From 6aa8eeadbb626bb5e5459ac2caf73b8fb0f2b936 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Sun, 14 Sep 2025 19:47:09 +0200 Subject: [PATCH] patchtest: don't match BitBake python expansion as GitHub username BitBake's Python expansion syntax looks very similar to GitHub usernames: ${@foo} - which triggers a false alarm from patchtest. This patch adds a negative lookahead to the GitHub username matching pattern: only match in case the pattern doesn't start with "${" characters. Also add a test for it. Signed-off-by: Gyorgy Sarvari Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- meta/lib/patchtest/patchtest_patterns.py | 2 +- ...Mbox.test_commit_message_user_tags.1.pass} | 0 ...tMbox.test_commit_message_user_tags.2.pass | 66 +++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) rename meta/lib/patchtest/selftest/files/{TestMbox.test_commit_message_user_tags.pass => TestMbox.test_commit_message_user_tags.1.pass} (100%) create mode 100644 meta/lib/patchtest/selftest/files/TestMbox.test_commit_message_user_tags.2.pass diff --git a/meta/lib/patchtest/patchtest_patterns.py b/meta/lib/patchtest/patchtest_patterns.py index 50637cf499b..655ecfd0491 100644 --- a/meta/lib/patchtest/patchtest_patterns.py +++ b/meta/lib/patchtest/patchtest_patterns.py @@ -59,7 +59,7 @@ mbox_bugzilla_validation = pyparsing.Regex('\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]') mbox_revert_shortlog_regex = pyparsing.Regex('Revert\s+".*"') mbox_shortlog_maxlength = 90 # based on https://stackoverflow.com/questions/30281026/regex-parsing-github-usernames-javascript -mbox_github_username = pyparsing.Regex('\B@([a-z0-9](?:-(?=[a-z0-9])|[a-z0-9]){0,38}(?<=[a-z0-9]))') +mbox_github_username = pyparsing.Regex('\B(? +Date: Fri, 31 May 2024 09:54:50 -0400 +Subject: [PATCH] selftest-hello: fix CVE-1234-56789 + +This should pass the ${@test_commit_message_user_tags} test. + +CVE: CVE-1234-56789 + +Signed-off-by: Trevor Gamblin +--- + .../files/0001-Fix-CVE-1234-56789.patch | 26 +++++++++++++++++++ + .../selftest-hello/selftest-hello_1.0.bb | 4 ++- + 2 files changed, 29 insertions(+), 1 deletion(-) + create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch + +diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch +new file mode 100644 +index 00000000000..8a4f9329303 +--- /dev/null ++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch +@@ -0,0 +1,26 @@ ++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001 ++From: Trevor Gamblin ++Date: Tue, 29 Aug 2023 14:08:20 -0400 ++Subject: [PATCH] Fix CVE-NOT-REAL ++ ++CVE: CVE-1234-56789 ++Upstream-Status: Backport(http://example.com/example) ++ ++Signed-off-by: Trevor Gamblin ++--- ++ strlen.c | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/strlen.c b/strlen.c ++index 1788f38..83d7918 100644 ++--- a/strlen.c +++++ b/strlen.c ++ ++int main() { ++ ++ printf("%d\n", str_len(string1)); ++ printf("%d\n", str_len(string2)); ++ printf("CVE FIXED!!!\n"); ++ ++ return 0; ++} +diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb +index 2dc352d479e..d937759f157 100644 +--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb ++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb +@@ -3,7 +3,9 @@ SECTION = "examples" + LICENSE = "MIT" + LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +-SRC_URI = "file://helloworld.c" ++SRC_URI = "file://helloworld.c \ ++ file://0001-Fix-CVE-1234-56789.patch \ ++ " + + S = "${WORKDIR}/sources" + UNPACKDIR = "${S}" +-- +2.45.1 + -- 2.47.3