From ff80e95fed188ec3d4001129445e414c9c811beb Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 9 Dec 2025 23:32:38 +0100 Subject: tools: use setuptools 78.1.1 CVE-2025-47273 describes a path traversal vulnerability. Signed-off-by: Heinrich Schuchardt Reviewed-by: Tom Rini --- tools/binman/pyproject.toml | 2 +- tools/buildman/pyproject.toml | 2 +- tools/dtoc/pyproject.toml | 2 +- tools/patman/pyproject.toml | 2 +- tools/u_boot_pylib/pyproject.toml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'tools') diff --git a/tools/binman/pyproject.toml b/tools/binman/pyproject.toml index ba34437fc53..7c9ab0f2a27 100644 --- a/tools/binman/pyproject.toml +++ b/tools/binman/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=61.0"] +requires = ["setuptools>=78.1.1"] build-backend = "setuptools.build_meta" [project] diff --git a/tools/buildman/pyproject.toml b/tools/buildman/pyproject.toml index 68bfa45c3f4..274042df155 100644 --- a/tools/buildman/pyproject.toml +++ b/tools/buildman/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=61.0"] +requires = ["setuptools>=78.1.1"] build-backend = "setuptools.build_meta" [project] diff --git a/tools/dtoc/pyproject.toml b/tools/dtoc/pyproject.toml index 9f59788e616..cc96cf784c6 100644 --- a/tools/dtoc/pyproject.toml +++ b/tools/dtoc/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=61.0"] +requires = ["setuptools>=78.1.1"] build-backend = "setuptools.build_meta" [project] diff --git a/tools/patman/pyproject.toml b/tools/patman/pyproject.toml index 06e169cdf48..91802c8cc27 100644 --- a/tools/patman/pyproject.toml +++ b/tools/patman/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=61.0"] +requires = ["setuptools>=78.1.1"] build-backend = "setuptools.build_meta" [project] diff --git a/tools/u_boot_pylib/pyproject.toml b/tools/u_boot_pylib/pyproject.toml index ce2355084ac..a860d134551 100644 --- a/tools/u_boot_pylib/pyproject.toml +++ b/tools/u_boot_pylib/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=61.0"] +requires = ["setuptools>=78.1.1"] build-backend = "setuptools.build_meta" [project] -- cgit v1.2.3 From 0ed7abc85d1664a3d7432795a7126ff6a1d01147 Mon Sep 17 00:00:00 2001 From: Quentin Schulz Date: Wed, 12 Nov 2025 15:58:00 +0100 Subject: rockchip: mkimage: enhance comments for v1 header Improve the image header documentation for v1 header: - specify this applies to all MMC, not only SD cards, - specify the offset for SPI flashes, - specify the key used for RC4 encoding, - specify what "init" refers to, especially since some configs enable TPL, - specify what "init_boot_size" refers to, especially since some configs enable TPL, - specify the size of a block, - add documentation for init_size and init_boot_size, Note that the offset on the storage medium isn't necessarily 32KiB (64 blocks) for MMC or 0 for SPI flashes, it's just the first offset the BootROM checks. Barebox[1] lists a few options, though those are applicable to RK35xx which use the v2 header, so not guaranteed they can be shared. On RK3399, the binary can at least be stored at offset 0 and 32KiB on SPI flashes. [1] https://git.pengutronix.de/cgit/barebox/tree/arch/arm/mach-rockchip/bbu.c#n19 Signed-off-by: Quentin Schulz Reviewed-by: Kever Yang --- tools/rkcommon.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'tools') diff --git a/tools/rkcommon.c b/tools/rkcommon.c index d191ea72c63..e7e78ef7e5b 100644 --- a/tools/rkcommon.c +++ b/tools/rkcommon.c @@ -76,13 +76,29 @@ struct header0_info_v2 { /** * struct header0_info - header block for boot ROM * - * This is stored at SD card block 64 (where each block is 512 bytes, or at - * the start of SPI flash. It is encoded with RC4. + * This is stored at MMC block 64 (where each block is 512 bytes), or at + * the start of SPI flash. It is encoded with RC4 with the below rc4_key. + * + * In Rockchip terminology: + * + * "init" means the stage that is loaded into SRAM. TPL if there is one, SPL + * otherwise. + * + * "boot" means the next stages after "init" stage that are loaded by the + * BootROM into DRAM. Only applicable if "init" stage returns to BootROM (via + * the appropriate ROCKCHIP_BACK_TO_BROM symbol, BOOT_DEVICE_BOOTROM is used as + * boot device for the next stage and the "init" stage successfully booted) and + * if "init_boot_size" > "init_size". + * Basically, it is the content of "init" plus the SPL or even U-Boot proper if + * relevant. * * @magic: Magic (must be RK_MAGIC) * @disable_rc4: 0 to use rc4 for boot image, 1 to use plain binary - * @init_offset: Offset in blocks of the SPL code from this header - * block. E.g. 4 means 2KB after the start of this header. + * @init_offset: Offset in 512-byte blocks of the "init" code from the + * start of this header. For instance, 4 means 2KiB. + * @init_size: Size (in blocks) of the "init" code. + * @init_boot_size: Size (in blocks) of the "init" and "boot" code combined. + * * Other fields are not used by U-Boot */ struct header0_info { -- cgit v1.2.3 From 798bef8e8322101a6add9a5797f6dfc748f44ed6 Mon Sep 17 00:00:00 2001 From: Max Merchel Date: Tue, 26 Aug 2025 08:30:29 +0200 Subject: tools/libfdt/fdt_rw: fix SPDX-License-Identifier Currently, the terms of both licenses (GPL 2.0 and BSD-2-Clause) must be met. However, before switching to the SPDX license identifier, the license information in the file begins with: "libfdt is dual licensed: you can use it either under the terms of the GPL, or the BSD license, at your option." Therefore, the missing "OR" between the licenses is added. Fixes: 3508476 ("libfdt: SPDX-License-Identifier: GPL-2.0+ BSD-2-Clause") Signed-off-by: Max Merchel --- tools/libfdt/fdt_rw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/libfdt/fdt_rw.c b/tools/libfdt/fdt_rw.c index 7189f014295..3d3395b125b 100644 --- a/tools/libfdt/fdt_rw.c +++ b/tools/libfdt/fdt_rw.c @@ -1,4 +1,4 @@ -/* SPDX-License-Identifier: GPL-2.0+ BSD-2-Clause */ +// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-Clause) #include "fdt_host.h" #include "../../scripts/dtc/libfdt/fdt_rw.c" -- cgit v1.2.3