]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d3114ca) | patch
grub: fix several CVEs in grub 2.04
authorYongxin Liu <yongxin.liu@windriver.com>
Wed, 28 Oct 2020 03:18:06 +0000 (11:18 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 30 Oct 2020 12:37:53 +0000 (12:37 +0000)
commit67329184985a03534f11f95e9df5f9fb2305a261
treef992565d2ab30ecb01e83ff054e0151227d8e981tree | snapshot
parentd3114ca369792201a5316c1ede29eb72f0868d35commit | diff
grub: fix several CVEs in grub 2.04

Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.

CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch

CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch

CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/grub2.inc diff | blob | history
Mirror of the official openembedded-core repository