From patchwork Tue May 6 22:34:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vagrant Cascadian X-Patchwork-Id: 42352 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1CF3927BC4B; Tue, 6 May 2025 23:36:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D4A7A27BC49 for ; Tue, 6 May 2025 23:36:18 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uCQtR-0001wX-Aq; Tue, 06 May 2025 18:36:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uCQtP-0001wN-0N for guix-patches@gnu.org; Tue, 06 May 2025 18:36:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uCQtO-0004O4-F1 for guix-patches@gnu.org; Tue, 06 May 2025 18:36:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=C8Z0PoMGtSXEeHkHWb2Rm46f00kwaq64CaiJzpRKacA=; b=IezfwLns3WQl5EcqaGO8Ay1nS1WK6rBl+m5FtUIdnln9J+ehGde3K9XSZpgoaqv9+zjrocdmz674udqDRkG7swJGaDIHyi0SGCY54g8R9pyYv6PiolX7NOhctWhk/W6L5tCyASD5+Gv9RyEbaAeg/SL57FM/S+J9OaGvFu4KSZx5esE23+VKMk+Erlomz8YUiswCqC5q5/Bzkk4GLsDN0bXhe4RmwA+b+Vbflh1RHaXT2f9Q3o+RkzExGcGuB/b8c/IoTvdrXA0Olhj++rZv9H1RbuNgoHgIJyXvSGSWEizU044Ju2ktBhRJMhY+qR1lqqvGq7aJ92hn3tTaznF01Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uCQtN-0002UQ-Vl for guix-patches@gnu.org; Tue, 06 May 2025 18:36:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78286] Update arm-trusted-firmware to 2.12.2 Resent-From: Vagrant Cascadian Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 May 2025 22:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 78286 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 78286@debbugs.gnu.org Cc: gabriel@erlikon.ch, efraim@flashner.co.il X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17465709479525 (code B ref -1); Tue, 06 May 2025 22:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 6 May 2025 22:35:47 +0000 Received: from localhost ([127.0.0.1]:35067 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uCQt9-0002TY-DQ for submit@debbugs.gnu.org; Tue, 06 May 2025 18:35:47 -0400 Received: from lists.gnu.org ([2001:470:142::17]:45722) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uCQt6-0002O7-GT for submit@debbugs.gnu.org; Tue, 06 May 2025 18:35:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uCQsU-0001pM-EE for guix-patches@gnu.org; Tue, 06 May 2025 18:35:06 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uCQsS-00048w-8T for guix-patches@gnu.org; Tue, 06 May 2025 18:35:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1746570900; bh=47mAUlYnrsFfQEyEfBW5YhNczZv9IXvTW6qeFVenN4Q=; h=From:To:Cc:Subject:Date:From; b=C9Hp4IfV+3GdIPKxWHS3cWmRiIDmIp42F4hS4+qIoHXuofOuwhaE4BnUH+SwilHRk kPtRSdkL+VpGXugweqgzEj0DQna9Oskc/q2PE9hJMLUf4vvy6m6Ko7Qp82nw9GLt5+ 9qbkvRXamz0EBKJzQCvgugk1BSNHSoCMpF4jaY9ax7X0Hn+I1zQfJ4PIcf3iNiZCxV +FVei04OTCmK7HgSZXbpRt8tiDoB0EDX+2Rg2+qmFeGl3XTbA68NT/y5rdTWuKGzZZ DPz117OaTOxXmBDcIFaYIAzffCgzbJUR3GjEiXt73SMAdoDASW3rTG0nNvvlCkIAyS iJPw5XvDXSgQg== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 022D174D4; Tue, 6 May 2025 15:34:59 -0700 (PDT) From: Vagrant Cascadian Date: Tue, 06 May 2025 15:34:55 -0700 Message-ID: <875xidqsfk.fsf@wireframe> MIME-Version: 1.0 Received-SPF: none client-ip=2600:3c01:e000:267:0:a171:de7:c; envelope-from=vagrant@debian.org; helo=cascadia.aikidev.net X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.414, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The attached patch updates arm-trusted-firmware packages to 2.12.2. I believe this fixes a few minor CVE, although it is not immediately obvious from upstream commit logs... All dependents build on both x86_64-linux and aarch64-linux: guix build: computing dependents of package arm-trusted-firmware-imx8mq@2.12.2... /gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2 guix build: computing dependents of package arm-trusted-firmware-rk3328@2.12.2... /gnu/store/wcqyaw6cqzlk8asv3vh4alsrd9a291m7-arm-trusted-firmware-rk3328-2.12.2 /gnu/store/zxs49a0msm4vff5szc7757k1s0lpszla-u-boot-orangepi-r1-plus-lts-rk3328-2025.01 /gnu/store/vap8w54l9kvi4179cy5w0kl2a5f9ixr9-u-boot-rock64-rk3328-2025.01 guix build: computing dependents of package arm-trusted-firmware-rk3399@2.12.2... /gnu/store/0z2c2dikv1d5avr6f0jga5gsq5pl2x69-arm-trusted-firmware-rk3399-2.12.2 /gnu/store/y0yzl9wccwmhhipblkrv370kafb7d30v-u-boot-rockpro64-rk3399-2025.01 /gnu/store/mw39784wjpbnxhc5arlwcqk93ml1m7pr-u-boot-firefly-rk3399-2025.01 /gnu/store/85rgpgic0vqziczgb92csavl0vxrwm0k-u-boot-puma-rk3399-2025.01 /gnu/store/mbijwvldbwzkscb79v1qqnhnlc93sqgf-u-boot-pinebook-pro-rk3399-2025.01 guix build: computing dependents of package arm-trusted-firmware-rk3588@2.12.2... /gnu/store/dx9b2ymbj3f7h77mf7b86jagiwkxrdlg-arm-trusted-firmware-rk3588-2.12.2 guix build: computing dependents of package arm-trusted-firmware-sun50i-a64@2.12.2... /gnu/store/10sx5h064fbjnhc2c6vvkqrp43sj23f0-arm-trusted-firmware-sun50i-a64-2.12.2 /gnu/store/m35rj7p3fjhkkbanj3i9xlw808byl8gp-u-boot-pine64-lts-2025.01 /gnu/store/090mm7g00cl6ws435lf97j7cfdbnnfki-u-boot-pinebook-2025.01 /gnu/store/8f7hn13g71a8cj6pqlj4qjrz5qcbam2s-u-boot-pine64-plus-2025.01 guix build: computing dependents of package arm-trusted-firmware-sun50i-h616@2.12.2... /gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2 /gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01 I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot). live well, vagrant From cea71c67bb2fc44c6109f2d15edfd2a14a127f30 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Tue, 6 May 2025 18:05:00 +0000 Subject: [PATCH] gnu: arm-trusted-firmware: Update to 2.12.2. * gnu/packages/firmware.scm (make-arm-trusted-firmware): Update to 2.12.2. Change-Id: Ib8077e63bd3df0fe6dce634d5b7278b9389c42db --- gnu/packages/firmware.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm index 9548bc2ff7..ef4978df57 100644 --- a/gnu/packages/firmware.scm +++ b/gnu/packages/firmware.scm @@ -1144,7 +1144,7 @@ (define (native-build?) (string=? (%current-system) (gnu-triplet->nix-system triplet)))) (package (name (downstream-package-name "arm-trusted-firmware-" platform)) - (version "2.12.1") + (version "2.12.2") (source (origin (method git-fetch) @@ -1154,7 +1154,7 @@ (define (native-build?) (commit (string-append "lts-v" version)))) (file-name (git-file-name "arm-trusted-firmware" version)) (sha256 - (base32 "1vngwbjghgsh5i02zq66nmbxxr2d4p93rirsvh5jrhbcdn0v5xf8")) + (base32 "01i40asy9dsbx4l5kbvsvi55bdf308nnraf8kfli5d4cx8pxqmrj")) (patches (search-patches "8mq-enable-imx_hab_handler.patch" "8mq-move-stack-to-ocram_s.patch")) (modules '((guix build utils))) base-commit: fbf8b81971475ee712338f1c955be6ac44099fac -- 2.39.5