hiawatha: Fix bundled mbedtls with clang-21

Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch

@@ -0,0 +1,43 @@
+From 56b26ede007453a4ee9832076597e82d2a903700 Mon Sep 17 00:00:00 2001
+From: Felix Conway <felix.conway@arm.com>
+Date: Wed, 11 Jun 2025 16:04:06 +0100
+Subject: [PATCH 1/2] Add __attribute__ ((nonstring)) to remove
+ unterminated-string-initialization warning
+
+Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216]
+Signed-off-by: Felix Conway <felix.conway@arm.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ library/ssl_tls13_keys.c | 3 ++-
+ library/ssl_tls13_keys.h | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
+index 739414e..375814c 100644
+--- a/library/ssl_tls13_keys.c
++++ b/library/ssl_tls13_keys.c
+@@ -81,7 +81,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
+  *            the HkdfLabel structure on success.
+  */
+ 
+-static const char tls13_label_prefix[6] = "tls13 ";
++/* We need to tell the compiler that we meant to leave out the null character. */
++static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 ";
+ 
+ #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
+     (2                     /* expansion length           */ \
+diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
+index d3a4c6c..95cde7a 100644
+--- a/library/ssl_tls13_keys.h
++++ b/library/ssl_tls13_keys.h
+@@ -40,8 +40,9 @@
+ 
+ #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ 
++/* We need to tell the compiler that we meant to leave out the null character. */
+ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
+-    const unsigned char name    [sizeof(string) - 1];
++    const unsigned char name    [sizeof(string) - 1] __attribute__ ((nonstring));
+ 
+ union mbedtls_ssl_tls13_labels_union {
+     MBEDTLS_SSL_TLS1_3_LABEL_LIST

meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch

@@ -0,0 +1,42 @@
+From 91ec670d3f6399510995dedbf99dca2e7e9bd2d8 Mon Sep 17 00:00:00 2001
+From: Felix Conway <felix.conway@arm.com>
+Date: Thu, 12 Jun 2025 11:28:56 +0100
+Subject: [PATCH 2/2] Replace __attribute__((nonstring)) with macro
+ MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+
+This macro applies __attribute__((nonstring)) when using a compiler that supports it
+
+Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216]
+Signed-off-by: Felix Conway <felix.conway@arm.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ library/ssl_tls13_keys.c | 2 +-
+ library/ssl_tls13_keys.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
+index 375814c..621a7d5 100644
+--- a/library/ssl_tls13_keys.c
++++ b/library/ssl_tls13_keys.c
+@@ -82,7 +82,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
+  */
+ 
+ /* We need to tell the compiler that we meant to leave out the null character. */
+-static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 ";
++static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 ";
+ 
+ #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
+     (2                     /* expansion length           */ \
+diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
+index 95cde7a..3aa94d7 100644
+--- a/library/ssl_tls13_keys.h
++++ b/library/ssl_tls13_keys.h
+@@ -42,7 +42,7 @@
+ 
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
+-    const unsigned char name    [sizeof(string) - 1] __attribute__ ((nonstring));
++    const unsigned char name    [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING;
+ 
+ union mbedtls_ssl_tls13_labels_union {
+     MBEDTLS_SSL_TLS1_3_LABEL_LIST

meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch

@@ -0,0 +1,33 @@
+Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+This macro applies __attribute__((nonstring)) when using a compiler that supports it
+
+Upstream-Status: Backport [https://github.com/Mbed-TLS/TF-PSA-Crypto/commit/996f4fa3a2fbe8792ed3efd1bcb3657001f35ae1]
+
+Signed-off-by: Felix Conway <felix.conway@arm.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/library/ssl_tls13_keys.h
++++ b/library/ssl_tls13_keys.h
+@@ -7,6 +7,22 @@
+ #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H)
+ #define MBEDTLS_SSL_TLS1_3_KEYS_H
+ 
++/* GCC >= 15 has a warning 'unterminated-string-initialization' which complains if you initialize
++ * a string into an array without space for a terminating NULL character. In some places in the
++ * codebase this behaviour is intended, so we add the macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
++ * to suppress the warning in these places.
++ */
++#if defined(__has_attribute)
++#if __has_attribute(nonstring)
++#define MBEDTLS_HAS_ATTRIBUTE_NONSTRING
++#endif /* __has_attribute(nonstring) */
++#endif /* __has_attribute */
++#if defined(MBEDTLS_HAS_ATTRIBUTE_NONSTRING)
++#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING __attribute__((nonstring))
++#else
++#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
++#endif /* MBEDTLS_HAS_ATTRIBUTE_NONSTRING */
++
+ /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
+  * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union
+  * below. */

meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb

@@ -7,8 +7,12 @@ DEPENDS = "libxml2 libxslt virtual/crypt"
 SECTION = "net"
 
 SRC_URI = "https://hiawatha.leisink.net/files/hiawatha-${PV}.tar.gz \
+           file://0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch;patchdir=mbedtls \
+           file://0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch;patchdir=mbedtls \
+           file://define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch;patchdir=mbedtls \
            file://hiawatha-init \
-           file://hiawatha.service "
+           file://hiawatha.service \
+          "
 
 SRC_URI[sha256sum] = "8bc180ae3b986d02466f081efeefdb1595d96783f581fded2a9b198752ab7ae1"