[OE-core] [PATCH 0/3] Add initial capability to check CVEs for recipes

Mariano Lopez mariano.lopez at linux.intel.com
Thu Feb 25 17:22:23 UTC 2016 


On 02/25/2016 10:27 AM, akuster wrote:
>   So my questions in the bugs go unanswered. If you don't ever intend on
> responding just say so, I do appreciate honestly. I then know where I stand.
>
> - armin

Sorry, for not answered the bug earlier, to be honest I hadn't seen your 
comment earlier.

I just replied to the bug.

Mariano

>
> On 02/24/2016 07:27 AM, mariano.lopez at linux.intel.com wrote:
>> From: Mariano Lopez <mariano.lopez at linux.intel.com>
>>
>> This series add the cve-check-tool recipe, a tool used to identify
>> potentially vulnerable software through version matching. It will
>> check if a vulnerability has been addressed by a patch.
>>
>> Also add the new cve-check class that will add a task for all recipes
>> to check for CVEs using cve-check-tool. This tool can be used by recipe,
>> image (will generate an image report in deploy dir), and with "world"
>> and "universe"
>>
>> To run it just inherit the class and enter:
>>
>> bitbake -c cve_check <recipe>
>>
>> The following changes since commit 23056103c949b498c23b47579e8dd57ce78e6ed9:
>>
>>    uclibc: Do not use immediate expansion operator (2016-02-22 20:42:48 +0000)
>>
>> are available in the git repository at:
>>
>>    git://git.yoctoproject.org/poky-contrib mariano/bug7515
>>    http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mariano/bug7515
>>
>> Mariano Lopez (3):
>>    cve-check-tool: Add recipe
>>    cve-check-tool patch to allow select dir for the db
>>    cve-check.bbclass: Add class
>>
>>   meta/classes/cve-check.bbclass                     | 229 +++++++++++++++++++++
>>   .../change_logic_cve_get_file_parent.patch         |  45 ++++
>>   .../cve-check-tool/cve-check-tool_5.6.bb           |  61 ++++++
>>   3 files changed, 335 insertions(+)
>>   create mode 100644 meta/classes/cve-check.bbclass
>>   create mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool/change_logic_cve_get_file_parent.patch
>>   create mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.bb
>>

-- 
Mariano Lopez

More information about the Openembedded-core mailing list