This series fixes a number of issues in grub 2.04. It is a part of a security
series [1], except of the patch 5. The patch 5 is a dependency of patch 6,
but also a bugfix on its own.

While none of them has an official CVE, they fix a number of NULL pointer
dereferences, memory leaks and similar issues, so seem worth having.

Patches included here are also in Debian's backports [2].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
[2] https://salsa.debian.org/grub-team/grub/-/tree/debian/2.04-20/debian/patches/2021-02-security

Marta Rybczynska (46):
grub: fix a memory leak
grub: add a fix for a possible NULL dereference
grub: fix a dangling memory pointer
grub: fix wrong handling of argc == 0
grub: add a fix for malformed device path handling
grub: fix memory leak at error in grub_efi_get_filename()
grub: add a fix for a possible NULL pointer dereference
grub: add a fix for unused variable in gnulib
grub: fix an unitialized token in gnulib
grub: add a fix a NULL pointer dereference in gnulib
grub: add a fix for NULL pointer dereference
grub: fix an unitialized re_token in gnulib
grub: add a fix for unnecessary assignements
grub: add structure initialization in zstd
grub: add a missing NULL check
grub: fix a memory leak
grub: fix a memory leak
grub: fix a memory leak
grub: fix an integer overflow
grub: add a fix for a length check
grub: add a fix for a possible negative shift
grub: add a fix for a memory leak
grub: add a fix for possible integer overflows
grub: fix an error check
grub: add a fix for a memory leak
grub: add a fix for a possible unintended sign extension
grub: add a fix for a possible NULL dereference
grub: add a fix for a memory leak
grub: add a fix for a memory leak
grub: fix a memory leak
grub: remove unneeded return value
grub: fix an integer overflow
grub: fix multiple integer overflows
grub: fix a possible integer overflow
grub: test for malformed jpeg files
grub: remove dead code
grub: fix checking for NULL
grub: add a fix for a memory leak
grub: avoid a memory leak
grub: add a check for a NULL pointer
grub: add a fix for NULL pointer dereference
grub: add a fix for an incorrect cast
grub: fix incorrect use of a negative value
grub: add a fix for a NULL pointer dereference
grub: avoid a NULL pointer dereference
grub: add a fix for a crash in scripts

...leak-when-iterating-over-mapped-memo.patch | 39 +++
...ible-dereference-to-of-a-NULL-pointe.patch | 39 +++
...net-tftp-Fix-dangling-memory-pointer.patch | 33 +++
...n-parser-Fix-resource-leak-if-argc-0.patch | 50 ++++
...formed-device-path-arithmetic-errors.patch | 235 ++++++++++++++++++
...-kern-efi-Fix-memory-leak-on-failure.patch | 30 +++
...ix-possible-NULL-pointer-dereference.patch | 65 +++++
...ulib-regexec-Resolve-unused-variable.patch | 59 +++++
...mp-Fix-uninitialized-token-structure.patch | 53 ++++
...-Fix-dereference-of-a-possibly-NULL-.patch | 52 ++++
...egexec-Fix-possible-null-dereference.patch | 53 ++++
...b-regcomp-Fix-uninitialized-re_token.patch | 55 ++++
...e-unnecessary-self-assignment-errors.patch | 41 +++
...std-Initialize-seq_t-structure-fully.patch | 34 +++
...heck-for-NULL-before-dereferencing-i.patch | 43 ++++
...re-comp-data-is-freed-before-exiting.patch | 128 ++++++++++
...-If-failed-then-free-vg-variable-too.patch | 28 +++
...ory-leak-on-uninserted-lv-references.patch | 50 ++++
...odisk-Fix-potential-integer-overflow.patch | 50 ++++
...that-the-volume-name-length-is-valid.patch | 43 ++++
...ix-possible-negative-shift-operation.patch | 42 ++++
...source-leaks-while-constructing-path.patch | 121 +++++++++
...3-zfs-Fix-possible-integer-overflows.patch | 56 +++++
...-a-check-for-error-allocating-memory.patch | 35 +++
.../files/0025-affs-Fix-memory-leaks.patch | 82 ++++++
...x-possible-unintended-sign-extension.patch | 36 +++
...pt-mpi-Fix-possible-NULL-dereference.patch | 33 +++
...slinux-Fix-memory-leak-while-parsing.patch | 43 ++++
...n-Fix-leaking-of-memory-when-process.patch | 52 ++++
...0-commands-hashsum-Fix-a-memory-leak.patch | 56 +++++
...move-unnecessary-return-value-of-gru.patch | 94 +++++++
...bfill-Fix-potential-integer-overflow.patch | 78 ++++++
...eo_fb-Fix-multiple-integer-overflows.patch | 104 ++++++++
...deo_fb-Fix-possible-integer-overflow.patch | 39 +++
...eg-Test-for-an-invalid-next-marker-r.patch | 38 +++
...-Remove-code-that-coverity-is-flaggi.patch | 34 +++
...ader-bsd-Check-for-NULL-arg-up-front.patch | 47 ++++
.../0038-loader-xnu-Fix-memory-leak.patch | 38 +++
...driverkey-data-when-an-error-is-dete.patch | 77 ++++++
...k-if-pointer-is-NULL-before-using-it.patch | 42 ++++
...nstall-Fix-NULL-pointer-dereferences.patch | 41 +++
...v-Fix-incorrect-casting-of-a-signed-.patch | 46 ++++
...x-incorrect-use-of-a-possibly-negati.patch | 50 ++++
...ix-NULL-dereference-in-grub_script_e.patch | 28 +++
...ire-device_name-is-not-NULL-before-p.patch | 33 +++
...void-crash-when-using-outside-a-func.patch | 37 +++
meta/recipes-bsp/grub/grub2.inc | 48 +++-
47 files changed, 2609 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
create mode 100644 meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
create mode 100644 meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch
create mode 100644 meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
create mode 100644 meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
create mode 100644 meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch
create mode 100644 meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
create mode 100644 meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch
create mode 100644 meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
create mode 100644 meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
create mode 100644 meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
create mode 100644 meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
create mode 100644 meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
create mode 100644 meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch
create mode 100644 meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
create mode 100644 meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
create mode 100644 meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
create mode 100644 meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
create mode 100644 meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
create mode 100644 meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
create mode 100644 meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
create mode 100644 meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
create mode 100644 meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch
create mode 100644 meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
create mode 100644 meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
create mode 100644 meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
create mode 100644 meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
create mode 100644 meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch
create mode 100644 meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
create mode 100644 meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch
create mode 100644 meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
create mode 100644 meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
create mode 100644 meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
create mode 100644 meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
create mode 100644 meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
create mode 100644 meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
create mode 100644 meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch
create mode 100644 meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch
create mode 100644 meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
create mode 100644 meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
create mode 100644 meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
create mode 100644 meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
create mode 100644 meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
create mode 100644 meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
create mode 100644 meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
create mode 100644 meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch

--
2.33.0