mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity
59,752 Commits 38 Branches 624 Tags
884024d1d86d8768850f1f17f7d72faeddcda8d4
Commit Graph

59752 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wangmy d6d65d7685 wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 
(From OE-Core rev: fd64364f16c822960a00e8a28b87b0ec590eed74)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5c06ddfd3c0db0d0762c0241c019f59ad310e53)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:49 +00:00
Ross Burton 2658fb04ac Revert "cve-check: add lockfile to task" 
Now that all of the functions in cve-check open the database read-only,
we can remove this lockfile.

This means cve-check can run in parallal again, improving runtimes
massively.

This reverts commit d55fbf4779.

(From OE-Core rev: 1a30a8513ca47890470ee9d19a5ea36437e664bf)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e60d149b41d14d177df20dbecaef943696df1586)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Ross Burton 99bb7a2d30 cve-check: get_cve_info should open the database read-only 
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db.  However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.

(From OE-Core rev: 2b3d13a451e99db669977d4d1172653b736ae6e1)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Ross Burton 18161d9e47 coreutils: remove obsolete ignored CVE list 
Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.

The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.

(From OE-Core rev: c50688e1d0839d71e05a0d15dd948113d2ef83f6)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dea00faf30ec7c19b6b5ed4651b430ba3faf69ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman 81a3da3b99 expat: fix CVE-2022-25315 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow
in storeRawNames.

Backport patch from:
https://github.com/libexpat/libexpat/pull/559/commits/eb0362808b4f9f1e2345a0cf203b8cc196d776d9

CVE: CVE-2022-25315

(From OE-Core rev: 9cb21fd89de99abeeef1dd962e6019943de546a4)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman 32db22beec expat: fix CVE-2022-25314 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.

Backport patch from:
https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd

CVE: CVE-2022-25314

(From OE-Core rev: b92c33285c5f886c95a3734e61007b522b62a71f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman e173db21d0 expat: fix CVE-2022-25313 
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.

Backport patch from:
https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab

Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566

CVE: CVE-2022-25313

(From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman 746111afa0 expat: fix CVE-2022-25236 
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.

Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits

CVE: CVE-2022-25236

(From OE-Core rev: 72ab213c128ef75669447eadcae8219a9f87f941)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Steve Sakoman e8fef0c8cf expat: fix CVE-2022-25235 
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.

Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits

CVE: CVE-2022-25235

(From OE-Core rev: 27ab07b1e8caa5c85526eee4a7a3ad0d73326866)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Minjae Kim 415757639d go: fix CVE-2022-23772 
math/big: prevent large memory consumption in Rat.SetString

An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.

Upstream-Status: Backport [https://go.dev/issue/50699]
CVE: CVE-2022-23772
(From OE-Core rev: e4d15040f62744265b9236ad7276f3371a9172da)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Minjae Kim dfd900b5b0 go: fix CVE-2022-23806 
crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates

Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.

Upstream-Status: Backport [https://go.dev/issue/50974]
CVE: CVE-2022-23806
(From OE-Core rev: eb7aa0929ecd712aeeec0ff37dfb77c3da33b375)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Virendra Thakur 6bba192936 libarchive: Fix for CVE-2021-36976 
Add patch to fix CVE-2021-36976

CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493

(From OE-Core rev: 6c356aec8dabc08bd98da3106780896dc7b52501)

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-09 17:30:48 +00:00
Marta Rybczynska 9426c3c83d grub: add a fix for a crash in scripts 
This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 79ce9059f716546a7d6f4562ba194aedd90c22cd)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 7fae28df19 grub: avoid a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 8d050d1e45 grub: add a fix for a NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 9b69e69160 grub: fix incorrect use of a negative value 
This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 6360727bb1 grub: add a fix for an incorrect cast 
This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 1a338ab466 grub: add a fix for NULL pointer dereference 
This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 35310bcfd53752081ed600e77f58ca3fb8db46ac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska d65bf404bc grub: add a check for a NULL pointer 
This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1d95061ecdc920835df44c0c3ed274193f26948e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 11b10eac41 grub: avoid a memory leak 
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska a558b15d7f grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska dfae695343 grub: fix checking for NULL 
This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska f82639b50e grub: remove dead code 
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 4463703292 grub: test for malformed jpeg files 
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska eca24c02ea grub: fix a possible integer overflow 
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 628257a582 grub: fix multiple integer overflows 
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 7e7b8e38dc grub: fix an integer overflow 
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska b5eaa833ba grub: remove unneeded return value 
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: dd8837823a279290aec963be1a2646940719c767)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska acec862ed2 grub: fix a memory leak 
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska bd3bda5d03 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 4c7bfa8abe grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska b46710743b grub: add a fix for a possible NULL dereference 
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska e2f193d252 grub: add a fix for a possible unintended sign extension 
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 10d619c8bb grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 1246e75875 grub: fix an error check 
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska f4c3f4508a grub: add a fix for possible integer overflows 
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 0dd3f436f4 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska b461e69025 grub: add a fix for a possible negative shift 
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 3348511b94 grub: add a fix for a length check 
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska e97cfd1660 grub: fix an integer overflow 
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 40d7b77030 grub: fix a memory leak 
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska b854e27c58 grub: fix a memory leak 
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska da4ba2d04e grub: fix a memory leak 
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska 90b1d407c6 grub: add a missing NULL check 
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska 495bf963be grub: add structure initialization in zstd 
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska 37f35c4782 grub: add a fix for unnecessary assignements 
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska 877ea55a5b grub: fix an unitialized re_token in gnulib 
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska ba476f819f grub: add a fix for NULL pointer dereference 
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska ab977b3f49 grub: add a fix a NULL pointer dereference in gnulib 
This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska e1122f6dad grub: fix an unitialized token in gnulib 
This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00