integ/grub/grub2/debian/patches
Li Zhou d10d6fb187 grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775
Porting patches from grub2_2.06-3~deb11u4 to fix
CVE-2022-2601/CVE-2022-3775.

The source code of grub2_2.06-3~deb11u4 is from:
https://snapshot.debian.org/archive/debian/20221124T030451Z/
pool/main/g/grub2/grub2_2.06-3~deb11u4.debian.tar.xz

Refer to above source code and this link for the fix:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html

The 1st patch in the list is for making proper context for the 14
patches of the 2 CVEs. No content changes for all the patches from
debian release.

We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.

Test plan:
 - PASS: build grub2/grub-efi.
 - PASS: build-image and install and boot up on lab/qemu.
 - PASS: check that the "stx.N" version number is right for both
         bios(grub2 ver) and uefi(grub-efi ver) boot.

Closes-bug: 2020730

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7
2023-06-01 06:08:44 -04:00
..
0001-grub2-add-tboot.patch grub2: add deb folder 2021-12-07 22:45:15 +00:00
0002-grub2-checking-if-loop-devices-are-available.patch grub2: add deb folder 2021-12-07 22:45:15 +00:00
0003-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0004-video-readers-Add-artificial-limit-to-image-dimensio.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0005-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0006-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0007-font-Fix-several-integer-overflows-in-grub_font_cons.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0008-font-Remove-grub_font_dup_glyph.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0009-font-Fix-integer-overflow-in-ensure_comb_space.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0010-font-Fix-integer-overflow-in-BMP-index.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0011-font-Fix-integer-underflow-in-binary-search-of-char-.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0012-kern-efi-sb-Enforce-verification-of-font-files.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0013-fbutil-Fix-integer-overflow.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0014-font-Fix-an-integer-underflow-in-blit_comb.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0015-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0016-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
0017-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00
series grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775 2023-06-01 06:08:44 -04:00