diff options
author | Yongxin Liu <yongxin.liu@windriver.com> | 2022-08-05 10:42:19 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-08-21 22:51:41 +0100 |
commit | d4b6ad56b707fc7a53fc424bea00383a4d4fa9f1 (patch) | |
tree | 23b07b32f92d7d7d8d353b36bc4e7fc777b095a3 /meta/recipes-bsp/grub/grub2.inc | |
parent | 0081575ff9b3627c6d2fdee4bf88ea6cb87feb09 (diff) | |
download | poky-d4b6ad56b707fc7a53fc424bea00383a4d4fa9f1.tar.gz |
grub2: fix several CVEs
Backport CVE patches from upstream to fix:
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
Backport the following 5 patches to make CVE patches be applied smoothly.
video-Remove-trailing-whitespaces.patch
video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
(From OE-Core rev: db43401a3a4c201f02f4128fa4bac8ce993bfec0)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/grub2.inc')
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 45852ab9b1..47ea561002 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -22,6 +22,16 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
22 | file://0001-RISC-V-Restore-the-typcast-to-long.patch \ | 22 | file://0001-RISC-V-Restore-the-typcast-to-long.patch \ |
23 | file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ | 23 | file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ |
24 | file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ | 24 | file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ |
25 | file://video-Remove-trailing-whitespaces.patch \ | ||
26 | file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ | ||
27 | file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ | ||
28 | file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ | ||
29 | file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ | ||
30 | file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ | ||
31 | file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ | ||
32 | file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ | ||
33 | file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ | ||
34 | file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ | ||
25 | " | 35 | " |
26 | 36 | ||
27 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" | 37 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" |