGV5BISI=; b=RJxxOr0P6DBsw46Vt2R5lbqkYKlhx4pbgjnxnpz6UmRYRBWaqTjX9J66GjW65YRLfG P/3d/E031YS3yOHhQZ7WBwpqAOFku5fF6ZZi+aipIw0gBY5iewM12yfB9vLWlsuuiu4h tWeSZjQePPbhd9E9Ey79oBOg8bQg1IPlI5uwhajVMOmtDcBnbWMt3D3TyKzwVeiwJGmI 9/1OzwwOBbD2NTwGbyYh/wp/oXuRLMy7P66EkKeKTX3TI5ccWBRLoe6Bslz8JgjvWDHX LM/c4uQonhgXo97ZaqNgLGMgESQgMVVb6pq7eTw5rnsbtziEXw4fUNLogtvQnV7qMu+U gPqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=X6bPYZfF; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id az2si5174383plb.120.2019.11.24.15.51.43; Sun, 24 Nov 2019 15:51:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=X6bPYZfF; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id AF6417FCCC; Sun, 24 Nov 2019 23:51:08 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mail.openembedded.org (Postfix) with ESMTP id 3A9CA7FC14 for ; Sun, 24 Nov 2019 23:50:49 +0000 (UTC) Received: by mail-pl1-f177.google.com with SMTP id o9so5600981plk.6 for ; Sun, 24 Nov 2019 15:50:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=PEW7uerEPvnNb3Y5lUOTrZ9R/Ta7CAony1NFCSRNZb4=; b=X6bPYZfF+eSzexiEIAqna540/MeOw6WLexic5Ye8cOsn0cpdzLREJCYgxJJtqaX5d5 XhrVVFdTfV8wIXFJMoyrx33vEKsfeXwZGTJwG9DLahlfqUXPBEPGoBlt/f2LQ6gfat9d NMtKFASR9TNBvR42uIfOMQcYLN9Qw7EMunGbJcYYIwr8uX16pWpINlqN8YVV7Pn2p9JN Y1y4NNRGyxYxKus72gyrFvprzaMkJyILKWK4YQTcl+2hqtEsiyBl/kCH+D1RLuLedmNE xmPPbL/2AS3KFBmupDs5KtpgjGrhrGVVaDZpax06fdzOCIRlFg/gj4GT7zBYGRV3aVt/ BWFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=PEW7uerEPvnNb3Y5lUOTrZ9R/Ta7CAony1NFCSRNZb4=; b=WZYMxQ48pl4LCkG0JSzkPE8wkTjRRmMz/9CNoK61BKkT9cYEgji5zgZ61gKmRFVN88 YAINUUkHH54wozdgRsLv8n0ej+8hAwVPSJMipTl4+Z0/+btqvZRzyROOHAUXhvTQ/Bcc 21Kp5U5oxknWs7XLaVLa+OYWGuyOGGjXZwYiz8JXtHcmZZPDZvoluXKs7hHULUC235gh zQzX1IglZ4l/ZbZ99HIDjdvc9Q4AC7m+mlMgYwLZLegV9te6tQ8ReiqCjp9W2+mvwk8G 910meNfXC8tR0DjqQgfWHxf5BSxnGi9XWami6pn2C0BoPJX6L+1lKFlz5MqliYJCwp19 NjCQ== X-Gm-Message-State: APjAAAW14ymYFulvGv7yctY7twdin5d7ZnA0CvlZ47j/E4CpORR182aR LyMdFh9OGN5/rrJalDnPdhZw41pq X-Received: by 2002:a17:90a:aa8f:: with SMTP id l15mr35172101pjq.52.1574639450249; Sun, 24 Nov 2019 15:50:50 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:49 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:12 -0800 Message-Id: X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 07/35] cve-update-db-native: clean up proxy handling X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton urllib handles adding proxy handlers if the proxies are set in the environment, so call bb.utils.export_proxies() to do that and remove the manual setup. (From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-core/meta/cve-update-db-native.bb | 31 +++++--------------------- 1 file changed, 5 insertions(+), 26 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 08b18f0..db1d69a 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,10 +21,12 @@ python do_populate_cve_db() { """ Update NVD database with json data feed """ - + import bb.utils import sqlite3, urllib, urllib.parse, shutil, gzip from datetime import date + bb.utils.export_proxies(d) + BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" YEAR_START = 2002 @@ -40,16 +42,6 @@ python do_populate_cve_db() { except OSError: pass - proxy = d.getVar("https_proxy") - if proxy: - # instantiate an opener but do not install it as the global - # opener unless if we're really sure it's applicable for all - # urllib requests - proxy_handler = urllib.request.ProxyHandler({'https': proxy}) - proxy_opener = urllib.request.build_opener(proxy_handler) - else: - proxy_opener = None - cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') if not os.path.isdir(db_dir): @@ -67,15 +59,7 @@ python do_populate_cve_db() { json_url = year_url + ".json.gz" # Retrieve meta last modified date - - response = None - - if proxy_opener: - response = proxy_opener.open(meta_url) - else: - req = urllib.request.Request(meta_url) - response = urllib.request.urlopen(req) - + response = urllib.request.urlopen(meta_url) if response: for l in response.read().decode("utf-8").splitlines(): key, value = l.split(":", 1) @@ -95,12 +79,7 @@ python do_populate_cve_db() { # Update db with current year json file try: - if proxy_opener: - response = proxy_opener.open(json_url) - else: - req = urllib.request.Request(json_url) - response = urllib.request.urlopen(req) - + response = urllib.request.urlopen(json_url) if response: update_db(c, gzip.decompress(response.read()).decode('utf-8')) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) From patchwork Sun Nov 24 23:50:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180139 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443517ilf; Sun, 24 Nov 2019 15:51:51 -0800 (PST) X-Google-Smtp-Source: APXvYqw29Q8jPdAfz0SSHuJPnwsMjmsDEgqiv8lYILKZUQSGkYX9snt2g7w/TwIQdi6IUQZCMPxA X-Received: by 2002:a17:90a:c2:: with SMTP id v2mr34777215pjd.19.1574639511679; Sun, 24 Nov 2019 15:51:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639511; cv=none; d=google.com; s=arc-20160816; b=aj3RObmwLyGDk4pdySnKtKEy3S8Vk4CJWBdDGF15l/2goRuzvAA587Kb21aUBmDodX hcAUlUhnVvYNo7q+JxJXCqyMR1zVnXX2AmetsomBg4w+yfSWua9IdqO030XAEouutKzl bnWH95XW7npqiE8s5ybshYnp3pyGP4LuOeeC427n1uZKMyCvaQAqtITbTZZLPA7p9e9f Fv8Kug7Efb5hZKyZ2c23HDlwC28ODePert/GhNqR/vwNnxYS9vKKTBrQCGRlTlAty5vU dHuHNwL9guZ1TBsbUw9ChD+L5LH85eOAfpsSnaHKeAfmhZlPXtTlUJu5R9zZ34NEAY0F RNAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=u1JUsLYWan8Z3e7MYkvpQUPRqj3EbRrYwOIkGOh0oqM=; b=mCdtUpnvHC0kMjSi10C3MD91lja5OtD8rDY7dNe04yTklLyqLyvUqNlK91nuIL13cX uZUGcKR/mvI8fPf/RMraTy8dtRJm9UcEbwIEO1WjkTbHyEE7x51egvc4br6aWC3cWjjN GS5DPB0tcaEVtn/+diFx1dA73Anmiu3xnux7rv6MIqfq++lXGhK2sFbNZp2aRXexGz3s g61Ydnn6PRF1oCQI4WEhOKB/jS/pMhno8EpMX/fKsW7uUgGhNOeVXtDWRyVvPWeaZ5O3 n+Aa1BEWKwi25lq1hH5PNyoRbOmE00sq+c+G8N9smGypTgmua5xQJqByxshOoT2PsQ2/ 54jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=Av9WQ2Mu; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t2si5252287pjv.97.2019.11.24.15.51.51; Sun, 24 Nov 2019 15:51:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=Av9WQ2Mu; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id DB5977FCD1; Sun, 24 Nov 2019 23:51:09 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mail.openembedded.org (Postfix) with ESMTP id 14F5D7FC5B for ; Sun, 24 Nov 2019 23:50:49 +0000 (UTC) Received: by mail-pl1-f169.google.com with SMTP id o8so1243876pls.5 for ; Sun, 24 Nov 2019 15:50:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=tjZEj4TEig4bdgdtgNoK9YnzbLGx27mq5OgwL25/zIQ=; b=Av9WQ2MuiiC9xMXGIrGXGXdK489lJxo6C/+jIGa0ZztfsmYCW7fZyxhwoCH/fTFCx1 71MD2zXeHnb5nGcTehfPl0iEpJmmOcPXjcyZniyCDoMA4AxiluaHXHjuXV3xCDuhma39 gLHeu/THP8Vf2bAMXl3S3U338A12HGTw3oa25VWFzCup9k6Pm+6b4AA+ZjQhusjyTyf6 8ilmJElNVONFcu2E0x4XEmT4TbWKAcQMC02q/Um8nWn1LhfZzOQkQDnAdakRH7N5zvdL Yi0azzOnolx/+Ra1bDZFV2TCWTw6lvF6AtnXcq9Ndy9Asr2tBOZE8ljZf1jCTvDmpPYV VnHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=tjZEj4TEig4bdgdtgNoK9YnzbLGx27mq5OgwL25/zIQ=; b=qw+b1gt4rIdTCbs/aiioJuofccTLf6GB0qF+H0XDeKWpGtSeETzf3XdO2plKmlMFH0 /x388PdJx3Z79wWRZBr/1/CXxvrl1Hx8oKHJyyEb+fUZ2fRlDZCPijsRaaMQtQePrpFt IRVzaKapnS93vuGAZ2Be2RE7Ia3EKWrrPOsdaQm0yd1gwnuMWpJHkhwtPbqeH4A7ylpi 2Uhvy/Fqqt6RSskdQU4zNzn+kOTX6q24DZht6a93IiwVcL/Em0Isoo+43K+kn1IVg7wU a0pXWRpNjVXxGFHZk7yq2/GYmDDyUFEMfGRG353vnGlyLk3nY6pZiO37fm5YxfGCwfjz am0g== X-Gm-Message-State: APjAAAVs+vuj8RX0GbPUSzYuMUdFpFTF0zB2jmzk74xj9EEd5YY4PqJT 8/7m70p5sGUeWkR4AhOAXG/u1PHl X-Received: by 2002:a17:90b:30ca:: with SMTP id hi10mr35331070pjb.143.1574639450998; Sun, 24 Nov 2019 15:50:50 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:50 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:13 -0800 Message-Id: <0d261e259f351b18ac52866792db04ceea382cc7.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 08/35] cve-check: rewrite look to fix false negatives X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton A previous optimisation was premature and resulted in false-negatives in the report. Rewrite the checking algorithm to first get the list of potential CVEs by vendor:product, then iterate through every matching CPE for that CVE to determine if the bounds match or not. By doing this in two stages we can know if we've checked every CPE, instead of accidentally breaking out of the scan too early. (From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/classes/cve-check.bbclass | 63 +++++++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 29 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 3326944..c1cbdbd 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -165,7 +165,6 @@ def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. """ - import ast, csv, tempfile, subprocess, io from distutils.version import LooseVersion cves_unpatched = [] @@ -187,68 +186,74 @@ def check_cves(d, patched_cves): cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split() import sqlite3 - db_file = d.getVar("CVE_CHECK_DB_FILE") - conn = sqlite3.connect(db_file) + db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") + conn = sqlite3.connect(db_file, uri=True) + # For each of the known product names (e.g. curl has CPEs using curl and libcurl)... for product in products: - c = conn.cursor() if ":" in product: vendor, product = product.split(":", 1) - c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR IS ?", (product, vendor)) else: - c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) + vendor = "%" - for row in c: - cve = row[0] - version_start = row[3] - operator_start = row[4] - version_end = row[5] - operator_end = row[6] + # Find all relevant CVE IDs. + for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): + cve = cverow[0] if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) # TODO: this should be in the report as 'whitelisted' patched_cves.add(cve) + continue elif cve in patched_cves: bb.note("%s has been patched" % (cve)) - else: - to_append = False + continue + + vulnerable = False + for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): + (_, _, _, version_start, operator_start, version_end, operator_end) = row + #bb.debug(2, "Evaluating row " + str(row)) + if (operator_start == '=' and pv == version_start): - to_append = True + vulnerable = True else: if operator_start: try: - to_append_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) - to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) + vulnerable_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) + vulnerable_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) - to_append_start = False + vulnerable_start = False else: - to_append_start = False + vulnerable_start = False if operator_end: try: - to_append_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) - to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) + vulnerable_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) + vulnerable_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) except: bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) - to_append_end = False + vulnerable_end = False else: - to_append_end = False + vulnerable_end = False if operator_start and operator_end: - to_append = to_append_start and to_append_end + vulnerable = vulnerable_start and vulnerable_end else: - to_append = to_append_start or to_append_end + vulnerable = vulnerable_start or vulnerable_end - if to_append: + if vulnerable: bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) cves_unpatched.append(cve) - else: - bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) - patched_cves.add(cve) + break + + if not vulnerable: + bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + # TODO: not patched but not vulnerable + patched_cves.add(cve) + conn.close() return (list(patched_cves), cves_unpatched) From patchwork Sun Nov 24 23:50:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180140 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443581ilf; Sun, 24 Nov 2019 15:51:59 -0800 (PST) X-Google-Smtp-Source: APXvYqy1sK9ASQnme+9mmoweJqLrw7DMvGWqS/AE/1k2koU2wECifvrqWNiQLUC2mCXJkC1v6fzA X-Received: by 2002:a17:90a:e28a:: with SMTP id d10mr36038877pjz.116.1574639519593; Sun, 24 Nov 2019 15:51:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639519; cv=none; d=google.com; s=arc-20160816; b=LBzVEheBI5N76o9KH9OIbxV1WmzrEttzlqYWym6oEs+nbqKfgIbksLE+lo5eZSeQ3J x5PzjNZ43lD/3XgbDMAVR/egOwzU6CxzeaVFbTBMQ7gFKojLGKMmV2r+lTQYXdfO8WuQ mHpo9Ioyo4B15cz2Oxie1y7lYY1/dsMGVdfsqRCMrD/8DvJC3Vb9fp0c7bIzkEV2zh71 SwBvugp2Ud9XjwLfEz+5c1IFmYL6fVO40JmOSPIiaW4Y0R7eZOA0FVVAo9CNJWBEAMuK mbfKgTd6A2kaWFFM8l2ZriBv+RoDG1+ne0i6ko19vOqGVQS7XPB+6Yd0E6oWQVQsXauM Oqfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=99M2GOKcW1mvXQUcKj6nnC+XrmVFvR9p3Xzqcyw05NU=; b=tDmAlzfJWbxJMFvqKOf63qG5SVoxG7cH5OEPieU3G8RNNsH82o/wWFjhK05R6mUjwV o83CIwjH9cIchDUdVHTmmKoGWiWMOh2SmbVEySQuiycCFYkpFT05eaclzGzQxyDh+SHl jNleTiAVOpDAyN3tJLGI+JkYQNXpioWHg1Fe+Qt5fyyR7/RqwHiIv+llRpJepHiZaNuD gm1dTrJPwBidmMeEYK/4mEUrjuwvgM/GZquo8P9YbhCwwEi/chluH+kM/iM9JyPqRD8S 06wzdjLypgAsoibBhNbe4xl1raBpKsLuQzRahtn51MUKSyOMTkhJEXKEVX3C8t2TRlWt u75Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=VRYaVwcf; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id i186si5833144pfc.164.2019.11.24.15.51.59; Sun, 24 Nov 2019 15:51:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=VRYaVwcf; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 2308F7FC79; Sun, 24 Nov 2019 23:51:11 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mail.openembedded.org (Postfix) with ESMTP id EA7B97FC4F for ; Sun, 24 Nov 2019 23:50:50 +0000 (UTC) Received: by mail-pj1-f50.google.com with SMTP id a10so5592914pju.10 for ; Sun, 24 Nov 2019 15:50:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=QdsOFFcf55iHwXrkU2ltyExxXfLppv7Vff65Lo+JTvI=; b=VRYaVwcf2ZzgdXA0x377nCXoQasmsGxVH2xLTZNZmobcRNi3Dci4cLMBAZJoTRD47T IlYbJDrtbGBK4/ZHh/bKl8HuUa9sRlsp9eA/jupsbwZ/PbI5JNTMQNJcCgrwy+zzAcL7 +P+9PMekWSWRcOCS4cHOu37V9uQFxB12d9UhTsH3o9+FmDRcGsG97XHk6u66Mpt+9qzH nb3c51Oiust895sfHSEbvBPQZYevlIqr3Wx4b6nwqeSavB5qdpI7yBptMNHALgeMkUA1 VbT1hfuHPCywtwKUGk/m/riF8sGqnCLvMBioawl3cVrOxZ/+fb4CrKKGdfO96jt8sbl4 M8CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=QdsOFFcf55iHwXrkU2ltyExxXfLppv7Vff65Lo+JTvI=; b=Y56FGNHz0iPfl+S/J65h1Sz1UICo1yeAh/+M5zCdfDSmd6fc7en4WXXygVp+9v9fJ6 mC+Y9uOThW3iGfkGUW7PsauR5Wl/s2znTznlXsdqwhpe6P6/DYBlyTmRmMDnMlFs7PJz cNqVwzqcbXKngdeAQOTifs1aK4qU13HF32316eu6t9kpMk2E+sEX0Q4NSNBgSCFW7ruh UKvRBwKgd2Wruk08IM3jEs80I31hpYN50PlgrGEudoWp2G80Eu4cGAmS3AnlILTOJER1 JQ7DNIUPgC1lMS9lggsEAyZI3LZA4g5RJhYVqQ4WbL/wFLDMPrElu7QnR+k9JJlBUlOF CqKg== X-Gm-Message-State: APjAAAXgIg5HhF2VKGofKRe9UCs+he3UekLFx4iJDsdNuy8L7hgzAmWL SV5W0WhvD+Ci/8yhcpN7eBRepTaB X-Received: by 2002:a17:902:b118:: with SMTP id q24mr26197603plr.232.1574639451767; Sun, 24 Nov 2019 15:50:51 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:51 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:14 -0800 Message-Id: <31a9adf5432c43f8a98b979f5f72956e1fae1592.1574639349.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 09/35] cve-check: neaten get_cve_info X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Remove obsolete Python 2 code, and use convenience methods for neatness. (From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/classes/cve-check.bbclass | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c1cbdbd..e95716d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -261,23 +261,15 @@ def check_cves(d, patched_cves): def get_cve_info(d, cves): """ Get CVE information from the database. - - Unfortunately the only way to get CVE info is set the output to - html (hard to parse) or query directly the database. """ - try: - import sqlite3 - except ImportError: - from pysqlite2 import dbapi2 as sqlite3 + import sqlite3 cve_data = {} - db_file = d.getVar("CVE_CHECK_DB_FILE") - placeholder = ",".join("?" * len(cves)) - query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholder - conn = sqlite3.connect(db_file) - cur = conn.cursor() - for row in cur.execute(query, tuple(cves)): + conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) + placeholders = ",".join("?" * len(cves)) + query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholders + for row in conn.execute(query, tuple(cves)): cve_data[row[0]] = {} cve_data[row[0]]["summary"] = row[1] cve_data[row[0]]["scorev2"] = row[2] From patchwork Sun Nov 24 23:50:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 180141 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp2443636ilf; Sun, 24 Nov 2019 15:52:06 -0800 (PST) X-Google-Smtp-Source: APXvYqz12atoKgvVGmAA4xADlI0eerr0sX6TyHF+DiYRtImsnH1GA7BcK3DZB4vRKsTLO0+0Ic7z X-Received: by 2002:a62:2b8b:: with SMTP id r133mr32166554pfr.7.1574639526844; Sun, 24 Nov 2019 15:52:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574639526; cv=none; d=google.com; s=arc-20160816; b=fBpnQmDkK24ZI8ZiOEpyhvpdAYaqmfud74F+2dBv87ucXo22LUUqC7Lv4bKOHWQNwt /MBF7Jecevdq5hKjIjcjFHIyF+exSanqmBJgFm4h/Ez7cJ5dKopPA/5wMm5BIy2HxiOn zBUXPOTtoD/u/x03Zo9nQ2JB83QcZRdvkhHr55FI6uO3poRYjT9C4kjeXWg+jREmmfKC zbqIEEgk4e38MGQvVy6Df4hl+5Xz7PKkStHevm++vcIf+Dc8xXCKNGUyBC+hpMjWwgP0 kqYQNWe4T0HwpY4QJlmFAXCPZCBCGztcMadBPSUxBBxCBaGcjYc6DzAy55Wsllm+oBXp zAWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=guDzzgQlfOonNA+HR11qRKdGCKH5kFz2wfii7Q92M8I=; b=GefaTXGH2pDHf2AW9Q+hIsbv+oDfvoONUdMyOinZcuUHi7s5mwpbcUAD0wYMeL6vsM GG0nG035xCELaJf5XhCNNN9ActDV/LbSHpzH8RMucxLv7HSMBVpDP8dLiDdJoddsu/yb 2rsdmWuw4Uaj+XxhftwOgtzNcGKbMBkPNaoCmWzIwwxuv46WAzazMG/ZfWO+m2D0Corx DdmmpP1KWK14UuF9DH0LxNA+AY1UY47lxk40huTEOXocJmnp5dviirx9gdBLWvF/aS4Q GmGnZxNavWoM42EcW/Mr8a4aaoHGMxYwkYKTE7kHi76TQeiuiCOby1BpzLjoo+e9EkZf wC6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="AUBnaeh/"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id k30si5827517pgi.217.2019.11.24.15.52.06; Sun, 24 Nov 2019 15:52:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="AUBnaeh/"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id A83F07FCA3; Sun, 24 Nov 2019 23:51:12 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pj1-f66.google.com (mail-pj1-f66.google.com [209.85.216.66]) by mail.openembedded.org (Postfix) with ESMTP id 20AA47FC0D for ; Sun, 24 Nov 2019 23:50:52 +0000 (UTC) Received: by mail-pj1-f66.google.com with SMTP id v93so2337856pjb.6 for ; Sun, 24 Nov 2019 15:50:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=CTKHuYIdlGI1K3BGETzGGNJ3x3TD6nzJoEQ5WbWUBUo=; b=AUBnaeh//3Y6CGypebfnutQYuAr1kjaXt/Nr5sq+vWFdrSpDtJBU9FifzDCxaIy0XH TvpZHihaw1jxrWqrl3aMNcyW5a3zZSyL6hSp2zWBlYeKyOcv0aK6/k+aoSO72gYwiB32 mCUkNALZTrvKnDpn5zTH2CVjiEGx1HT7uJ3TC7J4T6GOnDHzAclQ3Yz4hDG+1wcer78y aEMFaO/Sy/Ip6VcOHeavYmi1/Sr18yvq3Ww2u8qBUtm3FhWANw8nSYHWutu3SGcc4PxP e3ACpEeuQlV0U2zsViMEeiSjfjYcvu0itOHqe8id7WZuy+keS9nRgv6/u2mUVB/q0tJW 3hFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=CTKHuYIdlGI1K3BGETzGGNJ3x3TD6nzJoEQ5WbWUBUo=; b=l06xsK4QmnjbtoBTJIKhOuR8ZN+rYA/wfI6PyRBOXe1Nga1v4AvwqIsAMq7xUS1R0g 6MvPF3NSVnHWdMVCMm9TYK2pWqITqM+CXMRhlpwwq/IwI7Qjsie3+w4rPClm+dgg4rwL YAXWHVKT9PXIoJdIAlyTeruLdO5DOPJ9Pxi0mZkRr6aitkfkBPWb7fpAPqg4NRzjgS61 ZCBQgliyiiik57DhIx4CwtCa6KHAYUNdU3Bia5IMilua2pZCfyLXRKuR95zh78vEfxPc HpSD52IN8F+kLlvfKN+JaDKT8rtBOOoagsNUBV0uAx/UgLLgMqRq57xrb2qqma4GgGcq s70A== X-Gm-Message-State: APjAAAVlwX3UTe9mtKO/ysPaCDlrLsuuORry5doflD3M9yAiaoVEQ5i7 47Qa+OPyrVyOhq6Msc8QFCCDWONB X-Received: by 2002:a17:902:6b47:: with SMTP id g7mr25829858plt.87.1574639453006; Sun, 24 Nov 2019 15:50:53 -0800 (PST) Received: from akuster-ThinkPad-T460s.hsd1.ca.comcast.net ([2601:202:4180:a5c0:69ac:e4d2:e89f:98da]) by smtp.gmail.com with ESMTPSA id q200sm5619783pfq.87.2019.11.24.15.50.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 24 Nov 2019 15:50:52 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Sun, 24 Nov 2019 15:50:15 -0800 Message-Id: X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 10/35] cve-check: fetch CVE data once at a time instead of in a single call X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 250000. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/classes/cve-check.bbclass | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index e95716d..19ed554 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -267,17 +267,17 @@ def get_cve_info(d, cves): cve_data = {} conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) - placeholders = ",".join("?" * len(cves)) - query = "SELECT * FROM NVD WHERE id IN (%s)" % placeholders - for row in conn.execute(query, tuple(cves)): - cve_data[row[0]] = {} - cve_data[row[0]]["summary"] = row[1] - cve_data[row[0]]["scorev2"] = row[2] - cve_data[row[0]]["scorev3"] = row[3] - cve_data[row[0]]["modified"] = row[4] - cve_data[row[0]]["vector"] = row[5] - conn.close() + for cve in cves: + for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): + cve_data[row[0]] = {} + cve_data[row[0]]["summary"] = row[1] + cve_data[row[0]]["scorev2"] = row[2] + cve_data[row[0]]["scorev3"] = row[3] + cve_data[row[0]]["modified"] = row[4] + cve_data[row[0]]["vector"] = row[5] + + conn.close() return cve_data def cve_write_data(d, patched, unpatched, cve_data):