Porting patches from grub2_2.06-3~deb11u4 to fix
CVE-2022-2601/CVE-2022-3775.
The source code of grub2_2.06-3~deb11u4 is from:
https://snapshot.debian.org/archive/debian/20221124T030451Z/
pool/main/g/grub2/grub2_2.06-3~deb11u4.debian.tar.xz
Refer to above source code and this link for the fix:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
The 1st patch in the list is for making proper context for the 14
patches of the 2 CVEs. No content changes for all the patches from
debian release.
We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.
Test plan:
- PASS: build grub2/grub-efi.
- PASS: build-image and install and boot up on lab/qemu.
- PASS: check that the "stx.N" version number is right for both
bios(grub2 ver) and uefi(grub-efi ver) boot.
Closes-bug: 2020730
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7
d10d6fb187