Backport from master:
https://git.openembedded.org/openembedded-core/commit/?id=debc691853e2954bd325bad395b8829939afaa08
When assembling all of the various filenames that are installed/deployed
from u-boot, we have been including the PV and PR in the filenames. This
change introduces a single variable to replace these two in the
filenames.
This change should not be disruptive since the default value for the new
UBOOT_VERSION variable is "${PV}-${PR}".
In one case (UBOOT_EXTLINUX_SYMLINK [1]), PR was used without PV, this
patch assumes this was a mistake and corrects it as PR would not be of
much use alone.
[1] https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=33df3a65f3e8e136811da715d0cc247ce66ae0ea
(From OE-Core rev: 58ad450e84db35d5b38dab65edbbc33bc6fef750)
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: d96bf8ec82ed07c006167e15f7aa0d5e81440977)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: f25e1296b8265414061b0b8f12110c6ee22bc7be)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: eb9811ef2a38f1dcd4074eef6f809fd63e98454f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 77abb78b5d4dd0e54b656170c03ac68b919b8784)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: d9fb00f71380ad39ea5b61e60c4f458371460862)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 2ec4bcda16b92cabf7cf5cb7c68cbe45da269364)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: e1e13086f38b021a8aabfe8d044b5755d62ee846)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: d9d99bd5baddcb0438e0c28ab6e302ee9fa0c327)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 4e01993bf71d3b8e2375ab43857b671738953507)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: f24f2dc0b7504508357cbe5d5f7a577639a6548e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 0c860bf1765b49a7540ae3cb206ce09cf25f30a7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 70a15bc790025e3241274d3e92674928c41537b6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: f3a14813ed012904e64fd9897ea4ddaf622059dd)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 61268080ba160a4965873ba5aad6ebbfd1ee2fe1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 120d8cc7b91654557a3101a5f8fda44fb703e5b2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is used to fix multiple CVEs.
(From OE-Core rev: c12baf254a37ff4921c2be0e4d3f626a91980d1a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile
(From OE-Core rev: fab492f32a8630a353d307119dd4109dac81ad45)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error
and resultant heap memory corruption for squashfs directory listing because the
path separator is not considered in a size calculation.
https://nvd.nist.gov/vuln/detail/CVE-2024-57259
(From OE-Core rev: 8fad176e6258a44d1ba1eed224cd27745b6a57cf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1
occur for a crafted squashfs filesystem via sbrk, via request2size,
or because ptrdiff_t is mishandled on x86_64.
https://nvd.nist.gov/vuln/detail/CVE-2024-57258
(From OE-Core rev: 12e1d55ae2427b6aaca6a1f7d8f947f0d6bbd28d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with deep symlink nesting.
https://nvd.nist.gov/vuln/detail/CVE-2024-57257
(From OE-Core rev: 890597539246c0f2b427d60965d5665cf7f4731c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1
occurs for zalloc (adding one to an le32 variable) via a crafted ext4
filesystem with an inode size of 0xffffffff, resulting in a malloc of
zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57256
(From OE-Core rev: 21e6ac6e53112b9dddc5a84f27be5851469b9c46)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57255
(From OE-Core rev: c3784c108f003c6663ca969585414e4a90f06606)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_inode_size in Das U-Boot before
2025.01-rc1 occurs in the symlink size calculation via a
crafted squashfs filesystem.
https://nvd.nist.gov/vuln/detail/CVE-2024-57254
(From OE-Core rev: eea9fee59bc7576bef94f0da466887e4daff0356)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The looping logic for handling (and not handling) UBOOT_CONFIG has led
to the various do_* functions to be large and unwieldy. In order to
modify one of the functional blocks inside of a loop (or in the else
condition) means you either have to replace the function entirely, or
append the function and undo something it did and then do what you need
for your change.
This refactor breaks out all of the inner loops and else clauses into
new functions that themselves can be overridden without needing to
worry about the bulk of the looping logic.
It should not break any existing recipes doing prepends, appends, or
overrides. None of the functional blocks were changed, just refactored
out into new functions.
Backport from master: https://git.openembedded.org/openembedded-core/commit/?id=937bcc229502fcc154cc676b4fcc93c561873def
(From OE-Core rev: bbb8db8fec7fbee56fcdbc665a758b911d73a767)
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This option fails with clang compiler when testing for soft-float because
OE enforces this option via CCARGS however, gtub's
makefile/configure does disable all sse options when checking for
soft-float support, but it can not disable -mfpmath=sse as its inserted
by OE, therefore remove it in recipe
Fixes build errors seen with clang/musl like on x86
error: the 'sse' unit is not supported with this instruction set
(From OE-Core rev: 17273366f23702077fe7a270afc7b5d26a650bf7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad76da4ff6d7110747b620621ae3728de9905465)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
work arounds for:
oe-core/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb:do_compile
oe-core/meta/recipes-connectivity/connman/connman-gnome_0.7.bb:do_compile
oe-core/meta/recipes-support/libfm/libfm_1.3.2.bb:do_compile
http://errors.yoctoproject.org/Errors/Build/183127/
More fixes on ML (especially for -native with gcc-14 on host)
cdrtools: https://lists.openembedded.org/g/openembedded-core/message/198899
syslinux: https://lists.openembedded.org/g/openembedded-core/message/198901
(From OE-Core rev: 924dc9bd3b1b21a60ebb117b0abf81d2650aedd0)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 856ffc7d0893c1dc549baf401899947f70d31896)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
mkeficapsule is a tool provided by U-Boot (as part of the tools-only
targets) for generating UEFI capsule update archives.
Install mkeficapsule into a u-boot-tools-mkeficapsule package.
(From OE-Core rev: ab9380cd969cc0762a55e5e2c7a8ea6b697e3ae1)
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
externalsrc only monitors files listed in CONFIGURE_FILES environment
variable to know if it should trigger a rebuild of do_configure. By
default it is unset, but the defconfig from U-Boot should be listed
otherwise an old defconfig may be used even though the change is
technically detected by the do_compile logic later in the process.
Because U-Boot recipe uses `make oldconfig` when no defconfig is passed,
monitor .config for that special case.
This fixes U-Boot recipes not detecting defconfig changes when
devtool'ed.
Reported-by: Iskander Amara <iskander.amara@theobroma-systems.com>
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: fef517b5f978cf848b9cc40e8ce6bb2762681182)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit cc6c3e31526d ("u-boot: Move definitions to common locations") moved
UBOOT_INITIAL_ENV to uboot-config.bbclass, but it should be kept at u-boot.inc
because it encodes ${PN} in it, which should be set by the U-Boot recipe.
Currently, whatever inherits uboot-config bbclass will fill-in its own PN,
which would change the content of UBOOT_INITIAL_ENV per-package.
Cc: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Cc: Marek Vasut <marex@denx.de>
Fixes: cc6c3e31526d ("u-boot: Move definitions to common locations")
(From OE-Core rev: 0b0c4b37d318b86f100512476ffd861e0ce1f47e)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
configure.patch
refreshed for 3.11.1
Changelog:
===========
* Fixed wrong API version in lib/pci.h.
* Updated README.Windows.
* Fix compilation on Windows.
* update-pciids now supports XZ compression. If libpci is configured
with support for compression, all downloaded files are recompressed
as gzip. Otherwise they are stored as plain text.
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining.
* Re-factored access to i386 ports on all relevant platforms.
* Added i386 port access on OpenBSD.
* Back-ends for Windows received many bug fixes and improvements.
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
as they are hopefully long gone. This helps avoid the tricky check
for presence of pread which was found to fail on musl libc.
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* Internal: The "aux" fields of structs pci_access and pci_dev
reserved for use by back-ends were renamed to backend_data to better
reflect their meaning.
* As usually, various minor bug fixes and updated pci.ids.
(From OE-Core rev: bbda388857284612190b58abe8d73c93e39d1574)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
-Add -T workaround for GNU ld 2.36
-Add extern "C" to headers for easier use by C++
-Avoid format error on i686
-Fix the -march issue for riscv64
-Fix musl build
-Fix invalid free in main()
-Remove deprecated --add-needed linker flag
-src/Makefile: build util.c separately for makeguids
-Adjust dependency for libefivar and libefiboot objects
-Set LC_ALL=C to force English output from ld
-LLD: fix detection and remove not needed workarounds
-Fix glibc 2.36 build (mount.h conflicts)
-File device paths: don't print "File(" or ")"
-Use off_t instead of off64_t
-Revamp efi_well_known_* variable handling
-Allow overriding PKG_CONFIG
-Allow passing of hex values to -A
-Allow -a to create a non-existent variable
-make: add option to disable building/installing the docs
-esl-iter.h: fix type declaration of return value for gcc-13
-Minor code updates
-src/Makefile: do not override LIBS and CFLAGS for prerequisites
-linux: handle non-ACPI systems in device_get()
-Change set&append data to be const.
-dp.h: check _ucs2size in format_ucs2()
-Fix wrong if condition in efi_variable_get_data
-Make README statement match license
-Remove needless access() in efivarfs_probe()
(From OE-Core rev: d8fdd64d13d5598b16ddf7329d5ca283ec7da518)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redhat/Fedora specific as it affects the grub2-set-bootflag extension
added by Redhat to grub.
(From OE-Core rev: 40cd768368167f81de5bb55e9ff0584035f4c1b4)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid:
u-boot-1_2024.01-r0 do_package_qa: QA Issue: File /boot/u-boot-qemuriscv64-2024.01-r0.elf in package u-boot contains reference to TMPDIR [buildpaths]
by ensuring the compiler has the prefix mapping options passed in to it
to correctly remap the source paths and avoid the warning.
(From OE-Core rev: 85c6b06da641fdaf09f2cfe7066e0cf1185c7969)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When TF-A is necessary in U-Boot binary, binman requires elftools to be
installed to be able to generate that U-boot ITB image.
TF-A is necessary for at least all Aarch64 machines, so that is a
non-negligible amount of boards that have this requirement.
As a side note, Rockchip-based machines didn't need this until commit
12c3e948eeab ("rockchip: Drop the FIT generator script") (v2023.04-rc1).
This is already in meta-rockchip, c.f.
https://git.yoctoproject.org/meta-rockchip/commit/recipes-bsp/u-boot?id=6127d169acf239a53df989f34a6b825fa182cc0c
but I feel like this makes more sense to be present in OE-Core.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 70eca6a5ccf451572421f51eef9cc82ba120c7cb)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop patches that have been upstreamed. Refresh others.
This version dropped extra_deps.lst from the tarball [1] and that leads
to build failures. Restore it in do_configure for now.
[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e
(From OE-Core rev: 7c8e1e48075f7f54aec9d295605c982f440be5d5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release has:
- Synopsys DesignWare APB GPIO driver
- Zicntr and Zihpm support
- Console print improvements
- Smepmp support
- Simple FDT based syscon regmap driver
- Syscon based reboot and poweroff driver
- Non-contiguous hpm counters
- Smcntrpmf support
- Full sparse hartid support
- IPI improvements
- RFENCE improvements
- Zkr support
- Andes custom PMU support
Overall, this release mainly adds more ISA extensions, drivers and other improvements.
https://github.com/riscv-software-src/opensbi/compare/v1.3.1...v1.4
(From OE-Core rev: 09f8f9d378fed275701840b7be2d7eeba6ca50e1)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to version 017 and add a patch to fix a buildpath error.
(From OE-Core rev: 66877ee144a4ccf36c55a8c027a36a21bb58fa47)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed
to boot, it's a known issue has been fixed in grub upstream, backport
the fix.
(From OE-Core rev: 51eab4bb0cae46c9c32d28986eb97badf47594b7)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE: CVE-2023-4692
Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
CVE: CVE-2023-4693
There an out-of-bounds read at fs/ntfs.c, a physically present attacker
may leverage that by presenting a specially crafted NTFS file system
image to read arbitrary memory locations. A successful attack may allow
sensitive data cached in memory or EFI variables values to be leaked
presenting a high Confidentiality risk.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
(From OE-Core rev: a8bc6f041599ce8da275c163c87f155a2f09369c)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Here is list of changes in this major release
https://github.com/riscv-software-src/opensbi/compare/v1.2...v1.3.1
(From OE-Core rev: 5d642c49e9354c105b1269555b646bb4afaef491)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to U-Boot 2023.10.
The U-Boot 2023.10 tag is in the master branch, so switch the branch
back to master.
(From OE-Core rev: 6fce7f99ff5bacf7ad4b1816f462260fe41b38ee)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
