Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
@@ -0,0 +1,60 @@
+From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 12 Aug 2024 19:02:14 +0200
+Subject: [PATCH] openpgp: Do not accept non-matching key responses
+
+When generating RSA key pair using PKCS#15 init, the driver could accept
+responses relevant to ECC keys, which made further processing in the
+pkcs15-init failing/accessing invalid parts of structures.
+
+Thanks oss-fuzz!
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index fad32f0ce..f99ec0db9 100644
+--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
+@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 
+ 		/* RSA modulus */
+ 		if (tag == 0x0081) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len)  /* modulus_len is in bits */
+ 				|| key_info->u.rsa.modulus == NULL) {
+ 
+@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* RSA public exponent */
+ 		else if (tag == 0x0082) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len)  /* exponent_len is in bits */
+ 				|| key_info->u.rsa.exponent == NULL) {
+ 
+@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* ECC public key */
+ 		else if (tag == 0x0086) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA &&
+					key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			/* set the output data */
+ 			/* len is ecpoint length + format byte
+ 			 * see section 7.2.14 of 3.3.1 specs */
+--
+2.34.1
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
@@ -0,0 +1,55 @@
+From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 15 Aug 2024 11:13:47 +0200
+Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint
+
+Fix also surrounding code to return error (not just log it)
+when some step fails.
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index f99ec0db9..3957440de 100644
+--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
+@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime,
+ 	/* update the blob containing fingerprints (00C5) */
+ 	sc_log(card->ctx, "Updating fingerprint blob 00C5.");
+ 	fpseq_blob = pgp_find_blob(card, 0x00C5);
+-	if (fpseq_blob == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5");
+	if (fpseq_blob == NULL) {
+		r = SC_ERROR_OUT_OF_MEMORY;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5");
+	}
+	if (20 * key_info->key_id > fpseq_blob->len) {
+		r = SC_ERROR_OBJECT_NOT_VALID;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough");
+	}
+ 
+ 	/* save the fingerprints sequence */
+ 	newdata = malloc(fpseq_blob->len);
+-	if (newdata == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY,
+-			"Not enough memory to update fingerprint blob 00C5");
+	if (newdata == NULL) {
+		r = SC_ERROR_OUT_OF_MEMORY;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5");
+	}
+ 
+ 	memcpy(newdata, fpseq_blob->data, fpseq_blob->len);
+ 	/* move p to the portion holding the fingerprint of the current key */
+--
+2.34.1
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
@@ -0,0 +1,53 @@
+SUMMARY = "Smart card library and applications"
+DESCRIPTION = "OpenSC is a tool for accessing smart card devices. Basic\
+functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO\
+7816-4 compatible smart card. Encryption and decryption using private\
+keys on the smart card is possible with PKCS\
+such as the FINEID (Finnish Electronic IDentity) card. Swedish Posten\
+eID cards have also been confirmed to work."
+
+HOMEPAGE = "https://github.com/OpenSC/OpenSC/wiki"
+SECTION = "System Environment/Libraries"
+LICENSE = "LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
+
+#v0.21.0
+SRCREV = "0a4b772d6fdab9bfaaa3123775a48a7cb6c5e7c6"
+SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \
+           file://0001-PR-Fixes-for-uninitialized-memory-issues.patch \
+           file://CVE-2024-8443-0001.patch \
+           file://CVE-2024-8443-0002.patch \
+         "
+DEPENDS = "virtual/libiconv openssl"
+
+S = "${WORKDIR}/git"
+inherit autotools pkgconfig bash-completion
+
+EXTRA_OECONF = " \
+    --disable-static \
+    --disable-ctapi \
+    --disable-doc \
+    --disable-strict \
+"
+EXTRA_OEMAKE = "DESTDIR=${D}"
+
+PACKAGECONFIG ??= "pcsc"
+
+PACKAGECONFIG[openct] = "--enable-openct,--disable-openct,openct"
+PACKAGECONFIG[pcsc] = "--enable-pcsc,--disable-pcsc,pcsc-lite,pcsc-lite pcsc-lite-lib"
+
+RDEPENDS:${PN} = "readline"
+
+FILES:${PN} += "\
+    ${libdir}/opensc-pkcs11.so \
+    ${libdir}/onepin-opensc-pkcs11.so \
+    ${libdir}/pkcs11-spy.so \
+"
+FILES:${PN}-dev += "\
+    ${libdir}/onepin-opensc-pkcs11.so \
+    ${libdir}/pkcs11/opensc-pkcs11.so \
+    ${libdir}/pkcs11/onepin-opensc-pkcs11.so \
+    ${libdir}/pkcs11/pkcs11-spy.so \
+"
+
+BBCLASSEXTEND = "native"