пре 2 месеци · 1167d0ff3d
--- a/docs/manual/adding-packages-generic.adoc
+++ b/docs/manual/adding-packages-generic.adoc
@@ -509,9 +509,9 @@ not and can not work as people would expect it should:
 
				 * +LIBFOO_IGNORE_CVES+ is a space-separated list of CVEs that tells
			
 
				   Buildroot CVE tracking tools which CVEs should be ignored for this
			
 
				   package. This is typically used when the CVE is fixed by a patch in
			
 
				-  the package, or when the CVE for some reason does not affect the
			
 
				-  Buildroot package. A Makefile comment must always precede the
			
 
				-  addition of a CVE to this variable. Example:
			
 
				+  the package (see xref:additional-patch-documentation[]), or when the CVE for
			
 
				+  some reason does not affect the Buildroot package. A Makefile comment must
			
 
				+  always precede the addition of a CVE to this variable. Example:
			
 
				 +
			
 
				 ----
			
 
				 # 0001-fix-cve-2020-12345.patch
			
--- a/docs/manual/patch-policy.adoc
+++ b/docs/manual/patch-policy.adoc
@@ -144,6 +144,7 @@ AC_PROG_MAKE_SET
 
				 +AM_CONDITIONAL([CXX_WORKS], [test "x$rw_cv_prog_cxx_works" = "xyes"])
			
 
				 ----
			
 
				 
			
 
				+[[additional-patch-documentation]]
			
 
				 === Additional patch documentation
			
 
				 
			
 
				 Ideally, all patches should document an upstream patch or patch submission, when
			
@@ -177,4 +178,14 @@ Upstream: N/A <additional information about why patch is Buildroot specific>
 
				 ----
			
 
				 
			
 
				 Adding this documentation helps streamline the patch review process during
			
 
				-package version updates.
			
 
				+package version updates.
			
 
				+
			
 
				+If the patch addresses one or multiple vulnerabilities, list each identifier on
			
 
				+a separate line with a +CVE+ trailer.
			
 
				+
			
 
				+----
			
 
				+CVE: <vulnerability identifier>
			
 
				+----
			
 
				+
			
 
				+If multiple patches address the same vulnerability, reference the vulnerability
			
 
				+in every patch.