openembedded-core.git/meta/recipes-devtools/cve-check-tool, branch master Mirror of openembedded-core cve-check-tool: Use CA cert bundle in correct sysroot 2017-02-15T17:29:42+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2017-02-09T19:38:33+00:00 73bd11d5190a072064128cc13b4537154d07b129 Native libcurl looks for CA certs in the wrong place by default. * Add patch that allows overriding the default CA certificate location. Patch is originally from meta-security-isafw. * Use the new --cacert to set the correct CA bundle path Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Native libcurl looks for CA certs in the wrong place by
default.
* Add patch that allows overriding the default CA certificate
  location. Patch is originally from meta-security-isafw.
* Use the new --cacert to set the correct CA bundle path

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
cve-check-tool: Fixes for recipe sysroots 2017-02-15T17:29:42+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2017-02-09T19:38:32+00:00 2da6b01893d0afe8750bd0b12a8d55aafa82f58c * Use --enable-relative-plugins so cve-check-tool looks for loadable modules relative to binary location instead of hard-coding a wrong sysroot location * do_populate_cve_db() assumes that the binary cve-check-update is in the sysroot. Ensure that this is true by adding a task dependency Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
* Use --enable-relative-plugins so cve-check-tool looks for
  loadable modules relative to binary location instead of
  hard-coding a wrong sysroot location
* do_populate_cve_db() assumes that the binary cve-check-update is in
  the sysroot. Ensure that this is true by adding a task dependency

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
cve-check-tool: fix upstream version check 2016-10-28T10:27:33+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2016-10-18T12:11:49+00:00 4f96180ef525ad2b2cad935bd7253a5a0a079ff4 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
cve-check-tool: report progress when downloading CVE database 2016-09-28T14:02:14+00:00 André Draszik git@andred.net 2016-09-28T12:05:45+00:00 145a29ca99d9fec5eff97d77c8cff6356fe88ba5 We add a patch to report the progress, and at the same time inform bitbake that progress can be extracted via the simple 'percent' progress handler. Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We add a patch to report the progress, and at the same time
inform bitbake that progress can be extracted via the simple
'percent' progress handler.

Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check-tool: convert do_populate_cve_db() from python to sh 2016-09-28T14:02:14+00:00 André Draszik git@andred.net 2016-09-28T12:05:44+00:00 1bf0137ac84e5d324fd84dadfa962fbc166b5d4b This will allow us to easily incorporate progress support via bb.process.run() Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This will allow us to easily incorporate progress support
via bb.process.run()

Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check-tool: Add recipe 2016-09-16T14:15:32+00:00 Mariano Lopez mariano.lopez@linux.intel.com 2016-08-24T18:58:34+00:00 5deadfe634638b99420342950bc544547f7121dc cve-check-tool is a program for public CVEs checking. This tool also seek to determine if a vulnerability has been addressed by a patch. The recipe also includes the do_populate_cve_db task that will populate the database used by the tool. [YOCTO #7515] Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
cve-check-tool is a program for public CVEs checking.
This tool also seek to determine if a vulnerability has
been addressed by a patch.

The recipe also includes the do_populate_cve_db task
that will populate the database used by the tool.

[YOCTO #7515]

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>