@@ -14,9 +14,7 @@ PE = "1"
# repo during parse
SRCREV = "d637294e264adfeb29f390dfc393106fd4d41b17"
-SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \
- file://CVE-2024-42040.patch \
-"
+SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
@@ -11,6 +11,7 @@ SRC_URI += " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \
file://CVE-2022-30790.patch \
file://CVE-2022-2347_1.patch \
file://CVE-2022-2347_2.patch \
+ file://CVE-2024-42040.patch \
file://CVE-2024-57254.patch \
file://CVE-2024-57255.patch \
file://CVE-2024-57256.patch \
Commit f5b980ad added CVE-2024-42040.patch to the base U-Boot SRC_URI in u-boot-common.inc as opposed to adding it in the u-boot recipe where all the other patch additions are. This breaks at least one downstream BSP that reuses u-boot-common.inc (meta-sifive), so move that patch addition to the recipe file with all the others. Signed-off-by: Scott Murray <scott.murray@konsulko.com> --- meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +--- meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 + 2 files changed, 2 insertions(+), 3 deletions(-)