Package cve-check-tool: Specfile

%define _unpackaged_files_terminate_build 1
%define _stripped_files_terminate_build 1
%set_verify_elf_method strict

Name: cve-check-tool
Version: 5.6.4
Release: alt23
Summary: Command line tool for checking known (public) CVEs
Group: Other
License: GPLv2
Url: https://github.com/ikeydoherty/cve-check-tool

Source: %name-%version.tar

BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: libcurl-devel libssl-devel
BuildRequires: libclickhouse-cpp-devel >= 2.4.0
BuildRequires: boost-complete
# tests
BuildRequires: ctest libgtest-devel

%description
The tool will identify potentially vulnerable software packages within Linux
distributions through version matching. Where possible it will also seek to
determine (through a distribution implemention) if a vulnerability has been
addressed by way of a patch.

%prep
%setup

%build
%add_optflags -D_FILE_OFFSET_BITS=64 -I/usr/include/clickhouse-cpp

%cmake
%cmake_build

%install
%cmakeinstall_std

%check
pushd %_cmake__builddir
ctest -V
popd

%files
%doc data/*
%_bindir/*

%changelog
* Sun Jul 02 2023 Pavel Vainerman <pv@altlinux.ru> 5.6.4-alt23
- fixed build with libclickhouse-cpp-2.4.0-alt2

* Sat Apr 29 2023 Pavel Vainerman <pv@altlinux.ru> 5.6.4-alt22
- rebuild with libclickhouse-cpp-2.4.0

* Tue Feb 01 2022 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt21.git.cbc2d0e
- Allow to process only specific packages or task.

* Tue Dec 14 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt20.git.cbc2d0e
- Split cve-check-tool into 4 separate tools:
  + cve-check-dictionary-update collects information about known CPEs.
  + cve-check-dictionary-matcher tries matching packages to known CPEs.
  + cve-check-update updates information about known CVEs.
  + cve-check-tool updates information about matching, closed, discarded and other CVEs
    for all packages.

* Wed Dec 01 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt19.git.cbc2d0e
- Split Cve table into Vulnerabilities and VulnerabilitiesStatus tables.
- Implemented keeping history of table updates via timestamps
  and 'actual'/'removed' statuses where necessary.

* Mon Nov 15 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt18.git.cbc2d0e
- Implemented processing only new CVE entries instead of reuploading whole table.
- Implemented committing data limit with new command-line option.

* Wed Nov 10 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt17.git.cbc2d0e
- Refactored project.
- Implemented tests.

* Thu Aug 12 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt16.git.cbc2d0e
- Implemented specifying reason for marking CVE fixed.

* Mon Aug 02 2021 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt15.git.cbc2d0e
- Adapted to new clickhouse database structure.

* Tue Oct 06 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt14.git.cbc2d0e
- Added recording of discarded CVEs via new option.

* Fri Oct 02 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt13.git.cbc2d0e
- Updated version and release processing.

* Fri Sep 25 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt12.git.cbc2d0e
- Updated CVE URL.

* Fri Sep 25 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt11.git.cbc2d0e
- Updated supported architectures.

* Tue Sep 22 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt10.git.cbc2d0e
- Switched to NVD JSON 1.1 Schema.
- Increased logging in verbose mode for NVD data downloading.
- Added option to use separate clickhouse configs.
- Added example clickhouse configs.

* Mon Jun 29 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt9.git.cbc2d0e
- Updated supported architectures.

* Fri Oct 18 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt8.git.cbc2d0e
- Improved clickhouse exception messages.

* Tue Sep 24 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt7.git.cbc2d0e
- Implemented parsing 'configurations' object instead of 'affected' object
  from NVD JSON data.
- Added verbose and offline modes.

* Tue Sep 10 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt6.git.cbc2d0e
- Added support for obtaining information about closed CVEs from clickhouse backend.
- Switched to using murmur hash internally instead of sha1.
- Added processing of binary packages.

* Fri Aug 30 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt5.git.cbc2d0e
- Switched to truncating and refilling absent products table instead of checking for duplicates.

* Tue Aug 20 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 5.6.4-alt4.git.cbc2d0e
- Implemented clickhouse input and output plugins.
- Fixed options parsing.
- Allowed processing multiple packages with same name.
- Implemented option to output information about CVE in packages not in repository.

* Tue Jul 30 2019 Slava Aseev <ptrnine@altlinux.org> 5.6.4-alt3.git.cbc2d0e
- Migrate to NVD JSON Feed 1.0 (XML Feeds go away in October 9th of 2019)
- Common improvements:
  + Replace GLib 'g_str_hash' by 't1ha' hash function because the first
    one has too many collisions for CVE dataset (mainly due to small
    hash length)
  + Add optional runtime hash collision check (-H option)
  + Add executable for hash collision checking
  + Add optional feature for dropping '-dev' 'lib' and abi suffixes and
    prefixes from package names (-F option)
- Rpm plugin improvements:
  + Add scan of changelog section for finding already fixed CVEs
  + Fix mistake with patch numeration
  + Fix evaluation of rpm macroses

* Wed Aug 29 2018 Grigory Ustinov <grenka@altlinux.org> 5.6.4-alt2.git.cbc2d0e.1
- NMU: Rebuild with new openssl 1.1.0.

* Mon Apr 10 2018 Alexandr Antonov <aas@altlinux.org> 5.6.4-alt2.git.cbc2d0e
- Fixed field line breaks in a readable form (Closes: 33940)

* Wed Jun 14 2017 Sergey Novikov <sotor@altlinux.org> 5.6.4-alt1.git.cbc2d0e
- Add upstream commits to fix update error
- 5.6.4 Initial build for ALT