This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.
(From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a)
(From OE-Core rev: d005eda88dad37f31bdc59e45e20b209f3771a26)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport an algorithmic change to grub_crypto_memcmp() so that it
completes in constant time and thus isn't susceptible to side-channel
attacks.
(From OE-Core rev: 319210be147ec57518c237cb705857aeda9943e6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30a1cc225a2bd5d044bf608d863a67df3f9c03be)
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: d96bf8ec82ed07c006167e15f7aa0d5e81440977)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: f25e1296b8265414061b0b8f12110c6ee22bc7be)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: eb9811ef2a38f1dcd4074eef6f809fd63e98454f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 77abb78b5d4dd0e54b656170c03ac68b919b8784)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: d9fb00f71380ad39ea5b61e60c4f458371460862)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 2ec4bcda16b92cabf7cf5cb7c68cbe45da269364)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: e1e13086f38b021a8aabfe8d044b5755d62ee846)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: d9d99bd5baddcb0438e0c28ab6e302ee9fa0c327)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 4e01993bf71d3b8e2375ab43857b671738953507)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: f24f2dc0b7504508357cbe5d5f7a577639a6548e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 0c860bf1765b49a7540ae3cb206ce09cf25f30a7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 70a15bc790025e3241274d3e92674928c41537b6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: f3a14813ed012904e64fd9897ea4ddaf622059dd)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 61268080ba160a4965873ba5aad6ebbfd1ee2fe1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 120d8cc7b91654557a3101a5f8fda44fb703e5b2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is used to fix multiple CVEs.
(From OE-Core rev: c12baf254a37ff4921c2be0e4d3f626a91980d1a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile
(From OE-Core rev: fab492f32a8630a353d307119dd4109dac81ad45)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error
and resultant heap memory corruption for squashfs directory listing because the
path separator is not considered in a size calculation.
https://nvd.nist.gov/vuln/detail/CVE-2024-57259
(From OE-Core rev: 8fad176e6258a44d1ba1eed224cd27745b6a57cf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1
occur for a crafted squashfs filesystem via sbrk, via request2size,
or because ptrdiff_t is mishandled on x86_64.
https://nvd.nist.gov/vuln/detail/CVE-2024-57258
(From OE-Core rev: 12e1d55ae2427b6aaca6a1f7d8f947f0d6bbd28d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1
occurs for zalloc (adding one to an le32 variable) via a crafted ext4
filesystem with an inode size of 0xffffffff, resulting in a malloc of
zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57256
(From OE-Core rev: 21e6ac6e53112b9dddc5a84f27be5851469b9c46)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57255
(From OE-Core rev: c3784c108f003c6663ca969585414e4a90f06606)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_inode_size in Das U-Boot before
2025.01-rc1 occurs in the symlink size calculation via a
crafted squashfs filesystem.
https://nvd.nist.gov/vuln/detail/CVE-2024-57254
(From OE-Core rev: eea9fee59bc7576bef94f0da466887e4daff0356)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The looping logic for handling (and not handling) UBOOT_CONFIG has led
to the various do_* functions to be large and unwieldy. In order to
modify one of the functional blocks inside of a loop (or in the else
condition) means you either have to replace the function entirely, or
append the function and undo something it did and then do what you need
for your change.
This refactor breaks out all of the inner loops and else clauses into
new functions that themselves can be overridden without needing to
worry about the bulk of the looping logic.
It should not break any existing recipes doing prepends, appends, or
overrides. None of the functional blocks were changed, just refactored
out into new functions.
Backport from master: https://git.openembedded.org/openembedded-core/commit/?id=937bcc229502fcc154cc676b4fcc93c561873def
(From OE-Core rev: bbb8db8fec7fbee56fcdbc665a758b911d73a767)
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This option fails with clang compiler when testing for soft-float because
OE enforces this option via CCARGS however, gtub's
makefile/configure does disable all sse options when checking for
soft-float support, but it can not disable -mfpmath=sse as its inserted
by OE, therefore remove it in recipe
Fixes build errors seen with clang/musl like on x86
error: the 'sse' unit is not supported with this instruction set
(From OE-Core rev: 17273366f23702077fe7a270afc7b5d26a650bf7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad76da4ff6d7110747b620621ae3728de9905465)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
mkeficapsule is a tool provided by U-Boot (as part of the tools-only
targets) for generating UEFI capsule update archives.
Install mkeficapsule into a u-boot-tools-mkeficapsule package.
(From OE-Core rev: ab9380cd969cc0762a55e5e2c7a8ea6b697e3ae1)
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
externalsrc only monitors files listed in CONFIGURE_FILES environment
variable to know if it should trigger a rebuild of do_configure. By
default it is unset, but the defconfig from U-Boot should be listed
otherwise an old defconfig may be used even though the change is
technically detected by the do_compile logic later in the process.
Because U-Boot recipe uses `make oldconfig` when no defconfig is passed,
monitor .config for that special case.
This fixes U-Boot recipes not detecting defconfig changes when
devtool'ed.
Reported-by: Iskander Amara <iskander.amara@theobroma-systems.com>
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: fef517b5f978cf848b9cc40e8ce6bb2762681182)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit cc6c3e31526d ("u-boot: Move definitions to common locations") moved
UBOOT_INITIAL_ENV to uboot-config.bbclass, but it should be kept at u-boot.inc
because it encodes ${PN} in it, which should be set by the U-Boot recipe.
Currently, whatever inherits uboot-config bbclass will fill-in its own PN,
which would change the content of UBOOT_INITIAL_ENV per-package.
Cc: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Cc: Marek Vasut <marex@denx.de>
Fixes: cc6c3e31526d ("u-boot: Move definitions to common locations")
(From OE-Core rev: 0b0c4b37d318b86f100512476ffd861e0ce1f47e)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
configure.patch
refreshed for 3.11.1
Changelog:
===========
* Fixed wrong API version in lib/pci.h.
* Updated README.Windows.
* Fix compilation on Windows.
* update-pciids now supports XZ compression. If libpci is configured
with support for compression, all downloaded files are recompressed
as gzip. Otherwise they are stored as plain text.
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining.
* Re-factored access to i386 ports on all relevant platforms.
* Added i386 port access on OpenBSD.
* Back-ends for Windows received many bug fixes and improvements.
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
as they are hopefully long gone. This helps avoid the tricky check
for presence of pread which was found to fail on musl libc.
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* Internal: The "aux" fields of structs pci_access and pci_dev
reserved for use by back-ends were renamed to backend_data to better
reflect their meaning.
* As usually, various minor bug fixes and updated pci.ids.
(From OE-Core rev: bbda388857284612190b58abe8d73c93e39d1574)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
-Add -T workaround for GNU ld 2.36
-Add extern "C" to headers for easier use by C++
-Avoid format error on i686
-Fix the -march issue for riscv64
-Fix musl build
-Fix invalid free in main()
-Remove deprecated --add-needed linker flag
-src/Makefile: build util.c separately for makeguids
-Adjust dependency for libefivar and libefiboot objects
-Set LC_ALL=C to force English output from ld
-LLD: fix detection and remove not needed workarounds
-Fix glibc 2.36 build (mount.h conflicts)
-File device paths: don't print "File(" or ")"
-Use off_t instead of off64_t
-Revamp efi_well_known_* variable handling
-Allow overriding PKG_CONFIG
-Allow passing of hex values to -A
-Allow -a to create a non-existent variable
-make: add option to disable building/installing the docs
-esl-iter.h: fix type declaration of return value for gcc-13
-Minor code updates
-src/Makefile: do not override LIBS and CFLAGS for prerequisites
-linux: handle non-ACPI systems in device_get()
-Change set&append data to be const.
-dp.h: check _ucs2size in format_ucs2()
-Fix wrong if condition in efi_variable_get_data
-Make README statement match license
-Remove needless access() in efivarfs_probe()
(From OE-Core rev: d8fdd64d13d5598b16ddf7329d5ca283ec7da518)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redhat/Fedora specific as it affects the grub2-set-bootflag extension
added by Redhat to grub.
(From OE-Core rev: 40cd768368167f81de5bb55e9ff0584035f4c1b4)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid:
u-boot-1_2024.01-r0 do_package_qa: QA Issue: File /boot/u-boot-qemuriscv64-2024.01-r0.elf in package u-boot contains reference to TMPDIR [buildpaths]
by ensuring the compiler has the prefix mapping options passed in to it
to correctly remap the source paths and avoid the warning.
(From OE-Core rev: 85c6b06da641fdaf09f2cfe7066e0cf1185c7969)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release has:
- Synopsys DesignWare APB GPIO driver
- Zicntr and Zihpm support
- Console print improvements
- Smepmp support
- Simple FDT based syscon regmap driver
- Syscon based reboot and poweroff driver
- Non-contiguous hpm counters
- Smcntrpmf support
- Full sparse hartid support
- IPI improvements
- RFENCE improvements
- Zkr support
- Andes custom PMU support
Overall, this release mainly adds more ISA extensions, drivers and other improvements.
https://github.com/riscv-software-src/opensbi/compare/v1.3.1...v1.4
(From OE-Core rev: 09f8f9d378fed275701840b7be2d7eeba6ca50e1)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed
to boot, it's a known issue has been fixed in grub upstream, backport
the fix.
(From OE-Core rev: 51eab4bb0cae46c9c32d28986eb97badf47594b7)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
