diff options
Diffstat (limited to 'poky/meta/recipes-bsp/grub')
3 files changed, 58 insertions, 1 deletions
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch index 896a2145d..7214ead9a 100644 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch @@ -30,7 +30,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Upstream-Status: Backport -CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 +CVE: CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 Reference to upstream patch: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6 diff --git a/poky/meta/recipes-bsp/grub/files/determinism.patch b/poky/meta/recipes-bsp/grub/files/determinism.patch new file mode 100644 index 000000000..3c1f562c7 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/determinism.patch @@ -0,0 +1,56 @@ +The output in moddep.lst generated from syminfo.lst using genmoddep.awk is +not deterministic since the order of the dependencies on each line can vary +depending on how awk sorts the values in the array. + +Be deterministic in the output by sorting the dependencies on each line. + +Also, the output of the SOURCES lines in grub-core/Makefile.core.am, generated +from grub-core/Makefile.core.def with gentpl.py is not deterministic due to +missing sorting of the list used to generate it. Add such a sort. + +Also ensure the generated unidata.c file is deterministic by sorting the +keys of the dict. + +Upstream-Status: Pending +Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: grub-2.04/grub-core/genmoddep.awk +=================================================================== +--- grub-2.04.orig/grub-core/genmoddep.awk ++++ grub-2.04/grub-core/genmoddep.awk +@@ -59,7 +59,9 @@ END { + } + modlist = "" + depcount[mod] = 0 +- for (depmod in uniqmods) { ++ n = asorti(uniqmods, w) ++ for (i = 1; i <= n; i++) { ++ depmod = w[i] + modlist = modlist " " depmod; + inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod + depcount[mod]++ +Index: grub-2.04/gentpl.py +=================================================================== +--- grub-2.04.orig/gentpl.py ++++ grub-2.04/gentpl.py +@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platfor + for group in RMAP[platform]: + for value in defn.find_all(group + suffix): + r.append(closure(value)) ++ r.sort() + return ''.join(r) + + def platform_conditional(platform, closure): +Index: grub-2.04/util/import_unicode.py +=================================================================== +--- grub-2.04.orig/util/import_unicode.py ++++ grub-2.04/util/import_unicode.py +@@ -174,7 +174,7 @@ infile.close () + + outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ") + +-for x in arabicsubst: ++for x in sorted(arabicsubst): + try: + if arabicsubst[x]['join'] == "DUAL": + outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4])) diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index d02010360..49c869b5d 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -27,6 +27,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://script-Remove-unused-fields-from-grub_script_functio.patch \ file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ + file://determinism.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |