summaryrefslogtreecommitdiffstats
path: root/meta/recipes-bsp/grub
diff options
context:
space:
mode:
authorYongxin Liu <yongxin.liu@windriver.com>2020-11-04 08:43:33 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-11-08 14:03:21 +0000
commitbf0e7912c8a76eaeac12a4e1f523da8a10a8780d (patch)
treee3fe2039d9da6f69f70f2b2fb49d06be8eb8f53e /meta/recipes-bsp/grub
parent81a925ac9e21af3dee8cc4f6e548dca2b29c2e88 (diff)
downloadpoky-bf0e7912c8a76eaeac12a4e1f523da8a10a8780d.tar.gz
grub: clean up CVE patches
Clean up several patches introduced in commit 6732918498 ("grub:fix several CVEs in grub 2.04"). 1) Add CVE tags to individual patches. 2) Rename upstream patches and prefix them with CVE tags. 3) Add description of reference to upstream patch. (From OE-Core rev: bcb8b6719beaf6625e6b703e91958fe8afba5819) Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub')
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch (renamed from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch)10
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch (renamed from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch)10
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch (renamed from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch)10
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch (renamed from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch)10
-rw-r--r--meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch (renamed from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch)0
-rw-r--r--meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch (renamed from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch)0
-rw-r--r--meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch (renamed from meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch)0
-rw-r--r--meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch (renamed from meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch)0
-rw-r--r--meta/recipes-bsp/grub/grub2.inc16
9 files changed, 36 insertions, 20 deletions
diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
index eb3e42c3af..637e368cb0 100644
--- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
@@ -19,11 +19,15 @@ Among other issues, this fixes:
19 19
20Fixes: CVE-2020-14308 20Fixes: CVE-2020-14308
21 21
22Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41
23from https://git.savannah.gnu.org/git/grub.git]
24
25Signed-off-by: Peter Jones <pjones@redhat.com> 22Signed-off-by: Peter Jones <pjones@redhat.com>
26Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 23Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
24
25Upstream-Status: Backport
26CVE: CVE-2020-14308
27
28Reference to upstream patch:
29https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
30
27[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04] 31[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
28Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> 32Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
29--- 33---
diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
index 146602cd3e..896a2145d4 100644
--- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -26,11 +26,15 @@ Among other issues, this fixes:
26 26
27Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 27Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
28 28
29Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6
30from https://git.savannah.gnu.org/git/grub.git]
31
32Signed-off-by: Peter Jones <pjones@redhat.com> 29Signed-off-by: Peter Jones <pjones@redhat.com>
33Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 30Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
31
32Upstream-Status: Backport
33CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
34
35Reference to upstream patch:
36https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
37
34Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> 38Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
35--- 39---
36 grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- 40 grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
index fedfc5d203..329e554a68 100644
--- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -19,11 +19,15 @@ dependent on the current behaviour without being broken.
19 19
20Fixes: CVE-2020-15706 20Fixes: CVE-2020-15706
21 21
22Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040
23from https://git.savannah.gnu.org/git/grub.git]
24
25Signed-off-by: Chris Coulson <chris.coulson@canonical.com> 22Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
26Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 23Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
24
25Upstream-Status: Backport
26CVE: CVE-2020-15706
27
28Reference to upstream patch:
29https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
30
27Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> 31Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
28--- 32---
29 grub-core/script/execute.c | 2 ++ 33 grub-core/script/execute.c | 2 ++
diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
index 0731f0ec53..d4f9300c0a 100644
--- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem with very large files.
7 7
8Fixes: CVE-2020-15707 8Fixes: CVE-2020-15707
9 9
10Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
11from https://git.savannah.gnu.org/git/grub.git]
12
13Signed-off-by: Colin Watson <cjwatson@debian.org> 10Signed-off-by: Colin Watson <cjwatson@debian.org>
14Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> 11Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
15Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 12Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
13
14Upstream-Status: Backport
15CVE: CVE-2020-15707
16
17Reference to upstream patch:
18https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
19
16Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> 20Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
17--- 21---
18 grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- 22 grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
index c9536e68ef..c9536e68ef 100644
--- a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
+++ b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
index 2b8157f592..2b8157f592 100644
--- a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
+++ b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
index 29021e8d8f..29021e8d8f 100644
--- a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
+++ b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
index 84a80d5ffd..84a80d5ffd 100644
--- a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
+++ b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7c53193ebd..ff17dbe8b7 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
19 file://grub-module-explicitly-keeps-symbole-.module_license.patch \ 19 file://grub-module-explicitly-keeps-symbole-.module_license.patch \
20 file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ 20 file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
21 file://CVE-2020-10713.patch \ 21 file://CVE-2020-10713.patch \
22 file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \ 22 file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \
23 file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \ 23 file://lvm-Add-LVM-cache-logical-volume-handling.patch \
24 file://0003-calloc-Use-calloc-at-most-places.patch \ 24 file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \
25 file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \ 25 file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \
26 file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \ 26 file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
27 file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \ 27 file://script-Remove-unused-fields-from-grub_script_functio.patch \
28 file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ 28 file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
29 file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ 29 file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
30" 30"
31SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" 31SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
32SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" 32SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"