| Message ID | 20200204215232.666841-3-thomas.petazzoni@bootlin.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add CVE reporting to pkg-stats | expand |
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes: > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > --- > docs/manual/adding-packages-generic.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt > index baa052e31c..9a77923a92 100644 > --- a/docs/manual/adding-packages-generic.txt > +++ b/docs/manual/adding-packages-generic.txt > @@ -488,6 +488,20 @@ not and can not work as people would expect it should: > locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, > `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. > +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells Maybe 'CVE identifiers' instead of CVEs? > + Buildroot CVE tracking tools which CVEs should be ignored for this Maybe '.. list of CVE identifiers that should be ignored by the Buildroot CVE trackign tool for this package.' ?
On Tue, Feb 4, 2020, 22:52 Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > --- > docs/manual/adding-packages-generic.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/docs/manual/adding-packages-generic.txt > b/docs/manual/adding-packages-generic.txt > index baa052e31c..9a77923a92 100644 > --- a/docs/manual/adding-packages-generic.txt > +++ b/docs/manual/adding-packages-generic.txt > @@ -488,6 +488,20 @@ not and can not work as people would expect it should: > locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, > `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. > > +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells > + Buildroot CVE tracking tools which CVEs should be ignored for this > + package. This is typically used when the CVE is fixed by a patch in > + the package, or when the CVE for some reason does not affect the > + Buildroot package. A Makefile comment must always preceed the > Precede + addition of a CVE to this variable. Example: > + > +---------------------- > +# 0001-fix-cve-2020-12345.patch > +LIBFOO_IGNORE_CVES += CVE-2020-12345 > +# only when built with libbaz, which Buildroot doesn't support > +LIBFOO_IGNORE_CVES += CVE-2020-54321 > +---------------------- > + > The recommended way to define these variables is to use the following > syntax: > > -- > 2.24.1 > >
diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt index baa052e31c..9a77923a92 100644 --- a/docs/manual/adding-packages-generic.txt +++ b/docs/manual/adding-packages-generic.txt @@ -488,6 +488,20 @@ not and can not work as people would expect it should: locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells + Buildroot CVE tracking tools which CVEs should be ignored for this + package. This is typically used when the CVE is fixed by a patch in + the package, or when the CVE for some reason does not affect the + Buildroot package. A Makefile comment must always preceed the + addition of a CVE to this variable. Example: + +---------------------- +# 0001-fix-cve-2020-12345.patch +LIBFOO_IGNORE_CVES += CVE-2020-12345 +# only when built with libbaz, which Buildroot doesn't support +LIBFOO_IGNORE_CVES += CVE-2020-54321 +---------------------- + The recommended way to define these variables is to use the following syntax:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- docs/manual/adding-packages-generic.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+)