]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0cae5d7)
go: Exclude CVE-2021-29923 from report list
authorRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 6 Sep 2021 14:11:51 +0000 (15:11 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 6 Sep 2021 14:27:43 +0000 (15:27 +0100)
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/go/go-1.16.7.inc patch | blob | history

diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc
index bc1cd944496d1e383e25be3b0fb92be73be7a535..02a92687790a7dac5032b374d0f78ab35e1d5a32 100644 (file)
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -18,3 +18,8 @@ SRC_URI += "\
     file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
 "
 SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
Mirror of the official openembedded-core repository