From patchwork Wed Mar 12 19:52:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58823
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0D580C28B2E
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:47 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.4649.1741809162650425362
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:42 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=2j+wr4QQ;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-223959039f4so4484545ad.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809162;
 x=1742413962; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=F6cAAwejhi+f69uYwan0enJPfxDv2kjPwJw+c1V0Jio=;
        b=2j+wr4QQ8ZjH9gpGtBvBYY4ePbu5lk8pDaqScTojtRdnA134uHFo8lQ2tzKnXkcIxG
         KyhWOB14YI+2kWc9uuUZ0Ufijix2H82HwiNq6aiw4dD3Cz0bJKS4yJ857jk8mfv4PUoU
         JEt2YMiQ1l7KSe9zWvVzHp//vak5vqUddkDQKVDV6N0nEpZuDiIzafsVYFHRZPbSIZ/C
         mvpqoLGQJBegflKGgNWD4A+/MM+YaRgqKad73MO6OQxeNkwGeDe+MUscxQS5qAI+iYDq
         cUkoIAVHccG+bz1qBDXXlu33OQjVQxcnthG5uk2TkOM+bbB6VK+nkUS8/EUD5ojYKzXw
         5Tww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809162; x=1742413962;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=F6cAAwejhi+f69uYwan0enJPfxDv2kjPwJw+c1V0Jio=;
        b=PTX6+d/HahGTXBVphOj2QaaavtqMq9R6XrVkh5BLBz/riVdS2h/1zd1p9VIPoItXYH
         6AO7Cx92mWkr3hm376/CRSaFCKsTqwjHlGICA1b9kWsjRKz3GmIh3ccHbVIPJKewfvCj
         o2h/HYQVEvscM+mw5zqJf7RaAggsvHneN4cN/0bbIKOhK1j6HouJz4UWHMh9gLfQE7G3
         QbKoG3bk6Ng3aSD/tFr4+uB9cBFLtYqm87ATDoabT+jztiaVqlVzZeLbvov3loTsi9I9
         vJxq9S+XTEtFAbbXxGrL4TP8xlLvP7WHYul5PPB/OaMNGNjYscbOTcfGayddOfkH29Pq
         bo3Q==
X-Gm-Message-State: AOJu0Yyqy2u6++Y4dI14Ij49ZOcAPP8aKBn6CJCHM86PlPhTu5SdoAUs
	iBrSilUdt1J3ONE/2pW8Rii2wqq3txRAEcS9zZHFJ7YkKzqBZV5vxcbPp03pgli9w0ZSavigNdy
	J
X-Gm-Gg: ASbGncv7Sq2s8Gpnwq939QjBFyWkOX0exKhuDoAXGRnImJb0vm7VvQXs+lLk/qWRKk7
	Jk8VqItyyAcxbmm+7elEwYST7T7HnVylVNuMve8TJOT8+5JHuXmjSqCf2iD2n2uDKF3NqmA0ZTw
	k0LjPwP2YZy/7l89Lf7G/mNOolTmHVWxLViAeAOU8edduSWmiyHPYqM6xTi/6I2PDMRdl/ZEeig
	q+uJHi7S4gh3wJuwDZMnRC7EPcOJ03oB0CCKMHUp04c1cr1FrBCzgvitcPs0DcSSitRlxcy3yqb
	/be2HE2llBp/9O1r5szHocTsUgVTKMGYe9Q=
X-Google-Smtp-Source: 
 AGHT+IFAikYHfrl1t4I6Y/Doihne4mxN4Pw4TSaa0MLtuOCnnif9auBb9QUN7WfIp9p86UVMUuGdmQ==
X-Received: by 2002:a05:6a21:4cc7:b0:1f5:884a:7549 with SMTP id
 adf61e73a8af0-1f5884aad41mr17131244637.41.1741809161886;
        Wed, 12 Mar 2025 12:52:41 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.41
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:41 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 01/25] puzzles: ignore three new CVEs for a
 different puzzles
Date: Wed, 12 Mar 2025 12:52:09 -0700
Message-ID: 
 <ad5e8f160cc98c9ef6590656442b61dda8f0a386.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212668

From: Ross Burton <ross.burton@arm.com>

As we just match on product by default, ignore three CVEs which are
for the "Puzzles" WordPress theme by ThemeREX (CPE themerex:puzzles).

(From OE-Core rev: 87326573c82ac1e8dc335319442236ef2341501e)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-sato/puzzles/puzzles_git.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-sato/puzzles/puzzles_git.bb b/meta/recipes-sato/puzzles/puzzles_git.bb
index b47d3d3f30..be61abad50 100644
--- a/meta/recipes-sato/puzzles/puzzles_git.bb
+++ b/meta/recipes-sato/puzzles/puzzles_git.bb
@@ -47,3 +47,6 @@ STOP
     done
 }
 
+CVE_STATUS[CVE-2024-13769] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"
+CVE_STATUS[CVE-2024-13770] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"
+CVE_STATUS[CVE-2025-0837] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"

From patchwork Wed Mar 12 19:52:10 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58822
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0FCE1C35FF1
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:47 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web11.4651.1741809164100575516
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:44 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=KxqR/IAw;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-3012a0c8496so451086a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809163;
 x=1742413963; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=a3Fbmq8z4ONlvbOoLvOi9K1g6U3nxdcgoN+clZp3cgM=;
        b=KxqR/IAwYDBHfnmDm1xxIERLYMOlu+9u4lqnzg7UumzAR7lWmytOFGtg6E+oSsghoV
         FcCpTsP/x4z5gd9dqey8AifBLk9xnYwbD/6pGHSghZdsZ/KZhlPCu7rnCQOGcYynZnSy
         gL7LJtCoNF2MFJrpMHmonBVekfA3AR84Rr2JvRMUq9fzyE7QGDpVAXOZUudNWuGk4wuJ
         a65iFwDkFbxikSJM8TGT6LQwnqzB0t1fzGHd+lrZ6l/Oweey3QlCOAzMpewsvoYyfGEz
         fvl6vFbOpD90hMAZ2QJiZjclKGJBX0E9+QwQcN30M+X/Xz5hi7mo8+LtpX+YRsGzjFia
         Vd/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809163; x=1742413963;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=a3Fbmq8z4ONlvbOoLvOi9K1g6U3nxdcgoN+clZp3cgM=;
        b=OsF3rD2jauUXryk+WwJqXXEbdULPJa63wdqpi3oLbMniddF+wsG+UKDWHOtyXGoMTN
         SKTg/5h+2Z4UEK/6kvoXQcIdpiSNyneWi7juLQ/yo60oZNAYXC7XLQl6L3fMInJdwYO5
         No+3T+OIxfkGZTBoo+LW3hpgOlcGzr5XAk1Zur8a161RILO/fTXYQrztJeI75SxYwxTY
         ynRq7bVnj4ZLl/o0PKB9DK/3B23636M1v8xe0yXgrHsOjaojRx81U8lj0D4pmxCcrACp
         iox5pJURVHF9pYI1O6MMBsovgIDImm1LAmecZeGHXwA98CKQl3nqoqiAE5PIbiIdFIWm
         jDRw==
X-Gm-Message-State: AOJu0YzMo+J1WlaqiewlHlu6QRUaXVfO33yJG+7StcrmaPXRJyoQbPir
	4XKLhbZN1VP/t7A9pn4Fv6LtsJXaaan3MGHBZFr4QhfAKqyTp89BrZSH84R7xzNeMxxai604uGZ
	b
X-Gm-Gg: ASbGncs4tdq0YHowv+4oFP9b5RlKja234Dh5uEyQ/j0Oz2Ya2iMbrfk4meA8/b8VsL+
	3XKKrniVPV207cCfbHueeKwO+1bxUO+tKdjpqKKO10sv/fq0Ue2rYXp01Nd4wJgEk0QxJ9g0owe
	BennP/7RwhnAFkHHh2M+rnpWi10pZK2tKO1yBNKciqOOCrldJV/YPkzUywY5pz7+cXYx5Zg5le7
	jG63D3sKKEoQuywPYKAdsRFJ3R4md0fLAfIg+TV9Y6d5NXt8/l8nsh2ZAgBBAGy1fvxAsGZZNFt
	68+R0qB7T/P2TZQhHPdN9g8dJCkCK7Uxzvj7zamn8mVn3Q==
X-Google-Smtp-Source: 
 AGHT+IHL6jnInKcra42tMY34a/M5ku//TyyjfT1t9NSrMPl8CMcLIwKGWIWoSX3jXUROpz9Nxemocw==
X-Received: by 2002:a05:6a20:9c91:b0:1f5:8e33:c417 with SMTP id
 adf61e73a8af0-1f58e33c5ecmr13997147637.2.1741809163320;
        Wed, 12 Mar 2025 12:52:43 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.42
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:43 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 02/25] binutils: patch CVE-2025-0840
Date: Wed, 12 Mar 2025 12:52:10 -0700
Message-ID: 
 <059b6bb3058fadbeee2626ab241de315ed1b0baa.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212669

From: Peter Marko <peter.marko@siemens.com>

Backport [1] as listed in [2].

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-0840

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.43.1.inc              |  1 +
 .../binutils/0016-CVE-2025-0840.patch         | 55 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2025-0840.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.43.1.inc b/meta/recipes-devtools/binutils/binutils-2.43.1.inc
index 4a8666b433..091fa61cc6 100644
--- a/meta/recipes-devtools/binutils/binutils-2.43.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.43.1.inc
@@ -36,5 +36,6 @@ SRC_URI = "\
      file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
      file://0015-CVE-2024-53589.patch \
+     file://0016-CVE-2025-0840.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-0840.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-0840.patch
new file mode 100644
index 0000000000..2f60a7a0f1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-0840.patch
@@ -0,0 +1,55 @@
+From baac6c221e9d69335bf41366a1c7d87d8ab2f893 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 15 Jan 2025 19:13:43 +1030
+Subject: [PATCH] PR32560 stack-buffer-overflow at objdump disassemble_bytes
+
+There's always someone pushing the boundaries.
+
+	PR 32560
+	* objdump.c (MAX_INSN_WIDTH): Define.
+	(insn_width): Make it an unsigned long.
+	(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
+	(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
+
+CVE: CVE-2025-0840
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ binutils/objdump.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index ecbe39e942e..80044dea580 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -117,7 +117,8 @@ static bool disassemble_all;		/* -D */
+ static int disassemble_zeroes;		/* --disassemble-zeroes */
+ static bool formats_info;		/* -i */
+ int wide_output;			/* -w */
+-static int insn_width;			/* --insn-width */
++#define MAX_INSN_WIDTH 49
++static unsigned long insn_width;	/* --insn-width */
+ static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
+ static bfd_vma stop_address = (bfd_vma) -1;  /* --stop-address */
+ static int dump_debugging;		/* --debugging */
+@@ -3391,7 +3392,7 @@ disassemble_bytes (struct disassemble_info *inf,
+ 	}
+       else
+ 	{
+-	  char buf[50];
++	  char buf[MAX_INSN_WIDTH + 1];
+ 	  unsigned int bpc = 0;
+ 	  unsigned int pb = 0;
+ 
+@@ -6091,8 +6092,9 @@ main (int argc, char **argv)
+ 	  break;
+ 	case OPTION_INSN_WIDTH:
+ 	  insn_width = strtoul (optarg, NULL, 0);
+-	  if (insn_width <= 0)
+-	    fatal (_("error: instruction width must be positive"));
++	  if (insn_width - 1 >= MAX_INSN_WIDTH)
++	    fatal (_("error: instruction width must be in the range 1 to "
++		     XSTRING (MAX_INSN_WIDTH)));
+ 	  break;
+ 	case OPTION_INLINES:
+ 	  unwind_inlines = true;

From patchwork Wed Mar 12 19:52:11 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58824
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1C2A4C2BA1B
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:47 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web11.4652.1741809165412264364
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:45 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Wt0+Ff2f;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-22435603572so4564525ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809165;
 x=1742413965; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=x+dhLEdzbbb3WP7oQTfol2gKG48r/p1juguvxS4YaHc=;
        b=Wt0+Ff2fqu8HVhpUnXQdT7TfL6XzHK6Qo2aiL9xiBiZHRVF/SdKX1VrJaNVWxf5bex
         B8qOGXpaDo8HlNmLMDVIjzo9NDe5TjlbzcvA9670Pye8JeGlIgk/woQwmj68jpIYZo4m
         MoS467ckOPxv4lwb4DuHx3wva6F94raoSa46XWmZ1N6lITU+MagNUTqy04XyBiXHl323
         cXN5lPcvUvay771I/nQ5Fyn2jiFk1fPHRvwztSd0mDgsKdhpWghAMs1hNBF8eRrR8VRJ
         4xmc+zxwVXFFfdRwdxrSm/ao3hHkeoUGZDyyVmSn7XXmzPuOMpjoI9/2K8A1jMnqi5au
         m9Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809165; x=1742413965;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=x+dhLEdzbbb3WP7oQTfol2gKG48r/p1juguvxS4YaHc=;
        b=sXtw0zn8kLCa0eAOXK82xd3TvJ7htXjm2f+v0gq9telq5n1RzQWuQfZF1O0uY6m5pn
         sWelmVKquW8LZVQxCojuKnPWkPxiSjtbjuKm2lrRK/jiZ77pPknOTBL5wS/uMOOx+hdH
         FpSYDVs3B7GMahH0elXI7kENMinUzhAsr168AfjfyRuHHD+k6gsUR1SiWHEF4LL/BHQW
         xWnJgrSH+Eh65qoe2nlJUlKpIbrNqf8BedTZjd2w4WN6yR6DbI5mlQ50E/NMvWO2725y
         Ar4upw6IgX4ku78aykaJEpcIJEK/UPPvinNA61H0xkGZdXqU2c3KCYy+t0SkBr6BPdY7
         mjtw==
X-Gm-Message-State: AOJu0YwyQR4xCy9MrqDkXaFVEfyJNsmIeFjrv67CWXNv1snqbUPGJakF
	L5JO9k8KVk9zU/BooCx5WBNcBH6tfLgAQU3cBgtEeYCE7mHhcYZDkQIuWewvtcBlq4+zesu6csF
	n
X-Gm-Gg: ASbGnctKXIII0WAV+kSasoJ0/uMUtiRuyDIAdMuucS+wRaIGzt6YcpoT6JS4krvWSY7
	zRzP+QdcciW5YYdLxVKbLcoGUqD+48mEDR+C6XfJJRCJl5kHhhSbjmDuKo1pZSenvTGMkKMT7q8
	+jgDO6w5yKjZLIqKg65IlNqgUmNx2wi8CQ4EuSZBizkcyVq2KgeuQkXilBZONgb/F5tBtNxWVei
	2VsXFwZDJB8TL9QieGoy4AVItqVzJvpR5uqP7sFppWBxFCIcT6s05UP94tv5imEYOcSM4UxD51k
	uvPdb/FRwsvrKWAAc6NV+7xId+9NmpvKe88=
X-Google-Smtp-Source: 
 AGHT+IHAa5D2eaf7FdhqyxadT5psB6RBrePKcATENCYJqmOX3Zr3TLbuIcIRRFIkOYyQ5spDxLO8Xg==
X-Received: by 2002:a05:6a21:6b04:b0:1f5:5903:edcf with SMTP id
 adf61e73a8af0-1f55903f14amr28122640637.16.1741809164630;
        Wed, 12 Mar 2025 12:52:44 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.44
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:44 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 03/25] grub: drop obsolete CVE statuses
Date: Wed, 12 Mar 2025 12:52:11 -0700
Message-ID: 
 <7d35eefd2290bad78199354157e5d275ceda0ce2.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212670

From: Peter Marko <peter.marko@siemens.com>

CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 07b4000e04..c93b9594c8 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -23,11 +23,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
 
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
-CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
-CVE_STATUS[CVE-2023-4692]  = "cpe-incorrect: Fixed in version 2.12 already"
-CVE_STATUS[CVE-2023-4693]  = "cpe-incorrect: Fixed in version 2.12 already"
 
 DEPENDS = "flex-native bison-native gettext-native"
 

From patchwork Wed Mar 12 19:52:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58827
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5950C28B2E
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:56 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web10.4457.1741809166855803464
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=QqOb3RPJ;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-2239aa5da08so4458155ad.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809166;
 x=1742413966; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LzvtRwCSNa6vIwAGukn3DwIib8dM8VkdYXYvUUj0m3M=;
        b=QqOb3RPJv1ifm4q0/NcL6/7eRSTogStKNOsnH0BHCno7MUQB5OmHVQF7D6EPqkmx1o
         f1smqC6ZjvxGHFb+ltxu86gSwaHVb+WUIjNRctHzwIFeFUjle/na7eEPMUS8BsgTn+L8
         7spfQ68i0UchREtXK9WkDUHARwuXzb/Jz+mVGM/0kXTRWiDDudYuqHlA168JO7H3dLeF
         XCXRhLfTeJzh3N67BGUxCYdTFvDqZB7opBvgzWSJQwVitSwo+S77D++RsIlO+UpQI0Ap
         etwS+cuQtTpLec6LWBiyw6jAsy0/1Khu5JCfrWZu/NO1HVA4MAz8t9A5kTcCHwxDKvj9
         kx0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809166; x=1742413966;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LzvtRwCSNa6vIwAGukn3DwIib8dM8VkdYXYvUUj0m3M=;
        b=ZS13AoP68Kkx/3AjX62t/9vtnp5YYZRC72rryJM6ST6LaydVYfQDJnE2AIAOyyfn3i
         9EXIoPHE8X+/3r9EqiulkQKNFl/2U5ic7SYATWogbHYtq49R5Sp8XJRFtWAIVH2ITTlG
         QDyMHLOv+8X+ohAD/QGIO3XkMYffHYEM2mTucqXrNND5iIIjbefGjnGVQ0F3hfeWXfIg
         QAlPEKNel7WUowovTrpWAYC1en2+1vqqjIO/ZgeRPDMf3pVSuzHeNIMiLXvu07YJwNnC
         +dsaN/DrIB8ZHkdALvE/BF3coG5rleN7LXP/HmZFZM9aZlEhxWjOn9YAi3AGHM52WGwe
         Kfpw==
X-Gm-Message-State: AOJu0YzKZ17g2MJ5UwB9BM/a5vQu5SLbKQjAWDsLzDQsoRC35dWpt5qr
	xFyN7FoA7JnkzcXym1nGpzJSp0ic4+ToeWzlKvFGKZTq6ZQoB7rF9MhDVfPD5nS7UJhW3jQ1960
	c
X-Gm-Gg: ASbGnctN91CgZCS6o5PQ++4k5May0qCxHIxICP3nyyBnMK20OHqSB28uojo52NtGIs/
	UBsvIxR/bYqrX7VKU55Ltt2H2yREVXMCWKGSvfE+AcumB2lcX2UAzf/43AZYk5/qxJkYapr3UsM
	N8qm5JBJqgRCcpp1ExVviFKNEsyqbUy69/fEOfXuKExuoqB/WZdw0JlI2yfGE17uHDzUJsUY9SS
	kRxrfWCau3IY12cfAdmmDUGhNHibC/gD2QgvCOrPQoxRhpmsDB6LxtWjqsbewdso1O6i6SZcm0K
	0H0P4rNi6a62b6OOQs3645pCCnwR8gAxX0w=
X-Google-Smtp-Source: 
 AGHT+IFHdbOzQaFyhqj13Szg3eaTTlL0RbUAtr7Ng0qoDrELcoqyYspqZJbU0hhdeZQLOepy6y+D4A==
X-Received: by 2002:a05:6a21:1583:b0:1f5:8622:5ecb with SMTP id
 adf61e73a8af0-1f586226198mr18941312637.34.1741809166054;
        Wed, 12 Mar 2025 12:52:46 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.45
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:45 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 04/25] grub: backport strlcpy function
Date: Wed, 12 Mar 2025 12:52:12 -0700
Message-ID: 
 <48cf877397b82449f171190a33a8e723512b8227.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212671

From: Peter Marko <peter.marko@siemens.com>

It is used to fix multiple CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-misc-Implement-grub_strlcpy.patch    | 68 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 69 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch

diff --git a/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
new file mode 100644
index 0000000000..0ff6dff33a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
@@ -0,0 +1,68 @@
+From ea703528a8581a2ea7e0bad424a70fdf0aec7d8f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sat, 15 Jun 2024 02:33:08 +0100
+Subject: [PATCH 1/2] misc: Implement grub_strlcpy()
+
+grub_strlcpy() acts the same way as strlcpy() does on most *NIX,
+returning the length of src and ensuring dest is always NUL
+terminated except when size is 0.
+
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ea703528a8581a2ea7e0bad424a70fdf0aec7d8f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ include/grub/misc.h | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index 1578f36c3..14d8f37ac 100644
+--- a/include/grub/misc.h
++++ b/include/grub/misc.h
+@@ -64,6 +64,45 @@ grub_stpcpy (char *dest, const char *src)
+   return d - 1;
+ }
+ 
++static inline grub_size_t
++grub_strlcpy (char *dest, const char *src, grub_size_t size)
++{
++  char *d = dest;
++  grub_size_t res = 0;
++  /*
++   * We do not subtract one from size here to avoid dealing with underflowing
++   * the value, which is why to_copy is always checked to be greater than one
++   * throughout this function.
++   */
++  grub_size_t to_copy = size;
++
++  /* Copy size - 1 bytes to dest. */
++  if (to_copy > 1)
++    while ((*d++ = *src++) != '\0' && ++res && --to_copy > 1)
++      ;
++
++  /*
++   * NUL terminate if size != 0. The previous step may have copied a NUL byte
++   * if it reached the end of the string, but we know dest[size - 1] must always
++   * be a NUL byte.
++   */
++  if (size != 0)
++    dest[size - 1] = '\0';
++
++  /* If there is still space in dest, but are here, we reached the end of src. */
++  if (to_copy > 1)
++    return res;
++
++  /*
++   * If we haven't reached the end of the string, iterate through to determine
++   * the strings total length.
++   */
++  while (*src++ != '\0' && ++res)
++   ;
++
++  return res;
++}
++
+ /* XXX: If grub_memmove is too slow, we must implement grub_memcpy.  */
+ static inline void *
+ grub_memcpy (void *dest, const void *src, grub_size_t n)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c93b9594c8..43ba632ce2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -18,6 +18,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+           file://0001-misc-Implement-grub_strlcpy.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:13 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58826
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E591DC28B28
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:56 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web11.4653.1741809168345822821
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:48 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Qd7+Xvf4;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-2feb91a2492so487473a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809167;
 x=1742413967; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lpNSRWK49vv51SeJfLXed+XqSnsTQy6sjzbba/qxboo=;
        b=Qd7+Xvf4I3I3+GAOe1bZfaJ+D2EW1XwjPqA3JKHje+BSVzjghWOd78mBJdOMfuWyql
         ir50bdTiQDnidzWzM6RhOhPHpxXHvpYGrU4ZEdnm4PDFzBUdisi4YvvTI1Q5nDdEil5+
         Z6dnkoNBrgbfcNEfJZg83Gj7X4AIOIiOJjPnCn/fOmTI2pNQDrNkyW/8XE0+vtQz6D4I
         +U9/LEz0SqfUBEvw9FZZ/LpWFgLO1VDKcvAOw8xkd7l2MSsdQ7xvqB5JEfe2IXHN5fhU
         imok5RzMaKrKYX0FvnQiM+/m1EByIGbYoEujjs8zgeZFgiA0UZ53GdKxKV0HhWt//ZM4
         pNUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809167; x=1742413967;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lpNSRWK49vv51SeJfLXed+XqSnsTQy6sjzbba/qxboo=;
        b=OSEJc34G3vFLRRyHd8QVl8cec31zqCy8oHGGnl92cIOCIJchj5uCNQ2X3R1X2isWif
         +YCxyNOypcBpSngxJ3xW3Yd/OMj+GOYF0Cdiyq6GvJ/779UmsIQoInoGz5GsRsmUoPf3
         lhanPkFgydRj+IV0u6kE6VGuPuCwN4eecphV9CT5yEjmeKCJKBOBvXfMVR6neTOVvWVp
         mfIC1EDMQJJ3GUwuU4/yVsZfUQaS+2q2tH7UKwfFB6h5K8HAkWiaf1nQxVb3yKgS4RFT
         S+IZleCAtEp1DvJGk3yjt5Qg2G2eyvtjjTrNoksFipdVPhuCLWv6j5LN9np8oZs66y3k
         wagw==
X-Gm-Message-State: AOJu0YzLPcofi2mx/vPDDeJ7Ua6zMFVZ7qfw1HG1aa9nKytTrZM9XYiz
	0ddG8mAjlGU6MybL2bQEquFoD6d2tqvoB7FSIxT6B+iGNHArvlVOqXvzDDzhQ7H11mtGfq5Ho1l
	A
X-Gm-Gg: ASbGncuS8Stox5lZ8mGDw3hIgAnG4rJGHEM95hpYo8qg58QvU8ZLI2VMJ15YD2ynPi/
	k89CAPTfFziG+xmCJzUXdN/wA6XVrPGWVINBGoiNeSnF005/Zghw4vmN06NYG7TZGKdRU60ZCh+
	3M1MpHgh8aTebYY0EI63zB8QWC5JmLhE+fvp3TCWzUT/qxpu/WQ21W/z+cCHEQopGsaSV3/lihx
	tpKTV8bgPZLcekb8QsRRmn1wKg5e3XCDzJWIsyVkNqOxeIAHsrLJf5LCjV4K1xAzRXn2sKtwDtD
	ZbyL8jN551kf9H2KGY0fp6pwuaHXfG2J6DeYQlFhtRUXig==
X-Google-Smtp-Source: 
 AGHT+IEGnFJ+jWuJTUlMlGgh9IbKZZLpwc2DCLMHCM1ozAR+z9z0hPYGemjzCHj6jsmbGechAkay/Q==
X-Received: by 2002:a05:6a21:6b04:b0:1f5:5903:edd3 with SMTP id
 adf61e73a8af0-1f55903f155mr27738358637.11.1741809167575;
        Wed, 12 Mar 2025 12:52:47 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.47
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:47 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 05/25] grup: patch CVE-2024-45781
Date: Wed, 12 Mar 2025 12:52:13 -0700
Message-ID: 
 <ef41ef5730d08371d1eb03f94fa9357edf26889f.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212672

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45781.patch           | 35 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45781.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45781.patch b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
new file mode 100644
index 0000000000..bd0b6aa04a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
@@ -0,0 +1,35 @@
+From c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:03:33 +0100
+Subject: [PATCH 2/2] fs/ufs: Fix a heap OOB write
+
+grub_strcpy() was used to copy a symlink name from the filesystem
+image to a heap allocated buffer. This led to a OOB write to adjacent
+heap allocations. Fix by using grub_strlcpy().
+
+Fixes: CVE-2024-45781
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45781
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/ufs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index a354c92d9..01235101b 100644
+--- a/grub-core/fs/ufs.c
++++ b/grub-core/fs/ufs.c
+@@ -463,7 +463,7 @@ grub_ufs_lookup_symlink (struct grub_ufs_data *data, int ino)
+   /* Check against zero is paylindromic, no need to swap.  */
+   if (data->inode.nblocks == 0
+       && INODE_SIZE (data) <= sizeof (data->inode.symlink))
+-    grub_strcpy (symlink, (char *) data->inode.symlink);
++    grub_strlcpy (symlink, (char *) data->inode.symlink, sz);
+   else
+     {
+       if (grub_ufs_read_file (data, 0, 0, 0, sz, symlink) < 0)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 43ba632ce2..58f4a6e181 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,6 +19,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
            file://0001-misc-Implement-grub_strlcpy.patch \
+           file://CVE-2024-45781.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:14 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58829
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EBD12C35FF1
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:56 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web11.4655.1741809169783199607
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:49 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=nZbZEGzn;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-2ff6a98c638so645790a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809169;
 x=1742413969; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=j1LXAQ9jxRbwI8OLbIF1Xpo/Ak0F5Ux7TZ5l9vSbNJk=;
        b=nZbZEGzn8nmSD+hnb0Mn6gj/cuD10Y4nG7h2mNZAAxhdt7zGE5j6qFt9xThyiQfSgy
         bxUQq5xGjXIWQoEJbPMXGoFwGwt4FEPMiMv4cSKRi7WGYObL2DWUHgnH4ku3yyVcr4fm
         Yd8QpEQ1jRTLhv+D9u4NgCHDopnJ2TWXncjRRId/UAmBlfu5cT5+y3uxbwqJIswI8nbW
         f/xIFzmut75K0aJDBRiX72/FiDAWRyNx66XaY5+bd2y2tDBW3kgDZ0SEIcvNkR+0V5xg
         eB+wziUfjyWHwXA0QN25DxGCumRkRDO9g+9dEIHVQ4+/MyrI8MSQhyf1exZFlWc1C4mB
         5mgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809169; x=1742413969;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=j1LXAQ9jxRbwI8OLbIF1Xpo/Ak0F5Ux7TZ5l9vSbNJk=;
        b=mDl/1UYHYw/DNhJbht3YOYvcb3TvrvX0Z5AqExv6vhwWJtg0pUE6PUyXeo7TIEsYdK
         x2ZRYHPGdEp1l7OuHbqnVqBUvaPdYR56i4Pbukjw/hOeJ27rBM+tkH7yC7q5Bbw33/ee
         VonRQnZkJOQdDy4VCeab/9DIuvGXdRXUgAMNGATRqE3o6aSN/yVXRcMDtDJNRCzbrnIm
         rH62g/PL0SZP02GpSv94mOdMxSwtZ/ZGeRRn23MhpAQ1PF76qNexS1GceK/5b/PKKtiC
         aPy46lo4cF3yFmWm9xE47dbGYdLE1A3HDTo7/5SF+4Mw60qnNlC+OmepK4Z5eqOBVgUs
         pjYw==
X-Gm-Message-State: AOJu0Yx3mCiOV9qdoazNEU7SZR3dz2IteUZIDNp5VDP3W+XJwbz8jSw+
	/3nA9Am8TV2OUIZIpLFr7FEQF7YKivfIkVK4EoYvzl8uicztKTRXoW8BZ75JYriSttDlZytdbcn
	H
X-Gm-Gg: ASbGnctYC99+ZF/Nql/QKiFRywSt11Ugi4xBnPKB08xj0XTPRNjJVVj08mMxbDyBsF+
	GGjK0Nt0Lj/ZrrELkHf0I/BX5BMToOutmaF6H/zG6LT8GJ9p2gmgP89CDg6F78WW1hzZOf4ecLF
	KwSYv4X0fDEV1NurOgxBzG7RW4Y1WRfZgQPzIhOVC1DtlIqhjfninVE+KHZ3qsLO2MFig4cm1dg
	xmyI2nOfcI7A1XHKxY9YE9S/Rg7YamrpbMYACezC315ipP8QSZN+LnvCNqqsUg1Lq8QxUIZ0yZ/
	BOiOyws/26qfFLc4iYYWQDz88cDmnAB7geO/baBw/GzV3Q==
X-Google-Smtp-Source: 
 AGHT+IFqBrFi/J8ZxXci32qnQgau4kXs2c6ojTOjRt651ET2QMPHxjquVdixYCLPOjpiRFwagu2QvA==
X-Received: by 2002:a05:6a21:700c:b0:1f5:7df9:f13c with SMTP id
 adf61e73a8af0-1f57df9f412mr22603005637.41.1741809169060;
        Wed, 12 Mar 2025 12:52:49 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.48
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:48 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 06/25] grub: patch CVE-2024-45782 and
 CVE-2024-56737
Date: Wed, 12 Mar 2025 12:52:14 -0700
Message-ID: 
 <3b497db0bff69c8e7a4f5466b155d1c84051cc59.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212673

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning these CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../files/CVE-2024-45782_CVE-2024-56737.patch | 36 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
new file mode 100644
index 0000000000..41cc025b81
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@@ -0,0 +1,36 @@
+From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:48:33 +0100
+Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
+
+Replaced with grub_strlcpy().
+
+Fixes: CVE-2024-45782
+Fixes: CVE-2024-56737
+Fixes: https://savannah.gnu.org/bugs/?66599
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45782
+CVE: CVE-2024-56737
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index 91dc0e69c..920112b03 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
+      volume name.  */
+   key.parent_dir = grub_cpu_to_be32_compile_time (1);
+   key.strlen = data->sblock.volname[0];
+-  grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
++  grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
+ 
+   if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
+ 			  0, (char *) &dir, sizeof (dir)) == 0)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 58f4a6e181..f5112d773d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
            file://0001-misc-Implement-grub_strlcpy.patch \
            file://CVE-2024-45781.patch \
+           file://CVE-2024-45782_CVE-2024-56737.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:15 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58830
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F41EFC2BA1B
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:56 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web11.4658.1741809172927630033
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:52 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Ln6KVejw;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-22337bc9ac3so4388045ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809172;
 x=1742413972; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=foBHVc7gA79kI2fjro55hXvwMr0msPBEDFda5nm8xR8=;
        b=Ln6KVejwuEqFBtczwiMlH+mj+c2Rt7K8FcUq51flWfXm5HIJguAgY9HzWPvu9As5cY
         bm/eUyS0QUxSXrhoIkvBjJYyNH5BQC4RxtG408hVzaT8pcuctNsoOedgeVOO9EX2xqFO
         5+izJlUGzcR24If7SCLa3rZaviIlpzehvl0/wxFUghct+ETvrqq39yPVjK6xYhTISOFC
         mK94uEWQnGotmiYShX2x+PO0+50MOzejGdJLcS4Kis+wyHUjcLI5SxXqgHnFYs2+feU3
         iFvNSq6YpoSjbr3nYuIguqj89qPtaMjrXY9s0ACq5EwfnSdzYU8b3BWOR+IFEWdgbq1f
         wtjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809172; x=1742413972;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=foBHVc7gA79kI2fjro55hXvwMr0msPBEDFda5nm8xR8=;
        b=TdwZ9N2rGocSiv0rYnZ6581GEh1YrbeRWMwDPiyqYvZTVQMqrW7+beNZOIrAmYYBpv
         vzg8d4ATeUwJ231AbIFWLnz9TrTHI4GiTpAZXy567i5PfgXQwob9F0vafUlswy5oljia
         5hwu2mphJhL6cAPpj5GAB35shuLZGp8vwrQr1FWuhTRHWptSb60flmcL4eSi6INksPgc
         jPGjw9iSLtaJr1bZ0tqxZPFyebw314d/cz/CSL/TJhLYIj2FDzF27K+V20pO1GdETElI
         8VSRaoXBKA6f78RpBRiGX/WB8OzsnKLzfUjCl9GAER0uhqulIqOqSZvqvH+9ot4VvrTI
         amCg==
X-Gm-Message-State: AOJu0YwqE8Aenbjz8lE8Pgcu6jHWp7RinlSYA9GPHaUMcSd/oXVkyNpK
	cB2Q+syNxa4PoUILqPntL/w1q61XReXF4SKxZlhqxmpktb+Kmo1DCBo3vIdAUdn01p4d/8D5qou
	m
X-Gm-Gg: ASbGncsr4I6xvPvN7y2AbpPyKrSKsyWVY3mI5PfwoRLjDN0wGk6QH8DRuADHeCtpCsC
	1051xNEvGvKvU0vndZfzeRjTNiKQ6XS0ou/kW59TT+spzYvJvfqOT8eqM3kyjpoT3tTE8anP/ki
	RX0PZIpNbsmUDFQS3uytJ+AtYxUlG05qDdlvuyO3CS19njZVU2ZrFveNpsMrDLpVd+0kz8sj7w/
	ZqgLKa2iPdUR6SySBnoh9kXCDh+mmoutmtlNRZQlFu56KeOrClb6spyPgIXM6UXT6CPCk+GQ5YK
	M/MVybSkE50QYQ5WtXhE4xsfwFa7rnFMIg5L8hL3xRXQsw==
X-Google-Smtp-Source: 
 AGHT+IFBsmrU844c6HkR2gHdtlIjin5m1T++UtLfSU+p/VxxZ1am2cSp+NXNR+AkgFy3lgkpvpjMPw==
X-Received: by 2002:a05:6a21:1fc5:b0:1f5:86f2:a674 with SMTP id
 adf61e73a8af0-1f58cb1bc29mr13678223637.12.1741809170627;
        Wed, 12 Mar 2025 12:52:50 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:50 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 07/25] grub: patch CVE-2024-45780
Date: Wed, 12 Mar 2025 12:52:15 -0700
Message-ID: 
 <3c33dbc32859ce45743c507120317a562b1a897d.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212674

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45780.patch           | 93 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 94 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45780.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45780.patch b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
new file mode 100644
index 0000000000..1de0099f94
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
@@ -0,0 +1,93 @@
+From 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:58 +0000
+Subject: [PATCH] fs/tar: Integer overflow leads to heap OOB write
+
+Both namesize and linksize are derived from hd.size, a 12-digit octal
+number parsed by read_number(). Later direct arithmetic calculation like
+"namesize + 1" and "linksize + 1" may exceed the maximum value of
+grub_size_t leading to heap OOB write. This patch fixes the issue by
+using grub_add() and checking for an overflow.
+
+Fixes: CVE-2024-45780
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45780
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0087bc6902182fe5cedce2d034c75a79cf6dd4f3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/tar.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 646bce5eb..386c09022 100644
+--- a/grub-core/fs/tar.c
++++ b/grub-core/fs/tar.c
+@@ -25,6 +25,7 @@
+ #include <grub/mm.h>
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -76,6 +77,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ {
+   struct head hd;
+   int reread = 0, have_longname = 0, have_longlink = 0;
++  grub_size_t sz;
+ 
+   data->hofs = data->next_hofs;
+ 
+@@ -97,7 +99,11 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ 	{
+ 	  grub_err_t err;
+ 	  grub_size_t namesize = read_number (hd.size, sizeof (hd.size));
+-	  *name = grub_malloc (namesize + 1);
++
++	  if (grub_add (namesize, 1, &sz))
++	    return grub_error (GRUB_ERR_BAD_FS, N_("name size overflow"));
++
++	  *name = grub_malloc (sz);
+ 	  if (*name == NULL)
+ 	    return grub_errno;
+ 	  err = grub_disk_read (data->disk, 0,
+@@ -117,15 +123,19 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ 	{
+ 	  grub_err_t err;
+ 	  grub_size_t linksize = read_number (hd.size, sizeof (hd.size));
+-	  if (data->linkname_alloc < linksize + 1)
++
++	  if (grub_add (linksize, 1, &sz))
++	    return grub_error (GRUB_ERR_BAD_FS, N_("link size overflow"));
++
++	  if (data->linkname_alloc < sz)
+ 	    {
+ 	      char *n;
+-	      n = grub_calloc (2, linksize + 1);
++	      n = grub_calloc (2, sz);
+ 	      if (!n)
+ 		return grub_errno;
+ 	      grub_free (data->linkname);
+ 	      data->linkname = n;
+-	      data->linkname_alloc = 2 * (linksize + 1);
++	      data->linkname_alloc = 2 * (sz);
+ 	    }
+ 
+ 	  err = grub_disk_read (data->disk, 0,
+@@ -148,7 +158,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ 	  while (extra_size < sizeof (hd.prefix)
+ 		 && hd.prefix[extra_size])
+ 	    extra_size++;
+-	  *name = grub_malloc (sizeof (hd.name) + extra_size + 2);
++
++	  if (grub_add (sizeof (hd.name) + 2, extra_size, &sz))
++	    return grub_error (GRUB_ERR_BAD_FS, N_("long name size overflow"));
++	  *name = grub_malloc (sz);
+ 	  if (*name == NULL)
+ 	    return grub_errno;
+ 	  if (hd.prefix[0])
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index f5112d773d..01d9be6bc2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-misc-Implement-grub_strlcpy.patch \
            file://CVE-2024-45781.patch \
            file://CVE-2024-45782_CVE-2024-56737.patch \
+           file://CVE-2024-45780.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:16 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58828
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B2CEC35FF2
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:57 +0000 (UTC)
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com
 [209.85.216.51])
 by mx.groups.io with SMTP id smtpd.web11.4660.1741809174026750961
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=w8N7lc3A;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.51,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f51.google.com with SMTP id
 98e67ed59e1d1-2ff6a98c638so645909a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809173;
 x=1742413973; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=d5hdTCGswwiCmn4HnFusHBjChRqmLo0ccJexye7IxZg=;
        b=w8N7lc3ATAyyIx8zuJoDYEJXKopUvmUIVAMKQAqJVGO8HSdKGuxLz7ZyfgOcgVAi8J
         IF87xhK00HoDBImJQEvcFeklZcHjI7pUIANR8BQUwheSdy5qAkC8cpGqxTQTT5evumH1
         pMfmDECgDplUI0E88j4c+qoZ0b+h6Ar+00xgoIoPD4G195CnFAIq6y26Wgvqr8x6bbgx
         YYewJGhLJB0TvsVeMiyWG5WVVGsAcaf6rKNxxIB7jjg8p1ihZQ1wFle/KWktqinHzTos
         v8YAzIgzDjF6mS4BaTNJDmZ9eZDGmzfDkymdKFEJsVl5FRvckidXWwZzEahN4QoftEJT
         xYMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809173; x=1742413973;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=d5hdTCGswwiCmn4HnFusHBjChRqmLo0ccJexye7IxZg=;
        b=B9x6dhB1F0HbAPFf6qNMFB04xnzQdLGwwL/waFbyFdHcSIT6tyWxr3bievdGXkedGi
         Y3Am5K0XOr/e17yy0TbtGNUJrNvrRxiyXS8bUyiC7cA9N4CmJWAOUVzMEDZj99dkFwZA
         596NIlpvVN9bUTtZAXzc/XbUjHCVJqzsYZDeyR9ItA7DDSp8nFDLUn9MT5JAyQHK3ZjZ
         QDUEexQxHZMZuxJtJOSNrfw/wbaVPf4X0k3Bex1WSNraN+4Ud4Q69QJxNd4pXojGsAXa
         88B0p2N2qVJKz+14/KYU/6oNgPNrs44kE1vqtC+S83dPCbbhzcvKlTnYH84aXmkW+kcW
         3xCQ==
X-Gm-Message-State: AOJu0YzlsSkT+Npy6Vs3n48rm2DUCd0tEBVCj9bg5ieDZiRA3dmDWYta
	5NOq1LtR4ciifxXdgp8xF0FEUa6+oiFhTAhCoulWJyCzvP3f7L4EjgXDcnuk4jIgqH/WfE2QQxj
	H
X-Gm-Gg: ASbGncvmnWQWwmlFVYSlQJpf2VCSqRXfFhQXzS6PD9I3qzkHrwv/bDtz9JDnDEmFoAB
	8s8X1z6Q8oMW5aus5dniNKR8HAP3xLonElHaKefir5z2ATT4aGjp56iPDqnTGNVf9knoR9xvBSM
	YUxUCAgKbGxNUtt+NhLpmqQvduhKki4j9g7KpoGHXDCl+p3hRaEpj0KX4apg8uWQAze7VKXKFcg
	iL8BZ4BmYfONIpz5kIh2bEBa2lgWfXisbVPidiMxaHhjfab7M9QBQcNj4TvQ/6HiVHL5KB93igg
	d2gdU7Z55ZdoRBDg0rN77Vqi+Rv+li7lMBM=
X-Google-Smtp-Source: 
 AGHT+IHnJtiprZmnIAf41lRWIMgmiRrzPgH0mfjrXk7cqQdiShx0qSfdpXzxFiX+fkas81RyuyN+hg==
X-Received: by 2002:a05:6a21:516:b0:1f5:709d:e0c6 with SMTP id
 adf61e73a8af0-1f5709de3e1mr20573949637.42.1741809172256;
        Wed, 12 Mar 2025 12:52:52 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.51
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:51 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 08/25] grub: patch CVE-2024-45783
Date: Wed, 12 Mar 2025 12:52:16 -0700
Message-ID: 
 <7c18697372444ef9e4df03b7c9de7b8da7f4f600.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212675

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45783.patch           | 39 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45783.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45783.patch b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
new file mode 100644
index 0000000000..99c769961b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
@@ -0,0 +1,39 @@
+From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 06:22:51 +0100
+Subject: [PATCH] fs/hfsplus: Set a grub_errno if mount fails
+
+It was possible for mount to fail but not set grub_errno. This led to
+a possible double decrement of the module reference count if the NULL
+page was mapped.
+
+Fixing in general as a similar bug was fixed in commit 61b13c187
+(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
+are likely more variants around.
+
+Fixes: CVE-2024-45783
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45783
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfsplus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 295822f69..de71fd486 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
+ 
+  fail:
+ 
+-  if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
++  if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
+     grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
+ 
+   grub_free (data);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 01d9be6bc2..05aea4cc6a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45781.patch \
            file://CVE-2024-45782_CVE-2024-56737.patch \
            file://CVE-2024-45780.patch \
+           file://CVE-2024-45783.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58832
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 127A0C35FF4
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:57 +0000 (UTC)
Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com
 [209.85.216.53])
 by mx.groups.io with SMTP id smtpd.web10.4459.1741809174763333376
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=SgCKC6Hb;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.53,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f53.google.com with SMTP id
 98e67ed59e1d1-3012a0c8496so451291a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809174;
 x=1742413974; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=z9h3w1n4dTXRsS3q6DuGnKpWjnxncpjsVoXXnGIgB5g=;
        b=SgCKC6HbhM6ntjKICDDx6+1igYbhjidgSuIHKUv/PQ7z69nxv0U7Sa9FGBO28w+rz1
         l7rcee3cSVIfdedbtvJ/aEThKyzK7o9IWWSqdTPWRFGOxKsJmdVxJDqa6YZq0qV80FyE
         msWWXELkaa70CmwgA0OMU4ANWX6uTUlKEtlYvPyvDBYzkbnngJsnDhQE+c5CVjGnLZON
         1sJeMhTXJ0bBM7CK9W860us/mBeC2eToV7Au6hAlZz85f4ejt9YISWMeO+1uqAY6aNKV
         bK00gLBpHYst2oyuU7+eeXWZPUbL6KV1IfItcjX3CyB9KoAIFpD68ZeZA7+3wfRIPFpI
         KGXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809174; x=1742413974;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=z9h3w1n4dTXRsS3q6DuGnKpWjnxncpjsVoXXnGIgB5g=;
        b=wWaZ0tw38XKNXZFYrLgPkvua93yYPZ8B/wQhQGA54RFm1JSX5/q1tdJM85v9GWUnDj
         2UVB2wolXcOEEIxG/6EYABlW4yUcRN+Am5IP/NhDyn9rWYAUZzJTZyi7tSHsiLVBrbkl
         jlEP09VJusgAxVjoN8ChmzHpg7gRSXobXSnPacvBo+EQ4PddvtK0KCIWc5IvMORfNrs4
         bpPJwyypuwVBarMOWCFDTWIYQOGNxNx5UoyU8UuFjFXYGixpkIjHTRjWybA2JL1R5SBF
         ITgs2KtBhOjBSSwvufwojEHyG4gBcD9dzIAlXZVuvNeWSOLqi07s0keJF4LYxdRsSKQu
         jsJw==
X-Gm-Message-State: AOJu0YyIuitnaXlSDraNuPDOWglGL6whea8cnWJRaUEjNQy82YoM5+Aa
	mtnO7bqbJ4niwthPxe6GOBmWhSwqaCiH+f/fb4GQeI0REnMt8vS4ZmCwag8n5XMzk32jJq6r/RW
	x
X-Gm-Gg: ASbGncvIq1pEbgJSiS1LV9yu6FJ2RM/RuJZ+LSk4UdEcXfF+prgV97qDurliawKQuUf
	mvE287Ip2Tccb2uwqur7xvuEWT5bzQ0SDPB2Km2/qgHNFPbwO4Sz1Lb7sqDl84HIjyekAgTuWIj
	/cLqURTU4s21lURoruWMCqvj2f2vioLg2L1ybP6rzcfNp1KxI6ykWQrJK+05HEHpeWYU76WlaIU
	QeVbo6pjDzTTi5Olt4O8/uXRaCrEMFhS6T5UHRV0S7v7X8NN6znQ9mQRa9Bpx0C/huT0R37IEqp
	gBT+vplJEo3LUWqaoUiD3/bwCU+d5oNJlLU=
X-Google-Smtp-Source: 
 AGHT+IEremucqM9seze57Dvhx8Q1Uc2IYNjpaZsjnE2zk6Q2+Dfp9cZzBjgD34ybdWlaOkJu/omE+A==
X-Received: by 2002:a05:6a21:6014:b0:1f5:8dea:bb93 with SMTP id
 adf61e73a8af0-1f58dfa02ecmr13972049637.7.1741809173992;
        Wed, 12 Mar 2025 12:52:53 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 09/25] grub: patch CVE-2025-0624
Date: Wed, 12 Mar 2025 12:52:17 -0700
Message-ID: 
 <29778ceddd775c47d722ecf1cc587c6526202d0b.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212676

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2025-0624.patch            | 84 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 85 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0624.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0624.patch b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
new file mode 100644
index 0000000000..229fe6399e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
@@ -0,0 +1,84 @@
+From 5eef88152833062a3f7e017535372d64ac8ef7e1 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 15 Nov 2024 13:12:09 +0000
+Subject: [PATCH] net: Fix OOB write in grub_net_search_config_file()
+
+The function included a call to grub_strcpy() which copied data from an
+environment variable to a buffer allocated in grub_cmd_normal(). The
+grub_cmd_normal() didn't consider the length of the environment variable.
+So, the copy operation could exceed the allocation and lead to an OOB
+write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and
+pass the underlying buffers size to the grub_net_search_config_file().
+
+Fixes: CVE-2025-0624
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0624
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5eef88152833062a3f7e017535372d64ac8ef7e1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/net/net.c     | 7 ++++---
+ grub-core/normal/main.c | 2 +-
+ include/grub/net.h      | 2 +-
+ 3 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 0e41e21a5..9939ff601 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -1909,14 +1909,15 @@ grub_config_search_through (char *config, char *suffix,
+ }
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config)
++grub_net_search_config_file (char *config, grub_size_t config_buf_len)
+ {
+-  grub_size_t config_len;
++  grub_size_t config_len, suffix_len;
+   char *suffix;
+ 
+   config_len = grub_strlen (config);
+   config[config_len] = '-';
+   suffix = config + config_len + 1;
++  suffix_len = config_buf_len - (config_len + 1);
+ 
+   struct grub_net_network_level_interface *inf;
+   FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
+@@ -1942,7 +1943,7 @@ grub_net_search_config_file (char *config)
+ 
+       if (client_uuid)
+         {
+-          grub_strcpy (suffix, client_uuid);
++          grub_strlcpy (suffix, client_uuid, suffix_len);
+           if (grub_config_search_through (config, suffix, 1, 0) == 0)
+             return GRUB_ERR_NONE;
+         }
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 90879dc21..838f57fa5 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -344,7 +344,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
+ 
+           if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 &&
+               !disable_net_search)
+-            grub_net_search_config_file (config);
++            grub_net_search_config_file (config, config_len);
+ 
+ 	  grub_enter_normal_mode (config);
+ 	  grub_free (config);
+diff --git a/include/grub/net.h b/include/grub/net.h
+index 228d04963..58a4f83fc 100644
+--- a/include/grub/net.h
++++ b/include/grub/net.h
+@@ -579,7 +579,7 @@ void
+ grub_net_remove_dns_server (const struct grub_net_network_level_address *s);
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config);
++grub_net_search_config_file (char *config, grub_size_t config_buf_len);
+ 
+ extern char *grub_net_default_server;
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 05aea4cc6a..3526c43835 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -23,6 +23,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45782_CVE-2024-56737.patch \
            file://CVE-2024-45780.patch \
            file://CVE-2024-45783.patch \
+           file://CVE-2025-0624.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:18 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58831
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1C0F3C35FF3
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:52:57 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web10.4460.1741809176094411299
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=BJCNEsIw;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-223fb0f619dso4683325ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809175;
 x=1742413975; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=rInZxaS/q0MtVSmadAYl+msPXqlcfGrvbDMkx6+OXoQ=;
        b=BJCNEsIwgjRF3K7f+jGCA/Ak+nCFaBwKEWX4VAICn/gFrBaZ4R/E6P+vwDbskmeOXi
         vHajUQDFuIlTEcuuswiwljUBXnwC6tkGmP8FdC2myVFClEYjfvdwb/L9z9hoZdvVCDgT
         ori2id0+gzI4ZV260qwwIGVyUkxn7dk6P7zdnuHy76/bxd141Ts4CDaykTFpMoDmlIUy
         At+HUssMrl4xowwiQptIriooIy7CFjI8hJf6HBQnEtzHelaycBWGVsNgGW8p015uoDtF
         gSy3cDHvk/ZSFRF59RNr5MFZaJSBVumCl6lZ9eyRUFJnKAYi/hUKkTRre2wON+WuYNF9
         c61g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809175; x=1742413975;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=rInZxaS/q0MtVSmadAYl+msPXqlcfGrvbDMkx6+OXoQ=;
        b=O50ULNgI1jVBZRtdmqsSAnBi6woGkAlQ73AZ7wuoBqb+s5sNaDLQRDceiZu/zpkqtc
         vX054k+YrmyAFJiToBNUvRP7sYVcTePWXvjeJr0GsUDJoeLtmaSmbLM6AF0qUxMMR5zq
         GJLAk/2Q6t+1Jo0V44cv1KoxBDLumV/FfSydJgcaK6BTxV1mfgIhUiVAQUQOfw1iLZAm
         bYLcXHnO0D4Vj6io9Ec/LQxwm22gy4zISpE+j+Jcc3kKs1WP4za+4y7gozbJBXfhEMxf
         bgQjLkEiD57SxXeuiTpT2Y+vkxaZh9FzSTEVOoLAUUXkbnGchKbkz2su+oQVExfem4ou
         BqAA==
X-Gm-Message-State: AOJu0Yyh6rDaPLhMQVVf92x3AtUMhU44X238qpWCiLbr2QH6ptGuHeLQ
	91bREuFxDYhQVV1o0hpR144OosdzCK4s4iUBOYu7KWVeZiyjt8ePCRjUaR0mnh1GCuchO96EhzP
	2
X-Gm-Gg: ASbGncuDrN4FBrpcm+O5Wj4x+xwpUg0RVkHri88df0fhqhsKNixAifO03shB8Eg3OG1
	7ldxEiAgC8p1oOhlAikwK3RPLwOUFscpRDkW721DsumWLQ6i5oNJEboHNjjuNdQNffnSbJg78tB
	o24b6/K/ojHxjcKUjRGJ6xq6ad8mfYpgCBu4fZUkbVhAIV/5a5JSZ6lL95cjn0y9p7yrOA/DDh6
	BElYCDLn+y1fSMBqi9GToQpT6EkJSGeJz3BPk4xoDC2a1eqioJzwaENMPCDRfec5bEdCj5aTqrK
	DcYDb1qt63LpZsOJ3UV28nPFKRGprDtifh8=
X-Google-Smtp-Source: 
 AGHT+IHxjcqbPTc3DtbviLqC/CcRe/bFjaxrZw7Pr7bRCDjO/JGn/R0vqzP23CMyEdt1royTV7sGEw==
X-Received: by 2002:a05:6a21:3997:b0:1f5:6c94:2cce with SMTP id
 adf61e73a8af0-1f58cbc549amr15525356637.30.1741809175314;
        Wed, 12 Mar 2025 12:52:55 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:54 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 10/25] grub: patch CVE-2024-45774
Date: Wed, 12 Mar 2025 12:52:18 -0700
Message-ID: 
 <e956e7437aa95e006547c3a92271b64c25252a50.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:52:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212677

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45774.patch           | 37 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45774.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45774.patch b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
new file mode 100644
index 0000000000..55aecc17d7
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
@@ -0,0 +1,37 @@
+From 2c34af908ebf4856051ed29e46d88abd2b20387f Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 8 Mar 2024 22:47:20 +1100
+Subject: [PATCH] video/readers/jpeg: Do not permit duplicate SOF0 markers in
+ JPEG
+
+Otherwise a subsequent header could change the height and width
+allowing future OOB writes.
+
+Fixes: CVE-2024-45774
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45774
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2c34af908ebf4856051ed29e46d88abd2b20387f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/video/readers/jpeg.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index ae634fd41..631a89356 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -339,6 +339,10 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+   if (grub_errno != GRUB_ERR_NONE)
+     return grub_errno;
+ 
++  if (data->image_height != 0 || data->image_width != 0)
++    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++		       "jpeg: cannot have duplicate SOF0 markers");
++
+   if (grub_jpeg_get_byte (data) != 8)
+     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ 		       "jpeg: only 8-bit precision is supported");
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 3526c43835..ea6e19072e 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45780.patch \
            file://CVE-2024-45783.patch \
            file://CVE-2025-0624.patch \
+           file://CVE-2024-45774.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:19 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58833
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 14B0FC28B2E
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
 by mx.groups.io with SMTP id smtpd.web11.4666.1741809177536164049
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=v7TeWPcK;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.52,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f52.google.com with SMTP id
 98e67ed59e1d1-2feb96064e4so600287a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809177;
 x=1742413977; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/8J104HOb/aP/AJNsB/VMz2RQhM7dmQtTS492wc4eP8=;
        b=v7TeWPcK8nbBXk+h+29w9VXKi1zD1GOxtcLJF3XWWYIRSqDTJ2rHa3rMSh+57en8lX
         +xGK3RIoxmpBGtjMhF0xg00P0QwCMF/bkRfgPhJXjpgYdKCR5+rT3PK1CPhwa3yfYCnu
         QdAK209eFV7mKeVkAOeIiO59qegzDngfMIKPadfkXT9pItgKJjwERyxjUMEqAfJP9O9F
         r9GuE210j7B8eweugMLgPkwJciicDb1+mM2SPzuWRI9ZEwo3r79x+O4fIr7bpbCgK5CL
         Fx59XBPIh9VfczncT2nQ5RH9XhUYajabWEKywQ7Iwe1jA0LvshGA1he0ycRr+GcjBBPk
         /siQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809177; x=1742413977;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/8J104HOb/aP/AJNsB/VMz2RQhM7dmQtTS492wc4eP8=;
        b=W+bKRcYlNwrFdDj9pmiRwtBOVi76252o5CpLo3O6N6Kf7Fad04jXL8jeBs+FmHzO8e
         nQsLsKRLVSZNXDgYZU86dstOlr23K6exkA/oehELoXymWXiAILx2jqwD552hgk0BLlbg
         I4ikPrz0NKdxblBIX/vcbWF0A7xwhBpWr3t+xVCpraZpy4AaqLOs5gFX7ue6Vlz+tJG/
         5Sadun+gfiw0QS9HgJw/+oQDHyGEWAx4wcheArdXN9+XAp38Xju7a5H0zoBQeVPs925p
         xBf9BRvF90iZE8BHnZV8xiYZOtygP5k6OJ0P8j6GpttDd71uytNCesnVJlD75H7/zfwb
         e9Iw==
X-Gm-Message-State: AOJu0YwP3v7+YtYPSXZBSWm99VVojncHaaKLQDfd34V5+vDIZFPzeSQY
	IQd7v1xeEHbUT8EXsuvPbaXOvFrn4GO86JiOyVRI/IxhwzIpIrzHGsa/eDnT+8p7iIEzxBpE37w
	V
X-Gm-Gg: ASbGncu3Ml6E2PynyX+viLRDGxQGxbH5D2iJmFQncYaaX9XESskpyKgb6rU5wWRTnvP
	ZvAl/MXd+tppDjVOpoSPr7LzpR2xH8VvBBRb1BT29Pc+AWWVCRKfOJxrgkT+MLw5CpooR364AHo
	doUe2mcPI/c/WRYAi9xhDwXkEJsO3vxH3SAlT2UD66pIq1tjH3ACPjJeHmnRXXhFX94WdsSbUzh
	AGjimKpiAEDv/g5VD9LclZ1WzArpzWQFwdT5JQzEko7sRN/MLJ+S2hj9PIUurUi9VUqYU0U/vHa
	TK9sTTMVBbkoR5Gq/U1qwX9UcUpX+yW1ACI=
X-Google-Smtp-Source: 
 AGHT+IFyVkHp135oE2vviUjQ4aJhFKuOOtGlCQMC+ZI3kOgazfwPoMOA47izn9j+f/FU9WwtoMshQA==
X-Received: by 2002:a05:6a21:7a44:b0:1f5:8fe3:4e29 with SMTP id
 adf61e73a8af0-1f58fe38bacmr11616420637.3.1741809176753;
        Wed, 12 Mar 2025 12:52:56 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:56 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 11/25] grub: patch CVE-2024-45775
Date: Wed, 12 Mar 2025 12:52:19 -0700
Message-ID: 
 <0ae686de6aefb10d961cd8965dba8a02d1c977c6.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212678

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45775.patch           | 38 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45775.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45775.patch b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
new file mode 100644
index 0000000000..70492b8c2e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
@@ -0,0 +1,38 @@
+From 05be856a8c3aae41f5df90cab7796ab7ee34b872 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:55 +0000
+Subject: [PATCH] commands/extcmd: Missing check for failed allocation
+
+The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate
+a grub_arg_list struct but it does not verify the allocation was successful.
+In case of failed allocation the NULL state pointer can be accessed in
+parse_option() through grub_arg_parse() which may lead to a security issue.
+
+Fixes: CVE-2024-45775
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45775
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=05be856a8c3aae41f5df90cab7796ab7ee34b872]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/extcmd.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
+index 90a5ca24a..c236be13a 100644
+--- a/grub-core/commands/extcmd.c
++++ b/grub-core/commands/extcmd.c
+@@ -49,6 +49,9 @@ grub_extcmd_dispatcher (struct grub_command *cmd, int argc, char **args,
+     }
+ 
+   state = grub_arg_list_alloc (ext, argc, args);
++  if (state == NULL)
++    return grub_errno;
++
+   if (grub_arg_parse (ext, argc, args, state, &new_args, &new_argc))
+     {
+       context.state = state;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ea6e19072e..b9b9d37637 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45783.patch \
            file://CVE-2025-0624.patch \
            file://CVE-2024-45774.patch \
+           file://CVE-2024-45775.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:20 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58834
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 14952C28B28
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web11.4668.1741809179198121555
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:59 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=qMt6ZUqe;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-224341bbc1dso5041735ad.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:52:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809178;
 x=1742413978; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ynKNZEyFM+L2OOrDuTYfEEXtZ7j442XcllDgRTu2jcA=;
        b=qMt6ZUqe9PGbBU3XZpR8vlaX0K408jBoWwb210Qz9Djydeu9yohDUjrw1H/OHLQqLx
         XCodAyAs5K0truH95lzrXmN7lItBE04ZQkfMiBGnnIbibDPBnqaiJArEI8ma3Z1jTqwz
         nmvaGvOopM/D4yRiwaiRGR0U9WDonDOtakWurpFIni6SuSAw8FsIdOt4TSW+C4DETKvt
         61T4BLMYP5c9uzXwRhw6a4nLBNQvTcYMA4Nr+3/W2WCiW0T5/Ut6kNocmZv184M36ziA
         8Y5wN5ZQnY/n2c7d1TDMkjtIKZPqJ03W/hPZPnzojxVHrK0p2UqSnMsV8eHzpZteV246
         FpUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809178; x=1742413978;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ynKNZEyFM+L2OOrDuTYfEEXtZ7j442XcllDgRTu2jcA=;
        b=hafruVlt44YN7dK0vTPzceTTsUzrEbM0vSBxlzJpnUqhmeajU5XivOvc0vvywmBHIV
         32F4u5jKc+yH5ZpLQOmwuUuo6k5dRdLeEw5/tpg7NhTEaLS/GaWRFad67Tra7orBRFqr
         y20wSeUneopFE6jp6eoJFY+4UghOiXgUI7VRNX1SffBUbrtCbVx9UuezIQxiPScS2qNR
         PeDvVI6yZRogYj+tGw7enGH88VWRTBnKxYAPURV+yif5HRfPTvzafScrjZIM12NzkNbl
         C8WY/Ad9VUvgo1QxtXOvTOPn26CtQhZjaO4eStgJDM+ARO6+2N1RmIYnuiK/OCIshCfg
         idjw==
X-Gm-Message-State: AOJu0YxRymauwg4dB4elsok6s417j25mqCOI6XGmhn3qlqI0IlEgJwgB
	QI75SLygxrCezZKcyJNcZiu3ymNN7UzwoSPCMhlFyaDc7wk6C7rpjT5cOokRlf4hXH0pqPxZRZR
	h
X-Gm-Gg: ASbGncsVkAPstpG0cWykQzgWAj7N4tSDMydeH7g5mSn/DezJTxtZ3ON/mh49URmQo5I
	phmbsL7jFkBk+cXBoqspw0xNRvocqrEP19OIcQnNVM7koHoaOzTBbGzVdlRiwLmu3VFC79KJOuq
	B1qwqPQuHAqOQyPmyDfraZiw8IVcFePd+M3NhXg1+QhY1Xh91/rmjuh+NrowQYeB6/Bb4ZowVLc
	S/gqnvlJ2aw/tbc0jQEsycK2dRScwbH6iYhy62dva6OBiI3p30Wgldcss1hvEpMPPak6kWvIP1U
	Nf5Bt5F31skVqqaUVQ9fWJ+q1mETBbCboOPVU0sRsih0hQ==
X-Google-Smtp-Source: 
 AGHT+IFKah4xrE16iWwvS1qeKmXmC17ukI9nUqWwr+UL+tqZUJqtGGmoedVor+3oSt/6S/oXtOGiMg==
X-Received: by 2002:a05:6a21:2d85:b0:1f5:80a3:afe8 with SMTP id
 adf61e73a8af0-1f58cbdd61dmr12211157637.39.1741809178353;
        Wed, 12 Mar 2025 12:52:58 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:58 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 12/25] grub: patch CVE-2025-0622
Date: Wed, 12 Mar 2025 12:52:20 -0700
Message-ID: 
 <aeefadfda0e98d0b3369c4abc98485774e1fe562.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212679

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2025-0622-01.patch         | 35 ++++++++++++++++
 .../grub/files/CVE-2025-0622-02.patch         | 41 +++++++++++++++++++
 .../grub/files/CVE-2025-0622-03.patch         | 38 +++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  3 ++
 4 files changed, 117 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
new file mode 100644
index 0000000000..09dbfce5f8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
@@ -0,0 +1,35 @@
+From 2123c5bca7e21fbeb0263df4597ddd7054700726 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 19:24:29 +0000
+Subject: [PATCH 1/3] commands/pgp: Unregister the "check_signatures" hooks on
+ module unload
+
+If the hooks are not removed they can be called after the module has
+been unloaded leading to an use-after-free.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2123c5bca7e21fbeb0263df4597ddd7054700726]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/pgp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
+index c6766f044..5fadc33c4 100644
+--- a/grub-core/commands/pgp.c
++++ b/grub-core/commands/pgp.c
+@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
+ 
+ GRUB_MOD_FINI(pgp)
+ {
++  grub_register_variable_hook ("check_signatures", NULL, NULL);
++  grub_env_unset ("check_signatures");
+   grub_verifier_unregister (&grub_pubkey_verifier);
+   grub_unregister_extcmd (cmd);
+   grub_unregister_extcmd (cmd_trust);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
new file mode 100644
index 0000000000..be01da3355
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
@@ -0,0 +1,41 @@
+From 9c16197734ada8d0838407eebe081117799bfe67 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:46:55 +0000
+Subject: [PATCH 2/3] normal: Remove variables hooks on module unload
+
+The normal module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload normal module now but fix the
+issues for completeness.
+
+On the occasion replace 0s with NULLs for "pager" variable
+hooks unregister.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c16197734ada8d0838407eebe081117799bfe67]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/normal/main.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 838f57fa5..04d058f55 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -582,7 +582,9 @@ GRUB_MOD_FINI(normal)
+   grub_xputs = grub_xputs_saved;
+ 
+   grub_set_history (0);
+-  grub_register_variable_hook ("pager", 0, 0);
++  grub_register_variable_hook ("pager", NULL, NULL);
++  grub_register_variable_hook ("color_normal", NULL, NULL);
++  grub_register_variable_hook ("color_highlight", NULL, NULL);
+   grub_fs_autoload_hook = 0;
+   grub_unregister_command (cmd_clear);
+ }
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
new file mode 100644
index 0000000000..79078a4350
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
@@ -0,0 +1,38 @@
+From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:52:06 +0000
+Subject: [PATCH 3/3] gettext: Remove variables hooks on module unload
+
+The gettext module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload gettext module because normal
+module depends on it. Though fix the issues for completeness.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 7a1c14e4f..e4f4f8ee6 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
+ 
+ GRUB_MOD_FINI (gettext)
+ {
++  grub_register_variable_hook ("locale_dir", NULL, NULL);
++  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
++  grub_register_variable_hook ("lang", NULL, NULL);
++
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b9b9d37637..7d463f8aeb 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -26,6 +26,9 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-0624.patch \
            file://CVE-2024-45774.patch \
            file://CVE-2024-45775.patch \
+           file://CVE-2025-0622-01.patch \
+           file://CVE-2025-0622-02.patch \
+           file://CVE-2025-0622-03.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:21 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58836
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 19625C35FF1
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web10.4463.1741809180507653971
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=n4MS5iKm;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.46,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f46.google.com with SMTP id
 98e67ed59e1d1-300f92661fcso465519a91.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809180;
 x=1742413980; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=2g0NqsgsBOScO59p2TtyQVHHrARTXOsCnX2aRAt9jZE=;
        b=n4MS5iKmc13fTUhePCE0vmvgBHaTgE1EiXLoDiK+A/lQxxWZBKm1zRMr44mdU3uTWA
         mndW1bKZNR7VsaNEc9aNDtc1ULVxHS2Uw4dCCvkK/VSAEZW34xN68h5KyuY1sIRfgecm
         utc+wji9SI3QutEpjfnLDDliEdFs+7ttkbRIQEEZEPSkL8GExzbuBadDfZ6GbMbHig+l
         y6EZF6QJtY/FcSjb05uZQgIhGwGa+TmXRUMzjZ33QA7Sqx6n+bdueQb0Gs47QsPy2ovP
         la4OKKH+504Bu3ZJpeV/wObeDUMjqwKZD0SgQiq9Gon/PHOSOROCzVx5bH4m1btnWvDT
         U8LQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809180; x=1742413980;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=2g0NqsgsBOScO59p2TtyQVHHrARTXOsCnX2aRAt9jZE=;
        b=oD/3Ma0717lBU3nwCQsPzXEHp74dg7nCMrNI6HbYsbBOK6j9EmQPGm5CEk0rjNgpBU
         bZObCg+cEGd4M0jueSWk9J2Jf6cv+DyCS38SRGenfhYr0AqUV7FKkRXBxJJ9bj95589H
         rW72LXYLmKEu5sTyMCSjE5Z4VoHIJupbCTuQzKYbd1s5R2u16XtZFJS1XwNgZWoIt7hu
         5CwEDzdoSoZJwzkw+tVOouHJRPd9buyIKxgZIRELC6beTZXUwzx2cl1PX3lBR0T+BKe/
         dOV55AqC8rLvhDNYgHmLquvA2xMT2oqwhfbrHDvcgPiApWI7pss1c3uqdj/nAJO1a2Ak
         yqow==
X-Gm-Message-State: AOJu0YxxzK2d2WzIFVnhAlk0i3dz4NxfRy+WDA8n5D3lYLi6T5U5KxyL
	1zLzir3IJO00Z8wrCIL8Fg/nMy81C33fnMgAagA4rU88MkvXgnm8Ghnnw1koslIzrf2+cD+3w3g
	+
X-Gm-Gg: ASbGncs4di1rAETK2gUZJLIKApQeg9PrCLY35YOWgVV6CB2Ov+9s4VI+0IyOmnPfzAK
	WjLyI1jiudmpermN73OLZznVI+luyPuP8cKACjlNhKyujViBFby3Xf7qMOIhCxac6a9L0qXScHh
	DQQlGKAxe1hT/BcPhslqPKnbAezlMWQNIEkkNhchYUp12xyiNM51dggKg5oY9tWJ7RHGqh9Mw/e
	pGSt+dttNs8hIMt8xMy0vX+lql+5y6+4GktvVUZuGzKtAwhyNRqK+rwtQdyL61YPGxLIOoMa+on
	bdGl3y18lireuXNGVWPcIGS4eernglEHWZE=
X-Google-Smtp-Source: 
 AGHT+IECL8zf2hTMK+RVsu82haYYkLZK3ncfl5lqhHDe67sslS66wRiMdCFhafTAhO4VubdhcOjbjA==
X-Received: by 2002:a05:6a20:729d:b0:1ee:a914:1d67 with SMTP id
 adf61e73a8af0-1f544ad7917mr37423428637.2.1741809179725;
        Wed, 12 Mar 2025 12:52:59 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.52.59
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:52:59 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 13/25] grub: patch CVE-2024-45776
Date: Wed, 12 Mar 2025 12:52:21 -0700
Message-ID: 
 <ba19a6126d315c964214e7ca89895ea1ba8b4a15.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212680

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45776.patch           | 39 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45776.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45776.patch b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
new file mode 100644
index 0000000000..8deea958b8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
@@ -0,0 +1,39 @@
+From 09bd6eb58b0f71ec273916070fa1e2de16897a91 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:56 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write or read
+
+Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
+overflow leading to subsequent OOB write or read. This patch fixes the
+issue by replacing grub_zalloc() and explicit multiplication with
+grub_calloc() which does the same thing in safe manner.
+
+Fixes: CVE-2024-45776
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45776
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=09bd6eb58b0f71ec273916070fa1e2de16897a91]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index e4f4f8ee6..63bb1ab73 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -323,8 +323,8 @@ grub_mofile_open (struct grub_gettext_context *ctx,
+   for (ctx->grub_gettext_max_log = 0; ctx->grub_gettext_max >> ctx->grub_gettext_max_log;
+        ctx->grub_gettext_max_log++);
+ 
+-  ctx->grub_gettext_msg_list = grub_zalloc (ctx->grub_gettext_max
+-					    * sizeof (ctx->grub_gettext_msg_list[0]));
++  ctx->grub_gettext_msg_list = grub_calloc (ctx->grub_gettext_max,
++					    sizeof (ctx->grub_gettext_msg_list[0]));
+   if (!ctx->grub_gettext_msg_list)
+     {
+       grub_file_close (fd);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7d463f8aeb..581855eb4b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -29,6 +29,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-0622-01.patch \
            file://CVE-2025-0622-02.patch \
            file://CVE-2025-0622-03.patch \
+           file://CVE-2024-45776.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:22 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58838
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2180EC2BA1B
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com
 [209.85.216.51])
 by mx.groups.io with SMTP id smtpd.web10.4465.1741809181924920621
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:01 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=n/M75SPj;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.51,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f51.google.com with SMTP id
 98e67ed59e1d1-3011737dda0so513751a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809181;
 x=1742413981; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IE8G3jdfRcp7YPMUCQ50Y5H18RPtrToj6NNneaEWtwk=;
        b=n/M75SPj0dVJ0eGH9aFfN4fySTfypaWBXCLtFblJhNOAXWiyG0Qpg90NM1S4lycU0L
         JmSm/cDxLqEVPxXlEMwC5JjO1HqERFLacleYTE5zGZLEadZw7udxueRQ//gnfS+ZRpaJ
         zGCwaDbGA04ss34+XdwFzgws+WbvhstcrGTdilj8pIL9F6v6Tf4SwA5XI7lJcBNEPMyg
         e+fFh5YWZSLH0kGq2hH3nN9m5rUnyf/GXoluGoP5Ltg3P8bB9ZWwmMBVJFQR4ZBmK4aQ
         wb8igW0XsjmCtLa8XR9SLODsSIpcXCKvHlFrB4HiplWzWG/anicyvcev44B/E5QKqLZQ
         llQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809181; x=1742413981;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=IE8G3jdfRcp7YPMUCQ50Y5H18RPtrToj6NNneaEWtwk=;
        b=L6nW0KhIwnfJZEK5s/dYRE3nNyUv0yGuO4s+2Y0jBdcfvnIBG8HD4VMccmv22fJbJv
         QhsUK8EVwA8mGxa/qg9yISAen2coiEcv1987R6mDlhJw0+BF0f4lMqxdZ5iNaE4SplBw
         ST6F+Ba85y0hZC0L0y9RIraSfjmViUXHDfOKWjfRFnfZWL4C5Hb/CBUns4tg0Emhf4jr
         xmdPYE3NQD0pqnnRDD3f4ZNOxa1ZYgQy/WH2n6BRf9H1QWPX8DgBHXtHjZj4jZX6PxLD
         5EEqHf8BCnRPF5LjvxHbNavmb9KIJFEXrkC8qiIVqHvP+bLeUPh23dg9bfs3daPqQdKt
         mdVQ==
X-Gm-Message-State: AOJu0YyyenfSCL3u4e7L6yVn35mIzjqw0KKTNEgVfOkbwkdRB8ShUvo0
	S9PzE6wRO9Lz9e1jXRoqWRegQNEf+2xqXj8OC07IcSbfoZqXvEQ3F6082gaLLnmGAvVduGwi4qR
	b
X-Gm-Gg: ASbGnctdxDbaeanCI2Q4+eXvuCL6MxfPTtJ79B/9mRSwFDZjiOelMSJRTJldZEkPwQh
	9Y5sREPX2CYZdyFUp0cx8qvoUVPjSItZTl1fLzc1GwBk+85XppR3rmp3MrjflyIvMUpWWu8I7kC
	onJBeA+jE5pVXQBIqb5r/mVoXFOMbNd22L5x2JlB+ZSpql1jYFf0FvdyIz5fIdE8RK3gCIYeHc0
	TkR17WZ46/TjD4aeSHgFjTO9SXQA6A/98ZFKFmdLhGXIhkbhZXCcGPk42Qyta/te5ZVAUVsRWYD
	X4w7TDd5SjOIrFdDs5qGPJ3RWvPOibUQ4pc=
X-Google-Smtp-Source: 
 AGHT+IHErVXLTFExWF8a78k/nmvK92NxYmDPhDm30kBFmil67S1s8/K8qiKS/SzLbmi4aw5A/N3M4w==
X-Received: by 2002:a05:6a20:b1c:b0:1f5:9f42:cfa0 with SMTP id
 adf61e73a8af0-1f59f42d64emr4908855637.29.1741809181176;
        Wed, 12 Mar 2025 12:53:01 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:00 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 14/25] grub: patch CVE-2024-45777
Date: Wed, 12 Mar 2025 12:52:22 -0700
Message-ID: 
 <bfebaeb1705d072eb6b42a6dfe9bff4829a49a33.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212681

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2024-45777.patch           | 57 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45777.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45777.patch b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
new file mode 100644
index 0000000000..0305a95fd5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
@@ -0,0 +1,57 @@
+From b970a5ed967816bbca8225994cd0ee2557bad515 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:57 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write
+
+The size calculation of the translation buffer in
+grub_gettext_getstr_from_position() may overflow
+to 0 leading to heap OOB write. This patch fixes
+the issue by using grub_add() and checking for
+an overflow.
+
+Fixes: CVE-2024-45777
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45777
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b970a5ed967816bbca8225994cd0ee2557bad515]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 63bb1ab73..9ffc73428 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -26,6 +26,7 @@
+ #include <grub/file.h>
+ #include <grub/kernel.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -99,6 +100,7 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   char *translation;
+   struct string_descriptor desc;
+   grub_err_t err;
++  grub_size_t alloc_sz;
+ 
+   internal_position = (off + position * sizeof (desc));
+ 
+@@ -109,7 +111,10 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   length = grub_cpu_to_le32 (desc.length);
+   offset = grub_cpu_to_le32 (desc.offset);
+ 
+-  translation = grub_malloc (length + 1);
++  if (grub_add (length, 1, &alloc_sz))
++    return NULL;
++
++  translation = grub_malloc (alloc_sz);
+   if (!translation)
+     return NULL;
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 581855eb4b..b67b7d2e16 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -30,6 +30,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-0622-02.patch \
            file://CVE-2025-0622-03.patch \
            file://CVE-2024-45776.patch \
+           file://CVE-2024-45777.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58835
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3039FC35FF2
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web10.4468.1741809183411162366
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=C9bl20ps;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.47,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f47.google.com with SMTP id
 98e67ed59e1d1-2ff69365e1dso447182a91.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809183;
 x=1742413983; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QLRpJ8PMmpuIhK1x03WAtvUwxD83soOYsme51nHzPM4=;
        b=C9bl20pseMzOTY96kZqEMSqdgFSBpenAicdKBxAK5Puhcy0vydZJNgf4y5YdSA1E59
         jjVLUQZTLZhXcl77tgWgXQN1RxL+F0uzG47UJD2D6V0xyn+JcrKtvjsPsjGorI2E3tgP
         jBn3hkVjVwEbC18lK5u0bGvCVEfJQ4HhOhiL0MgP/tvpgkEn/D5rOQBj89MtT+k5CAbu
         GufclHVeCdewCzvtANatMry9BnQykxPEDMl/fN/Cabd+DCMlYI4yBjKgSXzN7yKTwal7
         A7R+caExa7iLR0NfYteC2fBn40XGwAqAPT1EqpBFT32q795d8slxtgDN9tf6ufhdW6pH
         q1Nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809183; x=1742413983;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QLRpJ8PMmpuIhK1x03WAtvUwxD83soOYsme51nHzPM4=;
        b=BW5nzpHk5yxFihkyFbbju9dXRNYyme1U4e4JHsQ2YGHZO1miaqAPhiiwBtY5YsMxbq
         ieqhNR9ZKsEQ7sTXWSy3UF12r5ppZFZTyc/dCSRVKagNGov/uG9+sf6iNNUW7ZFfEAPJ
         A2lFRu92osDHdKXYxzelnNYflUUmfXeWtmQFSdS0vObH3v/OvZHSM155/YiRzrHpINDI
         XpEQxu+33ud5KrszYMC1vO96EVrDUI8YqIl6/zkC47AiNmVOaY0+01LlVfgAxp4ncEM5
         lRbMIxxzOcfjqDItAsliVDqHSnu1dG6LmdkQGFvEwFSj5pPsx+PWW7vGBfkoRPPbiVKU
         HiGQ==
X-Gm-Message-State: AOJu0YyuBCW8jGTQfRpzOgkmtr06xjS/NsJ074XqaiUX6dIwLqjcHuAJ
	xNUPrUTbJwu9SmZspovdhlQpzrXBGSB+NyLbs/yUK4YLr3a5gQogJahTY3HGbMZdxVEMlm4+yex
	f
X-Gm-Gg: ASbGncs1Dk43JIMHS3HQVdETm/QzYCfrmmJIUjhhNI0Zg1963txhpY5rZYR7Fj0Mw+4
	e+g1VtPVArGCXMri+5ranuwm04U2RrN53MLKERPgM4yFWt2j0JZ2bcaNHLAMJelyMJxAeUOJ/iD
	ZlASZ73fwdv4I9dj/N8W/Rc7SDaZZJpE1b7L+IH8qAgR5GP02XMVdmauVNpCtHweuyAzrICTLun
	grDuza5TFLFGCkXF/1y5x5naqA9lnUJlnNjySrid1Z3HZeA7SjfZBvvHbIhmFNkr33Nbp8tR3bA
	E49H6/uyVOUfb6Jdc01ms+PPpTKk/9GUSMU=
X-Google-Smtp-Source: 
 AGHT+IG8s0gApqL0tg5vfqCuknmL5m3KMiOLa7Q2XkJPvBEsmIKiBD4GWNpGcBWgG3ffFUcggzMHAw==
X-Received: by 2002:a05:6a20:d805:b0:1f5:8622:5ecd with SMTP id
 adf61e73a8af0-1f5862260c1mr20146481637.32.1741809182598;
        Wed, 12 Mar 2025 12:53:02 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.01
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 15/25] grub: patch CVE-2025-0690
Date: Wed, 12 Mar 2025 12:52:23 -0700
Message-ID: 
 <ab56d0eb79b40f5e60af20dadcda1b0239fe020e.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212682

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2025-0690.patch            | 73 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0690.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0690.patch b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
new file mode 100644
index 0000000000..be585c96ad
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
@@ -0,0 +1,73 @@
+From dad8f502974ed9ad0a70ae6820d17b4b142558fc Mon Sep 17 00:00:00 2001
+From: Jonathan Bar Or <jonathanbaror@gmail.com>
+Date: Thu, 23 Jan 2025 19:17:05 +0100
+Subject: [PATCH] commands/read: Fix an integer overflow when supplying more
+ than 2^31 characters
+
+The grub_getline() function currently has a signed integer variable "i"
+that can be overflown when user supplies more than 2^31 characters.
+It results in a memory corruption of the allocated line buffer as well
+as supplying large negative values to grub_realloc().
+
+Fixes: CVE-2025-0690
+
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0690
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=dad8f502974ed9ad0a70ae6820d17b4b142558fc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/read.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/commands/read.c b/grub-core/commands/read.c
+index 597c90706..8d72e45c9 100644
+--- a/grub-core/commands/read.c
++++ b/grub-core/commands/read.c
+@@ -25,6 +25,7 @@
+ #include <grub/types.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -37,13 +38,14 @@ static const struct grub_arg_option options[] =
+ static char *
+ grub_getline (int silent)
+ {
+-  int i;
++  grub_size_t i;
+   char *line;
+   char *tmp;
+   int c;
++  grub_size_t alloc_size;
+ 
+   i = 0;
+-  line = grub_malloc (1 + i + sizeof('\0'));
++  line = grub_malloc (1 + sizeof('\0'));
+   if (! line)
+     return NULL;
+ 
+@@ -59,8 +61,17 @@ grub_getline (int silent)
+       line[i] = (char) c;
+       if (!silent)
+ 	grub_printf ("%c", c);
+-      i++;
+-      tmp = grub_realloc (line, 1 + i + sizeof('\0'));
++      if (grub_add (i, 1, &i))
++        {
++          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++          return NULL;
++        }
++      if (grub_add (i, 1 + sizeof('\0'), &alloc_size))
++        {
++          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++          return NULL;
++        }
++      tmp = grub_realloc (line, alloc_size);
+       if (! tmp)
+ 	{
+ 	  grub_free (line);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b67b7d2e16..6f0c8a133f 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -31,6 +31,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-0622-03.patch \
            file://CVE-2024-45776.patch \
            file://CVE-2024-45777.patch \
+           file://CVE-2025-0690.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58837
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 31980C35FF3
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web11.4675.1741809184868283392
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=d9T9fHj2;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-2ff615a114bso2552002a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809184;
 x=1742413984; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=hL/bm8iePA/nNJ+yOtejRdSb46TIADV9VkprQHgD3Kg=;
        b=d9T9fHj2/BzGDboGOFq676DR3rXeKnA2aWlxpVnmRhRl6GzBiSispfOJJdZ9gm4u6C
         W5eGCP6QvkE1JDLcachbDXwFhzXZ4wRvENCENMgDszO1dKug0YN4h1jElCFA5U397LK+
         lCzQ43aZrDCOvy6xOiGnMwpKCA4C1IQ+/zLYcKjRuRthiUQyv1WQ//xkqM2VkjwAMYfD
         dGHQrCWocXJmTv9p1/8EdwOH21zZtCqU8zm580n6Vb3hI53ntzIUSyRveZ9/fSw1rlmO
         tWhG267Q6HmP2Z5x4eDqnCkVke07OPPRCVdIFJJqtoATJEODbSVdWxoLmEC2Q/6yNUgC
         /CmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809184; x=1742413984;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=hL/bm8iePA/nNJ+yOtejRdSb46TIADV9VkprQHgD3Kg=;
        b=kLgS+L4D8x7SX4Uag3cU5xaIlQW6/mhJhFpR0sM2KqbXmaKqNFOhvg7hbxcW7aZIKR
         +3JbYwnMLEXsPNVFvZlk4lbmEJ00pdydO7u+Y4ClhoMjEEpSAgW9OyejsawKLauoveeO
         zpyUfE2EMyYCNo2pL9//J7dAvLUx6lBnko6FQdiC/dSsczHwXW3JOAnBDq01hVxJwA+e
         FBMm3jyB5DNus58MtxVn1vqw6SHuBFW2cQTm25aNsuj10MAUWcHXH0F+Zi/zN49jQ2hc
         kX8pSbw9WOr1tYeJYA2xPGODZga4StN2uCclTkEhvPQzWIRrOhnEMTv8JlJSFaOJXnWI
         5ErA==
X-Gm-Message-State: AOJu0Ywkd/tvS1T5365PhPJ6FJd+bBavfoquNOC+ZiciTdGfIEHZ7wMj
	oZMzot1lxdwX/Y1GO7pzJBESg1jYHsjgYrNRB0TAIIcMbEO993320cmIcIrj2PdahetG6O9WKtt
	6
X-Gm-Gg: ASbGncsnRu98dJI5Ej7tMmrW8xY/jq4/uEiqv0IVhCgMSz7v6ajO6xUNbPyeZ7jJ3l6
	m9qctxcKr4b7+rKdA1Pphiy2XVt7dxocsV1dmmQSCf6X9JCEhd0LPKOThw4kRZ5KAE8V4e8ZFoG
	G5XuxLu6UWkhxPhirJ/M6OPigmDLDkmiiJxPoJ740xhbMpvRjwJLxRiXoGo2eO6XQjVVUtd3RiD
	4sUfhxCGfz3tJbxveEFngukqHiXt7PuXtfqzWCcbarFhXeD/rCV8y+us8NOyMuYWvokPDOtO8Th
	Q46aOQX21qsz8w0mrecMcoO0cc/LQ71LUV4=
X-Google-Smtp-Source: 
 AGHT+IHQMUCW1zD+/DXdnTvAtSjT2FV/TfIWreCvMZyV4cU8T6YE+V8aA2gJ+jUtHhJiThU0eoZAug==
X-Received: by 2002:a05:6a21:33a9:b0:1ee:d664:17a4 with SMTP id
 adf61e73a8af0-1f5ad42a4bamr945359637.10.1741809184081;
        Wed, 12 Mar 2025 12:53:04 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.03
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:03 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 16/25] grub: patch CVE-2025-1118
Date: Wed, 12 Mar 2025 12:52:24 -0700
Message-ID: 
 <def610a1298ad7b8c98185a2b4c46f2c7173a950.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212683

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2025-1118.patch            | 37 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-1118.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-1118.patch b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
new file mode 100644
index 0000000000..e6906d909c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
@@ -0,0 +1,37 @@
+From 34824806ac6302f91e8cabaa41308eaced25725f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Thu, 18 Apr 2024 20:29:39 +0100
+Subject: [PATCH] commands/minicmd: Block the dump command in lockdown mode
+
+The dump enables a user to read memory which should not be possible
+in lockdown mode.
+
+Fixes: CVE-2025-1118
+
+Reported-by: B Horn <b@horn.uk>
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-1118
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/minicmd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
+index 286290866..8c5ee3e60 100644
+--- a/grub-core/commands/minicmd.c
++++ b/grub-core/commands/minicmd.c
+@@ -203,8 +203,8 @@ GRUB_MOD_INIT(minicmd)
+     grub_register_command ("help", grub_mini_cmd_help,
+ 			   0, N_("Show this message."));
+   cmd_dump =
+-    grub_register_command ("dump", grub_mini_cmd_dump,
+-			   N_("ADDR [SIZE]"), N_("Show memory contents."));
++    grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
++				    N_("ADDR [SIZE]"), N_("Show memory contents."));
+   cmd_rmmod =
+     grub_register_command ("rmmod", grub_mini_cmd_rmmod,
+ 			   N_("MODULE"), N_("Remove a module."));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 6f0c8a133f..bd0c9d2601 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -32,6 +32,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45776.patch \
            file://CVE-2024-45777.patch \
            file://CVE-2025-0690.patch \
+           file://CVE-2025-1118.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58839
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 399CAC35FF5
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:07 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web11.4676.1741809186135800206
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:06 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vv2jSJPN;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.54,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-2ff797f8f1bso454620a91.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809185;
 x=1742413985; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LYtMpra41veMhesAdXqehjUQliM/Iyg6LIbjUtE1AEk=;
        b=vv2jSJPNibupc/ogFb9CE6wfmvJahTyTVC0xYYc3VtbRtUMdKBLf1PCbQXtBErRYhl
         h9xhQOKg7nrXOq9Ut3TPFM9BrJXHsf8BZg9fG1+oFFoANTjzJvGtCbh86bkxuXftoYbH
         ATNCwz5rvB6mTsEXKV9OYV9yShvCfTmNn72dwWc0NsB8TMf3Z9AUD9hXtSq7COmQcoZ5
         0ylbEuL3uRrofHkK8/4pDNdgBN5KNej3zbUDuHl9eM7QXr55rD3Enym4OiEi711r8X47
         RSuF+f38DeQkjVQwkdt7vu1dkO5KmwsdjPtxjxjh1AAgbNszHZ/bBOXMd3rSNJxtRw3r
         oAZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809185; x=1742413985;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LYtMpra41veMhesAdXqehjUQliM/Iyg6LIbjUtE1AEk=;
        b=r374MUlcOGvtlMJ7J8cNMFk5ZjBCB8AcXvY1v8m9k1XREP5tD6BOHLBDpscXhVOjxu
         gaOe6KpQBD+S7TOksE4s2Biq1k6ksiSSPWtoMS0Tt8VZu0HJ78BnBHTXxlbt0unfXs6y
         XZLq4n6B6E9QZzl0ekJfaUeQ+Wm6KA3409MTnwp7UkVwJNQqkzQ+cWH6djBxoRi8z9NS
         h5A1xnlVdi89hFs7lXNw3+fKMlBmI3n+Rfq9Ngu3KFX3Bb7XKhmoKZ5mFMF6KAEulbia
         GytB+AhceZjpddaX9s+Z8isp5Y6IS61+vYphZZJxsRg5HGWqAJK+6JWkB/L9TvMJTldk
         NPBw==
X-Gm-Message-State: AOJu0Yy8+hjGrUqb1WFQ3fNmUf8Cqync2GIv2Ipn98Pm3kqx6fxXckhr
	1aZjawJtgRV0Bcl/wb8e2WLuek9z7IHneUSu83Nrnp2XyJSiiBxpjx5h4zi+moWekBGk/RRNMqc
	T
X-Gm-Gg: ASbGncubvZ2VxXvWI6q2VP8rIFTePf0bk2FtKd6rXv9/xUaOYABtzNxjA7wiHSOClnH
	LL0qs/fxDybuvuKRXJhTWrUdcaPxPdEy9rB0Z7NmzCDqDjJBjAgivRyk74e5iIMg+GHiOhZK1AJ
	tbtGQdZS1tIYZRZuzljnzs9Jdd+qwMMMZy6eijg1/GogKMmSDAlpyj2wqHMsYeMeXHwlEUfcgau
	DhsqM97X9zzxaoDqX0c0s0K7jmWCMSgWArrJ4S35r4rBKcZHJlvXPyPfzWZnlqu5CJUTgEFSvqw
	BNgRSjgsfdz7xXepG5aBxWQ4wEqYHW74rcM=
X-Google-Smtp-Source: 
 AGHT+IGTXG3gFud3QNn22q1SnuTK6kTXLkKOMwNc8pOM9FY1k5CdPI6Hmy0g5tgsV97FcGDu0UKj9w==
X-Received: by 2002:a05:6a21:4cc7:b0:1f3:36f7:c0d2 with SMTP id
 adf61e73a8af0-1f58cbf3befmr14040730637.41.1741809185380;
        Wed, 12 Mar 2025 12:53:05 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.04
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:05 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 17/25] grub: patch CVE-2024-45778 and
 CVE-2024-45779
Date: Wed, 12 Mar 2025 12:52:25 -0700
Message-ID: 
 <9ecee5f950f249d982b307bbdbe0e13e55f27b24.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212684

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning these CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../files/CVE-2024-45778_CVE-2024-45779.patch | 55 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
new file mode 100644
index 0000000000..eba013897f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
@@ -0,0 +1,55 @@
+From 26db6605036bd9e5b16d9068a8cc75be63b8b630 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 15:59:43 +1100
+Subject: [PATCH] fs/bfs: Disable under lockdown
+
+The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
+This will also disable the AFS.
+
+Fixes: CVE-2024-45778
+Fixes: CVE-2024-45779
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45778
+CVE: CVE-2024-45779
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/bfs.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
+index 022f69fe2..78aeb051f 100644
+--- a/grub-core/fs/bfs.c
++++ b/grub-core/fs/bfs.c
+@@ -30,6 +30,7 @@
+ #include <grub/types.h>
+ #include <grub/i18n.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1106,7 +1107,10 @@ GRUB_MOD_INIT (bfs)
+ {
+   COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
+ 		       sizeof (struct grub_bfs_extent));
+-  grub_fs_register (&grub_bfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_bfs_fs);
++    }
+ }
+ 
+ #ifdef MODE_AFS
+@@ -1115,5 +1119,6 @@ GRUB_MOD_FINI (afs)
+ GRUB_MOD_FINI (bfs)
+ #endif
+ {
+-  grub_fs_unregister (&grub_bfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_bfs_fs);
+ }
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index bd0c9d2601..d187ffedc4 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -33,6 +33,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2024-45777.patch \
            file://CVE-2025-0690.patch \
            file://CVE-2025-1118.patch \
+           file://CVE-2024-45778_CVE-2024-45779.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58846
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B44EC28B2E
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web10.4474.1741809187852736965
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UbpNYgHS;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.47,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f47.google.com with SMTP id
 98e67ed59e1d1-2fec13a4067so458194a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809187;
 x=1742413987; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=q4+8uyFzMSDo4KPXNYI4oc3DW5Ki2wh4lkMroNAvJPk=;
        b=UbpNYgHScgIuY8TlrF3/GvYUZ69qWP5ab1KJgLjJVi0BqCtlu01KNHgYD2DSf7dkpL
         QSMEGwypA2fNCzKqONJyMekCWbl9rmLThGPfSVO2Ord8asdzKdx8Zh+aWhxwRKUSyEEt
         SfsR7b9TTtpg9wOlRmCT+jnqOHAKH8FdfflgPsxyh020tIUlDy63eRgLlv0rHw58oJ4D
         O1sLtiLiUWaMnyr8HmiSkdKQtYvQXVVQFIfhZLDH2NW8ne9cTfOWAcM3FMy+qi5bfXCV
         AwAnm2LTUtZuQLaR6SLQUyA2EnmaGLqu2VgeNsK7UG5iKWMZyRSH5lYVu3O4/0yZIojP
         EzaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809187; x=1742413987;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=q4+8uyFzMSDo4KPXNYI4oc3DW5Ki2wh4lkMroNAvJPk=;
        b=HJa7uxobtpvPrFP90GstrLgCLVUswGzWoEJQ9UJ64O7WyJ6kOt1byXUvl7o7r4DZqt
         rzXAlANsx+gj/gj//24Y+fySF7ZEkYNf1lyfTEDlWM/oL2JCh7L419/HGXe+hIxr3AeP
         FK3sF4bn7ofi47w9VTUcjj0Q1ScvQVUwXglgIgcDd/6uStu+cT81rvxzYZ9JoWuVQXwD
         nNj00SW5TYf8ZhETFIArLHexFHF/QYvgxGNkwiBseExe4njn1obtqixNbeYa80/vbhs/
         FF7V9fGE0LBsY6yFIJFqDKAgz43LljrjP7zdSW7C5ucWLhA6a5gBLE9Zi+hM1wmqLb5G
         6DNA==
X-Gm-Message-State: AOJu0Yxey9SafwaJzqURAI8VQPiqVeG5j2JWm8MPSKEXPvLx4igi52bY
	z8iJXUeG50LtQp35b4RId0WOP9b5ODCEcawhREmE53YpFTjQq39E9sdY4T+QGfFiZDhnNRTO5Y4
	Y
X-Gm-Gg: ASbGncv8LUX4nVVe41xeMAR5HlQJ5T6J8NhL1SLwwG6LSzIJPC9RgJecTOGa54ayQLC
	bZLY7ODDl6k6BJASpCnPHHBpWX0BZHWqOSKqGiL8cx4eOJqWzWPPzHOHRa1CyQj77F5Wn88FJeW
	PVo7cFdjyFufdT9MeU3HFue+thezXp9USVxblGG7IGUegcIlXC10iy6mYFuIH2lA1KA8i7Te8o7
	IEUjTSm0uyy3elKz4+dujK4rOjzN+HezQyoTK5QyCBdhW//Q4uRqMEqvgsL9TnY6Z8fOrYjdaHF
	UVGBkfYW6BneL2PGJmTL3NIAzPh8hxnIRec=
X-Google-Smtp-Source: 
 AGHT+IHQBo/DmT3vjnnfap3HdWc+oLpKoX/tvObNIpJNl4ICJYa+H5Knp0YWp+sI+Y0FIO8QHURUkQ==
X-Received: by 2002:a05:6a21:6190:b0:1f5:8678:1820 with SMTP id
 adf61e73a8af0-1f58cb23744mr11983163637.12.1741809186955;
        Wed, 12 Mar 2025 12:53:06 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.06
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:06 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 18/25] grub: patch CVE-2025-0677, CVE-2025-0684,
 CVE-2025-0685, CVE-2025-0686 and CVE-2025-0689
Date: Wed, 12 Mar 2025 12:52:26 -0700
Message-ID: 
 <0a2cb15d6953a809135bea69609673d068f46df1.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212685

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning these CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...025-0685_CVE-2025-0686_CVE-2025-0689.patch | 377 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 2 files changed, 378 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
new file mode 100644
index 0000000000..d5563cecc4
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
@@ -0,0 +1,377 @@
+From 47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 16:20:45 +1100
+Subject: [PATCH] fs: Disable many filesystems under lockdown
+
+The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
+hfsplus, iso9660, squash4, tar, xfs and zfs.
+
+The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
+reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
+
+Fixes: CVE-2025-0677
+Fixes: CVE-2025-0684
+Fixes: CVE-2025-0685
+Fixes: CVE-2025-0686
+Fixes: CVE-2025-0689
+
+Suggested-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0677
+CVE: CVE-2025-0684
+CVE: CVE-2025-0685
+CVE: CVE-2025-0686
+CVE: CVE-2025-0689
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/affs.c     | 9 +++++++--
+ grub-core/fs/cbfs.c     | 9 +++++++--
+ grub-core/fs/jfs.c      | 9 +++++++--
+ grub-core/fs/minix.c    | 9 +++++++--
+ grub-core/fs/nilfs2.c   | 9 +++++++--
+ grub-core/fs/ntfs.c     | 9 +++++++--
+ grub-core/fs/reiserfs.c | 9 +++++++--
+ grub-core/fs/romfs.c    | 9 +++++++--
+ grub-core/fs/sfs.c      | 9 +++++++--
+ grub-core/fs/udf.c      | 9 +++++++--
+ grub-core/fs/ufs.c      | 9 +++++++--
+ 11 files changed, 77 insertions(+), 22 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index ed606b3f1..352f5d232 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -703,11 +704,15 @@ static struct grub_fs grub_affs_fs =
+ 
+ GRUB_MOD_INIT(affs)
+ {
+-  grub_fs_register (&grub_affs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_affs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(affs)
+ {
+-  grub_fs_unregister (&grub_affs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_affs_fs);
+ }
+diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
+index 8ab7106af..f6349df34 100644
+--- a/grub-core/fs/cbfs.c
++++ b/grub-core/fs/cbfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/cbfs_core.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -390,12 +391,16 @@ GRUB_MOD_INIT (cbfs)
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   init_cbfsdisk ();
+ #endif
+-  grub_fs_register (&grub_cbfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_cbfs_fs);
++    }
+ }
+ 
+ GRUB_MOD_FINI (cbfs)
+ {
+-  grub_fs_unregister (&grub_cbfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_cbfs_fs);
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   fini_cbfsdisk ();
+ #endif
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index 6f7c43904..c0bbab8a9 100644
+--- a/grub-core/fs/jfs.c
++++ b/grub-core/fs/jfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/charset.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -963,11 +964,15 @@ static struct grub_fs grub_jfs_fs =
+ 
+ GRUB_MOD_INIT(jfs)
+ {
+-  grub_fs_register (&grub_jfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_jfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(jfs)
+ {
+-  grub_fs_unregister (&grub_jfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_jfs_fs);
+ }
+diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
+index 5354951d1..c267298b5 100644
+--- a/grub-core/fs/minix.c
++++ b/grub-core/fs/minix.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -734,7 +735,10 @@ GRUB_MOD_INIT(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_minix_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_minix_fs);
++    }
+   my_mod = mod;
+ }
+ 
+@@ -756,5 +760,6 @@ GRUB_MOD_FINI(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_minix_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_minix_fs);
+ }
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index fc7374ead..08abf173f 100644
+--- a/grub-core/fs/nilfs2.c
++++ b/grub-core/fs/nilfs2.c
+@@ -34,6 +34,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1231,11 +1232,15 @@ GRUB_MOD_INIT (nilfs2)
+ 				  grub_nilfs2_dat_entry));
+   COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
+ 		       == sizeof (struct grub_nilfs2_inode));
+-  grub_fs_register (&grub_nilfs2_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_nilfs2_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (nilfs2)
+ {
+-  grub_fs_unregister (&grub_nilfs2_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_nilfs2_fs);
+ }
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index de435aa14..8cc2ba3d5 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/ntfs.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1320,11 +1321,15 @@ static struct grub_fs grub_ntfs_fs =
+ 
+ GRUB_MOD_INIT (ntfs)
+ {
+-  grub_fs_register (&grub_ntfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_ntfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (ntfs)
+ {
+-  grub_fs_unregister (&grub_ntfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_ntfs_fs);
+ }
+diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
+index 36b26ac98..cdef2eba0 100644
+--- a/grub-core/fs/reiserfs.c
++++ b/grub-core/fs/reiserfs.c
+@@ -39,6 +39,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,11 +1418,15 @@ static struct grub_fs grub_reiserfs_fs =
+ 
+ GRUB_MOD_INIT(reiserfs)
+ {
+-  grub_fs_register (&grub_reiserfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_reiserfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(reiserfs)
+ {
+-  grub_fs_unregister (&grub_reiserfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_reiserfs_fs);
+ }
+diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
+index 1f7dcfca1..acf8dd21e 100644
+--- a/grub-core/fs/romfs.c
++++ b/grub-core/fs/romfs.c
+@@ -23,6 +23,7 @@
+ #include <grub/disk.h>
+ #include <grub/fs.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -475,10 +476,14 @@ static struct grub_fs grub_romfs_fs =
+ 
+ GRUB_MOD_INIT(romfs)
+ {
+-  grub_fs_register (&grub_romfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_romfs_fs);
++    }
+ }
+ 
+ GRUB_MOD_FINI(romfs)
+ {
+-  grub_fs_unregister (&grub_romfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_romfs_fs);
+ }
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 983e88008..f64bdd2df 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ #include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -779,11 +780,15 @@ static struct grub_fs grub_sfs_fs =
+ 
+ GRUB_MOD_INIT(sfs)
+ {
+-  grub_fs_register (&grub_sfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_sfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(sfs)
+ {
+-  grub_fs_unregister (&grub_sfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_sfs_fs);
+ }
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index b836e6107..a60643be1 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
++#include <grub/lockdown.h>
+ #include <grub/udf.h>
+ #include <grub/safemath.h>
+ 
+@@ -1455,11 +1456,15 @@ static struct grub_fs grub_udf_fs = {
+ 
+ GRUB_MOD_INIT (udf)
+ {
+-  grub_fs_register (&grub_udf_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_udf_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (udf)
+ {
+-  grub_fs_unregister (&grub_udf_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_udf_fs);
+ }
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index 01235101b..6b496e7b8 100644
+--- a/grub-core/fs/ufs.c
++++ b/grub-core/fs/ufs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -899,7 +900,10 @@ GRUB_MOD_INIT(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_ufs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_ufs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+@@ -913,6 +917,7 @@ GRUB_MOD_FINI(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_ufs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_ufs_fs);
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index d187ffedc4..a9d55ba015 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -34,6 +34,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-0690.patch \
            file://CVE-2025-1118.patch \
            file://CVE-2024-45778_CVE-2024-45779.patch \
+           file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58841
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37016C28B28
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com
 [209.85.216.44])
 by mx.groups.io with SMTP id smtpd.web11.4678.1741809189351751295
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=2hcKBrkQ;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.44,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f44.google.com with SMTP id
 98e67ed59e1d1-2fec3176ef3so491633a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809188;
 x=1742413988; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0Il07PQ+saXp+RmnavAOmIYx/jW1VFaYcSA5j+lwiyE=;
        b=2hcKBrkQ6tvm8eVae6V4zSaABoK4ULMKTzU0uke3dVayQ5PXoXlmOfEukI4XWkTlle
         i+EQvtnSbkDwcexhhP/QMAk4EpIG67B2JF0mUMrRiqHtLRoEgC3ZS8lVHasHPH6L9Lj3
         XGhPncGof7J95P15aqX7wi9F9Ow/Hn1dv0r1+FGlOw/7x5ek9HSMyaTiDUTdhLEY0hHx
         7wdckRaC6yhOhzw0+GFari7im1e3qmYZOOI653vhTV+PAd7dGfXuiyGgOoxM3ybH71zE
         nuTE1iQLMp6S9h9pbe+7LR/CfP8fwC7fkC3fT+zwLFovlGoU7IKlo5sgQWORJkrY/su2
         ThdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809188; x=1742413988;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=0Il07PQ+saXp+RmnavAOmIYx/jW1VFaYcSA5j+lwiyE=;
        b=Os1DqOBOMyCLDupm0CiwC08KbW9gJ2+pqY/BWACe3xuoZSYOg7lE9Tfdnaw/hT6eUO
         //lswHXv7kinEfc28P24kWTIQ85DQ9aF746oewgXT8AXW7IyvXBeh3z4pbK6dKM1A4mi
         nxtDRUda9ykhi9eBE8hzE3KJfnvBnUQ2FRHHd1B5A3hsQDRpe6nMKx+z4BLdTg1+Ed6C
         TRs4+CRhuOsSB47rzV8IPZ4uY6EI/XZFHJoBd0bViwNE+MpqJsWfUwhQBcQMDa5dZ7Nb
         PBbXOM1/u3LJULIAEFrDyWqOgqzlQb40bPOBO8mNNMQLO2ySLNLkos3iytNKwfT4Wi7R
         JfwA==
X-Gm-Message-State: AOJu0YxzYifKC/TOzurmqAc4pg9inLJFP+ECsvYVoFjUPgG5EUxV+79y
	6UefMVVMt2bQc9slXaek4eps4H1VFnCiO8n3d6NTfbINbQA/UL5LmqBVrYEPWQaoGk0T7E1/Pfh
	k
X-Gm-Gg: ASbGncuouXUP/rpO9F/RZaWBn4NBJmTPp/VNI/dq7YKdLKd8GQAL82DXuNpudU7rapF
	9TFrjJxeO9G1UMUcdyQOeaHoXDbRxoaFADRR16ACgV47Fw/7YmSA8Z79tHNcGBZe6YCzbRtJDLD
	to4yx/excaBd3mCzjrHfGSRk72yAq3YSSIuHZA0UCU9Wp41+xfdHwYGBO1xJMkQPxAhq1+CvglA
	7HURXeZ9jII0vRr/YI1bC93jqagmVHPIsqcupgbk2Z27bYigHLwZ9cofMnxKhjoY+bjNb2kSDVH
	k3aBGyF5Iq7w35vzJlFlvIu8b3CHy/dS+ag=
X-Google-Smtp-Source: 
 AGHT+IFjlV5E1gDdn3YBqOy1hHnkB++u5/ArbeYx5xSUvCH/mNqW78AlffxPvRzD6Br8UPpwi1pviw==
X-Received: by 2002:a05:6a21:6915:b0:1f5:837b:1880 with SMTP id
 adf61e73a8af0-1f5837b19edmr18236545637.23.1741809188501;
        Wed, 12 Mar 2025 12:53:08 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:08 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 19/25] grub: patch CVE-2025-0678 and CVE-2025-1125
Date: Wed, 12 Mar 2025 12:52:27 -0700
Message-ID: 
 <d0283e421e41b6775f40a51de6018c2c5cfda61f.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212686

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick patch mentioning these CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../files/CVE-2025-0678_CVE-2025-1125.patch   | 87 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 88 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
new file mode 100644
index 0000000000..14e67cf35b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
@@ -0,0 +1,87 @@
+From 84bc0a9a68835952ae69165c11709811dae7634e Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Tue, 21 Jan 2025 19:02:37 +0000
+Subject: [PATCH] fs: Prevent overflows when allocating memory for arrays
+
+Use grub_calloc() when allocating memory for arrays to ensure proper
+overflow checks are in place.
+
+The HFS+ and squash4 security vulnerabilities were reported by
+Jonathan Bar Or <jonathanbaror@gmail.com>.
+
+Fixes: CVE-2025-0678
+Fixes: CVE-2025-1125
+
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0678
+CVE: CVE-2025-1125
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=84bc0a9a68835952ae69165c11709811dae7634e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/btrfs.c       | 4 ++--
+ grub-core/fs/hfspluscomp.c | 9 +++++++--
+ grub-core/fs/squash4.c     | 8 ++++----
+ 3 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 0625b1166..9c1e925c9 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -1276,8 +1276,8 @@ grub_btrfs_mount (grub_device_t dev)
+     }
+ 
+   data->n_devices_allocated = 16;
+-  data->devices_attached = grub_malloc (sizeof (data->devices_attached[0])
+-					* data->n_devices_allocated);
++  data->devices_attached = grub_calloc (data->n_devices_allocated,
++					sizeof (data->devices_attached[0]));
+   if (!data->devices_attached)
+     {
+       grub_free (data);
+diff --git a/grub-core/fs/hfspluscomp.c b/grub-core/fs/hfspluscomp.c
+index 48ae438d8..a80954ee6 100644
+--- a/grub-core/fs/hfspluscomp.c
++++ b/grub-core/fs/hfspluscomp.c
+@@ -244,14 +244,19 @@ hfsplus_open_compressed_real (struct grub_hfsplus_file *node)
+ 	  return 0;
+ 	}
+       node->compress_index_size = grub_le_to_cpu32 (index_size);
+-      node->compress_index = grub_malloc (node->compress_index_size
+-					  * sizeof (node->compress_index[0]));
++      node->compress_index = grub_calloc (node->compress_index_size,
++					  sizeof (node->compress_index[0]));
+       if (!node->compress_index)
+ 	{
+ 	  node->compressed = 0;
+ 	  grub_free (attr_node);
+ 	  return grub_errno;
+ 	}
++
++      /*
++       * The node->compress_index_size * sizeof (node->compress_index[0]) is safe here
++       * due to relevant checks done in grub_calloc() above.
++       */
+       if (grub_hfsplus_read_file (node, 0, 0,
+ 				  0x104 + sizeof (index_size),
+ 				  node->compress_index_size
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index f91ff3bfa..cf2bca822 100644
+--- a/grub-core/fs/squash4.c
++++ b/grub-core/fs/squash4.c
+@@ -816,10 +816,10 @@ direct_read (struct grub_squash_data *data,
+ 	  break;
+ 	}
+       total_blocks = ((total_size + data->blksz - 1) >> data->log2_blksz);
+-      ino->block_sizes = grub_malloc (total_blocks
+-				      * sizeof (ino->block_sizes[0]));
+-      ino->cumulated_block_sizes = grub_malloc (total_blocks
+-						* sizeof (ino->cumulated_block_sizes[0]));
++      ino->block_sizes = grub_calloc (total_blocks,
++				      sizeof (ino->block_sizes[0]));
++      ino->cumulated_block_sizes = grub_calloc (total_blocks,
++						sizeof (ino->cumulated_block_sizes[0]));
+       if (!ino->block_sizes || !ino->cumulated_block_sizes)
+ 	{
+ 	  grub_free (ino->block_sizes);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a9d55ba015..820a30c6c2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -35,6 +35,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2025-1118.patch \
            file://CVE-2024-45778_CVE-2024-45779.patch \
            file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
+           file://CVE-2025-0678_CVE-2025-1125.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"

From patchwork Wed Mar 12 19:52:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58840
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B973C3DA4A
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web11.4679.1741809190557352632
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=AitRYRuu;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2ff80290e44so656659a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809190;
 x=1742413990; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wvvMw/Yrihnu0256qsQk9zfyo2QxcRR3HvUIVoh9wbQ=;
        b=AitRYRuuTS7EF6EHCTrD1h3vcFjxRrAL2UJITYRTEyOFFiP/qsrzmywm3vuM7T9NW4
         X4Iy5nBk/mjojZtG10Y8H1SvElfp+ByE5mznjVYkVN16owDWow2yQuDYqgCePkldz2J6
         31k7MmQniSjAYTM+NNnOxRC7295gF47ZohMEKs7CLF6meSyl2nEQo+qVVmCg0nLlDU5e
         h+x3PxJILtFKzZaf4+Y8xqnlPDOB/UT4soAHVOSUR8Vz1SjkVT9h9JMLpUrsl1n/gAXH
         jYhwTMx7OzEhcEBlIO1ZfjiBd3UwA1YbCjMJOZ8WEhMjA1nPJWH0UsMJn79qVMoQYCSf
         2W3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809190; x=1742413990;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wvvMw/Yrihnu0256qsQk9zfyo2QxcRR3HvUIVoh9wbQ=;
        b=QNE3al5wX2er1xizR/1i6oT7ewUtP/Y3XIqirPFIyikfbw2MN0Jd/XVwyUPgMmUbie
         ek84nEJUC63BcnMWnsFYL9x08inhcPA/dyd8HwJCGyvop/6KnaN9Z78chdXCSOFdvbWy
         mbrqzpP7DLuve6JFbn/g7JQq9NWClHlmUuRtZG2sEi94Guj1UtVVKAZPMLwCKo7NsA/x
         G9ueCfDfuWv+eJNnanGntz0NtR0/jYc/hU1jaaB4JVs71/OlFCQMKHj92oXqCFi++yLv
         oDWbYZ45dYJNCFFQbDmUyxYkgTIQwobiUz1voB5rN3Tl+96koYQvBSryb36oq5No2sQR
         UVgw==
X-Gm-Message-State: AOJu0YykOWSYaAr27y4TyU3FKfFPn0zPiU2k4Ioz3TGomO2LzoaOqJ25
	zh2JXCPvGZRiCrvUrppqvuk2Dii5hX1MEIj9yvyF0Um0almT7aGf9Fl08vxDyl+e/W2K8UT7i3J
	G
X-Gm-Gg: ASbGncvktROfcczO6Do//dMni78ihljTxRezAFuTNg8fS4GEo4ZIoeYHXA+cTjwHer9
	jdKcnpfWqeBMFXM4dIGJ3NPBpU4XA9QfrCv6V5Oo2jMk+6tK+LbYknS/IV6TgGwjE2cGO1qX+Un
	HY6BPgolJlxl/RmeoG9AqScOQN4zMbZjG5MbBRx93p4NGT7IAfMXJ0XvTzwdFu8ULwALWtTOOOc
	h9AD5VT027MkbVLSASFk/2RdyVtkDH2g6urP70aVFWUAY2Icfsao0RHOlv5lw669b/vUTclyUC+
	Awhf4DHMfNBtjOIbgbBfA41E/utafRLeW4I=
X-Google-Smtp-Source: 
 AGHT+IHn0Kr3U1y5qDAXQUR/0UsqBNnJgi4M7sQ5QV2a1vgh0Mr+CSt5KZvjrUIBVliwpx2x1BvT9w==
X-Received: by 2002:a05:6a21:6f13:b0:1f5:67c2:e3eb with SMTP id
 adf61e73a8af0-1f567c2e621mr27172265637.41.1741809189889;
        Wed, 12 Mar 2025 12:53:09 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:09 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 20/25] xwayland: upgrade 21.1.4 -> 21.1.6
Date: Wed, 12 Mar 2025 12:52:28 -0700
Message-ID: 
 <57c278ec18eb2daba8bed1ea96f924491e11a78e.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212687

From: Peter Marko <peter.marko@siemens.com>

Handle following CVEs:
* CVE-2025-26594
* CVE-2025-26595
* CVE-2025-26596
* CVE-2025-26597
* CVE-2025-26598
* CVE-2025-26599
* CVE-2025-26600
* CVE-2025-26601

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/{xwayland_24.1.4.bb => xwayland_24.1.6.bb}     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 rename meta/recipes-graphics/xwayland/{xwayland_24.1.4.bb => xwayland_24.1.6.bb} (84%)

diff --git a/meta/recipes-graphics/xwayland/xwayland_24.1.4.bb b/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb
similarity index 84%
rename from meta/recipes-graphics/xwayland/xwayland_24.1.4.bb
rename to meta/recipes-graphics/xwayland/xwayland_24.1.6.bb
index 6f8589ba5a..0774c1bbf5 100644
--- a/meta/recipes-graphics/xwayland/xwayland_24.1.4.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "d96a78dbab819f55750173444444995b5031ebdcc15b77afebbd8dbc02af34f4"
+SRC_URI[sha256sum] = "737e612ca36bbdf415a911644eb7592cf9389846847b47fa46dc705bd754d2d7"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
@@ -48,3 +48,7 @@ do_install:append() {
 FILES:${PN} += "${libdir}/xorg/protocol.txt"
 
 RDEPENDS:${PN} += "xkbcomp"
+
+CVE_STATUS_GROUPS = "CVE_STATUS_REDHAT"
+CVE_STATUS_REDHAT = "CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601"
+CVE_STATUS_REDHAT[status] = "fixed-version: these are tracked as versionless redhat CVEs in NVD DB, fixed in 24.1.6"

From patchwork Wed Mar 12 19:52:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58843
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4A655C2BA1B
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web10.4476.1741809191903852910
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=fxUCcS2T;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-2ff797f8f1bso454765a91.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809191;
 x=1742413991; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PNKMiFy+wTVMOgENyzMMH3nxZX+QbCgmQY4+zAZPVTM=;
        b=fxUCcS2T9ixpntO1N1JPp8guQF2oA3HpINIqQA2qe341M1KOsPrDopHxqdCSDWEFaN
         Oz+JyvZAgSiC5UTifWQKUy6Vwwuxf5mlP/9CuW+zrAclzssw4ixoj9hfI18tqhWft2mA
         zTOWAMFtvFkDYCh/lNV+wLes8+A8tIWHTwRra8JkGX3Fl4lshY/AGk9lRbq9PZvmCuoy
         2CkYhxV/p8RlvTfq93QAzEcNj25u8EvnLCDnJFN0PGHATYWJAHmWBSsNuioNvYWdex8v
         1WMtjPlsHFJGywCbHYoUCQ4EGU3Ne5KLvt4PYCGjz8sYS3Ibt9fhiQEQSkZBSa/fTmgl
         OdwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809191; x=1742413991;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PNKMiFy+wTVMOgENyzMMH3nxZX+QbCgmQY4+zAZPVTM=;
        b=p0nl52v0uklOd6CxBSJMLVmrj/ibFJpaFpdy5y3VsmioP7NjMS7uDZA6wAFsbKE1GW
         cswdJwZuqhVukLUg0qoeHJqpW59zhINv3UlME98l4+Q4rNB3xfOmZ3FcMV6ifzXy+cno
         yhuO/TfRbT7Me5F3C7AayLaxcCWlTlVjsNUDc6gUb2qrN/sTdeIiLeA6UWWGMX2OQ+XM
         Ec0JjSbFsJrvCoxSj+UXpFo+HsUIdLmZvaWUBW5eJONZyKQijAi/lZv8yJWjiRRflY3N
         1IHyeLrIJ5f+p6ntyBZGxwUUswt/zlV0DFrl0pkRrZGc+giXD4TNpb2C07wQnQF6Fh2T
         9ZlA==
X-Gm-Message-State: AOJu0YzSm8enmh5W3MyX3eLJCGdQPtldVF7ycfTp6wAhUVzz0xP076yt
	oyTay2Z56yfNxy7XW9emngzabSvw1f1FEkVF0ZMgxE5X6E7Crmu/rfdXFoWVFKc3eYSyg8K2rK9
	L
X-Gm-Gg: ASbGncswv2w1QdFAx8v2Y0iJS5XQxjR5eLZI7A0CxK3ubDrFN6bFcomm/vpD5VRk71m
	xlSDmF8IvwwiqONFFTIiSonRU2M80OKqsp3khC5LyTJp2pOf02Ad/4pOvOVvgVO7GQiBe0PMCbk
	1nQM9+ivFriZCbDcDk6Lacf93T9D4ygOcXu3+JAF34xnox+dJQBAlBoMUihZCUX0uJyey345Vhs
	Qm+VGhNZUJcsP0LD3wZrE6GdxseVpoplLylJnRkTZzwmZJU7QiYiUCB4HZdBVLlgPQfMzPUt2Wv
	jtkJqHI1BtVjQB0uzuN9oZM8Hm6lxUeYz/kQGeV/+t1M3Q==
X-Google-Smtp-Source: 
 AGHT+IFuU46spOES3Okdg5nQxpIqDK0DziPIBc92W3xziAs8pj/pnqrGA67HjFUZ74mcsFHBhTwMlQ==
X-Received: by 2002:a05:6a21:493:b0:1f3:41d5:6608 with SMTP id
 adf61e73a8af0-1f58cbc5068mr13696034637.26.1741809191208;
        Wed, 12 Mar 2025 12:53:11 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:10 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 21/25] libtasn1: upgrade 4.19.0 -> 4.20.0
Date: Wed, 12 Mar 2025 12:52:29 -0700
Message-ID: 
 <7e79c2dd6cb3b10780219675cf908eaf37046bec.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212688

From: Vijay Anusuri <vanusuri@mvista.com>

* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements

License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb}      | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 rename meta/recipes-support/gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} (63%)

diff --git a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
similarity index 63%
rename from meta/recipes-support/gnutls/libtasn1_4.19.0.bb
rename to meta/recipes-support/gnutls/libtasn1_4.20.0.bb
index 5fb8b54c06..8127ba5b1d 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
@@ -6,9 +6,8 @@ HOMEPAGE = "http://www.gnu.org/software/libtasn1/"
 LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
 LICENSE:${PN}-bin = "GPL-3.0-or-later"
 LICENSE:${PN} = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
-                    file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \
-                    file://COPYING;md5=75ac100ec923f959898182307970c360"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
+                    file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21"
 
 SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
            file://dont-depend-on-help2man.patch \
@@ -16,7 +15,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
 
 DEPENDS = "bison-native"
 
-SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
+SRC_URI[sha256sum] = "92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c"
 
 inherit autotools texinfo lib_package gtk-doc
 

From patchwork Wed Mar 12 19:52:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58842
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 524EDC35FF2
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web11.4680.1741809193352326357
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=C1pBmcmk;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2ff85fec403so2518240a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809192;
 x=1742413992; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fKH+A6TkiIAbQS8ss2jBCgemCB8K+maPmwTWN2EsumE=;
        b=C1pBmcmk0j+lW+AtxYXYtbTsnk6ZKxnE14KPnJJX4OqhzgttzZCajM+9LL5DBGUHJq
         LJp1Pkpw6Jl01Sob6ZMMuLt8MWD/7B/ML4js/nziTnpAJXrSHTnFwfAqt2yFHGm2z6rw
         S7ebOSFjqg2QF3/C5vZrD8Zfg5L/AC0SMviAMSWT2pEf2/PYvy0KpU2jOFO5PV4XgO+f
         gSpbnXWLU+4AeyiAEIu3sfTH2U8MoBeHBGvvr9Dv4F/WXA/PTpdJ0pJ22EIh7NWoFT0v
         4G3s9fQyQeUxyMhPm9jpUaA7dbaLuIpB2Ja9+q1QrS1dzWZdXAHdkCsWOj0A+zgC4Hvu
         Bx8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809192; x=1742413992;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fKH+A6TkiIAbQS8ss2jBCgemCB8K+maPmwTWN2EsumE=;
        b=w8FOSCjENuclIX6qIKp/SlfjeZJHA0NPP+xts57Tu1G3Oi80s7q2rA9UQKpzqNRcyj
         HPlNHZdtShiUVCa5X0K795axzlWzv1FwlFPlFKZTZC/tFcuHpVnaaf/2CYCI6RF8vi0s
         rfKNoJwguzFnpho+t/6nlD9x6UkyXrQahUMzVV+toNipLIx3TVqdwBUrazfaVgupjKjb
         uoudDP51ksMk9Lkheggtux15LUsFKENotc7oPoO666tTfJ1VvM0UR21Rr9FFuNCnk3pl
         kIPyg5LEFhoxn5tZ43je7Dt/fMlmdpO66BQmHcsnnUhjebWI3W+Gj5wl89UDbUajQBOS
         mUlQ==
X-Gm-Message-State: AOJu0Yz3KWkeQ15B4GMb9fpd7skbln/BEqQyHkREGhNR1CQDJwiXBI76
	gqXZ81hB3uwzDqmJp+2MaViBz97KKUJFBIxcL4daKIe0T4RkbluLbvo5zu5n8ZAqs03yxmArFPw
	D
X-Gm-Gg: ASbGncusMS5y0E675gvr/+yRPY1zHuGUUfjtgLcOt9T1nNHjW5kkvgYg2zY16LkR2r2
	DXJB+4QXrl8YO7UTranqeV/MTJKbkFagsDVS4FQHcHUhgSnyJb3JTCbGDkTrkMgjzzjBjHLw7Pw
	HVJPwjjWOjkypTWndMR+MrkUqK5qwyYkbjHA0dVJUnSqqfH9oDX7llEO8I9k9l7Qwf3ipK0Swv2
	BvW0u0/eybZWKUA9q9iG5TKUgzUHXToB8z+RM9r6tveMpDhNCj3aHh8FRayVVeGpCB8u4HWK0Cv
	YH05lfZppE8WyNPx5xwRRAmpz25uWT4TOoEpPUAlB1OLsA==
X-Google-Smtp-Source: 
 AGHT+IGkcY+oJDWDMKgM/XyheqG1OWmvViipzKRNnM5PDUj7Wl/CzDbyaN4F8t8WRrQo0JsmPOvjVA==
X-Received: by 2002:a05:6a20:b22a:b0:1ee:c7c8:cae with SMTP id
 adf61e73a8af0-1f5ad81d262mr786790637.9.1741809192654;
        Wed, 12 Mar 2025 12:53:12 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:12 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 22/25] xserver-xorg: upgrade 21.1.14 -> 21.1.15
Date: Wed, 12 Mar 2025 12:52:30 -0700
Message-ID: 
 <a97e23fe412b8b382f718f73c5a8b12f26208661.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212689

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba94110d70ebfb1b4798ecf05389f7ea602b1f55)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_21.1.14.bb => xserver-xorg_21.1.15.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.14.bb => xserver-xorg_21.1.15.bb} (92%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.14.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.14.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb
index 28c98eb527..080e6d220e 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.14.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
-SRC_URI[sha256sum] = "8f2102cebdc4747d1656c1099ef610f5063c7422c24a177e300de569b354ee35"
+SRC_URI[sha256sum] = "841c82901282902725762df03adbbcd68153d4cdfb0d61df0cfd73ad677ae089"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.

From patchwork Wed Mar 12 19:52:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58845
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5AFDEC35FF1
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com
 [209.85.216.44])
 by mx.groups.io with SMTP id smtpd.web11.4683.1741809194822526170
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:14 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=cklesr2L;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.44,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f44.google.com with SMTP id
 98e67ed59e1d1-2ff6a98c638so646403a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809194;
 x=1742413994; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AZ8sxB5himia8OTUdUiKpC0KDBcFwsZ7U+Ria7stI0A=;
        b=cklesr2LJfL13UET8JUvpWu2Q7RHpKMa0GLy+rpBimwsnLTuKhZmRq4YXiWd6BF+h8
         KsYUWJj4wrE0wFH9bkgoVVkNkGklw8WTJqd8CFaRPYiE+jLKoDkqEoVnU+jVxqs9+vpj
         kh+1TVTZcqJ+kIpoJjzKpyFG39qITXiGxqIi4DUrtd0+sqG6gwUBYt+jKWw+O2uEf2CR
         NX1m0PT3K+p5Vi0QtW8dGpXl0ZRXgGLum/ljcexNs8J108+nNkJgbp6ZXl76u4VxiXQP
         qyLtVqUUwziEUtrt5RL93rOhQTLQcSsv+0ijZBjWpaQ7fl8th0s2IyfSWnjLTfMEcwky
         iqXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809194; x=1742413994;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=AZ8sxB5himia8OTUdUiKpC0KDBcFwsZ7U+Ria7stI0A=;
        b=duRV65BYHpuDOMgbyNGH1Dq8b/AWeIE0Yv7V93LGMllc/+6ea/chxInHxuGd0crqTL
         KzzA5kipmuyy2mda7UnEbcnVBGM+rYHEljAqG0t0ALxTANh2TBXbG5XwIbA3Us/0qpGG
         /ugo0izCGvGan/9Ee6YxEoW3/ULkgJmbLdBt2WQ8DsCEq5Q4sqcHcBV59N/J3EEEK+AT
         GsGHVqfIazG9lw7wReisJBZA6WdJ9K2NWdNBLP735y1+sH2eFWcLLPi1MxnavnGV9WRJ
         bwPus692cEq7yD7V51+Ne2K7nomUAYcudTFXkFDNG79EiPILBis+H6tzmv6OkaE+Y7SF
         2yKA==
X-Gm-Message-State: AOJu0YzaurRkIrufBIm6z7ANO/3M0PF+fjkNKs7xoODqEULw9d1yH3Q6
	aF/JCIXW82SXYMPx0uEkQVeRqfILYa6QIqEZkJEc2DOX2BVCyWFapVpzftoUZetrdlMxB0eSUIE
	e
X-Gm-Gg: ASbGncvtUy2ktgYi+HIEgs+iveOKYzZhTgiM9kszPzjRBm5hwfzBQmvBV6JCVAxeDLy
	fwbBzkHzuucOxO86C2fSwHqJMnfGnhKCDgZazr78gjLJYcb0THuQE447VvQLT4hUaiXSdVvGyzD
	1PQSyM+7x+YPzYl+LyDcNzO/dB1nMKrw6voOnVv+jsh+d7lXi3aEn1UJf3d1Lzd9UEUUHTga1tq
	4soJCLOWN4VWNq7mLH20WNG4xBNsyDyywBX1MOKlr1t+X7WxLoydyF4Wye5B0kQ3HaIqHO1HIn9
	T5kimDNCrM+t9Go1WfBThKsBFntHcaTRlbwNinkFNPIClQ==
X-Google-Smtp-Source: 
 AGHT+IFsSp9fWjERNKboS9Y9xXKoGBfDlOSPQSgmCXl69Xo8W9267j4P74ytL+8Wzg3pmathUuzzvw==
X-Received: by 2002:a05:6a21:a42:b0:1f5:63f9:9eb4 with SMTP id
 adf61e73a8af0-1f563f9a264mr29529124637.35.1741809194030;
        Wed, 12 Mar 2025 12:53:14 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:13 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 23/25] xserver-xf86-config: add a configuration
 fragment to disable screen blanking
Date: Wed, 12 Mar 2025 12:52:31 -0700
Message-ID: 
 <72855767daa515a451ea7ebe3412479cb7bafdc6.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212690

From: Ross Burton <ross.burton@arm.com>

Add a configuration fragment that disables screen blanking, and add it
to all qemu machines.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 780a5ccaa51d5aed18200883a686387e70847e4b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xorg-xserver/xserver-xf86-config/qemuall/noblank.conf  | 7 +++++++
 .../xorg-xserver/xserver-xf86-config_0.1.bb                | 6 ++++++
 2 files changed, 13 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf
new file mode 100644
index 0000000000..9d40a9599a
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf
@@ -0,0 +1,7 @@
+# Disable screen blanking
+Section "ServerFlags"
+    Option        "BlankTime" "0"
+    Option        "StandbyTime" "0"
+    Option        "SuspendTime" "0"
+    Option        "OffTime" "0"
+EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
index 0972a5dd78..d57b3427f8 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
@@ -5,6 +5,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 SRC_URI = "file://xorg.conf"
+SRC_URI:append:qemuall = " file://noblank.conf"
 
 S = "${WORKDIR}/sources"
 UNPACKDIR = "${S}"
@@ -19,4 +20,9 @@ do_install () {
 		install -d ${D}/${sysconfdir}/X11
 		install -m 0644 ${S}/xorg.conf ${D}/${sysconfdir}/X11/
 	fi
+
+	if test -s ${S}/noblank.conf; then
+		install -d ${D}/${sysconfdir}/X11/xorg.conf.d
+		install -m 0644 ${S}/noblank.conf ${D}/${sysconfdir}/X11/xorg.conf.d/
+	fi
 }

From patchwork Wed Mar 12 19:52:32 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58844
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5F0E6C35FF3
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:17 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.4685.1741809196531776180
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=PYzw7b4Z;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-2255003f4c6so4916255ad.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809196;
 x=1742413996; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xwCY3/Dt0bi3hQjfeUAJOjCoE/Ao8NdT0f7z//fPoAU=;
        b=PYzw7b4ZXt9J79UrASU8njDMbj6Jh/fIPqEhqN11UEAcEF5H4J0JDikzzv/psVLvOh
         hAqoCtts0uQi8mQN/5kWWxBI3pfHMArrM1O2XvHA6BUQ2jqDceM6/wvm+xdCxm5tOuZj
         G75mrRqte80n8bF0oMABA9EUoRHYPzg992IrbttNWkAbKojV9iF3KASKkq9UD1V+kGVq
         Rf1EGufmtGWMKwbKaKAuxhREADXNu/Vu9IFhTcIsIk/pnvX8GRnF64mAuBT6P0lFRai0
         iY4S3oJW3axzg+FWzxVyCOb2KahJCcSgA4yqfuIEPift2nA78ZgtU7sMnWK6tFRbNZLw
         LRcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809196; x=1742413996;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xwCY3/Dt0bi3hQjfeUAJOjCoE/Ao8NdT0f7z//fPoAU=;
        b=J/UWBH/Ib+bF04Na8AGzvpoZw5imvn6Hebe94IP4Ja503Xg2D40VBcWJ16ZOoGmqA7
         Gz28gmn1fj3NgBEM4kjQW2QaK2F7nhuBJ6bhzuiVY8HdDzAPRtVKNAl+AukJ2bOyiwUs
         DxLQC7C9SuNexWjhUFB8OeeZvziIWiOZiKdLscmk0+EFcVl8dUuTtFwMxxiq+sFIiiww
         wfeqtRSPYfHtQIqWMqZheldsBK+RsGjsYSNshBCE27I/A6KzeTziihvM3W3MqJ+4DSM1
         S6V3vJ7BvEwpPs6wuVrAbUD64/NZ252JNr6CfBPm6Jv0XJPy7WjBUvDCqQ52Gx4lplNw
         0/mQ==
X-Gm-Message-State: AOJu0YwGDL/2abVcPH98OzXXAqOmd4ShYDVhUsyle4BHxBDS0vEQlDLx
	6CjdHZ5qImUzEnWSJTmqU5nroMD/CCNRJDGjcdZManjYoUDWZiE3Lok12Jxx848W32ZoNNIWAMM
	c
X-Gm-Gg: ASbGnct7+eYUehoeK7nrnZgXTl4gzYpAg8MME/LOdc5J5KdnQAwieYfbm0/9lfl3mEO
	38SSRDeC7cF/+gJNpncsKTWGwZpscG+K6LFTYiIH0RVH0XhWKzwVEIsZPUZtQId2cXL38lvJ5bW
	NOhduTYRLyZsg2vUqLmg9m3pte/zUQ0R+wVKSemrQE+ISPKaz7PvEU7zohsZ3wlbNnXHmGsLddE
	0vNd06iqYqz1qZxC/6Z3ToATzLAiprfX1dVGl99NipMKC4fUOCRfpfMdojGSah9l2BX7A3OE3yd
	6vMzAAAkQ8KO6B87Um3+bQVl/K2zN3l7ZiU=
X-Google-Smtp-Source: 
 AGHT+IF9CCLF4xP0z2xKlLWzWWJwEWlxFxmo0deXeaWbKSQnwgLFDmQ7WruYU8bgE+FY5Azfby+yGA==
X-Received: by 2002:a05:6a21:4cc7:b0:1f3:36f7:c0d2 with SMTP id
 adf61e73a8af0-1f58cbf3befmr14041344637.41.1741809195637;
        Wed, 12 Mar 2025 12:53:15 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.14
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:15 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 24/25] xserver-xf86-config: remove obsolete
 configuration files
Date: Wed, 12 Mar 2025 12:52:32 -0700
Message-ID: 
 <73f39fe8a5367ad905002df03e10fbf59b8f8921.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212691

From: Ross Burton <ross.burton@arm.com>

For reasons we have explicit xorg.conf files for a number of the qemu
machines, but not all of them. These mainly disabled screen blanking
(which is now down with a separate fragment) but also explictly set the
device driver to fbdev which meant they didn't use the modesettings
driver as they should (with the virtio framebuffer from qemu).

This is the root cause of why the xserver 21.1.16 upgrade doesn't work
on a number of machines: the /sys probing changed and the fbdev driver
now refuses to use the PCI framebuffer device as there are better
drivers, but we've explictly told xorg to use the wrong driver.

For more details, see https://gitlab.freedesktop.org/xorg/xserver/-/issues/1798.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8c8039bf4c2d011e3d12c970ce45036b184902a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xf86-config/qemuarm/xorg.conf     | 42 -------------------
 .../xserver-xf86-config/qemuppc/xorg.conf     | 42 -------------------
 .../xserver-xf86-config/qemush4/xorg.conf     | 42 -------------------
 .../xserver-xf86-config/qemux86-64/xorg.conf  | 37 ----------------
 .../xserver-xf86-config/qemux86/xorg.conf     | 37 ----------------
 5 files changed, 200 deletions(-)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf
deleted file mode 100644
index c01c3331c5..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf
deleted file mode 100644
index c01c3331c5..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection

From patchwork Wed Mar 12 19:52:33 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 58847
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5BD2AC28B28
	for <webhook@archiver.kernel.org>; Wed, 12 Mar 2025 19:53:27 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web11.4686.1741809197775532940
 for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=wqIchLtZ;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.54,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-3012885752dso585327a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 12 Mar 2025 12:53:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1741809197;
 x=1742413997; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LqaGDWL1LA4bzyNnKe0URkDxVdSOOF7B0ZbEAFVf1jo=;
        b=wqIchLtZPW37MLDGiLScTiatwjokZGHyXtHciPWQVZHV4rWx/5fJnNuQkIyMq7Dvn+
         0dqcmhNFf0sl6mu3WorKxMkjRH9iGPRbfeGvY/EhDhvPamnKIZ6wKmbJUePC5AgCwisN
         rHEq4I8RsqZSXEc2F5ca4y5M1JSZ5jLeXl5a7eEQfTjn2pCPP8nvfkvk6hdVwlcQbGLF
         xZIgD4uihXLGwm7P1CpSgUa0Q4jFvWRcfZ54GKlddZ+PwsU3h0T/VT7b9OjqviRqYAh6
         5q7jBn52pBF4tbB4eDMtq/FoAKZqm33lHeVx2eeqSrLm3Nb6WL7Gve9aEu0aaOUjRYoe
         wwPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741809197; x=1742413997;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LqaGDWL1LA4bzyNnKe0URkDxVdSOOF7B0ZbEAFVf1jo=;
        b=r8r++uq0JECriBjJsZQwiqoNVpG5gV5Jt/x4JvM3kU6x53rj5pDPJuTHyKXfhrjG5t
         Qy7Vqgc8nP5zlflhmQReWTh7fIWxbeYGXj9rwk/w1kNvyp2GUxMW0V+rThTtHsnVjqE/
         nId9R71bQYgjzz3hq5v0W0va8DWPkl0ytv1Cl8DwivTM38CFBF/QurEjOk+4DQBXl40+
         tJbi+aOEpjqT6oVb0tENk4pAwyGx8cMOpUfZPvcQUE/97X7wD+nwdE6vbqlJhb/RQAZn
         G/kIlyk18MLZ2MhBPwGjPjRURdJuNKrBrfct8UV9tez7rw62HPQzi4/RGGIZFF/qUyH0
         tcQA==
X-Gm-Message-State: AOJu0YxI62r4MaSw/MONTiE5KEB42x1SMd2OyfDc/HrVq9ievo8vVAp7
	M4StcWGtog+iHlzKdujGVcn0Ifv376Gh3CXG2vO4GCPros4klFPfHa0pFQN9iXvb2aedeQVUssR
	9
X-Gm-Gg: ASbGncus+4JopakNZdJFI8kVmyCZ2ZxVUtEolUGt5MkC6Rr/ppIIPXCCxL1T0F/iGMM
	tcttg5HmR0Jro3t1740Z2kNivs899IkPjSW5PuAWq9qj3IgeknAXLAqiy5wlS2Uh65qnSQUHjU9
	R3wl2LMoeNND3NQnHMOCu9PNtWUEnz88F3vqws8Tm+Gl0+7/5l4S8XLirL+UERI95ufLaZruMeS
	thaGDj+PSCb2/5Anc9f9hZtrAZF64WEP/eoPlQngVG1Wh/6Cm4KMM4s4KrOEwMC5WnH3JBbJtzp
	r5hWbcX+EQiVM2HP2U44UeVDKAH8kfNcj+9Ppvk7PPxyGQ==
X-Google-Smtp-Source: 
 AGHT+IE4WNWXS6Lt5+sOg3UFFIQzPIKe12x1soCVX9wU9eaXq8hdo8cC+/Bis3Nz4q0lk/fD0xumDw==
X-Received: by 2002:a05:6a21:62c1:b0:1f5:889c:3cbd with SMTP id
 adf61e73a8af0-1f5889c6a00mr18161735637.35.1741809197095;
        Wed, 12 Mar 2025 12:53:17 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:5779:a397:ba1c:2b0])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af56093c2f5sm1389955a12.67.2025.03.12.12.53.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Mar 2025 12:53:16 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 25/25] xserver-xorg: upgrade 21.1.15 -> 21.1.16
Date: Wed, 12 Mar 2025 12:52:33 -0700
Message-ID: 
 <a0989930949689dd971dea61e851b548af86a1bf.1741808973.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1741808973.git.steve@sakoman.com>
References: <cover.1741808973.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 12 Mar 2025 19:53:27 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/212692

From: Vijay Anusuri <vanusuri@mvista.com>

Includes security fix

  * CVE-2025-26594
  * CVE-2025-26595
  * CVE-2025-26596
  * CVE-2025-26597
  * CVE-2025-26598
  * CVE-2025-26599
  * CVE-2025-26600
  * CVE-2025-26601

Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
     https://lists.x.org/archives/xorg-announce/2025-February/003585.html

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5491688a045e52b2a1a00d04b746ed6af456784)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_21.1.15.bb => xserver-xorg_21.1.16.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.15.bb => xserver-xorg_21.1.16.bb} (92%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb
index 080e6d220e..38c81f2372 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.15.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
-SRC_URI[sha256sum] = "841c82901282902725762df03adbbcd68153d4cdfb0d61df0cfd73ad677ae089"
+SRC_URI[sha256sum] = "b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.