From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Fri, 3 Sep 2021 09:17:58 +0000 (+0100)
Subject: tcl: Exclude CVE-2021-35331 from checks
X-Git-Tag: yocto-3.4~192
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=adf7bafee3f8884e525b5639ba092a1cd8e3beb9;p=openembedded-core.git

tcl: Exclude CVE-2021-35331 from checks

Upstream don't believe this is an issue.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index 1e91f0827e..cb9e486698 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -29,6 +29,10 @@ SRC_URI[sha256sum] = "cfb49aab82bd179651e23eeeb69606f51b0ddc575ca55c3d35e2457469
 
 SRC_URI:class-native = "${BASE_SRC_URI}"
 
+# Upstream don't believe this is an exploitable issue
+# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
+CVE_CHECK_WHITELIST += "CVE-2021-35331"
+
 UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"
 
 S = "${WORKDIR}/${BPN}${PV}"