package/cpio: drop CVE-2021-38185 from IGNORE_CVES

CVE-2021-38185 affects cpio <= 2.13. The mentioned patches were removed in b0306d94 when bumping to 2.14. Signed-off-by: Daniel Lang <dalang@gmx.at> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 880e03ba7519597e813e910543b87b5a077c906c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2026-01-04 06:10:16 +03:00 · 2023-09-20 06:34:20 +02:00
parent 263c07fb96
commit e1cbd0808b
1 changed files with 0 additions and 4 deletions
--- a/package/cpio/cpio.mk
+++ b/package/cpio/cpio.mk
@@ -12,10 +12,6 @@ CPIO_LICENSE = GPL-3.0+
 CPIO_LICENSE_FILES = COPYING
 CPIO_CPE_ID_VENDOR = gnu

-# 0002-Rewrite-dynamic-string-support.patch
-# 0003-Fix-previous-commit.patch
-CPIO_IGNORE_CVES += CVE-2021-38185
-
 # cpio uses argp.h which is not provided by uclibc or musl by default.
 # Use the argp-standalone package to provide this.
 ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)