1. photon
  2. SPECS
  3. cve-check-tool
  4. cve-check-tool.spec
Raw Blame History 
Summary:        cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs.
Name:           cve-check-tool
Version:        5.6.4.1
Release:        10%{?dist}
Source0:        cve-check-tool-%{version}.tar.gz
%define sha1    cve-check-tool=880719673907f5e69ece5180e762611fa66f4ae2
Source1:        packages-mapping.cfg
Patch0:         0001-New-option-r-to-select-a-report-plugin.patch
Patch1:         0002-Alternative-csv-output.patch
Patch2:         0003-Add-N-M-mapping-support.-Invert-key-values.patch
Patch3:         0004-Mapping-supports-vendor-product-combination.patch
Patch4:         0005-Concatenate-update-to-the-version-for-jdk-jre.patch
Patch5:         0006-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch
Patch6:		0007-String-ignoring-case.patch
Patch7:		0008-Check-Database.patch
License:        GPLv2
URL:            https://github.com/ikeydoherty/cve-check-tool
Vendor:         VMware, Inc.
Distribution:   Photon
# We always run autogen.sh
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  libtool
BuildRequires:  json-glib-devel
BuildRequires:  check
BuildRequires:  libxml2-devel
BuildRequires:  sqlite-devel
BuildRequires:  curl-devel
BuildRequires:  openssl-devel
Requires:       curl

%global security_hardening nonow

%description
The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1

%build
./autogen.sh
make %{?_smp_mflags} CFLAGS="-w"

%install
[ %{buildroot} != "/"] && rm -rf %{buildroot}/*
make install DESTDIR=%{buildroot} 
install -m644 %{SOURCE1} %{buildroot}/usr/share/%{name}

%check
make %{?_smp_mflags} check

%clean
rm -rf %{buildroot}/*

%files
%defattr(-,root,root,-)
/usr/bin/cve-check-*
/usr/lib/cve-check-tool/*
/usr/share/cve-check-tool/*
%doc %{_mandir}/man1/*

%changelog
*   Tue Sep 12 2017 Dheeraj Shetty <dheerajs@vmware.com> 5.6.4.1-10
-   Added the patch to check-database to correct the func signature
*   Wed Apr 26 2017 Siju Maliakkal <smaliakkal@vmware.com> 5.6.4.1-9
-   Added the patch for ignoring case of digest digits
*   Thu Apr 06 2017 Anish Swaminathan <anishs@vmware.com> 5.6.4.1-8
-   Remove vault entry from package mapping file
*   Thu Dec 22 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-7
-   Add more entries in package mapping file
-   Improve jdk/jre version parsing
-   Improve .spec parser to search comment with CVE-xxxx-xxxx mentioning
*   Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 5.6.4.1-6
-   BuildRequires curl-devel.
*   Wed Nov 16 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-5
-   Use sqlite-devel
*   Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-4
-   0004-Mapping-supports-vendor-product-combination.patch
    to support package=vendor:product mapping
*   Fri Oct 28 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-3
-   N-to-M-mapping-support.patch
    reverse key-values in the mapping file. Photon package name as a key
    and NVD product name(s) as a value.
-   mapping: added python[23]->python and curl->curl libcurl
*   Wed Oct 05 2016 ChangLee <changlee@vmware.com> 5.6.4.1-2
-   Modified %check
*   Wed Aug 31 2016 Alexey Makhalov <amakhalov@vmware.com> 5.6.4.1-1
-   Update to version 5.6.4.1 (commit 72e272d)
-   Add packages mapping file for Photon OS
-   new option '-r' to select report plugin to use
-   csv2-output-plugin.patch for alternative csv output
*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 5.6.2-2
-   GA - Bump release of all rpms
*   Wed Feb 24 2016 Kumar Kaushik <kaushikk@vmware.com>
-   Updating version to 5.6.2.
*   Wed Jul 29 2015 Luis Zuniga <lzuniga@vmware.com>
-   Added new version of cve-check-tool