diff options
| author | Ross Burton <ross.burton@arm.com> | 2023-08-25 17:44:01 +0100 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-08-30 04:46:36 -1000 |
| commit | f17c07ff4b979e45e967fab6e0ba9faf83290115 (patch) | |
| tree | c162a2110d393996d9b5166245bbb8a71b4d517d /scripts/lib/devtool/sdk.py | |
| parent | 1cae56f2168095927b6deafef9328a07f061c096 (diff) | |
| download | poky-f17c07ff4b979e45e967fab6e0ba9faf83290115.tar.gz | |
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_IGNORE data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from www.linuxkernelcves.com directly.
The script should be passed the path to a local clone of the
linuxkernelcves repository[1] and the kernel version number. It will
then write to standard output the CVE_STATUS entries for every known
kernel CVE.
The script should be periodically reran as CVEs are backported and
kernels upgraded frequently.
[1] https://github.com/nluedtke/linux_kernel_cves
Note: for the backport this is not a cherry-pick of the commit in master
as the variable names are different. This incorporates the following
commits:
linux/generate-cve-exclusions: add version check warning
linux/generate-cve-exclusions.py: fix comparison
linux-yocto: add script to generate kernel CVE_STATUS entries
(From OE-Core rev: c7a71692b7ed4cc2187f4c82bf11e32e0ce32cb6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/sdk.py')
0 files changed, 0 insertions, 0 deletions