openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
sources/poky/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch Normal file
View File

@@ -0,0 +1,161 @@
From 149e299cd7eaadc8248480300b6e13b097c5b3fa Mon Sep 17 00:00:00 2001
From: Jiaying Song <jiaying.song.cn@windriver.com>
Date: Fri, 13 Dec 2024 12:19:43 +0800
Subject: [PATCH] Fix CVE-2024-46901
It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames.
Upstream-Status: Backport
[https://subversion.apache.org/security/CVE-2024-46901-advisory.txt]
CVE: CVE-2024-46901
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
---
.../include/private/svn_repos_private.h | 8 +++++
subversion/libsvn_repos/commit.c | 3 +-
subversion/libsvn_repos/repos.c | 10 +++++++
subversion/mod_dav_svn/lock.c | 7 +++++
subversion/mod_dav_svn/repos.c | 29 +++++++++++++++++++
5 files changed, 55 insertions(+), 2 deletions(-)
diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h
index 1fd34e8..1d5fc9c 100644
--- a/subversion/include/private/svn_repos_private.h
+++ b/subversion/include/private/svn_repos_private.h
@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor,
const char *update_anchor_relpath,
apr_pool_t *pool);
+/* Validate that the given PATH is a valid pathname that can be stored in
+ * a Subversion repository, according to the name constraints used by the
+ * svn_repos_* layer.
+ */
+svn_error_t *
+svn_repos__validate_new_path(const char *path,
+ apr_pool_t *scratch_pool);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c
index 515600d..aad37ee 100644
--- a/subversion/libsvn_repos/commit.c
+++ b/subversion/libsvn_repos/commit.c
@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
svn_boolean_t was_copied = FALSE;
const char *full_path, *canonicalized_path;
- /* Reject paths which contain control characters (related to issue #4340). */
- SVN_ERR(svn_path_check_valid(path, pool));
+ SVN_ERR(svn_repos__validate_new_path(path, pool));
SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path,
pool, pool));
diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c
index 2189de8..119f04b 100644
--- a/subversion/libsvn_repos/repos.c
+++ b/subversion/libsvn_repos/repos.c
@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
pool);
}
+
+svn_error_t *
+svn_repos__validate_new_path(const char *path,
+ apr_pool_t *scratch_pool)
+{
+ /* Reject paths which contain control characters (related to issue #4340). */
+ SVN_ERR(svn_path_check_valid(path, scratch_pool));
+
+ return SVN_NO_ERROR;
+}
diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c
index 7e9c94b..d2a6aa9 100644
--- a/subversion/mod_dav_svn/lock.c
+++ b/subversion/mod_dav_svn/lock.c
@@ -36,6 +36,7 @@
#include "svn_pools.h"
#include "svn_props.h"
#include "private/svn_log.h"
+#include "private/svn_repos_private.h"
#include "dav_svn.h"
@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
/* Commit a 0-byte file: */
+ if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool)))
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+
if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
"Could not determine youngest revision",
diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c
index 8cbd5e7..778ae9b 100644
--- a/subversion/mod_dav_svn/repos.c
+++ b/subversion/mod_dav_svn/repos.c
@@ -2928,6 +2928,15 @@ open_stream(const dav_resource *resource,
if (kind == svn_node_none) /* No existing file. */
{
+ serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool);
+
+ if (serr != NULL)
+ {
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+ }
serr = svn_fs_make_file(resource->info->root.root,
resource->info->repos_path,
resource->pool);
@@ -4120,6 +4129,14 @@ create_collection(dav_resource *resource)
return err;
}
+ if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool)) != NULL)
+ {
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+ }
+
if ((serr = svn_fs_make_dir(resource->info->root.root,
resource->info->repos_path,
resource->pool)) != NULL)
@@ -4193,6 +4210,12 @@ copy_resource(const dav_resource *src,
if (err)
return err;
}
+
+ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
+ if (serr)
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ dst->pool);
src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
@@ -4430,6 +4453,12 @@ move_resource(dav_resource *src,
if (err)
return err;
+ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
+ if (serr)
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ dst->pool);
+
/* Copy the src to the dst. */
serr = svn_fs_copy(src->info->root.root, /* the root object of src rev*/
src->info->repos_path, /* the relative path of src */
--
2.25.1

31
sources/poky/meta/recipes-devtools/subversion/subversion/serfmacro.patch Normal file
View File

@@ -0,0 +1,31 @@
The existing sed expression can match expressions like
--sysroot=/some/path/xxx-linux/ which clearly isn't intended and injects
incorrect paths into LDFLAGS.
Fix this in the same way we address the problem in CFLAGS.
RP 2016/12/7
Upstream-Status: Pending
Rebase 1.12.0
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
build/ac-macros/serf.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/ac-macros/serf.m4 b/build/ac-macros/serf.m4
index 0a549b3..3a069ac 100644
--- a/build/ac-macros/serf.m4
+++ b/build/ac-macros/serf.m4
@@ -171,7 +171,7 @@ AC_DEFUN(SVN_SERF_PKG_CONFIG,
SVN_SERF_INCLUDES=[`$PKG_CONFIG $serf_pc_arg --cflags-only-I`]
SVN_SERF_LIBS=[`$PKG_CONFIG $serf_pc_arg --libs-only-l`]
dnl don't use --libs-only-L because then we might miss some options
- LDFLAGS=["$LDFLAGS `$PKG_CONFIG $serf_pc_arg --libs | $SED -e 's/-l[^ ]*//g'`"]
+ LDFLAGS=["$LDFLAGS `$PKG_CONFIG $serf_pc_arg --libs | $SED -e 's/ -l[^ ]*//g' -e 's/^-l[^ ]*//g'`"]
break
else
AC_MSG_RESULT([no])
--
2.7.4

64
sources/poky/meta/recipes-devtools/subversion/subversion_1.14.3.bb Normal file
View File

@@ -0,0 +1,64 @@
SUMMARY = "Subversion (svn) version control system client"
HOMEPAGE = "http://subversion.apache.org"
DESCRIPTION = "Subversion is an open source version control system."
SECTION = "console/network"
LICENSE = "Apache-2.0 & MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=6487ae7094d359fa90fb9c4096e52e2b"
DEPENDS = "apr-util serf sqlite3 file lz4"
DEPENDS:append:class-native = " file-replacement-native"
SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://serfmacro.patch \
file://CVE-2024-46901.patch \
"
SRC_URI[sha256sum] = "949efd451a09435f7e8573574c71c7b71b194d844890fa49cd61d2262ea1a440"
inherit autotools pkgconfig gettext python3native
CVE_PRODUCT = "apache:subversion"
CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows"
PACKAGECONFIG ?= ""
PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"
PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl"
PACKAGECONFIG[gnome-keyring] = "--with-gnome-keyring,--without-gnome-keyring,glib-2.0 gnome-keyring"
EXTRA_OECONF = " \
--with-apr=${STAGING_BINDIR_CROSS} \
--with-apr-util=${STAGING_BINDIR_CROSS} \
--without-apxs \
--without-berkeley-db \
--without-swig \
--disable-keychain \
--with-utf8proc=internal \
ac_cv_path_RUBY=none \
"
EXTRA_OEMAKE += "pkgconfig_dir=${libdir}/pkgconfig"
acpaths = "-I build/ -I build/ac-macros/"
CPPFLAGS += "-P"
BUILD_CPPFLAGS += "-P"
do_configure:prepend () {
rm -f ${S}/libtool
rm -f ${S}/build/libtool.m4 ${S}/build/ltmain.sh ${S}/build/ltoptions.m4 ${S}/build/ltsugar.m4 ${S}/build/ltversion.m4 ${S}/build/lt~obsolete.m4
rm -f ${S}/aclocal.m4
sed -i -e 's:with_sasl="/usr/local":with_sasl="${STAGING_DIR}":' ${S}/build/ac-macros/sasl.m4
}
#| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_local/libsvn_ra_local-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| /usr/bin/ld: cannot find -lsvn_delta-1| collect2: ld returned 1 exit status| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_svn/libsvn_ra_svn-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_serf/libsvn_ra_serf-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'
#| x86_64-linux-libtool: install: error: relink `libsvn_ra_serf-1.la' with the above command before installing it
#| x86_64-linux-libtool: install: warning: `../../subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'
#| /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/subversion-1.8.9/build-outputs.mk:1090: recipe for target 'install-serf-lib' failed
#| make: *** [install-serf-lib] Error 1
PARALLEL_MAKEINST = ""
RDEPENDS:${PN} = "serf"
BBCLASSEXTEND = "native nativesdk"