integ/grub/grub-efi/debian
Li Zhou daea2d8219 grub2/grub-efi: fix CVE-2023-4692/CVE-2023-4693
Porting patches from grub2_2.06-3~deb11u6 to fix
CVE-2023-4692/CVE-2023-4693.

The source code of grub2_2.06-3~deb11u6 is from:
https://snapshot.debian.org/archive/debian-security/20231006T185629Z/
pool/updates/main/g/grub2/grub2_2.06-3~deb11u6.debian.tar.xz

Patch for CVE-2023-4692:
<fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute
 for the $MFT file>
Patch for CVE-2023-4693:
<fs/ntfs: Fix an OOB read when reading data from the resident $DATA
 attribute>

No content changes for all the patches from debian release.

We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.

Test plan:
 - PASS: build grub2/grub-efi.
 - PASS: build-image and install and boot up on lab/qemu.
 - PASS: check that the "stx.N" version number is right for both
         bios(grub2 ver) and uefi(grub-efi ver) boot.

Closes-bug: 2038742

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I7c8e11952fb409be93e9d777bf7da7b87414a95d
2023-10-09 22:31:36 -04:00
..
deb_patches Debian: grub-efi: porting from LAT 2022-10-08 21:50:14 -04:00
files secure boot: move pub key to git repo 2023-02-14 01:03:04 -05:00
patches grub2/grub-efi: fix CVE-2023-4692/CVE-2023-4693 2023-10-09 22:31:36 -04:00
dl_hook secure boot: move pub key to git repo 2023-02-14 01:03:04 -05:00
meta_data.yaml secure boot: move pub key to git repo 2023-02-14 01:03:04 -05:00