diff options
author | Yongxin Liu <yongxin.liu@windriver.com> | 2020-11-04 08:43:33 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-08 14:03:21 +0000 |
commit | bf0e7912c8a76eaeac12a4e1f523da8a10a8780d (patch) | |
tree | e3fe2039d9da6f69f70f2b2fb49d06be8eb8f53e /meta/recipes-bsp/grub | |
parent | 81a925ac9e21af3dee8cc4f6e548dca2b29c2e88 (diff) | |
download | poky-bf0e7912c8a76eaeac12a4e1f523da8a10a8780d.tar.gz |
grub: clean up CVE patches
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
(From OE-Core rev: bcb8b6719beaf6625e6b703e91958fe8afba5819)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub')
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch (renamed from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch) | 10 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch (renamed from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch) | 10 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch (renamed from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch) | 10 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch (renamed from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch) | 10 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch (renamed from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch (renamed from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch (renamed from meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch (renamed from meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch) | 0 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 16 |
9 files changed, 36 insertions, 20 deletions
diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch index eb3e42c3af..637e368cb0 100644 --- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch +++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch | |||
@@ -19,11 +19,15 @@ Among other issues, this fixes: | |||
19 | 19 | ||
20 | Fixes: CVE-2020-14308 | 20 | Fixes: CVE-2020-14308 |
21 | 21 | ||
22 | Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41 | ||
23 | from https://git.savannah.gnu.org/git/grub.git] | ||
24 | |||
25 | Signed-off-by: Peter Jones <pjones@redhat.com> | 22 | Signed-off-by: Peter Jones <pjones@redhat.com> |
26 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | 23 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
24 | |||
25 | Upstream-Status: Backport | ||
26 | CVE: CVE-2020-14308 | ||
27 | |||
28 | Reference to upstream patch: | ||
29 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 | ||
30 | |||
27 | [YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04] | 31 | [YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04] |
28 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | 32 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> |
29 | --- | 33 | --- |
diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch index 146602cd3e..896a2145d4 100644 --- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch +++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch | |||
@@ -26,11 +26,15 @@ Among other issues, this fixes: | |||
26 | 26 | ||
27 | Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 | 27 | Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 |
28 | 28 | ||
29 | Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6 | ||
30 | from https://git.savannah.gnu.org/git/grub.git] | ||
31 | |||
32 | Signed-off-by: Peter Jones <pjones@redhat.com> | 29 | Signed-off-by: Peter Jones <pjones@redhat.com> |
33 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | 30 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
31 | |||
32 | Upstream-Status: Backport | ||
33 | CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 | ||
34 | |||
35 | Reference to upstream patch: | ||
36 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6 | ||
37 | |||
34 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | 38 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> |
35 | --- | 39 | --- |
36 | grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- | 40 | grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- |
diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch index fedfc5d203..329e554a68 100644 --- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch +++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch | |||
@@ -19,11 +19,15 @@ dependent on the current behaviour without being broken. | |||
19 | 19 | ||
20 | Fixes: CVE-2020-15706 | 20 | Fixes: CVE-2020-15706 |
21 | 21 | ||
22 | Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040 | ||
23 | from https://git.savannah.gnu.org/git/grub.git] | ||
24 | |||
25 | Signed-off-by: Chris Coulson <chris.coulson@canonical.com> | 22 | Signed-off-by: Chris Coulson <chris.coulson@canonical.com> |
26 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | 23 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
24 | |||
25 | Upstream-Status: Backport | ||
26 | CVE: CVE-2020-15706 | ||
27 | |||
28 | Reference to upstream patch: | ||
29 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040 | ||
30 | |||
27 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | 31 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> |
28 | --- | 32 | --- |
29 | grub-core/script/execute.c | 2 ++ | 33 | grub-core/script/execute.c | 2 ++ |
diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch index 0731f0ec53..d4f9300c0a 100644 --- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch +++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch | |||
@@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem with very large files. | |||
7 | 7 | ||
8 | Fixes: CVE-2020-15707 | 8 | Fixes: CVE-2020-15707 |
9 | 9 | ||
10 | Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 | ||
11 | from https://git.savannah.gnu.org/git/grub.git] | ||
12 | |||
13 | Signed-off-by: Colin Watson <cjwatson@debian.org> | 10 | Signed-off-by: Colin Watson <cjwatson@debian.org> |
14 | Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 11 | Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> |
15 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | 12 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
13 | |||
14 | Upstream-Status: Backport | ||
15 | CVE: CVE-2020-15707 | ||
16 | |||
17 | Reference to upstream patch: | ||
18 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 | ||
19 | |||
16 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | 20 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> |
17 | --- | 21 | --- |
18 | grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- | 22 | grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- |
diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch index c9536e68ef..c9536e68ef 100644 --- a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch +++ b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch | |||
diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch index 2b8157f592..2b8157f592 100644 --- a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch +++ b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch | |||
diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch index 29021e8d8f..29021e8d8f 100644 --- a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch +++ b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch | |||
diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch index 84a80d5ffd..84a80d5ffd 100644 --- a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch +++ b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch | |||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 7c53193ebd..ff17dbe8b7 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
19 | file://grub-module-explicitly-keeps-symbole-.module_license.patch \ | 19 | file://grub-module-explicitly-keeps-symbole-.module_license.patch \ |
20 | file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ | 20 | file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ |
21 | file://CVE-2020-10713.patch \ | 21 | file://CVE-2020-10713.patch \ |
22 | file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \ | 22 | file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \ |
23 | file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \ | 23 | file://lvm-Add-LVM-cache-logical-volume-handling.patch \ |
24 | file://0003-calloc-Use-calloc-at-most-places.patch \ | 24 | file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \ |
25 | file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \ | 25 | file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \ |
26 | file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \ | 26 | file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \ |
27 | file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \ | 27 | file://script-Remove-unused-fields-from-grub_script_functio.patch \ |
28 | file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ | 28 | file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ |
29 | file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ | 29 | file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ |
30 | " | 30 | " |
31 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 31 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
32 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 32 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |