mirror of
https://codeberg.org/canoeboot/cbmk.git
synced 2025-02-23 06:49:51 +00:00
b74a7f0cc6
You can find information about these patches here: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html GRUB has been on a crusade as of late, to proactively audit and fix many security vulnerabilities. This lbmk change brings in a comprehensive series of patches that fix bugs ranging from possible buffer overflows, use-after frees, null derefs and so on. These changes are critical, so a revision release *will* be issued, for the Libreboot 20241206 release series. This change imports the following 73 patches which are present on the upstream GRUB repository (commit IDs matched to upstream): * 4dc616657 loader/i386/bsd: Use safe math to avoid underflow * 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t * a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call * 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call * 5b36a5210 normal/menu: Use safe math to avoid an integer overflow * 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t * f8795cde2 misc: Ensure consistent overflow error messages * 66733f7c7 osdep/unix/getroot: Fix potential underflow * d13b6e8eb script/execute: Fix potential underflow and NULL dereference * e3c578a56 fs/sfs: Check if allocated memory is NULL * 1c06ec900 net: Check if returned pointer for allocated memory is NULL * dee2c14fd net: Prevent overflows when allocating memory for arrays * 4beeff8a3 net: Use safe math macros to prevent overflows * dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call * 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL * 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays * 88e491a0f fs/zfs: Use safe math macros to prevent overflows * cde9f7f33 fs: Prevent overflows when assigning returned values from read_number() * 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays * 6608163b0 fs: Use safe math macros to prevent overflows * fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails * 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL * d8151f983 disk: Prevent overflows when allocating memory for arrays * c407724da disk: Use safe math macros to prevent overflows * c4bc55da2 fs: Disable many filesystems under lockdown * 26db66050 fs/bfs: Disable under lockdown * 5f31164ae commands/hexdump: Disable memory reading in lockdown mode * 340e4d058 commands/memrw: Disable memory reading in lockdown mode * 34824806a commands/minicmd: Block the dump command in lockdown mode * c68b7d236 commands/test: Stack overflow due to unlimited recursion depth * dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters * b970a5ed9 gettext: Integer overflow leads to heap OOB write * 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read * 7580addfc gettext: Remove variables hooks on module unload * 9c1619773 normal: Remove variables hooks on module unload * 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload * 0bf56bce4 commands/ls: Fix NULL dereference * 05be856a8 commands/extcmd: Missing check for failed allocation * 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() * d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs() * 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref() * 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG * 0707accab net/tftp: Fix stack buffer overflow in tftp_open() * 5eef88152 net: Fix OOB write in grub_net_search_config_file() * aa8b4d7fa net: Remove variables hooks when interface is unregisted * a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload * d8a937cca script/execute: Limit the recursion depth * 8a7103fdd kern/partition: Limit recursion in part_iterate() * 18212f064 kern/disk: Limit recursion depth * 67f70f70a disk/loopback: Reference tracking for the loopback * 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access * 16f196874 kern/file: Implement filesystem reference counting * a79106872 kern/file: Ensure file->data is set * d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno * 6ccc77b59 fs/xfs: Fix out-of-bounds read * 067b6d225 fs/ntfs: Implement attribute verification * 048777bc2 fs/ntfs: Use a helper function to access attributes * 237a71184 fs/ntfs: Track the end of the MFT attribute buffer * aff263187 fs/ntfs: Fix out-of-bounds read * 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents * edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values * bd999310f fs/jfs: Use full 40 bits offset and address for a data extent * ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index * 66175696f fs/jfs: Fix OOB read in jfs_getent() * 1443833a9 fs/iso9660: Fix invalid free * 965db5970 fs/iso9660: Set a grub_errno if mount fails * f7c070a2e fs/hfsplus: Set a grub_errno if mount fails * 563436258 fs/f2fs: Set a grub_errno if mount fails * 0087bc690 fs/tar: Integer overflow leads to heap OOB write * 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file() * 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy() * c1a291b01 fs/ufs: Fix a heap OOB write * ea703528a misc: Implement grub_strlcpy() Signed-off-by: Leah Rowe <leah@libreboot.org> |
||
|---|---|---|
| .. | ||
| 0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch | ||
| 0002-say-the-name-libreboot-in-the-grub-menu.patch | ||
| 0003-Add-CC0-license.patch | ||
| 0004-Define-GRUB_UINT32_MAX.patch | ||
| 0005-Add-Argon2-algorithm.patch | ||
| 0006-Error-on-missing-Argon2id-parameters.patch | ||
| 0007-Compile-with-Argon2id-support.patch | ||
| 0008-Make-grub-install-work-with-Argon2.patch | ||
| 0009-at_keyboard-coreboot-force-scancodes2-translate.patch | ||
| 0010-keylayouts-don-t-print-Unknown-key-message.patch | ||
| 0011-don-t-print-missing-prefix-errors-on-the-screen.patch | ||
| 0012-don-t-print-error-if-module-not-found.patch | ||
| 0013-don-t-print-empty-error-messages.patch | ||
| 0014-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch | ||
| 0015-usb-Add-enum-for-xHCI.patch | ||
| 0016-usbtrans-Set-default-maximum-packet-size.patch | ||
| 0017-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch | ||
| 0018-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch | ||
| 0019-grub-core-bus-usb-Add-xhci-support.patch | ||
| 0020-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch | ||
| 0021-xHCI-also-accept-SBRN-0x31-and-0x32.patch | ||
| 0022-xhci-fix-port-indexing.patch | ||
| 0023-xhci-workaround-z790-non-root-hub-speed-detection.patch | ||
| 0024-xhci-configure-TT-for-non-root-hubs.patch | ||
| 0025-Fix-compilation-on-x86_64.patch | ||
| 0026-Add-native-NVMe-driver-based-on-SeaBIOS.patch | ||