From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Fri, 3 Sep 2021 09:17:58 +0000 (+0100)
Subject: tcl: Exclude CVE-2021-35331 from checks
X-Git-Tag: yocto-3.3.4~88
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=d0ff86bccdbcd91e8760001037168043725ef8f4;p=openembedded-core.git

tcl: Exclude CVE-2021-35331 from checks

Upstream don't believe this is an issue.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit adf7bafee3f8884e525b5639ba092a1cd8e3beb9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---

diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index efb36b32dd..a993d7c959 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -30,6 +30,9 @@ SRC_URI[sha256sum] = "8c0486668586672c5693d7d95817cb05a18c5ecca2f40e2836b9578064
 SRC_URI_class-native = "${BASE_SRC_URI}"
 
 S = "${WORKDIR}/${BPN}${PV}/unix"
+# Upstream don't believe this is an exploitable issue
+# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
+CVE_CHECK_WHITELIST += "CVE-2021-35331"
 
 PSEUDO_IGNORE_PATHS .= ",${WORKDIR}/${BPN}${PV}"
 VER = "${PV}"