Accepting request 1314353 from hardware

OBS-URL: https://build.opensuse.org/request/show/1314353
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/coreboot-utils?expand=0&rev=33

coreboot-25.09.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bdc8f177bc3705e11099fef1d0028a39fc9ae659c9b1e5055781a9a762f6da4
+size 65414208

coreboot-25.09.tar.xz.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEEx1qqTlydsBfB3G7b2xsOwpIC2HQFAmjV8AsACgkQ2xsOwpIC
+2HTE+wwAv+e1pswoPMB9oGvMks+qqGmPw7fjg3uj1Kg6DmonLzIm5NcWsQIjA4QJ
+e7ia0SsT4sw02Gy9Qxef+BiqU/QyHA9flh/EGHoSL/r/exaLEmmlXmRThvxjtMcO
+8xmsz44UFUDlmzu01B42i7lWio7HkVev4VItRNvvkLCyqUHA6EK1iyiK1Q9rmYz2
+LuDeX7XplJ7KhLCmpV9iW34R5zWAk13tmgTGpaNOFhhUjYXyYJ4Hvlw7mJt/KWmP
+OTMIyVFFf9DA8s41IgaeL1eAZAiQ8x9dOLE1EPwFJpCCkS2efhlP1QDmPpxmC4X2
+LKFmVzxSTYIkYghvsWVtLEkO0oJ28aSTUt22UExddxhTPIV2UYDmpgkEcD9PRmzO
+1up3nPzylELG/XMVk2eAmwRM1kFyOKAIqH2VZJpkclT2ONqWmWr13/2FQQv3yXjP
+Pwfvbo0++IMXwRxd9UiG06Jme4bS0bmN9SSMOnerY8gMfp9T43XHBunAjHTNe4MN
+ZtCP3fvD
+=9Z+u
+-----END PGP SIGNATURE-----

coreboot-4.22.01.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3d1a36dfb2a654133c7f36cf4da436f0d79f535644069adfe7cdcad962532c3f
-size 60113964

coreboot-4.22.01.tar.xz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCQAdFiEEV0zm9oVc/et9No6dGXlsKz5PffcFAmVgJBoACgkQGXlsKz5P
-ffeQKw//ZaexlwvKbVlo1HhX/R7onU67TED7Zo8V7mOJmHA87LtX7vsvAhGubDmh
-LPGoJgB2WD1uXjHle6iLKfJpjiXzq1mi/uHudUQOn/yMRXWNU/wDENOM8LAtVkSa
-mgnMd30bTasljlJv2O+dF7MT5U8YDfgobGaT95TyW+Yt1A1zjrwRjIPNQ2mRufAQ
-bJWJi7wa7I58zUAQviQfPg1nxMw/f7CjEpIasQjZBivBBUn2cdy9RmTRE+FxhCNi
-D0lB5sasvcpAN+RS41tTB8iY927puNbACMroozi7NREaP3NgFPxGkXZtlmIKtq5c
-C08c7CEWnCcCPDD6bFqzgMGTlA9yjIgW+C4zsskQ9C/hRmbTSCoPi4EKKaJvGLYD
-Vsw1mYADlFPGocYyMGhAFn7aKKzS1y0vX2Bci06uHuWYzj9uolx7T3RlIjZAn18e
-DsTwmcPyR8BPFlV3UPnBx3pZcgCGsT2U0hpLDkEh8SvetkvfMnfonfM3MJcWwgk1
-TKN+CUxtBKpw2Cvkw7w98FNPrw9OiNanlNomrSzy1M3IG8Sog/JzjftLjyqdptof
-G8dfI5WEjjTxagm2FMHyzTTqdw3WbZIWJEe4xcTp8JxBPpAMJmkybhedmv6PIp4t
-SEBXy/ZeOXqB2GFkzZCeRC28qcr2zALPentAZucVpxVzoCk4GPo=
-=U/el
------END PGP SIGNATURE-----

coreboot-utils.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Wed Oct 29 09:47:38 UTC 2025 - Thomas Renninger <trenn@suse.de>
+
+- Fix bsc#1252626, CVE-2025-62813
+A lz4_CVE-2025-62813_null_pointer_check.patch
+
+-------------------------------------------------------------------
+Sat Oct 11 16:02:48 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 25.09
+  * https://coreboot.org/releases/coreboot-25.09-relnotes.txt
+- Update coreboot-utils.keyring
+  -> New Key: C75A AA4E 5C9D B017 C1DC 6EDB DB1B 0EC2 9202 D874
+              Matt DeVillier <matt.devillier@gmail.com>
+
+-------------------------------------------------------------------
+Sun Jul  6 12:05:58 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 25.06
+  * https://coreboot.org/releases/coreboot-25.06-relnotes.txt
+- Drop not longer needed patches:
+  * gcc15.diff
+  * treewide-Work-around-GCC-15-Werror-unterminated-string-initialization.patch
+
+-------------------------------------------------------------------
+Fri Jul  4 09:27:32 UTC 2025 - Thomas Renninger <trenn@suse.de>
+
+- Update to version 25.03
+- Fix gcc15 string init issue (bsc#1244466)
+A gcc15.diff
+A treewide-Work-around-GCC-15-Werror-unterminated-string-initialization.patch
+- Not needed anymore, builds fine without:
+D no-pie.patch
+
+-------------------------------------------------------------------
+Sun Dec 22 13:22:14 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 24.08
+  * https://coreboot.org/releases/coreboot-24.08-relnotes.txt
+- Update to version 24.05
+  * https://coreboot.org/releases/coreboot-24.05-relnotes.txt
+- Update to version 24.02.01
+  * https://coreboot.org/releases/coreboot-24.02.01-relnotes.txt
+
 -------------------------------------------------------------------
 Mon Feb 26 11:35:58 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 
@@ -400,4 +444,3 @@ Thu Jan 10 11:41:16 CET 2008 - bwalle@suse.de
 
 - initial package
 
--------------------------------------------------------------------

coreboot-utils.keyring

@@ -1,51 +1,41 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBFf7BTIBEAC1qr3AjGeuob577RsPe2UawIJCOfDKA17lYtLDoPbklPSbOkS3
-EdJdr1xhaI7ohAvIttyppyeYuEVA6lM+h7dCCml9vfNn/EVRdg0FJ2ROLtMGq3E7
-7gdx4v8CBgpIKa8GtnCqz8kAI8ZbpXkcBaasLZ1LKsmXjHvfH3GBQK6HjnZ7yCvr
-+44m/7XX2rJYsAx1/b07fhplE3Mq4d+2zFzStwW8913gkgtA5R6HAPVU83zAKuR2
-bvTjyMLCTKYXu9am545dzOwbHAmDv8yA+eTYMM6Rf9IquK43muwsl3knHPtXlzwZ
-vaoYIgYEROGD15z9/MY1/mRTUVsFVs18mAtYli6LmXHo2wwQaO+CZ+dHCzeJwTMV
-7aFhpWqk6jFctVeQWlP2IBLszFBUQQ48XI5qIpUFYOiF1iJfq+YK2qNlidFq4Ddh
-V07Kf9ZYodzYL/tamPlo4gCjWyAdX0rmbKp8pSrkuLCAcY+SXlMigfhri7kFc8Ks
-N3K8Zf17TYZXTURohqiWBOYlh/er/2wou9yI9sCIW6y/0+nR3mIZ+ytlMkUyq+Pi
-2syqAE1qjJpvl5J+2LVtE1Q69b0qKKOJdC7XeEaGX/18AB8Ufp5gXx+xbM8r5pec
-InepxDYSV9MXw7ogLKacQ76zKP3xgUfAxj0MNvsFqHf9PprQIhEE0MDHvQARAQAB
-tDZNYXJ0aW4gUm90aCAoY29yZWJvb3QgZGV2ZWxvcGVyKSA8bWFydGluQGNvcmVi
-b290Lm9yZz6JAjkEEwECACMFAlf7BTICGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
-AQIXgAAKCRAZeWwrPk9991KhD/9dQ3QpQmwumT9SIRS1sAbQ4GNrZqex7zQbtmmy
-eACQcfAV0Gget3HhG7DZf0YrOOSOkWb2L3LhEucM6qX+MN+eSWjkYsGktNQeBovK
-VP8ZgnjYrs3cSi+Fgv8BgdvjfZ2Mr5UKJ290kUphuKBMb0UyAVnxm7h6ykB3kzJZ
-lOoEgDfXNy7k9h5BPqnTYqTO0NzHtBkV7xwRldVwUZ33npeMcWaYlidZG29mRaYO
-BUGLna11apX2xi7p7vXMWTZnCGgSgi47HlFdb6tcvwXK8EDu2QU96DprmOa8gAYU
-fXaVMXjLL+cWNg1EY0m8i0yhxpLkEsB/MBUcN8FeTMoftLdWanqQDjbo51SZ5M2M
-A0hdBp4f7PZPiRP1SFhndhCJBiPk1y0ebMwqRK6LG1aqE8DS6ZiFisNz+g2EZEMF
-uUg2XH0B+SXgxOA/PKw29RTsqsSGh1xl6ajtVeaeMVc3hBPdtNnZ8cu2/IKvym8B
-kOO4O8Erdu9TUQEt9BIGzh5vqIKhrOdQ7nwumYsq8J5yHbCbPRv5/XjAvvJks/oU
-UfdmxkmBRo2+rj4R5a7fETizFf7dyYLC9tuY1+vks9I9+7GUP760MIH9EI8VZB/U
-DG8teRLVpi30ceGo/WZweqDXXATwIU3nsLolcEU+byKh5bwr7/iIyuXbt/Q2rSSQ
-lAXzUbkCDQRX+wUyARAArRRH4MzJkCWBGdrmjmCsR1YEFUYsFpomJB+pyDRRu75t
-X03GYfnYKvZfOsj4x1jJsATSRWvdom09RSpae+jFFvAcGVabNMRwksKz7dP3hiCg
-zS0tfQU0Q8ge3PXJ/COBNTIAETLBZ0j2YQnPmJpvD16BSDthBgKfec/l31s1bzXL
-qwtBDub6DJrtu+Iunpti+kDAsmfxyVlOkUImODqPzSOzDmoCntb0XEQmEW/b1KQW
-L66/qs5EWS6vHjA4Bn/3aUNQrXuGOcpycc7fyix3RATjpNZah9ScZ2CPBlrwm1J4
-q9Pj0GPzeXY2DznnLQkmrJ0j8IJ4Bf4NpM8j7n0xevMiWvwi7+NxvstvcnKJi/oj
-rhGGRu+55s7JHTXA1kqD82rnAm0NMhhb+kSBamEQsuzIdKPFw7ep2dSveiwJMB2k
-PdFXyxNIvlKMKr2FF87pIW3XLKPfmHQJ3wUdiImUAxFcvJAALH3bW6wd6aqRKOPy
-9IO9pUXVL65ZskDcxgGPGUlY6NPgSUD4jqh9vM0mbxkQ4rUfgVN7MHO4+UysY9+p
-NDfKg09hF2tCm13OODY5AZTY2AE9Gv+BkVgiD01yYW3FNjUFXDNZXgkC70mRinMd
-ezEv93nFXoCvIqORX72Ien2lcGZALT/6bq9ouG6TbohFIjb8+qWZ0tzsRlblI58A
-EQEAAYkCHwQYAQIACQUCV/sFMgIbDAAKCRAZeWwrPk999zo5EACpWJcNUeLiiUPr
-ScvfITL39qBXPvMyfNtJADKqdfh/s3OWuw3zGbLYKtCYGm+VYqFXJEoLIGXvwXJe
-dSb2vMhG1ME38234l/8c8sGCiVqLk+g31p+091gPpe25RbtJBwo4r5wmWkc69CTS
-ij8s1Q1STefAbvMxQxDnTG5hZvyr/bL5aawuHXrIAwCinuA4CFNn6eUPudvUAFz3
-1tUfRhuS/Wt/+LYdW1eGAjDZ4lvzyRKWqkKj55wCxrh4RkR8GWR76Y4pAz1Mk3SH
-4NnFgFGDsJtYd5yLP8T5vz4ouRxh+BFNBUJuInp3Dul4wR9I4WiQYGDiWuSfuyvn
-nOT3KrnE6kpulqdgCRtPTnRKwvsuhrOID10xMwVQnTNFrv8s4uVa9lCWBSfj9NFu
-ne6v4mZ3oEWIKmdDaPDbzYn+S9HEY57tXPqMIBDpok/JPOPlUtk5y1zTdvvBb+DD
-QL8GL6ZAAUWxFwl+VK5wbDEBrZstvSZPGhfwkLEI7qeOnFbyBWMKm0PhwpvXznDg
-UCpCBQ4e+6rL+k5SdhQu25UFKqcSqqMSDri0JT9AxgX5xvioRP1JHyMJIcoo5oBJ
-/6xDPGZcAjnkV9YtD51dQviBMcZQ11GXTFcYo0MDqUJNgOis6SUxI1hGsqPOYa89
-mUS5nvF0saAZHIiapVND0eIkb3uCNQ==
-=ZArY
+mQGNBGXLplcBDADavVz0F9cGkbmPAihbcmyN3/DlI1E7ZyNd4TqVobf7z9P9sUyA
+RUhCRD0tPQ7KHBfbJMiBbRzrHYB+qu1Rvjt5snZqFYzsh7t8A3hyZxq907PEsix7
+jh960tqEZAqaXih2Fg8poI/prBu/x0+8W4oKeubjK3f4BZYkipvpDdH1so+dQWe6
+XztljGQGWcCfN1MSOCs3X7OIyUFQ2LQlqPOmaQ4UVzFlXoVxu/Y/gA6QbVEQIXSa
+zsdKDF/OdAdmN03jT8AUOirSXWz80lStg1Z/jB613vdXrybsIXk2te+2oX63k9lV
+U7h64GuKGURwnRFyMU7s4hpBrhwKKm5PhIFtfGL/nJv45f4gNJwW71VprEXfB2aH
+lLovl+WhYkbsomZY7h3QJD0svXmXxK04XHbmKFNnv46GkEXRr79dGdGtLRbr+Sop
++onYlLQ1qpw6fkyrZhQKomskEGPjtwfmELT2y4AiiNAizrvAu/7jR2469ubD3SUo
+QeLllzGeGVGq9JkAEQEAAbQpTWF0dCBEZVZpbGxpZXIgPG1hdHQuZGV2aWxsaWVy
+QGdtYWlsLmNvbT6JAc4EEwEKADgWIQTHWqpOXJ2wF8HcbtvbGw7CkgLYdAUCZcum
+VwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDbGw7CkgLYdCuDC/9SktFs
+YRu3URj9eosJcu48ysCEczHpKuaLvECkiuS+yzKVt4yvHuLgePmUx3mMn9+yN6Gz
+uTQHkAf6wyRqt3v7QIGyTYg9TLe/cFGfItQrSsTbGDPKPHzuKz0YdrtJ54C3rLPl
+t69nCVrmiNdLgVnnXAifDzuDyGQXtzGl/Fw0dJD0VmLAGYVIm6DD8jLri+M9irSI
+qFi8mNLCwHLqmNnc5AV/Gvp4MAbeG/slDQ/vUm6cVYsmQC8khs6qoDjDd5DpRRmC
+2PUwJ+/JhEFKb0J3zi2HZ1iscE7Xyx/Agi++s81JiCFu1cxFoRz9/r7fm/6Dej2Z
++CrQFajtNwvgUpjUPiIeoSzSRXVofo3bq90QNKq9ZeJbbHLpD73Hcm+QV2R4KDjU
+MqTRM/lSaaSmgSWvhFeSbkkJCyQk8wXfXavNNFN6kPbmFQ2TNWISZ3sllCNrf5OJ
+ABEEwhLpVQNsydulQ2yADqijje/zujltMYi0ygrfcuU8WEkP4mKBecmy31q5AY0E
+ZcumVwEMAK0Oq3gvfLoVAaSxtLkwmb+0wDWPmr85jP6xftqwMOMsq/MGjCPotCEm
+TLpR4WMHCV8Kq3hLJrQ7xeD+UnjuF6eAOCxu6JerwZIRnmYRKF1mzuRPOK+Wur/d
+12f2lDvf5JqKzQYXMiIHrXihZIXJ9YXElMtGGiz9wekNfqXJi9mJ0HQJYDJ7LFum
+3cPa3qXYnmqyDaNaJrDjWhwmJg9zmMYjdxzCKTFiliPASEl9Vy6Uyg0eIb+TtE7R
+1RxSW9CqRTRnbd4hW6VX7MEvcHdiG679jkO0nN2kuKjXgzCTcoU8bTVBJLAorYh7
+bNvOcf930ib58jIKGjTu+U9PnAoii66hqwZceldi3Yj4jiaBwS4f353S8kH4oIXL
+3MhZA1XuphyHiWsU3jXlMV8C5gQ3vzOFoO3wzT69qlbVNlfKTH9FcVer/2VdZvcx
+36shUCJxtm6Hhg8dFuPYsN+WfAxMhOaaFt+Au+gTZAoIpR7N9lDftwEXVf/3BAtp
+Xc/JWuAkVwARAQABiQG2BBgBCgAgFiEEx1qqTlydsBfB3G7b2xsOwpIC2HQFAmXL
+plcCGwwACgkQ2xsOwpIC2HQVlAv/fa4psO24xJuCJzn3WRbderOyZmwnqtpcio7u
+OjULuhazl9+dKIhpjwjpsOm6HKRMdOf/VvdCp68YcJeWbAqGxRWwM5vtP5UpAXTd
+QBUtr7ZKthW+Rg71p6rmTGmx02LcirQnVEAZItsxwPNWl7P+LpbHBtDcBG1Ur4O2
+l4fHJH64PeUZbDEXoenyuP0ji+JRw+TSI/xTsWLiJHgUSnP19JOk068B/WNkw8hO
+OoQkDOK67Cw9/OAzJIJkMW4VrntxJNUp+UpZCcZHCNWf8yrgs3UFAxM3KbQ/4lN0
+2iMkopuXIeruNBkPN4bsGm4V7YFDMMKJVcF3Khme62QO5LNsOAv6fcUQdaKHdZwt
+e7vKotDabLmesylnAHBWHgvKBGFepNeg7XSasB/OxAlyi4u8IzviTsVnSY4qT/Q0
+L3YC5416e5OWRq77cdmOUvQS2hiUElwWP75L9JvHZF5zEbLVKLPRTZriM83xF5Rj
+pfHVp/B2tOa6fRC3tAxXlPNeHs1P
+=J+Zs
 -----END PGP PUBLIC KEY BLOCK-----

coreboot-utils.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package coreboot-utils
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           coreboot-utils
-Version:        4.22.01
+Version:        25.09
 Release:        0
 Summary:        A universal flash programming utility
 License:        GPL-2.0-only
@@ -26,8 +26,8 @@ URL:            https://coreboot.org/
 Source0:        https://www.coreboot.org/releases/coreboot-%{version}.tar.xz
 Source1:        https://www.coreboot.org/releases/coreboot-%{version}.tar.xz.sig
 Source3:        %{name}.keyring
-Patch1:         no-pie.patch
-Patch3:         do-explicit-fallthrough.patch
+Patch1:         do-explicit-fallthrough.patch
+Patch2:         lz4_CVE-2025-62813_null_pointer_check.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libopenssl-devel
 BuildRequires:  pciutils-devel
@@ -43,10 +43,6 @@ used to develop and configure systems with coreboot.
 %prep
 %autosetup -p1 -n coreboot-%{version}
 
-# Upstream messed the timespamps in the tarball
-# Fix these for the 4.19 tarball
-find . | xargs touch
-
 %build
 make %{?_smp_mflags} CFLAGS="%{optflags}" -C util/ectool
 make %{?_smp_mflags} CC="cc %{optflags}" -C util/superiotool

lz4_CVE-2025-62813_null_pointer_check.patch

@@ -0,0 +1,37 @@
+commit 93137e9042bd72b5158eae6175a0c4f2f67bd176
+Author: Thomas Renninger <trenn@suse.de>
+Date:   Wed Oct 29 10:51:52 2025 +0100
+
+    Fix CVE-2025-62813
+    
+    This is a backport of lz4 mainline commit:
+    f64efec011c058bd70348576438abac222fe6c82
+    
+    Which security people identified as a security vulnerability:
+    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-62813
+    https://www.cve.org/CVERecord?id=CVE-2025-62813
+    https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
+
+diff --git a/util/cbfstool/lz4/lib/lz4frame.c b/util/cbfstool/lz4/lib/lz4frame.c
+index aef508d8df..15673d4ca6 100644
+--- a/util/cbfstool/lz4/lib/lz4frame.c
++++ b/util/cbfstool/lz4/lib/lz4frame.c
+@@ -64,6 +64,7 @@ You can contact the author at :
+ #include "lz4hc.h"
+ #include "xxhash.h"
+ 
++#include <assert.h>
+ 
+ /**************************************
+ *  Basic Types
+@@ -930,6 +931,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_decompressionContext_t dCtx, LZ4F_frameI
+ {
+     LZ4F_dctx_t* dctxPtr = (LZ4F_dctx_t*)dCtx;
+ 
++    assert(dCtx != NULL);
++    if (frameInfoPtr == NULL || srcSizePtr == NULL)
++	    return (size_t)-LZ4F_ERROR_srcPtr_wrong;
++
+     if (dctxPtr->dStage > dstage_storeHeader)   /* note : requires dstage_* header related to be at beginning of enum */
+     {
+         size_t o=0, i=0;

no-pie.patch

@@ -1,15 +0,0 @@
-diff --git a/util/msrtool/Makefile.in b/util/msrtool/Makefile.in
-index f50adc2..15552bb 100644
---- a/util/msrtool/Makefile.in
-+++ b/util/msrtool/Makefile.in
-@@ -19,8 +19,8 @@ PROGRAM = msrtool
- CC      = @CC@
- INSTALL = @INSTALL@
- PREFIX  = @PREFIX@
--CFLAGS  = @CFLAGS@
--LDFLAGS = @LDFLAGS@
-+CFLAGS  = @CFLAGS@ -fPIC -fno-PIE
-+LDFLAGS = @LDFLAGS@ -fPIC -no-pie
- 
- TARGETS = geodegx2.o geodelx.o cs5536.o k8.o via_c7.o intel_pentium3_early.o intel_pentium3.o intel_pentium4_early.o intel_pentium4_later.o intel_pentium_d.o intel_core1.o intel_core2_early.o intel_core2_later.o intel_nehalem.o intel_atom.o
- SYSTEMS = linux.o darwin.o freebsd.o