GNU bug report logs -
#78286
Update arm-trusted-firmware to 2.12.2
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#78286: Update arm-trusted-firmware to 2.12.2
which was filed against the guix-patches package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 78286 <at> debbugs.gnu.org.
--
78286: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78286
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
On 2025-05-07, Efraim Flashner wrote:
> On Tue, May 06, 2025 at 03:34:55PM -0700, Vagrant Cascadian wrote:
>> The attached patch updates arm-trusted-firmware packages to 2.12.2.
>>
>> I believe this fixes a few minor CVE, although it is not immediately
>> obvious from upstream commit logs...
>>
>> All dependents build on both x86_64-linux and aarch64-linux:
>>
>> guix build: computing dependents of package arm-trusted-firmware-imx8mq <at> 2.12.2...
>> /gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2
...
>> guix build: computing dependents of package arm-trusted-firmware-sun50i-h616 <at> 2.12.2...
>> /gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2
>> /gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01
>>
>> I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot).
...
> Looks good to me!
Thanks!
Pushed as f3b2a79cb2355b9b9119723a667adaefc933e715.
live well,
vagrant
[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
[Message part 6 (text/plain, inline)]
The attached patch updates arm-trusted-firmware packages to 2.12.2.
I believe this fixes a few minor CVE, although it is not immediately
obvious from upstream commit logs...
All dependents build on both x86_64-linux and aarch64-linux:
guix build: computing dependents of package arm-trusted-firmware-imx8mq <at> 2.12.2...
/gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2
guix build: computing dependents of package arm-trusted-firmware-rk3328 <at> 2.12.2...
/gnu/store/wcqyaw6cqzlk8asv3vh4alsrd9a291m7-arm-trusted-firmware-rk3328-2.12.2
/gnu/store/zxs49a0msm4vff5szc7757k1s0lpszla-u-boot-orangepi-r1-plus-lts-rk3328-2025.01
/gnu/store/vap8w54l9kvi4179cy5w0kl2a5f9ixr9-u-boot-rock64-rk3328-2025.01
guix build: computing dependents of package arm-trusted-firmware-rk3399 <at> 2.12.2...
/gnu/store/0z2c2dikv1d5avr6f0jga5gsq5pl2x69-arm-trusted-firmware-rk3399-2.12.2
/gnu/store/y0yzl9wccwmhhipblkrv370kafb7d30v-u-boot-rockpro64-rk3399-2025.01
/gnu/store/mw39784wjpbnxhc5arlwcqk93ml1m7pr-u-boot-firefly-rk3399-2025.01
/gnu/store/85rgpgic0vqziczgb92csavl0vxrwm0k-u-boot-puma-rk3399-2025.01
/gnu/store/mbijwvldbwzkscb79v1qqnhnlc93sqgf-u-boot-pinebook-pro-rk3399-2025.01
guix build: computing dependents of package arm-trusted-firmware-rk3588 <at> 2.12.2...
/gnu/store/dx9b2ymbj3f7h77mf7b86jagiwkxrdlg-arm-trusted-firmware-rk3588-2.12.2
guix build: computing dependents of package arm-trusted-firmware-sun50i-a64 <at> 2.12.2...
/gnu/store/10sx5h064fbjnhc2c6vvkqrp43sj23f0-arm-trusted-firmware-sun50i-a64-2.12.2
/gnu/store/m35rj7p3fjhkkbanj3i9xlw808byl8gp-u-boot-pine64-lts-2025.01
/gnu/store/090mm7g00cl6ws435lf97j7cfdbnnfki-u-boot-pinebook-2025.01
/gnu/store/8f7hn13g71a8cj6pqlj4qjrz5qcbam2s-u-boot-pine64-plus-2025.01
guix build: computing dependents of package arm-trusted-firmware-sun50i-h616 <at> 2.12.2...
/gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2
/gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01
I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot).
live well,
vagrant
[0001-gnu-arm-trusted-firmware-Update-to-2.12.2.patch (text/x-diff, inline)]
From cea71c67bb2fc44c6109f2d15edfd2a14a127f30 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant <at> debian.org>
Date: Tue, 6 May 2025 18:05:00 +0000
Subject: [PATCH] gnu: arm-trusted-firmware: Update to 2.12.2.
* gnu/packages/firmware.scm (make-arm-trusted-firmware): Update to 2.12.2.
Change-Id: Ib8077e63bd3df0fe6dce634d5b7278b9389c42db
---
gnu/packages/firmware.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 9548bc2ff7..ef4978df57 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1144,7 +1144,7 @@ (define (native-build?)
(string=? (%current-system) (gnu-triplet->nix-system triplet))))
(package
(name (downstream-package-name "arm-trusted-firmware-" platform))
- (version "2.12.1")
+ (version "2.12.2")
(source
(origin
(method git-fetch)
@@ -1154,7 +1154,7 @@ (define (native-build?)
(commit (string-append "lts-v" version))))
(file-name (git-file-name "arm-trusted-firmware" version))
(sha256
- (base32 "1vngwbjghgsh5i02zq66nmbxxr2d4p93rirsvh5jrhbcdn0v5xf8"))
+ (base32 "01i40asy9dsbx4l5kbvsvi55bdf308nnraf8kfli5d4cx8pxqmrj"))
(patches (search-patches "8mq-enable-imx_hab_handler.patch"
"8mq-move-stack-to-ocram_s.patch"))
(modules '((guix build utils)))
base-commit: fbf8b81971475ee712338f1c955be6ac44099fac
--
2.39.5
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 11 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.