Richard Purdie
fcd27727c1
libxml-parser-perl: Add missing RDEPENDS
...
Running the ptest package in an image alone highlighted missing module
dependencies. Add them to fix those errors.
(From OE-Core rev: 6e98fdf7832fed3d93645ed69f62c8df5e89b96b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 3859f49db2d694c7b63fdbe25be0018afba5c738)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:49 +00:00
Nathan Rossi
4c7c64cc6e
cml1.bbclass: Handle ncurses-native being available via pkg-config
...
The linux kernel will by default use pkg-config to get ncurses(w) paths,
falling back to absolute path checks otherwise. If the build host does
not have ncurses installed this will fail as pkg-config will not search
the native sysroot for ncurses.
To more all kernel/kconfig sources, inject the equivalent native
pkg-config variables similar to what is done by the pkg-config-native
script. This only affects the menuconfig python task itself and the
oe_terminal call inside it.
(cherry picked from commit abb95c421bb67d452691819e3f63dabd02e2ba37)
(From OE-Core rev: dc6b20475a69c9fbab9a97a93119aeedf54deb23)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:49 +00:00
Marek Vasut
820be4beeb
bootchart2: Add missing python3-math dependency
...
Without this dependency, generating the bootchart may fail with:
"
ModuleNotFoundError: No module named 'random'
"
(cherry picked from commit 487e9f16a00f895159b79f1865fe8b626b47ddc2)
(From OE-Core rev: 123d4a673dadfee14d5ad8bbc503405da9602bb0)
Signed-off-by: Marek Vasut <marex@denx.de >
Cc: Mingli Yu <mingli.yu@windriver.com >
Cc: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:49 +00:00
wangmy
d6d65d7685
wireless-regdb: upgrade 2021.08.28 -> 2022.02.18
...
(From OE-Core rev: fd64364f16c822960a00e8a28b87b0ec590eed74)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit e5c06ddfd3c0db0d0762c0241c019f59ad310e53)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:49 +00:00
Ross Burton
2658fb04ac
Revert "cve-check: add lockfile to task"
...
Now that all of the functions in cve-check open the database read-only,
we can remove this lockfile.
This means cve-check can run in parallal again, improving runtimes
massively.
This reverts commit d55fbf4779ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit e60d149b41d14d177df20dbecaef943696df1586)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Ross Burton
99bb7a2d30
cve-check: get_cve_info should open the database read-only
...
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
(From OE-Core rev: 2b3d13a451e99db669977d4d1172653b736ae6e1)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Ross Burton
18161d9e47
coreutils: remove obsolete ignored CVE list
...
Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.
The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.
(From OE-Core rev: c50688e1d0839d71e05a0d15dd948113d2ef83f6)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit dea00faf30ec7c19b6b5ed4651b430ba3faf69ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Steve Sakoman
81a3da3b99
expat: fix CVE-2022-25315
...
In Expat (aka libexpat) before 2.4.5, there is an integer overflow
in storeRawNames.
Backport patch from:
eb0362808bsteve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Steve Sakoman
32db22beec
expat: fix CVE-2022-25314
...
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.
Backport patch from:
efcb347440steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Steve Sakoman
e173db21d0
expat: fix CVE-2022-25313
...
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.
Backport patch from:
9b4ce651b2https://github.com/libexpat/libexpat/pull/566
CVE: CVE-2022-25313
(From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Steve Sakoman
746111afa0
expat: fix CVE-2022-25236
...
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.
Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits
CVE: CVE-2022-25236
(From OE-Core rev: 72ab213c128ef75669447eadcae8219a9f87f941)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Steve Sakoman
e8fef0c8cf
expat: fix CVE-2022-25235
...
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.
Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits
CVE: CVE-2022-25235
(From OE-Core rev: 27ab07b1e8caa5c85526eee4a7a3ad0d73326866)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Minjae Kim
415757639d
go: fix CVE-2022-23772
...
math/big: prevent large memory consumption in Rat.SetString
An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.
Upstream-Status: Backport [https://go.dev/issue/50699 ]
CVE: CVE-2022-23772
(From OE-Core rev: e4d15040f62744265b9236ad7276f3371a9172da)
Signed-off-by:Minjae Kim <flowergom@gmail.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Minjae Kim
dfd900b5b0
go: fix CVE-2022-23806
...
crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates
Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.
Upstream-Status: Backport [https://go.dev/issue/50974 ]
CVE: CVE-2022-23806
(From OE-Core rev: eb7aa0929ecd712aeeec0ff37dfb77c3da33b375)
Signed-off-by:Minjae Kim <flowergom@gmail.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Virendra Thakur
6bba192936
libarchive: Fix for CVE-2021-36976
...
Add patch to fix CVE-2021-36976
CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493
(From OE-Core rev: 6c356aec8dabc08bd98da3106780896dc7b52501)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com >
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-09 17:30:48 +00:00
Marta Rybczynska
9426c3c83d
grub: add a fix for a crash in scripts
...
This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 79ce9059f716546a7d6f4562ba194aedd90c22cd)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
7fae28df19
grub: avoid a NULL pointer dereference
...
This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
8d050d1e45
grub: add a fix for a NULL pointer dereference
...
This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
9b69e69160
grub: fix incorrect use of a negative value
...
This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
6360727bb1
grub: add a fix for an incorrect cast
...
This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
1a338ab466
grub: add a fix for NULL pointer dereference
...
This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 35310bcfd53752081ed600e77f58ca3fb8db46ac)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
d65bf404bc
grub: add a check for a NULL pointer
...
This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 1d95061ecdc920835df44c0c3ed274193f26948e)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
11b10eac41
grub: avoid a memory leak
...
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
a558b15d7f
grub: add a fix for a memory leak
...
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
dfae695343
grub: fix checking for NULL
...
This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
f82639b50e
grub: remove dead code
...
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
4463703292
grub: test for malformed jpeg files
...
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
eca24c02ea
grub: fix a possible integer overflow
...
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
628257a582
grub: fix multiple integer overflows
...
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
7e7b8e38dc
grub: fix an integer overflow
...
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
b5eaa833ba
grub: remove unneeded return value
...
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: dd8837823a279290aec963be1a2646940719c767)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
acec862ed2
grub: fix a memory leak
...
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
bd3bda5d03
grub: add a fix for a memory leak
...
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
4c7bfa8abe
grub: add a fix for a memory leak
...
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
b46710743b
grub: add a fix for a possible NULL dereference
...
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
e2f193d252
grub: add a fix for a possible unintended sign extension
...
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
10d619c8bb
grub: add a fix for a memory leak
...
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
1246e75875
grub: fix an error check
...
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
f4c3f4508a
grub: add a fix for possible integer overflows
...
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
0dd3f436f4
grub: add a fix for a memory leak
...
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
b461e69025
grub: add a fix for a possible negative shift
...
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
3348511b94
grub: add a fix for a length check
...
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
e97cfd1660
grub: fix an integer overflow
...
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
40d7b77030
grub: fix a memory leak
...
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
b854e27c58
grub: fix a memory leak
...
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
da4ba2d04e
grub: fix a memory leak
...
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:37 +00:00
Marta Rybczynska
90b1d407c6
grub: add a missing NULL check
...
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:36 +00:00
Marta Rybczynska
495bf963be
grub: add structure initialization in zstd
...
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:36 +00:00
Marta Rybczynska
37f35c4782
grub: add a fix for unnecessary assignements
...
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:36 +00:00
Marta Rybczynska
877ea55a5b
grub: fix an unitialized re_token in gnulib
...
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-02 00:21:36 +00:00
