From: Raspbian automatic forward porter Date: Sun, 4 May 2025 21:27:21 +0000 (+0100) Subject: Merge version 2021.01+dfsg-5+rpi1 and 2021.01+dfsg-5+deb11u1 to produce 2021.01+dfsg... X-Git-Tag: raspbian/2021.01+dfsg-5+rpi1+deb11u1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2c7d75500b54b382c3f7701a8fa958f56618ed01;p=u-boot.git Merge version 2021.01+dfsg-5+rpi1 and 2021.01+dfsg-5+deb11u1 to produce 2021.01+dfsg-5+rpi1+deb11u1 --- 677788428ddecba91cf817e1f7cd496b65c56249 diff --cc debian/changelog index ca18a1256,12aa5efac..0f1f32073 --- a/debian/changelog +++ b/debian/changelog @@@ -1,13 -1,44 +1,55 @@@ - u-boot (2021.01+dfsg-5+rpi1) bullseye-staging; urgency=medium ++u-boot (2021.01+dfsg-5+rpi1+deb11u1) bullseye-staging; urgency=medium + + [changes brought forward from 2014.10+dfsg1-2+rpi1 by Peter Michael Green at Fri, 28 Nov 2014 06:00:07 +0000] + * Don't build versions for various armv7 devices, build rpi version instead. + + [changes introduced in 2021.01+dfsg-4+rpi1 by Peter Michael Green] + * Don't build powerpc targets for qemu, my attempts to build the nessacery + cross-compiler in raspbian failed. + - -- Raspbian forward porter Fri, 04 Jun 2021 00:18:15 +0000 ++ -- Raspbian forward porter Sun, 04 May 2025 21:27:20 +0000 ++ + u-boot (2021.01+dfsg-5+deb11u1) bullseye-security; urgency=medium + + * Non-maintainer upload by the Debian LTS team. + * d/patches/CVE-2022-34835.patch: Add patch to fix CVE-2022-34835. + - Fix an integer signedness error and resultant stack-based buffer overflow + in the 'i2c md' command that enables the corruption of the return address + pointer of the do_i2c_md function (closes: #1014529). + * d/patches/CVE-2022-33967.patch: Add patch to fix CVE-2022-33967. + - Fix a heap-based buffer overflow vulnerability due to a defect in the + metadata reading process which may lead to a denial-of-service (DoS) + condition or arbitrary code execution by loading a specially crafted + squashfs image. + * d/patches/CVE-2022-33103.patch: Add patch to fix CVE-2022-33103. + - Fix an an out-of-bounds write (closes: #1014528). + * d/patches/CVE-2022-30790.patch: Add patch to fix CVE-2022-30790 and + CVE-2022-30552. + - Fix a a Buffer Overflow (closes: #1014470). + * d/patches/CVE-2022-30767.patch: Add patch to fix CVE-2022-30767. + - Fix an unbounded memcpy with a failed length check, leading to a buffer + overflow. This issue exists due to an incorrect fix for CVE-2019-14196 + (closes: #1014471). + * d/patches/CVE-2022-2347.patch: Add patch to fix CVE-2022-2347. + - Fix an unchecked length field leading to a heap overflow + (closes: #1014959). + * d/patches/CVE-2024-57254.patch: Add patch to fix CVE-2024-57254. + - Fix an integer overflow in sqfs_inode_size (closes: 1098254). + * d/patches/CVE-2024-57255.patch: Add patch to fix CVE-2024-57255. + - Fix an integer overflow in sqfs_resolve_symlink (closes: #1098254). + * d/patches/CVE-2024-57256.patch: Add patch to fix CVE-2024-57256. + - Fix an integer overflow in ext4fs_read_symlink (closes: #1098254). + * d/patches/CVE-2024-57257.patch: Add patch to fix CVE-2024-57257. + - Fix a stack consumption issue in sqfs_size possible with deep symlink + nesting (closes: #1098254). + * d/patches/CVE-2024-57258-1.patch, d/patches/CVE-2024-57258-2.patch, + d/patches/CVE-2024-57258-3.patch: Add patches to fx CVE-2024-57258. + - Fix multiple integer overflows (closes: #1098254). + * d/patches/CVE-2024-57259.patch: Add patch to fix CVE-2024-57259. + - Fix an off-by-one error resulting in a heap memory corruption in + sqfs_search_dir (closes: #1098254). + + -- Daniel Leidert Thu, 01 May 2025 01:19:02 +0200 u-boot (2021.01+dfsg-5) unstable; urgency=medium