mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-30 17:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,697 Commits 38 Branches 622 Tags
32db22beecc4cc06f6384b9234e428d8d173108e
Commit Graph

59697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steve Sakoman
32db22beec expat: fix CVE-2022-25314 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.

Backport patch from:
efcb347440

CVE: CVE-2022-25314

(From OE-Core rev: b92c33285c5f886c95a3734e61007b522b62a71f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman
e173db21d0 expat: fix CVE-2022-25313 
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.

Backport patch from:
9b4ce651b2

Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566

CVE: CVE-2022-25313

(From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman
746111afa0 expat: fix CVE-2022-25236 
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.

Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits

CVE: CVE-2022-25236

(From OE-Core rev: 72ab213c128ef75669447eadcae8219a9f87f941)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman
e8fef0c8cf expat: fix CVE-2022-25235 
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.

Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits

CVE: CVE-2022-25235

(From OE-Core rev: 27ab07b1e8caa5c85526eee4a7a3ad0d73326866)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Minjae Kim
415757639d go: fix CVE-2022-23772 
math/big: prevent large memory consumption in Rat.SetString

An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.

Upstream-Status: Backport [https://go.dev/issue/50699]
CVE: CVE-2022-23772
(From OE-Core rev: e4d15040f62744265b9236ad7276f3371a9172da)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Minjae Kim
dfd900b5b0 go: fix CVE-2022-23806 
crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates

Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.

Upstream-Status: Backport [https://go.dev/issue/50974]
CVE: CVE-2022-23806
(From OE-Core rev: eb7aa0929ecd712aeeec0ff37dfb77c3da33b375)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Virendra Thakur
6bba192936 libarchive: Fix for CVE-2021-36976 
Add patch to fix CVE-2021-36976

CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493

(From OE-Core rev: 6c356aec8dabc08bd98da3106780896dc7b52501)

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Marta Rybczynska
9426c3c83d grub: add a fix for a crash in scripts 
This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 79ce9059f716546a7d6f4562ba194aedd90c22cd)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
7fae28df19 grub: avoid a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
8d050d1e45 grub: add a fix for a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
9b69e69160 grub: fix incorrect use of a negative value 
This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
6360727bb1 grub: add a fix for an incorrect cast 
This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
1a338ab466 grub: add a fix for NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 35310bcfd53752081ed600e77f58ca3fb8db46ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
d65bf404bc grub: add a check for a NULL pointer 
This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1d95061ecdc920835df44c0c3ed274193f26948e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
11b10eac41 grub: avoid a memory leak 
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
a558b15d7f grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
dfae695343 grub: fix checking for NULL 
This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
f82639b50e grub: remove dead code 
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4463703292 grub: test for malformed jpeg files 
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
eca24c02ea grub: fix a possible integer overflow 
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
628257a582 grub: fix multiple integer overflows 
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
7e7b8e38dc grub: fix an integer overflow 
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b5eaa833ba grub: remove unneeded return value 
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: dd8837823a279290aec963be1a2646940719c767)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
acec862ed2 grub: fix a memory leak 
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
bd3bda5d03 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4c7bfa8abe grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b46710743b grub: add a fix for a possible NULL dereference 
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e2f193d252 grub: add a fix for a possible unintended sign extension 
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
10d619c8bb grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
1246e75875 grub: fix an error check 
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
f4c3f4508a grub: add a fix for possible integer overflows 
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
0dd3f436f4 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b461e69025 grub: add a fix for a possible negative shift 
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
3348511b94 grub: add a fix for a length check 
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e97cfd1660 grub: fix an integer overflow 
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
40d7b77030 grub: fix a memory leak 
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b854e27c58 grub: fix a memory leak 
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
da4ba2d04e grub: fix a memory leak 
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
90b1d407c6 grub: add a missing NULL check 
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
495bf963be grub: add structure initialization in zstd 
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
37f35c4782 grub: add a fix for unnecessary assignements 
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
877ea55a5b grub: fix an unitialized re_token in gnulib 
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ba476f819f grub: add a fix for NULL pointer dereference 
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ab977b3f49 grub: add a fix a NULL pointer dereference in gnulib 
This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
e1122f6dad grub: fix an unitialized token in gnulib 
This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
db637b0555 grub: add a fix for unused variable in gnulib 
This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 30cf1e62b0f139cd6e1e3d5c09b7156acfb276b5)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
c4ca12868c grub: add a fix for a possible NULL pointer dereference 
This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a49ffdd81e020224ea3e94a266e49d40ebb7198a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
4a5a4dbcf6 grub: fix memory leak at error in grub_efi_get_filename() 
This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1b192247fa913c29f5cdf22abe4e71a509b3861e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
763007dff1 grub: add a fix for malformed device path handling 
This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.

This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 7f08d97fb6a0ff9c779f788df150b54de8af2708)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ee33ef8242 grub: fix wrong handling of argc == 0 
This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 8e537ef16bc1ef4bc807cc165d3b7eb1301578de)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00