diff options
| author |   Anuj Mittal <anuj.mittal@intel.com> | 2024-01-23 16:47:34 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-01-24 15:45:04 +0000 |
| commit | 7c8e1e48075f7f54aec9d295605c982f440be5d5 (patch) | |
| tree | 5ac18dd7bd1182a9755ca02ae7ea51369d446a11 /meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch | |
| parent | 36375f47d5672aa0c2eae16de9ae18693b3b8a55 (diff) | |
| download | openembedded-core-contrib-7c8e1e48075f7f54aec9d295605c982f440be5d5.tar.gz | |
grub2: upgrade 2.06 -> 2.12
Drop patches that have been upstreamed. Refresh others.
This version dropped extra_deps.lst from the tarball [1] and that leads
to build failures. Restore it in do_configure for now.
[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch')
| -rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch deleted file mode 100644 index f31167d315..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ /dev/null @@ -1,58 +0,0 @@ -From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 8 Mar 2022 19:04:40 +1100 -Subject: [PATCH] net/http: Error out on headers with LF without CR - -In a similar vein to the previous patch, parse_line() would write -a NUL byte past the end of the buffer if there was an HTTP header -with a LF rather than a CRLF. - -RFC-2616 says: - - Many HTTP/1.1 header field values consist of words separated by LWS - or special characters. These special characters MUST be in a quoted - string to be used within a parameter value (as defined in section 3.6). - -We don't support quoted sections or continuation lines, etc. - -If we see an LF that's not part of a CRLF, bail out. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens <dja@axtens.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2022-28734 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/net/http.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 33a0a28c4..9291a13e2 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - char *end = ptr + len; - while (end > ptr && *(end - 1) == '\r') - end--; -+ -+ /* LF without CR. */ -+ if (end == ptr + len) -+ { -+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); -+ return GRUB_ERR_NONE; -+ } - *end = 0; -+ - /* Trailing CRLF. */ - if (data->in_chunk_len == 1) - { --- -2.34.1 - |