From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: U-Boot is in need of an update Date: Mon, 13 Jun 2022 16:44:04 +0100 Message-ID: <6593EDED-F628-4ED3-B742-FDE6B0865F70@ipfire.org> In-Reply-To: <68db06b8-2470-6065-eaeb-d9542bc6e19e@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3995917364143970155==" List-Id: --===============3995917364143970155== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, This email isn=E2=80=99t quite for me, but I wanted to chime in :) > On 9 Jun 2022, at 21:07, Peter M=C3=BCller wro= te: >=20 > Hello Arne, >=20 > first and foremost, I hope you are well or at least being on the path of re= covery. >=20 > The other day, I stumbled across https://research.nccgroup.com/2022/06/03/t= echnical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-= 30552/, > which reminded me again of wanting to ask you about an update of U-Boot. Si= nce I > do not have any ARM installations in production, and certainly do not have = both > experience and a hardware arsenal close to yours, it would be great if you = could > have a look at it. The vulnerabilities are in the IP stack which we don=E2=80=99t use. However, = that is not a reason to not update. > By the way: For Core Update 169, I currently plan to ship both a (smaller) = linux- > firmware update and a new kernel. According to the nightly build, we are cu= rrently > at 21 MByte, so this might fit in. :-) Those changes will have to be tested with all the boards. I suppose there is = a rather large chance that things can break from one release to another, beca= use not even upstream can test on all the hardware. -Michael >=20 > Have a nice weekend! >=20 > Thanks, and best regards, > Peter M=C3=BCller --===============3995917364143970155==--