arm-toolchain: ignore CVE-2019-15847 CVE-2021-37322

CVE-2019-15847 is a bug in gcc POWER9 back-end, which is not relevant
for ARM architecture. (It has been fixed in gcc 8.4, 9.3, and 10.1).

CVE-2021-37322 is a bug in c++filt, which is part of binutils rather
than gcc. The issue was fixed in binutils 2.32 (poky has 2.34).

These exclusions are needed only in the dunfell branch, as it is the
only one with affected gcc versions. Master branch has gcc 11.2,
hardknott has 10.2, and honister has 10.3.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc

@@ -4,6 +4,12 @@ BASEPV = "8.2"
 PV = "arm-${BASEPV}"
 CVE_VERSION = "${BASEPV}"
 
+# CVE-2019-15847 is only relevant to POWER9 architecture
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
+# CVE-2021-37322 is in binutils < 2.32, not in gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
+
 MMYY = "19.01"
 RELEASE = "20${MMYY}"
 PR = "r${RELEASE}"

meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc

@@ -9,6 +9,12 @@ RELEASE = "20${MMYY}"
 PR = "r${RELEASE}"
 BINV = "${BASEPV}.0"
 
+# CVE-2019-15847 is only relevant to POWER9 architecture
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
+# CVE-2021-37322 is in binutils < 2.32, not in gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
+
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-${BASEPV}:${FILE_DIRNAME}/gcc-${BASEPV}/backport:"
 
 DEPENDS =+ "mpfr gmp libmpc zlib flex-native"

meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc

@@ -5,6 +5,12 @@ require recipes-devtools/gcc/gcc-common.inc
 PV = "arm-9.2"
 CVE_VERSION = "9.2"
 
+# CVE-2019-15847 is only relevant to POWER9 architecture
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
+# CVE-2021-37322 is in binutils < 2.32, not in gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
+
 # BINV should be incremented to a revision after a minor gcc release
 
 BINV = "9.2.1"