From: Ralph Siemsen <ralph.siemsen@linaro.org>
Date: Thu, 17 Nov 2022 16:54:52 +0000 (-0500)
Subject: golang: ignore CVE-2022-29804
X-Git-Tag: 2020-04.22-dunfell~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bca720eca95929752436b56aa01e7fddfa1c834f;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

golang: ignore CVE-2022-29804

The issue only affects Windows per the golang announcement [1]:

On Windows, the filepath.Clean function could convert an invalid path to
a valid, absolute path. For example, Clean(`.\c:`) returned `c:`.

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 6e596f41413..a0278b98166 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -64,4 +64,5 @@ CVE_CHECK_WHITELIST += "CVE-2021-29923"
 CVE_CHECK_WHITELIST += "CVE-2022-29526"
 
 # Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2022-29804"
 CVE_CHECK_WHITELIST += "CVE-2022-30634"