boot/grub2: add CVE trailer in patch

Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.

This patch adds the relevant information to the patch header.

[1] 1167d0ff3d docs/manual: mention CVE trailer

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/grub2/0004-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch

@@ -5,8 +5,8 @@ Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
 
 Replaced with grub_strlcpy().
 
-Fixes: CVE-2024-45782
-Fixes: CVE-2024-56737
+CVE: CVE-2024-45782
+CVE: CVE-2024-56737
 Fixes: https://savannah.gnu.org/bugs/?66599
 
 Reported-by: B Horn <b@horn.uk>

boot/grub2/0006-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch

@@ -9,7 +9,7 @@ number parsed by read_number(). Later direct arithmetic calculation like
 grub_size_t leading to heap OOB write. This patch fixes the issue by
 using grub_add() and checking for an overflow.
 
-Fixes: CVE-2024-45780
+CVE: CVE-2024-45780
 
 Reported-by: Nils Langius <nils@langius.de>
 Signed-off-by: Lidong Chen <lidong.chen@oracle.com>

boot/grub2/0037-gettext-Integer-overflow-leads-to-heap-OOB-write.patch

@@ -9,7 +9,7 @@ to 0 leading to heap OOB write. This patch fixes
 the issue by using grub_add() and checking for
 an overflow.
 
-Fixes: CVE-2024-45777
+CVE: CVE-2024-45777
 
 Reported-by: Nils Langius <nils@langius.de>
 Signed-off-by: Lidong Chen <lidong.chen@oracle.com>

boot/grub2/0043-fs-bfs-Disable-under-lockdown.patch

@@ -6,8 +6,8 @@ Subject: [PATCH] fs/bfs: Disable under lockdown
 The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
 This will also disable the AFS.
 
-Fixes: CVE-2024-45778
-Fixes: CVE-2024-45779
+CVE: CVE-2024-45778
+CVE: CVE-2024-45779
 
 Reported-by: Nils Langius <nils@langius.de>
 Signed-off-by: Daniel Axtens <dja@axtens.net>

boot/grub2/0044-fs-Disable-many-filesystems-under-lockdown.patch

@@ -9,11 +9,11 @@ hfsplus, iso9660, squash4, tar, xfs and zfs.
 The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
 reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
 
-Fixes: CVE-2025-0677
-Fixes: CVE-2025-0684
-Fixes: CVE-2025-0685
-Fixes: CVE-2025-0686
-Fixes: CVE-2025-0689
+CVE: CVE-2025-0677
+CVE: CVE-2025-0684
+CVE: CVE-2025-0685
+CVE: CVE-2025-0686
+CVE: CVE-2025-0689
 
 Suggested-by: Daniel Axtens <dja@axtens.net>
 Signed-off-by: Daniel Axtens <dja@axtens.net>

boot/grub2/0050-fs-Prevent-overflows-when-allocating-memory-for-arra.patch

@@ -9,8 +9,8 @@ overflow checks are in place.
 The HFS+ and squash4 security vulnerabilities were reported by
 Jonathan Bar Or <jonathanbaror@gmail.com>.
 
-Fixes: CVE-2025-0678
-Fixes: CVE-2025-1125
+CVE: CVE-2025-0678
+CVE: CVE-2025-1125
 
 Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

boot/grub2/0074-Constant-time-grub_crypto_memcmp.patch

@@ -9,6 +9,7 @@ The code is extracted from the upstream commit:
 
 Fix: bsc#1234959
 
+CVE: CVE-2024-56738
 Signed-off-by: Gary Lin <glin@suse.com>
 Upstream: not submitted upstream, as upstream has switched to gcrypt
 Taken-from: https://build.opensuse.org/projects/SUSE:SLE-15-SP5:Update/packages/grub2.39923/files/grub2-constant-time-grub_crypto_memcmp.patch?expand=0