CVE checking in OE didn't work as do_populate_cve_db failed with the following
error message.
[snip]/downloads/CVE_CHECK/nvdcve-2.0-2002.xml is not consistent
Backport a patch to fix this error.
(From OE-Core rev: ee55b5685aaa4be92d6d51f8641a559d4e34ce64)
(From OE-Core rev: e0f0a7283c597e783b69aac2c8e8a7663b70262d)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Native libcurl looks for CA certs in the wrong place by
default.
* Add patch that allows overriding the default CA certificate
location. Patch is originally from meta-security-isafw.
* Use the new --cacert to set the correct CA bundle path
(From OE-Core rev: 73bd11d5190a072064128cc13b4537154d07b129)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Use --enable-relative-plugins so cve-check-tool looks for
loadable modules relative to binary location instead of
hard-coding a wrong sysroot location
* do_populate_cve_db() assumes that the binary cve-check-update is in
the sysroot. Ensure that this is true by adding a task dependency
(From OE-Core rev: 2da6b01893d0afe8750bd0b12a8d55aafa82f58c)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We add a patch to report the progress, and at the same time
inform bitbake that progress can be extracted via the simple
'percent' progress handler.
(From OE-Core rev: 145a29ca99d9fec5eff97d77c8cff6356fe88ba5)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This will allow us to easily incorporate progress support
via bb.process.run()
(From OE-Core rev: 1bf0137ac84e5d324fd84dadfa962fbc166b5d4b)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check-tool is a program for public CVEs checking.
This tool also seek to determine if a vulnerability has
been addressed by a patch.
The recipe also includes the do_populate_cve_db task
that will populate the database used by the tool.
[YOCTO #7515]
(From OE-Core rev: 5deadfe634638b99420342950bc544547f7121dc)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi
Jussi Kukkonen
Alexander Kanavin
André Draszik
Mariano Lopez