diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-11 20:04:45 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-11 20:04:45 +0000 |
commit | 380d9712829386fda27d28fda43c8c20462e36b3 (patch) | |
tree | e9ce948c445bb1ee353d8b66ce8e619b7b581e75 | |
parent | 260baf41532d1cd3ea6725da9667dffb91a04ec7 (diff) | |
download | vulns-380d9712829386fda27d28fda43c8c20462e36b3.tar.gz |
scripts/cve_update: add script to update all existing cve entries
Makes it easier when releases happen on older kernels, and for testing.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rwxr-xr-x | scripts/cve_update | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/scripts/cve_update b/scripts/cve_update new file mode 100755 index 00000000..5f9655ca --- /dev/null +++ b/scripts/cve_update @@ -0,0 +1,52 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (c) 2024 - Greg Kroah-Hartman <gregkh@linuxfoundation.org> +# +# cve_update - Update all existing CVE entries based on the latest information +# pulled from the git tree(s). +# +# Will look through the list of all published cve ids and run 'bippy' on them +# to update the mbox and json files. It is recommended that after this +# happens, submit the json files to CVE again, if version numbers have changed. +# +# This is good to do after older stable kernels have been released as often +# CVEs are included in older stable kernels AFTER they show up in newer ones, +# and this keeps the database at CVE more up to date and friendly for others to +# rely on. The mbox files generally shouldn't be resent, as that's just noise +# that no one wants to see. +# +# Usage: +# cve_update +# +# Requires: +# bippy + + +# don't use unset variables +set -o nounset + +# set where the tool was run from, +# the name of our script, +# and the git version of it +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +SCRIPT=${0##*/} +SCRIPT_VERSION=$(cd "${DIR}" && git show -s --abbrev-commit --abbrev=12 --pretty=format:"%h") + +help() { + echo "${SCRIPT}" + exit 1 +} + +cd "${DIR}"/../ || exit 1 + +for id in cve/published/*/*.sha1 ; do +#for id in $(ls cve/published/*/*.sha1) ; do + sha=$(cat "${id}") + cve=$(echo "${id}" | cut -f 1 -d '.' | cut -f 4 -d '/') + root=$(echo "${id}" | cut -f 1 -d '.') + #echo "id=${id} sha=${sha} cve=${cve}" + echo "Updating ${cve}..." + "${DIR}"/bippy --cve="${cve}" --sha="${sha}" --json="${root}.json" --mbox="${root}.mbox" +done + |