According to [1], Improper access control for volatile memory containing boot
code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019,
IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker
to execute arbitrary code.
Backport a patch [2] from upstream to fix CVE-2025-24857
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-24857
[2] 87d85139a9
(From OE-Core rev: 6f69c878896b536f5f7b16c566d420e188c82c7f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error
and resultant heap memory corruption for squashfs directory listing because the
path separator is not considered in a size calculation.
https://nvd.nist.gov/vuln/detail/CVE-2024-57259
(From OE-Core rev: 8fad176e6258a44d1ba1eed224cd27745b6a57cf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1
occur for a crafted squashfs filesystem via sbrk, via request2size,
or because ptrdiff_t is mishandled on x86_64.
https://nvd.nist.gov/vuln/detail/CVE-2024-57258
(From OE-Core rev: 12e1d55ae2427b6aaca6a1f7d8f947f0d6bbd28d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1
occurs for zalloc (adding one to an le32 variable) via a crafted ext4
filesystem with an inode size of 0xffffffff, resulting in a malloc of
zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57256
(From OE-Core rev: 21e6ac6e53112b9dddc5a84f27be5851469b9c46)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57255
(From OE-Core rev: c3784c108f003c6663ca969585414e4a90f06606)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_inode_size in Das U-Boot before
2025.01-rc1 occurs in the symlink size calculation via a
crafted squashfs filesystem.
https://nvd.nist.gov/vuln/detail/CVE-2024-57254
(From OE-Core rev: eea9fee59bc7576bef94f0da466887e4daff0356)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch to fix the mkimage path length error has landed in
U-Boot upstream.
Update the Upstream-Status accordingly.
(From OE-Core rev: 9e4e728a03f69d0f42d22820926e056f2db09c21)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch to fix the tools-only_defconfig error has landed in
U-Boot upstream.
Update the Upstream-Status accordingly.
(From OE-Core rev: f0facfbebcc5e4d74f70740c920df4c7c0824086)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to U-Boot 2023.01.
Remove the two patches that are now upstream:
e67f34f778ba ("riscv: support building double-float modules")
1dde977518f1 ("riscv: Fix build against binutils 2.38")
And add a patch that fixes u-boot-tools build.
(From OE-Core rev: ec69f295552d6dd4de755bb4562a007158cf660e)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ensure right ABI and march is used which matches OE core settings
(From OE-Core rev: 17cd727f333580c6fd7ff20c90ede9ccce9ef60b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A following error was observed:
| Can't write signature for 'signature@1' signature node in 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error>
| uboot-mkimage Can't add hashes to FIT blob: -1
This is caused by a wrong return value being used in uboot source.
The return value '-ENOSPC' of fit_set_timestamp function does not match
the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'.
Fix it by not calling fit_set_timestamp, but call fdt_setprop instead.
(From OE-Core rev: 8628a276a01e994e84d3c6ac8397860e8e2bbb5b)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport fixes for CVE-2021-27097 and CVE-2021-27138 as well as
a precursor fdt validation fix that allows using the upstream
patches for the CVEs without significant rebasing. Note that
the additional upstream changes to add new U-Boot fit image tests
have been left out to keep the patch count down. Those tests are
currently not used for ptest or oe-selftest, so it is believed
their absence should not be problematic.
(From OE-Core rev: b6c2df341d7e6da5defca9a5567fdb7212489efa)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also drop unreferenced (already merged) patches.
(From OE-Core rev: 7b1440dff8129a997400cd7d4b5372455ddd1fe4)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrades U-Boot to 2018.11 release and drop the backported
security fixes which are now included upstream.
(From OE-Core rev: 04469ab5b7f0446404b4cb55a15595678581ab26)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 7e8273cb55df71eaaf2cd50db076b73229ef7566)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In order for u-boot to work on Nios II architecture,
the device tree file requires adding pre-relocation
flag to the CPU node.
Patch is tested on 10m50 board. Pass booting up
Linux.
[YOCTO #11628]
(From OE-Core rev: 1e301a9f959fd3816d96cfdb6f8530898cefafce)
Signed-off-by: Gan, Yau Wai <yau.wai.gan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Getting ip address from DHCP server is much more convenient
than setting static ip. It allows to configure u-boot in
more generic way and to avoid hardcoding static ip in
u-boot configuration.
Enabled dhcp client functionality for Yocto reference
hardware MPC8315E-RDB.
(From OE-Core rev: fa3a157e437aefa24c473ec53736a26f7e9fd470)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After discussions with upstream this version of the patch was proposed
and is being submitted to upstream u-boot. Update to that version
(which is better than my workaround).
(From OE-Core rev: 048af2455aa65b25fd74bfe0e6d3a0af7562b42f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OE needs to be able to change the default compiler. If we pass in HOSTCC
through the make command, it overwrites not only this setting but also the
setting in tools/Makefile wrapped in ifneq ($(CROSS_BUILD_TOOLS),) which
breaks the build.
We therefore add a way of changing the default in the top level Makefile
without interfering with the other setting.
I've emailed this workaround to Masahiro Yamada for discussion.
(From OE-Core rev: e777d6873ce9a8a80288ecbcfc86239e0ed0e2f9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
u-boot doesn't really support building its tools for the target, as they are
built with HOSTCC compiler, which is also used to compile fixdep utility
that gets executed during the build. Since it might be beneficial to have a
target version of mkimage, let's hack it to build fixdep in a separate step.
(From OE-Core rev: a8692184d25cb7d8cb3b617e1dfb901fe1b0ca3d)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix beaglebone boot issue with large kernel images overwriting Device Tree.
See very detailed comments inside the patch.
The original patch is being reviewed upstream and is targeting mainline U-boot
version 2014.07. This is the adaptation of the patch for 2013.07 version we use
(From OE-Core rev: cd495307d233b81ebeb43198d13bbd4b3ad7407f)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrades the U-Boot based recipes for 2013.07 release.
This removes the 2011.03, 2011.06 and 2013.01.01 versions so we keep a
single one in core. The following recipes has been upgraded:
- u-boot (remove old versions)
- u-boot-mkimage (remove old versions)
- u-boot-fw-utils -> u-boot-fw-utils-cross (renamed and reworked)
The u-boot-fw-utils-cross recipe has been reworked as it uses the
UBOOT_MACHINE to find default environment for use so it is indeed a
cross binary and not a native one.
(From OE-Core rev: c5fff5748e0aaf7e135fdd464c2104b1d3cbfd5a)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipe dirs normally have the name of the (main) package and the official name is u-boot
(From OE-Core rev: e9899d52ade2181bd97dcf79bec64650e8b0f718)
Signed-off-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
