kumquat-buildroot/boot
Thomas Petazzoni 65c99394ff boot/grub2: backport fixes for numerous CVEs
Grub 2.06 is affected by a number of CVEs, which have been fixed in
the master branch of Grub, but are not yet part of any release (there
is a 2.12-rc1 release, but nothing else between 2.06 and 2.12-rc1).

So this patch backports the relevant fixes for CVE-2022-28736,
CVE-2022-28735, CVE-2021-3695, CVE-2021-3696, CVE-2021-3697,
CVE-2022-28733, CVE-2022-28734, CVE-2022-2601 and CVE-2022-3775.

It should be noted that CVE-2021-3695, CVE-2021-3696, CVE-2021-3697
are not reported as affecting Grub by our CVE matching logic because
the NVD database uses an incorrect CPE ID in those CVEs: it uses
"grub" as the product instead of "grub2" like all other CVEs for
grub. This issue has been reported to the NVD maintainers.

This requires backporting a lot of patches, but jumping from 2.06 to
2.12-rc1 implies getting 592 commits, which is quite a lot.

All Grub test cases are working fine:

  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500585
  https://gitlab.com/tpetazzoni/buildroot/-/pipelines/984500679

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: fix check-package warning in patch 0002]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:54:23 +02:00
..
afboot-stm32 boot/afboot-stm32: disable stack-protector 2023-02-08 16:54:35 +01:00
arm-trusted-firmware boot/arm-trusted-firmware: add patch to fix fiptool link 2023-07-23 19:28:21 +02:00
at91bootstrap
at91bootstrap3
at91dataflashboot boot/at91dataflashboot: force arm mode instead of Thumb mode 2023-08-06 14:12:34 +02:00
barebox boot/barebox: add optional dependencies on host-openssl and host-libusb 2023-07-28 22:40:39 +02:00
beaglev-ddrinit
beaglev-secondboot
binaries-marvell
boot-wrapper-aarch64 boot/boot-wrapper-aarch64: bump version 2023-02-23 23:43:32 +01:00
edk2 boot/edk2: remove superfluous =TRUE in DEBUG_ON_SERIAL_PORT macro definition 2023-07-28 22:25:40 +02:00
grub2 boot/grub2: backport fixes for numerous CVEs 2023-08-30 21:54:23 +02:00
mv-ddr-marvell boot/mv-ddr-marvell: fix build with gcc 12 2023-08-12 16:23:21 +02:00
mxs-bootlets boot/mxs-bootlets: fix build without any bootstream 2023-02-27 17:03:15 +01:00
opensbi boot/opensbi: Bump to version 1.3 2023-06-26 19:02:49 +02:00
optee-os boot/optee-os: bump to version 3.21.0 2023-05-07 23:28:52 +02:00
s500-bootloader
shim
syslinux
ti-k3-r5-loader boot/ti-k3-r5-loader: drop bogus TI_K3_R5_LOADER_BOARD 2023-01-04 17:53:50 +01:00
uboot boot/uboot: add host-python-pylibfdt dependency if needed 2023-08-06 12:33:19 +02:00
vexpress-firmware
common.mk
Config.in boot/lpc32xxcdl: remove package 2023-08-10 19:41:42 +02:00