meta/scripts: Automated conversion of OE renamed variables

(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-04 16:10:04 +00:00 · 2022-02-16 20:33:47 +00:00 · 2022-02-16 20:33:47 +00:00 · 71ef319193
commit 71ef319193
parent 5a3d6c7bda
52 changed files with 97 additions and 97 deletions
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@ -63,7 +63,7 @@ ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/"
 # When producing a combined mirror directory, allow duplicates for the case
 # where multiple recipes use the same SRC_URI.
 ARCHIVER_COMBINED_MIRRORDIR = "${ARCHIVER_TOPDIR}/mirror"
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}/mirror"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_SRC}/mirror"

 do_dumpdata[dirs] = "${ARCHIVER_OUTDIR}"
 do_ar_recipe[dirs] = "${ARCHIVER_OUTDIR}"
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@ -792,8 +792,8 @@ def buildhistory_get_sdkvars(d):
    sdkvars = "DISTRO DISTRO_VERSION SDK_NAME SDK_VERSION SDKMACHINE SDKIMAGE_FEATURES TOOLCHAIN_HOST_TASK TOOLCHAIN_TARGET_TASK BAD_RECOMMENDATIONS NO_RECOMMENDATIONS PACKAGE_EXCLUDE"
    if d.getVar('BB_CURRENTTASK') == 'populate_sdk_ext':
        # Extensible SDK uses some additional variables
-        sdkvars += " SDK_LOCAL_CONF_WHITELIST SDK_LOCAL_CONF_BLACKLIST SDK_INHERIT_BLACKLIST SDK_UPDATE_URL SDK_EXT_TYPE SDK_RECRDEP_TASKS SDK_INCLUDE_PKGDATA SDK_INCLUDE_TOOLCHAIN"
-    listvars = "SDKIMAGE_FEATURES BAD_RECOMMENDATIONS PACKAGE_EXCLUDE SDK_LOCAL_CONF_WHITELIST SDK_LOCAL_CONF_BLACKLIST SDK_INHERIT_BLACKLIST"
+        sdkvars += " ESDK_LOCALCONF_ALLOW ESDK_LOCALCONF_REMOVE ESDK_CLASS_INHERIT_DISABLE SDK_UPDATE_URL SDK_EXT_TYPE SDK_RECRDEP_TASKS SDK_INCLUDE_PKGDATA SDK_INCLUDE_TOOLCHAIN"
+    listvars = "SDKIMAGE_FEATURES BAD_RECOMMENDATIONS PACKAGE_EXCLUDE ESDK_LOCALCONF_ALLOW ESDK_LOCALCONF_REMOVE ESDK_CLASS_INHERIT_DISABLE"
    return outputvars(sdkvars, listvars, d)


--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@ -44,14 +44,14 @@ CVE_CHECK_CREATE_MANIFEST ??= "1"
 CVE_CHECK_REPORT_PATCHED ??= "1"

 # Whitelist for packages (PN)
-CVE_CHECK_PN_WHITELIST ?= ""
+CVE_CHECK_SKIP_RECIPE ?= ""

 # Whitelist for CVE. If a CVE is found, then it is considered patched.
 # The value is a string containing space separated CVE values:
 #
-# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
+# CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234'
 #
-CVE_CHECK_WHITELIST ?= ""
+CVE_CHECK_IGNORE ?= ""

 # Layers to be excluded
 CVE_CHECK_LAYER_EXCLUDELIST ??= ""
@ -178,11 +178,11 @@ def check_cves(d, patched_cves):
    pv = d.getVar("CVE_VERSION").split("+git")[0]

    # If the recipe has been whitelisted we return empty lists
-    if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
+    if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split():
        bb.note("Recipe has been whitelisted, skipping check")
        return ([], [], [])

-    cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
+    cve_whitelist = d.getVar("CVE_CHECK_IGNORE").split()

    import sqlite3
    db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@ -48,7 +48,7 @@ enabled tests are listed here, the do_package_qa task will run under fakeroot."

 ALL_QA = "${WARN_QA} ${ERROR_QA}"

-UNKNOWN_CONFIGURE_WHITELIST ?= "--enable-nls --disable-nls --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot --disable-static"
+UNKNOWN_CONFIGURE_OPT_IGNORE ?= "--enable-nls --disable-nls --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot --disable-static"

 # This is a list of directories that are expected to be empty.
 QA_EMPTY_DIRS ?= " \
@ -1270,7 +1270,7 @@ Rerun configure task after fixing this."""
            options = set()
            for line in output.splitlines():
                options |= set(line.partition(flag)[2].split())
-            whitelist = set(d.getVar("UNKNOWN_CONFIGURE_WHITELIST").split())
+            whitelist = set(d.getVar("UNKNOWN_CONFIGURE_OPT_IGNORE").split())
            options -= whitelist
            if options:
                pn = d.getVar('PN')
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@ -22,8 +22,8 @@ SDK_INCLUDE_BUILDTOOLS ?= '1'
 SDK_RECRDEP_TASKS ?= ""
 SDK_CUSTOM_TEMPLATECONF ?= "0"

-SDK_LOCAL_CONF_WHITELIST ?= ""
-SDK_LOCAL_CONF_BLACKLIST ?= "CONF_VERSION \
+ESDK_LOCALCONF_ALLOW ?= ""
+ESDK_LOCALCONF_REMOVE ?= "CONF_VERSION \
                             BB_NUMBER_THREADS \
                             BB_NUMBER_PARSE_THREADS \
                             PARALLEL_MAKE \
@ -34,7 +34,7 @@ SDK_LOCAL_CONF_BLACKLIST ?= "CONF_VERSION \
                             TMPDIR \
                             BB_SERVER_TIMEOUT \
                            "
-SDK_INHERIT_BLACKLIST ?= "buildhistory icecc"
+ESDK_CLASS_INHERIT_DISABLE ?= "buildhistory icecc"
 SDK_UPDATE_URL ?= ""

 SDK_TARGETS ?= "${PN}"
@ -294,8 +294,8 @@ python copy_buildsystem () {
    if derivative:
        shutil.copyfile(builddir + '/conf/local.conf', baseoutpath + '/conf/local.conf')
    else:
-        local_conf_whitelist = (d.getVar('SDK_LOCAL_CONF_WHITELIST') or '').split()
-        local_conf_blacklist = (d.getVar('SDK_LOCAL_CONF_BLACKLIST') or '').split()
+        local_conf_whitelist = (d.getVar('ESDK_LOCALCONF_ALLOW') or '').split()
+        local_conf_blacklist = (d.getVar('ESDK_LOCALCONF_REMOVE') or '').split()
        def handle_var(varname, origvalue, op, newlines):
            if varname in local_conf_blacklist or (origvalue.strip().startswith('/') and not varname in local_conf_whitelist):
                newlines.append('# Removed original setting of %s\n' % varname)
@ -338,7 +338,7 @@ python copy_buildsystem () {
            f.write('CONF_VERSION = "%s"\n\n' % d.getVar('CONF_VERSION', False))

            # Some classes are not suitable for SDK, remove them from INHERIT
-            f.write('INHERIT:remove = "%s"\n' % d.getVar('SDK_INHERIT_BLACKLIST', False))
+            f.write('INHERIT:remove = "%s"\n' % d.getVar('ESDK_CLASS_INHERIT_DISABLE', False))

            # Bypass the default connectivity check if any
            f.write('CONNECTIVITY_CHECK_URIS = ""\n\n')
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@ -50,21 +50,21 @@ SSTATE_EXTRAPATH[vardepvalue] = ""
 SSTATE_EXTRAPATHWILDCARD[vardepvalue] = ""

 # For multilib rpm the allarch packagegroup files can overwrite (in theory they're identical)
-SSTATE_DUPWHITELIST = "${DEPLOY_DIR}/licenses/"
+SSTATE_ALLOW_OVERLAP_FILES = "${DEPLOY_DIR}/licenses/"
 # Avoid docbook/sgml catalog warnings for now
-SSTATE_DUPWHITELIST += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/sgml"
+SSTATE_ALLOW_OVERLAP_FILES += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/sgml"
 # sdk-provides-dummy-nativesdk and nativesdk-buildtools-perl-dummy overlap for different SDKMACHINE
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_RPM}/sdk_provides_dummy_nativesdk/ ${DEPLOY_DIR_IPK}/sdk-provides-dummy-nativesdk/"
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_RPM}/buildtools_dummy_nativesdk/ ${DEPLOY_DIR_IPK}/buildtools-dummy-nativesdk/"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_RPM}/sdk_provides_dummy_nativesdk/ ${DEPLOY_DIR_IPK}/sdk-provides-dummy-nativesdk/"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_RPM}/buildtools_dummy_nativesdk/ ${DEPLOY_DIR_IPK}/buildtools-dummy-nativesdk/"
 # target-sdk-provides-dummy overlaps that allarch is disabled when multilib is used
-SSTATE_DUPWHITELIST += "${COMPONENTS_DIR}/sdk-provides-dummy-target/ ${DEPLOY_DIR_RPM}/sdk_provides_dummy_target/ ${DEPLOY_DIR_IPK}/sdk-provides-dummy-target/"
+SSTATE_ALLOW_OVERLAP_FILES += "${COMPONENTS_DIR}/sdk-provides-dummy-target/ ${DEPLOY_DIR_RPM}/sdk_provides_dummy_target/ ${DEPLOY_DIR_IPK}/sdk-provides-dummy-target/"
 # Archive the sources for many architectures in one deploy folder
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_SRC}"
 # ovmf/grub-efi/systemd-boot/intel-microcode multilib recipes can generate identical overlapping files
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/ovmf"
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/grub-efi"
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/systemd-boot"
-SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/microcode"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/ovmf"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/grub-efi"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/systemd-boot"
+SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/microcode"

 SSTATE_SCAN_FILES ?= "*.la *-config *_config postinst-*"
 SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f'
@ -260,7 +260,7 @@ def sstate_install(ss, d):
                shareddirs.append(dstdir)

    # Check the file list for conflicts against files which already exist
-    whitelist = (d.getVar("SSTATE_DUPWHITELIST") or "").split()
+    whitelist = (d.getVar("SSTATE_ALLOW_OVERLAP_FILES") or "").split()
    match = []
    for f in sharedfiles:
        if os.path.exists(f) and not os.path.islink(f):
@ -296,7 +296,7 @@ def sstate_install(ss, d):
          "DISTRO_FEATURES on an existing build directory is not supported - you " \
          "should really clean out tmp and rebuild (reusing sstate should be safe). " \
          "It could be the overlapping files detected are harmless in which case " \
-          "adding them to SSTATE_DUPWHITELIST may be the correct solution. It could " \
+          "adding them to SSTATE_ALLOW_OVERLAP_FILES may be the correct solution. It could " \
          "also be your build is including two different conflicting versions of " \
          "things (e.g. bluez 4 and bluez 5 and the correct solution for that would " \
          "be to resolve the conflict. If in doubt, please ask on the mailing list, " \
@ -350,7 +350,7 @@ def sstate_install(ss, d):
    for lock in locks:
        bb.utils.unlockfile(lock)

-sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX"
+sstate_install[vardepsexclude] += "SSTATE_ALLOW_OVERLAP_FILES STATE_MANMACH SSTATE_MANFILEPREFIX"
 sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}"

 def sstate_installpkg(ss, d):
--- a/meta/classes/staging.bbclass
+++ b/meta/classes/staging.bbclass
@ -24,7 +24,7 @@ SYSROOT_DIRS:append:class-cross = " ${SYSROOT_DIRS_NATIVE}"
 SYSROOT_DIRS:append:class-crosssdk = " ${SYSROOT_DIRS_NATIVE}"

 # These directories will not be staged in the sysroot
-SYSROOT_DIRS_BLACKLIST = " \
+SYSROOT_DIRS_IGNORE = " \
    ${mandir} \
    ${docdir} \
    ${infodir} \
@ -65,7 +65,7 @@ sysroot_stage_dirs() {
 	done

 	# Remove directories we do not care about
-	for dir in ${SYSROOT_DIRS_BLACKLIST}; do
+	for dir in ${SYSROOT_DIRS_IGNORE}; do
 		rm -rf "$to$dir"
 	done
 }
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@ -19,7 +19,7 @@
 # strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
 # CVE is more than 20 years old with no resolution evident
 # broken links in CVE database references make resolution impractical
-CVE_CHECK_WHITELIST += "CVE-2000-0006"
+CVE_CHECK_IGNORE += "CVE-2000-0006"

 # epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
 # The issue here is spoofing of domain names using characters from other character sets.
@ -28,26 +28,26 @@ CVE_CHECK_WHITELIST += "CVE-2000-0006"
 # there is unlikely ever to be a single fix to webkit or epiphany which addresses this
 # problem. Whitelisted as there isn't any mitigation or fix or way to progress this further
 # we can seem to take.
-CVE_CHECK_WHITELIST += "CVE-2005-0238"
+CVE_CHECK_IGNORE += "CVE-2005-0238"

 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
 # Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
 # Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
 # Upstream don't see it as a security issue, ftp servers shouldn't be passing
 # this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
-CVE_CHECK_WHITELIST += "CVE-2010-4756"
+CVE_CHECK_IGNORE += "CVE-2010-4756"

 # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
 # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
 # The encoding/xml package in go can potentially be used for security exploits if not used correctly
 # CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
 # exposing this interface in an exploitable way
-CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
+CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"

 # db
 # Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
 # supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
-CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
 CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
 CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
 CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
@ -58,7 +58,7 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
 # groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
 # Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
 # so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
-#CVE_CHECK_WHITELIST += "CVE-2000-0803"
+#CVE_CHECK_IGNORE += "CVE-2000-0803"



--- a/meta/lib/oeqa/selftest/cases/eSDK.py
+++ b/meta/lib/oeqa/selftest/cases/eSDK.py
@ -63,7 +63,7 @@ class oeSDKExtSelfTest(OESelftestTestCase):
        cls.env_eSDK = oeSDKExtSelfTest.get_esdk_environment('', cls.tmpdir_eSDKQA)

        sstate_config="""
-SDK_LOCAL_CONF_WHITELIST = "SSTATE_MIRRORS"
+ESDK_LOCALCONF_ALLOW = "SSTATE_MIRRORS"
 SSTATE_MIRRORS =  "file://.* file://%s/PATH"
 CORE_IMAGE_EXTRA_INSTALL = "perl"
        """ % sstate_dir
@ -91,7 +91,7 @@ CORE_IMAGE_EXTRA_INSTALL = "perl"

        # Configure eSDK to use sstate mirror from poky
        sstate_config="""
-SDK_LOCAL_CONF_WHITELIST = "SSTATE_MIRRORS"
+ESDK_LOCALCONF_ALLOW = "SSTATE_MIRRORS"
 SSTATE_MIRRORS =  "file://.* file://%s/PATH"
            """ % bb_vars["SSTATE_DIR"]
        with open(os.path.join(cls.tmpdir_eSDKQA, 'conf', 'local.conf'), 'a+') as f:
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@ -27,7 +27,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"

 # Applies only to RHEL
-CVE_CHECK_WHITELIST += "CVE-2019-14865"
+CVE_CHECK_IGNORE += "CVE-2019-14865"

 DEPENDS = "flex-native bison-native gettext-native"

--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@ -33,7 +33,7 @@ SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
 SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"

 # Issue only affects Debian/SUSE, not us
-CVE_CHECK_WHITELIST += "CVE-2021-26720"
+CVE_CHECK_IGNORE += "CVE-2021-26720"

 DEPENDS = "expat libcap libdaemon glib-2.0"

--- a/meta/recipes-connectivity/bind/bind_9.16.25.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.25.bb
@ -28,7 +28,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/"

 # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
 # so the issue doesn't affect us.
-CVE_CHECK_WHITELIST += "CVE-2019-6470"
+CVE_CHECK_IGNORE += "CVE-2019-6470"

 inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives

--- a/meta/recipes-connectivity/bluez5/bluez5_5.63.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.63.bb
@ -3,7 +3,7 @@ require bluez5.inc
 SRC_URI[sha256sum] = "9349e11e8160bb3d720835d271250d8a7424d3690f5289e6db6fe07cc66c6d76"

 # These issues have kernel fixes rather than bluez fixes so exclude here
-CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490"
+CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490"

 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
--- a/meta/recipes-connectivity/openssh/openssh_8.8p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.8p1.bb
@ -28,14 +28,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
 SRC_URI[sha256sum] = "4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9"

 # This CVE is specific to OpenSSH with the pam opie which we don't build/use here
-CVE_CHECK_WHITELIST += "CVE-2007-2768"
+CVE_CHECK_IGNORE += "CVE-2007-2768"

 # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
-CVE_CHECK_WHITELIST += "CVE-2014-9278"
+CVE_CHECK_IGNORE += "CVE-2014-9278"

 # CVE only applies to some distributed RHEL binaries
-CVE_CHECK_WHITELIST += "CVE-2008-3844"
+CVE_CHECK_IGNORE += "CVE-2008-3844"

 PAM_SRC_URI = "file://sshd"

--- a/meta/recipes-connectivity/openssl/openssl_3.0.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.1.bb
@ -255,4 +255,4 @@ CVE_VERSION_SUFFIX = "alphabetical"

 # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
 # Apache in meta-webserver is already recent enough
-CVE_CHECK_WHITELIST += "CVE-2019-0190"
+CVE_CHECK_IGNORE += "CVE-2019-0190"
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@ -26,7 +26,7 @@ SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b

 # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
 # runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
-CVE_CHECK_WHITELIST += "CVE-2016-2781"
+CVE_CHECK_IGNORE += "CVE-2016-2781"

 EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
 EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname"
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@ -1,20 +1,20 @@
 require glibc.inc
 require glibc-version.inc

-CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2021-27645"
+CVE_CHECK_IGNORE += "CVE-2020-10029 CVE-2021-27645"

 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
 # Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
 # "this is being treated as a non-security bug and no real threat."
-CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"

 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
 # Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
 # easier access for another. "ASLR bypass itself is not a vulnerability."
 # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
-CVE_CHECK_WHITELIST += "CVE-2019-1010025"
+CVE_CHECK_IGNORE += "CVE-2019-1010025"

 DEPENDS += "gperf-native bison-native make-native"

--- a/meta/recipes-core/meta/target-sdk-provides-dummy.bb
+++ b/meta/recipes-core/meta/target-sdk-provides-dummy.bb
@ -58,4 +58,4 @@ DUMMYPROVIDES = "\

 require dummy-sdk-package.inc

-SSTATE_DUPWHITELIST += "${PKGDATA_DIR}/${PN} ${PKGDATA_DIR}/runtime/${PN}"
+SSTATE_ALLOW_OVERLAP_FILES += "${PKGDATA_DIR}/${PN} ${PKGDATA_DIR}/runtime/${PN}"
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@ -27,4 +27,4 @@ UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"

 # This is specific to the npm package that installs cmake, so isn't
 # relevant to OpenEmbedded
-CVE_CHECK_WHITELIST += "CVE-2016-10642"
+CVE_CHECK_IGNORE += "CVE-2016-10642"
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@ -31,7 +31,7 @@ UPSTREAM_CHECK_REGEX = "flex-(?P<pver>\d+(\.\d+)+)\.tar"
 # Disputed - yes there is stack exhaustion but no bug and it is building the
 # parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
 # https://github.com/westes/flex/issues/414
-CVE_CHECK_WHITELIST += "CVE-2019-6293"
+CVE_CHECK_IGNORE += "CVE-2019-6293"

 inherit autotools gettext texinfo ptest

--- a/meta/recipes-devtools/gcc/gcc-11.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.2.inc
@ -119,4 +119,4 @@ EXTRA_OECONF_PATHS = "\
 "

 # Is a binutils 2.26 issue, not gcc
-CVE_CHECK_WHITELIST += "CVE-2021-37322"
+CVE_CHECK_IGNORE += "CVE-2021-37322"
--- a/meta/recipes-devtools/gcc/gcc-target.inc
+++ b/meta/recipes-devtools/gcc/gcc-target.inc
@ -256,4 +256,4 @@ do_install:append () {
 # and builds track file dependencies (e.g. perl and its makedepends code).
 # For determinism we don't install this ever and rely on the copy from gcc-cross.
 # [YOCTO #7287]
-SYSROOT_DIRS_BLACKLIST += "${libdir}/gcc"
+SYSROOT_DIRS_IGNORE += "${libdir}/gcc"
--- a/meta/recipes-devtools/gdb/gdb-cross-canadian.inc
+++ b/meta/recipes-devtools/gdb/gdb-cross-canadian.inc
@ -20,7 +20,7 @@ PACKAGECONFIG[python] = "--with-python=${WORKDIR}/python,--without-python,native
 PACKAGECONFIG[readline] = "--with-system-readline,--without-system-readline,nativesdk-readline"
 PACKAGECONFIG[debuginfod] = "--with-debuginfod, --without-debuginfod, nativesdk-elfutils"

-SSTATE_DUPWHITELIST += "${STAGING_DATADIR}/gdb"
+SSTATE_ALLOW_OVERLAP_FILES += "${STAGING_DATADIR}/gdb"

 do_configure:prepend() {
 cat > ${WORKDIR}/python << EOF
--- a/meta/recipes-devtools/go/go-1.17.7.inc
+++ b/meta/recipes-devtools/go/go-1.17.7.inc
@ -22,4 +22,4 @@ SRC_URI[main.sha256sum] = "c108cd33b73b1911a02b697741df3dea43e01a5c4e08e409e8b3a
 # Upstream don't believe it is a signifiant real world issue and will only
 # fix in 1.17 onwards where we can drop this.
 # https://github.com/golang/go/issues/30999#issuecomment-910470358
-CVE_CHECK_WHITELIST += "CVE-2021-29923"
+CVE_CHECK_IGNORE += "CVE-2021-29923"
--- a/meta/recipes-devtools/jquery/jquery_3.6.0.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.6.0.bb
@ -22,7 +22,7 @@ UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
 # https://github.com/jquery/jquery/issues/3927
 # There are ways jquery can expose security issues but any issues are in the apps exposing them
 # and there is little we can directly do
-CVE_CHECK_WHITELIST += "CVE-2007-2379"
+CVE_CHECK_IGNORE += "CVE-2007-2379"

 inherit allarch

--- a/meta/recipes-devtools/libtool/libtool_2.4.6.bb
+++ b/meta/recipes-devtools/libtool/libtool_2.4.6.bb
@ -7,7 +7,7 @@ RDEPENDS:${PN} += "bash"
 #
 # We want the results of libtool-cross preserved - don't stage anything ourselves.
 #
-SYSROOT_DIRS_BLACKLIST += " \
+SYSROOT_DIRS_IGNORE += " \
    ${bindir} \
    ${datadir}/aclocal \
    ${datadir}/libtool/build-aux \
--- a/meta/recipes-devtools/python/python3_3.10.2.bb
+++ b/meta/recipes-devtools/python/python3_3.10.2.bb
@ -49,12 +49,12 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
 CVE_PRODUCT = "python"

 # Upstream consider this expected behaviour
-CVE_CHECK_WHITELIST += "CVE-2007-4559"
+CVE_CHECK_IGNORE += "CVE-2007-4559"
 # This is not exploitable when glibc has CVE-2016-10739 fixed.
-CVE_CHECK_WHITELIST += "CVE-2019-18348"
+CVE_CHECK_IGNORE += "CVE-2019-18348"

 # This is windows only issue.
-CVE_CHECK_WHITELIST += "CVE-2020-15523"
+CVE_CHECK_IGNORE += "CVE-2020-15523"

 PYTHON_MAJMIN = "3.10"

--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@ -36,15 +36,15 @@ SRC_URI:append:class-target = " file://cross.patch"
 SRC_URI:append:class-nativesdk = " file://cross.patch"

 # Applies against virglrender < 0.6.0 and not qemu itself
-CVE_CHECK_WHITELIST += "CVE-2017-5957"
+CVE_CHECK_IGNORE += "CVE-2017-5957"

 # The VNC server can expose host files uder some circumstances. We don't
 # enable it by default.
-CVE_CHECK_WHITELIST += "CVE-2007-0998"
+CVE_CHECK_IGNORE += "CVE-2007-0998"

 # 'The issues identified by this CVE were determined to not constitute a vulnerability.'
 # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
-CVE_CHECK_WHITELIST += "CVE-2018-18438"
+CVE_CHECK_IGNORE += "CVE-2018-18438"

 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
--- a/meta/recipes-devtools/rsync/rsync_3.2.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.3.bb
@ -20,7 +20,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
 SRC_URI[sha256sum] = "becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e"

 # -16548 required for v3.1.3pre1. Already in v3.1.3.
-CVE_CHECK_WHITELIST += " CVE-2017-16548 "
+CVE_CHECK_IGNORE += " CVE-2017-16548 "

 inherit autotools-brokensep

--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@ -31,7 +31,7 @@ SRC_URI:class-native = "${BASE_SRC_URI}"

 # Upstream don't believe this is an exploitable issue
 # https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
-CVE_CHECK_WHITELIST += "CVE-2021-35331"
+CVE_CHECK_IGNORE += "CVE-2021-35331"

 UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"

--- a/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/meta/recipes-extended/cpio/cpio_2.13.bb
@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8
 inherit autotools gettext texinfo

 # Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
-CVE_CHECK_WHITELIST += "CVE-2010-4226"
+CVE_CHECK_IGNORE += "CVE-2010-4226"

 EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"

--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@ -21,11 +21,11 @@ UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
 UPSTREAM_CHECK_REGEX = "cups-(?P<pver>(?!.+\d(b|rc)\d.+).+)-source.tar"

 # Issue only applies to MacOS
-CVE_CHECK_WHITELIST += "CVE-2008-1033"
+CVE_CHECK_IGNORE += "CVE-2008-1033"
 # Issue affects pdfdistiller plugin used with but not part of cups
-CVE_CHECK_WHITELIST += "CVE-2009-0032"
+CVE_CHECK_IGNORE += "CVE-2009-0032"
 # This is an Ubuntu only issue.
-CVE_CHECK_WHITELIST += "CVE-2018-6553"
+CVE_CHECK_IGNORE += "CVE-2018-6553"

 LEAD_SONAME = "libcupsdriver.so"

@ -117,4 +117,4 @@ cups_sysroot_preprocess () {

 # -25317 concerns /var/log/cups having lp ownership.  Our /var/log/cups is
 # root:root, so this doesn't apply.
-CVE_CHECK_WHITELIST += "CVE-2021-25317"
+CVE_CHECK_IGNORE += "CVE-2021-25317"
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@ -21,7 +21,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"

 # As of ghostscript 9.54.0 the jpeg issue in the CVE is present in the gs jpeg sources
 # however we use an external jpeg which doesn't have the issue.
-CVE_CHECK_WHITELIST += "CVE-2013-6629"
+CVE_CHECK_IGNORE += "CVE-2013-6629"

 def gs_verdir(v):
    return "".join(v.split("."))
--- a/meta/recipes-extended/iputils/iputils_20211215.bb
+++ b/meta/recipes-extended/iputils/iputils_20211215.bb
@ -21,7 +21,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)"

 # Fixed in 2000-10-10, but the versioning of iputils
 # breaks the version order.
-CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
+CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"

 PACKAGECONFIG ??= "libcap rarpd \
                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod', '', d)} \
--- a/meta/recipes-extended/logrotate/logrotate_3.19.0.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.19.0.bb
@ -18,7 +18,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz
 SRC_URI[sha256sum] = "ddd5274d684c5c99ca724e8069329f343ebe376e07493d537d9effdc501214ba"

 # These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used
-CVE_CHECK_WHITELIST += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"

 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}"

--- a/meta/recipes-extended/procps/procps_3.3.17.bb
+++ b/meta/recipes-extended/procps/procps_3.3.17.bb
@ -75,7 +75,7 @@ python __anonymous() {

 # 'ps' isn't suitable for use as a security tool so whitelist this CVE.
 # https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
-CVE_CHECK_WHITELIST += "CVE-2018-1121"
+CVE_CHECK_IGNORE += "CVE-2018-1121"

 PROCPS_PACKAGES = "${PN}-lib \
                   ${PN}-ps \
--- a/meta/recipes-extended/shadow/shadow_4.11.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.11.1.bb
@ -8,4 +8,4 @@ BBCLASSEXTEND = "native nativesdk"

 # Severity is low and marked as closed and won't fix.
 # https://bugzilla.redhat.com/show_bug.cgi?id=884658
-CVE_CHECK_WHITELIST += "CVE-2013-4235"
+CVE_CHECK_IGNORE += "CVE-2013-4235"
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@ -34,7 +34,7 @@ SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
 SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"

 # Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
-CVE_CHECK_WHITELIST += "CVE-2008-0888"
+CVE_CHECK_IGNORE += "CVE-2008-0888"

 # exclude version 5.5.2 which triggers a false positive
 UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@ -18,7 +18,7 @@ SRCREV = "6a4af7786630ce48747d9687e2f18f45ea6684c4"
 S = "${WORKDIR}/git"

 # https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision
-CVE_CHECK_WHITELIST += "CVE-2013-4342"
+CVE_CHECK_IGNORE += "CVE-2013-4342"

 inherit autotools update-rc.d systemd pkgconfig

--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@ -21,10 +21,10 @@ SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
 SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"

 # Disputed and also Debian doesn't consider a vulnerability
-CVE_CHECK_WHITELIST += "CVE-2018-13410"
+CVE_CHECK_IGNORE += "CVE-2018-13410"

 # Not for zip but for smart contract implementation for it
-CVE_CHECK_WHITELIST += "CVE-2018-13684"
+CVE_CHECK_IGNORE += "CVE-2018-13684"

 # zip.inc sets CFLAGS, but what Makefile actually uses is
 # CFLAGS_NOOPT.  It will also force -O3 optimization, overriding
--- a/meta/recipes-gnome/libnotify/libnotify_0.7.9.bb
+++ b/meta/recipes-gnome/libnotify/libnotify_0.7.9.bb
@ -35,4 +35,4 @@ RCONFLICTS:${PN} += "libnotify3"
 RREPLACES:${PN} += "libnotify3"

 # -7381 is specific to the NodeJS bindings
-CVE_CHECK_WHITELIST += "CVE-2013-7381"
+CVE_CHECK_IGNORE += "CVE-2013-7381"
--- a/meta/recipes-gnome/librsvg/librsvg_2.52.5.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.52.5.bb
@ -51,7 +51,7 @@ do_compile:prepend() {
 }

 # Issue only on windows
-CVE_CHECK_WHITELIST += "CVE-2018-1000041"
+CVE_CHECK_IGNORE += "CVE-2018-1000041"

 CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"

--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@ -30,4 +30,4 @@ do_install () {
 }

 # -4178 is an unrelated 'builder'
-CVE_CHECK_WHITELIST = "CVE-2008-4178"
+CVE_CHECK_IGNORE = "CVE-2008-4178"
--- a/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb
+++ b/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb
@ -19,4 +19,4 @@ BBCLASSEXTEND = "native"
 SRC_URI[md5sum] = "3d6adb76fdd072db8c8fae41b40855e8"
 SRC_URI[sha256sum] = "3ad880444123ac06a7238546fa38a2a6ad7f7e0cc3614de7e103863616522282"

-SYSROOT_DIRS_BLACKLIST:remove = "${datadir}/fonts"
+SYSROOT_DIRS_IGNORE:remove = "${datadir}/fonts"
--- a/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc
+++ b/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc
@ -18,7 +18,7 @@ EXTRA_OECONF = "--disable-specs --without-groff --without-ps2pdf --without-fop"
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[xmlto] = "--with-xmlto, --without-xmlto, xmlto-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native"

-UNKNOWN_CONFIGURE_WHITELIST += "--enable-malloc0returnsnull --disable-malloc0returnsnull \
+UNKNOWN_CONFIGURE_OPT_IGNORE += "--enable-malloc0returnsnull --disable-malloc0returnsnull \
                                --disable-specs --without-groff --without-ps2pdf --without-fop \
                                --without-xmlto --with-xmlto \
 "
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@ -21,13 +21,13 @@ UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"

 CVE_PRODUCT = "xorg-server x_server"
 # This is specific to Debian's xserver-wrapper.c
-CVE_CHECK_WHITELIST += "CVE-2011-4613"
+CVE_CHECK_IGNORE += "CVE-2011-4613"
 # As per upstream, exploiting this flaw is non-trivial and it requires exact
 # timing on the behalf of the attacker. Many graphical applications exit if their
 # connection to the X server is lost, so a typical desktop session is either
 # impossible or difficult to exploit. There is currently no upstream patch
 # available for this flaw.
-CVE_CHECK_WHITELIST += "CVE-2020-25697"
+CVE_CHECK_IGNORE += "CVE-2020-25697"

 S = "${WORKDIR}/${XORG_PN}-${PV}"

--- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@ -32,4 +32,4 @@ FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
 BBCLASSEXTEND = "native nativesdk"

 # CVE-2019-17371 is actually a memory leak in gif2png 2.x
-CVE_CHECK_WHITELIST += "CVE-2019-17371"
+CVE_CHECK_IGNORE += "CVE-2019-17371"
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@ -43,4 +43,4 @@ do_install:append() {

 # This can't be replicated and is just a memory leak.
 # https://github.com/erikd/libsndfile/issues/398
-CVE_CHECK_WHITELIST += "CVE-2018-13419"
+CVE_CHECK_IGNORE += "CVE-2018-13419"
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@ -20,7 +20,7 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"

 # Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
 # and 4.3.0 doesn't have the issue
-CVE_CHECK_WHITELIST += "CVE-2015-7313"
+CVE_CHECK_IGNORE += "CVE-2015-7313"

 inherit autotools multilib_header

--- a/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
@ -30,7 +30,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
 SRC_URI[sha256sum] = "ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7"

 # Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
-CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438"

 BINCONFIG = "${bindir}/libgcrypt-config"

--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.3.bb
@ -20,7 +20,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 S = "${WORKDIR}/git"

 # Fixed in r118, which is larger than the current version.
-CVE_CHECK_WHITELIST += "CVE-2014-4715"
+CVE_CHECK_IGNORE += "CVE-2014-4715"

 EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"

--- a/meta/recipes-support/sqlite/sqlite3_3.37.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.37.2.bb
@ -7,8 +7,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz"
 SRC_URI[sha256sum] = "4089a8d9b467537b3f246f217b84cd76e00b1d1a971fe5aca1e30e230e46b2d8"

 # -19242 is only an issue in specific development branch commits
-CVE_CHECK_WHITELIST += "CVE-2019-19242"
+CVE_CHECK_IGNORE += "CVE-2019-19242"
 # This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
-CVE_CHECK_WHITELIST += "CVE-2015-3717"
+CVE_CHECK_IGNORE += "CVE-2015-3717"
 # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
-CVE_CHECK_WHITELIST += "CVE-2021-36690"
+CVE_CHECK_IGNORE += "CVE-2021-36690"