From 969a1dde3a0913ed00afdbd49abf318ce34dc9af Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Tue, 19 May 2026 07:45:41 -0600 Subject: doc: Update urllib3 version for building The GitHub dependabot tool has reported two "high" priority bug, CVE-2026-44431 and CVE-2026-44432, with this package. Update to the patched version. Reported-by: GitHub dependabot Signed-off-by: Tom Rini --- doc/sphinx/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt index c616c75fefc..20a99005d71 100644 --- a/doc/sphinx/requirements.txt +++ b/doc/sphinx/requirements.txt @@ -23,4 +23,4 @@ sphinxcontrib-jquery==4.1 sphinxcontrib-jsmath==1.0.1 sphinxcontrib-qthelp==2.0.0 sphinxcontrib-serializinghtml==2.0.0 -urllib3==2.6.3 +urllib3==2.7.0 -- cgit v1.3.1 From badf7502827bc8f77cb4c572e5186584deea7a89 Mon Sep 17 00:00:00 2001 From: Francesco Valla Date: Sun, 31 May 2026 17:24:23 +0200 Subject: dtoc: test: add missing escape in help text A single percent sign might be interpreted as a string format directive and shall thus be escaped - doubling it - to actually indicate a percentage. Without the escape, pytest fails to run test_fdt.py with the following error: ValueError: Test coverage failure fdt code coverage: Traceback (most recent call last): File "/usr/lib64/python3.14/argparse.py", line 1748, in _check_help formatter._expand_help(action) ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 676, in _expand_help return help_string % params ~~~~~~~~~~~~^~~~~~~~ TypeError: %c requires an int or a unicode character, not dict The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/user/u-boot/./tools/dtoc/test_fdt", line 1002, in sys.exit(main()) ~~~~^^ File "/home/user/u-boot/./tools/dtoc/test_fdt", line 987, in main parser.add_argument('-T', '--test-coverage', action='store_true', ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ default=False, ^^^^^^^^^^^^^^ help='run tests and check for 100% coverage') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 1562, in add_argument self._check_help(action) ~~~~~~~~~~~~~~~~^^^^^^^^ File "/usr/lib64/python3.14/argparse.py", line 1750, in _check_help raise ValueError('badly formed help string') from exc ValueError: badly formed help string Fixes: 7640b166604e ("test_fdt: Convert to use argparse") Signed-off-by: Francesco Valla --- tools/dtoc/test_fdt.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/dtoc/test_fdt.py b/tools/dtoc/test_fdt.py index a0bed4e18bb..f141f931a94 100755 --- a/tools/dtoc/test_fdt.py +++ b/tools/dtoc/test_fdt.py @@ -986,7 +986,7 @@ def main(): default=False, help='run tests') parser.add_argument('-T', '--test-coverage', action='store_true', default=False, - help='run tests and check for 100% coverage') + help='run tests and check for 100%% coverage') parser.add_argument('name', nargs='*') args = parser.parse_args() -- cgit v1.3.1 From bc82aa5b4145eba47f57e6f7148e0fa45bc16f51 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 1 Jun 2026 15:20:53 +0200 Subject: efi_loader: validate PE-COFF relocation data When applying base relocations from a PE-COFF binary all data must be treated as untrusted. Add the following checks to efi_loader_relocate(): * Reject relocation blocks that don't start on a 32-bit aligned address. * Reject relocation blocks whose SizeOfBlock is smaller than the block header, which would cause an unsigned underflow when computing the entry count. * A block with SizeOfBlock == 0 is invalid and does not mark the end of the relocation table. * Reject relocation blocks that extend beyond the end of the relocation section. * Reject individual relocation entries whose target offset, together with the access width, exceeds the mapped image size, preventing out-of-bounds writes. Pass virt_size to efi_loader_relocate() from efi_load_pe() to enable the per-entry bounds check. Reported-by: Anas Cherni Reviewed-by: Simon Glass Reviewed-by: Ilias Apalodimas Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_image_loader.c | 86 ++++++++++++++++++++++++++++++++++----- 1 file changed, 75 insertions(+), 11 deletions(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index d002eb0c744..f9a2d2df405 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -108,11 +108,13 @@ void efi_print_image_infos(void *pc) * @rel_size: size of the relocation table in bytes * @efi_reloc: actual load address of the image * @pref_address: preferred load address of the image + * @virt_size: virtual image size as provided in the PE-COFF header * Return: status code */ static efi_status_t efi_loader_relocate(const IMAGE_BASE_RELOCATION *rel, - unsigned long rel_size, void *efi_reloc, - unsigned long pref_address) + unsigned long rel_size, void *efi_reloc, + unsigned long pref_address, + unsigned long virt_size) { unsigned long delta = (unsigned long)efi_reloc - pref_address; const IMAGE_BASE_RELOCATION *end; @@ -122,34 +124,95 @@ static efi_status_t efi_loader_relocate(const IMAGE_BASE_RELOCATION *rel, return EFI_SUCCESS; end = (const IMAGE_BASE_RELOCATION *)((const char *)rel + rel_size); - while (rel + 1 < end && rel->SizeOfBlock) { + while (rel + 1 < end) { const uint16_t *relocs = (const uint16_t *)(rel + 1); + + /* Each block must start on a 32-bit boundary */ + if (!IS_ALIGNED((uintptr_t)rel, sizeof(uint32_t))) { + log_debug("Relocation block not 32-bit aligned\n"); + return EFI_LOAD_ERROR; + } + /* Relocation block cannot be shorter than its header */ + if (rel->SizeOfBlock < sizeof(*rel)) { + log_debug("Relocation block too small: %u\n", + rel->SizeOfBlock); + return EFI_LOAD_ERROR; + } + /* All relocation entries must be inside the .reloc section */ + if ((const char *)rel + rel->SizeOfBlock > (const char *)end) { + log_debug("Relocation block exceeds relocation data\n"); + return EFI_LOAD_ERROR; + } + /* + * Relocations must be within the virtual address range. + * This also ensures that there is no overflow in the + * entry_offset check below. + */ + if (rel->VirtualAddress > virt_size) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } + i = (rel->SizeOfBlock - sizeof(*rel)) / sizeof(uint16_t); while (i--) { - uint32_t offset = (uint32_t)(*relocs & 0xfff) + - rel->VirtualAddress; + uint32_t entry_offset = *relocs & 0xfff; + unsigned long offset; int type = *relocs >> EFI_PAGE_SHIFT; - uint64_t *x64 = efi_reloc + offset; - uint32_t *x32 = efi_reloc + offset; - uint16_t *x16 = efi_reloc + offset; + uint64_t *x64; + uint32_t *x32; + uint16_t *x16; + + /* + * Relocation address must be within virtual address + * range. + */ + if (entry_offset > virt_size - rel->VirtualAddress) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } + + offset = rel->VirtualAddress + entry_offset; + x64 = efi_reloc + offset; + x32 = efi_reloc + offset; + x16 = efi_reloc + offset; switch (type) { case IMAGE_REL_BASED_ABSOLUTE: break; case IMAGE_REL_BASED_HIGH: + if (sizeof(uint16_t) > virt_size - offset) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } *x16 += ((uint32_t)delta) >> 16; break; case IMAGE_REL_BASED_LOW: + if (sizeof(uint16_t) > virt_size - offset) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } *x16 += (uint16_t)delta; break; case IMAGE_REL_BASED_HIGHLOW: + if (sizeof(uint32_t) > virt_size - offset) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } *x32 += (uint32_t)delta; break; case IMAGE_REL_BASED_DIR64: + if (sizeof(uint64_t) > virt_size - offset) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } *x64 += (uint64_t)delta; break; #ifdef __riscv case IMAGE_REL_BASED_RISCV_HI20: + if (sizeof(uint32_t) > virt_size - offset) { + log_debug("relocation address out of bounds\n"); + return EFI_LOAD_ERROR; + } *x32 = ((*x32 & 0xfffff000) + (uint32_t)delta) | (*x32 & 0x00000fff); break; @@ -163,7 +226,7 @@ static efi_status_t efi_loader_relocate(const IMAGE_BASE_RELOCATION *rel, break; #endif default: - log_err("Unknown Relocation off %x type %x\n", + log_err("Unknown Relocation off %lx type %x\n", offset, type); return EFI_LOAD_ERROR; } @@ -970,8 +1033,9 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, /* Run through relocations */ if (efi_loader_relocate(rel, rel_size, efi_reloc, - (unsigned long)image_base) != EFI_SUCCESS) { - efi_free_pages((uintptr_t) efi_reloc, + (unsigned long)image_base, + virt_size) != EFI_SUCCESS) { + efi_free_pages((uintptr_t)efi_reloc, (virt_size + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT); ret = EFI_LOAD_ERROR; goto err; -- cgit v1.3.1 From 5a1818d54c8abfe8f4f72a3fa370b299b2bfe125 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 5 Nov 2025 01:07:51 +0100 Subject: usb: typos 'requird', 'current' %s/requird/required/ %s/current XHCI/currently XHCI/ Reviewed-by: Marek Vasut Reviewed-by: Bin Meng Signed-off-by: Heinrich Schuchardt --- drivers/usb/host/usb-uclass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/usb-uclass.c b/drivers/usb/host/usb-uclass.c index 7247245a702..1c74d6fd39a 100644 --- a/drivers/usb/host/usb-uclass.c +++ b/drivers/usb/host/usb-uclass.c @@ -134,7 +134,7 @@ int usb_alloc_device(struct usb_device *udev) struct udevice *bus = udev->controller_dev; struct dm_usb_ops *ops = usb_get_ops(bus); - /* This is only requird by some controllers - current XHCI */ + /* This is only required by some controllers - currently XHCI */ if (!ops->alloc_device) return 0; -- cgit v1.3.1