From 5a4d1bc71344da6b86ba5b89abcb7478f017736a Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 29 Aug 2025 17:52:23 -0700 Subject: [PATCH] hiawatha: Fix bundled mbedtls with clang-21 Signed-off-by: Khem Raj --- ..._-nonstring-to-remove-unterminated-s.patch | 43 +++++++++++++++++++ ...ute__-nonstring-with-macro-MBEDTLS_A.patch | 42 ++++++++++++++++++ ...BEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch | 33 ++++++++++++++ .../recipes-httpd/hiawatha/hiawatha_11.7.bb | 6 ++- 4 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch create mode 100644 meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch create mode 100644 meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch diff --git a/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch b/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch new file mode 100644 index 0000000000..5a9c719b6d --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch @@ -0,0 +1,43 @@ +From 56b26ede007453a4ee9832076597e82d2a903700 Mon Sep 17 00:00:00 2001 +From: Felix Conway +Date: Wed, 11 Jun 2025 16:04:06 +0100 +Subject: [PATCH 1/2] Add __attribute__ ((nonstring)) to remove + unterminated-string-initialization warning + +Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216] +Signed-off-by: Felix Conway +Signed-off-by: Khem Raj +--- + library/ssl_tls13_keys.c | 3 ++- + library/ssl_tls13_keys.h | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c +index 739414e..375814c 100644 +--- a/library/ssl_tls13_keys.c ++++ b/library/ssl_tls13_keys.c +@@ -81,7 +81,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = + * the HkdfLabel structure on success. + */ + +-static const char tls13_label_prefix[6] = "tls13 "; ++/* We need to tell the compiler that we meant to leave out the null character. */ ++static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; + + #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ + (2 /* expansion length */ \ +diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h +index d3a4c6c..95cde7a 100644 +--- a/library/ssl_tls13_keys.h ++++ b/library/ssl_tls13_keys.h +@@ -40,8 +40,9 @@ + + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) + ++/* We need to tell the compiler that we meant to leave out the null character. */ + #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ +- const unsigned char name [sizeof(string) - 1]; ++ const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); + + union mbedtls_ssl_tls13_labels_union { + MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch b/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch new file mode 100644 index 0000000000..2f94cee277 --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch @@ -0,0 +1,42 @@ +From 91ec670d3f6399510995dedbf99dca2e7e9bd2d8 Mon Sep 17 00:00:00 2001 +From: Felix Conway +Date: Thu, 12 Jun 2025 11:28:56 +0100 +Subject: [PATCH 2/2] Replace __attribute__((nonstring)) with macro + MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING + +This macro applies __attribute__((nonstring)) when using a compiler that supports it + +Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216] +Signed-off-by: Felix Conway +Signed-off-by: Khem Raj +--- + library/ssl_tls13_keys.c | 2 +- + library/ssl_tls13_keys.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c +index 375814c..621a7d5 100644 +--- a/library/ssl_tls13_keys.c ++++ b/library/ssl_tls13_keys.c +@@ -82,7 +82,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = + */ + + /* We need to tell the compiler that we meant to leave out the null character. */ +-static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; ++static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; + + #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ + (2 /* expansion length */ \ +diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h +index 95cde7a..3aa94d7 100644 +--- a/library/ssl_tls13_keys.h ++++ b/library/ssl_tls13_keys.h +@@ -42,7 +42,7 @@ + + /* We need to tell the compiler that we meant to leave out the null character. */ + #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ +- const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); ++ const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; + + union mbedtls_ssl_tls13_labels_union { + MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch b/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch new file mode 100644 index 0000000000..6e2d9eb5f1 --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch @@ -0,0 +1,33 @@ +Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING +This macro applies __attribute__((nonstring)) when using a compiler that supports it + +Upstream-Status: Backport [https://github.com/Mbed-TLS/TF-PSA-Crypto/commit/996f4fa3a2fbe8792ed3efd1bcb3657001f35ae1] + +Signed-off-by: Felix Conway +Signed-off-by: Khem Raj + +--- a/library/ssl_tls13_keys.h ++++ b/library/ssl_tls13_keys.h +@@ -7,6 +7,22 @@ + #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) + #define MBEDTLS_SSL_TLS1_3_KEYS_H + ++/* GCC >= 15 has a warning 'unterminated-string-initialization' which complains if you initialize ++ * a string into an array without space for a terminating NULL character. In some places in the ++ * codebase this behaviour is intended, so we add the macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING ++ * to suppress the warning in these places. ++ */ ++#if defined(__has_attribute) ++#if __has_attribute(nonstring) ++#define MBEDTLS_HAS_ATTRIBUTE_NONSTRING ++#endif /* __has_attribute(nonstring) */ ++#endif /* __has_attribute */ ++#if defined(MBEDTLS_HAS_ATTRIBUTE_NONSTRING) ++#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING __attribute__((nonstring)) ++#else ++#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING ++#endif /* MBEDTLS_HAS_ATTRIBUTE_NONSTRING */ ++ + /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at + * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union + * below. */ diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb index fac1498b3b..4e7e5fa31d 100644 --- a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb +++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb @@ -7,8 +7,12 @@ DEPENDS = "libxml2 libxslt virtual/crypt" SECTION = "net" SRC_URI = "https://hiawatha.leisink.net/files/hiawatha-${PV}.tar.gz \ + file://0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch;patchdir=mbedtls \ + file://0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch;patchdir=mbedtls \ + file://define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch;patchdir=mbedtls \ file://hiawatha-init \ - file://hiawatha.service " + file://hiawatha.service \ + " SRC_URI[sha256sum] = "8bc180ae3b986d02466f081efeefdb1595d96783f581fded2a9b198752ab7ae1"