diff options
Diffstat (limited to 'meta/recipes-bsp/grub/grub2.inc')
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 36 |
1 files changed, 14 insertions, 22 deletions
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 2545b99b6a..bb9aacb478 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -18,30 +18,17 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://autogen.sh-exclude-pc.patch \ file://grub-module-explicitly-keeps-symbole-.module_license.patch \ file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ - file://determinism.patch \ file://0001-RISC-V-Restore-the-typcast-to-long.patch \ - file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ - file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ - file://video-Remove-trailing-whitespaces.patch \ - file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ - file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ - file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ - file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ - file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ - file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ - file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ - file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ - file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ - file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ - file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ " -SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" +SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91" -# Applies only to RHEL -CVE_CHECK_IGNORE += "CVE-2019-14865" -# Applies only to SUSE -CVE_CHECK_IGNORE += "CVE-2021-46705" +CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL" +CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE" +CVE_STATUS[CVE-2023-4001] = "not-applicable-platform: Applies only to RHEL/Fedora" +CVE_STATUS[CVE-2024-1048] = "not-applicable-platform: Applies only to RHEL/Fedora" +CVE_STATUS[CVE-2023-4692] = "cpe-incorrect: Fixed in version 2.12 already" +CVE_STATUS[CVE-2023-4693] = "cpe-incorrect: Fixed in version 2.12 already" DEPENDS = "flex-native bison-native gettext-native" @@ -50,8 +37,8 @@ COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}" # Grub doesn't support hard float toolchain and won't be able to forcefully # disable it on some of the target CPUs. See 'configure.ac' for # supported/unsupported CPUs in hardfp. -COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" -COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" # configure.ac has code to set this automagically from the target tuple # but the OE freeform one (core2-foo-bar-linux) don't work with that. @@ -92,6 +79,11 @@ export PYTHON = "python3" do_configure:prepend() { cd ${S} + + # Remove in next version. + # See: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e + echo "depends bli part_gpt" > ${S}/grub-core/extra_deps.lst + FROM_BOOTSTRAP=1 ${S}/autogen.sh cd ${B} } |