-
u-boot (2022.01+dfsg-2ubuntu2.5) jammy; urgency=medium
* Support mkeficapsule command to generate capsule file (LP: #2036406)
* mkeficapsule with the patches applied matches U-Boot v2022.04.
* Update test script related to efi_capsule
-- Aristo Chen <email address hidden> Mon, 18 Sep 2023 11:02:43 +0800
-
u-boot (2022.01+dfsg-2ubuntu2.4) jammy; urgency=medium
* Rebuild against updated OpenSBI (LP: #2026588)
* Enable sbi command on riscv64 to check OpenSBI version
-- Heinrich Schuchardt <email address hidden> Thu, 20 Jul 2023 11:42:59 +0200
-
u-boot (2022.01+dfsg-2ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: unchecked length field in DFU implementation
- debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
- debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
drivers/usb/gadget/f_dfu.c.
- CVE-2022-2347
* SECURITY UPDATE: buffer overflow via invalid packets
- debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
fragmented datagram size in include/net.h, net/net.c.
- CVE-2022-30552
- CVE-2022-30790
* SECURITY UPDATE: incomplete fix for CVE-2019-14196
- debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
net/nfs.c.
- CVE-2022-30767
* SECURITY UPDATE: out of bounds write via sqfs_readdir()
- debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
in fs/squashfs/sqfs.c, include/fs.h.
- CVE-2022-33103
* SECURITY UPDATE: heap buffer overflow in metadata reading
- debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
fs/squashfs/sqfs.c.
- CVE-2022-33967
* SECURITY UPDATE: stack overflow in i2c md command
- debian/patches/CVE-2022-34835.patch: switch to unsigned int in
cmd/i2c.c.
- CVE-2022-34835
-- Marc Deslauriers <email address hidden> Thu, 24 Nov 2022 14:40:06 -0500
-
u-boot (2022.01+dfsg-2ubuntu2.1) jammy; urgency=medium
* Add package u-boot-microchip (LP: #1995848)
* Add u-boot-sifive.README.Debian
* Enable reset via SBI
d/p/riscv64/sysreset-sbi.patch
d/p/enable-reset-via-SBI-on-PolarFire-Icicle-Kit.patch
-- Heinrich Schuchardt <email address hidden> Fri, 18 Nov 2022 12:11:50 +0100
-
u-boot (2022.01+dfsg-2ubuntu2) jammy; urgency=medium
* d/patches: Add SiFive Unmatched PCIe fix (LP: #1965321)
-- Alexandre Ghiti <email address hidden> Fri, 25 Mar 2022 11:15:18 +0100
-
u-boot (2022.01+dfsg-2ubuntu1) jammy; urgency=medium
[ Dave Jones ]
* Merge from Debian unstable (LP: #1964365). Remaining changes:
- d/p/rpi-config-tweaks.patch: Configuration adjustments to the RPi
configs
- Enable FIT signing support
- Limit key names to keys within the keydir.
- Enable Ubuntu support for the Nitrogen6x board
- Add d/p/ubuntu-nitrogen6q2g-config-tweaks.patch to tweak the
nitrogen6q2g configs to better fit our Ubuntu usage.
- Start building the nitrogen6x2g target for u-boot.
- d/p/rpi-board-dt.patch: use the board's device-tree instead of an
embedded one
- Add d/p/rpi-cm4-sdhci.patch for CM4 eMMC support
- Add d/p/rpi-8gb-pci.patch for Pi400 and Pi4-8Gb support
- Add d/p/rpi-maxargs.patch for new Core 18 boot-env
- Removed d/u-boot-rpi.postinst. The task of copying the u-boot binaries
to the boot partition is now performed by flash-kernel
- Revert '* debian/rules: Ensure debugging symbols are enabled.' as it
breaks riscv64 booting.
- Implement u-boot-sifive.postinst to upgrade u-boot in loader1/loader2
partitions upon package upgrades. Maybe this should move to flash-
kernel, and update SPI too.
- Provide compat symlinks for old unleashed & unmatched platform names
- sifive boards: re-enable back USE_PREBOOT< it used to be there in
2021.01 releases, and I suspect it affects unleashed bootability.
- In postinst support Unmatched model name without A00 suffix, as used by
meta-sifive kernels and may be contributed upstream in the future.
- Fix Unleashed name typo that resulted in an unbootable image due to
missing OpenSBI.
* Removed obsolete patches/changes:
- fix cmd_sysconfig in qemu
- set default fdtfile names for sifive boards
- Drop unleashed hunk from
riscv64/qemu-riscv64_smode-sifive-fu540-fix-extlinux-define-.patch, as
the same preboot is specified in unleashed board include.
- Cherrypick patch from Heinrich Schuchardt (xypron) to fix failure to
boot on Unmatched.
- Drop 75efe7dc996ddb9835590b1a8970f19b5c4b1ade.patch included upstream.
- Remove unreferenced fe01f41d57b79d9ca94604503a25e55175744d42.patch,
included as riscv64/0013-riscv-sifive-Set-default-fdtfile-names.patch.
- Build against opensbi with reboot support on Unmatched
- Add missing trailing \n to arch/arm/mach-stm32mp/cmd_stm32prog/Kconfig.
Fixes a rare (but reliable) FTBFS from check-config.sh. In the original
case on LP armhf, mach-imx/Kconfig sorted immediately after
cmd_stm32prog/Kconfig, causing lines to run together and the sed to not
match the "config HAS_CAAM" line, causing the dh_imx6 defconfig to
appear invalid.
- Import meta-sifive patch series.
- Refreshed rk3399 patches for new release
* Refreshed patches for new release
* Re-added target for nitrogen6q2 u-boot binary (missed in prior merge)
* Fixed nitrogen6q2g patch to build properly on armhf
[ Heinrich Schuchardt ]
* d/p/efivars-commands.patch: Enable commands for displaying and configuring
the UEFI environment
* d/p/efi-part-list.patch: Permit listing of non-contiguous partitions in
GPT tables
* d/p/efi-loader-copy-guid.patch: Copy GUID in InstallProtocolInterface to
avoid crash with systemd-boot
-- Dave Jones <email address hidden> Thu, 10 Mar 2022 16:54:01 +0000
-
u-boot (2021.07+dfsg-0ubuntu10) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <email address hidden> Fri, 03 Dec 2021 14:16:56 +0000
-
u-boot (2021.07+dfsg-0ubuntu9) jammy; urgency=medium
* No change rebuild with new opensbi snapshot.
-- Dimitri John Ledkov <email address hidden> Tue, 02 Nov 2021 12:41:21 +0000
-
u-boot (2021.07+dfsg-0ubuntu8) impish; urgency=medium
* Add missing trailing \n to arch/arm/mach-stm32mp/cmd_stm32prog/Kconfig.
Fixes a rare (but reliable) FTBFS from check-config.sh. In the original
case on LP armhf, mach-imx/Kconfig sorted immediately after
cmd_stm32prog/Kconfig, causing lines to run together and the sed to not
match the "config HAS_CAAM" line, causing the dh_imx6 defconfig to appear
invalid.
-- William Grant <email address hidden> Wed, 13 Oct 2021 20:05:23 +1100
