From 7590de304ab4823fd24892119a618fc5e5de65ad Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 15 Nov 2025 19:29:34 +0100
Subject: [PATCH] linuxptp: ignore CVE-2024-42861

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-42861

The vulnerability report is considered to be bogus and a non-issue
(or at least not a security issue) by upstream[1] and by major
Linux distros[2][3][4].

[1]: https://lists.nwtime.org/sympa/arc/linuxptp-devel/2024-09/msg00080.html
[2]: Ubuntu: https://ubuntu.com/security/CVE-2024-42861
[3]: Debian: https://security-tracker.debian.org/tracker/CVE-2024-42861
[4]: Suse: https://bugzilla.suse.com/show_bug.cgi?id=1230935

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
index 9c8e649b1a..ed6717d949 100644
--- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
@@ -30,3 +30,6 @@ PACKAGES =+ "${PN}-configs"
 
 FILES:${PN}-configs = "${docdir}"
 FILES:${PN}-doc = "${mandir}"
+
+# disputed: Considered to be bogus by upstream and major distros
+CVE_CHECK_IGNORE += "CVE-2024-42861"