go: Exclude CVE-2021-29923 from report list

rpurdie · rpurdie · commit 5bd5faf0c34b · 2021-09-06T15:27:43.000+01:00
Upstream don't believe it is a signifiant real world issue and will only fix in 1.17 onwards. Therefore exclude it from our reports. golang/go#30999 (comment) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -18,3 +18,8 @@ SRC_URI += "\
     file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
 "
 SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"

Original file line number	Diff line number	Diff line change
`@@ -18,3 +18,8 @@ SRC_URI += "\`
`18`	`18`	`file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \`
`19`	`19`	`"`
`20`	`20`	`SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"`
	`21`	`+`
	`22`	`+# Upstream don't believe it is a signifiant real world issue and will only`
	`23`	`+# fix in 1.17 onwards where we can drop this.`
	`24`	`+# https://github.com/golang/go/issues/30999#issuecomment-910470358`
	`25`	`+CVE_CHECK_WHITELIST += "CVE-2021-29923"`