systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844

One does not strictly apply to 241, for the other two a fix
was already backported to the 241 branch.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 2b9c291959e14703b0978f43e35aaedad2b463b8..cb41ac5b22c601e4bcfe93adfb1a93665b6f9968 100644 (file)
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -14,6 +14,13 @@ LICENSE = "GPLv2 & LGPLv2.1"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
+# DNSOverTLS strict mode was added in 243
+# https://github.com/systemd/systemd/issues/9397
+CVE_CHECK_WHITELIST += "CVE-2018-21029"
+
+# Commit dc903ec516cb on the 241 branch
+CVE_CHECK_WHITELIST += "CVE-2019-3843 CVE-2019-3844"
+
 SRCREV = "511646b8ac5c82f210b16920044465756913d238"
 SRCBRANCH = "v241-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}"