dgit.raspbian.org Git - u-boot.git/log

mx53loco

Enables support for ext4, the "load" command, and using bootz with raw initrds.

Gbp-Pq: Name mx53loco

Enable generic tools build

Gbp-Pq: Name tools-generic-builds.patch

add-debian-revision-to-u-boot-version

Add the debian revision to the U-boot version, which is displayed at
boot and can be helpful to determine which specific version is used.

Gbp-Pq: Name add-debian-revision-to-u-boot-version

u-boot (2021.01+dfsg-5+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * d/patches/CVE-2022-34835.patch: Add patch to fix CVE-2022-34835.
    - Fix an integer signedness error and resultant stack-based buffer overflow
      in the 'i2c md' command that enables the corruption of the return address
      pointer of the do_i2c_md function (closes: #1014529).
  * d/patches/CVE-2022-33967.patch: Add patch to fix CVE-2022-33967.
    - Fix a heap-based buffer overflow vulnerability due to a defect in the
      metadata reading process which may lead to a denial-of-service (DoS)
      condition or arbitrary code execution by loading a specially crafted
      squashfs image.
  * d/patches/CVE-2022-33103.patch: Add patch to fix CVE-2022-33103.
    - Fix an an out-of-bounds write (closes: #1014528).
  * d/patches/CVE-2022-30790.patch: Add patch to fix CVE-2022-30790 and
    CVE-2022-30552.
    - Fix a a Buffer Overflow (closes: #1014470).
  * d/patches/CVE-2022-30767.patch: Add patch to fix CVE-2022-30767.
    - Fix an unbounded memcpy with a failed length check, leading to a buffer
      overflow. This issue exists due to an incorrect fix for CVE-2019-14196
      (closes: #1014471).
  * d/patches/CVE-2022-2347.patch: Add patch to fix CVE-2022-2347.
    - Fix an unchecked length field leading to a heap overflow
      (closes: #1014959).
  * d/patches/CVE-2024-57254.patch: Add patch to fix CVE-2024-57254.
    - Fix an integer overflow in sqfs_inode_size (closes: 1098254).
  * d/patches/CVE-2024-57255.patch: Add patch to fix CVE-2024-57255.
    - Fix an integer overflow in sqfs_resolve_symlink (closes: #1098254).
  * d/patches/CVE-2024-57256.patch: Add patch to fix CVE-2024-57256.
    - Fix an integer overflow in ext4fs_read_symlink (closes: #1098254).
  * d/patches/CVE-2024-57257.patch: Add patch to fix CVE-2024-57257.
    - Fix a stack consumption issue in sqfs_size possible with deep symlink
      nesting (closes: #1098254).
  * d/patches/CVE-2024-57258-1.patch, d/patches/CVE-2024-57258-2.patch,
    d/patches/CVE-2024-57258-3.patch: Add patches to fx CVE-2024-57258.
    - Fix multiple integer overflows (closes: #1098254).
  * d/patches/CVE-2024-57259.patch: Add patch to fix CVE-2024-57259.
    - Fix an off-by-one error resulting in a heap memory corruption in
      sqfs_search_dir (closes: #1098254).

[dgit import unpatched u-boot 2021.01+dfsg-5+deb11u1]

Import u-boot_2021.01+dfsg-5+deb11u1.debian.tar.xz

[dgit import tarball u-boot 2021.01+dfsg-5+deb11u1 u-boot_2021.01+dfsg-5+deb11u1.debian.tar.xz]

Import u-boot_2021.01+dfsg.orig.tar.xz

[dgit import orig u-boot_2021.01+dfsg.orig.tar.xz]