An unintended "-e" string may be written into the generated ITS file when users
set the UBOOT_FIT_USER_SETTINGS variable to include custom binaries in the U-Boot
image.
This issue is caused by the use of 'echo -e', which behaves inconsistently across
different shells. While bash interprets '-e' as enabling escape sequences
(e.g., \n, \t), dash—the default /bin/sh on many systems—does not recognize
'-e' and treats it as a literal string. As a result, "-e" can be mistakenly
injected into the ITS file under certain build environments.
To ensure consistent and shell-agnostic behavior, replace 'echo -e' with
'printf', which is well-defined by POSIX and behaves reliably across all common
shells.
This change improves portability and prevents malformed ITS files caused by unintended
string injection.
Fixes: c12e013 ("uboot-sign: support to add users specific image tree source")
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fi
if [ -n "${UBOOT_FIT_USER_SETTINGS}" ] ; then
- echo -e "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS}
+ printf "%b" "${UBOOT_FIT_USER_SETTINGS}" >> ${UBOOT_ITS}
fi
if [ -n "${UBOOT_FIT_CONF_USER_LOADABLES}" ] ; then
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
