diff mbox series

[meta-networking,4/8] ot-br-posix: Fix build with clang-21

Message ID 20250830184311.1018374-4-raj.khem@gmail.com
State New
Headers show
Series [meta-oe,1/8] 7zip: Disable Werror | expand

Commit Message

Khem Raj Aug. 30, 2025, 6:43 p.m. UTC 
Update to latest tip of trunk
Fix mbedTLS issue seen with clang-21

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 ...itialize-mbedtls_x509_time-at-declar.patch | 32 +++++++++++++++++++
 .../openthread/ot-br-posix_git.bb             |  3 +-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch
new file mode 100644
index 0000000000..3949caa94f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch
@@ -0,0 +1,32 @@ 
+From c214f7884155607861d43dbfceaeb1c2d9f20740 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Aug 2025 17:08:23 -0700
+Subject: [PATCH] x509_crt: Zero-initialize mbedtls_x509_time at declaration
+
+'mbedtls_x509_time now' is a local struct variable. passing an uninitialized local as a const *
+argument is UB-risk, since the callee is not
+allowed to write into it.
+
+Clang-21 got stricter about const pointer arguments finds it and flags it.
+
+zero-initializing ensures all fields are defined.
+
+Upstream-Status: Submitted [https://github.com/Mbed-TLS/mbedtls/pull/10377]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ third_party/mbedtls/repo/library/x509_crt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/third_party/mbedtls/repo/library/x509_crt.c b/third_party/mbedtls/repo/library/x509_crt.c
+index 2fd56fbd7..d09060fd7 100644
+--- a/third_party/mbedtls/repo/library/x509_crt.c
++++ b/third_party/mbedtls/repo/library/x509_crt.c
+@@ -2523,7 +2523,7 @@ static int x509_crt_verify_chain(
+     int signature_is_good;
+     unsigned self_cnt;
+     mbedtls_x509_crt *cur_trust_ca = NULL;
+-    mbedtls_x509_time now;
++    mbedtls_x509_time now = {0};
+ 
+ #if defined(MBEDTLS_HAVE_TIME_DATE)
+     if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) {
diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb
index d0b4f81a4c..ff8b103a9f 100644
--- a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb
+++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb
@@ -10,13 +10,14 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=87109e44b2fda96a8991f27684a7349c \
                     file://third_party/openthread/repo/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \
                     "
 DEPENDS = "autoconf-archive dbus readline avahi jsoncpp boost libnetfilter-queue protobuf protobuf-native"
-SRCREV = "7142b740479e50f6f2c2a91a369b9c36e024fe0d"
+SRCREV = "0700948634b85947e893a65e3d510ed870a5755b"
 PV = "0.3.0+git"
 
 SRC_URI = "gitsm://github.com/openthread/ot-br-posix.git;protocol=https;branch=main \
            file://0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch \
            file://0001-cmake-Disable-nonnull-compare-warning-on-gcc.patch \
            file://default-cxx-std.patch \
+           file://0001-x509_crt-Zero-initialize-mbedtls_x509_time-at-declar.patch;patchdir=third_party/openthread/repo \
            "
 
 SYSTEMD_SERVICE:${PN} = "otbr-agent.service"