Home
last modified time | relevance | path

Searched refs:cve (Results 1 – 25 of 80) sorted by relevance

1234

/openbmc/openbmc/poky/meta/classes/
H A Dcve-check.bbclass14 # CVE found and generate a file in the recipe WORKDIR/cve
39 CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
40 CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
41 CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
42 CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
44 CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
46 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
83 # All possible CVE statuses could be found in cve-check-map.conf
106 for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
107 d.setVarFlag("CVE_STATUS", cve, "ignored")
[all …]
H A Dvex.bbclass17 # the cve-check class
29 CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
31 CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
32 CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
34 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
57 # All possible CVE statuses could be found in cve-check-map.conf
76 if bb.data.inherits_class("cve-check", d):
77 …raise bb.parse.SkipRecipe("Skipping recipe: found incompatible combination of cve-check and vex en…
83 for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
84 d.setVarFlag("CVE_STATUS", cve, "ignored")
[all …]
/openbmc/openbmc/poky/meta/recipes-core/meta/
H A Dcve-update-nvd2-native.bb42 if not bb.data.inherits_class("cve-check", d):
43 raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
240 for cve in data["vulnerabilities"]:
241 update_db(conn, cve)
340 cveId = elt['cve']['id']
341 if elt['cve']['vulnStatus'] == "Rejected":
348 for desc in elt['cve']['descriptions']:
351 date = elt['cve']['lastModified']
353 accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
354 vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
[all …]
/openbmc/openbmc/poky/meta/recipes-extended/unzip/
H A Dunzip_6.0.bb13 file://cve-2014-9636.patch \
14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \
20 file://18-cve-2014-9913-unzip-buffer-overflow.patch \
21 file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
/openbmc/openbmc/poky/meta/recipes-kernel/linux/
H A Dgenerate-cve-exclusions.py58 for cve, data in cve_data.items():
78 if cve in stream_data:
79 backport_data = stream_data[cve]
H A Dlinux-yocto_6.6.bb6 include recipes-kernel/linux/cve-exclusion.inc
7 include recipes-kernel/linux/cve-exclusion_6.6.inc
/openbmc/openbmc/poky/documentation/migration-guides/
H A Drelease-notes-4.0.2.rst39 - cve-check.bbclass: Added do_populate_sdk[recrdeptask].
40 - cve-check: Add helper for symlink handling
41 - cve-check: Allow warnings to be disabled
42 - cve-check: Fix report generation
43 - cve-check: Only include installed packages for rootfs manifest
44 - cve-check: add support for Ignored CVEs
45 - cve-check: fix return type in check_cves
46 - cve-check: move update_symlinks to a library
47 - cve-check: write empty fragment files in the text mode
48 - cve-extra-exclusions: Add kernel CVEs
[all …]
H A Drelease-notes-4.3.4.rst41 - cve-check: Log if :term:`CVE_STATUS` set but not reported for component
42 - cve-update-nvd2-native: Add an age threshold for incremental update
43 - cve-update-nvd2-native: Fix CVE configuration update
44 - cve-update-nvd2-native: Fix typo in comment
45 - cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
46 - cve-update-nvd2-native: Remove rejected CVE from database
47 - cve-update-nvd2-native: nvd_request_next: Improve comment
H A Drelease-notes-4.0.18.rst35 - cve-update-nvd2-native: Add an age threshold for incremental update
36 - cve-update-nvd2-native: Fix CVE configuration update
37 - cve-update-nvd2-native: Fix typo in comment
38 - cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
39 - cve-update-nvd2-native: Remove rejected CVE from database
40 - cve-update-nvd2-native: nvd_request_next: Improve comment
H A Drelease-notes-4.0.12.rst48 - cve-update-nvd2-native: actually use API keys
49 - cve-update-nvd2-native: always pass str for json.loads()
50 - cve-update-nvd2-native: fix cvssV3 metrics
51 - cve-update-nvd2-native: handle all configuration nodes, not just first
52 - cve-update-nvd2-native: increase retry count
53 - cve-update-nvd2-native: log a little more
54 - cve-update-nvd2-native: retry all errors and sleep between retries
55 - cve-update-nvd2-native: use exact times, don't truncate
H A Drelease-notes-4.2.3.rst41 - cve-update-nvd2-native: actually use API keys
42 - cve-update-nvd2-native: fix cvssV3 metrics
43 - cve-update-nvd2-native: handle all configuration nodes, not just first
44 - cve-update-nvd2-native: increase retry count
45 - cve-update-nvd2-native: log a little more
46 - cve-update-nvd2-native: retry all errors and sleep between retries
47 - cve-update-nvd2-native: use exact times, don't truncate
H A Dmigration-3.0.rst51 - ``cve-check-tool``: Functionally replaced by the ``cve-update-db``
52 recipe and :ref:`ref-classes-cve-check` class.
141 .. _migration-3.0-cve-checking:
146 ``cve-check-tool`` has been functionally replaced by a new
147 ``cve-update-db`` recipe and functionality built into the :ref:`ref-classes-cve-check`
149 XML feeds that ``cve-check-tool`` was using, supports CVSSv3 scoring,
H A Drelease-notes-4.0.1.rst32 - cve-check: add JSON format to summary output
33 - cve-check: fix symlinks where link and output path are equal
34 - cve-check: no need to depend on the fetch task
35 - cve-update-db-native: let the user to drive the update interval
36 - cve-update-db-native: update the CVE database once a day only
40 - docs: conf.py: fix cve extlinks caption for sphinx <4.0
H A Drelease-notes-4.3.2.rst39 - cve-update-nvd2-native: faster requests with API keys
40 - cve-update-nvd2-native: increase the delay between subsequent request failures
41 - cve-update-nvd2-native: make number of fetch attemtps configurable
42 - cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
91 - linux/cve-exclusion6.1: Update to latest kernel point release
H A Drelease-notes-4.0.15.rst43 - cve-check: don't warn if a patch is remote
44 - cve-check: slightly more verbose warning when adding the same package twice
45 - cve-check: sort the package list in the JSON report
46 - cve-exclusion_5.10.inc: update for 5.10.202
H A Drelease-notes-4.0.16.rst41 - cve-update-nvd2-native: faster requests with API keys
42 - cve-update-nvd2-native: increase the delay between subsequent request failures
43 - cve-update-nvd2-native: make number of fetch attemtps configurable
44 - cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
H A Drelease-notes-5.1.1.rst41 - cve-check: add field "modified" to JSON report
42 - cve-check: add support for cvss v4.0
43 - cve-check: do not skip cve status description after :
44 - cve-check: fix malformed cve status description with : characters
59 - documentation: conf.py: rename :cve: role to :cve_nist:
H A Drelease-notes-4.0.7.rst49 - cve-check: write the cve manifest to IMGDEPLOYDIR
50 - cve-update-db-native: avoid incomplete updates
51 - cve-update-db-native: show IP on failure
/openbmc/openbmc/poky/meta/lib/oe/
H A Dcve_check.py292 def decode_cve_status(d, cve): argument
296 status = d.getVarFlag("CVE_STATUS", cve)
316 % (cve, status)
332 % (detail, cve, status)
/openbmc/docs/security/
H A Dhow-to-report-a-security-vulnerability.md72 [cve]: http://cve.mitre.org/about/index.html
77 [cve numbering authority (cna)]: https://www.cve.org/ProgramOrganization/CNAs
/openbmc/openbmc/poky/documentation/dev-manual/
H A Dvulnerabilities.rst31 :ref:`ref-classes-cve-check` in the specific image or target you are building,
34 INHERIT += "cve-check"
40 include conf/distro/include/cve-extra-exclusions.inc
65 found in ``build/tmp/deploy/cve``.
69 $ cat poky/build/tmp/deploy/cve/flex-native
93 generated in textual and JSON formats. These ``.cve`` and ``.json`` reports can be found
98 …93), for more information check /poky/build/tmp/work/core2-64-poky-linux/flex/2.6.4-r0/temp/cve.log
99 …or more information check /poky/build/tmp/work/core2-64-poky-linux/libarchive/3.5.1-r0/temp/cve.log
108 By default, :ref:`ref-classes-cve-check` uses the recipe name :term:`BPN` as CVE
191 For the correct operations of the ``cve-check``, it requires the CVE
[all …]
/openbmc/openbmc/poky/meta/lib/patchtest/tests/
H A Dtest_patch.py121 if patchtest_patterns.cve.search_string(
123 ) or patchtest_patterns.cve.search_string(commit.commit_message):
/openbmc/openbmc/poky/meta/conf/distro/include/
H A Dcve-extra-exclusions.inc8 # from the cve-check results or add to the bitbake command with:
9 # -R conf/distro/include/cve-extra-exclusions.inc
56 # Kernel CVEs that are generic but can't be added to the kernel's hand-maintained cve-exclusion.inc
57 # or machine-maintained cve-exclusion_VERSION.inc files, such as issues that describe TCP/IP design
/openbmc/docs/
H A DSECURITY.md57 [cve]: http://cve.mitre.org/about/index.html
/openbmc/u-boot/doc/device-tree-bindings/clock/
H A Dnvidia,tegra20-car.txt78 49 unassigned (register bit affects tvo and cve)
134 103 cve

1234