[Buildroot] [PATCH 2/2] docs/manual: describe the new <pkg>_IGNORE_CVES variable
Thomas De Schampheleire
patrickdepinguin+buildroot at gmail.com
Wed Feb 5 05:53:45 UTC 2020
On Tue, Feb 4, 2020, 22:52 Thomas Petazzoni <thomas.petazzoni at bootlin.com>
wrote:
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> ---
> docs/manual/adding-packages-generic.txt | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/docs/manual/adding-packages-generic.txt
> b/docs/manual/adding-packages-generic.txt
> index baa052e31c..9a77923a92 100644
> --- a/docs/manual/adding-packages-generic.txt
> +++ b/docs/manual/adding-packages-generic.txt
> @@ -488,6 +488,20 @@ not and can not work as people would expect it should:
> locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`,
> `/usr/lib/modules`, and `/usr/share`, which are automatically excluded.
>
> +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells
> + Buildroot CVE tracking tools which CVEs should be ignored for this
> + package. This is typically used when the CVE is fixed by a patch in
> + the package, or when the CVE for some reason does not affect the
> + Buildroot package. A Makefile comment must always preceed the
>
Precede
+ addition of a CVE to this variable. Example:
> +
> +----------------------
> +# 0001-fix-cve-2020-12345.patch
> +LIBFOO_IGNORE_CVES += CVE-2020-12345
> +# only when built with libbaz, which Buildroot doesn't support
> +LIBFOO_IGNORE_CVES += CVE-2020-54321
> +----------------------
> +
> The recommended way to define these variables is to use the following
> syntax:
>
> --
> 2.24.1
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200205/fc7d4f89/attachment.html>
More information about the buildroot
mailing list