From b3c43cc0968f049337944ced52f764c502fd5fb4 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Fri, 27 Feb 2026 13:03:21 +0100
Subject: [PATCH] quagga: ignore CVE-2021-44038

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44038

The main point of the vulnerability is that the application
comes with its own systemd unit files, which execute chmod and chown
commands upon start on some files. So when the services are
restarted (e.g. after an update), these unit files can be tricked
to change the permissions on a malicious file.

However OE does not use these unit files - the recipe comes
with its own custom unit files, and chown/chmod isn't used
at all.

Due to this, ignore this vulnerability.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index 984264a30f..713d7d95f3 100644
--- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -5,4 +5,5 @@ SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193b
 
 CVE_CHECK_IGNORE += "\
     CVE-2016-4049 \
+    CVE-2021-44038 \
 "