kumquat-buildroot/boot
Thomas Petazzoni 65c99394ff boot/grub2: backport fixes for numerous CVEs
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).

So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.

It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.

This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.

All Grub test cases are working fine:

  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585
  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:54:23 +02:00
..
afboot-stm32
arm-trusted-firmware
at91bootstrap
at91bootstrap3
at91dataflashboot boot/at91dataflashboot: force arm mode instead of Thumb mode 2023-08-06 14:12:34 +02:00
barebox boot/barebox: add optional dependencies on host-openssl and host-libusb 2023-07-28 22:40:39 +02:00
beaglev-ddrinit
beaglev-secondboot
binaries-marvell
boot-wrapper-aarch64
edk2
grub2 boot/grub2: backport fixes for numerous CVEs 2023-08-30 21:54:23 +02:00
mv-ddr-marvell boot/mv-ddr-marvell: fix build with gcc 12 2023-08-12 16:23:21 +02:00
mxs-bootlets
opensbi
optee-os
s500-bootloader
shim
syslinux
ti-k3-r5-loader
uboot boot/uboot: add host-python-pylibfdt dependency if needed 2023-08-06 12:33:19 +02:00
vexpress-firmware
common.mk
Config.in boot/lpc32xxcdl: remove package 2023-08-10 19:41:42 +02:00