diff options
author | Paul Eggleton <bluelightning@bluelightning.org> | 2024-04-14 13:43:12 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-04-16 07:55:42 +0100 |
commit | 7d41877ce9f17fe3f5f1827fad7589338d9f295b (patch) | |
tree | 007c7de869987aa05244f8726f806b1294e4ee82 /documentation/ref-manual | |
parent | 0ff0de3c65ebac324f5a9b1ff5495e5b50445df5 (diff) | |
download | poky-7d41877ce9f17fe3f5f1827fad7589338d9f295b.tar.gz |
ref-manual: classes: cve_check: add note about remote patches
Document the change in behaviour in 5.0.
(From yocto-docs rev: f7a223d4e78bee67107fa47e147208f57a2d9521)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/ref-manual')
-rw-r--r-- | documentation/ref-manual/classes.rst | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 8d69e9947f..9520d0bf7c 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst | |||
@@ -564,6 +564,13 @@ The ``Patched`` state of a CVE issue is detected from patch files with the forma | |||
564 | ``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using | 564 | ``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using |
565 | CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file. | 565 | CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file. |
566 | 566 | ||
567 | .. note:: | ||
568 | |||
569 | Commit message metadata (``CVE: CVE-ID`` in a patch header) will not be scanned | ||
570 | in any patches that are remote, i.e. that are anything other than local files | ||
571 | referenced via ``file://`` in SRC_URI. However, a ``CVE-ID`` in a remote patch | ||
572 | file name itself will be registered. | ||
573 | |||
567 | If the recipe adds ``CVE-ID`` as flag of the :term:`CVE_STATUS` variable with status | 574 | If the recipe adds ``CVE-ID`` as flag of the :term:`CVE_STATUS` variable with status |
568 | mapped to ``Ignored``, then the CVE state is reported as ``Ignored``:: | 575 | mapped to ``Ignored``, then the CVE state is reported as ``Ignored``:: |
569 | 576 | ||