CVE-2021-27138
Adjust the kernel-fitimage.bbclass accordingly to not use unit
addresses. In addition to fixing a CVE, this is also required before we
can bump U-Boot to 2021.4.
Signed-off-by: Klaus Heinrich Kiwi <kl...@linux.vnet.ibm.com>
[snip]
Please send this to the oe-core list since kernel-fitimage.bbclass is in
it, not meta-openembedded. I would also perhaps be inclined to not
Thanks, for some reason I thought that -core was discussed here, but I have
read the README more carefully since then.
describe this change itself as "fixing a CVE", since it is the change in
U-Boot that actually does that IMO.
Yeah I was unsure how to summarize that, since the CVE 'fix' in U-boot is
to really disallow unit addresses, and looks like it's not going to be
applied to released branches, but instead only on 2021.4 onwards. So I
opted to call out the CVE in the title, as it is, in practical terms,
addressing a CVE (if it's a workaround or a proper fix is debatable I
guess).
Thanks,
-K
--
Klaus Heinrich Kiwi <kl...@linux.vnet.ibm.com>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#89630):
https://lists.openembedded.org/g/openembedded-devel/message/89630
Mute This Topic: https://lists.openembedded.org/mt/80789218/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
