openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
sources/meta-openembedded/meta-oe/recipes-support/nano/files/CVE-2024-5742.patch Normal file
View File

@@ -0,0 +1,101 @@
From aad1439553de8ce0ef8815a65ac0732dc804507b Mon Sep 17 00:00:00 2001
From: Benno Schulenberg <bensberg@telfort.nl>
Date: Sun, 28 Apr 2024 10:51:52 +0200
Subject: [PATCH] files: run `chmod` and `chown` on the descriptor, not on the
filename
This closes a window of opportunity where the emergency file could be
replaced by a malicious symlink.
The issue was reported by `MartinJM` and `InvisibleMeerkat`.
Problem existed since version 2.2.0, commit 123110c5, when chmodding
and chowning of the emergency .save file was added.
Upstream-Status: Backport from [https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2]
CVE: CVE-2024-5742
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
src/definitions.h | 2 +-
src/files.c | 13 ++++++++++++-
src/nano.c | 12 +-----------
3 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/src/definitions.h b/src/definitions.h
index 288f1ff..04614a3 100644
--- a/src/definitions.h
+++ b/src/definitions.h
@@ -283,7 +283,7 @@ typedef enum {
} message_type;
typedef enum {
- OVERWRITE, APPEND, PREPEND
+ OVERWRITE, APPEND, PREPEND, EMERGENCY
} kind_of_writing_type;
typedef enum {
diff --git a/src/files.c b/src/files.c
index c6eadc1..88397d3 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1760,6 +1760,8 @@ bool write_file(const char *name, FILE *thefile, bool normal,
#endif
char *realname = real_dir_from_tilde(name);
/* The filename after tilde expansion. */
+ int fd = 0;
+ /* The descriptor that is assigned when opening the file. */
char *tempname = NULL;
/* The name of the temporary file we use when prepending. */
linestruct *line = openfile->filetop;
@@ -1843,7 +1845,6 @@ bool write_file(const char *name, FILE *thefile, bool normal,
* For an emergency file, access is restricted to just the owner. */
if (thefile == NULL) {
mode_t permissions = (normal ? RW_FOR_ALL : S_IRUSR|S_IWUSR);
- int fd;
#ifndef NANO_TINY
block_sigwinch(TRUE);
@@ -1969,6 +1970,16 @@ bool write_file(const char *name, FILE *thefile, bool normal,
}
#endif
+#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
+ /* Change permissions and owner of an emergency save file to the values
+ * of the original file, but ignore any failure as we are in a hurry. */
+ if (method == EMERGENCY && fd && openfile->statinfo) {
+ IGNORE_CALL_RESULT(fchmod(fd, openfile->statinfo->st_mode));
+ IGNORE_CALL_RESULT(fchown(fd, openfile->statinfo->st_uid,
+ openfile->statinfo->st_gid));
+ }
+#endif
+
if (fclose(thefile) != 0) {
statusline(ALERT, _("Error writing %s: %s"), realname, strerror(errno));
diff --git a/src/nano.c b/src/nano.c
index c6db6dd..c8e5265 100644
--- a/src/nano.c
+++ b/src/nano.c
@@ -337,18 +337,8 @@ void emergency_save(const char *filename)
if (*targetname == '\0')
fprintf(stderr, _("\nToo many .save files\n"));
- else if (write_file(targetname, NULL, SPECIAL, OVERWRITE, NONOTES)) {
+ else if (write_file(targetname, NULL, SPECIAL, EMERGENCY, NONOTES))
fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
-#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
- /* Try to chmod/chown the saved file to the values of the original file,
- * but ignore any failure as we are in a hurry to get out. */
- if (openfile->statinfo) {
- IGNORE_CALL_RESULT(chmod(targetname, openfile->statinfo->st_mode));
- IGNORE_CALL_RESULT(chown(targetname, openfile->statinfo->st_uid,
- openfile->statinfo->st_gid));
- }
-#endif
- }
free(targetname);
free(plainname);
--
2.44.0

24
sources/meta-openembedded/meta-oe/recipes-support/nano/nano_7.2.bb Normal file
View File

@@ -0,0 +1,24 @@
SUMMARY = "Small and friendly console text editor"
DESCRIPTION = "GNU nano (Nano's ANOther editor, or \
Not ANOther editor) is an enhanced clone of the \
Pico text editor."
HOMEPAGE = "http://www.nano-editor.org/"
SECTION = "console/utils"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
DEPENDS = "ncurses file"
RDEPENDS:${PN} = "ncurses-terminfo-base"
PV_MAJOR = "${@d.getVar('PV').split('.')[0]}"
SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz \
file://CVE-2024-5742.patch \
"
SRC_URI[sha256sum] = "86f3442768bd2873cec693f83cdf80b4b444ad3cc14760b74361474fc87a4526"
UPSTREAM_CHECK_URI = "https://ftp.gnu.org/gnu/nano"
inherit autotools gettext pkgconfig
PACKAGECONFIG[tiny] = "--enable-tiny,"