git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Ross Burton <ross.burton@arm.com>
	Mon, 7 Aug 2023 14:45:29 +0000 (15:45 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 9 Aug 2023 20:45:50 +0000 (21:45 +0100)
commit	8cb184f9de9b0ce5f465ea12ba24beafd6673f01
tree	183e9d76308d965596883a5ab1821e062e8d23b2	tree
parent	3abf99a6c6bde2fb8770f54dba609b35f6c6ee5a	commit \| diff

linux-yocto: add script to generate kernel CVE_STATUS entries

Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_STATUS data automatically.

First, note that this is very much an interim solution until the
cve-check class fetches data from www.linuxkernelcves.com directly.

The script should be passed the path to a local clone of the
linuxkernelcves repository[1] and the kernel version number. It will
then write to standard output the CVE_STATUS entries for every known
kernel CVE.

The script should be periodically reran as CVEs are backported and
kernels upgraded frequently.

[1] https://github.com/nluedtke/linux_kernel_cves

Signed-off-by: Ross Burton <ross.burton@arm.com>

meta/recipes-kernel/linux/cve-exclusion_6.1.inc		diff \| blob \| blame \| history
meta/recipes-kernel/linux/cve-exclusion_6.4.inc	[new file with mode: 0644]	blob
meta/recipes-kernel/linux/generate-cve-exclusions.py	[new file with mode: 0755]	blob