GNU bug report logs - #78286
Update arm-trusted-firmware to 2.12.2

Previous Next

Package: guix-patches;

Reported by: Vagrant Cascadian <vagrant <at> debian.org>

Date: Tue, 6 May 2025 22:36:01 UTC

Severity: normal

Done: Vagrant Cascadian <vagrant <at> debian.org>

To reply to this bug, email your comments to 78286 AT debbugs.gnu.org.
There is no need to reopen the bug first.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#78286; Package guix-patches. (Tue, 06 May 2025 22:36:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Vagrant Cascadian <vagrant <at> debian.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 06 May 2025 22:36:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: guix-patches <at> gnu.org
Cc: gabriel <at> erlikon.ch, efraim <at> flashner.co.il
Subject: Update arm-trusted-firmware to 2.12.2
Date: Tue, 06 May 2025 15:34:55 -0700

[Message part 1 (text/plain, inline)]
The attached patch updates arm-trusted-firmware packages to 2.12.2.

I believe this fixes a few minor CVE, although it is not immediately
obvious from upstream commit logs...

All dependents build on both x86_64-linux and aarch64-linux:

guix build: computing dependents of package arm-trusted-firmware-imx8mq <at> 2.12.2...
/gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2
guix build: computing dependents of package arm-trusted-firmware-rk3328 <at> 2.12.2...
/gnu/store/wcqyaw6cqzlk8asv3vh4alsrd9a291m7-arm-trusted-firmware-rk3328-2.12.2
/gnu/store/zxs49a0msm4vff5szc7757k1s0lpszla-u-boot-orangepi-r1-plus-lts-rk3328-2025.01
/gnu/store/vap8w54l9kvi4179cy5w0kl2a5f9ixr9-u-boot-rock64-rk3328-2025.01
guix build: computing dependents of package arm-trusted-firmware-rk3399 <at> 2.12.2...
/gnu/store/0z2c2dikv1d5avr6f0jga5gsq5pl2x69-arm-trusted-firmware-rk3399-2.12.2
/gnu/store/y0yzl9wccwmhhipblkrv370kafb7d30v-u-boot-rockpro64-rk3399-2025.01
/gnu/store/mw39784wjpbnxhc5arlwcqk93ml1m7pr-u-boot-firefly-rk3399-2025.01
/gnu/store/85rgpgic0vqziczgb92csavl0vxrwm0k-u-boot-puma-rk3399-2025.01
/gnu/store/mbijwvldbwzkscb79v1qqnhnlc93sqgf-u-boot-pinebook-pro-rk3399-2025.01
guix build: computing dependents of package arm-trusted-firmware-rk3588 <at> 2.12.2...
/gnu/store/dx9b2ymbj3f7h77mf7b86jagiwkxrdlg-arm-trusted-firmware-rk3588-2.12.2
guix build: computing dependents of package arm-trusted-firmware-sun50i-a64 <at> 2.12.2...
/gnu/store/10sx5h064fbjnhc2c6vvkqrp43sj23f0-arm-trusted-firmware-sun50i-a64-2.12.2
/gnu/store/m35rj7p3fjhkkbanj3i9xlw808byl8gp-u-boot-pine64-lts-2025.01
/gnu/store/090mm7g00cl6ws435lf97j7cfdbnnfki-u-boot-pinebook-2025.01
/gnu/store/8f7hn13g71a8cj6pqlj4qjrz5qcbam2s-u-boot-pine64-plus-2025.01
guix build: computing dependents of package arm-trusted-firmware-sun50i-h616 <at> 2.12.2...
/gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2
/gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01

I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot).

live well,
  vagrant

[0001-gnu-arm-trusted-firmware-Update-to-2.12.2.patch (text/x-diff, inline)]
From cea71c67bb2fc44c6109f2d15edfd2a14a127f30 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant <at> debian.org>
Date: Tue, 6 May 2025 18:05:00 +0000
Subject: [PATCH] gnu: arm-trusted-firmware: Update to 2.12.2.

* gnu/packages/firmware.scm (make-arm-trusted-firmware): Update to 2.12.2.

Change-Id: Ib8077e63bd3df0fe6dce634d5b7278b9389c42db
---
 gnu/packages/firmware.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 9548bc2ff7..ef4978df57 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1144,7 +1144,7 @@ (define (native-build?)
         (string=? (%current-system) (gnu-triplet->nix-system triplet))))
   (package
     (name (downstream-package-name "arm-trusted-firmware-" platform))
-    (version "2.12.1")
+    (version "2.12.2")
     (source
      (origin
        (method git-fetch)
@@ -1154,7 +1154,7 @@ (define (native-build?)
               (commit (string-append "lts-v" version))))
        (file-name (git-file-name "arm-trusted-firmware" version))
        (sha256
-        (base32 "1vngwbjghgsh5i02zq66nmbxxr2d4p93rirsvh5jrhbcdn0v5xf8"))
+        (base32 "01i40asy9dsbx4l5kbvsvi55bdf308nnraf8kfli5d4cx8pxqmrj"))
        (patches (search-patches "8mq-enable-imx_hab_handler.patch"
                                 "8mq-move-stack-to-ocram_s.patch"))
        (modules '((guix build utils)))

base-commit: fbf8b81971475ee712338f1c955be6ac44099fac
-- 
2.39.5


[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#78286; Package guix-patches. (Wed, 07 May 2025 05:43:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: gabriel <at> erlikon.ch, guix-patches <at> gnu.org
Subject: Re: Update arm-trusted-firmware to 2.12.2
Date: Wed, 7 May 2025 08:42:13 +0300

[Message part 1 (text/plain, inline)]
On Tue, May 06, 2025 at 03:34:55PM -0700, Vagrant Cascadian wrote:
> The attached patch updates arm-trusted-firmware packages to 2.12.2.
> 
> I believe this fixes a few minor CVE, although it is not immediately
> obvious from upstream commit logs...
> 
> All dependents build on both x86_64-linux and aarch64-linux:
> 
> guix build: computing dependents of package arm-trusted-firmware-imx8mq <at> 2.12.2...
> /gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2
> guix build: computing dependents of package arm-trusted-firmware-rk3328 <at> 2.12.2...
> /gnu/store/wcqyaw6cqzlk8asv3vh4alsrd9a291m7-arm-trusted-firmware-rk3328-2.12.2
> /gnu/store/zxs49a0msm4vff5szc7757k1s0lpszla-u-boot-orangepi-r1-plus-lts-rk3328-2025.01
> /gnu/store/vap8w54l9kvi4179cy5w0kl2a5f9ixr9-u-boot-rock64-rk3328-2025.01
> guix build: computing dependents of package arm-trusted-firmware-rk3399 <at> 2.12.2...
> /gnu/store/0z2c2dikv1d5avr6f0jga5gsq5pl2x69-arm-trusted-firmware-rk3399-2.12.2
> /gnu/store/y0yzl9wccwmhhipblkrv370kafb7d30v-u-boot-rockpro64-rk3399-2025.01
> /gnu/store/mw39784wjpbnxhc5arlwcqk93ml1m7pr-u-boot-firefly-rk3399-2025.01
> /gnu/store/85rgpgic0vqziczgb92csavl0vxrwm0k-u-boot-puma-rk3399-2025.01
> /gnu/store/mbijwvldbwzkscb79v1qqnhnlc93sqgf-u-boot-pinebook-pro-rk3399-2025.01
> guix build: computing dependents of package arm-trusted-firmware-rk3588 <at> 2.12.2...
> /gnu/store/dx9b2ymbj3f7h77mf7b86jagiwkxrdlg-arm-trusted-firmware-rk3588-2.12.2
> guix build: computing dependents of package arm-trusted-firmware-sun50i-a64 <at> 2.12.2...
> /gnu/store/10sx5h064fbjnhc2c6vvkqrp43sj23f0-arm-trusted-firmware-sun50i-a64-2.12.2
> /gnu/store/m35rj7p3fjhkkbanj3i9xlw808byl8gp-u-boot-pine64-lts-2025.01
> /gnu/store/090mm7g00cl6ws435lf97j7cfdbnnfki-u-boot-pinebook-2025.01
> /gnu/store/8f7hn13g71a8cj6pqlj4qjrz5qcbam2s-u-boot-pine64-plus-2025.01
> guix build: computing dependents of package arm-trusted-firmware-sun50i-h616 <at> 2.12.2...
> /gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2
> /gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01
> 
> I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot).
> 
> live well,
>   vagrant

Looks good to me!



-- 
Efraim Flashner   <efraim <at> flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]
Reply sent to Vagrant Cascadian <vagrant <at> debian.org>:
You have taken responsibility. (Wed, 07 May 2025 21:39:02 GMT) Full text and rfc822 format available.
Notification sent to Vagrant Cascadian <vagrant <at> debian.org>:
bug acknowledged by developer. (Wed, 07 May 2025 21:39:02 GMT) Full text and rfc822 format available.

Message #13 received at 78286-done <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: gabriel <at> erlikon.ch, 78286-done <at> debbugs.gnu.org
Subject: Re: Update arm-trusted-firmware to 2.12.2
Date: Wed, 07 May 2025 14:37:59 -0700

[Message part 1 (text/plain, inline)]
On 2025-05-07, Efraim Flashner wrote:
> On Tue, May 06, 2025 at 03:34:55PM -0700, Vagrant Cascadian wrote:
>> The attached patch updates arm-trusted-firmware packages to 2.12.2.
>> 
>> I believe this fixes a few minor CVE, although it is not immediately
>> obvious from upstream commit logs...
>> 
>> All dependents build on both x86_64-linux and aarch64-linux:
>> 
>> guix build: computing dependents of package arm-trusted-firmware-imx8mq <at> 2.12.2...
>> /gnu/store/gg1gmqb89kjaqbq8f9ndzs3ll7niq56d-arm-trusted-firmware-imx8mq-2.12.2
...
>> guix build: computing dependents of package arm-trusted-firmware-sun50i-h616 <at> 2.12.2...
>> /gnu/store/jljnh49swdkax8fpl2xqpaag065vggai-arm-trusted-firmware-sun50i-h616-2.12.2
>> /gnu/store/kvh138wv7ri6fni3mcan7xdbw7i3p3j2-u-boot-orangepi-zero2w-2025.01
>> 
>> I also boot-tested a mnt/reform2 (which admittedly uses a custom u-boot).
...
> Looks good to me!

Thanks!

Pushed as f3b2a79cb2355b9b9119723a667adaefc933e715.


live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.