Package: u-boot-sunxi
Version: 2021.01~rc4+dfsg-1
Severity: important
Tags: patch
Hi Vagrant,
Salsa commit 4f2f06b8 for the u-boot package introduced a bug in the
u-boot-install-sunxi script that could inadvertently overwrite the
user's own files. By removing the "mktemp -d" and the "cd", it means
the "mbr-sign" and "gpt-sign" files now get created in the current
directory, which would be unfortunate if there happened to be any user
files with those names.
A patch to fix the problem is below. It has previously appeared in
bug#979688 as part of a larger patch intended to continue the
simplifying work begun with commit 4f2f06b8.
Best wishes,
Harold.
diff --git a/debian/bin/u-boot-install-sunxi b/debian/bin/u-boot-install-sunxi
index 4f80e01099..6840a62696 100755
--- a/debian/bin/u-boot-install-sunxi
+++ b/debian/bin/u-boot-install-sunxi
@@ -63,15 +63,13 @@ fi
if [ -z "$FORCE" ]; then
# A very simple sanity check. GPT mandates a "protective MBR" so this
works
# even with GPT partitioning.
- printf '%b' '\0125\0252' >mbr-sign
- if ! cmp -s -i 0:510 -n 2 mbr-sign "$DEV"; then
+ if ! printf '\125\252' | cmp -s -i 0:510 -n 2 - "$DEV"; then
echo >&2 "$0: device/image ($DEV) has no MBR partition table"
exit 1
fi
# But, on sunxi64, spl will trample upon GPT.
- printf "EFI PART" >gpt-sign
- if cmp -s -i 0:512 -n 8 gpt-sign "$DEV"; then
+ if printf 'EFI PART' | cmp -s -i 0:512 -n 8 - "$DEV"; then
echo >&2 "$0: device/image ($DEV) uses GPT partition table, unusable on
sunxi64"
exit 1
fi
