Similar to a previous patch, the CVE-2025-68131 patch
contained some more indentation errors, in the tests.
Also, the backported tests were inserted between an
existing test and its parameters - a new patch corrects
that.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case the test fails to even start executing, and there is no
output on stdout, there are no logs stored of the test run, so
the test log parser will not report a failure.
Also, since the run-ptest command is a piped script, by default
the last command's return code is set as the exit code, which
is always 0.
To report the result correctly return the test executions's
return code as the exit code (instead of the last command in the
pipe), and redirect the error output to standard out, to create
a logfile that can be parsed after the execution.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The patch for CVE-2025-68131 does not actually match https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0
Specifically, the indenting in decode_from_bytes
This is causing an error in trusted-firmware-m of
| Traceback (most recent call last):
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/tfm/bl2/ext/mcuboot/scripts/wrapper/wrapper.py", line 21, in <module>
| import imgtool.main
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/main.py", line 25, in <module>
| from imgtool import image, imgtool_version
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/image.py", line 24, in <module>
| from .boot_record import create_sw_component_data
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/boot_record.py", line 21, in <module>
| from cbor2 import dumps
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/__init__.py", line 1, in <module>
| from .decoder import load, loads, CBORDecoder # noqa
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/decoder.py", line 215
| with BytesIO(buf) as fp:
| ^
| IndentationError: expected an indented block after 'with' statement on line 214
Indenting to match the original patch fixes this.
Also, because this version of cbor2 is older, it doesn't include commit
53e21063ed1d72ac8f911044dd598a7f9ef72406, which adds 'Any' to encode.py
Because that is missing, we see the following error:
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/__init__.py", line 2, in <module>
| from .encoder import dump, dumps, CBOREncoder, shareable_encoder # noqa
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/encoder.py", line 68, in <module>
| class CBOREncoder:
| File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/encoder.py", line 266, in CBOREncoder
| def _encode_value(self, obj: Any) -> None:
To get around this issue, remove the "Any" from the encoder.py. The
logic behind this (instead of importing typing) is that this is the only
instance, and since this is not something that will be updated
frequently with patches from upstream.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Jon Mason
Hitendra Prajapati
Zang Ruochen