Add ptest support for inotify-tools by introducing a run-ptest script.
The ptest verifies the correct functioning of inotify event handling
and related utilities.
Test coverage includes:
- File creation, modification, and deletion event monitoring
- Event handling and command-line option parsing
- Basic consistency and behavior of inotify event queues
The ptest completes in under 20 seconds
output:
root@qemux86-64:~# ptest-runner inotify-tools
START: ptest-runner
BEGIN: /usr/lib/inotify-tools/ptest
If you want to do a malloc trace, set MALLOC_TRACE to a path for logging.
event_to_str: test begin
event_to_str: test end
event_to_str_sep: test begin
event_to_str_sep: test end
str_to_event: test begin
str_to_event: test end
str_to_event_sep: test begin
str_to_event_sep: test end
basic_watch_info: test begin
basic_watch_info: test end
watch_limit: test begin
watch_limit: Warning, this test may take a while
watch_limit: test end
tst_inotifytools_snprintf: test begin
tst_inotifytools_snprintf: test end
Out of 362746 tests, 362746 succeeded and 0 failed.
All tests passed successfully.
DURATION: 16
END: /usr/lib/inotify-tools/ptest
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Verified that enabling ptest does not modify existing package contents
for inotify-tools
Signed-off-by: Nikhil R <nikhil.r@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Pick patches according to oe-core patch for this CVE in wpa-supplicant.
Leave out commit which patched only files not present in hostapd.
Note that Debian just picked the last commit (actually fixing the CVE)
and removed not-applicable parts, but it is probably better to be
consistent with oe-core status.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Pick patches as listed in NVD CVE report.
Note that Debian lists one of the patches as introducing the
vulnerability. This is against what the original report [1] says.
Also the commit messages provide hints that the first patch fixes this
issue and second is fixing problem with the first patch.
[1] https://jvn.jp/en/jp/JVN19358384/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The previous version installed the examples as ptests, not the actual tests.
This change compiles the tests on the build machine, install them, and execute
them on the target machine.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
1. Fix tests that output colored text but try to verify uncolored text - filter the
output through "tee" to remove coloring.
2. Add missing dependency
3. Fix a test that fails when C.utf-8 locale is not available on the machine (patch submitted upstream)
4. Enable network connection by setting a nameserver in resolv.conf
While execution is possible, it still requires both ostree and busybox to be compiled statically.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
1. Add a patch to fix an incorrect and failing test
2. Add missing dependencies and test files
3. Enable network in run-ptest script by adding a nameserver
4. Start mongodb from run-ptest script, if it wouldn't be running.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Though tzdata is present in almost all images, some of them are lacking it:
most notably minimal ptest images. mongodb relies on tzdata, otherwise it
doesn't even start up. To ensure that mongodb can be started up
successfully, explicitly add tzdata to its dependencies.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The version don't match and only the Jenkins plugin is affected.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 524acf0542)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE))
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Vulnerability in the MySQL Client product of Oracle MySQL (component:
Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41,
8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Client. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all MySQL Client
accessible data as well as unauthorized update, insert or delete access to
some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality
and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-30722
Upstream-patch:
https://github.com/MariaDB/server/commit/6aa860be27480db134a3c71065b9b47d15b72674
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This removes false positive CVE-2024-21485 from cve reports.
$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<
Our dash:dash did not reach major version 1 yet.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The vendored argon library comes with Apache-2.0 or CC0
license, which hasn't been indicated in the license variable.
This change fixes this.
Reported-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The run-ptest script had incorrect output: instead of PASS/FAIL, it
is outputting OK/FAILED - that cannot be interpreted by the logparser.
This patch sets the correct run-ptest output.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Setting the RDEPENDS with "=" erased the base dependencies
(notably ${PN} itself) from the list, making the tests fail, unless
the dependencies were installed explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe inherits the ptest class, however installs no tests nor
run-ptest script.
This change rectifies this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original content of the ptest package, manette-test, is a helper demo
application (like evtest), and not a test suite. Also, the recipe did not
provide a run-ptest script.
Fix it by installing the actual tests, and adding a run-ptest script.
Note that the test folder structure looks like a gnome desktop test suite
(and the application is under the gnome umbrella), however the project
doesn't provide all necessary scaffolding for gnome-desktop-test to work, so
the tests are executed directly from the run-ptest script.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Some files are not installed with the testsuite, making it fail.
Both of these were fixed upstream, however only one patch applies cleanly.
The other is fixed with a single "install" command.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The test cases in jemalloc require the appropriate value to be exported
to MALLOC_CONF, which is stored in shell scripts.
The privious script just ran the test cases without exporting value, causing
the tests to fail.
Include the missing shell scripts, and source them before running the test
cases now.
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b3274b4e90)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
All the ptest cases are failed since error "+++ Can't Determine Endianness",
update the regex for matching the endianness to fix this issue.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6de9b46cc7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The run-ptest script was trying to call test_align executable, which
doesn't exist (anymore?).
Instead align more to master branch, and execute the selftests themselves.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe has inherited the ptest class, however it did not install
not execute any tests.
This change installs the tests and add a script to execute them.
The tests are quick, execution takes single digit seconds.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe has inherited the ptest class, however it did not install
not execute any tests.
This change installs the tests and add a script to execute them.
The tests are quick, execution takes single digit seconds.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe inherits the ptest class, however it doesn't install
the actual tests, nor executes them.
This change installs the tests, and add a run-ptest script to
execute them also.
The tests are fairly quick, it takes single digit seconds on my
machine to execute.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Poppler ia a library for rendering PDF files, and examining or
modifying their structure. A use-after-free (write) vulnerability
has been detected in versions Poppler prior to 25.10.0 within the
StructTreeRoot class. The issue arises from the use of raw pointers
to elements of a `std::vector`, which can lead to dangling pointers
when the vector is resized. The vulnerability stems from the way that
refToParentMap stores references to `std::vector` elements using raw
pointers. These pointers may become invalid when the vector is resized.
This vulnerability is a common security problem involving the use of
raw pointers to `std::vectors`. Internally, `std::vector `stores its
elements in a dynamically allocated array. When the array reaches its
capacity and a new element is added, the vector reallocates a larger
block of memory and moves all the existing elements to the new location.
At this point if any pointers to elements are stored before a resize
occurs, they become dangling pointers once the reallocation happens.
Version 25.10.0 contains a patch for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-52885
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Nikhil R
Peter Marko
Gyorgy Sarvari
Zhang Peng
Ninette Adhikari
Divya Chellam
Praveen Kumar
Khem Raj
Wentao Zhang
Changqing Li
Vijay Anusuri
Yogita Urade
Saravanan