From ad11e4a9afea5a4c9dd34a7fa37b82efd61952a4 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross@burtonini.com>
Date: Tue, 8 Sep 2020 17:47:44 +0100
Subject: [PATCH] cmake: whitelist CVE-2016-10642

This CVE is specific to the npm package that can install cmake, so isn't
relevant to our cmake recipe.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e74ed809ec4c1f61264ecf5be4bc319e5e07766)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/cmake/cmake.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 09949b566c..a2c7d513b3 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -26,3 +26,7 @@ SRC_URI[md5sum] = "d86ccaf3d2462b6b5947919abe5b9f15"
 SRC_URI[sha256sum] = "5f760b50b8ecc9c0c37135fae5fbf00a2fef617059aa9d61c1bb91653e5a8bfc"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
+
+# This is specific to the npm package that installs cmake, so isn't
+# relevant to OpenEmbedded
+CVE_CHECK_WHITELIST += "CVE-2016-10642"
-- 
2.40.1