mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 17:09:42 +01:00
471e51b18a
Instead of manually looking up new CVEs and determining what point releases the fixes are incorporated into, add a script to generate the CVE_CHECK_WHITELIST data automatically. First, note that this is very much an interim solution until the cve-check class fetches data from www.linuxkernelcves.com directly. The script should be passed the path to a local clone of the linuxkernelcves repository[1] and the kernel version number. It will then write to standard output the CVE_STATUS entries for every known kernel CVE. The script should be periodically reran as CVEs are backported and kernels upgraded frequently. [1] https://github.com/nluedtke/linux_kernel_cves Note: for the Dunfell backport this is not a cherry-pick of the commit in master as the variable names are different. This incorporates the following commits: linux/generate-cve-exclusions: add version check warning linux/generate-cve-exclusions.py: fix comparison linux-yocto: add script to generate kernel CVE_STATUS entries (From OE-Core rev: 496c0b8fab5dd87102c3a63656debdb3aa214ae7) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>