UbuntuUpdates.org

Package "u-boot"

Name: u-boot

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • A boot loader for qemu
  • companion tools for Das U-Boot bootloader

Latest version: 2021.01+dfsg-3ubuntu0~20.04.6
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "u-boot" in Focal

Repository Area Version
base main 2019.07+dfsg-1ubuntu6
security main 2021.01+dfsg-3ubuntu0~20.04.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2021.01+dfsg-3ubuntu0~20.04.6 2023-02-07 13:07:04 UTC

  u-boot (2021.01+dfsg-3ubuntu0~20.04.6) focal; urgency=medium

  * Provide RISCV_EFI_BOOT_PROTOCOL (LP: #1998513)
    d/p/riscv64/0001-efi_loader-Enable-RISCV_EFI_BOOT_PROTOCOL-support.patch
    d/p/riscv64/0001-efi_loader-use-EFI_EXIT-in-efi_riscv_get_boot_hartid.patch
  * Add /chosen/boot-hartid to device-tree even if there is no chosen node
    (LP: #1998513)
    d/p/riscv64/0001-riscv-Fix-arch_fixup_fdt-always-failing-without-chos.patch

 -- Heinrich Schuchardt <email address hidden> Wed, 11 Jan 2023 19:29:44 +0100

Source diff to previous version
1998513 SRU provide RISCV_EFI_BOOT_PROTOCOL in Focal

Version: 2021.01+dfsg-3ubuntu0~20.04.5 2022-12-06 15:06:36 UTC

  u-boot (2021.01+dfsg-3ubuntu0~20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: unchecked length field in DFU implementation
    - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
      UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
    - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
      drivers/usb/gadget/f_dfu.c.
    - CVE-2022-2347
  * SECURITY UPDATE: buffer overflow via invalid packets
    - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
      fragmented datagram size in include/net.h, net/net.c.
    - CVE-2022-30552
    - CVE-2022-30790
  * SECURITY UPDATE: incomplete fix for CVE-2019-14196
    - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
      net/nfs.c.
    - CVE-2022-30767
  * SECURITY UPDATE: out of bounds write via sqfs_readdir()
    - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
      in fs/squashfs/sqfs.c, include/fs.h.
    - CVE-2022-33103
  * SECURITY UPDATE: heap buffer overflow in metadata reading
    - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
      fs/squashfs/sqfs.c.
    - CVE-2022-33967
  * SECURITY UPDATE: stack overflow in i2c md command
    - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
      cmd/i2c.c.
    - CVE-2022-34835

 -- Marc Deslauriers <email address hidden> Fri, 25 Nov 2022 09:51:54 -0500

Source diff to previous version
CVE-2022-2347 There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corrupti

Version: 2021.01+dfsg-3ubuntu0~20.04.4 2022-01-04 19:07:25 UTC

  u-boot (2021.01+dfsg-3ubuntu0~20.04.4) focal; urgency=medium

  * Raise CPU frequency to 1.2 GHz as used in upstream U-Boot in
    d/p/0011-riscv-sifive-dts-fu740-Add-board-u-boot.dtsi-files.patch
    (LP: #1941622)

 -- Heinrich Schuchardt <email address hidden> Tue, 21 Sep 2021 17:55:38 +0200

Source diff to previous version
1941622 [SRU] Bump unmatched CPU clock rate to 1.2 GHz

Version: 2021.01+dfsg-3ubuntu0~20.04.3 2021-08-18 13:06:16 UTC

  u-boot (2021.01+dfsg-3ubuntu0~20.04.3) focal; urgency=medium

  * debian/u-boot-sifive.postinst: use correct target names for u-boot
    2021.01.

Source diff to previous version

Version: 2021.01+dfsg-3ubuntu0~20.04.1 2021-07-29 03:06:26 UTC

  u-boot (2021.01+dfsg-3ubuntu0~20.04.1) focal; urgency=medium

  * SRU of 2021.01+dfsg-3 from hirsute to enable booting on HiFive Unmatched
    LP: #1934791, LP: #1925267, LP: #1923162

  [ Dimitri John Ledkov ]
  * Import meta-sifive u-boot patches.
  * Enable sifive_hifive_unmatched_fu740 target.
  * Build-depend on opensbi with fu740 errata fix.
  * Set default FDT files for the sifive boards.
  * Set USE_PREBOOT on unmatched board too (just like unleashed & qemu),
    otherwise u-boot's fdtfile from itb is not used (i.e. when
    extlinux.conf does not specify fdtdir). LP: #1923162
  * Unapply unmatched patches, whilst building unleashed platform. Fixes
    failure to boot from sd-card on Unleashed. LP: #1924761
  * sifive-unleashed-default-fdt-files.patch: split into unleashed &
    unmatched separate patches, for ease of upstreaming to meta-sifive and
    u-boot upstreams. Also this ensures that unleashed target is built
    with fdtfile= set, as unleashed target unapplies lots of patches.
  * Apply upstreamed patch "cmd: pxe_utils: sysboot: fix crash if either
    board or soc are not set." This fixes a crash booting any
    extlinux.conf with fdtdir specified, and dtbfile not set and
    "soc"/"board" not set in the environment LP: #1923162

  [ William 'jawn-smith' Wilson ]
  * Re-added d/p/lzo-to-lzno.patch as lzop is in universe prior to Groovy
  * Updated d/targets for compatibility with focal arm-trusted-firmware
  * Updated d/control for compatibility with focal debhelper
  * Reinstate rpi-config-migration script for focal
  * Prevent stripping of qemu binaries under focal where strip doesn't
    recognize the format

  [ Dave Jones ]
  * In d/control update opensbi dependency for focal

 -- William 'jawn-smith' Wilson <email address hidden> Fri, 25 Jun 2021 18:21:47 +0000

1934791 SRU u-boot to focal to enable HiFive Unmatched booting
1925267 u-boot unmatched dtb does not match kernel dtb
1923162 riscv64 images fail to boot in qemu
1924761 unleashed fails to boot of sd-card with u-boot-sifive from hirsute



About   -   Send Feedback to @ubuntu_updates