Commits · master · Max Rees / cve-check-tool

29 Sep, 2019 2 commits
- Update test suite for JSON-based APIs · 8993c1e6
  Max Rees authored Sep 29, 2019
  
  8993c1e6
- Migrate to NVD JSON Feed 1.0 · e6443ff4
  Slava Aseev authored Jun 21, 2019
  
  e6443ff4
31 Jul, 2019 1 commit
- Use gboolean instead of bool for CLI options so that they actually work · 212f1893
  Max Rees authored Jul 30, 2019
  
  212f1893
29 Jul, 2019 1 commit
- cli: do not exit loop early · 30947a2a
  Max Rees authored Jul 29, 2019
```
Otherwise only the first package's details are shown
```
  30947a2a
24 Jul, 2019 2 commits
- Add APKBUILD tests · 6d312e20
  Max Rees authored Jul 24, 2019
```
Currently, the following behavior is not tested:
* Specifying an alternate name in the "# secfixes:" comment
```
  6d312e20
- Add initial APKBUILD support for APK-based distros · abb93f63
  Max Rees authored Jul 24, 2019
```
Signed-off-by: Max Rees <maxcrees@me.com>
```
  abb93f63
21 Apr, 2017 3 commits

Merge pull request #62 from popovich-sergei/master · cbc2d0e4
Ikey Doherty authored Apr 21, 2017
```
update: Compare computed vs expected sha256 digit string ignoring case
```
cbc2d0e4
Merge pull request #61 from petermarko/fix/sqlite-free · b2055811
Ikey Doherty authored Apr 21, 2017
```
Fix freeing memory allocated by sqlite
```
b2055811

update: Compare computed vs expected sha256 digit string ignoring case · b0426e63

Sergey Popovich authored Apr 21, 2017

We produce sha256 digest string using %x snprintf()
qualifier for each byte of digest which uses alphabetic
characters from "a" to "f" in lower case to represent
integer values from 10 to 15.

Previously all of the NVD META files supply sha256
digest string for corresponding XML file in lower case.

However due to some reason this changed recently to
provide digest digits in upper case causing fetched
data consistency checks to fail. This prevents database
from being updated periodically.

While commit c4f6e945

 (update: Do not treat sha256 failure
as fatal if requested) adds useful option to skip
digest validation at all and thus provides workaround for
this situation, it might be unacceptable for some
deployments where we need to ensure that downloaded
data is consistent before start parsing it and update
SQLite database.

Use strcasecmp() to compare two digest strings case
insensitively and addressing this case.
Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>

b0426e63

13 Apr, 2017 1 commit
- Fix freeing memory allocated by sqlite · 27bd5b6c
  Peter Marko authored Apr 13, 2017
  
  27bd5b6c
23 Feb, 2017 1 commit

update: Do not treat sha256 failure as fatal if requested · c4f6e945

Ikey Doherty authored Feb 23, 2017

The NVD database is known to have issues during early morning whereby
the meta files don't actually match the sha256 of the target xml feed.
This has caused problems for some users of cve-check-tool, so in this
case we will now continue as if nothing fatal had happened if we find
the CVE_SKIP_VERIFY variable in the environment.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>

c4f6e945

16 Feb, 2017 10 commits
- Merge pull request #58 from ikeydoherty/cleanup · dde1eb49
  Ikey Doherty authored Feb 16, 2017
```
Cleanup
```
  dde1eb49
- Fix distcheck in accordance with single-makefile ruling · 1f22d3f1
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  1f22d3f1
- travis: Disable valgrind check for now. Glib is fundamentally bork. · 71e99f8c
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  71e99f8c
- test-init: Adapt to the new .so location · 7c227c35
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  7c227c35
- Convert build system to a single Makefile · 35105b6e
  Ikey Doherty authored Feb 16, 2017
```
This alleviates issues with flags not propogating to the plugins which
in turn leads to undefined symbols when coverage is enabled during the
test suites.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  35105b6e
- library: Fix compiler error due to missing string.h include · 70d2e5fe
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  70d2e5fe
- Reformat the entire codebase with clang-format-3.8 · 9535e88b
  Ikey Doherty authored Feb 16, 2017
```
This is now a hard requirement for current pull requests
to ensure we don't walk back into this messy codebase
situation again.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  9535e88b
- clang-format: Compensate for spaghetti lines with 120 column limit · 6803d93b
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  6803d93b
- Integrate Travis into cve-check-tool (and coveralls) · 081d70d2
  Ikey Doherty authored Feb 16, 2017
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  081d70d2
- Merge pull request #57 from tudor84/version-mapping · af63e808
  Ikey Doherty authored Feb 16, 2017
```
version mapping support
```
  af63e808
08 Oct, 2016 1 commit
- version mapping support · 13ec561b
  Tudor C authored Oct 08, 2016
  
  13ec561b
01 Sep, 2016 1 commit
- Added the package version to the report · 95ff109e
  olivia.popa authored Aug 29, 2016
  
  95ff109e
26 Aug, 2016 1 commit

Workaround broken glib header files · 72e272dd

Ikey Doherty authored Aug 26, 2016

Current glib versions causes build failures with GCC6 when using -Wpedantic,
so we ensure this is now non-fatal until it is resolved.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>

72e272dd

23 Aug, 2016 5 commits

Incorporate the CI files for clang-format again to restore code hygiene · 94de8468
Ikey Doherty authored Aug 23, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
94de8468

curl: allow overriding default CA certificate file · 0cd58105

Patrick Ohly authored Jul 06, 2016



Similar to curl, --cacert can now be used in cve-check-tool and
cve-check-update to override the default CA certificate file. Useful
in cases where the system default is unsuitable (for example,
out-dated) or broken (as in OE's current native libcurl, which embeds
a path string from one build host and then uses it on another although
the right path may have become something different).
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

---
Rebased due to conflicts
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>

0cd58105

Merge pull request #47 from tudor84/legacy-tool-frac-compare · df34941a
Ikey Doherty authored Aug 22, 2016
```
CVE version string fractional compare
```
df34941a
Merge pull request #49 from kraj/legacy-tool · 9cfc3928
Ikey Doherty authored Aug 22, 2016
```
Check for malloc_trim before using it
```
9cfc3928

Check for malloc_trim before using it · ce85afab

Khem Raj authored Aug 22, 2016



malloc_trim is gnu specific and not all libc
implement it, threfore write a configure check
to poke for it first and use the define to
guard its use.

Helps in compiling on musl based systems
Signed-off-by: Khem Raj <raj.khem@gmail.com>

ce85afab

08 Aug, 2016 1 commit
- CVE version string fractional compare · 9f28f739
  Tudor C authored Aug 08, 2016
  
  9f28f739
18 Apr, 2016 4 commits
- Add missing includes for CentOS 7 · 73341e97
  Ikey Doherty authored Apr 18, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  73341e97
- Release v5.6.4 · a225dea4
  Ikey Doherty authored Apr 18, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  a225dea4
- fetch: Follow HTTP redirects due to recent NVD issue · c687f56a
  Ikey Doherty authored Apr 18, 2016
```
Now this is the last change on this branch.. Work will now be happening on
the `2` branch to clean everything up.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  c687f56a
- update: Fix URI to reflect new NVD location, last fix in this branch · 92dd72f8
  Ikey Doherty authored Apr 18, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  92dd72f8
11 Mar, 2016 3 commits

Release v5.6.3 · 8ca596f7
Ikey Doherty authored Mar 11, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
8ca596f7
Fix distcheck · 8c4bb04b
Ikey Doherty authored Mar 11, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
8c4bb04b

Enable relative plugin locations · 7b94a482

Ikey Doherty authored Mar 11, 2016

This allows finer integration into ISAFW, in that cve-check-tool will be
installed in a "syroot" mode, not a "host" mode. In this mode, cve-check-tool
will search for the directories ../lib/cve-check-tool and ../lib64/cve-check-tool
relative to it's main binary for the modules, in addition to the normal
host directory.

Note that this behaviour is disabled by default, as it's not meant to be used
in native-installed deployments due to the nature of forming .so loading paths
relative to /proc/self/exe.
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>

7b94a482

01 Mar, 2016 2 commits
- Make clang and ancient gcc happy (issue #37) · 15be7fdc
  Ikey Doherty authored Mar 01, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  15be7fdc
- Build all modules in the same directory, per issue #38 · f682399e
  Ikey Doherty authored Mar 01, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  f682399e
22 Feb, 2016 1 commit
- cli: Fix erronous return · 321ca319
  Ikey Doherty authored Feb 22, 2016
```
Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
```
  321ca319