ref-manual: document CVE_STATUS and CVE_CHECK_STATUSMAP

Deprecate CVE_CHECK_IGNORE with CVE_STATUS (From yocto-docs rev: 8b8054977f31e2d6090521a0102f066b6d563733) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2023-07-20 09:31:30 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-08-03 15:11:11 +0100
commit: e100e3e0b3f1968421cae59d4a8fb5ea2dfc38c3 (patch)
tree: 6bd9f9109a515026c377d1ae568381c6d0349093 /documentation/ref-manual/classes.rst
parent: db7217335ada1623ddd40d0124dacec751935592 (diff)
download: poky-e100e3e0b3f1968421cae59d4a8fb5ea2dfc38c3.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 4577baba3e..a7819d5b60 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -517,10 +517,10 @@ The ``Patched`` state of a CVE issue is detected from patch files with the forma
 ``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using
 CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.
-If the recipe lists the ``CVE-ID`` in :term:`CVE_CHECK_IGNORE` variable, then the CVE state is reported
+If the recipe adds ``CVE-ID`` as flag of the :term:`CVE_STATUS` variable with status
-as ``Ignored``. Multiple CVEs can be listed separated by spaces. Example::
+mapped to ``Ignored``, then the CVE state is reported as ``Ignored``::
-   CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
+   CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
 If CVE check reports that a recipe contains false positives or false negatives, these may be
 fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables.
author	Andrej Valek <andrej.valek@siemens.com>	2023-07-20 09:31:30 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-08-03 15:11:11 +0100
commit	e100e3e0b3f1968421cae59d4a8fb5ea2dfc38c3 (patch)
tree	6bd9f9109a515026c377d1ae568381c6d0349093 /documentation/ref-manual/classes.rst
parent	db7217335ada1623ddd40d0124dacec751935592 (diff)
download	poky-e100e3e0b3f1968421cae59d4a8fb5ea2dfc38c3.tar.gz

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 4577baba3e..a7819d5b60 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst
@@ -517,10 +517,10 @@ The ``Patched`` state of a CVE issue is detected from patch files with the forma
517	``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using	517	``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using
518	CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.	518	CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.
519		519
520	If the recipe lists the ``CVE-ID`` in :term:`CVE_CHECK_IGNORE` variable, then the CVE state is reported	520	If the recipe adds ``CVE-ID`` as flag of the :term:`CVE_STATUS` variable with status
521	as ``Ignored``. Multiple CVEs can be listed separated by spaces. Example::	521	mapped to ``Ignored``, then the CVE state is reported as ``Ignored``::
522		522
523	CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"	523	CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
524		524
525	If CVE check reports that a recipe contains false positives or false negatives, these may be	525	If CVE check reports that a recipe contains false positives or false negatives, these may be
526	fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables.	526	fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables.