diff options
2 files changed, 34 insertions, 1 deletions
diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch new file mode 100644 index 0000000000..3949caa94f --- /dev/null +++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From c214f7884155607861d43dbfceaeb1c2d9f20740 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Fri, 29 Aug 2025 17:08:23 -0700 | ||
| 4 | Subject: [PATCH] x509_crt: Zero-initialize mbedtls_x509_time at declaration | ||
| 5 | |||
| 6 | 'mbedtls_x509_time now' is a local struct variable. passing an uninitialized local as a const * | ||
| 7 | argument is UB-risk, since the callee is not | ||
| 8 | allowed to write into it. | ||
| 9 | |||
| 10 | Clang-21 got stricter about const pointer arguments finds it and flags it. | ||
| 11 | |||
| 12 | zero-initializing ensures all fields are defined. | ||
| 13 | |||
| 14 | Upstream-Status: Submitted [https://github.com/Mbed-TLS/mbedtls/pull/10377] | ||
| 15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 16 | --- | ||
| 17 | third_party/mbedtls/repo/library/x509_crt.c | 2 +- | ||
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/third_party/mbedtls/repo/library/x509_crt.c b/third_party/mbedtls/repo/library/x509_crt.c | ||
| 21 | index 2fd56fbd7..d09060fd7 100644 | ||
| 22 | --- a/third_party/mbedtls/repo/library/x509_crt.c | ||
| 23 | +++ b/third_party/mbedtls/repo/library/x509_crt.c | ||
| 24 | @@ -2523,7 +2523,7 @@ static int x509_crt_verify_chain( | ||
| 25 | int signature_is_good; | ||
| 26 | unsigned self_cnt; | ||
| 27 | mbedtls_x509_crt *cur_trust_ca = NULL; | ||
| 28 | - mbedtls_x509_time now; | ||
| 29 | + mbedtls_x509_time now = {0}; | ||
| 30 | |||
| 31 | #if defined(MBEDTLS_HAVE_TIME_DATE) | ||
| 32 | if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { | ||
diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb index d0b4f81a4c..ff8b103a9f 100644 --- a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb +++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb | |||
| @@ -10,13 +10,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=87109e44b2fda96a8991f27684a7349c \ | |||
| 10 | file://third_party/openthread/repo/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \ | 10 | file://third_party/openthread/repo/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \ |
| 11 | " | 11 | " |
| 12 | DEPENDS = "autoconf-archive dbus readline avahi jsoncpp boost libnetfilter-queue protobuf protobuf-native" | 12 | DEPENDS = "autoconf-archive dbus readline avahi jsoncpp boost libnetfilter-queue protobuf protobuf-native" |
| 13 | SRCREV = "7142b740479e50f6f2c2a91a369b9c36e024fe0d" | 13 | SRCREV = "0700948634b85947e893a65e3d510ed870a5755b" |
| 14 | PV = "0.3.0+git" | 14 | PV = "0.3.0+git" |
| 15 | 15 | ||
| 16 | SRC_URI = "gitsm://github.com/openthread/ot-br-posix.git;protocol=https;branch=main \ | 16 | SRC_URI = "gitsm://github.com/openthread/ot-br-posix.git;protocol=https;branch=main \ |
| 17 | file://0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch \ | 17 | file://0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch \ |
| 18 | file://0001-cmake-Disable-nonnull-compare-warning-on-gcc.patch \ | 18 | file://0001-cmake-Disable-nonnull-compare-warning-on-gcc.patch \ |
| 19 | file://default-cxx-std.patch \ | 19 | file://default-cxx-std.patch \ |
| 20 | file://0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch;patchdir=third_party/openthread/repo \ | ||
| 20 | " | 21 | " |
| 21 | 22 | ||
| 22 | SYSTEMD_SERVICE:${PN} = "otbr-agent.service" | 23 | SYSTEMD_SERVICE:${PN} = "otbr-agent.service" |