Summary: cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. Name: cve-check-tool Version: 5.6.4.1 Release: 10%{?dist} Source0: cve-check-tool-%{version}.tar.gz %define sha1 cve-check-tool=880719673907f5e69ece5180e762611fa66f4ae2 Source1: packages-mapping.cfg Patch0: 0001-New-option-r-to-select-a-report-plugin.patch Patch1: 0002-Alternative-csv-output.patch Patch2: 0003-Add-N-M-mapping-support.-Invert-key-values.patch Patch3: 0004-Mapping-supports-vendor-product-combination.patch Patch4: 0005-Concatenate-update-to-the-version-for-jdk-jre.patch Patch5: 0006-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch Patch6: 0007-String-ignoring-case.patch Patch7: 0008-Check-Database.patch License: GPLv2 URL: https://github.com/ikeydoherty/cve-check-tool Vendor: VMware, Inc. Distribution: Photon # We always run autogen.sh BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: json-glib-devel BuildRequires: check BuildRequires: libxml2-devel BuildRequires: sqlite-devel BuildRequires: curl-devel BuildRequires: openssl-devel Requires: curl %global security_hardening nonow %description The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %build ./autogen.sh make %{?_smp_mflags} CFLAGS="-w" %install [ %{buildroot} != "/"] && rm -rf %{buildroot}/* make install DESTDIR=%{buildroot} install -m644 %{SOURCE1} %{buildroot}/usr/share/%{name} %check make %{?_smp_mflags} check %clean rm -rf %{buildroot}/* %files %defattr(-,root,root,-) /usr/bin/cve-check-* /usr/lib/cve-check-tool/* /usr/share/cve-check-tool/* %doc %{_mandir}/man1/* %changelog * Tue Sep 12 2017 Dheeraj Shetty <dheerajs@vmware.com> 5.6.4.1-10 - Added the patch to check-database to correct the func signature * Wed Apr 26 2017 Siju Maliakkal <smaliakkal@vmware.com> 5.6.4.1-9 - Added the patch for ignoring case of digest digits * Thu Apr 06 2017 Anish Swaminathan <anishs@vmware.com> 5.6.4.1-8 - Remove vault entry from package mapping file * Thu Dec 22 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-7 - Add more entries in package mapping file - Improve jdk/jre version parsing - Improve .spec parser to search comment with CVE-xxxx-xxxx mentioning * Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 5.6.4.1-6 - BuildRequires curl-devel. * Wed Nov 16 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-5 - Use sqlite-devel * Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-4 - 0004-Mapping-supports-vendor-product-combination.patch to support package=vendor:product mapping * Fri Oct 28 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-3 - N-to-M-mapping-support.patch reverse key-values in the mapping file. Photon package name as a key and NVD product name(s) as a value. - mapping: added python[23]->python and curl->curl libcurl * Wed Oct 05 2016 ChangLee <changlee@vmware.com> 5.6.4.1-2 - Modified %check * Wed Aug 31 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-1 - Update to version 5.6.4.1 (commit 72e272d) - Add packages mapping file for Photon OS - new option '-r' to select report plugin to use - csv2-output-plugin.patch for alternative csv output * Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 5.6.2-2 - GA - Bump release of all rpms * Wed Feb 24 2016 Kumar Kaushik <kaushikk@vmware.com> - Updating version to 5.6.2. * Wed Jul 29 2015 Luis Zuniga <lzuniga@vmware.com> - Added new version of cve-check-tool