[PATCH] vulnerabilities: update nvdcve file name

public inbox for docs@lists.yoctoproject.org
 help / color / mirror / Atom feed

* [PATCH] vulnerabilities: update nvdcve file name
@ 2025-08-24 14:53 Peter Marko
  2025-09-01  9:50 ` [docs] " Quentin Schulz
  2025-09-17 14:13 ` Antonin Godard
  0 siblings, 2 replies; 7+ messages in thread
From: Peter Marko @ 2025-08-24 14:53 UTC (permalink / raw)
  To: docs; +Cc: Peter Marko

From: Peter Marko <peter.marko@siemens.com>

The filename is outdated as its version was already bumped and there are
also different files for different feed choices.
Use glob to match any available file.

Also the directory changed to CVE_CHECK2 meanwhile, so Update it, too.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 documentation/dev-manual/vulnerabilities.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 5331a63991..6cc7f04944 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -318,7 +318,7 @@ products defined in :term:`CVE_PRODUCT`. Then, for each found CVE:
 The CVE database is stored in :term:`DL_DIR` and can be inspected using
 ``sqlite3`` command as follows::
 
-   sqlite3 downloads/CVE_CHECK/nvdcve_1.1.db .dump | grep CVE-2021-37462
+   sqlite3 downloads/CVE_CHECK2/nvd*.db .dump | grep CVE-2021-37462
 
 When analyzing CVEs, it is recommended to:
 


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
  2025-08-24 14:53 [PATCH] vulnerabilities: update nvdcve file name Peter Marko
@ 2025-09-01  9:50 ` Quentin Schulz
  2025-09-16 10:39   ` Marko, Peter
  2025-09-17 14:13 ` Antonin Godard
  1 sibling, 1 reply; 7+ messages in thread
From: Quentin Schulz @ 2025-09-01  9:50 UTC (permalink / raw)
  To: peter.marko, docs

Hi Peter,

On 8/24/25 4:53 PM, Peter Marko via lists.yoctoproject.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
> 
> The filename is outdated as its version was already bumped and there are
> also different files for different feed choices.
> Use glob to match any available file.
> 

When did this become possible? I see a new fetcher in 
fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97 ("cve-update-nvd2-native: new 
CVE database fetcher") which is already in mickledore so would be a 
candidate for backporting to walnascar and scarthgap.

> Also the directory changed to CVE_CHECK2 meanwhile, so Update it, too.
> 

This changed in dd249921a5d6b8e472242b57415de3f210dc81f1 
("cve-update-db-native: update structure") apparently, which is part of 
walnascar so would be a candidate for backport to walnascar.

I think separate commits would be nice so we can backport the glob to 
scarthgap too and have the CVE_CHECK2 backported to walnascar only.

Cheers,
Quentin

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [docs] [PATCH] vulnerabilities: update nvdcve file name
  2025-09-01  9:50 ` [docs] " Quentin Schulz
@ 2025-09-16 10:39   ` Marko, Peter
  2025-09-16 11:07     ` Antonin Godard
  0 siblings, 1 reply; 7+ messages in thread
From: Marko, Peter @ 2025-09-16 10:39 UTC (permalink / raw)
  To: Quentin Schulz, docs@lists.yoctoproject.org

Hello,

I just wanted to say that I'm back from vacation and will try to submit patches for LTS branches still this week.

Peter

> -----Original Message-----
> From: Quentin Schulz <quentin.schulz@cherry.de>
> Sent: Monday, September 1, 2025 11:51
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> docs@lists.yoctoproject.org
> Subject: Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
> 
> Hi Peter,
> 
> On 8/24/25 4:53 PM, Peter Marko via lists.yoctoproject.org wrote:
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > The filename is outdated as its version was already bumped and there are
> > also different files for different feed choices.
> > Use glob to match any available file.
> >
> 
> When did this become possible? I see a new fetcher in
> fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97 ("cve-update-nvd2-native: new
> CVE database fetcher") which is already in mickledore so would be a
> candidate for backporting to walnascar and scarthgap.
> 
> > Also the directory changed to CVE_CHECK2 meanwhile, so Update it, too.
> >
> 
> This changed in dd249921a5d6b8e472242b57415de3f210dc81f1
> ("cve-update-db-native: update structure") apparently, which is part of
> walnascar so would be a candidate for backport to walnascar.
> 
> I think separate commits would be nice so we can backport the glob to
> scarthgap too and have the CVE_CHECK2 backported to walnascar only.
> 
> Cheers,
> Quentin

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
  2025-09-16 10:39   ` Marko, Peter
@ 2025-09-16 11:07     ` Antonin Godard
  2025-10-11 21:37       ` Marko, Peter
  0 siblings, 1 reply; 7+ messages in thread
From: Antonin Godard @ 2025-09-16 11:07 UTC (permalink / raw)
  To: peter.marko, Quentin Schulz, docs@lists.yoctoproject.org

On Tue Sep 16, 2025 at 12:39 PM CEST, Peter Marko via lists.yoctoproject.org wrote:
> Hello,
>
> I just wanted to say that I'm back from vacation and will try to submit patches for LTS branches still this week.

I backported this patch to walnascar, as part of the pull request from Friday
last week.

I think you could send a separate patch for the new fetcher on scarthgap if you
have the time.

Thanks!

Regards,
Antonin

-- 
Antonin Godard, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] vulnerabilities: update nvdcve file name
  2025-08-24 14:53 [PATCH] vulnerabilities: update nvdcve file name Peter Marko
  2025-09-01  9:50 ` [docs] " Quentin Schulz
@ 2025-09-17 14:13 ` Antonin Godard
  1 sibling, 0 replies; 7+ messages in thread
From: Antonin Godard @ 2025-09-17 14:13 UTC (permalink / raw)
  To: docs, Peter Marko; +Cc: Thomas Petazzoni, Antonin Godard


On Sun, 24 Aug 2025 16:53:16 +0200, Peter Marko wrote:
> The filename is outdated as its version was already bumped and there are
> also different files for different feed choices.
> Use glob to match any available file.
> 
> Also the directory changed to CVE_CHECK2 meanwhile, so Update it, too.
> 
> 
> [...]

Applied, thanks!

[1/1] vulnerabilities: update nvdcve file name
      commit: a2f18cb23183401d9d8e2fd4499d164ef8d86e44

Best regards,
-- 
Antonin Godard <antonin.godard@bootlin.com>


^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [docs] [PATCH] vulnerabilities: update nvdcve file name
  2025-09-16 11:07     ` Antonin Godard
@ 2025-10-11 21:37       ` Marko, Peter
  2025-10-13  7:15         ` Antonin Godard
  0 siblings, 1 reply; 7+ messages in thread
From: Marko, Peter @ 2025-10-11 21:37 UTC (permalink / raw)
  To: Antonin Godard, Quentin Schulz, docs@lists.yoctoproject.org



> -----Original Message-----
> From: Antonin Godard <antonin.godard@bootlin.com>
> Sent: Tuesday, September 16, 2025 13:07
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; Quentin
> Schulz <quentin.schulz@cherry.de>; docs@lists.yoctoproject.org
> Subject: Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
> 
> On Tue Sep 16, 2025 at 12:39 PM CEST, Peter Marko via lists.yoctoproject.org
> wrote:
> > Hello,
> >
> > I just wanted to say that I'm back from vacation and will try to submit patches
> for LTS branches still this week.
> 
> I backported this patch to walnascar, as part of the pull request from Friday
> last week.
> 
> I think you could send a separate patch for the new fetcher on scarthgap if you
> have the time.

I have now sent patches for scarthgap and kirkstone.
Sorry for the delay.

Peter

> 
> Thanks!
> 
> Regards,
> Antonin
> 
> --
> Antonin Godard, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
  2025-10-11 21:37       ` Marko, Peter
@ 2025-10-13  7:15         ` Antonin Godard
  0 siblings, 0 replies; 7+ messages in thread
From: Antonin Godard @ 2025-10-13  7:15 UTC (permalink / raw)
  To: peter.marko, Quentin Schulz, docs@lists.yoctoproject.org

On Sat Oct 11, 2025 at 11:37 PM CEST, Peter Marko via lists.yoctoproject.org wrote:
>
>
>> -----Original Message-----
>> From: Antonin Godard <antonin.godard@bootlin.com>
>> Sent: Tuesday, September 16, 2025 13:07
>> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; Quentin
>> Schulz <quentin.schulz@cherry.de>; docs@lists.yoctoproject.org
>> Subject: Re: [docs] [PATCH] vulnerabilities: update nvdcve file name
>> 
>> On Tue Sep 16, 2025 at 12:39 PM CEST, Peter Marko via lists.yoctoproject.org
>> wrote:
>> > Hello,
>> >
>> > I just wanted to say that I'm back from vacation and will try to submit patches
>> for LTS branches still this week.
>> 
>> I backported this patch to walnascar, as part of the pull request from Friday
>> last week.
>> 
>> I think you could send a separate patch for the new fetcher on scarthgap if you
>> have the time.
>
> I have now sent patches for scarthgap and kirkstone.
> Sorry for the delay.
>
> Peter

Thanks, I applied these on the -next branches.

Antonin

-- 
Antonin Godard, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2025-10-13  7:15 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-24 14:53 [PATCH] vulnerabilities: update nvdcve file name Peter Marko
2025-09-01  9:50 ` [docs] " Quentin Schulz
2025-09-16 10:39   ` Marko, Peter
2025-09-16 11:07     ` Antonin Godard
2025-10-11 21:37       ` Marko, Peter
2025-10-13  7:15         ` Antonin Godard
2025-09-17 14:13 ` Antonin Godard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox