diff options
| author | Ross Burton <ross.burton@arm.com> | 2023-08-25 17:43:40 +0100 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-08-30 04:52:35 -1000 |
| commit | 4a930182bff66e798c9df85845aaf6e53d0c3e35 (patch) | |
| tree | 5d0bb8e4701e0991f5d4859061ec05465226c39b /scripts/lib/devtool/build.py | |
| parent | ebab982e97afc992a6406c976a082337baa335da (diff) | |
| download | poky-4a930182bff66e798c9df85845aaf6e53d0c3e35.tar.gz | |
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_IGNORE data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from www.linuxkernelcves.com directly.
The script should be passed the path to a local clone of the
linuxkernelcves repository[1] and the kernel version number. It will
then write to standard output the CVE_STATUS entries for every known
kernel CVE.
The script should be periodically reran as CVEs are backported and
kernels upgraded frequently.
[1] https://github.com/nluedtke/linux_kernel_cves
Note: for the backport this is not a cherry-pick of the commit in master
as the variable names are different. This incorporates the following
commits:
linux/generate-cve-exclusions: add version check warning
linux/generate-cve-exclusions.py: fix comparison
linux-yocto: add script to generate kernel CVE_STATUS entries
(From OE-Core rev: f9bfaee1c05a61457ada7850d707a847f327e605)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/build.py')
0 files changed, 0 insertions, 0 deletions