mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-30 17:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,689 Commits 38 Branches 622 Tags
7fae28df197f4923c4ba3ee22d00f882d5ecf136
Commit Graph

59689 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marta Rybczynska
7fae28df19 grub: avoid a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
8d050d1e45 grub: add a fix for a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
9b69e69160 grub: fix incorrect use of a negative value 
This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
6360727bb1 grub: add a fix for an incorrect cast 
This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
1a338ab466 grub: add a fix for NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 35310bcfd53752081ed600e77f58ca3fb8db46ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
d65bf404bc grub: add a check for a NULL pointer 
This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1d95061ecdc920835df44c0c3ed274193f26948e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
11b10eac41 grub: avoid a memory leak 
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
a558b15d7f grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
dfae695343 grub: fix checking for NULL 
This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
f82639b50e grub: remove dead code 
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4463703292 grub: test for malformed jpeg files 
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
eca24c02ea grub: fix a possible integer overflow 
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
628257a582 grub: fix multiple integer overflows 
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
7e7b8e38dc grub: fix an integer overflow 
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b5eaa833ba grub: remove unneeded return value 
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: dd8837823a279290aec963be1a2646940719c767)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
acec862ed2 grub: fix a memory leak 
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
bd3bda5d03 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4c7bfa8abe grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b46710743b grub: add a fix for a possible NULL dereference 
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e2f193d252 grub: add a fix for a possible unintended sign extension 
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
10d619c8bb grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
1246e75875 grub: fix an error check 
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
f4c3f4508a grub: add a fix for possible integer overflows 
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
0dd3f436f4 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b461e69025 grub: add a fix for a possible negative shift 
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
3348511b94 grub: add a fix for a length check 
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e97cfd1660 grub: fix an integer overflow 
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
40d7b77030 grub: fix a memory leak 
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b854e27c58 grub: fix a memory leak 
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
da4ba2d04e grub: fix a memory leak 
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
90b1d407c6 grub: add a missing NULL check 
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
495bf963be grub: add structure initialization in zstd 
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
37f35c4782 grub: add a fix for unnecessary assignements 
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
877ea55a5b grub: fix an unitialized re_token in gnulib 
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ba476f819f grub: add a fix for NULL pointer dereference 
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ab977b3f49 grub: add a fix a NULL pointer dereference in gnulib 
This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
e1122f6dad grub: fix an unitialized token in gnulib 
This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
db637b0555 grub: add a fix for unused variable in gnulib 
This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 30cf1e62b0f139cd6e1e3d5c09b7156acfb276b5)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
c4ca12868c grub: add a fix for a possible NULL pointer dereference 
This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a49ffdd81e020224ea3e94a266e49d40ebb7198a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
4a5a4dbcf6 grub: fix memory leak at error in grub_efi_get_filename() 
This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1b192247fa913c29f5cdf22abe4e71a509b3861e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
763007dff1 grub: add a fix for malformed device path handling 
This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.

This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 7f08d97fb6a0ff9c779f788df150b54de8af2708)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ee33ef8242 grub: fix wrong handling of argc == 0 
This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 8e537ef16bc1ef4bc807cc165d3b7eb1301578de)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
058d20254f grub: fix a dangling memory pointer 
This change fixes a dangling memory pointer in the grub TFTP code.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 17a06ced4ed9305e0a4064bdaad49e653c18284b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
6b514d38b7 grub: add a fix for a possible NULL dereference 
This fix removes a possible NULL pointer dereference in grub
networking code. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 5e62b476b541d3803e537f2228a264224b72cf81)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
01eb48b7f5 grub: fix a memory leak 
Backport a fix for a memory leak in grub_mmap_iterate(). This patch
is a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 330ef99ae58e025b78bf30b9a9d09b32dfa2f605)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Kartikey Rameshbhai Parmar
ac746716fc puzzles: Upstream changed to main branch for development 
(From OE-Core rev: 930f097ef9e40fd4631a24ce79b99a4eb166319b)

Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Chee Yang Lee
940fcf35b2 ruby: 2.7.4 -> 2.7.5 
This release includes security fixes.
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41816: Buffer Overrun in CGI.escape_html
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

(From OE-Core rev: a7935c9c4a47098f0c1b2eefdf7773bd85891945)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Purushottam Choudhary
df471272ae tiff: fix for CVE-2022-22844 
Backport patch from:
03047a2695

(From OE-Core rev: 68b59e37d25ead5aaf68d24c6a55b7d1864203fa)

Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Ranjitsinh Rathod
bb6b6f5a55 openssl: Add fix for CVE-2021-4160 
Add a patch to fix CVE-2021-4160
The issue only affects OpenSSL on MIPS platforms.
Link: https://security-tracker.debian.org/tracker/CVE-2021-4160

(From OE-Core rev: 5216986fc6dfd06562efa5937581dc6fa77ad276)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Richard Purdie
c8987e7bca vim: Upgrade 8.2.4314 -> 8.2.4424 
License file had some grammar fixes.

Includes CVE-2022-0554.

(From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00