From ea796fc54278c6b6480be6b7d6e78130a323d4a5 Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Sat, 15 Feb 2020 13:44:17 +0100 Subject: [PATCH] docs/manual: describe the new _IGNORE_CVES variable Signed-off-by: Thomas Petazzoni Signed-off-by: Titouan Christophe Signed-off-by: Peter Korsgaard --- docs/manual/adding-packages-generic.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt index baa052e31c..59cdb7ffd7 100644 --- a/docs/manual/adding-packages-generic.txt +++ b/docs/manual/adding-packages-generic.txt @@ -488,6 +488,20 @@ not and can not work as people would expect it should: locations, `/lib/firmware`, `/usr/lib/firmware`, `/lib/modules`, `/usr/lib/modules`, and `/usr/share`, which are automatically excluded. +* +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells + Buildroot CVE tracking tools which CVEs should be ignored for this + package. This is typically used when the CVE is fixed by a patch in + the package, or when the CVE for some reason does not affect the + Buildroot package. A Makefile comment must always precede the + addition of a CVE to this variable. Example: + +---------------------- +# 0001-fix-cve-2020-12345.patch +LIBFOO_IGNORE_CVES += CVE-2020-12345 +# only when built with libbaz, which Buildroot doesn't support +LIBFOO_IGNORE_CVES += CVE-2020-54321 +---------------------- + The recommended way to define these variables is to use the following syntax: -- 2.30.2