Disable NFS
This commit is contained in:
Peter Robinson
parent
9f5ba74ae0
commit
a66ab5dbb0
|
|
@ -0,0 +1,35 @@
|
|||
From 31dc49dee987500b0d5b5b536b6da2f3fbfd5b59 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Tue, 13 Jun 2023 09:36:50 +0100
|
||||
Subject: [v1] disable NFS support by default
|
||||
|
||||
While NFS is widely used in data centres, and private
|
||||
networks it's quite a nuanced usecase for device firmware.
|
||||
A lot of devices already disable it.
|
||||
|
||||
Various network protocols should really be opt in, not opt
|
||||
out, because they add extra size and are potential attack
|
||||
vectors from a security PoV. In the NFS case it doesn't
|
||||
really make sense for a lot of devices like tables, SBCs etc.
|
||||
It's also something we don't really want for SystemReady-IR
|
||||
due to security concerns.
|
||||
|
||||
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||
---
|
||||
|
||||
v1: drop RFC tag
|
||||
|
||||
cmd/Kconfig | 1 -
|
||||
|
||||
diff --git a/cmd/Kconfig b/cmd/Kconfig
|
||||
index 365371fb511..a193929cec4 100644
|
||||
--- a/cmd/Kconfig
|
||||
+++ b/cmd/Kconfig
|
||||
@@ -1848,7 +1848,6 @@ config CMD_RARP
|
||||
|
||||
config CMD_NFS
|
||||
bool "nfs"
|
||||
- default y
|
||||
help
|
||||
Boot image via network using NFS protocol.
|
||||
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
Name: uboot-tools
|
||||
Version: 2023.07
|
||||
Release: 0.3%{?candidate:.%{candidate}}%{?dist}
|
||||
Release: 0.4%{?candidate:.%{candidate}}%{?dist}
|
||||
Summary: U-Boot utilities
|
||||
License: GPLv2+ BSD LGPL-2.1+ LGPL-2.0+
|
||||
URL: http://www.denx.de/wiki/U-Boot
|
||||
|
|
@ -20,10 +20,11 @@ Source1: aarch64-boards
|
|||
# Needed to find DT on boot partition that's not the first partition
|
||||
Patch1: uefi-distro-load-FDT-from-any-partition-on-boot-device.patch
|
||||
Patch2: smbios-Simplify-reporting-of-unknown-values.patch
|
||||
Patch3: 0001-disable-NFS-support-by-default.patch
|
||||
|
||||
# Board fixes and enablement
|
||||
# RPi - uses RPI firmware device tree for HAT support
|
||||
Patch3: rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch
|
||||
Patch5: rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch
|
||||
# Rockchips improvements
|
||||
Patch6: rockchip-Add-initial-support-for-the-PinePhone-Pro.patch
|
||||
Patch7: rockchip-PinePhone-Pro-fixes.patch
|
||||
|
|
@ -212,6 +213,9 @@ cp -p board/sunxi/README.nand builds/docs/README.sunxi-nand
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jun 16 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 2023.07-0.4.rc4
|
||||
- Disable NFS by default
|
||||
|
||||
* Mon Jun 12 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 2023.07-0.3.rc4
|
||||
- Update to 2023.07 RC4
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue