git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Xiangyu Chen <xiangyu.chen@eng.windriver.com>
	Mon, 26 Dec 2022 07:16:19 +0000 (15:16 +0800)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 11 Jan 2023 16:07:36 +0000 (06:07 -1000)
commit	683c4b327f64add72bef7317b65e7105c55c6e49
tree	e3a8181217c8876f6338583dda6cf72511cffc77	tree
parent	670f4f103b25897524d115c1f290ecae441fe4bd	commit \| diff

grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775

Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency:
font: Fix size overflow in grub_font_get_glyph_internal()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532)

Backport patch from upstream to fix following CVEs:
CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e)
CVE-2022-3775: font: Fix an integer underflow in blit_comb()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af)

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa5a42150098be892246146456faed778e28ef94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch	[new file with mode: 0644]	blob
meta/recipes-bsp/grub/files/CVE-2022-2601.patch	[new file with mode: 0644]	blob
meta/recipes-bsp/grub/files/CVE-2022-3775.patch	[new file with mode: 0644]	blob
meta/recipes-bsp/grub/grub2.inc		diff \| blob \| blame \| history