mirror of
https://git.yoctoproject.org/poky
synced 2026-03-12 10:19:44 +01:00
4a930182bf
Instead of manually looking up new CVEs and determining what point releases the fixes are incorporated into, add a script to generate the CVE_CHECK_IGNORE data automatically. First, note that this is very much an interim solution until the cve-check class fetches data from www.linuxkernelcves.com directly. The script should be passed the path to a local clone of the linuxkernelcves repository[1] and the kernel version number. It will then write to standard output the CVE_STATUS entries for every known kernel CVE. The script should be periodically reran as CVEs are backported and kernels upgraded frequently. [1] https://github.com/nluedtke/linux_kernel_cves Note: for the backport this is not a cherry-pick of the commit in master as the variable names are different. This incorporates the following commits: linux/generate-cve-exclusions: add version check warning linux/generate-cve-exclusions.py: fix comparison linux-yocto: add script to generate kernel CVE_STATUS entries (From OE-Core rev: f9bfaee1c05a61457ada7850d707a847f327e605) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>