Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
@@ -0,0 +1,60 @@
+From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 12 Aug 2024 19:02:14 +0200
+Subject: [PATCH] openpgp: Do not accept non-matching key responses
+
+When generating RSA key pair using PKCS#15 init, the driver could accept
+responses relevant to ECC keys, which made further processing in the
+pkcs15-init failing/accessing invalid parts of structures.
+
+Thanks oss-fuzz!
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index fad32f0ce..f99ec0db9 100644
+--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
+@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 
+ 		/* RSA modulus */
+ 		if (tag == 0x0081) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len)  /* modulus_len is in bits */
+ 				|| key_info->u.rsa.modulus == NULL) {
+ 
+@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* RSA public exponent */
+ 		else if (tag == 0x0082) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len)  /* exponent_len is in bits */
+ 				|| key_info->u.rsa.exponent == NULL) {
+ 
+@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* ECC public key */
+ 		else if (tag == 0x0086) {
+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA &&
+					key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) {
+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
+			}
+ 			/* set the output data */
+ 			/* len is ecpoint length + format byte
+ 			 * see section 7.2.14 of 3.3.1 specs */
+--
+2.34.1
--- a/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
+++ b/sources/meta-openembedded/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
@@ -0,0 +1,55 @@
+From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 15 Aug 2024 11:13:47 +0200
+Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint
+
+Fix also surrounding code to return error (not just log it)
+when some step fails.
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index f99ec0db9..3957440de 100644
+--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
+@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime,
+ 	/* update the blob containing fingerprints (00C5) */
+ 	sc_log(card->ctx, "Updating fingerprint blob 00C5.");
+ 	fpseq_blob = pgp_find_blob(card, 0x00C5);
+-	if (fpseq_blob == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5");
+	if (fpseq_blob == NULL) {
+		r = SC_ERROR_OUT_OF_MEMORY;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5");
+	}
+	if (20 * key_info->key_id > fpseq_blob->len) {
+		r = SC_ERROR_OBJECT_NOT_VALID;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough");
+	}
+ 
+ 	/* save the fingerprints sequence */
+ 	newdata = malloc(fpseq_blob->len);
+-	if (newdata == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY,
+-			"Not enough memory to update fingerprint blob 00C5");
+	if (newdata == NULL) {
+		r = SC_ERROR_OUT_OF_MEMORY;
+		LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5");
+	}
+ 
+ 	memcpy(newdata, fpseq_blob->data, fpseq_blob->len);
+ 	/* move p to the portion holding the fingerprint of the current key */
+--
+2.34.1