Группа :: Other
Пакет: cve-check-tool
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
2 июля 2023 Pavel Vainerman <pv at altlinux.ru> 5.6.4-alt23
- fixed build with libclickhouse-cpp-2.4.0-alt2
- rebuild with libclickhouse-cpp-2.4.0
- Allow to process only specific packages or task.
- Split cve-check-tool into 4 separate tools:
+ cve-check-dictionary-update collects information about known CPEs.
+ cve-check-dictionary-matcher tries matching packages to known CPEs.
+ cve-check-update updates information about known CVEs.
+ cve-check-tool updates information about matching, closed, discarded and other CVEs
for all packages.
- Split Cve table into Vulnerabilities and VulnerabilitiesStatus tables.
- Implemented keeping history of table updates via timestamps
and 'actual'/'removed' statuses where necessary.
- Implemented processing only new CVE entries instead of reuploading whole table.
- Implemented committing data limit with new command-line option.
- Refactored project.
- Implemented tests.
- Implemented specifying reason for marking CVE fixed.
- Adapted to new clickhouse database structure.
- Added recording of discarded CVEs via new option.
- Updated version and release processing.
- Updated CVE URL.
- Updated supported architectures.
- Switched to NVD JSON 1.1 Schema.
- Increased logging in verbose mode for NVD data downloading.
- Added option to use separate clickhouse configs.
- Added example clickhouse configs.
- Updated supported architectures.
- Improved clickhouse exception messages.
- Implemented parsing 'configurations' object instead of 'affected' object
from NVD JSON data. - Added verbose and offline modes.
- Added support for obtaining information about closed CVEs from clickhouse backend.
- Switched to using murmur hash internally instead of sha1.
- Added processing of binary packages.
- Switched to truncating and refilling absent products table instead of checking for duplicates.
- Implemented clickhouse input and output plugins.
- Fixed options parsing.
- Allowed processing multiple packages with same name.
- Implemented option to output information about CVE in packages not in repository.
- Migrate to NVD JSON Feed 1.0 (XML Feeds go away in October 9th of 2019)
- Common improvements:
+ Replace GLib 'g_str_hash' by 't1ha' hash function because the first
one has too many collisions for CVE dataset (mainly due to small
hash length)
+ Add optional runtime hash collision check (-H option)
+ Add executable for hash collision checking
+ Add optional feature for dropping '-dev' 'lib' and abi suffixes and
prefixes from package names (-F option) - Rpm plugin improvements:
+ Add scan of changelog section for finding already fixed CVEs
+ Fix mistake with patch numeration
+ Fix evaluation of rpm macroses
- NMU: Rebuild with new openssl 1.1.0.
- Fixed field line breaks in a readable form (Closes: 33940)
- Add upstream commits to fix update error
- 5.6.4 Initial build for ALT