The recipe inherits the ptest class, however installs no tests nor
run-ptest script.
This change rectifies this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original content of the ptest package, manette-test, is a helper demo
application (like evtest), and not a test suite. Also, the recipe did not
provide a run-ptest script.
Fix it by installing the actual tests, and adding a run-ptest script.
Note that the test folder structure looks like a gnome desktop test suite
(and the application is under the gnome umbrella), however the project
doesn't provide all necessary scaffolding for gnome-desktop-test to work, so
the tests are executed directly from the run-ptest script.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Some files are not installed with the testsuite, making it fail.
Both of these were fixed upstream, however only one patch applies cleanly.
The other is fixed with a single "install" command.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The test cases in jemalloc require the appropriate value to be exported
to MALLOC_CONF, which is stored in shell scripts.
The privious script just ran the test cases without exporting value, causing
the tests to fail.
Include the missing shell scripts, and source them before running the test
cases now.
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b3274b4e90)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
All the ptest cases are failed since error "+++ Can't Determine Endianness",
update the regex for matching the endianness to fix this issue.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6de9b46cc7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The run-ptest script was trying to call test_align executable, which
doesn't exist (anymore?).
Instead align more to master branch, and execute the selftests themselves.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe has inherited the ptest class, however it did not install
not execute any tests.
This change installs the tests and add a script to execute them.
The tests are quick, execution takes single digit seconds.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe has inherited the ptest class, however it did not install
not execute any tests.
This change installs the tests and add a script to execute them.
The tests are quick, execution takes single digit seconds.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe inherits the ptest class, however it doesn't install
the actual tests, nor executes them.
This change installs the tests, and add a run-ptest script to
execute them also.
The tests are fairly quick, it takes single digit seconds on my
machine to execute.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Poppler ia a library for rendering PDF files, and examining or
modifying their structure. A use-after-free (write) vulnerability
has been detected in versions Poppler prior to 25.10.0 within the
StructTreeRoot class. The issue arises from the use of raw pointers
to elements of a `std::vector`, which can lead to dangling pointers
when the vector is resized. The vulnerability stems from the way that
refToParentMap stores references to `std::vector` elements using raw
pointers. These pointers may become invalid when the vector is resized.
This vulnerability is a common security problem involving the use of
raw pointers to `std::vectors`. Internally, `std::vector `stores its
elements in a dynamically allocated array. When the array reaches its
capacity and a new element is added, the vector reallocates a larger
block of memory and moves all the existing elements to the new location.
At this point if any pointers to elements are stored before a resize
occurs, they become dangling pointers once the reallocation happens.
Version 25.10.0 contains a patch for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-52885
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8d45d9093)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aedf74e082)
Reworked for Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE))
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Within tcpreplay's tcprewrite, a double free vulnerability has been identified
in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c.
This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly
invokes the cleanup routine multiple times on the same memory region.
By supplying a specifically crafted pcap file to the tcprewrite binary,
a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2.
The impacted element is the function untrunc_packet of the file
src/tcpedit/edit_packet.c of the component tcprewrite. Executing
manipulation can lead to use after free. It is possible to launch
the attack on the local host. The exploit has been publicly disclosed
and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da.
Applying a patch is advised to resolve this issue.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Khem Raj
Wentao Zhang
Changqing Li
Vijay Anusuri
Yogita Urade
Praveen Kumar
Saravanan
Peter Marko
Ninette Adhikari
Soumya Sambu
Rajeshkumar Ramasamy
virendra thakur
Archana Polampalli
Sana Kazi