starlingx
/
integ
Code Issues Proposed changes
integ/grub/grub-efi/debian/patches
History
Li Zhou d10d6fb187 grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 
Porting patches from grub2_2.06-3~deb11u4 to fix
CVE-2022-2601/CVE-2022-3775.

The source code of grub2_2.06-3~deb11u4 is from:
https://snapshot.debian.org/archive/debian/20221124T030451Z/
pool/main/g/grub2/grub2_2.06-3~deb11u4.debian.tar.xz

Refer to above source code and this link for the fix:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html

The 1st patch in the list is for making proper context for the 14
patches of the 2 CVEs. No content changes for all the patches from
debian release.

We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.

Test plan:
 - PASS: build grub2/grub-efi.
 - PASS: build-image and install and boot up on lab/qemu.
 - PASS: check that the "stx.N" version number is right for both
         bios(grub2 ver) and uefi(grub-efi ver) boot.

Closes-bug: 2020730

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7
 		2023-06-01 06:08:44 -04:00
..
0001-grub2-add-tboot.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0002-grub2-checking-if-loop-devices-are-available.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0003-Make-UEFI-watchdog-behaviour-configurable.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0004-correct-grub_errno.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0005-grub-verify-Add-skip_check_cfg-variable.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0006-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0007-shim-add-needed-data-structures.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0008-efi-chainloader-implement-an-UEFI-Exit-service.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0009-efi-chainloader-port-shim-to-grub.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0010-efi-chainloader-use-shim-to-load-and-verify-an-image.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0011-efi-chainloader-boot-the-image-using-shim.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0012-efi-chainloader-take-care-of-unload-undershim.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0013-chainloader-handle-the-unauthenticated-image-by-shim.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0014-chainloader-Don-t-check-empty-section-in-file-like-..patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0015-chainloader-find-the-relocations-correctly.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0016-Add-a-module-for-reading-EFI-global-variables.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0017-grub-shim-verify-Report-that-the-loaded-object-is-ve.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0018-grub-verify-Add-strict_security-variable.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0019-Disable-inside-lockdown-and-shim_lock-verifiers.patch Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
0020-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0021-video-readers-Add-artificial-limit-to-image-dimensio.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0022-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0023-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0024-font-Fix-several-integer-overflows-in-grub_font_cons.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0025-font-Remove-grub_font_dup_glyph.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0026-font-Fix-integer-overflow-in-ensure_comb_space.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0027-font-Fix-integer-overflow-in-BMP-index.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0028-font-Fix-integer-underflow-in-binary-search-of-char-.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0029-kern-efi-sb-Enforce-verification-of-font-files.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0030-fbutil-Fix-integer-overflow.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0031-font-Fix-an-integer-underflow-in-blit_comb.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0032-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0033-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0034-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
series grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00