]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
grub2: fix several CVEs
authorYongxin Liu <yongxin.liu@windriver.com>
Fri, 5 Aug 2022 02:42:19 +0000 (10:42 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 21 Aug 2022 21:51:38 +0000 (22:51 +0100)
commitdb43401a3a4c201f02f4128fa4bac8ce993bfec0
treef8e8f7bc57c9e089bf3b485384178cd01da6562e
parenteab13974ff1b271f25caaf5df32887f017645229
grub2: fix several CVEs

Backport CVE patches from upstream to fix:
  CVE-2021-3695
  CVE-2021-3696
  CVE-2021-3697
  CVE-2022-28733
  CVE-2022-28734
  CVE-2022-28735

Backport the following 5 patches to make CVE patches be applied smoothly.
  video-Remove-trailing-whitespaces.patch
  video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch [new file with mode: 0644]
meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch [new file with mode: 0644]
meta/recipes-bsp/grub/grub2.inc