From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Mon, 6 Sep 2021 14:11:51 +0000 (+0100)
Subject: go: Exclude CVE-2021-29923 from report list
X-Git-Tag: yocto-3.1.11~4
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=9dfc6abbb83f8792fbfa1acb9c0fe4ab23872d8f;p=openembedded-core.git

go: Exclude CVE-2021-29923 from report list

Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 3dfd671d11..50136ca841 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -19,3 +19,9 @@ SRC_URI += "\
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
+