openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
sources/poky/meta/recipes-extended/screen/screen/0001-Remove-more-compatibility-stuff.patch Normal file
View File

@@ -0,0 +1,31 @@
This fixes
../screen-4.6.2/pty.c: In function 'OpenPTY':
../screen-4.6.2/pty.c:328:7: warning: implicit declaration of function 'openpty'; did you mean 'openat'? [-Wimplicit-function-declaration]
if (openpty(&f, &s, TtyName, NULL, NULL) != 0)
^~~~~~~
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Upstream-Status: Backport
---
pty.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/pty.c b/pty.c
index 1c0660e..502338f 100644
--- a/pty.c
+++ b/pty.c
@@ -47,11 +47,7 @@
# include <sys/ttold.h>
#endif
-#ifdef ISC
-# include <sys/tty.h>
-# include <sys/sioctl.h>
-# include <sys/pty.h>
-#endif
+#include <pty.h>
#ifdef sgi
# include <sys/sysmacros.h>

58
sources/poky/meta/recipes-extended/screen/screen/0001-fix-for-multijob-build.patch Normal file
View File

@@ -0,0 +1,58 @@
From 79ad2885e26631077dd6b8aebe17ae95b38133a6 Mon Sep 17 00:00:00 2001
From: Jackie Huang <jackie.huang@windriver.com>
Date: Tue, 26 Jul 2016 14:23:59 +0800
Subject: [PATCH] fix for multijob build
make sure that comm.sh script generates comm.h header before doing
anything else
Signed-off-by: Amadeusz Sawiski <amade@asmblr.net>
Upstream-Status: Backport
Backport patch to fix parallel build failure and update context to make patch
coulde be applied.
http://git.savannah.gnu.org/cgit/screen.git/commit?id=c0de6dd
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
Makefile.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index aca7da3..3607711 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -298,7 +298,7 @@ search.o: layout.h viewport.h canvas.h search.c config.h screen.h os.h osdef.h a
comm.h layer.h term.h image.h display.h window.h mark.h extern.h
tty.o: layout.h viewport.h canvas.h tty.c config.h screen.h os.h osdef.h ansi.h acls.h comm.h \
layer.h term.h image.h display.h window.h extern.h
-term.o: layout.h viewport.h canvas.h term.c term.h
+term.o: layout.h viewport.h canvas.h term.c term.h comm.h
window.o: layout.h viewport.h canvas.h window.c config.h screen.h os.h osdef.h ansi.h acls.h \
comm.h layer.h term.h image.h display.h window.h extern.h logfile.h
utmp.o: layout.h viewport.h canvas.h utmp.c config.h screen.h os.h osdef.h ansi.h acls.h \
@@ -324,7 +324,7 @@ canvas.o: layout.h viewport.h canvas.h canvas.c config.h screen.h os.h osdef.h a
comm.h layer.h term.h image.h display.h window.h extern.h \
braille.h
comm.o: layout.h viewport.h canvas.h comm.c config.h acls.h comm.h
-kmapdef.o: layout.h viewport.h canvas.h kmapdef.c config.h
+kmapdef.o: layout.h viewport.h canvas.h kmapdef.c config.h comm.h
acls.o: layout.h viewport.h canvas.h acls.c config.h screen.h os.h osdef.h ansi.h acls.h comm.h \
layer.h term.h image.h display.h window.h extern.h
braille.o: layout.h viewport.h canvas.h braille.c config.h screen.h os.h osdef.h ansi.h acls.h \
@@ -350,7 +350,7 @@ layout.o: layout.h viewport.h canvas.h layout.c config.h screen.h os.h osdef.h a
viewport.o: layout.h viewport.h canvas.h viewport.c config.h screen.h os.h osdef.h ansi.h acls.h \
comm.h layer.h term.h image.h display.h window.h extern.h \
braille.h
-list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h
-list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h
+list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h comm.h
+list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h comm.h
list_window.o: list_generic.h list_window.c window.h layer.h screen.h osdef.h comm.h
--
1.9.1

30
sources/poky/meta/recipes-extended/screen/screen/0002-comm.h-now-depends-on-term.h.patch Normal file
View File

@@ -0,0 +1,30 @@
Upstream-Status: Backport
Backport from:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=39c5f1c
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
From 39c5f1c76f1fcef4b5958bf828a63f53426b6984 Mon Sep 17 00:00:00 2001
From: Mike Gerwitz <mike@mikegerwitz.com>
Date: Tue, 24 Dec 2013 22:16:31 -0500
Subject: [PATCH] comm.h now depends on term.h
---
src/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: screen-4.6.1/Makefile.in
===================================================================
--- screen-4.6.1.orig/Makefile.in
+++ screen-4.6.1/Makefile.in
@@ -133,7 +133,7 @@ kmapdef.c: term.h
tty.c: tty.sh
sh $(srcdir)/tty.sh tty.c
-comm.h: comm.c comm.sh config.h
+comm.h: comm.c comm.sh config.h term.h
AWK=$(AWK) CC="$(CC) $(CFLAGS)" srcdir=${srcdir} sh $(srcdir)/comm.sh
osdef.h: osdef.sh config.h osdef.h.in

146
sources/poky/meta/recipes-extended/screen/screen/CVE-2025-46802.patch Normal file
View File

@@ -0,0 +1,146 @@
From 049b26b22e197ba3be9c46e5c193032e01a4724a Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Mon, 12 May 2025 15:15:38 +0200
Subject: [PATCH] fix CVE-2025-46802: attacher.c - prevent temporary 0666 mode
on PTYs
This temporary chmod of the PTY to mode 0666 is most likely a remnant of
past times, before the PTY file descriptor was passed to the target
session via the UNIX domain socket.
This chmod() causes a race condition during which any other user in the
system can open the PTY for reading and writing, and thus allows PTY
hijacking.
Simply remove this logic completely.
CVE: CVE-2025-46802
Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
attacher.c | 27 ---------------------------
screen.c | 19 -------------------
2 files changed, 46 deletions(-)
diff --git a/attacher.c b/attacher.c
index c35ae7a..16b151e 100644
--- a/attacher.c
+++ b/attacher.c
@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd;
#ifdef MULTIUSER
extern char *multi;
extern int multiattach, multi_uid, own_uid;
-extern int tty_mode, tty_oldmode;
# ifndef USE_SETEUID
static int multipipe[2];
# endif
@@ -160,9 +159,6 @@ int how;
if (pipe(multipipe))
Panic(errno, "pipe");
- if (chmod(attach_tty, 0666))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = tty_mode;
eff_uid = -1; /* make UserContext fork */
real_uid = multi_uid;
if ((ret = UserContext()) <= 0)
@@ -174,11 +170,6 @@ int how;
Panic(errno, "UserContext");
close(multipipe[1]);
read(multipipe[0], &dummy, 1);
- if (tty_oldmode >= 0)
- {
- chmod(attach_tty, tty_oldmode);
- tty_oldmode = -1;
- }
ret = UserStatus();
#ifdef LOCK
if (ret == SIG_LOCK)
@@ -224,9 +215,6 @@ int how;
xseteuid(multi_uid);
xseteuid(own_uid);
#endif
- if (chmod(attach_tty, 0666))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = tty_mode;
}
# endif /* USE_SETEUID */
#endif /* MULTIUSER */
@@ -423,13 +411,6 @@ int how;
ContinuePlease = 0;
# ifndef USE_SETEUID
close(multipipe[1]);
-# else
- xseteuid(own_uid);
- if (tty_oldmode >= 0)
- if (chmod(attach_tty, tty_oldmode))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = -1;
- xseteuid(real_uid);
# endif
}
#endif
@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG
close(s);
}
}
-#ifdef MULTIUSER
- if (tty_oldmode >= 0)
- {
- if (setuid(own_uid))
- Panic(errno, "setuid");
- chmod(attach_tty, tty_oldmode);
- }
-#endif
exit(0);
SIGRETURN;
}
diff --git a/screen.c b/screen.c
index 7653cd1..1a23e1a 100644
--- a/screen.c
+++ b/screen.c
@@ -230,8 +230,6 @@ char *multi_home;
int multi_uid;
int own_uid;
int multiattach;
-int tty_mode;
-int tty_oldmode = -1;
#endif
char HostName[MAXSTR];
@@ -1009,9 +1007,6 @@ int main(int ac, char** av)
/* ttyname implies isatty */
SetTtyname(true, &st);
-#ifdef MULTIUSER
- tty_mode = (int)st.st_mode & 0777;
-#endif
fl = fcntl(0, F_GETFL, 0);
if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR)
@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic)
if (D_userpid)
Kill(D_userpid, SIG_BYE);
}
-#ifdef MULTIUSER
- if (tty_oldmode >= 0) {
-
-# ifdef USE_SETEUID
- if (setuid(own_uid))
- xseteuid(own_uid); /* may be a loop. sigh. */
-# else
- setuid(own_uid);
-# endif
-
- debug1("Panic: changing back modes from %s\n", attach_tty);
- chmod(attach_tty, tty_oldmode);
- }
-#endif
eexit(1);
}
--
2.40.0

131
sources/poky/meta/recipes-extended/screen/screen/CVE-2025-46804.patch Normal file
View File

@@ -0,0 +1,131 @@
From e0eef5aac453fa98a2664416a56c50ad1d00cb30 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Mon, 12 May 2025 15:26:11 +0200
Subject: [PATCH] fix CVE-2025-46804: avoid file existence test information
leaks
In setuid-root context the current error messages give away whether
certain paths not accessible by the real user exist and what type they
have. To prevent this only output generic error messages in setuid-root
context.
In some situations, when an error is pertaining a directory and the
directory is owner by the real user then we can still output more
detailed diagnostics.
This change can lead to less helpful error messages when Screen is
install setuid-root. More complex changes would be needed to avoid this
(e.g. only open the `SocketPath` with raised privileges when
multi-attach is requested).
There might still be lingering some code paths that allow such
information leaks, since `SocketPath` is a global variable that is used
across the code base. The majority of issues should be caught with this
fix, however.
CVE: CVE-2025-46804
Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
screen.c | 45 ++++++++++++++++++++++++++++++++++-----------
socket.c | 9 +++++++--
2 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/screen.c b/screen.c
index 1a23e1a..6eec151 100644
--- a/screen.c
+++ b/screen.c
@@ -1122,15 +1122,28 @@ int main(int ac, char** av)
#endif
}
- if (stat(SockPath, &st) == -1)
- Panic(errno, "Cannot access %s", SockPath);
- else
- if (!S_ISDIR(st.st_mode))
+ if (stat(SockPath, &st) == -1) {
+ if (eff_uid == real_uid) {
+ Panic(errno, "Cannot access %s", SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ } else if (!S_ISDIR(st.st_mode)) {
+ if (eff_uid == real_uid || st.st_uid == real_uid) {
Panic(0, "%s is not a directory.", SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ }
#ifdef MULTIUSER
if (multi) {
- if ((int)st.st_uid != multi_uid)
- Panic(0, "%s is not the owner of %s.", multi, SockPath);
+ if ((int)st.st_uid != multi_uid) {
+ if (eff_uid == real_uid || st.st_uid == real_uid) {
+ Panic(0, "%s is not the owner of %s.", multi, SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ }
}
else
#endif
@@ -1144,9 +1157,13 @@ int main(int ac, char** av)
Panic(0, "You are not the owner of %s.", SockPath);
#endif
}
-
- if ((st.st_mode & 0777) != 0700)
- Panic(0, "Directory %s must have mode 700.", SockPath);
+ if ((st.st_mode & 0777) != 0700) {
+ if (eff_uid == real_uid || st.st_uid == real_uid) {
+ Panic(0, "Directory %s must have mode 700.", SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ }
if (SockMatch && index(SockMatch, '/'))
Panic(0, "Bad session name '%s'", SockMatch);
SockName = SockPath + strlen(SockPath) + 1;
@@ -1184,8 +1201,14 @@ int main(int ac, char** av)
else
exit(9 + (fo || oth ? 1 : 0) + fo);
}
- if (fo == 0)
- Panic(0, "No Sockets found in %s.\n", SockPath);
+ if (fo == 0) {
+ if (eff_uid == real_uid || st.st_uid == real_uid) {
+ Panic(0, "No Sockets found in %s.\n", SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ }
+
Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SockPath);
eexit(0);
}
diff --git a/socket.c b/socket.c
index 54d8cb8..6c3502f 100644
--- a/socket.c
+++ b/socket.c
@@ -169,8 +169,13 @@ bool *is_sock;
xsetegid(real_gid);
#endif
- if ((dirp = opendir(SockPath)) == 0)
- Panic(errno, "Cannot opendir %s", SockPath);
+ if ((dirp = opendir(SockPath)) == 0) {
+ if (eff_uid == real_uid) {
+ Panic(errno, "Cannot opendir %s", SockPath);
+ } else {
+ Panic(0, "Error accessing %s", SockPath);
+ }
+ }
slist = 0;
slisttail = &slist;
--
2.40.0

101
sources/poky/meta/recipes-extended/screen/screen/CVE-2025-46805.patch Normal file
View File

@@ -0,0 +1,101 @@
From aa9f51f996a22470b8461d2b6a32e62c7ec30ed5 Mon Sep 17 00:00:00 2001
From: Axel Beckert <abe@debian.org>
Date: Mon, 19 May 2025 00:42:42 +0200
Subject: fix CVE-2025-46805: socket.c - don't send signals with root
Gbp-Pq: fix-CVE-2025-46805-socket.c-don-t-send-signals-with-.patch.
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5
Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]
CVE: CVE-2025-46805
Signed-off-by: Ashish Sharma <asharma@mvista.com>
socket.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/socket.c b/socket.c
index e268e3d..11b5e59 100644
--- a/socket.c
+++ b/socket.c
@@ -832,6 +832,11 @@ int pid;
return UserStatus();
}
+static void KillUnpriv(pid_t pid, int sig) {
+ UserContext();
+ UserReturn(kill(pid, sig));
+}
+
#ifdef hpux
/*
* From: "F. K. Bruner" <napalm@ugcs.caltech.edu>
@@ -917,14 +922,14 @@ struct win *wi;
{
Msg(errno, "Could not perform necessary sanity checks on pts device.");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
if (strcmp(ttyname_in_ns, m->m_tty))
{
Msg(errno, "Attach: passed fd does not match tty: %s - %s!", ttyname_in_ns, m->m_tty[0] != '\0' ? m->m_tty : "(null)");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
/* m->m_tty so far contains the actual name of the pts device in the
@@ -941,19 +946,19 @@ struct win *wi;
{
Msg(errno, "Attach: passed fd does not match tty: %s - %s!", m->m_tty, myttyname ? myttyname : "NULL");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
}
else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0)
{
Msg(errno, "Attach: Could not open %s!", m->m_tty);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
#ifdef MULTIUSER
if (attach)
- Kill(pid, SIGCONT);
+ KillUnpriv(pid, SIGCONT);
#endif
#if defined(ultrix) || defined(pyr) || defined(NeXT)
@@ -966,7 +971,7 @@ struct win *wi;
{
write(i, "Attaching from inside of screen?\n", 33);
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
Msg(0, "Attach msg ignored: coming from inside.");
return -1;
}
@@ -977,7 +982,7 @@ struct win *wi;
{
write(i, "Access to session denied.\n", 26);
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
Msg(0, "Attach: access denied for user %s.", user);
return -1;
}
@@ -1295,7 +1300,7 @@ ReceiveMsg()
Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
}
else {
- Kill(m.m.command.apid,
+ KillUnpriv(m.m.command.apid,
(queryflag >= 0)
? SIGCONT
: SIG_BYE); /* Send SIG_BYE if an error happened */
--
cgit v1.2.3

2
sources/poky/meta/recipes-extended/screen/screen/screen.pam Normal file
View File

@@ -0,0 +1,2 @@
#%PAM-1.0
auth include common-auth

52
sources/poky/meta/recipes-extended/screen/screen_4.9.1.bb Normal file
View File

@@ -0,0 +1,52 @@
SUMMARY = "Multiplexing terminal manager"
DESCRIPTION = "Screen is a full-screen window manager \
that multiplexes a physical terminal between several \
processes, typically interactive shells."
HOMEPAGE = "http://www.gnu.org/software/screen/"
BUGTRACKER = "https://savannah.gnu.org/bugs/?func=additem&group=screen"
SECTION = "console/utils"
LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://screen.h;endline=26;md5=b8dc717c9a3dba842ae6c44ca0f73f52 \
"
DEPENDS = "ncurses virtual/crypt \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} = "base-files"
SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \
file://0002-comm.h-now-depends-on-term.h.patch \
file://0001-fix-for-multijob-build.patch \
file://0001-Remove-more-compatibility-stuff.patch \
file://CVE-2025-46805.patch \
file://CVE-2025-46802.patch \
file://CVE-2025-46804.patch \
"
SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
inherit autotools texinfo
PACKAGECONFIG ??= ""
PACKAGECONFIG[utempter] = "ac_cv_header_utempter_h=yes,ac_cv_header_utempter_h=no,libutempter,"
EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 --with-sys-screenrc=${sysconfdir}/screenrc \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
do_install:append () {
install -D -m 644 ${S}/etc/etcscreenrc ${D}/${sysconfdir}/screenrc
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
install -D -m 644 ${WORKDIR}/screen.pam ${D}/${sysconfdir}/pam.d/screen
fi
}
pkg_postinst:${PN} () {
grep -q "^${bindir}/screen$" $D${sysconfdir}/shells || echo ${bindir}/screen >> $D${sysconfdir}/shells
}
pkg_postrm:${PN} () {
printf "$(grep -v "^${bindir}/screen$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells
}