summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* grub: avoid a NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This patch adds a fix for a NULL pointer dereference in grub's commands/ls. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+29
| | | | | | | | | | | | | This patch adds a fix for a NULL pointer dereference in grub's script/execute. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix incorrect use of a negative valueMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This patch adds a fix for an incorrect use of a negative value in grub's util/glue-efi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for an incorrect castMarta Rybczynska2022-03-022-0/+47
| | | | | | | | | | | | | This patch adds a fix for incorrect casting from signed to unsigned in grub's util/grub-editenv. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+42
| | | | | | | | | | | | | This patch adds a fix for a NULL pointer dereference in grub's util/grub-install. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 35310bcfd53752081ed600e77f58ca3fb8db46ac) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a check for a NULL pointerMarta Rybczynska2022-03-022-0/+43
| | | | | | | | | | | | | This patch adds a check for a NULL pointer before use in grub's loader/xnu. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 1d95061ecdc920835df44c0c3ed274193f26948e) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: avoid a memory leakMarta Rybczynska2022-03-022-0/+78
| | | | | | | | | | | | | | This patch fixes a memory leak in grub's loader/xnu when an error is detected in grub_xnu_writetree_toheap(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+39
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's loader/xnu. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix checking for NULLMarta Rybczynska2022-03-022-0/+48
| | | | | | | | | | | | | This patch adds a fix for checking for NULL in grub's loader/bsd. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: remove dead codeMarta Rybczynska2022-03-022-0/+35
| | | | | | | | | | | | | This patch removes dead code from grub's gfxmenu/gui_list. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: test for malformed jpeg filesMarta Rybczynska2022-03-022-0/+39
| | | | | | | | | | | | | This patch adds a fix for handling malformed JPEG files in grub's video/readers/jpeg. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a possible integer overflowMarta Rybczynska2022-03-022-0/+40
| | | | | | | | | | | | | This patch adds a fix for a possible integer overflow in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix multiple integer overflowsMarta Rybczynska2022-03-022-0/+105
| | | | | | | | | | | | | This patch adds a fix for multiple integer overflows in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an integer overflowMarta Rybczynska2022-03-022-0/+79
| | | | | | | | | | | | | This patch adds a fix for a potential integer overflow in grub's video/fb/fbfill. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: remove unneeded return valueMarta Rybczynska2022-03-022-0/+95
| | | | | | | | | | | | | This patch removes an uneeded return value in grub's (static) grub_video_gop_fill_mode_info(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: dd8837823a279290aec963be1a2646940719c767) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+57
| | | | | | | | | | | | | Add a fix of a memory leak in grub's commands/hashsum. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+53
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's normal/completion. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This patch fixes a memory leak in grub's syslinux parsing. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL dereferenceMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This patch adds a fix for a possible NULL dereference in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible unintended sign extensionMarta Rybczynska2022-03-022-0/+37
| | | | | | | | | | | | | This patch fixes a possible unintended sign extension in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+83
| | | | | | | | | | | | | This patch fixes a memory leak in grub's affs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an error checkMarta Rybczynska2022-03-022-0/+36
| | | | | | | | | | | | | This patch fixes an error check in grub's zfsinfo. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for possible integer overflowsMarta Rybczynska2022-03-022-0/+57
| | | | | | | | | | | | | This patch adds a fix for a possible integer overflows in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+122
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's path construction in zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible negative shiftMarta Rybczynska2022-03-022-0/+43
| | | | | | | | | | | | | This patch adds a fix for a possible negative shift in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a length checkMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This patch adds a fix for a volume name length check in grub's hfsplus. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an integer overflowMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This patch fixes a potential overflow in grub's disk/cryptodisk. It is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | Add a fix for a memory leak in grub'd disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+29
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+129
| | | | | | | | | | | | | Add a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a missing NULL checkMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This fix adds a missing check for NULL pointer from an external source in grub's kern/partition. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add structure initialization in zstdMarta Rybczynska2022-03-022-0/+35
| | | | | | | | | | | | | | This patch adds initialization of a structure in grub's zstd, which might be left uninitialized by the compiler. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for unnecessary assignementsMarta Rybczynska2022-03-022-0/+42
| | | | | | | | | | | | | Add a fix for unnecessary assignements grub's io/lzopio. This patch is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an unitialized re_token in gnulibMarta Rybczynska2022-03-022-0/+56
| | | | | | | | | | | | | This patch adds a fix for an unitialized re_token in grub's gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+54
| | | | | | | | | | | | | Add a fix for gnulib's regexec NULL pointer dereference. This patch a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix a NULL pointer dereference in gnulibMarta Rybczynska2022-03-022-0/+53
| | | | | | | | | | | | | This change adds a fix for a NULL pointer dereference of state in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an unitialized token in gnulibMarta Rybczynska2022-03-022-0/+54
| | | | | | | | | | | | | This change adds a fix for an unitialized token structure in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for unused variable in gnulibMarta Rybczynska2022-03-022-0/+60
| | | | | | | | | | | | | This changes adds a fix for an unused variable issue in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 30cf1e62b0f139cd6e1e3d5c09b7156acfb276b5) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+66
| | | | | | | | | | | | | This change fixes a possible NULL pointer dereference in grub's EFI support. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a49ffdd81e020224ea3e94a266e49d40ebb7198a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix memory leak at error in grub_efi_get_filename()Marta Rybczynska2022-03-022-0/+31
| | | | | | | | | | | | | This change fixes a memory leak on error in grub_efi_get_filename(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 1b192247fa913c29f5cdf22abe4e71a509b3861e) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for malformed device path handlingMarta Rybczynska2022-03-022-0/+236
| | | | | | | | | | | | | | | | | This change fixes the malformed device paths in EFI handling. Device paths of length 4 or shorter could cause different kinds of unexpected behaviours. This patch is NOT a part of [1], but is a dependency of one of the patches included in the series. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 7f08d97fb6a0ff9c779f788df150b54de8af2708) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix wrong handling of argc == 0Marta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This change fixes wrong handling of argc == 0 causing a memory leak. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 8e537ef16bc1ef4bc807cc165d3b7eb1301578de) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a dangling memory pointerMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This change fixes a dangling memory pointer in the grub TFTP code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 17a06ced4ed9305e0a4064bdaad49e653c18284b) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL dereferenceMarta Rybczynska2022-03-022-0/+40
| | | | | | | | | | | | | This fix removes a possible NULL pointer dereference in grub networking code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 5e62b476b541d3803e537f2228a264224b72cf81) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-1/+41
| | | | | | | | | | | | | Backport a fix for a memory leak in grub_mmap_iterate(). This patch is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 330ef99ae58e025b78bf30b9a9d09b32dfa2f605) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* puzzles: Upstream changed to main branch for developmentKartikey Rameshbhai Parmar2022-03-021-1/+1
| | | | | | | | (From OE-Core rev: 930f097ef9e40fd4631a24ce79b99a4eb166319b) Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: 2.7.4 -> 2.7.5Chee Yang Lee2022-03-021-2/+2
| | | | | | | | | | | | | This release includes security fixes. CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse (From OE-Core rev: a7935c9c4a47098f0c1b2eefdf7773bd85891945) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for CVE-2022-22844Purushottam Choudhary2022-03-022-0/+53
| | | | | | | | | | | | Backport patch from: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 (From OE-Core rev: 68b59e37d25ead5aaf68d24c6a55b7d1864203fa) Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add fix for CVE-2021-4160Ranjitsinh Rathod2022-03-022-0/+146
| | | | | | | | | | | | | Add a patch to fix CVE-2021-4160 The issue only affects OpenSSL on MIPS platforms. Link: https://security-tracker.debian.org/tracker/CVE-2021-4160 (From OE-Core rev: 5216986fc6dfd06562efa5937581dc6fa77ad276) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4314 -> 8.2.4424Richard Purdie2022-02-231-3/+3
| | | | | | | | | | | | | License file had some grammar fixes. Includes CVE-2022-0554. (From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-08 03:41:50 +0000