© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Required TODOs:
- embedded libfdt is outdated and well, embedded. Please build and link
against the libfdt1 / libfdt-dev that is in main.
Cannot do =)
opensbi is firmware. It runs in a different RISC-V mode - machine, not user. This code is compiled freestanding, without pic/pie, without stack protection, and without requirement to have libc. One can notice that there is an libfdt_env.h header to remap functions that look like standard ones (memcpy and the like).
It would be nice if I could build-depend on libfdt-dev source package + built-using. That way any CVEs would leave enough breadcrumbs to follow.
But this is no different to how grub2 vendorizes lzo, gcrypt, and a few other things. All of which is rebuilt freestanding. So at best I can notify security team to add an embedded source copy mapping.
W.r.t. being out of date I see that upstream did import 1.5.1 but not 1.6.0. I can work with them to update to 1.6.0 at least.