From e1cbd0808b0a541bc48424d9b45e7e71a3224aa4 Mon Sep 17 00:00:00 2001
From: Daniel Lang <dalang@gmx.at>
Date: Wed, 20 Sep 2023 06:34:20 +0200
Subject: [PATCH] package/cpio: drop CVE-2021-38185 from IGNORE_CVES

CVE-2021-38185 affects cpio <= 2.13.
The mentioned patches were removed in b0306d94 when bumping to 2.14.

Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 880e03ba7519597e813e910543b87b5a077c906c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/cpio/cpio.mk | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/package/cpio/cpio.mk b/package/cpio/cpio.mk
index 19224000bb..911d16822b 100644
--- a/package/cpio/cpio.mk
+++ b/package/cpio/cpio.mk
@@ -12,10 +12,6 @@ CPIO_LICENSE = GPL-3.0+
 CPIO_LICENSE_FILES = COPYING
 CPIO_CPE_ID_VENDOR = gnu
 
-# 0002-Rewrite-dynamic-string-support.patch
-# 0003-Fix-previous-commit.patch
-CPIO_IGNORE_CVES += CVE-2021-38185
-
 # cpio uses argp.h which is not provided by uclibc or musl by default.
 # Use the argp-standalone package to provide this.
 ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)