[bootlin/training-materials updates] master: slides/buildroot-advanced-packages: add one slide on <pkg>_IGNORE_CVES (662d218e)
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat Mar 11 17:29:20 CET 2023
Repository : https://github.com/bootlin/training-materials
On branch : master
Link : https://github.com/bootlin/training-materials/commit/662d218eece258fc0160ea838192f9c4f452647c
>---------------------------------------------------------------
commit 662d218eece258fc0160ea838192f9c4f452647c
Author: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Date: Sat Mar 11 17:29:20 2023 +0100
slides/buildroot-advanced-packages: add one slide on <pkg>_IGNORE_CVES
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
>---------------------------------------------------------------
662d218eece258fc0160ea838192f9c4f452647c
.../buildroot-advanced-packages.tex | 30 ++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/slides/buildroot-advanced-packages/buildroot-advanced-packages.tex b/slides/buildroot-advanced-packages/buildroot-advanced-packages.tex
index c219ae10..8fdaa45f 100644
--- a/slides/buildroot-advanced-packages/buildroot-advanced-packages.tex
+++ b/slides/buildroot-advanced-packages/buildroot-advanced-packages.tex
@@ -192,6 +192,36 @@ LIBFFI_CPE_ID_UPDATE = rc0
\end{frame}
+\begin{frame}[fragile]{{\tt <pkg>\_IGNORE\_CVES} variable}
+
+ \begin{itemize}
+ \item There are cases where a CVE reported by the {\em pkg-stats}
+ tool in fact is not relevant:
+ \begin{itemize}
+ \item The security fix has been backported into Buildroot
+ \item The vulnerability does not affect Buildroot due to how the
+ package is configured or used
+ \end{itemize}
+ \item The \code{<pkg>_IGNORE_CVES} variable allows a package to tell
+ {\em pkg-stats} to ignore a particular CVE
+ \end{itemize}
+
+ \begin{block}{\code{package/bind/bind.mk}}
+\begin{verbatim}
+# Only applies to RHEL6.x with DNSSEC validation on
+BIND_IGNORE_CVES = CVE-2017-3139
+\end{verbatim}
+ \end{block}
+
+ \begin{block}{\code{package/avahi/avahi.mk}}
+\begin{verbatim}
+# 0001-Fix-NULL-pointer-crashes-from-175.patch
+AVAHI_IGNORE_CVES += CVE-2021-36217
+\end{verbatim}
+ \end{block}
+
+\end{frame}
+
\subsection{Patching packages}
\begin{frame}{Patching packages: why?}
More information about the training-materials-updates
mailing list