Source: u-boot Version: 2023.01+dfsg-2+deb12u1 Severity: serious Tags: upstream Justification: 1. DFSG-freeness
Dear maintainer, The u-boot source code contains non-free software. Here is the list of affected files: drivers/usb/host/xhci-rcar-r8a779x_usb3_v3.h arch/mips/mach-octeon/include/mach/cvmx-pki-cluster.h arch/x86/dts/microcode/m0130673325.dtsi arch/x86/dts/microcode/m0130679907.dtsi arch/x86/dts/microcode/m01406c2220.dtsi arch/x86/dts/microcode/m01406c3363.dtsi arch/x86/dts/microcode/m01406c440a.dtsi arch/x86/dts/microcode/m0220661105_cv.dtsi arch/x86/dts/microcode/m0230671117.dtsi arch/x86/dts/microcode/m12206a7_00000029.dtsi arch/x86/dts/microcode/m12306a2_00000008.dtsi arch/x86/dts/microcode/m12306a4_00000007.dtsi arch/x86/dts/microcode/m12306a5_00000007.dtsi arch/x86/dts/microcode/m12306a8_00000010.dtsi arch/x86/dts/microcode/m12306a9_0000001b.dtsi arch/x86/dts/microcode/m7240651_0000001c.dtsi arch/x86/dts/microcode/mc0306d4_00000018.dtsi Note: There is also a proprietary license file present in "Licenses/r8a799x_usb3.txt". I've tested locally that removing these files will not break compilation, so I advise simply removing those files from the repository. But I do not know what kind of impact this will have on users of the u-boot-tools package. -- System Information: Debian Release: 12.12 APT prefers oldstable-security APT policy: (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-39-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
