UbuntuUpdates.org

Package "u-boot-tools"

Name: u-boot-tools

Description:

companion tools for Das U-Boot bootloader

Latest version: 2022.01+dfsg-2ubuntu2.5
Release: jammy (22.04)
Level: updates
Repository: main
Head package: u-boot
Homepage: https://www.denx.de/wiki/U-Boot/

Links


Download "u-boot-tools"


Other versions of "u-boot-tools" in Jammy

Repository Area Version
base main 2022.01+dfsg-2ubuntu2
security main 2022.01+dfsg-2ubuntu2.3

Changelog

Version: 2022.01+dfsg-2ubuntu2.5 2023-11-22 16:07:05 UTC

  u-boot (2022.01+dfsg-2ubuntu2.5) jammy; urgency=medium

  * Support mkeficapsule command to generate capsule file (LP: #2036406)
  * mkeficapsule with the patches applied matches U-Boot v2022.04.
  * Update test script related to efi_capsule

 -- Aristo Chen <email address hidden> Mon, 18 Sep 2023 11:02:43 +0800

Source diff to previous version
2036406 [SRU] backport mkeficapsule to jammy

Version: 2022.01+dfsg-2ubuntu2.4 2023-08-03 23:07:07 UTC

  u-boot (2022.01+dfsg-2ubuntu2.4) jammy; urgency=medium

  * Rebuild against updated OpenSBI (LP: #2026588)
  * Enable sbi command on riscv64 to check OpenSBI version

 -- Heinrich Schuchardt <email address hidden> Thu, 20 Jul 2023 11:42:59 +0200

Source diff to previous version
2026588 [SRU] Copy OpenSBI 1.3 to Jammy and Lunar

Version: 2022.01+dfsg-2ubuntu2.3 2022-12-06 15:06:38 UTC

  u-boot (2022.01+dfsg-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: unchecked length field in DFU implementation
    - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
      UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
    - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
      drivers/usb/gadget/f_dfu.c.
    - CVE-2022-2347
  * SECURITY UPDATE: buffer overflow via invalid packets
    - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
      fragmented datagram size in include/net.h, net/net.c.
    - CVE-2022-30552
    - CVE-2022-30790
  * SECURITY UPDATE: incomplete fix for CVE-2019-14196
    - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
      net/nfs.c.
    - CVE-2022-30767
  * SECURITY UPDATE: out of bounds write via sqfs_readdir()
    - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
      in fs/squashfs/sqfs.c, include/fs.h.
    - CVE-2022-33103
  * SECURITY UPDATE: heap buffer overflow in metadata reading
    - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
      fs/squashfs/sqfs.c.
    - CVE-2022-33967
  * SECURITY UPDATE: stack overflow in i2c md command
    - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
      cmd/i2c.c.
    - CVE-2022-34835

 -- Marc Deslauriers <email address hidden> Thu, 24 Nov 2022 14:40:06 -0500

Source diff to previous version
CVE-2022-2347 There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corrupti

Version: 2022.01+dfsg-2ubuntu2.1 2022-12-01 12:07:22 UTC

  u-boot (2022.01+dfsg-2ubuntu2.1) jammy; urgency=medium

  * Add package u-boot-microchip (LP: #1995848)
  * Add u-boot-sifive.README.Debian
  * Enable reset via SBI
    d/p/riscv64/sysreset-sbi.patch
    d/p/enable-reset-via-SBI-on-PolarFire-Icicle-Kit.patch

 -- Heinrich Schuchardt <email address hidden> Fri, 18 Nov 2022 12:11:50 +0100

1995848 [SRU] provide package u-boot-microchip



About   -   Send Feedback to @ubuntu_updates