Message ID | 20200208215752.13628-3-titouan.christophe@railnova.eu |
---|---|
State | Superseded, archived |
Headers | show |
Series | Add CVE reporting to pkg-stats | expand |
Hello Titouan, Thomas, El sáb., 8 feb. 2020 a las 22:58, Titouan Christophe (<titouan.christophe@railnova.eu>) escribió: > > From: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu> > --- > docs/manual/adding-packages-generic.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt > index baa052e31c..9a77923a92 100644 > --- a/docs/manual/adding-packages-generic.txt > +++ b/docs/manual/adding-packages-generic.txt > @@ -488,6 +488,20 @@ not and can not work as people would expect it should: > locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, > `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. > > +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells > + Buildroot CVE tracking tools which CVEs should be ignored for this > + package. This is typically used when the CVE is fixed by a patch in > + the package, or when the CVE for some reason does not affect the > + Buildroot package. A Makefile comment must always preceed the 'preceed' is incorrect and should be 'precede'. Best regards, Thomas
diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt index baa052e31c..9a77923a92 100644 --- a/docs/manual/adding-packages-generic.txt +++ b/docs/manual/adding-packages-generic.txt @@ -488,6 +488,20 @@ not and can not work as people would expect it should: locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells + Buildroot CVE tracking tools which CVEs should be ignored for this + package. This is typically used when the CVE is fixed by a patch in + the package, or when the CVE for some reason does not affect the + Buildroot package. A Makefile comment must always preceed the + addition of a CVE to this variable. Example: + +---------------------- +# 0001-fix-cve-2020-12345.patch +LIBFOO_IGNORE_CVES += CVE-2020-12345 +# only when built with libbaz, which Buildroot doesn't support +LIBFOO_IGNORE_CVES += CVE-2020-54321 +---------------------- + The recommended way to define these variables is to use the following syntax: