From e5808a69cd3e952d7815b34ad3d66046e3cd9d50 Mon Sep 17 00:00:00 2001
From: virendra thakur <thakur.virendra1810@gmail.com>
Date: Tue, 27 Jun 2023 13:20:13 +0530
Subject: c-ares: whitelist CVE-2023-31124

CVE-2023-31124 applies only when cross-compiling using autotools.
Yocto cross-compiles via cmake which is also listed as official workaround.

See:
* https://nvd.nist.gov/vuln/detail/CVE-2023-31124
* https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4

Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 66254583bc..152d913325 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -23,3 +23,7 @@ PACKAGES =+ "${PN}-utils"
 FILES_${PN}-utils = "${bindir}"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_WHITELIST += "CVE-2023-31124"
-- 
cgit v1.2.3-54-g00ecf