| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44225
Pick patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-52949
Pick the commit that mentions the CVE in its description.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The version don't match and only the Jenkins plugin is affected.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 524acf0542cafed3f5e82cd94291a653f6cf86e1)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE))
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in
SRC_URI.
Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2.
This can be verified by checking the debian/changelog within this patch
or diffing [1] and [2] and verifying that this can be reverse-applied.
[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz
[2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9fff0040f1694b09c6c68cf59615f42d801d62f5)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-6498
The used revision already contains the fix.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current version 46.0 is not affected by the issues.
Both issues have been fixed in commit [0].
The fix is in effect since early versions of evince (3.1.2).
Thus, both can be safely ignored.
[0]: https://gitlab.gnome.org/GNOME/evince/-/commit/efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 492b1b1adc1c546efd10b659d220a810736cc04a)
Reworked for Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31873
Pick the patch mentioned by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31872
Pick the patch mentioned by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31871
Pick the patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31870
Pick patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability in the MySQL Client product of Oracle MySQL (component:
Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41,
8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Client. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all MySQL Client
accessible data as well as unauthorized update, insert or delete access to
some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality
and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-30722
Upstream-patch:
https://github.com/MariaDB/server/commit/6aa860be27480db134a3c71065b9b47d15b72674
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the
function run_jq_tests of the file jq_test.c of the component JSON Parser.
Executing manipulation can lead to reachable assertion. The attack
requires local access. The exploit has been publicly disclosed and may be
utilized. Other versions might be affected as well.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9403
Upstream-patch:
https://github.com/jqlang/jq/commit/a4d9d540103ff9a262e304329c277ec89b27e5f9
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior
and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-21490
https://security-tracker.debian.org/tracker/CVE-2025-21490
Upstream-patch:
https://github.com/MariaDB/server/commit/82310f926b7c6547f25dd80e4edf3f38b22913e5
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes CVE-fix for CVE-2023-26819.
Removed CVE-2025-57052, as the issue was already resolved
in v1.7.19.
Changelog:
==========
https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
python3-gunicorn depends on python3-geventlet. geventlet has made some
breaking changes (which is part of meta-oe/kirkstone), however gunicorn
wasn't adapted to this, and it broke some features (at least ptests).
This patch backports the change that adapts gunicorn to the used version
of geventlet.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
| |
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add missing ptest dependency (pytest-subtest)
2. The testsuite is installed in both the site-packages and ${PTEST_PATH}
folders, however some dependencies are only available in the site-packages
folder, so many test cases fail.
At this point of the branch lifecycle I decided not to refactor the recipe, but
rather to just use the installation in the site-packages dir to run the
tests (switch to that folder in the run-ptest script)
3. Fix the run-ptest script to output PASS/FAIL status.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The application ships with a self signed certificate as part of the test suite.
Unfortunately this certificate has expired in 2021, and since then the tests
refuse to use it, they just fail.
Upstream has fixed this issue by refactoring these tests[1] not to use a vendored
certificate, but rather to use the "python3-trustme" module - however this
is not part of Kirkstone meta-oe, so that patch cannot be used.
Due to this, disable these particular test cases.
[1]: https://github.com/requests/toolbelt/commit/b93b4067ea1ded1e33959920ae5ff4163fdd6939
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
The tests require the library to be present in the folder of test execution,
otherwise many of them fail.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libxml has derecated the "xmlSetFeature" call, and hid is behind a special
config flag (--with-legacy), which is not used by default in oe-core.
This makes compilation fail, when "esi" PACKAGECONFIG is enabled:
Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'?
This backported patch fixes this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362
Pick the PR content that's referenced in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46724
Pick the patch from the details of the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41318
Pick the v4 patch referenced in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41317
Pick the v4 patch referenced in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46784
Pick the backported patch from v4 branch, that referenced the same PR[1]
that the patch[2] from the nvd report refers to.
[1]: https://github.com/squid-cache/squid/pull/1022
[2]: https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-33863
https://nvd.nist.gov/vuln/detail/CVE-2023-33864
https://nvd.nist.gov/vuln/detail/CVE-2023-33865
Take the patches mentioned from the original researcher's report[1]
[1]: https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt (summary section)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39028
Pick the patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes false positive CVE-2024-21485 from cve reports.
$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<
Our dash:dash did not reach major version 1 yet.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e01df44b9275908f7605e8e25fc3fd83)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-10169
Backport the relevant part of the linked patch.
(The full patch contains fixes for other vulnerabilities also, which
were introduced after v4.60)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
It takes under 5 seconds to execute.
The script is a shell conversion from the meson tests.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The vendored argon library comes with Apache-2.0 or CC0
license, which hasn't been indicated in the license variable.
This change fixes this.
Reported-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
oe-core currently ships with Python 3.10.18.
Python 3.10.17 has introduced a change in urlparse library, regarding how
brackets are handled by urllib.parse.urlsplit() and urlparse() functions
(which makes it more conformant to the specification).
This has caused a regression in yarl: some tests have failed, and it also
revealed a bug in how yarl treates brackets.
This backported patch corrects this behavior, making it compatible once
again with the current Python version - and it also allows the the ptests
to pass once again.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Some tests require internet access. Set a DNS for that, if it is not
available at the start of the test.
2. Added a backported patch that fixes some failing tests, due to a
variable header value contained in a response. (fix-failing-ptest.patch)
3. Added a backported patch that avoids calling pytest fixtures directly.
If not applied, tests calling them are marked as failing by pytest.
(fix-direct-calls-to-test-fixtures.patch)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Some ptests have started to fail, due to a change in libxml 2.9.12 (oe-core
ships with 2.9.14 currently).
See upstream issue: https://github.com/facelessuser/soupsieve/issues/220
This backported patch solves this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb8e0534be8349e73b069a63739e965e9442934e)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The current script doesn't execute any tests. This patch fixes the
run-ptest script.
This is mostly a backport of e183db0c8f0b6ef605731769aeefed3e4f0a0093.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
It fails sometimes when system is under stress
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 38e2f6a9a94463916d2c4ea5d08f1a554e337f28)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The run-ptest script had incorrect output: instead of PASS/FAIL, it
is outputting OK/FAILED - that cannot be interpreted by the logparser.
This patch sets the correct run-ptest output.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Setting the RDEPENDS with "=" erased the base dependencies
(notably ${PN} itself) from the list, making the tests fail, unless
the dependencies were installed explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Files need to be in right directory structure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 51b38953a6e7f2769b5f4ac021f55299f3c68b99)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe inherits the ptest class, however installs no tests nor
run-ptest script.
This change rectifies this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes ptests provided kernel has team driver enabled
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df35bef3ae6411900efdfc3ea5ade23820e9af2f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original content of the ptest package, manette-test, is a helper demo
application (like evtest), and not a test suite. Also, the recipe did not
provide a run-ptest script.
Fix it by installing the actual tests, and adding a run-ptest script.
Note that the test folder structure looks like a gnome desktop test suite
(and the application is under the gnome umbrella), however the project
doesn't provide all necessary scaffolding for gnome-desktop-test to work, so
the tests are executed directly from the run-ptest script.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Some files are not installed with the testsuite, making it fail.
Both of these were fixed upstream, however only one patch applies cleanly.
The other is fixed with a single "install" command.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
| |
Add missing runtime dependencies for the ptest package.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scripts for some test cases.
The test cases in jemalloc require the appropriate value to be exported
to MALLOC_CONF, which is stored in shell scripts.
The privious script just ran the test cases without exporting value, causing
the tests to fail.
Include the missing shell scripts, and source them before running the test
cases now.
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b3274b4e90fad106e2e76b48afb866d81170bd6f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
| |
ptests failed due to missing "make", "file" and full "head" command.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
