[Bug 1558822] Re: [FFe] sync flashrom 0.9.9+r1954-1 from Debian unstable

Carl-Daniel Hailfinger 1558822 at bugs.launchpad.net
Thu Mar 24 00:27:28 UTC 2016 

This FFe request is mostly about a security fix.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1558822

Title:
  [FFe] sync flashrom 0.9.9+r1954-1 from Debian unstable

Status in flashrom package in Ubuntu:
  Confirmed

Bug description:
  In bug #1547144 a FFe was granted to merge Debian's package of
  flashrom's 0.9.9 release candidate into xenial was granted and the
  package has been updated. Upstream has now released 0.9.9 final
  including a security fix and I would like to request another exception
  (and a sponsored upload) for that.

  The following is a list of changes that followed the RC before the
  final release:

  - Fix fscanf format string security bug in layout.c
  This is the mentioned security bug, cf. https://security-tracker.debian.org/tracker/TEMP-0000000-C3CEDB
  Depending on the use case of flashrom the security implications of the correct use might be quite higher than the threat by this bug but it certainly makes sense to include this fix.

  - Implement serial port shutdown both for regular termination and error condition in pony_spi.
  pony_spi is one of the numerous programmer modules flashrom supports. This fixes a file descriptor leak.
  - Add a bunch of new/tested stuff and various small changes 25.
  In these patches we gather test status updates and other minor fixes. In this particular change there were: status updates, whitespace and typo fixes, a Makefile and manpage patch - partially to make lintian happy.
  - Fix compilation on SunOS.
  Building on Solaris-based OSes were tested and two minor related problems fixed.
  - Rewrite and fix corner case in sb600spi
  The command line argument handler for AMD chipsets had a minor bug.
  - Add support for GNU Hurd.
  We added support to build GNU Hurd because it seems easy enough.
  - Add support for GD25VQ21B, GD25VQ40C, GD25VQ80C and GD25VQ16C.
  Some new flash chips were added (regression potential about zero).
  - Makefile: Fix driver blacklist dependencies
  The makefile tries to disable some programmers on certain architectures/OSes and was a bit overzealous.
  - rayer_spi: add support for SPI Tiny Tools-compatible hardware.
  This adds the definition of a pin mapping for a certain hardware model.
  - makefile: allow to disable all default-yes config variables with CONFIG_NOTHING=yes.
  Build/makefile-only change.
  - Partial architecture support for alpha hppa m68k sh s390
  Like for Hurd we decided to add support for these because the changes were mostly trivial and we can now build on all Debian architectures but PS3.
  This patch also adds support for the s390x architecture that xenial will support for the first time.
  - dediprog: use ordinary USB devs array.
  - pickit2_spi: use ordinary USB devs array.
  These two merely change the output of flashrom -L (that lists all supported devices) and allow for easier future extension of said modules.

  So to sum up... there were not *only* bug fixes since the RC but also
  some small feature additions that target new hardware and OSes. Most
  of these changes are effective at build time only. There are very few
  imaginable regression possibilities for the x86 and arm versions since
  the RC IMHO.

  Logs etc. will follow soon.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flashrom/+bug/1558822/+subscriptions

More information about the Ubuntu-sponsors mailing list