Disable NFS
This commit is contained in:
parent
9f5ba74ae0
commit
a66ab5dbb0
|
@ -0,0 +1,35 @@
|
||||||
|
From 31dc49dee987500b0d5b5b536b6da2f3fbfd5b59 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
Date: Tue, 13 Jun 2023 09:36:50 +0100
|
||||||
|
Subject: [v1] disable NFS support by default
|
||||||
|
|
||||||
|
While NFS is widely used in data centres, and private
|
||||||
|
networks it's quite a nuanced usecase for device firmware.
|
||||||
|
A lot of devices already disable it.
|
||||||
|
|
||||||
|
Various network protocols should really be opt in, not opt
|
||||||
|
out, because they add extra size and are potential attack
|
||||||
|
vectors from a security PoV. In the NFS case it doesn't
|
||||||
|
really make sense for a lot of devices like tables, SBCs etc.
|
||||||
|
It's also something we don't really want for SystemReady-IR
|
||||||
|
due to security concerns.
|
||||||
|
|
||||||
|
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
---
|
||||||
|
|
||||||
|
v1: drop RFC tag
|
||||||
|
|
||||||
|
cmd/Kconfig | 1 -
|
||||||
|
|
||||||
|
diff --git a/cmd/Kconfig b/cmd/Kconfig
|
||||||
|
index 365371fb511..a193929cec4 100644
|
||||||
|
--- a/cmd/Kconfig
|
||||||
|
+++ b/cmd/Kconfig
|
||||||
|
@@ -1848,7 +1848,6 @@ config CMD_RARP
|
||||||
|
|
||||||
|
config CMD_NFS
|
||||||
|
bool "nfs"
|
||||||
|
- default y
|
||||||
|
help
|
||||||
|
Boot image via network using NFS protocol.
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
Name: uboot-tools
|
Name: uboot-tools
|
||||||
Version: 2023.07
|
Version: 2023.07
|
||||||
Release: 0.3%{?candidate:.%{candidate}}%{?dist}
|
Release: 0.4%{?candidate:.%{candidate}}%{?dist}
|
||||||
Summary: U-Boot utilities
|
Summary: U-Boot utilities
|
||||||
License: GPLv2+ BSD LGPL-2.1+ LGPL-2.0+
|
License: GPLv2+ BSD LGPL-2.1+ LGPL-2.0+
|
||||||
URL: http://www.denx.de/wiki/U-Boot
|
URL: http://www.denx.de/wiki/U-Boot
|
||||||
|
@ -20,10 +20,11 @@ Source1: aarch64-boards
|
||||||
# Needed to find DT on boot partition that's not the first partition
|
# Needed to find DT on boot partition that's not the first partition
|
||||||
Patch1: uefi-distro-load-FDT-from-any-partition-on-boot-device.patch
|
Patch1: uefi-distro-load-FDT-from-any-partition-on-boot-device.patch
|
||||||
Patch2: smbios-Simplify-reporting-of-unknown-values.patch
|
Patch2: smbios-Simplify-reporting-of-unknown-values.patch
|
||||||
|
Patch3: 0001-disable-NFS-support-by-default.patch
|
||||||
|
|
||||||
# Board fixes and enablement
|
# Board fixes and enablement
|
||||||
# RPi - uses RPI firmware device tree for HAT support
|
# RPi - uses RPI firmware device tree for HAT support
|
||||||
Patch3: rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch
|
Patch5: rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch
|
||||||
# Rockchips improvements
|
# Rockchips improvements
|
||||||
Patch6: rockchip-Add-initial-support-for-the-PinePhone-Pro.patch
|
Patch6: rockchip-Add-initial-support-for-the-PinePhone-Pro.patch
|
||||||
Patch7: rockchip-PinePhone-Pro-fixes.patch
|
Patch7: rockchip-PinePhone-Pro-fixes.patch
|
||||||
|
@ -212,6 +213,9 @@ cp -p board/sunxi/README.nand builds/docs/README.sunxi-nand
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 16 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 2023.07-0.4.rc4
|
||||||
|
- Disable NFS by default
|
||||||
|
|
||||||
* Mon Jun 12 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 2023.07-0.3.rc4
|
* Mon Jun 12 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 2023.07-0.3.rc4
|
||||||
- Update to 2023.07 RC4
|
- Update to 2023.07 RC4
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue