From 2ebb85fbb83f3c4eb5554e153aa6db6dfae6802e Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 29 Aug 2025 17:15:27 -0700 Subject: [PATCH] ot-br-posix: Fix build with clang-21 Update to latest tip of trunk Fix mbedTLS issue seen with clang-21 Signed-off-by: Khem Raj --- ...itialize-mbedtls_x509_time-at-declar.patch | 32 +++++++++++++++++++ .../openthread/ot-br-posix_git.bb | 3 +- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch new file mode 100644 index 0000000000..3949caa94f --- /dev/null +++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch @@ -0,0 +1,32 @@ +From c214f7884155607861d43dbfceaeb1c2d9f20740 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 29 Aug 2025 17:08:23 -0700 +Subject: [PATCH] x509_crt: Zero-initialize mbedtls_x509_time at declaration + +'mbedtls_x509_time now' is a local struct variable. passing an uninitialized local as a const * +argument is UB-risk, since the callee is not +allowed to write into it. + +Clang-21 got stricter about const pointer arguments finds it and flags it. + +zero-initializing ensures all fields are defined. + +Upstream-Status: Submitted [https://github.com/Mbed-TLS/mbedtls/pull/10377] +Signed-off-by: Khem Raj +--- + third_party/mbedtls/repo/library/x509_crt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/third_party/mbedtls/repo/library/x509_crt.c b/third_party/mbedtls/repo/library/x509_crt.c +index 2fd56fbd7..d09060fd7 100644 +--- a/third_party/mbedtls/repo/library/x509_crt.c ++++ b/third_party/mbedtls/repo/library/x509_crt.c +@@ -2523,7 +2523,7 @@ static int x509_crt_verify_chain( + int signature_is_good; + unsigned self_cnt; + mbedtls_x509_crt *cur_trust_ca = NULL; +- mbedtls_x509_time now; ++ mbedtls_x509_time now = {0}; + + #if defined(MBEDTLS_HAVE_TIME_DATE) + if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb index d0b4f81a4c..ff8b103a9f 100644 --- a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb +++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb @@ -10,13 +10,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=87109e44b2fda96a8991f27684a7349c \ file://third_party/openthread/repo/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \ " DEPENDS = "autoconf-archive dbus readline avahi jsoncpp boost libnetfilter-queue protobuf protobuf-native" -SRCREV = "7142b740479e50f6f2c2a91a369b9c36e024fe0d" +SRCREV = "0700948634b85947e893a65e3d510ed870a5755b" PV = "0.3.0+git" SRC_URI = "gitsm://github.com/openthread/ot-br-posix.git;protocol=https;branch=main \ file://0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch \ file://0001-cmake-Disable-nonnull-compare-warning-on-gcc.patch \ file://default-cxx-std.patch \ + file://0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch;patchdir=third_party/openthread/repo \ " SYSTEMD_SERVICE:${PN} = "otbr-agent.service"