From bb7747497adbc7c99f6fc9b48b643eecb4cb1408 Mon Sep 17 00:00:00 2001
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Date: Sun, 17 Jan 2021 10:42:33 -0800
Subject: ppp: Whitelist CVE-2020-15704

This CVE only applies to the load_ppp_generic_if_needed patch applied by
Ubuntu. This patch is not used by OpenEmbedded, so the CVE does not
apply.

(From OE-Core rev: 897822233faef0f8f35dc1d8a39e1c4bc0550f1e)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'meta/recipes-connectivity')

diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 60c56dd0bd..76c1cc62a7 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -42,6 +42,10 @@ SRC_URI_append_libc-musl = "\
 SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a"
 SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30"
 
+# This CVE is specific to a patch applied by Ubuntu that is not used by
+# OpenEmbedded.
+CVE_CHECK_WHITELIST += "CVE-2020-15704"
+
 inherit autotools-brokensep systemd
 
 TARGET_CC_ARCH += " ${LDFLAGS}"
-- 
cgit v1.2.3-54-g00ecf