From: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Date: Wed, 27 Oct 2021 12:56:18 +0000 (+0530)
Subject: curl: Whitelist CVE-2021-22897
X-Git-Tag: yocto-3.1.12~46
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=543a72e115340f3a7378b8b85bd48a0b495b3919;p=openembedded-core.git

curl: Whitelist CVE-2021-22897

CVE-2021-22897 is affecting only Windows, hence whitelisting this CVE.
Link: https://security-tracker.debian.org/tracker/CVE-2021-22897
Link: https://ubuntu.com/security/CVE-2021-22897

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index d7ffb2dc50..bc1b993e9e 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -34,6 +34,11 @@ SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a5
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-22945"
 
+# As per link https://security-tracker.debian.org/tracker/CVE-2021-22897
+# and https://ubuntu.com/security/CVE-2021-22897
+# This CVE issue affects Windows only Hence whitelisting this CVE
+CVE_CHECK_WHITELIST += "CVE-2021-22897"
+
 inherit autotools pkgconfig binconfig multilib_header
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"