← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

Distro kernels
--------------
Ubuntu kernels as part of the archive are listed here:
https://wiki.ubuntu.com/Kernel/Dev/ABIPackages

Android kernels (flo, goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 14.10 and earlier preview kernels.

LTS backport kernels from interim releases are typically not supported once the
next LTS backprt kernel is available. For example, now that linux-lts-trusty
is available, linux-lts-quantal and linux-lts-saucy no longer receive official
support.

Product kernels
---------------
Product kernels are not shipped as part of the archive but instead shipped as
part of some other distribution mechanism, such as the device tarball on
Ubuntu Touch or a kernel snap on Snappy.

Because product kernels are not necessarily tied to a release and because the
source package does not exist in the Ubuntu archive, the normal
'<release>_<source package>' nomencalture doesn't apply. Instead, simply use
'product_linux-<product name>' for all of the product kernels. For example:

Product  | Device           | UCT                    | Git
-----------------------------------------------------------------------------
krillin  | BQ aquarius-E4.5 | product_linux-krillin  | https://github.com/bq/aquaris-E4.5
vegetahd | BQ aquarious-E5  | product_linux-vegetahd | https://github.com/bq/aquaris-E5
arale    | Meizu OSC        | product_linux-arale    | https://github.com/meizuosc/m75

Git trees are currently also listed on:
https://wiki.ubuntu.com/Touch/Devices

In this manner, product kernel are not tied to a particular release yet are
still differentiated.

-- Adding new product kernels

If the product name is 'foo':
1. add the following to 00boilerplate.linux:
   Patches_linux-foo:
   product_linux-foo: needs-triage
2. update 'product_kernels' in scripts/cve_lib.py to include 'linux-foo' along
   with its git tree and LP project to file bugs against. Eg:
   product_kernels = {...,
                      'linux-foo': ('http://git.url/...',
                                    'https://launchpad.net/project...'),
                      }

With the above:
 * check-syntax will verify product kernels
 * active_edit can create/update kernels from boilerplate or via '-p linux-foo'
 * html_export.py will export html relevant for a product kernel
 * sync-bugs.kernel.py will sync to the LP project
   - TODO: cve_lib.product_kernels needs to have actual project urls to sync
     against and then the logic to sync to these instead of against the Ubuntu
     project

In this manner, the CVEs themselves work just like any other CVEs for a
package, except Ubuntu releases and 'upstream' are omitted. Eg:

Patches_linux-krillin:
product_linux-krillin: needs-triage

Patches_linux-vegetahd:
 break-fix: - 956421fbb74c3a6261903f3836c0740187cf038b
product_linux-vegetahd: pending

Patches_linux-arale:
 break-fix: ce07d891a0891d3c0d0c2d73d577490486b809e1 e0c9c0afd2fc958ffa34b697972721d81df8a56f
product_linux-arale: released (1.2.3.4)