The current security-related documentation is a bit hard to find and
hidden within the development manual. However these are processes that
are not part of a development task but is rather a vulnerability
reporting process.
Create a new "Security" section in the documentation to gather this
information. This will be directly visible in the sidebar when opening
the documentation.
Split the previous security-subjects.rst document into 2 documents:
- security-team.rst: defines the roles of the security teams and its
members.
- reporting-vulnerabilities.rst: guide to report vulnerabilities to the
security team.
The plan is to backport these documents to active releases. As a
consequence, this section should be free of instructions and information
that only make sense for a specific release. It should _not_ contain
documents on how to enable security features with Yocto on target
devices, this is unrelated and can be left in the development manual
(for example: dev-manual/vulnerabilities.rst to deal with CVEs).
(From yocto-docs rev: 80556704f8b60b5bf903da497909cfda7dd1b28b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 81e14ca2d5cff9e2104c556655144b069633790c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix as many instances of unbalanced-inline-literals-delimiters as reported by
'make sphinx-lint' as possible. Sphinx and/or its linter seem to get tripped
up randomly when references contain links to heading which contain literals
enclosed in double-back-tics, and not all of them can be "fixed" to pass both
building and linting.
(From yocto-docs rev: 0ba5429953dfa0cdc983ed13ddd06351116031c7)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the same fashion as the previous commit ("ref-manual/packages: move
ptest section to the test-manual"), move the runtime testing section of
the development tasks manual to the test environment manual.
Add a link to it from the test-manual/intro document.
(From yocto-docs rev: 79aa34db34def525a11c41d951365bcb891318c4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6b44257874858db3aa426d3e84a79c41cb4937a3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[ YOCTO #15106 ]
It makes more sense to document ptests in the test-manual. Since ptests
are still related to packages, keep a link to ptests from packages.rst
to the test-manual.
Reported-by: Yoann Congal <yoann.congal@smile.fr>
(From yocto-docs rev: 110e15c4407dfc03c7d931e4488eb43dbfad7570)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b389c06b709e4791e1cce5e8a5b58f6b0cd03a14)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Newer versions of Sphinx already define a :cve: role that points to
cve.org, instead of the role we defined in conf.py that points to
nvd.nist.gov.
Rename our role to :cve_nist: to avoid warnings (treated as errors).
This is also backwards compatible, meaning we can build the doc with an
older Sphinx if needed.
The file were automatically replaced with following command:
find . -name '*.rst' -exec sed -i 's/:cve:/:cve_nist:/g' {} \+
Cherry pick:
* remove changes to release-notes-5.1.rst, does not exist on this branch.
* release-notes-5.0.4.rst: apply the command to this file as it was
treated previously.
Suggested-By: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 5b86879b3b5f3c51bc7fa5dd2848cf1153a22242)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fa3b7e85dde50d7236c1738ad607531cc654b8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Public hashserver is now at hashserv.yoctoproject.org:8686
(From yocto-docs rev: 5aeb6a6b2799fb72abbfb272271e3175eca14b37)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From yocto-docs rev: cdce92a0f1595b4cf7b7797f5f95a2d8d8f7d376)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
update recipes changes in 5.0 rc4.
update new recipes, license changes, patched cve and recipes version
changes.
(From yocto-docs rev: 0fc86205668d122d4e550a5eae301cd6997f8a71)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a few missing entries based upon combing through the release
commits, as well as minor tweaks to existing items.
(From yocto-docs rev: 0680ee719edaa31a52f9cb7bd5138b402b1b26ce)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add CVEs from commits
* Add recipe upgrades using layer index branch comparison
* Add contributors from commits
(From yocto-docs rev: 4cf6b62939c226fb9c49b7d61f3d95075a9cd8bd)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch should cover those commits (from poky) :
* 789b10030c (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
* 19f27037b2 (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
* 6ce61b4357 (strace: disable bluetooth support by default, 2023-12-13)
* 381ef628fa (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)
(From yocto-docs rev: da44182aa084378dbf7a04bb010cbd87e508a607)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>