Home
last modified time | relevance | path

Searched refs:cve (Results 1 – 25 of 85) sorted by relevance

1234

/openbmc/openbmc/poky/meta/classes/
H A Dcve-check.bbclass14 # CVE found and generate a file in the recipe WORKDIR/cve
39 CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else '
44 CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
45 CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
46 CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
47 CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
49 CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
51 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
88 # All possible CVE statuses could be found in cve-check-map.conf
260 def cve_is_ignored(d, cve_data, cve):
[all …]
H A Dvex.bbclass17 # the cve-check class
29 CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
31 CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
32 CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
34 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
57 # All possible CVE statuses could be found in cve-check-map.conf
76 if bb.data.inherits_class("cve-check", d):
77 …raise bb.parse.SkipRecipe("Skipping recipe: found incompatible combination of cve-check and vex en…
117 json_summary_name = os.path.join(cvelogpath, "cve-summary-%s.json" % (timestamp))
200 bb.warn("Missing cve file for %s" % pkg)
[all …]
/openbmc/openbmc/poky/meta/recipes-extended/ltp/ltp/
H A D0001-cve-2015-3290-Disable-AVX-for-x86_64.patch4 Subject: [PATCH] cve-2015-3290: Disable AVX for x86_64
20 testcases/cve/Makefile | 6 ++++++
23 diff --git a/testcases/cve/Makefile b/testcases/cve/Makefile
25 --- a/testcases/cve/Makefile
26 +++ b/testcases/cve/Makefile
34 cve-2015-3290: CFLAGS += -pthread -fomit-frame-pointer
36 +cve-2015-3290: CFLAGS += -mno-avx
/openbmc/openbmc/poky/meta/recipes-core/meta/
H A Dcve-update-nvd2-native.bb42 if not bb.data.inherits_class("cve-check", d):
43 raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
243 for cve in data["vulnerabilities"]:
244 update_db(conn, cve)
343 cveId = elt['cve']['id']
344 if elt['cve'].get('vulnStatus') == "Rejected":
351 for desc in elt['cve']['descriptions']:
354 date = elt['cve']['lastModified']
356 accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
357 vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
[all …]
/openbmc/openbmc/poky/meta/recipes-extended/unzip/
H A Dunzip_6.0.bb13 file://cve-2014-9636.patch \
14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \
20 file://18-cve-2014-9913-unzip-buffer-overflow.patch \
21 file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
/openbmc/openbmc/poky/meta/lib/oe/
H A Dcve_check.py294 def decode_cve_status(d, cve): argument
298 status = d.getVarFlag("CVE_STATUS", cve)
318 % (cve, status)
334 % (detail, cve, status)
368 for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
369 d.setVarFlag("CVE_STATUS", cve, "ignored")
375 for cve in cve_group.split():
376 d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
/openbmc/openbmc/poky/documentation/migration-guides/
H A Drelease-notes-4.0.2.rst39 - cve-check.bbclass: Added do_populate_sdk[recrdeptask].
40 - cve-check: Add helper for symlink handling
41 - cve-check: Allow warnings to be disabled
42 - cve-check: Fix report generation
43 - cve-check: Only include installed packages for rootfs manifest
44 - cve-check: add support for Ignored CVEs
45 - cve-check: fix return type in check_cves
46 - cve-check: move update_symlinks to a library
47 - cve-check: write empty fragment files in the text mode
48 - cve-extra-exclusions: Add kernel CVEs
[all …]
H A Drelease-notes-4.3.4.rst41 - cve-check: Log if :term:`CVE_STATUS` set but not reported for component
42 - cve-update-nvd2-native: Add an age threshold for incremental update
43 - cve-update-nvd2-native: Fix CVE configuration update
44 - cve-update-nvd2-native: Fix typo in comment
45 - cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
46 - cve-update-nvd2-native: Remove rejected CVE from database
47 - cve-update-nvd2-native: nvd_request_next: Improve comment
H A Drelease-notes-4.0.18.rst35 - cve-update-nvd2-native: Add an age threshold for incremental update
36 - cve-update-nvd2-native: Fix CVE configuration update
37 - cve-update-nvd2-native: Fix typo in comment
38 - cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
39 - cve-update-nvd2-native: Remove rejected CVE from database
40 - cve-update-nvd2-native: nvd_request_next: Improve comment
H A Drelease-notes-4.0.12.rst48 - cve-update-nvd2-native: actually use API keys
49 - cve-update-nvd2-native: always pass str for json.loads()
50 - cve-update-nvd2-native: fix cvssV3 metrics
51 - cve-update-nvd2-native: handle all configuration nodes, not just first
52 - cve-update-nvd2-native: increase retry count
53 - cve-update-nvd2-native: log a little more
54 - cve-update-nvd2-native: retry all errors and sleep between retries
55 - cve-update-nvd2-native: use exact times, don't truncate
H A Drelease-notes-4.2.3.rst41 - cve-update-nvd2-native: actually use API keys
42 - cve-update-nvd2-native: fix cvssV3 metrics
43 - cve-update-nvd2-native: handle all configuration nodes, not just first
44 - cve-update-nvd2-native: increase retry count
45 - cve-update-nvd2-native: log a little more
46 - cve-update-nvd2-native: retry all errors and sleep between retries
47 - cve-update-nvd2-native: use exact times, don't truncate
H A Dmigration-3.0.rst51 - ``cve-check-tool``: Functionally replaced by the ``cve-update-db``
52 recipe and :ref:`ref-classes-cve-check` class.
141 .. _migration-3.0-cve-checking:
146 ``cve-check-tool`` has been functionally replaced by a new
147 ``cve-update-db`` recipe and functionality built into the :ref:`ref-classes-cve-check`
149 XML feeds that ``cve-check-tool`` was using, supports CVSSv3 scoring,
H A Drelease-notes-4.0.15.rst43 - cve-check: don't warn if a patch is remote
44 - cve-check: slightly more verbose warning when adding the same package twice
45 - cve-check: sort the package list in the JSON report
46 - cve-exclusion_5.10.inc: update for 5.10.202
H A Drelease-notes-4.0.16.rst41 - cve-update-nvd2-native: faster requests with API keys
42 - cve-update-nvd2-native: increase the delay between subsequent request failures
43 - cve-update-nvd2-native: make number of fetch attemtps configurable
44 - cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
H A Drelease-notes-4.3.2.rst39 - cve-update-nvd2-native: faster requests with API keys
40 - cve-update-nvd2-native: increase the delay between subsequent request failures
41 - cve-update-nvd2-native: make number of fetch attemtps configurable
42 - cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
91 - linux/cve-exclusion6.1: Update to latest kernel point release
H A Drelease-notes-4.0.1.rst32 - cve-check: add JSON format to summary output
33 - cve-check: fix symlinks where link and output path are equal
34 - cve-check: no need to depend on the fetch task
35 - cve-update-db-native: let the user to drive the update interval
36 - cve-update-db-native: update the CVE database once a day only
40 - docs: conf.py: fix cve extlinks caption for sphinx <4.0
/openbmc/openbmc/poky/meta/recipes-kernel/linux/
H A Dgenerate-cve-exclusions.py122 cve = cve_file[cve_file.rfind("/")+1:cve_file.rfind(".json")]
124 year = cve.split("-")[1]
H A Dlinux-yocto-tiny_6.12.bb9 include recipes-kernel/linux/cve-exclusion_6.12.inc
/openbmc/docs/security/
H A Dhow-to-report-a-security-vulnerability.md72 [cve]: http://cve.mitre.org/about/index.html
77 [cve numbering authority (cna)]: https://www.cve.org/ProgramOrganization/CNAs
/openbmc/openbmc/poky/meta/lib/patchtest/tests/
H A Dtest_patch.py121 if patchtest_patterns.cve.search_string(
123 ) or patchtest_patterns.cve.search_string(commit.commit_message):
/openbmc/openbmc/poky/meta/conf/distro/include/
H A Dcve-extra-exclusions.inc8 # from the cve-check results or add to the bitbake command with:
9 # -R conf/distro/include/cve-extra-exclusions.inc
56 # Kernel CVEs that are generic but can't be added to the kernel's hand-maintained cve-exclusion.inc
57 # or machine-maintained cve-exclusion_VERSION.inc files, such as issues that describe TCP/IP design
/openbmc/docs/
H A DSECURITY.md57 [cve]: http://cve.mitre.org/about/index.html
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-connectivity/openthread/
H A Dwpantund_git.bb27 # That means cve-check can not match them. Once a new release comes we can
/openbmc/openbmc/poky/meta/recipes-multimedia/libsndfile/
H A Dlibsndfile1_1.2.2.bb12 file://cve-2022-33065.patch \
/openbmc/u-boot/doc/device-tree-bindings/clock/
H A Dnvidia,tegra20-car.txt78 49 unassigned (register bit affects tvo and cve)
134 103 cve

1234