dev-manual: common-tasks.rst: fix typos

(From yocto-docs rev: 680f48a94cec063779797c55a9bfe461289a98e3) Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ulrich Ölmann <u.oelmann@pengutronix.de> 2022-11-01 14:33:30 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-11-07 21:31:32 +0000
commit: 7f3e02fe740fa4e5e44151dc5ca447611a35f75d (patch)
tree: 30374ff0eb03a5ab7073eefb70e1e4fb6f42d772 /documentation
parent: e1b27258d5b2ad4bcd54983f143a845f463c3625 (diff)
download: poky-7f3e02fe740fa4e5e44151dc5ca447611a35f75d.tar.gz
1 files changed, 13 insertions, 13 deletions
diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index c747c0deac..d99d327937 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -11518,7 +11518,7 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
 analysis, it has been deemed to ignore the issue as it for example affects
 the software component on a different operating system platform.
-After build with CVE check enabled, reports for each compiled source recipe will be
+After a build with CVE check enabled, reports for each compiled source recipe will be
 found in ``build/tmp/deploy/cve``.
 For example the CVE check report for the ``flex-native`` recipe looks like::
@@ -11567,36 +11567,36 @@ product name when querying the CVE database. If this mapping contains false posi
 some reported CVEs are not for the software component in question, or false negatives like
 some CVEs are not found to impact the recipe when they should, then the problems can be
 in the recipe name to CVE product mapping. These mapping issues can be fixed by setting
-the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of software component in the
+the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of the software component in the
 upstream `NIST CVE database <https://nvd.nist.gov/>`__.
 The variable supports using vendor and product names like this::
   CVE_PRODUCT = "flex_project:flex"
-In this example from the vendor name used in CVE database is ``flex_project`` and
+In this example the vendor name used in the CVE database is ``flex_project`` and the
 product is ``flex``. With this setting the ``flex`` recipe only maps to this specific
 product and not products from other vendors with same name ``flex``.
-Similary, when the recipe version :term:`PV` is not compatible with software versions used by
+Similarly, when the recipe version :term:`PV` is not compatible with software versions used by
 the upstream software component releases and the CVE database, these can be fixed using
-:term:`CVE_VERSION` variable.
+the :term:`CVE_VERSION` variable.
-Note that if the CVE entries in NVD databse contain bugs or have missing or incomplete
+Note that if the CVE entries in the NVD database contain bugs or have missing or incomplete
 information, it is recommended to fix the information there directly instead of working
-around the issues for a possibly long time in Poky and OE-Core side recipes. Feedback to
+around the issues possibly for a long time in Poky and OE-Core side recipes. Feedback to
-NVD about CVEs entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.
+NVD about CVE entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.
 Fixing vulnerabilities in recipes
 ---------------------------------
 If a CVE security issue impacts a software component, it can be fixed by updating to a newer
 version of the software component or by applying a patch. For Poky and OE-Core master branches, updating
-to newer software component release with fixes is the best option, but patches can be applied
+to a newer software component release with fixes is the best option, but patches can be applied
 if releases are not yet available.
 For stable branches, it is preferred to apply patches for the issues. For some software
-components minor version updates can also applied if they are backwards compatible.
+components minor version updates can also be applied if they are backwards compatible.
 Here is an example of fixing CVE security issues with patch files,
 an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
@@ -11610,8 +11610,8 @@ an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
              file://fix-CVE-2020-22033-CVE-2020-22019.patch \
              file://fix-CVE-2021-33815.patch \
-A good practice is to include the CVE identifier in both patch file name
+A good practice is to include the CVE identifier in both the patch file name
-and inside the patch file commit message use the format::
+and inside the patch file commit message using the format::
   CVE: CVE-2020-22033
@@ -11619,7 +11619,7 @@ CVE checker will then capture this information and change the CVE status to ``Pa
 in the generated reports.
 If analysis shows that the CVE issue does not impact the recipe due to configuration, platform,
-version or other reasons, the CVE can be marked as ``Ignored`` using :term:`CVE_CHECK_IGNORE` variable.
+version or other reasons, the CVE can be marked as ``Ignored`` using the :term:`CVE_CHECK_IGNORE` variable.
 As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those
 issues in the CVE database directly.
author	Ulrich Ölmann <u.oelmann@pengutronix.de>	2022-11-01 14:33:30 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-07 21:31:32 +0000
commit	7f3e02fe740fa4e5e44151dc5ca447611a35f75d (patch)
tree	30374ff0eb03a5ab7073eefb70e1e4fb6f42d772 /documentation
parent	e1b27258d5b2ad4bcd54983f143a845f463c3625 (diff)
download	poky-7f3e02fe740fa4e5e44151dc5ca447611a35f75d.tar.gz

diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst index c747c0deac..d99d327937 100644 --- a/documentation/dev-manual/common-tasks.rst +++ b/documentation/dev-manual/common-tasks.rst
@@ -11518,7 +11518,7 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
11518	analysis, it has been deemed to ignore the issue as it for example affects	11518	analysis, it has been deemed to ignore the issue as it for example affects
11519	the software component on a different operating system platform.	11519	the software component on a different operating system platform.
11520		11520
11521	After build with CVE check enabled, reports for each compiled source recipe will be	11521	After a build with CVE check enabled, reports for each compiled source recipe will be
11522	found in ``build/tmp/deploy/cve``.	11522	found in ``build/tmp/deploy/cve``.
11523		11523
11524	For example the CVE check report for the ``flex-native`` recipe looks like::	11524	For example the CVE check report for the ``flex-native`` recipe looks like::
@@ -11567,36 +11567,36 @@ product name when querying the CVE database. If this mapping contains false posi
11567	some reported CVEs are not for the software component in question, or false negatives like	11567	some reported CVEs are not for the software component in question, or false negatives like
11568	some CVEs are not found to impact the recipe when they should, then the problems can be	11568	some CVEs are not found to impact the recipe when they should, then the problems can be
11569	in the recipe name to CVE product mapping. These mapping issues can be fixed by setting	11569	in the recipe name to CVE product mapping. These mapping issues can be fixed by setting
11570	the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of software component in the	11570	the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of the software component in the
11571	upstream `NIST CVE database <https://nvd.nist.gov/>`__.	11571	upstream `NIST CVE database <https://nvd.nist.gov/>`__.
11572		11572
11573	The variable supports using vendor and product names like this::	11573	The variable supports using vendor and product names like this::
11574		11574
11575	CVE_PRODUCT = "flex_project:flex"	11575	CVE_PRODUCT = "flex_project:flex"
11576		11576
11577	In this example from the vendor name used in CVE database is ``flex_project`` and	11577	In this example the vendor name used in the CVE database is ``flex_project`` and the
11578	product is ``flex``. With this setting the ``flex`` recipe only maps to this specific	11578	product is ``flex``. With this setting the ``flex`` recipe only maps to this specific
11579	product and not products from other vendors with same name ``flex``.	11579	product and not products from other vendors with same name ``flex``.
11580		11580
11581	Similary, when the recipe version :term:`PV` is not compatible with software versions used by	11581	Similarly, when the recipe version :term:`PV` is not compatible with software versions used by
11582	the upstream software component releases and the CVE database, these can be fixed using	11582	the upstream software component releases and the CVE database, these can be fixed using
11583	:term:`CVE_VERSION` variable.	11583	the :term:`CVE_VERSION` variable.
11584		11584
11585	Note that if the CVE entries in NVD databse contain bugs or have missing or incomplete	11585	Note that if the CVE entries in the NVD database contain bugs or have missing or incomplete
11586	information, it is recommended to fix the information there directly instead of working	11586	information, it is recommended to fix the information there directly instead of working
11587	around the issues for a possibly long time in Poky and OE-Core side recipes. Feedback to	11587	around the issues possibly for a long time in Poky and OE-Core side recipes. Feedback to
11588	NVD about CVEs entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.	11588	NVD about CVE entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.
11589		11589
11590	Fixing vulnerabilities in recipes	11590	Fixing vulnerabilities in recipes
11591	---------------------------------	11591	---------------------------------
11592		11592
11593	If a CVE security issue impacts a software component, it can be fixed by updating to a newer	11593	If a CVE security issue impacts a software component, it can be fixed by updating to a newer
11594	version of the software component or by applying a patch. For Poky and OE-Core master branches, updating	11594	version of the software component or by applying a patch. For Poky and OE-Core master branches, updating
11595	to newer software component release with fixes is the best option, but patches can be applied	11595	to a newer software component release with fixes is the best option, but patches can be applied
11596	if releases are not yet available.	11596	if releases are not yet available.
11597		11597
11598	For stable branches, it is preferred to apply patches for the issues. For some software	11598	For stable branches, it is preferred to apply patches for the issues. For some software
11599	components minor version updates can also applied if they are backwards compatible.	11599	components minor version updates can also be applied if they are backwards compatible.
11600		11600
11601	Here is an example of fixing CVE security issues with patch files,	11601	Here is an example of fixing CVE security issues with patch files,
11602	an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::	11602	an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
@@ -11610,8 +11610,8 @@ an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
11610	file://fix-CVE-2020-22033-CVE-2020-22019.patch \	11610	file://fix-CVE-2020-22033-CVE-2020-22019.patch \
11611	file://fix-CVE-2021-33815.patch \	11611	file://fix-CVE-2021-33815.patch \
11612		11612
11613	A good practice is to include the CVE identifier in both patch file name	11613	A good practice is to include the CVE identifier in both the patch file name
11614	and inside the patch file commit message use the format::	11614	and inside the patch file commit message using the format::
11615		11615
11616	CVE: CVE-2020-22033	11616	CVE: CVE-2020-22033
11617		11617
@@ -11619,7 +11619,7 @@ CVE checker will then capture this information and change the CVE status to ``Pa
11619	in the generated reports.	11619	in the generated reports.
11620		11620
11621	If analysis shows that the CVE issue does not impact the recipe due to configuration, platform,	11621	If analysis shows that the CVE issue does not impact the recipe due to configuration, platform,
11622	version or other reasons, the CVE can be marked as ``Ignored`` using :term:`CVE_CHECK_IGNORE` variable.	11622	version or other reasons, the CVE can be marked as ``Ignored`` using the :term:`CVE_CHECK_IGNORE` variable.
11623	As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those	11623	As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those
11624	issues in the CVE database directly.	11624	issues in the CVE database directly.
11625		11625