#u-boot on 2025-08-10 — irc logs at libera.catirclogs.org

2025-07-29 00:25 Tartarus changed the topic of #u-boot to: SOURCE MOVED TO https://source.denx.de/u-boot/u-boot.git / U-Boot v2025.07, v2025.10-rc1 are OUT / Merge Window is CLOSED, next branch is CLOSED / Release v2025.10 is scheduled for 06 October 2025 / Channel archives at https://libera.irclog.whitequark.org/u-boot

00:32 qschulz has quit [Remote host closed the connection]

00:34 zibolo_ has quit [Ping timeout: 245 seconds]

00:35 qschulz has joined #u-boot

00:35 zibolo has joined #u-boot

00:41 mmu_man has quit [Ping timeout: 252 seconds]

00:50 mmu_man has joined #u-boot

01:51 jclsn has quit [Ping timeout: 272 seconds]

01:53 jclsn has joined #u-boot

01:57 mmu_man has quit [Ping timeout: 265 seconds]

02:45 haritz has quit [Quit: ZNC 1.8.2+deb3.1+deb12u1 - https://znc.in]

03:08 clamor has joined #u-boot

03:14 persmule has quit [Remote host closed the connection]

04:25 _whitelogger has joined #u-boot

04:31 clamor has quit [Ping timeout: 248 seconds]

04:31 clamor has joined #u-boot

06:25 gsz has joined #u-boot

06:33 gsz has quit [Ping timeout: 244 seconds]

06:55 ungeskriptet has joined #u-boot

07:53 Jones42 has joined #u-boot

08:10 ikarso has joined #u-boot

08:10 Poltawer has joined #u-boot

08:17 rvalue has quit [Read error: Connection reset by peer]

08:17 rvalue has joined #u-boot

09:17 gsz has joined #u-boot

09:38 gsz has quit [Ping timeout: 260 seconds]

11:23 Poltawer has quit [Ping timeout: 240 seconds]

11:26 Poltawer has joined #u-boot

12:00 gsz has joined #u-boot

12:31 clamor has quit [Ping timeout: 245 seconds]

12:32 clamor has joined #u-boot

12:46 gsz has quit [Ping timeout: 240 seconds]

12:58 goliath has joined #u-boot

13:22 bjoto has quit [Remote host closed the connection]

13:26 haritz has joined #u-boot

13:26 haritz has quit [Changing host]

13:26 haritz has joined #u-boot

13:44 mmu_man has joined #u-boot

14:34 persmule has joined #u-boot

15:32 gsz has joined #u-boot

15:34 dsimic has quit [Ping timeout: 240 seconds]

15:37 dsimic has joined #u-boot

15:43 gsz has quit [Ping timeout: 252 seconds]

16:12 vagrantc has joined #u-boot

16:14 warpme has joined #u-boot

16:14 <vagrantc> hey folks ... does this CVE against u-boot have any real merit? https://www.cve.org/CVERecord?id=CVE-2025-45512 ... it is firstly against an ancient version, and all the "exploits" require access to the u-boot console ... i mean, locking down the u-boot console might be a good thing to be able to do... but is it really an exploit?

16:14 <vagrantc> am i missing something?

16:15 <vagrantc> at a quick glance, it does not look like it actually bypasses any security measures ... just uses measures that have no lockdown mechanisms

16:15 <vagrantc> (for extra fun, it mentions some raspberry pi specific commands, even though the version it is talking about is from 7 years before the raspberry pi even existed)

16:16 <vagrantc> let alone had support in u-boot

16:16 <vagrantc> good ol' u-boot v1.1.3

16:16 <vagrantc> so i guess, in short, is there anything to actually be done about this one?

16:18 pitillo has quit [Quit: leaving]

16:22 <marex> vagrantc: reading now

16:24 <marex> vagrantc: ugh, it sounds so ominous ... but all it does is it uses u-boot console ... indeed

16:25 <marex> vagrantc: this is really up to the device vendor to lock the device down, including disabling console access and such

16:26 pitillo has joined #u-boot

16:44 <Tartarus> I've already complained to MITRE about that one, it's against a 20 year old (almost literally, Aug 14 2005, iirc) version of U-Boot

17:26 warpme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

17:41 clamor has quit [Ping timeout: 248 seconds]

17:44 <vagrantc> marex, Tartarus: thanks for confirmation :)

18:26 mmu_man has quit [Ping timeout: 276 seconds]

18:32 <m4t> hmm is this smells of the ai slop that curl has been seeing from their bug bounty program: https://github.com/AzhariRamadhan/CVE-2025-45512/blob/main/exp.py#L139-L153

18:32 <m4t> -is

18:33 <m4t> https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/

18:45 <vagrantc> yeah, it did make me wonder a bit...

18:46 mmu_man has joined #u-boot

18:57 gsz has joined #u-boot

19:00 Jones42 has quit [Ping timeout: 244 seconds]

19:08 slobodan_ has joined #u-boot

19:08 slobodan_ is now known as slobodan

19:16 slobodan has quit [Read error: Connection reset by peer]

19:17 slobodan has joined #u-boot

20:09 <marex> probably not AI, but it seems little effort went into understanding the project concepts or even into reading the README

20:36 goliath has quit [Quit: SIGSEGV]

20:38 <vagrantc> they do admit that they are testing a very old version, strangely enough

20:41 <marex> even the latest version would have the same "problem"

20:43 <vagrantc> indeed

20:46 Poltawer has quit [Quit: WeeChat 4.7.0]

21:28 <m4t> that python script is definitely ai written

21:53 vfazio_ has joined #u-boot

21:55 vfazio has quit [Read error: Connection reset by peer]

22:18 gsz has quit [Ping timeout: 248 seconds]

22:31 mmu_man has quit [Ping timeout: 265 seconds]

22:43 mmu_man has joined #u-boot

23:05 alexeymin has quit [Ping timeout: 248 seconds]

23:06 alexeymin_ has joined #u-boot

23:06 alexeymin_ is now known as alexeymin

23:10 alexeymin has quit [Ping timeout: 252 seconds]

23:14 alexeymin has joined #u-boot