d10d6fb187
Porting patches from grub2_2.06-3~deb11u4 to fix CVE-2022-2601/CVE-2022-3775. The source code of grub2_2.06-3~deb11u4 is from: https://snapshot.debian.org/archive/debian/20221124T030451Z/ pool/main/g/grub2/grub2_2.06-3~deb11u4.debian.tar.xz Refer to above source code and this link for the fix: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html The 1st patch in the list is for making proper context for the 14 patches of the 2 CVEs. No content changes for all the patches from debian release. We do this because grub2/grub-efi is ported from wrlinux for secure boot bringing up. Test plan: - PASS: build grub2/grub-efi. - PASS: build-image and install and boot up on lab/qemu. - PASS: check that the "stx.N" version number is right for both bios(grub2 ver) and uefi(grub-efi ver) boot. Closes-bug: 2020730 Signed-off-by: Li Zhou <li.zhou@windriver.com> Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7
35 lines
1.8 KiB
Plaintext
35 lines
1.8 KiB
Plaintext
0001-grub2-add-tboot.patch
|
|
0002-grub2-checking-if-loop-devices-are-available.patch
|
|
0003-Make-UEFI-watchdog-behaviour-configurable.patch
|
|
0004-correct-grub_errno.patch
|
|
0005-grub-verify-Add-skip_check_cfg-variable.patch
|
|
0006-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch
|
|
0007-shim-add-needed-data-structures.patch
|
|
0008-efi-chainloader-implement-an-UEFI-Exit-service.patch
|
|
0009-efi-chainloader-port-shim-to-grub.patch
|
|
0010-efi-chainloader-use-shim-to-load-and-verify-an-image.patch
|
|
0011-efi-chainloader-boot-the-image-using-shim.patch
|
|
0012-efi-chainloader-take-care-of-unload-undershim.patch
|
|
0013-chainloader-handle-the-unauthenticated-image-by-shim.patch
|
|
0014-chainloader-Don-t-check-empty-section-in-file-like-..patch
|
|
0015-chainloader-find-the-relocations-correctly.patch
|
|
0016-Add-a-module-for-reading-EFI-global-variables.patch
|
|
0017-grub-shim-verify-Report-that-the-loaded-object-is-ve.patch
|
|
0018-grub-verify-Add-strict_security-variable.patch
|
|
0019-Disable-inside-lockdown-and-shim_lock-verifiers.patch
|
|
0020-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
|
|
0021-video-readers-Add-artificial-limit-to-image-dimensio.patch
|
|
0022-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
|
|
0023-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
|
|
0024-font-Fix-several-integer-overflows-in-grub_font_cons.patch
|
|
0025-font-Remove-grub_font_dup_glyph.patch
|
|
0026-font-Fix-integer-overflow-in-ensure_comb_space.patch
|
|
0027-font-Fix-integer-overflow-in-BMP-index.patch
|
|
0028-font-Fix-integer-underflow-in-binary-search-of-char-.patch
|
|
0029-kern-efi-sb-Enforce-verification-of-font-files.patch
|
|
0030-fbutil-Fix-integer-overflow.patch
|
|
0031-font-Fix-an-integer-underflow-in-blit_comb.patch
|
|
0032-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
|
|
0033-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
|
|
0034-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
|