openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
sources/poky/meta/recipes-extended/wget/wget.inc Normal file
View File

@@ -0,0 +1,45 @@
SUMMARY = "Console URL download utility supporting HTTP, FTP, etc"
DESCRIPTION = "Wget is a network utility to retrieve files from the web using \
HTTP(S) and FTP, the two most widely used internet protocols. It works \
non-interactively, so it will work in the background, after having logged off. \
The program supports recursive retrieval of web-authoring pages as well as \
FTP sites"
HOMEPAGE = "https://www.gnu.org/software/wget/"
SECTION = "console/network"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=6f65012d1daf98cb09b386cfb68df26b"
inherit autotools gettext texinfo update-alternatives pkgconfig
DEPENDS += "autoconf-archive-native"
EXTRA_OECONF = "--without-libgnutls-prefix --without-libssl-prefix \
--disable-rpath"
EXTRA_OEMAKE += 'TOOLCHAIN_OPTIONS="${TOOLCHAIN_OPTIONS}" \
DEBUG_PREFIX_MAP="${DEBUG_PREFIX_MAP}"'
ALTERNATIVE:${PN} = "wget"
ALTERNATIVE:${PN}:class-nativesdk = ""
ALTERNATIVE_PRIORITY = "100"
RRECOMMENDS:${PN} += "ca-certificates"
BBCLASSEXTEND = "nativesdk"
PACKAGECONFIG ??= "gnutls pcre zlib \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ares] = "--with-cares,--without-cares,c-ares"
PACKAGECONFIG[gnutls] = "--with-ssl=gnutls,,gnutls"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[iri] = "--enable-iri,--disable-iri,libidn2"
PACKAGECONFIG[libpsl] = "--with-libpsl,--without-libpsl,libpsl"
PACKAGECONFIG[libuuid] = "--with-libuuid,--without-libuuid,util-linux"
PACKAGECONFIG[openssl] = "--with-ssl=openssl,,openssl"
PACKAGECONFIG[pcre] = "--enable-pcre,--disable-pcre,libpcre"
PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
# Let aclocal use the relative path for the m4 file rather than
# absolute, otherwise there might be an "Argument list too long" error
# when it is built in a long/deep directory.
acpaths = "-I ./m4"

66
sources/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch Normal file
View File

@@ -0,0 +1,66 @@
From 7f1357529d23b356b45fbb0dd7388588162e4cb8 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Wed, 10 Jan 2018 14:43:20 +0800
Subject: [PATCH] src/Makefile.am: improve reproducibility
Remove build host references from the internally
generated file version.c. The references get compiled into
executables, which leads to non-reproducible builds.
The removed references (--sysroot, -fdebug-prefix-map) were
only used as part of the `wget --version' which do not have
side effect.
...
$ wget --version
GNU Wget 1.14 built on linux-gnu.
+digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Locale: /usr/share/locale
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -O2 -g -pipe
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -lssl -lcrypto
/usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so
-ldl -lz -lz -lidn -luuid -lpcre ftp-opie.o openssl.o http-ntlm.o
../lib/libgnu.a
...
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
sed use of DEBUG_PREFIX_MAP must treat whitespace the same as the
echo command building version.c or the expression match will fail.
Signed-off-by: Joe Slater <jslater@windriver.com>
---
src/Makefile.am | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/Makefile.am b/src/Makefile.am
index 28c0be2..44084a3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -87,9 +87,13 @@ version.c: $(wget_SOURCES) ../lib/libgnu.a
echo '#include "version.h"' >> $@
echo 'const char *version_string = "@VERSION@";' >> $@
echo 'const char *compilation_string = "'$(COMPILE)'";' \
+ | sed -e "s,$(TOOLCHAIN_OPTIONS),,g" \
+ -e "s,$$(echo $(DEBUG_PREFIX_MAP)),,g" \
| $(ESCAPEQUOTE) >> $@
echo 'const char *link_string = "'$(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) $(LIBS) $(wget_LDADD)'";' \
+ | sed -e "s,$(TOOLCHAIN_OPTIONS),,g" \
+ -e "s,$$(echo $(DEBUG_PREFIX_MAP)),,g" \
| $(ESCAPEQUOTE) >> $@
css.c: $(srcdir)/css.l
--
1.8.3.1

197
sources/poky/meta/recipes-extended/wget/wget/CVE-2024-10524.patch Normal file
View File

@@ -0,0 +1,197 @@
From c419542d956a2607bbce5df64b9d378a8588d778 Mon Sep 17 00:00:00 2001
From: Tim Rühsen <tim.ruehsen@gmx.de>
Date: Sun, 27 Oct 2024 19:53:14 +0100
Subject: [PATCH] Fix CVE-2024-10524 (drop support for shorthand URLs)
* doc/wget.texi: Add documentation for removed support for shorthand URLs.
* src/html-url.c (src/html-url.c): Call maybe_prepend_scheme.
* src/main.c (main): Likewise.
* src/retr.c (getproxy): Likewise.
* src/url.c: Rename definition of rewrite_shorthand_url to maybe_prepend_scheme,
add new function is_valid_port.
* src/url.h: Rename declaration of rewrite_shorthand_url to maybe_prepend_scheme.
Reported-by: Goni Golan <gonig@jfrog.com>
CVE: CVE-2024-10524
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
doc/wget.texi | 12 ++++-------
src/html-url.c | 2 +-
src/main.c | 2 +-
src/retr.c | 2 +-
src/url.c | 57 ++++++++++++++++----------------------------------
src/url.h | 2 +-
6 files changed, 26 insertions(+), 51 deletions(-)
diff --git a/doc/wget.texi b/doc/wget.texi
index 3c24de2..503a03d 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -314,8 +314,8 @@ for text files. Here is an example:
ftp://host/directory/file;type=a
@end example
-Two alternative variants of @sc{url} specification are also supported,
-because of historical (hysterical?) reasons and their widespreaded use.
+The two alternative variants of @sc{url} specifications are no longer
+supported because of security considerations:
@sc{ftp}-only syntax (supported by @code{NcFTP}):
@example
@@ -327,12 +327,8 @@ host:/dir/file
host[:port]/dir/file
@end example
-These two alternative forms are deprecated, and may cease being
-supported in the future.
-
-If you do not understand the difference between these notations, or do
-not know which one to use, just use the plain ordinary format you use
-with your favorite browser, like @code{Lynx} or @code{Netscape}.
+These two alternative forms have been deprecated long time ago,
+and support is removed with version 1.22.0.
@c man begin OPTIONS
diff --git a/src/html-url.c b/src/html-url.c
index 896d6fc..3deea9c 100644
--- a/src/html-url.c
+++ b/src/html-url.c
@@ -931,7 +931,7 @@ get_urls_file (const char *file)
url_text = merged;
}
- new_url = rewrite_shorthand_url (url_text);
+ new_url = maybe_prepend_scheme (url_text);
if (new_url)
{
xfree (url_text);
diff --git a/src/main.c b/src/main.c
index d1c3c3e..f1d7792 100644
--- a/src/main.c
+++ b/src/main.c
@@ -2126,7 +2126,7 @@ only if outputting to a regular file.\n"));
struct iri *iri = iri_new ();
struct url *url_parsed;
- t = rewrite_shorthand_url (argv[optind]);
+ t = maybe_prepend_scheme (argv[optind]);
if (!t)
t = argv[optind];
diff --git a/src/retr.c b/src/retr.c
index 38c9fcf..a124046 100644
--- a/src/retr.c
+++ b/src/retr.c
@@ -1493,7 +1493,7 @@ getproxy (struct url *u)
/* Handle shorthands. `rewritten_storage' is a kludge to allow
getproxy() to return static storage. */
- rewritten_url = rewrite_shorthand_url (proxy);
+ rewritten_url = maybe_prepend_scheme (proxy);
if (rewritten_url)
return rewritten_url;
diff --git a/src/url.c b/src/url.c
index 0acd3f3..6868825 100644
--- a/src/url.c
+++ b/src/url.c
@@ -594,60 +594,39 @@ parse_credentials (const char *beg, const char *end, char **user, char **passwd)
return true;
}
-/* Used by main.c: detect URLs written using the "shorthand" URL forms
- originally popularized by Netscape and NcFTP. HTTP shorthands look
- like this:
-
- www.foo.com[:port]/dir/file -> http://www.foo.com[:port]/dir/file
- www.foo.com[:port] -> http://www.foo.com[:port]
-
- FTP shorthands look like this:
-
- foo.bar.com:dir/file -> ftp://foo.bar.com/dir/file
- foo.bar.com:/absdir/file -> ftp://foo.bar.com//absdir/file
+static bool is_valid_port(const char *p)
+{
+ unsigned port = (unsigned) atoi (p);
+ if (port == 0 || port > 65535)
+ return false;
- If the URL needs not or cannot be rewritten, return NULL. */
+ int digits = strspn (p, "0123456789");
+ return digits && (p[digits] == '/' || p[digits] == '\0');
+}
+/* Prepend "http://" to url if scheme is missing, otherwise return NULL. */
char *
-rewrite_shorthand_url (const char *url)
+maybe_prepend_scheme (const char *url)
{
- const char *p;
- char *ret;
-
if (url_scheme (url) != SCHEME_INVALID)
return NULL;
- /* Look for a ':' or '/'. The former signifies NcFTP syntax, the
- latter Netscape. */
- p = strpbrk (url, ":/");
+ const char *p = strchr (url, ':');
if (p == url)
return NULL;
/* If we're looking at "://", it means the URL uses a scheme we
don't support, which may include "https" when compiled without
- SSL support. Don't bogusly rewrite such URLs. */
+ SSL support. Don't bogusly prepend "http://" to such URLs. */
if (p && p[0] == ':' && p[1] == '/' && p[2] == '/')
return NULL;
- if (p && *p == ':')
- {
- /* Colon indicates ftp, as in foo.bar.com:path. Check for
- special case of http port number ("localhost:10000"). */
- int digits = strspn (p + 1, "0123456789");
- if (digits && (p[1 + digits] == '/' || p[1 + digits] == '\0'))
- goto http;
-
- /* Turn "foo.bar.com:path" to "ftp://foo.bar.com/path". */
- if ((ret = aprintf ("ftp://%s", url)) != NULL)
- ret[6 + (p - url)] = '/';
- }
- else
- {
- http:
- /* Just prepend "http://" to URL. */
- ret = aprintf ("http://%s", url);
- }
- return ret;
+ if (p && p[0] == ':' && !is_valid_port (p + 1))
+ return NULL;
+
+
+ fprintf(stderr, "Prepended http:// to '%s'\n", url);
+ return aprintf ("http://%s", url);
}
static void split_path (const char *, char **, char **);
diff --git a/src/url.h b/src/url.h
index fb9da33..5f99b0a 100644
--- a/src/url.h
+++ b/src/url.h
@@ -128,7 +128,7 @@ char *uri_merge (const char *, const char *);
int mkalldirs (const char *);
-char *rewrite_shorthand_url (const char *);
+char *maybe_prepend_scheme (const char *);
bool schemes_are_similar_p (enum url_scheme a, enum url_scheme b);
bool are_urls_equal (const char *u1, const char *u2);
--
2.40.0

79
sources/poky/meta/recipes-extended/wget/wget/CVE-2024-38428.patch Normal file
View File

@@ -0,0 +1,79 @@
From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Sun, 2 Jun 2024 12:40:16 +0200
Subject: Properly re-implement userinfo parsing (rfc2396)
* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396)
The reason why the implementation is based on RFC 2396, an outdated standard,
is that the whole file is based on that RFC, and mixing standard here might be
dangerous.
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace]
CVE: CVE-2024-38428
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/url.c | 40 ++++++++++++++++++++++++++++++++++------
1 file changed, 34 insertions(+), 6 deletions(-)
diff --git a/src/url.c b/src/url.c
index 69e948b..07c3bc8 100644
--- a/src/url.c
+++ b/src/url.c
@@ -41,6 +41,7 @@ as that of the covered work. */
#include "url.h"
#include "host.h" /* for is_valid_ipv6_address */
#include "c-strcase.h"
+#include "c-ctype.h"
#ifdef HAVE_ICONV
# include <iconv.h>
@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme)
static const char *
url_skip_credentials (const char *url)
{
- /* Look for '@' that comes before terminators, such as '/', '?',
- '#', or ';'. */
- const char *p = (const char *)strpbrk (url, "@/?#;");
- if (!p || *p != '@')
- return url;
- return p + 1;
+ /*
+ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 .
+ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit.
+ *
+ * The RFC says
+ * server = [ [ userinfo "@" ] hostport ]
+ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," )
+ * unreserved = alphanum | mark
+ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
+ */
+ static const char *allowed = "-_.!~*'();:&=+$,";
+
+ for (const char *p = url; *p; p++)
+ {
+ if (c_isalnum(*p))
+ continue;
+
+ if (strchr(allowed, *p))
+ continue;
+
+ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2]))
+ {
+ p += 2;
+ continue;
+ }
+
+ if (*p == '@')
+ return p + 1;
+
+ break;
+ }
+
+ return url;
}
/* Parse credentials contained in [BEG, END). The region is expected
--
cgit v1.1

9
sources/poky/meta/recipes-extended/wget/wget_1.21.4.bb Normal file
View File

@@ -0,0 +1,9 @@
SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0002-improve-reproducibility.patch \
file://CVE-2024-38428.patch \
file://CVE-2024-10524.patch \
"
SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c"
require wget.inc