diff --git a/backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch b/backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch new file mode 100644 index 0000000000000000000000000000000000000000..fbf42d92f40a7c5c1d9d08f55621b8443c299815 --- /dev/null +++ b/backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch @@ -0,0 +1,34 @@ +From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001 +From: B Horn +Date: Sun, 12 May 2024 02:48:33 +0100 +Subject: [PATCH 03/73] fs/hfs: Fix stack OOB write with grub_strcpy() + +Replaced with grub_strlcpy(). + +Fixes: CVE-2024-45782 +Fixes: CVE-2024-56737 +Fixes: https://savannah.gnu.org/bugs/?66599 + +Reported-by: B Horn +Signed-off-by: B Horn +Reviewed-by: Daniel Kiper +--- + grub-core/fs/hfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index 91dc0e69c..920112b03 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk) + volume name. */ + key.parent_dir = grub_cpu_to_be32_compile_time (1); + key.strlen = data->sblock.volname[0]; +- grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1)); ++ grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str)); + + if (grub_hfs_find_node (data, (char *) &key, data->cat_root, + 0, (char *) &dir, sizeof (dir)) == 0) +-- +2.33.0 + diff --git a/grub.patches b/grub.patches index 0bbaf27be3d384c3ec465a7f6ad81e97112b3b95..2ea04bb0a61875945f6359840a5b80aa867909d2 100644 --- a/grub.patches +++ b/grub.patches @@ -212,3 +212,4 @@ Patch1008: 1008-loongarch-add-back-compatibility-for-linux-kernel.patch Patch1009: 1009-configure-Add-GRUB_CPU_LOONGARCH64-support.patch Patch1012: 1012-Clear-buffer-to-zero-for-screen-information.patch Patch1014: 1014-loongarch-Disable-vector-instructions.patch +Patch1015: backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch diff --git a/grub2.spec b/grub2.spec index 3e561cb110545ce623b4f5316904bd174c90318f..3e36192230e693f6ad3d8d6fb4843118a9b080a5 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,4 +1,4 @@ -%define anolis_release 13 +%define anolis_release 14 %global _lto_cflags %{nil} %undefine _hardened_build @@ -506,6 +506,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Wed Jul 09 2025 tomcruiseqi - 2.12-14 +- Fix CVE-2024-45782 + * Thu Jun 5 2025 Xue Liu - 2.12-13 - Disable vector instructions for loongarch