Skip to content

stable-patch-format: Update CVE number requirements #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AnneCYH merged 1 commit into from
Mar 12, 2025
Merged

stable-patch-format: Update CVE number requirements #60

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 18 additions & 22 deletions docs/reference/stable-patch-format.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,32 +219,24 @@ Comment body
Signed-off-by: Manoj Iyer <[email protected]>

.. _comment-body-cve:
#. Every **CVE** patch **must** contain a line at the beginning of the commit
message that specifies the CVE number(s) related to the patch. This must be
the first part of the body of the comment.
#. Every **CVE** patch **must** contain a line just before your sign-off that
specifies the CVE number(s) related to the patch.

There is the comment subject line, a blank line, the CVE number, a blank
line, and then the rest of the comment body.
A "BugLink" is optional for CVE patches.

Example:

.. code-block:: none
:emphasize-lines: 5-11
:emphasize-lines: 7

Subject: [SRU][B/D] UBUNTU: SAUCE: nbd_genl_status: null check for nla_nest_start

From: Navid Emamdoost <[email protected]>

CVE-2019-16089

nla_nest_start may fail and return NULL. The check is inserted, and
errno is selected based on other call sites within the same source code.
Update: removed extra new line.
v3 Update: added release reply, thanks to Michal Kubecek for pointing
out.
[...]
[... commit message body ...]

Signed-off-by: Lion Ackermann <[email protected]>
Acked-by: Toke Høiland-Jørgensen <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
(cherry picked from commit 5eb7de8cd58e73851cd37ff8d0666517d9926948)
CVE-2024-53164
Signed-off-by: Ian Whitfield <[email protected]>

Preparing to submit patches
---------------------------
Expand All @@ -259,8 +251,10 @@ Sending as a patch series
#. Every patch submitted to a stable kernel **must** be sent in a patch series
with a cover letter, even if the patch series contains a single patch.

#. The cover letter **must** contain the "BugLink" or the CVE number like the
patch(es) itself.
#. The cover letter **must** contain the same "BugLink" line as in the patches
themselves, when one is present.

#. CVE cover letters **must** have the CVE number as the subject.

#. The cover letter **must** contain the SRU justification from the launchpad
bug or the CVE fix.
Expand All @@ -282,8 +276,10 @@ Sending as a pull request

#. Include the git pull request information in the cover letter email.

#. The cover letter **must** contain the "BugLink" or the CVE number like the
patch(es) itself.
#. The cover letter **must** contain the same "BugLink" line as in the patches
themselves, when one is present.

#. CVE cover letters should have the CVE number as the subject.

#. The cover letter **must** contain the SRU justification from the launchpad
bug or the CVE fix.
Expand Down
Loading