From patchwork Tue Feb 27 02:10:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 878273 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zr2H50k05z9s0W for ; Tue, 27 Feb 2018 13:10:57 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 20C76860B1; Tue, 27 Feb 2018 02:10:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngiTy7VvHDa2; Tue, 27 Feb 2018 02:10:50 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 13E5685FB9; Tue, 27 Feb 2018 02:10:50 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 8D69C1CF0A2 for ; Tue, 27 Feb 2018 02:10:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 897F186E91 for ; Tue, 27 Feb 2018 02:10:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WPrWXUWKjJtT for ; Tue, 27 Feb 2018 02:10:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ch3vs03.rockwellcollins.com (ch3vs03.rockwellcollins.com [205.175.226.47]) by whitealder.osuosl.org (Postfix) with ESMTPS id 515EB86D29 for ; Tue, 27 Feb 2018 02:10:46 +0000 (UTC) Received: from ofwch3n02.rockwellcollins.com (HELO ciulimr02.rockwellcollins.com) ([205.175.226.14]) by ch3vs03.rockwellcollins.com with ESMTP; 26 Feb 2018 20:10:45 -0600 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by ciulimr02.rockwellcollins.com (Postfix) with ESMTP id 34F9420077; Mon, 26 Feb 2018 20:10:45 -0600 (CST) From: Matt Weber To: buildroot@buildroot.org Date: Mon, 26 Feb 2018 20:10:17 -0600 Message-Id: <1519697441-54194-3-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1519697441-54194-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1519697441-54194-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [NEXT 02/26] cpe-info: update manual for new pkg vars X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Provide guidance on setting up the _CPE_ID and _CVE_PATCHED variables. --- docs/manual/adding-packages-generic.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt index 63ea51b..635c5d2 100644 --- a/docs/manual/adding-packages-generic.txt +++ b/docs/manual/adding-packages-generic.txt @@ -453,6 +453,21 @@ information is (assuming the package name is +libfoo+) : FLAT binary format is only 4k bytes. If the application consumes more stack, append the required number here. +* +LIBFOO_CPE_ID+ is a space-separated list of the package's Common Product + Enumeration (CPE) identification string(s). + +make cpe-info+ copies all of these into a +cpe-manifest.csv+ file. + This variable is optional. If it is not defined, +unknown+ will appear in + the +CPI ID+ field of the manifest file for this package. + To identify a package's possible CPE(s), the National Vunerability + Database can be searched at https://nvd.nist.gov/products/cpe/search. + +* +LIBFOO_CVE_PATCHED+ is a space-separated list of the package's Common + Vunerability Enumeration (CVE) identification strings. This list + represents patches applied to the package beyond the current version, + which may fix CVEs. It's used as part of the +make cpe-info+ reporting. + This variable is optional. If it is not defined, the +CVE PATCHED+ field + will appear empty in the manifest file for this package. + The recommended way to define these variables is to use the following syntax: