From d3c3ab6ec3822bfe08c652c6061f4bf9c87d8b83 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 15 2022 06:57:52 +0000 Subject: import grub2-2.06-46.el9 --- diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch b/SOURCES/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch index 4824aa1..fcc7825 100644 --- a/SOURCES/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch +++ b/SOURCES/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch @@ -10,7 +10,7 @@ This reverts commit 722737630889607c3b5761f1f5a48f1674cd2821. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 5984e92d29..9462248128 100644 +index 5984e92d291..94622481284 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -36,7 +36,7 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n diff --git a/SOURCES/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch b/SOURCES/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch index 05ac0f8..4187765 100644 --- a/SOURCES/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch +++ b/SOURCES/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch @@ -10,7 +10,7 @@ This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925. 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f8cbb8d7a2..d3e879b8e5 100644 +index f8cbb8d7a2b..d3e879b8e5c 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -140,9 +140,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2 @@ -40,7 +40,7 @@ index f8cbb8d7a2..d3e879b8e5 100644 GRUB_SAVEDEFAULT \ GRUB_ENABLE_CRYPTODISK \ diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 9462248128..80685b15f4 100644 +index 94622481284..80685b15f4d 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@" diff --git a/SOURCES/0003-Revert-templates-Disable-the-os-prober-by-default.patch b/SOURCES/0003-Revert-templates-Disable-the-os-prober-by-default.patch index 9492795..68cacfc 100644 --- a/SOURCES/0003-Revert-templates-Disable-the-os-prober-by-default.patch +++ b/SOURCES/0003-Revert-templates-Disable-the-os-prober-by-default.patch @@ -10,7 +10,7 @@ This reverts commit e346414725a70e5c74ee87ca14e580c66f517666. 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index f8b4b3b21a..69f08d289f 100644 +index f8b4b3b21a7..69f08d289f9 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1519,13 +1519,10 @@ boot sequence. If you have problems, set this option to @samp{text} and @@ -46,7 +46,7 @@ index f8b4b3b21a..69f08d289f 100644 First create a separate GRUB partition, big enough to hold GRUB. Some of the following entries show how to load OS installer images from this same partition, diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 80685b15f4..1b91c102f3 100644 +index 80685b15f4d..1b91c102f35 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@" diff --git a/SOURCES/0004-Add-support-for-Linux-EFI-stub-loading.patch b/SOURCES/0004-Add-support-for-Linux-EFI-stub-loading.patch index 745973e..73d231a 100644 --- a/SOURCES/0004-Add-support-for-Linux-EFI-stub-loading.patch +++ b/SOURCES/0004-Add-support-for-Linux-EFI-stub-loading.patch @@ -44,7 +44,7 @@ moves the check into grub_dl_load_file. create mode 100644 include/grub/efi/linux.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 8022e1c0a7..45d3edaa4d 100644 +index 8022e1c0a79..45d3edaa4dc 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1734,13 +1734,6 @@ module = { @@ -88,7 +88,7 @@ index 8022e1c0a7..45d3edaa4d 100644 module = { diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 48f8a79073..b714937095 100644 +index 48f8a79073d..b7149370950 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -38,6 +38,14 @@ @@ -127,7 +127,7 @@ index 48f8a79073..b714937095 100644 file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 8cff7be028..35b8f67060 100644 +index 8cff7be0289..35b8f670602 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -286,6 +286,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -166,7 +166,7 @@ index 8cff7be028..35b8f67060 100644 /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 9838fb2f50..f6aef0ef64 100644 +index 9838fb2f50d..f6aef0ef649 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, @@ -209,7 +209,7 @@ index 9838fb2f50..f6aef0ef64 100644 void * grub_efi_allocate_pages_real (grub_efi_physical_address_t address, diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index ef3e9f9444..a312c66868 100644 +index ef3e9f9444c..a312c668685 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -29,6 +29,7 @@ @@ -390,7 +390,7 @@ index ef3e9f9444..a312c66868 100644 linux_args = grub_malloc (cmdline_size); if (!linux_args) diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index 22cc25eccd..d9b7a9ba40 100644 +index 22cc25eccd9..d9b7a9ba400 100644 --- a/grub-core/loader/arm64/xen_boot.c +++ b/grub-core/loader/arm64/xen_boot.c @@ -266,7 +266,6 @@ xen_boot (void) @@ -403,7 +403,7 @@ index 22cc25eccd..d9b7a9ba40 100644 diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c new file mode 100644 -index 0000000000..c24202a5dd +index 00000000000..c24202a5dd1 --- /dev/null +++ b/grub-core/loader/efi/linux.c @@ -0,0 +1,70 @@ @@ -479,7 +479,7 @@ index 0000000000..c24202a5dd +#pragma GCC diagnostic pop diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c new file mode 100644 -index 0000000000..bb2616a809 +index 00000000000..bb2616a8092 --- /dev/null +++ b/grub-core/loader/i386/efi/linux.c @@ -0,0 +1,335 @@ @@ -819,7 +819,7 @@ index 0000000000..bb2616a809 + grub_unregister_command (cmd_initrdefi); +} diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 2a29952016..8be4c3b3f4 100644 +index 2a299520160..8be4c3b3f48 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -474,14 +474,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -853,7 +853,7 @@ index 2a29952016..8be4c3b3f4 100644 + grub_unregister_command (cmd_initrd16); } diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index bcd5a7eb18..b582f67f66 100644 +index bcd5a7eb186..b582f67f661 100644 --- a/include/grub/arm/linux.h +++ b/include/grub/arm/linux.h @@ -20,6 +20,7 @@ @@ -883,7 +883,7 @@ index bcd5a7eb18..b582f67f66 100644 #if defined GRUB_MACHINE_UBOOT diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index 7e22b4ab69..ea030312df 100644 +index 7e22b4ab699..ea030312df3 100644 --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h @@ -19,6 +19,7 @@ @@ -913,7 +913,7 @@ index 7e22b4ab69..ea030312df 100644 #endif /* ! GRUB_ARM64_LINUX_HEADER */ diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 83d958f994..6295df85f3 100644 +index 83d958f9945..6295df85f3f 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, @@ -946,7 +946,7 @@ index 83d958f994..6295df85f3 100644 grub_addr_t grub_efi_modules_addr (void); diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h new file mode 100644 -index 0000000000..d9ede36773 +index 00000000000..d9ede36773b --- /dev/null +++ b/include/grub/efi/linux.h @@ -0,0 +1,31 @@ diff --git a/SOURCES/0005-Rework-linux-command.patch b/SOURCES/0005-Rework-linux-command.patch index 694e423..9954dd0 100644 --- a/SOURCES/0005-Rework-linux-command.patch +++ b/SOURCES/0005-Rework-linux-command.patch @@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 9f74a96b19..dccf3bb300 100644 +index 9f74a96b19a..dccf3bb3005 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -649,13 +649,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff --git a/SOURCES/0006-Rework-linux16-command.patch b/SOURCES/0006-Rework-linux16-command.patch index 5adaaba..2c2d6f0 100644 --- a/SOURCES/0006-Rework-linux16-command.patch +++ b/SOURCES/0006-Rework-linux16-command.patch @@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 8be4c3b3f4..4b1750e360 100644 +index 8be4c3b3f48..4b1750e360e 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -124,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff --git a/SOURCES/0007-Add-secureboot-support-on-efi-chainloader.patch b/SOURCES/0007-Add-secureboot-support-on-efi-chainloader.patch index 2b20a61..bfb5a9b 100644 --- a/SOURCES/0007-Add-secureboot-support-on-efi-chainloader.patch +++ b/SOURCES/0007-Add-secureboot-support-on-efi-chainloader.patch @@ -175,7 +175,7 @@ Signed-off-by: Laszlo Ersek 7 files changed, 840 insertions(+), 90 deletions(-) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 35b8f67060..4a2259aa1c 100644 +index 35b8f670602..4a2259aa1c7 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -296,14 +296,20 @@ grub_efi_secure_boot (void) @@ -204,7 +204,7 @@ index 35b8f67060..4a2259aa1c 100644 if (*secure_boot && !*setup_mode) ret = 1; diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index a312c66868..04994d5c67 100644 +index a312c668685..04994d5c67d 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -284,6 +284,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -226,7 +226,7 @@ index a312c66868..04994d5c67 100644 grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); goto fail; diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 2bd80f4db3..b54cf6986f 100644 +index 2bd80f4db3d..b54cf6986fc 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -32,6 +32,8 @@ @@ -1165,7 +1165,7 @@ index 2bd80f4db3..b54cf6986f 100644 return grub_errno; diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index c24202a5dd..c8ecce6dfd 100644 +index c24202a5dd1..c8ecce6dfd0 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -33,21 +33,34 @@ struct grub_efi_shim_lock @@ -1210,7 +1210,7 @@ index c24202a5dd..c8ecce6dfd 100644 #pragma GCC diagnostic push diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index bb2616a809..6b24cbb948 100644 +index bb2616a8092..6b24cbb9483 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -117,6 +117,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -1278,7 +1278,7 @@ index bb2616a809..6b24cbb948 100644 grub_file_close (file); diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -index d9ede36773..0033d9305a 100644 +index d9ede36773b..0033d9305a9 100644 --- a/include/grub/efi/linux.h +++ b/include/grub/efi/linux.h @@ -22,7 +22,7 @@ @@ -1291,7 +1291,7 @@ index d9ede36773..0033d9305a 100644 grub_err_t EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 0ed8781f03..a43adf2746 100644 +index 0ed8781f037..a43adf27464 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -223,7 +223,11 @@ struct grub_pe64_optional_header diff --git a/SOURCES/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch b/SOURCES/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch index 6488374..3182fe9 100644 --- a/SOURCES/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch +++ b/SOURCES/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch @@ -32,7 +32,7 @@ Signed-off-by: Peter Jones create mode 100644 include/grub/sparc64/linux.h diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index 584baec8f9..7b2999b14b 100644 +index 584baec8f91..7b2999b14b5 100644 --- a/grub-core/commands/iorw.c +++ b/grub-core/commands/iorw.c @@ -24,6 +24,7 @@ @@ -64,7 +64,7 @@ index 584baec8f9..7b2999b14b 100644 grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index d401a6db0e..39cf3a06db 100644 +index d401a6db0ef..39cf3a06dbd 100644 --- a/grub-core/commands/memrw.c +++ b/grub-core/commands/memrw.c @@ -23,6 +23,7 @@ @@ -96,7 +96,7 @@ index d401a6db0e..39cf3a06db 100644 grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index b714937095..7afb9e6f72 100644 +index b7149370950..7afb9e6f724 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -32,6 +32,7 @@ @@ -117,7 +117,7 @@ index b714937095..7afb9e6f72 100644 #if 0 /* This is an error, but grub2-mkconfig still generates a pile of diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 4a2259aa1c..8cff7be028 100644 +index 4a2259aa1c7..8cff7be0289 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -286,40 +286,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -162,7 +162,7 @@ index 4a2259aa1c..8cff7be028 100644 /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c -index 74888c463b..585f2b5738 100644 +index 74888c463ba..585f2b57385 100644 --- a/grub-core/loader/efi/appleloader.c +++ b/grub-core/loader/efi/appleloader.c @@ -24,6 +24,7 @@ @@ -193,7 +193,7 @@ index 74888c463b..585f2b5738 100644 grub_unregister_command (cmd); } diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index b54cf6986f..3ff305b1d3 100644 +index b54cf6986fc..3ff305b1d32 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -34,6 +34,7 @@ @@ -205,7 +205,7 @@ index b54cf6986f..3ff305b1d3 100644 #include #include diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 5f3290ce17..54befc2662 100644 +index 5f3290ce17b..54befc26626 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -40,6 +40,7 @@ @@ -237,7 +237,7 @@ index 5f3290ce17..54befc2662 100644 grub_unregister_extcmd (cmd_openbsd); grub_unregister_extcmd (cmd_netbsd); diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index dccf3bb300..4aeb0e4b9a 100644 +index dccf3bb3005..4aeb0e4b9a6 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -37,6 +37,7 @@ @@ -269,7 +269,7 @@ index dccf3bb300..4aeb0e4b9a 100644 grub_unregister_command (cmd_initrd); } diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 4b1750e360..e3fa1221e8 100644 +index 4b1750e360e..e3fa1221e81 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -36,6 +36,7 @@ @@ -301,7 +301,7 @@ index 4b1750e360..e3fa1221e8 100644 grub_unregister_command (cmd_linux16); grub_unregister_command (cmd_initrd); diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c -index facb13f3d3..47e481f457 100644 +index facb13f3d36..47e481f4576 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -50,6 +50,7 @@ @@ -333,7 +333,7 @@ index facb13f3d3..47e481f457 100644 grub_unregister_command (cmd_module); } diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 1c0cf6a430..baa54e652a 100644 +index 1c0cf6a430a..baa54e652ab 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -35,6 +35,7 @@ @@ -365,7 +365,7 @@ index 1c0cf6a430..baa54e652a 100644 grub_unregister_command (cmd_resume); #endif diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 6295df85f3..585fa6662b 100644 +index 6295df85f3f..585fa6662b6 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -91,7 +91,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, @@ -378,13 +378,13 @@ index 6295df85f3..585fa6662b 100644 const grub_efi_device_path_t *dp2); diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 00000000000..e69de29bb2d diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 00000000000..e69de29bb2d diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 00000000000..e69de29bb2d diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 00000000000..e69de29bb2d diff --git a/SOURCES/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch b/SOURCES/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch index 452f43c..f3aae38 100644 --- a/SOURCES/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch +++ b/SOURCES/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 3 files changed, 89 insertions(+), 37 deletions(-) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index c8ecce6dfd..0622dfa48d 100644 +index c8ecce6dfd0..0622dfa48d4 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -69,12 +69,17 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) @@ -37,7 +37,7 @@ index c8ecce6dfd..0622dfa48d 100644 return GRUB_ERR_BUG; diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6b24cbb948..3017d0f3e5 100644 +index 6b24cbb9483..3017d0f3e52 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -44,14 +44,10 @@ static char *linux_cmdline; @@ -245,7 +245,7 @@ index 6b24cbb948..3017d0f3e5 100644 if (kernel_mem && !loaded) grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index eddf9251d9..25ef52c04e 100644 +index eddf9251d9a..25ef52c04eb 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -138,7 +138,12 @@ struct linux_i386_kernel_header diff --git a/SOURCES/0010-re-write-.gitignore.patch b/SOURCES/0010-re-write-.gitignore.patch index 3e0b46c..74cb0da 100644 --- a/SOURCES/0010-re-write-.gitignore.patch +++ b/SOURCES/0010-re-write-.gitignore.patch @@ -20,7 +20,7 @@ Subject: [PATCH] re-write .gitignore create mode 100644 util/bash-completion.d/.gitignore diff --git a/.gitignore b/.gitignore -index f6a1bd0517..594d0134d3 100644 +index f6a1bd05175..594d0134d33 100644 --- a/.gitignore +++ b/.gitignore @@ -275,3 +275,155 @@ widthspec.bin @@ -181,7 +181,7 @@ index f6a1bd0517..594d0134d3 100644 +/widthspec.h diff --git a/docs/.gitignore b/docs/.gitignore new file mode 100644 -index 0000000000..e1d849ef95 +index 00000000000..e1d849ef95b --- /dev/null +++ b/docs/.gitignore @@ -0,0 +1,5 @@ @@ -192,7 +192,7 @@ index 0000000000..e1d849ef95 +/version*.texi diff --git a/grub-core/.gitignore b/grub-core/.gitignore new file mode 100644 -index 0000000000..2acce28115 +index 00000000000..2acce281159 --- /dev/null +++ b/grub-core/.gitignore @@ -0,0 +1,16 @@ @@ -214,14 +214,14 @@ index 0000000000..2acce28115 +/trigtables.c diff --git a/grub-core/lib/.gitignore b/grub-core/lib/.gitignore new file mode 100644 -index 0000000000..6815459140 +index 00000000000..68154591404 --- /dev/null +++ b/grub-core/lib/.gitignore @@ -0,0 +1 @@ +/libgcrypt-grub/ diff --git a/include/grub/gcrypt/.gitignore b/include/grub/gcrypt/.gitignore new file mode 100644 -index 0000000000..8fbf564624 +index 00000000000..8fbf5646246 --- /dev/null +++ b/include/grub/gcrypt/.gitignore @@ -0,0 +1,2 @@ @@ -229,7 +229,7 @@ index 0000000000..8fbf564624 +gcrypt.h diff --git a/po/.gitignore b/po/.gitignore new file mode 100644 -index 0000000000..f507e7741e +index 00000000000..f507e7741e3 --- /dev/null +++ b/po/.gitignore @@ -0,0 +1,5 @@ @@ -240,7 +240,7 @@ index 0000000000..f507e7741e +/stamp-po diff --git a/util/bash-completion.d/.gitignore b/util/bash-completion.d/.gitignore new file mode 100644 -index 0000000000..6813a527ad +index 00000000000..6813a527ad3 --- /dev/null +++ b/util/bash-completion.d/.gitignore @@ -0,0 +1,2 @@ diff --git a/SOURCES/0011-IBM-client-architecture-CAS-reboot-support.patch b/SOURCES/0011-IBM-client-architecture-CAS-reboot-support.patch index 1f8587f..eaaf9a4 100644 --- a/SOURCES/0011-IBM-client-architecture-CAS-reboot-support.patch +++ b/SOURCES/0011-IBM-client-architecture-CAS-reboot-support.patch @@ -25,7 +25,7 @@ parameters 4 files changed, 91 insertions(+) diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c -index 4d493ab766..3a6689abb1 100644 +index 4d493ab7661..3a6689abb11 100644 --- a/grub-core/kern/ieee1275/openfw.c +++ b/grub-core/kern/ieee1275/openfw.c @@ -591,3 +591,66 @@ grub_ieee1275_get_boot_dev (void) @@ -96,7 +96,7 @@ index 4d493ab766..3a6689abb1 100644 + return 0; +} diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index c4ebe9e22a..70614de156 100644 +index c4ebe9e22ad..70614de1565 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -34,6 +34,9 @@ @@ -133,7 +133,7 @@ index c4ebe9e22a..70614de156 100644 grub_errno = GRUB_ERR_NONE; } diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 25158407dd..ad80399246 100644 +index 25158407dd8..ad80399246a 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -28,6 +28,9 @@ @@ -158,7 +158,7 @@ index 25158407dd..ad80399246 100644 { char *line; diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h -index 73e2f46447..0a599607f3 100644 +index 73e2f464475..0a599607f31 100644 --- a/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h @@ -254,6 +254,8 @@ int EXPORT_FUNC(grub_ieee1275_devalias_next) (struct grub_ieee1275_devalias *ali diff --git a/SOURCES/0012-for-ppc-reset-console-display-attr-when-clear-screen.patch b/SOURCES/0012-for-ppc-reset-console-display-attr-when-clear-screen.patch index 57aa596..c8bb9d3 100644 --- a/SOURCES/0012-for-ppc-reset-console-display-attr-when-clear-screen.patch +++ b/SOURCES/0012-for-ppc-reset-console-display-attr-when-clear-screen.patch @@ -15,7 +15,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c -index 85ecf06b4d..05c88dcf49 100644 +index 85ecf06b4df..05c88dcf49e 100644 --- a/grub-core/term/terminfo.c +++ b/grub-core/term/terminfo.c @@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_term_output *term, diff --git a/SOURCES/0013-Disable-GRUB-video-support-for-IBM-power-machines.patch b/SOURCES/0013-Disable-GRUB-video-support-for-IBM-power-machines.patch index 2290fa2..430f600 100644 --- a/SOURCES/0013-Disable-GRUB-video-support-for-IBM-power-machines.patch +++ b/SOURCES/0013-Disable-GRUB-video-support-for-IBM-power-machines.patch @@ -12,7 +12,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=973205 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c -index 20cbbd761e..04df9d2c66 100644 +index 20cbbd761ec..04df9d2c667 100644 --- a/grub-core/kern/ieee1275/cmain.c +++ b/grub-core/kern/ieee1275/cmain.c @@ -90,7 +90,10 @@ grub_ieee1275_find_options (void) @@ -28,7 +28,7 @@ index 20cbbd761e..04df9d2c66 100644 /* Old Macs have no key repeat, newer ones have fully working one. The ones inbetween when repeated key generates an escaoe sequence diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c -index 17a3dbbb57..b8e4b3feb3 100644 +index 17a3dbbb575..b8e4b3feb32 100644 --- a/grub-core/video/ieee1275.c +++ b/grub-core/video/ieee1275.c @@ -352,9 +352,12 @@ static struct grub_video_adapter grub_video_ieee1275_adapter = @@ -48,7 +48,7 @@ index 17a3dbbb57..b8e4b3feb3 100644 GRUB_MOD_FINI(ieee1275_fb) diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h -index 0a599607f3..b5a1d49bbc 100644 +index 0a599607f31..b5a1d49bbc3 100644 --- a/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h @@ -148,6 +148,8 @@ enum grub_ieee1275_flag diff --git a/SOURCES/0014-Move-bash-completion-script-922997.patch b/SOURCES/0014-Move-bash-completion-script-922997.patch index a84d66e..6bf0b4b 100644 --- a/SOURCES/0014-Move-bash-completion-script-922997.patch +++ b/SOURCES/0014-Move-bash-completion-script-922997.patch @@ -10,7 +10,7 @@ Apparently these go in a new place now. 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 7517fc49d9..8331f95b64 100644 +index 7517fc49d98..8331f95b645 100644 --- a/configure.ac +++ b/configure.ac @@ -314,6 +314,14 @@ AC_SUBST(grubdirname) @@ -39,7 +39,7 @@ index 7517fc49d9..8331f95b64 100644 if test "x$target_alias" != x && test "x$host_alias" != "x$target_alias"; then tmp_ac_tool_prefix="$ac_tool_prefix" diff --git a/util/bash-completion.d/Makefile.am b/util/bash-completion.d/Makefile.am -index 136287cf1b..61108f0542 100644 +index 136287cf1bf..61108f05429 100644 --- a/util/bash-completion.d/Makefile.am +++ b/util/bash-completion.d/Makefile.am @@ -6,7 +6,6 @@ EXTRA_DIST = $(bash_completion_source) diff --git a/SOURCES/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch b/SOURCES/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch index 6450a54..f2a4a82 100644 --- a/SOURCES/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch +++ b/SOURCES/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 58 insertions(+), 27 deletions(-) diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 8397886fa0..d7a222e681 100644 +index 8397886fa05..d7a222e681b 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -163,15 +163,40 @@ grub_menu_set_timeout (int timeout) diff --git a/SOURCES/0016-Make-exit-take-a-return-code.patch b/SOURCES/0016-Make-exit-take-a-return-code.patch index 654ef73..39d7057 100644 --- a/SOURCES/0016-Make-exit-take-a-return-code.patch +++ b/SOURCES/0016-Make-exit-take-a-return-code.patch @@ -27,7 +27,7 @@ Signed-off-by: Peter Jones 14 files changed, 48 insertions(+), 21 deletions(-) diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c -index fa498931ed..2bd3ac76f2 100644 +index fa498931ed2..2bd3ac76f2d 100644 --- a/grub-core/commands/minicmd.c +++ b/grub-core/commands/minicmd.c @@ -182,12 +182,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), @@ -60,7 +60,7 @@ index fa498931ed..2bd3ac76f2 100644 } diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 8cff7be028..05d8237a9b 100644 +index 8cff7be0289..05d8237a9b2 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -165,11 +165,16 @@ grub_reboot (void) @@ -83,7 +83,7 @@ index 8cff7be028..05d8237a9b 100644 } diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 425bb96034..55ea5a11cc 100644 +index 425bb960347..55ea5a11ccd 100644 --- a/grub-core/kern/emu/main.c +++ b/grub-core/kern/emu/main.c @@ -67,7 +67,7 @@ grub_reboot (void) @@ -96,7 +96,7 @@ index 425bb96034..55ea5a11cc 100644 grub_reboot (); } diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index dfd8a8ec48..0ff13bcaf8 100644 +index dfd8a8ec488..0ff13bcaf8c 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...) @@ -113,7 +113,7 @@ index dfd8a8ec48..0ff13bcaf8 100644 #endif diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c -index 3314f027fe..36f9134b7b 100644 +index 3314f027fec..36f9134b7b7 100644 --- a/grub-core/kern/i386/coreboot/init.c +++ b/grub-core/kern/i386/coreboot/init.c @@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; @@ -126,7 +126,7 @@ index 3314f027fe..36f9134b7b 100644 /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c -index 271b6fbfab..9fafe98f01 100644 +index 271b6fbfabd..9fafe98f015 100644 --- a/grub-core/kern/i386/qemu/init.c +++ b/grub-core/kern/i386/qemu/init.c @@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; @@ -139,7 +139,7 @@ index 271b6fbfab..9fafe98f01 100644 /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d483e35eed..e71d158416 100644 +index d483e35eed2..e71d1584164 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; @@ -152,7 +152,7 @@ index d483e35eed..e71d158416 100644 grub_ieee1275_exit (); } diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c -index 2ed3ff3191..5c40c34078 100644 +index 2ed3ff3191e..5c40c34078d 100644 --- a/grub-core/kern/mips/arc/init.c +++ b/grub-core/kern/mips/arc/init.c @@ -276,7 +276,7 @@ grub_halt (void) @@ -165,7 +165,7 @@ index 2ed3ff3191..5c40c34078 100644 GRUB_ARC_FIRMWARE_VECTOR->exit (); diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c -index 7b96531b98..dff598ca7b 100644 +index 7b96531b983..dff598ca7b0 100644 --- a/grub-core/kern/mips/loongson/init.c +++ b/grub-core/kern/mips/loongson/init.c @@ -304,7 +304,7 @@ grub_halt (void) @@ -178,7 +178,7 @@ index 7b96531b98..dff598ca7b 100644 grub_halt (); } diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c -index be88b77d22..8b6c55ffc0 100644 +index be88b77d22d..8b6c55ffc01 100644 --- a/grub-core/kern/mips/qemu_mips/init.c +++ b/grub-core/kern/mips/qemu_mips/init.c @@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) @@ -191,7 +191,7 @@ index be88b77d22..8b6c55ffc0 100644 grub_halt (); } diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3af336ee22..63b586d09c 100644 +index 3af336ee227..63b586d09cb 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -1209,9 +1209,18 @@ grub_abort (void) @@ -215,7 +215,7 @@ index 3af336ee22..63b586d09c 100644 grub_fatal (const char *fmt, ...) { diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c -index 3e338645c5..be2a5be1d0 100644 +index 3e338645c57..be2a5be1d07 100644 --- a/grub-core/kern/uboot/init.c +++ b/grub-core/kern/uboot/init.c @@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; @@ -240,7 +240,7 @@ index 3e338645c5..be2a5be1d0 100644 else if (ver > API_SIG_VERSION) { diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c -index 782ca72952..708b060f32 100644 +index 782ca72952a..708b060f324 100644 --- a/grub-core/kern/xen/init.c +++ b/grub-core/kern/xen/init.c @@ -584,7 +584,7 @@ grub_machine_init (void) @@ -253,7 +253,7 @@ index 782ca72952..708b060f32 100644 struct sched_shutdown arg; diff --git a/include/grub/misc.h b/include/grub/misc.h -index 7d2b551969..fd18e6320b 100644 +index 7d2b5519690..fd18e6320b8 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -353,7 +353,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, diff --git a/SOURCES/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch b/SOURCES/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch index ecfab5a..d061461 100644 --- a/SOURCES/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch +++ b/SOURCES/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 45d3edaa4d..c865a08b02 100644 +index 45d3edaa4dc..c865a08b027 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -207,6 +207,7 @@ kernel = { @@ -22,7 +22,7 @@ index 45d3edaa4d..c865a08b02 100644 i386_multiboot = kern/i386/pc/acpi.c; i386_coreboot = kern/acpi.c; diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 7facacf09c..6d39bd3ad2 100644 +index 7facacf09c7..6d39bd3ad29 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -27,8 +27,11 @@ diff --git a/SOURCES/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch b/SOURCES/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch index c69cb0f..ee8c7ab 100644 --- a/SOURCES/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch +++ b/SOURCES/0018-Migrate-PPC-from-Yaboot-to-Grub2.patch @@ -12,7 +12,7 @@ maximum screen size so that text is not overwritten. create mode 100644 util/grub.d/20_ppc_terminfo.in diff --git a/Makefile.util.def b/Makefile.util.def -index f8b356cc1f..2c9b283a23 100644 +index f8b356cc1fa..2c9b283a230 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -508,6 +508,13 @@ script = { @@ -31,7 +31,7 @@ index f8b356cc1f..2c9b283a23 100644 common = util/grub.d/30_os-prober.in; diff --git a/util/grub.d/20_ppc_terminfo.in b/util/grub.d/20_ppc_terminfo.in new file mode 100644 -index 0000000000..10d6658682 +index 00000000000..10d66586820 --- /dev/null +++ b/util/grub.d/20_ppc_terminfo.in @@ -0,0 +1,114 @@ diff --git a/SOURCES/0019-Add-fw_path-variable-revised.patch b/SOURCES/0019-Add-fw_path-variable-revised.patch index 9a64c38..df9ef83 100644 --- a/SOURCES/0019-Add-fw_path-variable-revised.patch +++ b/SOURCES/0019-Add-fw_path-variable-revised.patch @@ -14,7 +14,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=857936 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 73967e2f5b..d1de9fa687 100644 +index 73967e2f5b0..d1de9fa6873 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -128,16 +128,15 @@ grub_set_prefix_and_root (void) @@ -41,7 +41,7 @@ index 73967e2f5b..d1de9fa687 100644 } diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 70614de156..62571e6dfc 100644 +index 70614de1565..62571e6dfcc 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -339,7 +339,30 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), diff --git a/SOURCES/0020-Pass-x-hex-hex-straight-through-unmolested.patch b/SOURCES/0020-Pass-x-hex-hex-straight-through-unmolested.patch index c2623ac..b81abb5 100644 --- a/SOURCES/0020-Pass-x-hex-hex-straight-through-unmolested.patch +++ b/SOURCES/0020-Pass-x-hex-hex-straight-through-unmolested.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 3 files changed, 75 insertions(+), 9 deletions(-) diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c -index cc3290311f..8f67a4be7f 100644 +index cc3290311f0..8f67a4be7f0 100644 --- a/grub-core/commands/wildcard.c +++ b/grub-core/commands/wildcard.c @@ -488,6 +488,12 @@ check_file (const char *dir, const char *basename) @@ -47,7 +47,7 @@ index cc3290311f..8f67a4be7f 100644 *optr++ = iptr[1]; iptr += 2; diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c -index ed0b149dca..8e2294d8ff 100644 +index ed0b149dca5..8e2294d8ff6 100644 --- a/grub-core/lib/cmdline.c +++ b/grub-core/lib/cmdline.c @@ -20,6 +20,12 @@ @@ -97,7 +97,7 @@ index ed0b149dca..8e2294d8ff 100644 *buf++ = *c; diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index ad80399246..0c6dd9c520 100644 +index ad80399246a..0c6dd9c5201 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -56,6 +56,12 @@ static struct grub_script_scope *scope = 0; diff --git a/SOURCES/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch b/SOURCES/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch index c452b5f..da65e18 100644 --- a/SOURCES/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch +++ b/SOURCES/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch @@ -28,7 +28,7 @@ Signed-off-by: Will Thompson create mode 100644 grub-core/commands/loadenv.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c865a08b02..c15e91943b 100644 +index c865a08b027..c15e91943b9 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -814,6 +814,16 @@ module = { @@ -58,7 +58,7 @@ index c865a08b02..c15e91943b 100644 diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c new file mode 100644 -index 0000000000..e907a6a5d2 +index 00000000000..e907a6a5d28 --- /dev/null +++ b/grub-core/commands/blscfg.c @@ -0,0 +1,1177 @@ @@ -1240,7 +1240,7 @@ index 0000000000..e907a6a5d2 + grub_unregister_extcmd (oldcmd); +} diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index cc5971f4db..782761c31a 100644 +index cc5971f4dbd..782761c31aa 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c @@ -143,7 +143,7 @@ legacy_file (const char *filename) @@ -1263,7 +1263,7 @@ index cc5971f4db..782761c31a 100644 } diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c -index 3fd664aac3..163b9a0904 100644 +index 3fd664aac33..163b9a09042 100644 --- a/grub-core/commands/loadenv.c +++ b/grub-core/commands/loadenv.c @@ -28,6 +28,8 @@ @@ -1358,7 +1358,7 @@ index 3fd664aac3..163b9a0904 100644 grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args) { diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 720e6d8ea3..b194123eb6 100644 +index 720e6d8ea3b..b194123eb67 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, @@ -1430,7 +1430,7 @@ index 720e6d8ea3..b194123eb6 100644 src[len - 1] = ch; args[argc - 1] = src; diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 62571e6dfc..7ca2e5400b 100644 +index 62571e6dfcc..7ca2e5400b1 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -21,6 +21,7 @@ @@ -1455,7 +1455,7 @@ index 62571e6dfc..7ca2e5400b 100644 grub_free ((void *) entry->title); diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h new file mode 100644 -index 0000000000..952f46121b +index 00000000000..952f46121bd --- /dev/null +++ b/grub-core/commands/loadenv.h @@ -0,0 +1,93 @@ @@ -1553,7 +1553,7 @@ index 0000000000..952f46121b + return 0; +} diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index 8f3be3ae70..ebafec6895 100644 +index 8f3be3ae706..ebafec68957 100644 --- a/include/grub/compiler.h +++ b/include/grub/compiler.h @@ -56,4 +56,6 @@ @@ -1564,7 +1564,7 @@ index 8f3be3ae70..ebafec6895 100644 + #endif /* ! GRUB_COMPILER_HEADER */ diff --git a/include/grub/menu.h b/include/grub/menu.h -index ee2b5e9104..0acdc2aa6b 100644 +index ee2b5e91045..0acdc2aa6bf 100644 --- a/include/grub/menu.h +++ b/include/grub/menu.h @@ -20,6 +20,16 @@ @@ -1595,7 +1595,7 @@ index ee2b5e9104..0acdc2aa6b 100644 typedef struct grub_menu_entry *grub_menu_entry_t; diff --git a/include/grub/normal.h b/include/grub/normal.h -index 218cbabcca..8839ad85a1 100644 +index 218cbabccaf..8839ad85a19 100644 --- a/include/grub/normal.h +++ b/include/grub/normal.h @@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, diff --git a/SOURCES/0022-Add-devicetree-loading.patch b/SOURCES/0022-Add-devicetree-loading.patch index 466ddba..c0728a9 100644 --- a/SOURCES/0022-Add-devicetree-loading.patch +++ b/SOURCES/0022-Add-devicetree-loading.patch @@ -20,7 +20,7 @@ Signed-off-by: David A. Marlin 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index d3e879b8e5..8ea2315ebc 100644 +index d3e879b8e5c..8ea2315ebc2 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -248,7 +248,8 @@ export GRUB_DEFAULT \ @@ -34,7 +34,7 @@ index d3e879b8e5..8ea2315ebc 100644 if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index e8b01c0d0c..dc75a1c30b 100644 +index e8b01c0d0c7..dc75a1c30bf 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -153,6 +153,13 @@ EOF diff --git a/SOURCES/0023-Don-t-write-messages-to-the-screen.patch b/SOURCES/0023-Don-t-write-messages-to-the-screen.patch index b5f53c5..01d0264 100644 --- a/SOURCES/0023-Don-t-write-messages-to-the-screen.patch +++ b/SOURCES/0023-Don-t-write-messages-to-the-screen.patch @@ -15,7 +15,7 @@ very appealing. 5 files changed, 5 insertions(+), 40 deletions(-) diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 4d02e62c10..84d520cd49 100644 +index 4d02e62c109..84d520cd494 100644 --- a/grub-core/gettext/gettext.c +++ b/grub-core/gettext/gettext.c @@ -434,16 +434,12 @@ static char * @@ -97,7 +97,7 @@ index 4d02e62c10..84d520cd49 100644 grub_register_variable_hook ("locale_dir", NULL, read_main); grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary); diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index d1de9fa687..48058d983c 100644 +index d1de9fa6873..48058d983ce 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -269,11 +269,6 @@ grub_main (void) @@ -113,7 +113,7 @@ index d1de9fa687..48058d983c 100644 grub_verifiers_init (); diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S -index 2bd0b2d286..ea167fe120 100644 +index 2bd0b2d2866..ea167fe1206 100644 --- a/grub-core/boot/i386/pc/boot.S +++ b/grub-core/boot/i386/pc/boot.S @@ -249,9 +249,6 @@ real_start: @@ -127,7 +127,7 @@ index 2bd0b2d286..ea167fe120 100644 movw $disk_address_packet, %si diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S -index c1addc0df2..68d31de0c4 100644 +index c1addc0df29..68d31de0c4c 100644 --- a/grub-core/boot/i386/pc/diskboot.S +++ b/grub-core/boot/i386/pc/diskboot.S @@ -50,11 +50,6 @@ _start: @@ -143,7 +143,7 @@ index c1addc0df2..68d31de0c4 100644 movw $LOCAL(firstlist), %di diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index dc75a1c30b..ad2ac4b078 100644 +index dc75a1c30bf..ad2ac4b078d 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -138,27 +138,20 @@ linux_entry () diff --git a/SOURCES/0024-Don-t-print-GNU-GRUB-header.patch b/SOURCES/0024-Don-t-print-GNU-GRUB-header.patch index 4aa2c83..c903fd4 100644 --- a/SOURCES/0024-Don-t-print-GNU-GRUB-header.patch +++ b/SOURCES/0024-Don-t-print-GNU-GRUB-header.patch @@ -9,7 +9,7 @@ No one cares. 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 7ca2e5400b..5d5f7b539f 100644 +index 7ca2e5400b1..5d5f7b539f5 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -208,15 +208,16 @@ read_config_file (const char *config) diff --git a/SOURCES/0025-Don-t-add-to-highlighted-row.patch b/SOURCES/0025-Don-t-add-to-highlighted-row.patch index 46c42d6..b83f543 100644 --- a/SOURCES/0025-Don-t-add-to-highlighted-row.patch +++ b/SOURCES/0025-Don-t-add-to-highlighted-row.patch @@ -9,7 +9,7 @@ It is already highlighted. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index 18240e76ce..65deafda53 100644 +index 18240e76cea..65deafda531 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -242,7 +242,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, diff --git a/SOURCES/0026-Message-string-cleanups.patch b/SOURCES/0026-Message-string-cleanups.patch index 04cb640..e23ee1a 100644 --- a/SOURCES/0026-Message-string-cleanups.patch +++ b/SOURCES/0026-Message-string-cleanups.patch @@ -9,7 +9,7 @@ Make use of terminology consistent. Remove jargon. 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index 65deafda53..cc5837ed2b 100644 +index 65deafda531..cc5837ed2b8 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -157,9 +157,8 @@ print_message (int nested, int edit, struct grub_term_output *term, int dry_run) diff --git a/SOURCES/0027-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch b/SOURCES/0027-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch index 6cf7d26..920ef79 100644 --- a/SOURCES/0027-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch +++ b/SOURCES/0027-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Fix border spacing now that we aren't displaying it 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index cc5837ed2b..b49835a9af 100644 +index cc5837ed2b8..b49835a9af7 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -331,12 +331,12 @@ grub_menu_init_page (int nested, int edit, diff --git a/SOURCES/0028-Use-the-correct-indentation-for-the-term-help-text.patch b/SOURCES/0028-Use-the-correct-indentation-for-the-term-help-text.patch index cc879b5..0ce3b04 100644 --- a/SOURCES/0028-Use-the-correct-indentation-for-the-term-help-text.patch +++ b/SOURCES/0028-Use-the-correct-indentation-for-the-term-help-text.patch @@ -9,7 +9,7 @@ That is consistent with the menu help text 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 5d5f7b539f..ec1cd25739 100644 +index 5d5f7b539f5..ec1cd257397 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -440,8 +440,8 @@ grub_normal_reader_init (int nested) diff --git a/SOURCES/0029-Indent-menu-entries.patch b/SOURCES/0029-Indent-menu-entries.patch index 57c5ee9..7e588fd 100644 --- a/SOURCES/0029-Indent-menu-entries.patch +++ b/SOURCES/0029-Indent-menu-entries.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Indent menu entries 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index b49835a9af..6a57376fa8 100644 +index b49835a9af7..6a57376fa80 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -239,7 +239,8 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, diff --git a/SOURCES/0030-Fix-margins.patch b/SOURCES/0030-Fix-margins.patch index 8e9b4e5..baa10ed 100644 --- a/SOURCES/0030-Fix-margins.patch +++ b/SOURCES/0030-Fix-margins.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Fix margins 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index 6a57376fa8..cbd62f714c 100644 +index 6a57376fa80..cbd62f714cb 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -333,17 +333,15 @@ grub_menu_init_page (int nested, int edit, diff --git a/SOURCES/0031-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch b/SOURCES/0031-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch index 6295244..7932180 100644 --- a/SOURCES/0031-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch +++ b/SOURCES/0031-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index cbd62f714c..26e9e82042 100644 +index cbd62f714cb..26e9e82042a 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -334,7 +334,7 @@ grub_menu_init_page (int nested, int edit, diff --git a/SOURCES/0032-Enable-pager-by-default.-985860.patch b/SOURCES/0032-Enable-pager-by-default.-985860.patch index 63cf787..d92fbcc 100644 --- a/SOURCES/0032-Enable-pager-by-default.-985860.patch +++ b/SOURCES/0032-Enable-pager-by-default.-985860.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 2 insertions(+) diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 93a90233ea..858b526c92 100644 +index 93a90233ead..858b526c925 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -43,6 +43,8 @@ if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved" ] ; then GRUB_DEFAULT_BUTTON='${saved_ diff --git a/SOURCES/0033-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch b/SOURCES/0033-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch index 295c252..7e9e829 100644 --- a/SOURCES/0033-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch +++ b/SOURCES/0033-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index 26e9e82042..4895ffe7d1 100644 +index 26e9e82042a..4895ffe7d1d 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -157,7 +157,7 @@ print_message (int nested, int edit, struct grub_term_output *term, int dry_run) diff --git a/SOURCES/0034-Don-t-say-GNU-Linux-in-generated-menus.patch b/SOURCES/0034-Don-t-say-GNU-Linux-in-generated-menus.patch index 68b111b..db2a8b5 100644 --- a/SOURCES/0034-Don-t-say-GNU-Linux-in-generated-menus.patch +++ b/SOURCES/0034-Don-t-say-GNU-Linux-in-generated-menus.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Don't say "GNU/Linux" in generated menus. 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index ad2ac4b078..4fc58c8330 100644 +index ad2ac4b078d..4fc58c83304 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@" @@ -25,7 +25,7 @@ index ad2ac4b078..4fc58c8330 100644 fi diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 3b1f470492..ada20775a1 100644 +index 3b1f4704921..ada20775a14 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@" diff --git a/SOURCES/0035-Don-t-draw-a-border-around-the-menu.patch b/SOURCES/0035-Don-t-draw-a-border-around-the-menu.patch index 7184b07..31a973e 100644 --- a/SOURCES/0035-Don-t-draw-a-border-around-the-menu.patch +++ b/SOURCES/0035-Don-t-draw-a-border-around-the-menu.patch @@ -9,7 +9,7 @@ It looks cleaner without it. 1 file changed, 43 deletions(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index 4895ffe7d1..e72ed438ba 100644 +index 4895ffe7d1d..e72ed438ba3 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -108,47 +108,6 @@ grub_print_message_indented (const char *msg, int margin_left, int margin_right, diff --git a/SOURCES/0036-Use-the-standard-margin-for-the-timeout-string.patch b/SOURCES/0036-Use-the-standard-margin-for-the-timeout-string.patch index bda7d14..49a382d 100644 --- a/SOURCES/0036-Use-the-standard-margin-for-the-timeout-string.patch +++ b/SOURCES/0036-Use-the-standard-margin-for-the-timeout-string.patch @@ -9,7 +9,7 @@ So that it aligns with the other messages 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index e72ed438ba..ca13562435 100644 +index e72ed438ba3..ca135624356 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -372,7 +372,7 @@ grub_menu_init_page (int nested, int edit, diff --git a/SOURCES/0037-Add-.eh_frame-to-list-of-relocations-stripped.patch b/SOURCES/0037-Add-.eh_frame-to-list-of-relocations-stripped.patch index 0532a04..ed48c5c 100644 --- a/SOURCES/0037-Add-.eh_frame-to-list-of-relocations-stripped.patch +++ b/SOURCES/0037-Add-.eh_frame-to-list-of-relocations-stripped.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Add .eh_frame to list of relocations stripped 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/Makefile.common b/conf/Makefile.common -index 2a1a886f6d..191b1a70c6 100644 +index 2a1a886f6d5..191b1a70c6b 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding diff --git a/SOURCES/0038-Don-t-require-a-password-to-boot-entries-generated-b.patch b/SOURCES/0038-Don-t-require-a-password-to-boot-entries-generated-b.patch index 46b7c8a..fb0e197 100644 --- a/SOURCES/0038-Don-t-require-a-password-to-boot-entries-generated-b.patch +++ b/SOURCES/0038-Don-t-require-a-password-to-boot-entries-generated-b.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4fc58c8330..635d2fe0cd 100644 +index 4fc58c83304..635d2fe0cd3 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -26,7 +26,7 @@ datarootdir="@datarootdir@" diff --git a/SOURCES/0039-Don-t-emit-Booting-.-message.patch b/SOURCES/0039-Don-t-emit-Booting-.-message.patch index 4dc5e06..4133b52 100644 --- a/SOURCES/0039-Don-t-emit-Booting-.-message.patch +++ b/SOURCES/0039-Don-t-emit-Booting-.-message.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d7a222e681..37d753d808 100644 +index d7a222e681b..37d753d8081 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -838,12 +838,14 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -34,7 +34,7 @@ index d7a222e681..37d753d808 100644 /* Callback invoked when a default menu entry executed because of a timeout diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index 50eef918cf..de64a367c4 100644 +index 50eef918cf6..de64a367c4e 100644 --- a/grub-core/normal/menu_entry.c +++ b/grub-core/normal/menu_entry.c @@ -1176,9 +1176,6 @@ run (struct screen *screen) diff --git a/SOURCES/0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch b/SOURCES/0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch index db7be15..daa6fae 100644 --- a/SOURCES/0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch +++ b/SOURCES/0040-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch @@ -122,7 +122,7 @@ Replace a bunch of machine generated ones with ones that look nicer. create mode 100644 util/grub-sparc64-setup.8 diff --git a/configure.ac b/configure.ac -index 8331f95b64..bec8535af7 100644 +index 8331f95b645..bec8535af70 100644 --- a/configure.ac +++ b/configure.ac @@ -77,6 +77,29 @@ grub_TRANSFORM([grub-set-default]) @@ -156,7 +156,7 @@ index 8331f95b64..bec8535af7 100644 # Optimization flag. Allow user to override. if test "x$TARGET_CFLAGS" = x; then diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 8f1485d52a..b909f2c073 100644 +index 8f1485d52a5..b909f2c073a 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -11,7 +11,6 @@ EXTRA_DIST += unicode @@ -168,7 +168,7 @@ index 8f1485d52a..b909f2c073 100644 EXTRA_DIST += docs/grub.cfg EXTRA_DIST += docs/osdetect.cfg diff --git a/docs/Makefile.am b/docs/Makefile.am -index 93eb396276..ab28f19969 100644 +index 93eb3962765..ab28f199694 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -5,5 +5,3 @@ info_TEXINFOS = grub.texi grub-dev.texi @@ -179,7 +179,7 @@ index 93eb396276..ab28f19969 100644 - diff --git a/docs/man/grub-bios-setup.h2m b/docs/man/grub-bios-setup.h2m deleted file mode 100644 -index ac6ede3629..0000000000 +index ac6ede36296..00000000000 --- a/docs/man/grub-bios-setup.h2m +++ /dev/null @@ -1,6 +0,0 @@ @@ -191,7 +191,7 @@ index ac6ede3629..0000000000 -.BR grub-mkrescue (1) diff --git a/docs/man/grub-editenv.h2m b/docs/man/grub-editenv.h2m deleted file mode 100644 -index 3859d3d4c4..0000000000 +index 3859d3d4c4f..00000000000 --- a/docs/man/grub-editenv.h2m +++ /dev/null @@ -1,5 +0,0 @@ @@ -202,7 +202,7 @@ index 3859d3d4c4..0000000000 -.BR grub-set-default (8) diff --git a/docs/man/grub-emu.h2m b/docs/man/grub-emu.h2m deleted file mode 100644 -index ef1c000656..0000000000 +index ef1c000656a..00000000000 --- a/docs/man/grub-emu.h2m +++ /dev/null @@ -1,6 +0,0 @@ @@ -214,7 +214,7 @@ index ef1c000656..0000000000 -rather than this program. diff --git a/docs/man/grub-file.h2m b/docs/man/grub-file.h2m deleted file mode 100644 -index e09bb4d310..0000000000 +index e09bb4d3101..00000000000 --- a/docs/man/grub-file.h2m +++ /dev/null @@ -1,2 +0,0 @@ @@ -222,7 +222,7 @@ index e09bb4d310..0000000000 -grub-file \- check file type diff --git a/docs/man/grub-fstest.h2m b/docs/man/grub-fstest.h2m deleted file mode 100644 -index 9676b159af..0000000000 +index 9676b159afd..00000000000 --- a/docs/man/grub-fstest.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -232,7 +232,7 @@ index 9676b159af..0000000000 -.BR grub-probe (8) diff --git a/docs/man/grub-glue-efi.h2m b/docs/man/grub-glue-efi.h2m deleted file mode 100644 -index c1c6ded49f..0000000000 +index c1c6ded49ff..00000000000 --- a/docs/man/grub-glue-efi.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -242,7 +242,7 @@ index c1c6ded49f..0000000000 -grub-glue-efi processes ia32 and amd64 EFI images and glues them according to Apple format. diff --git a/docs/man/grub-install.h2m b/docs/man/grub-install.h2m deleted file mode 100644 -index 8cbbc87a0f..0000000000 +index 8cbbc87a0f2..00000000000 --- a/docs/man/grub-install.h2m +++ /dev/null @@ -1,6 +0,0 @@ @@ -254,7 +254,7 @@ index 8cbbc87a0f..0000000000 -.BR grub-mkrescue (1) diff --git a/docs/man/grub-kbdcomp.h2m b/docs/man/grub-kbdcomp.h2m deleted file mode 100644 -index d81f9157e0..0000000000 +index d81f9157e01..00000000000 --- a/docs/man/grub-kbdcomp.h2m +++ /dev/null @@ -1,10 +0,0 @@ @@ -270,7 +270,7 @@ index d81f9157e0..0000000000 -.BR grub-mklayout (8) diff --git a/docs/man/grub-macbless.h2m b/docs/man/grub-macbless.h2m deleted file mode 100644 -index 0197c0087d..0000000000 +index 0197c0087d7..00000000000 --- a/docs/man/grub-macbless.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -280,7 +280,7 @@ index 0197c0087d..0000000000 -.BR grub-install (1) diff --git a/docs/man/grub-macho2img.h2m b/docs/man/grub-macho2img.h2m deleted file mode 100644 -index d79aaeed8f..0000000000 +index d79aaeed8f9..00000000000 --- a/docs/man/grub-macho2img.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -290,7 +290,7 @@ index d79aaeed8f..0000000000 -.BR grub-mkimage (1) diff --git a/docs/man/grub-menulst2cfg.h2m b/docs/man/grub-menulst2cfg.h2m deleted file mode 100644 -index c2e0055ed7..0000000000 +index c2e0055ed7e..00000000000 --- a/docs/man/grub-menulst2cfg.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -300,7 +300,7 @@ index c2e0055ed7..0000000000 -.BR grub-mkconfig (8) diff --git a/docs/man/grub-mkconfig.h2m b/docs/man/grub-mkconfig.h2m deleted file mode 100644 -index 9b42f81301..0000000000 +index 9b42f813010..00000000000 --- a/docs/man/grub-mkconfig.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -310,7 +310,7 @@ index 9b42f81301..0000000000 -.BR grub-install (8) diff --git a/docs/man/grub-mkfont.h2m b/docs/man/grub-mkfont.h2m deleted file mode 100644 -index d46fe600ec..0000000000 +index d46fe600eca..00000000000 --- a/docs/man/grub-mkfont.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -320,7 +320,7 @@ index d46fe600ec..0000000000 -.BR grub-mkconfig (8) diff --git a/docs/man/grub-mkimage.h2m b/docs/man/grub-mkimage.h2m deleted file mode 100644 -index f0fbc2bb19..0000000000 +index f0fbc2bb197..00000000000 --- a/docs/man/grub-mkimage.h2m +++ /dev/null @@ -1,6 +0,0 @@ @@ -332,7 +332,7 @@ index f0fbc2bb19..0000000000 -.BR grub-mknetdir (8) diff --git a/docs/man/grub-mklayout.h2m b/docs/man/grub-mklayout.h2m deleted file mode 100644 -index 1e43409c0a..0000000000 +index 1e43409c0ab..00000000000 --- a/docs/man/grub-mklayout.h2m +++ /dev/null @@ -1,10 +0,0 @@ @@ -348,7 +348,7 @@ index 1e43409c0a..0000000000 -.BR grub-mkconfig (8) diff --git a/docs/man/grub-mknetdir.h2m b/docs/man/grub-mknetdir.h2m deleted file mode 100644 -index a2ef13ec11..0000000000 +index a2ef13ec111..00000000000 --- a/docs/man/grub-mknetdir.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -358,7 +358,7 @@ index a2ef13ec11..0000000000 -.BR grub-mkimage (1) diff --git a/docs/man/grub-mkpasswd-pbkdf2.h2m b/docs/man/grub-mkpasswd-pbkdf2.h2m deleted file mode 100644 -index 4d202f3da7..0000000000 +index 4d202f3da7e..00000000000 --- a/docs/man/grub-mkpasswd-pbkdf2.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -368,7 +368,7 @@ index 4d202f3da7..0000000000 -.BR grub-mkconfig (8) diff --git a/docs/man/grub-mkrelpath.h2m b/docs/man/grub-mkrelpath.h2m deleted file mode 100644 -index d01f3961e3..0000000000 +index d01f3961e3f..00000000000 --- a/docs/man/grub-mkrelpath.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -378,7 +378,7 @@ index d01f3961e3..0000000000 -.BR grub-probe (8) diff --git a/docs/man/grub-mkrescue.h2m b/docs/man/grub-mkrescue.h2m deleted file mode 100644 -index a427f02e3c..0000000000 +index a427f02e3c6..00000000000 --- a/docs/man/grub-mkrescue.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -388,7 +388,7 @@ index a427f02e3c..0000000000 -.BR grub-mkimage (1) diff --git a/docs/man/grub-mkstandalone.h2m b/docs/man/grub-mkstandalone.h2m deleted file mode 100644 -index c77313978a..0000000000 +index c77313978ad..00000000000 --- a/docs/man/grub-mkstandalone.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -398,7 +398,7 @@ index c77313978a..0000000000 -.BR grub-mkimage (1) diff --git a/docs/man/grub-mount.h2m b/docs/man/grub-mount.h2m deleted file mode 100644 -index 8d168982d7..0000000000 +index 8d168982d72..00000000000 --- a/docs/man/grub-mount.h2m +++ /dev/null @@ -1,2 +0,0 @@ @@ -406,7 +406,7 @@ index 8d168982d7..0000000000 -grub-mount \- export GRUB filesystem with FUSE diff --git a/docs/man/grub-ofpathname.h2m b/docs/man/grub-ofpathname.h2m deleted file mode 100644 -index 74b43eea03..0000000000 +index 74b43eea039..00000000000 --- a/docs/man/grub-ofpathname.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -416,7 +416,7 @@ index 74b43eea03..0000000000 -.BR grub-probe (8) diff --git a/docs/man/grub-pe2elf.h2m b/docs/man/grub-pe2elf.h2m deleted file mode 100644 -index 7ca29bd703..0000000000 +index 7ca29bd703c..00000000000 --- a/docs/man/grub-pe2elf.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -426,7 +426,7 @@ index 7ca29bd703..0000000000 -.BR grub-mkimage (1) diff --git a/docs/man/grub-probe.h2m b/docs/man/grub-probe.h2m deleted file mode 100644 -index 6e1ffdcf93..0000000000 +index 6e1ffdcf937..00000000000 --- a/docs/man/grub-probe.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -436,7 +436,7 @@ index 6e1ffdcf93..0000000000 -.BR grub-fstest (1) diff --git a/docs/man/grub-reboot.h2m b/docs/man/grub-reboot.h2m deleted file mode 100644 -index e4acace65c..0000000000 +index e4acace65ce..00000000000 --- a/docs/man/grub-reboot.h2m +++ /dev/null @@ -1,5 +0,0 @@ @@ -447,7 +447,7 @@ index e4acace65c..0000000000 -.BR grub-editenv (1) diff --git a/docs/man/grub-render-label.h2m b/docs/man/grub-render-label.h2m deleted file mode 100644 -index 50ae5247c0..0000000000 +index 50ae5247c05..00000000000 --- a/docs/man/grub-render-label.h2m +++ /dev/null @@ -1,3 +0,0 @@ @@ -456,7 +456,7 @@ index 50ae5247c0..0000000000 - diff --git a/docs/man/grub-script-check.h2m b/docs/man/grub-script-check.h2m deleted file mode 100644 -index 3653682671..0000000000 +index 3653682671a..00000000000 --- a/docs/man/grub-script-check.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -466,7 +466,7 @@ index 3653682671..0000000000 -.BR grub-mkconfig (8) diff --git a/docs/man/grub-set-default.h2m b/docs/man/grub-set-default.h2m deleted file mode 100644 -index 7945001c15..0000000000 +index 7945001c154..00000000000 --- a/docs/man/grub-set-default.h2m +++ /dev/null @@ -1,5 +0,0 @@ @@ -477,7 +477,7 @@ index 7945001c15..0000000000 -.BR grub-editenv (1) diff --git a/docs/man/grub-sparc64-setup.h2m b/docs/man/grub-sparc64-setup.h2m deleted file mode 100644 -index 18f803a50d..0000000000 +index 18f803a50db..00000000000 --- a/docs/man/grub-sparc64-setup.h2m +++ /dev/null @@ -1,6 +0,0 @@ @@ -489,7 +489,7 @@ index 18f803a50d..0000000000 -.BR grub-mkrescue (1) diff --git a/docs/man/grub-syslinux2cfg.h2m b/docs/man/grub-syslinux2cfg.h2m deleted file mode 100644 -index ad25c8ab75..0000000000 +index ad25c8ab753..00000000000 --- a/docs/man/grub-syslinux2cfg.h2m +++ /dev/null @@ -1,4 +0,0 @@ @@ -498,7 +498,7 @@ index ad25c8ab75..0000000000 -[SEE ALSO] -.BR grub-menulst2cfg (8) diff --git a/gentpl.py b/gentpl.py -index c86550d4f9..2cba0bbbd6 100644 +index c86550d4f9e..2cba0bbbd6f 100644 --- a/gentpl.py +++ b/gentpl.py @@ -805,10 +805,7 @@ def manpage(defn, adddeps): @@ -515,7 +515,7 @@ index c86550d4f9..2cba0bbbd6 100644 diff --git a/util/grub-bios-setup.8 b/util/grub-bios-setup.8 new file mode 100644 -index 0000000000..56f582b3d7 +index 00000000000..56f582b3d75 --- /dev/null +++ b/util/grub-bios-setup.8 @@ -0,0 +1,54 @@ @@ -575,7 +575,7 @@ index 0000000000..56f582b3d7 +.BR "info grub" diff --git a/util/grub-editenv.1 b/util/grub-editenv.1 new file mode 100644 -index 0000000000..d28ba03ba4 +index 00000000000..d28ba03ba42 --- /dev/null +++ b/util/grub-editenv.1 @@ -0,0 +1,46 @@ @@ -627,7 +627,7 @@ index 0000000000..d28ba03ba4 +.BR "info grub" diff --git a/util/grub-file.1 b/util/grub-file.1 new file mode 100644 -index 0000000000..b29cb32788 +index 00000000000..b29cb327889 --- /dev/null +++ b/util/grub-file.1 @@ -0,0 +1,165 @@ @@ -798,7 +798,7 @@ index 0000000000..b29cb32788 +.BR "info grub" diff --git a/util/grub-fstest.1 b/util/grub-fstest.1 new file mode 100644 -index 0000000000..792fa78634 +index 00000000000..792fa78634c --- /dev/null +++ b/util/grub-fstest.1 @@ -0,0 +1,99 @@ @@ -903,7 +903,7 @@ index 0000000000..792fa78634 +.BR "info grub" diff --git a/util/grub-glue-efi.1 b/util/grub-glue-efi.1 new file mode 100644 -index 0000000000..72bd555d57 +index 00000000000..72bd555d577 --- /dev/null +++ b/util/grub-glue-efi.1 @@ -0,0 +1,31 @@ @@ -940,7 +940,7 @@ index 0000000000..72bd555d57 +.BR "info grub" diff --git a/util/grub-install.8 b/util/grub-install.8 new file mode 100644 -index 0000000000..1db89e94b3 +index 00000000000..1db89e94b3b --- /dev/null +++ b/util/grub-install.8 @@ -0,0 +1,128 @@ @@ -1074,7 +1074,7 @@ index 0000000000..1db89e94b3 +.BR "info grub" diff --git a/util/grub-kbdcomp.1 b/util/grub-kbdcomp.1 new file mode 100644 -index 0000000000..0bb969a5b4 +index 00000000000..0bb969a5b43 --- /dev/null +++ b/util/grub-kbdcomp.1 @@ -0,0 +1,19 @@ @@ -1099,7 +1099,7 @@ index 0000000000..0bb969a5b4 +.BR "info grub" diff --git a/util/grub-macbless.1 b/util/grub-macbless.1 new file mode 100644 -index 0000000000..41a96186f7 +index 00000000000..41a96186f70 --- /dev/null +++ b/util/grub-macbless.1 @@ -0,0 +1,22 @@ @@ -1127,7 +1127,7 @@ index 0000000000..41a96186f7 +.BR "info grub" diff --git a/util/grub-menulst2cfg.1 b/util/grub-menulst2cfg.1 new file mode 100644 -index 0000000000..91e2ef8711 +index 00000000000..91e2ef87113 --- /dev/null +++ b/util/grub-menulst2cfg.1 @@ -0,0 +1,12 @@ @@ -1145,7 +1145,7 @@ index 0000000000..91e2ef8711 +.BR "info grub" diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 new file mode 100644 -index 0000000000..a2d1f577b9 +index 00000000000..a2d1f577b9b --- /dev/null +++ b/util/grub-mkconfig.8 @@ -0,0 +1,17 @@ @@ -1168,7 +1168,7 @@ index 0000000000..a2d1f577b9 +.BR "info grub" diff --git a/util/grub-mkfont.1 b/util/grub-mkfont.1 new file mode 100644 -index 0000000000..3494857987 +index 00000000000..3494857987d --- /dev/null +++ b/util/grub-mkfont.1 @@ -0,0 +1,87 @@ @@ -1261,7 +1261,7 @@ index 0000000000..3494857987 +.BR "info grub" diff --git a/util/grub-mkimage.1 b/util/grub-mkimage.1 new file mode 100644 -index 0000000000..4dea4f5459 +index 00000000000..4dea4f54597 --- /dev/null +++ b/util/grub-mkimage.1 @@ -0,0 +1,95 @@ @@ -1362,7 +1362,7 @@ index 0000000000..4dea4f5459 +.BR "info grub" diff --git a/util/grub-mklayout.1 b/util/grub-mklayout.1 new file mode 100644 -index 0000000000..d1bbc2ec51 +index 00000000000..d1bbc2ec515 --- /dev/null +++ b/util/grub-mklayout.1 @@ -0,0 +1,27 @@ @@ -1395,7 +1395,7 @@ index 0000000000..d1bbc2ec51 +.BR "info grub" diff --git a/util/grub-mknetdir.1 b/util/grub-mknetdir.1 new file mode 100644 -index 0000000000..fa7e8d4ef0 +index 00000000000..fa7e8d4ef0d --- /dev/null +++ b/util/grub-mknetdir.1 @@ -0,0 +1,12 @@ @@ -1413,7 +1413,7 @@ index 0000000000..fa7e8d4ef0 +.BR "info grub" diff --git a/util/grub-mkpasswd-pbkdf2.1 b/util/grub-mkpasswd-pbkdf2.1 new file mode 100644 -index 0000000000..73c437c15d +index 00000000000..73c437c15d8 --- /dev/null +++ b/util/grub-mkpasswd-pbkdf2.1 @@ -0,0 +1,27 @@ @@ -1446,7 +1446,7 @@ index 0000000000..73c437c15d +.BR "info grub" diff --git a/util/grub-mkrelpath.1 b/util/grub-mkrelpath.1 new file mode 100644 -index 0000000000..85f1113621 +index 00000000000..85f1113621d --- /dev/null +++ b/util/grub-mkrelpath.1 @@ -0,0 +1,12 @@ @@ -1464,7 +1464,7 @@ index 0000000000..85f1113621 +.BR "info grub" diff --git a/util/grub-mkrescue.1 b/util/grub-mkrescue.1 new file mode 100644 -index 0000000000..4ed9fc723f +index 00000000000..4ed9fc723fd --- /dev/null +++ b/util/grub-mkrescue.1 @@ -0,0 +1,123 @@ @@ -1593,7 +1593,7 @@ index 0000000000..4ed9fc723f +.BR "info grub" diff --git a/util/grub-mkstandalone.1 b/util/grub-mkstandalone.1 new file mode 100644 -index 0000000000..ba2d2bdf27 +index 00000000000..ba2d2bdf279 --- /dev/null +++ b/util/grub-mkstandalone.1 @@ -0,0 +1,100 @@ @@ -1699,7 +1699,7 @@ index 0000000000..ba2d2bdf27 +.BR "info grub" diff --git a/util/grub-ofpathname.8 b/util/grub-ofpathname.8 new file mode 100644 -index 0000000000..bf3743aeba +index 00000000000..bf3743aeba1 --- /dev/null +++ b/util/grub-ofpathname.8 @@ -0,0 +1,12 @@ @@ -1717,7 +1717,7 @@ index 0000000000..bf3743aeba +.BR "info grub" diff --git a/util/grub-probe.8 b/util/grub-probe.8 new file mode 100644 -index 0000000000..04e26c832b +index 00000000000..04e26c832bb --- /dev/null +++ b/util/grub-probe.8 @@ -0,0 +1,80 @@ @@ -1803,7 +1803,7 @@ index 0000000000..04e26c832b +.BR "info grub" diff --git a/util/grub-reboot.8 b/util/grub-reboot.8 new file mode 100644 -index 0000000000..faa5e4eece +index 00000000000..faa5e4eece2 --- /dev/null +++ b/util/grub-reboot.8 @@ -0,0 +1,21 @@ @@ -1830,7 +1830,7 @@ index 0000000000..faa5e4eece +.BR "info grub" diff --git a/util/grub-render-label.1 b/util/grub-render-label.1 new file mode 100644 -index 0000000000..4d51c8abf0 +index 00000000000..4d51c8abf01 --- /dev/null +++ b/util/grub-render-label.1 @@ -0,0 +1,51 @@ @@ -1887,7 +1887,7 @@ index 0000000000..4d51c8abf0 +.BR "info grub" diff --git a/util/grub-script-check.1 b/util/grub-script-check.1 new file mode 100644 -index 0000000000..0f1f625b05 +index 00000000000..0f1f625b05d --- /dev/null +++ b/util/grub-script-check.1 @@ -0,0 +1,21 @@ @@ -1914,7 +1914,7 @@ index 0000000000..0f1f625b05 +.BR "info grub" diff --git a/util/grub-set-default.8 b/util/grub-set-default.8 new file mode 100644 -index 0000000000..a96265a150 +index 00000000000..a96265a1509 --- /dev/null +++ b/util/grub-set-default.8 @@ -0,0 +1,21 @@ @@ -1941,7 +1941,7 @@ index 0000000000..a96265a150 +.BR "info grub" diff --git a/util/grub-sparc64-setup.8 b/util/grub-sparc64-setup.8 new file mode 100644 -index 0000000000..37ea2dd5ea +index 00000000000..37ea2dd5eaa --- /dev/null +++ b/util/grub-sparc64-setup.8 @@ -0,0 +1,12 @@ diff --git a/SOURCES/0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch b/SOURCES/0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch index 61ff9db..985205c 100644 --- a/SOURCES/0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch +++ b/SOURCES/0041-use-fw_path-prefix-when-fallback-searching-for-grub-.patch @@ -17,7 +17,7 @@ Signed-off-by: Mark Salter 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index ec1cd25739..d85f7598d2 100644 +index ec1cd257397..d85f7598d23 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -349,7 +349,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), diff --git a/SOURCES/0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch b/SOURCES/0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch index 57e9105..61dd5ca 100644 --- a/SOURCES/0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch +++ b/SOURCES/0042-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 51 insertions(+), 46 deletions(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index d85f7598d2..1e509fceb9 100644 +index d85f7598d23..1e509fceb91 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -347,61 +347,66 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), diff --git a/SOURCES/0043-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch b/SOURCES/0043-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch index dc10644..ef0b0f4 100644 --- a/SOURCES/0043-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch +++ b/SOURCES/0043-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 635d2fe0cd..fed7327147 100644 +index 635d2fe0cd3..fed73271478 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -29,7 +29,8 @@ export TEXTDOMAINDIR="@localedir@" diff --git a/SOURCES/0044-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch b/SOURCES/0044-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch index f4d83da..3e2d3ae 100644 --- a/SOURCES/0044-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch +++ b/SOURCES/0044-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 1 file changed, 8 insertions(+) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 301d1ac229..0f6505bf3b 100644 +index 301d1ac229a..0f6505bf3b6 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -253,6 +253,14 @@ version_test_gt () diff --git a/SOURCES/0045-Try-prefix-if-fw_path-doesn-t-work.patch b/SOURCES/0045-Try-prefix-if-fw_path-doesn-t-work.patch index c8a60dd..59489bd 100644 --- a/SOURCES/0045-Try-prefix-if-fw_path-doesn-t-work.patch +++ b/SOURCES/0045-Try-prefix-if-fw_path-doesn-t-work.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 3 files changed, 82 insertions(+), 82 deletions(-) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index e71d158416..0cd2a62723 100644 +index e71d1584164..0cd2a627231 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -127,23 +127,25 @@ grub_machine_get_bootlocation (char **device, char **path) @@ -56,7 +56,7 @@ index e71d158416..0cd2a62723 100644 } diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 4d3eb5c1a5..0ef148f4ad 100644 +index 4d3eb5c1a52..0ef148f4adc 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -1869,7 +1869,7 @@ grub_net_search_config_file (char *config) @@ -69,7 +69,7 @@ index 4d3eb5c1a5..0ef148f4ad 100644 static struct grub_preboot *fini_hnd; diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 1e509fceb9..d5968797f4 100644 +index 1e509fceb91..d5968797f4f 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -337,81 +337,79 @@ grub_enter_normal_mode (const char *config) diff --git a/SOURCES/0046-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch b/SOURCES/0046-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch index 8cf1c8a..78a6fa1 100644 --- a/SOURCES/0046-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch +++ b/SOURCES/0046-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch @@ -26,7 +26,7 @@ Signed-off-by: Thierry Vignaud create mode 100644 util/grub-rpm-sort.8 diff --git a/configure.ac b/configure.ac -index bec8535af7..fdcb452581 100644 +index bec8535af70..fdcb452581c 100644 --- a/configure.ac +++ b/configure.ac @@ -72,6 +72,7 @@ grub_TRANSFORM([grub-mkrelpath]) @@ -89,7 +89,7 @@ index bec8535af7..fdcb452581 100644 if test x$host_kernel = xkfreebsd; then AC_CHECK_LIB([geom], [geom_gettree], [], diff --git a/Makefile.util.def b/Makefile.util.def -index 2c9b283a23..ba4cf4b29b 100644 +index 2c9b283a230..ba4cf4b29b0 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -703,6 +703,22 @@ program = { @@ -117,7 +117,7 @@ index 2c9b283a23..ba4cf4b29b 100644 common = util/grub-mkconfig.in; diff --git a/util/grub-rpm-sort.c b/util/grub-rpm-sort.c new file mode 100644 -index 0000000000..f33bd1ed56 +index 00000000000..f33bd1ed568 --- /dev/null +++ b/util/grub-rpm-sort.c @@ -0,0 +1,281 @@ @@ -403,7 +403,7 @@ index 0000000000..f33bd1ed56 + return 0; +} diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 0f6505bf3b..42c2ea9ba5 100644 +index 0f6505bf3b6..42c2ea9ba50 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -33,6 +33,9 @@ fi @@ -440,7 +440,7 @@ index 0f6505bf3b..42c2ea9ba5 100644 return 1 diff --git a/util/grub-rpm-sort.8 b/util/grub-rpm-sort.8 new file mode 100644 -index 0000000000..8ce2148844 +index 00000000000..8ce21488448 --- /dev/null +++ b/util/grub-rpm-sort.8 @@ -0,0 +1,12 @@ diff --git a/SOURCES/0047-Make-grub2-mkconfig-construct-titles-that-look-like-.patch b/SOURCES/0047-Make-grub2-mkconfig-construct-titles-that-look-like-.patch index cecd159..4c474e4 100644 --- a/SOURCES/0047-Make-grub2-mkconfig-construct-titles-that-look-like-.patch +++ b/SOURCES/0047-Make-grub2-mkconfig-construct-titles-that-look-like-.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index fed7327147..2e59f3b419 100644 +index fed73271478..2e59f3b4197 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -78,6 +78,32 @@ case x"$GRUB_FS" in diff --git a/SOURCES/0048-Add-friendly-grub2-password-config-tool-985962.patch b/SOURCES/0048-Add-friendly-grub2-password-config-tool-985962.patch index 70f6635..9807d0e 100644 --- a/SOURCES/0048-Add-friendly-grub2-password-config-tool-985962.patch +++ b/SOURCES/0048-Add-friendly-grub2-password-config-tool-985962.patch @@ -27,7 +27,7 @@ Andy Lutomirski create mode 100644 util/grub.d/01_users.in diff --git a/configure.ac b/configure.ac -index fdcb452581..30fd84d806 100644 +index fdcb452581c..30fd84d8067 100644 --- a/configure.ac +++ b/configure.ac @@ -72,6 +72,7 @@ grub_TRANSFORM([grub-mkrelpath]) @@ -39,7 +39,7 @@ index fdcb452581..30fd84d806 100644 grub_TRANSFORM([grub-script-check]) grub_TRANSFORM([grub-set-default]) diff --git a/Makefile.util.def b/Makefile.util.def -index ba4cf4b29b..1a7dd433e3 100644 +index ba4cf4b29b0..1a7dd433e33 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -452,6 +452,12 @@ script = { @@ -70,7 +70,7 @@ index ba4cf4b29b..1a7dd433e3 100644 name = grub-mkconfig_lib; common = util/grub-mkconfig_lib.in; diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 8ea2315ebc..ba14cf6261 100644 +index 8ea2315ebc2..ba14cf6261c 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -276,6 +276,8 @@ for i in "${grub_mkconfig_dir}"/* ; do @@ -84,7 +84,7 @@ index 8ea2315ebc..ba14cf6261 100644 echo diff --git a/util/grub-set-password.8 b/util/grub-set-password.8 new file mode 100644 -index 0000000000..9646546e43 +index 00000000000..9646546e43d --- /dev/null +++ b/util/grub-set-password.8 @@ -0,0 +1,28 @@ @@ -118,7 +118,7 @@ index 0000000000..9646546e43 +.BR "info grub2-mkpasswd-pbkdf2" diff --git a/util/grub-set-password.in b/util/grub-set-password.in new file mode 100644 -index 0000000000..5ebf50576d +index 00000000000..5ebf50576d6 --- /dev/null +++ b/util/grub-set-password.in @@ -0,0 +1,128 @@ @@ -252,7 +252,7 @@ index 0000000000..5ebf50576d +fi diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in new file mode 100644 -index 0000000000..db2f44bfb7 +index 00000000000..db2f44bfb78 --- /dev/null +++ b/util/grub.d/01_users.in @@ -0,0 +1,11 @@ diff --git a/SOURCES/0049-tcp-add-window-scaling-support.patch b/SOURCES/0049-tcp-add-window-scaling-support.patch index 61b5a67..7d1996c 100644 --- a/SOURCES/0049-tcp-add-window-scaling-support.patch +++ b/SOURCES/0049-tcp-add-window-scaling-support.patch @@ -17,7 +17,7 @@ Signed-off-by: Josef Bacik 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c -index e8ad34b84d..7d4b822626 100644 +index e8ad34b84d4..7d4b822626d 100644 --- a/grub-core/net/tcp.c +++ b/grub-core/net/tcp.c @@ -106,6 +106,18 @@ struct tcphdr diff --git a/SOURCES/0050-efinet-and-bootp-add-support-for-dhcpv6.patch b/SOURCES/0050-efinet-and-bootp-add-support-for-dhcpv6.patch index efeeee0..a9844b8 100644 --- a/SOURCES/0050-efinet-and-bootp-add-support-for-dhcpv6.patch +++ b/SOURCES/0050-efinet-and-bootp-add-support-for-dhcpv6.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 6 files changed, 477 insertions(+), 14 deletions(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 6fb5627025..e28fb6a09f 100644 +index 6fb5627025d..e28fb6a09f9 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -902,6 +902,179 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), @@ -198,7 +198,7 @@ index 6fb5627025..e28fb6a09f 100644 grub_bootp_init (void) { diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f952ba..173fb63153 100644 +index 5388f952ba9..173fb63153c 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -18,11 +18,14 @@ @@ -307,7 +307,7 @@ index 5388f952ba..173fb63153 100644 } } diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 0ef148f4ad..22f2689aae 100644 +index 0ef148f4adc..22f2689aaeb 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -960,6 +960,78 @@ grub_net_network_level_interface_register (struct grub_net_network_level_interfa @@ -390,7 +390,7 @@ index 0ef148f4ad..22f2689aae 100644 grub_err_t grub_net_add_ipv4_local (struct grub_net_network_level_interface *inter, diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7f44b30f52..4ab2f5c735 100644 +index 7f44b30f521..4ab2f5c7357 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -358,18 +358,22 @@ tftp_open (struct grub_file *file, const char *filename) @@ -417,7 +417,7 @@ index 7f44b30f52..4ab2f5c735 100644 return grub_errno; } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index f1a52210c0..117469450d 100644 +index f1a52210c0c..117469450d3 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -592,10 +592,16 @@ typedef void *grub_efi_handle_t; @@ -572,7 +572,7 @@ index f1a52210c0..117469450d 100644 typedef struct grub_efi_pxe diff --git a/include/grub/net.h b/include/grub/net.h -index 7ae4b6bd80..8a05ec4fe7 100644 +index 7ae4b6bd805..8a05ec4fe7a 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -447,6 +447,51 @@ struct grub_net_bootp_packet diff --git a/SOURCES/0051-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch b/SOURCES/0051-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch index 3dfe8bf..e799ac1 100644 --- a/SOURCES/0051-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch +++ b/SOURCES/0051-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch @@ -23,7 +23,7 @@ Resolves: rhbz#1226325 create mode 100644 util/grub-get-kernel-settings.in diff --git a/configure.ac b/configure.ac -index 30fd84d806..ed31ea457d 100644 +index 30fd84d8067..ed31ea457d2 100644 --- a/configure.ac +++ b/configure.ac @@ -65,6 +65,7 @@ grub_TRANSFORM([grub-install]) @@ -43,7 +43,7 @@ index 30fd84d806..ed31ea457d 100644 grub_TRANSFORM([grub-install.1]) grub_TRANSFORM([grub-kbdcomp.3]) diff --git a/Makefile.util.def b/Makefile.util.def -index 1a7dd433e3..cdd2f51fe4 100644 +index 1a7dd433e33..cdd2f51fe4b 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -732,6 +732,13 @@ script = { @@ -61,7 +61,7 @@ index 1a7dd433e3..cdd2f51fe4 100644 name = grub-set-default; common = util/grub-set-default.in; diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in -index 44bf135b9f..5c4acd496d 100644 +index 44bf135b9f8..5c4acd496d4 100644 --- a/util/bash-completion.d/grub-completion.bash.in +++ b/util/bash-completion.d/grub-completion.bash.in @@ -264,6 +264,28 @@ have ${__grub_sparc64_setup_program} && \ @@ -95,7 +95,7 @@ index 44bf135b9f..5c4acd496d 100644 # diff --git a/util/grub-get-kernel-settings.3 b/util/grub-get-kernel-settings.3 new file mode 100644 -index 0000000000..ba33330e28 +index 00000000000..ba33330e28d --- /dev/null +++ b/util/grub-get-kernel-settings.3 @@ -0,0 +1,20 @@ @@ -121,7 +121,7 @@ index 0000000000..ba33330e28 +.BR "info grub" diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in new file mode 100644 -index 0000000000..7e87dfccc0 +index 00000000000..7e87dfccc0e --- /dev/null +++ b/util/grub-get-kernel-settings.in @@ -0,0 +1,88 @@ @@ -214,7 +214,7 @@ index 0000000000..7e87dfccc0 + echo export GRUB_UPDATE_DEFAULT_KERNEL +fi diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index ba14cf6261..005f093809 100644 +index ba14cf6261c..005f093809b 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -45,6 +45,7 @@ grub_probe="${sbindir}/@grub_probe@" @@ -235,7 +235,7 @@ index ba14cf6261..005f093809 100644 if [ -z "${GRUB_DISABLE_LINUX_UUID}" ]; then GRUB_DISABLE_LINUX_UUID="true" diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2e59f3b419..0f3c19e30c 100644 +index 2e59f3b4197..0f3c19e30cc 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -111,7 +111,8 @@ linux_entry () diff --git a/SOURCES/0052-bz1374141-fix-incorrect-mask-for-ppc64.patch b/SOURCES/0052-bz1374141-fix-incorrect-mask-for-ppc64.patch index c2820cb..1bb2658 100644 --- a/SOURCES/0052-bz1374141-fix-incorrect-mask-for-ppc64.patch +++ b/SOURCES/0052-bz1374141-fix-incorrect-mask-for-ppc64.patch @@ -30,7 +30,7 @@ The count of zero with __builtin_clz can be 22. (clz counts the number of one bi 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c -index ac4e62a95c..3860b6f78d 100644 +index ac4e62a95c9..3860b6f78d8 100644 --- a/grub-core/net/drivers/ieee1275/ofnet.c +++ b/grub-core/net/drivers/ieee1275/ofnet.c @@ -220,8 +220,7 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, diff --git a/SOURCES/0053-Make-grub_fatal-also-backtrace.patch b/SOURCES/0053-Make-grub_fatal-also-backtrace.patch index f876575..3534b05 100644 --- a/SOURCES/0053-Make-grub_fatal-also-backtrace.patch +++ b/SOURCES/0053-Make-grub_fatal-also-backtrace.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Make grub_fatal() also backtrace. create mode 100644 grub-core/lib/arm64/backtrace.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c15e91943b..058c88ac3a 100644 +index c15e91943b9..058c88ac3af 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -188,6 +188,9 @@ kernel = { @@ -27,7 +27,7 @@ index c15e91943b..058c88ac3a 100644 i386_xen = kern/i386/dl.c; i386_xen_pvh = kern/i386/dl.c; diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 63b586d09c..a3e215155b 100644 +index 63b586d09cb..a3e215155bd 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -24,6 +24,7 @@ @@ -55,7 +55,7 @@ index 63b586d09c..a3e215155b 100644 #endif diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c new file mode 100644 -index 0000000000..1079b5380e +index 00000000000..1079b5380e1 --- /dev/null +++ b/grub-core/lib/arm64/backtrace.c @@ -0,0 +1,62 @@ @@ -122,7 +122,7 @@ index 0000000000..1079b5380e +} + diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c -index 825a8800e2..c0ad6ab8be 100644 +index 825a8800e25..c0ad6ab8be1 100644 --- a/grub-core/lib/backtrace.c +++ b/grub-core/lib/backtrace.c @@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -142,7 +142,7 @@ index 825a8800e2..c0ad6ab8be 100644 } diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c -index c3e03c7275..c67273db3a 100644 +index c3e03c7275c..c67273db3ae 100644 --- a/grub-core/lib/i386/backtrace.c +++ b/grub-core/lib/i386/backtrace.c @@ -15,11 +15,23 @@ diff --git a/SOURCES/0054-Fix-up-some-man-pages-rpmdiff-noticed.patch b/SOURCES/0054-Fix-up-some-man-pages-rpmdiff-noticed.patch index b9c50f6..8016a62 100644 --- a/SOURCES/0054-Fix-up-some-man-pages-rpmdiff-noticed.patch +++ b/SOURCES/0054-Fix-up-some-man-pages-rpmdiff-noticed.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Fix up some man pages rpmdiff noticed. create mode 100644 util/grub-syslinux2cfg.1 diff --git a/configure.ac b/configure.ac -index ed31ea457d..537ed41146 100644 +index ed31ea457d2..537ed411469 100644 --- a/configure.ac +++ b/configure.ac @@ -87,6 +87,7 @@ grub_TRANSFORM([grub-get-kernel-settings.3]) @@ -34,7 +34,7 @@ index ed31ea457d..537ed41146 100644 if test "x$TARGET_CFLAGS" = x; then diff --git a/util/grub-macbless.8 b/util/grub-macbless.8 new file mode 100644 -index 0000000000..ae842f3a60 +index 00000000000..ae842f3a606 --- /dev/null +++ b/util/grub-macbless.8 @@ -0,0 +1,26 @@ @@ -65,7 +65,7 @@ index 0000000000..ae842f3a60 +.SH SEE ALSO +.BR "info grub" diff --git a/util/grub-mkimage.1 b/util/grub-mkimage.1 -index 4dea4f5459..0eaaafe505 100644 +index 4dea4f54597..0eaaafe505b 100644 --- a/util/grub-mkimage.1 +++ b/util/grub-mkimage.1 @@ -17,7 +17,7 @@ @@ -79,7 +79,7 @@ index 4dea4f5459..0eaaafe505 100644 .TP diff --git a/util/grub-syslinux2cfg.1 b/util/grub-syslinux2cfg.1 new file mode 100644 -index 0000000000..8530948271 +index 00000000000..85309482718 --- /dev/null +++ b/util/grub-syslinux2cfg.1 @@ -0,0 +1,65 @@ diff --git a/SOURCES/0055-Make-our-info-pages-say-grub2-where-appropriate.patch b/SOURCES/0055-Make-our-info-pages-say-grub2-where-appropriate.patch index afba285..be28efd 100644 --- a/SOURCES/0055-Make-our-info-pages-say-grub2-where-appropriate.patch +++ b/SOURCES/0055-Make-our-info-pages-say-grub2-where-appropriate.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 2 files changed, 171 insertions(+), 154 deletions(-) diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 6c629a23e2..19f708ee66 100644 +index 6c629a23e2d..19f708ee662 100644 --- a/docs/grub-dev.texi +++ b/docs/grub-dev.texi @@ -1,7 +1,7 @@ @@ -35,7 +35,7 @@ index 6c629a23e2..19f708ee66 100644 @setchapternewpage odd diff --git a/docs/grub.texi b/docs/grub.texi -index 69f08d289f..0615d0ed97 100644 +index 69f08d289f9..0615d0ed97e 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1,7 +1,7 @@ diff --git a/SOURCES/0056-macos-just-build-chainloader-entries-don-t-try-any-x.patch b/SOURCES/0056-macos-just-build-chainloader-entries-don-t-try-any-x.patch index 8d3139d..574d117 100644 --- a/SOURCES/0056-macos-just-build-chainloader-entries-don-t-try-any-x.patch +++ b/SOURCES/0056-macos-just-build-chainloader-entries-don-t-try-any-x.patch @@ -20,7 +20,7 @@ Signed-off-by: Peter Jones 1 file changed, 18 insertions(+), 60 deletions(-) diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 1b91c102f3..4b27bd2015 100644 +index 1b91c102f35..4b27bd20153 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -42,68 +42,25 @@ if [ -z "${OSPROBED}" ] ; then diff --git a/SOURCES/0057-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch b/SOURCES/0057-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch index 57d2391..68dfc1d 100644 --- a/SOURCES/0057-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch +++ b/SOURCES/0057-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch @@ -24,7 +24,7 @@ Signed-off-by: Jeff Mahoney 2 files changed, 533 insertions(+), 20 deletions(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 63203034df..f1fff7385b 100644 +index 63203034dfc..f1fff7385b5 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -38,6 +38,9 @@ @@ -690,7 +690,7 @@ index 63203034df..f1fff7385b 100644 + +// vim: si et sw=2: diff --git a/include/grub/btrfs.h b/include/grub/btrfs.h -index 9d93fb6c18..234ad97677 100644 +index 9d93fb6c182..234ad976771 100644 --- a/include/grub/btrfs.h +++ b/include/grub/btrfs.h @@ -29,6 +29,7 @@ enum diff --git a/SOURCES/0058-export-btrfs_subvol-and-btrfs_subvolid.patch b/SOURCES/0058-export-btrfs_subvol-and-btrfs_subvolid.patch index 719866e..d38a6b8 100644 --- a/SOURCES/0058-export-btrfs_subvol-and-btrfs_subvolid.patch +++ b/SOURCES/0058-export-btrfs_subvol-and-btrfs_subvolid.patch @@ -12,7 +12,7 @@ Signed-off-by: Michael Chang 1 file changed, 2 insertions(+) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index f1fff7385b..ad1b56b716 100644 +index f1fff7385b5..ad1b56b716d 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -2714,6 +2714,8 @@ GRUB_MOD_INIT (btrfs) diff --git a/SOURCES/0059-grub2-btrfs-03-follow_default.patch b/SOURCES/0059-grub2-btrfs-03-follow_default.patch index 384365a..2b9a136 100644 --- a/SOURCES/0059-grub2-btrfs-03-follow_default.patch +++ b/SOURCES/0059-grub2-btrfs-03-follow_default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] grub2-btrfs-03-follow_default 1 file changed, 76 insertions(+), 31 deletions(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index ad1b56b716..113c1f746c 100644 +index ad1b56b716d..113c1f746c9 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -1256,6 +1256,7 @@ grub_btrfs_mount (grub_device_t dev) diff --git a/SOURCES/0060-grub2-btrfs-04-grub2-install.patch b/SOURCES/0060-grub2-btrfs-04-grub2-install.patch index 9913ccf..f91c31a 100644 --- a/SOURCES/0060-grub2-btrfs-04-grub2-install.patch +++ b/SOURCES/0060-grub2-btrfs-04-grub2-install.patch @@ -13,7 +13,7 @@ Subject: [PATCH] grub2-btrfs-04-grub2-install 6 files changed, 54 insertions(+), 2 deletions(-) diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 001b818fe5..caf9b1ccd3 100644 +index 001b818fe58..caf9b1ccd3f 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -376,6 +376,7 @@ get_btrfs_fs_prefix (const char *mount_path) @@ -38,7 +38,7 @@ index 001b818fe5..caf9b1ccd3 100644 else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) { diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 7d6325138c..46a881530c 100644 +index 7d6325138ce..46a881530c0 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -82,6 +82,19 @@ grub_util_load_config (struct grub_util_config *cfg) @@ -73,7 +73,7 @@ index 7d6325138c..46a881530c 100644 argv[2] = script; argv[3] = '\0'; diff --git a/util/config.c b/util/config.c -index ebcdd8f5e2..f044a880a7 100644 +index ebcdd8f5e22..f044a880a76 100644 --- a/util/config.c +++ b/util/config.c @@ -42,6 +42,16 @@ grub_util_parse_config (FILE *f, struct grub_util_config *cfg, int simple) @@ -94,7 +94,7 @@ index ebcdd8f5e2..f044a880a7 100644 sizeof ("GRUB_DISTRIBUTOR=") - 1) == 0) { diff --git a/util/grub-install.c b/util/grub-install.c -index 0fbe7f78c6..0f66f36d23 100644 +index 0fbe7f78c6d..0f66f36d23a 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -827,6 +827,8 @@ fill_core_services (const char *core_services) @@ -134,7 +134,7 @@ index 0fbe7f78c6..0f66f36d23 100644 char *install_drive = NULL; diff --git a/util/grub-mkrelpath.c b/util/grub-mkrelpath.c -index 47a241a391..5db7a9a7d9 100644 +index 47a241a391b..5db7a9a7d97 100644 --- a/util/grub-mkrelpath.c +++ b/util/grub-mkrelpath.c @@ -40,9 +40,12 @@ struct arguments @@ -161,7 +161,7 @@ index 47a241a391..5db7a9a7d9 100644 if (state->arg_num == 0) arguments->pathname = xstrdup (arg); diff --git a/include/grub/emu/config.h b/include/grub/emu/config.h -index 875d5896ce..c9a7e5f4ad 100644 +index 875d5896ce1..c9a7e5f4ade 100644 --- a/include/grub/emu/config.h +++ b/include/grub/emu/config.h @@ -37,6 +37,7 @@ struct grub_util_config diff --git a/SOURCES/0061-grub2-btrfs-05-grub2-mkconfig.patch b/SOURCES/0061-grub2-btrfs-05-grub2-mkconfig.patch index 2f9ce25..8270505 100644 --- a/SOURCES/0061-grub2-btrfs-05-grub2-mkconfig.patch +++ b/SOURCES/0061-grub2-btrfs-05-grub2-mkconfig.patch @@ -13,7 +13,7 @@ Signed-off-by: Michael Chang 5 files changed, 38 insertions(+), 2 deletions(-) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 005f093809..535c0f0249 100644 +index 005f093809b..535c0f02499 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -252,7 +252,8 @@ export GRUB_DEFAULT \ @@ -27,7 +27,7 @@ index 005f093809..535c0f0249 100644 if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 42c2ea9ba5..fafeac9506 100644 +index 42c2ea9ba50..fafeac95061 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -52,7 +52,11 @@ grub_warn () @@ -43,7 +43,7 @@ index 42c2ea9ba5..fafeac9506 100644 is_path_readable_by_grub () diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 858b526c92..de727e6ee6 100644 +index 858b526c925..de727e6ee6b 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -27,6 +27,14 @@ export TEXTDOMAINDIR="@localedir@" @@ -90,7 +90,7 @@ index 858b526c92..de727e6ee6 100644 +EOF +fi diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 0f3c19e30c..cbfaca34cc 100644 +index 0f3c19e30cc..cbfaca34cc7 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -66,10 +66,14 @@ fi @@ -109,7 +109,7 @@ index 0f3c19e30c..cbfaca34cc 100644 xzfs) rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index ada20775a1..e9e73b815f 100644 +index ada20775a14..e9e73b815fb 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -73,10 +73,14 @@ fi diff --git a/SOURCES/0062-grub2-btrfs-06-subvol-mount.patch b/SOURCES/0062-grub2-btrfs-06-subvol-mount.patch index 5394270..9a51175 100644 --- a/SOURCES/0062-grub2-btrfs-06-subvol-mount.patch +++ b/SOURCES/0062-grub2-btrfs-06-subvol-mount.patch @@ -11,7 +11,7 @@ Subject: [PATCH] grub2-btrfs-06-subvol-mount 4 files changed, 392 insertions(+), 5 deletions(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 113c1f746c..d323746ecf 100644 +index 113c1f746c9..d323746ecfa 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -41,6 +41,7 @@ @@ -277,7 +277,7 @@ index 113c1f746c..d323746ecf 100644 grub_cmd_btrfs_list_subvols, 0, "[-p|-n] [-o var] DEVICE", diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index caf9b1ccd3..28790307e0 100644 +index caf9b1ccd3f..28790307e00 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -107,6 +107,14 @@ struct btrfs_ioctl_search_key @@ -460,7 +460,7 @@ index caf9b1ccd3..28790307e0 100644 grub_make_system_path_relative_to_its_root_os (const char *path) { diff --git a/util/grub-install.c b/util/grub-install.c -index 0f66f36d23..84ed6e88ec 100644 +index 0f66f36d23a..84ed6e88ecb 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1569,6 +1569,55 @@ main (int argc, char *argv[]) @@ -520,7 +520,7 @@ index 0f66f36d23..84ed6e88ec 100644 const char *core_name = NULL; diff --git a/include/grub/emu/getroot.h b/include/grub/emu/getroot.h -index 73fa2d34ab..9c642ae3fe 100644 +index 73fa2d34abb..9c642ae3fe3 100644 --- a/include/grub/emu/getroot.h +++ b/include/grub/emu/getroot.h @@ -53,6 +53,11 @@ char ** diff --git a/SOURCES/0063-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch b/SOURCES/0063-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch index a5db09a..b02ab53 100644 --- a/SOURCES/0063-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch +++ b/SOURCES/0063-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch @@ -10,7 +10,7 @@ Ref: bsc#953538 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index d323746ecf..673ded0352 100644 +index d323746ecfa..673ded03522 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -1260,11 +1260,41 @@ lookup_root_by_name(struct grub_btrfs_data *data, const char *path) diff --git a/SOURCES/0064-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch b/SOURCES/0064-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch index 696b0d3..d4e20cd 100644 --- a/SOURCES/0064-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch +++ b/SOURCES/0064-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Grub not working correctly with btrfs snapshots (bsc#1026511) 1 file changed, 238 insertions(+) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 673ded0352..2b21cbaa67 100644 +index 673ded03522..2b21cbaa67e 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -2887,6 +2887,238 @@ out: diff --git a/SOURCES/0065-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch b/SOURCES/0065-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch index d07dd27..bde7096 100644 --- a/SOURCES/0065-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch +++ b/SOURCES/0065-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 585fa6662b..03f9a9d011 100644 +index 585fa6662b6..03f9a9d0118 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -24,6 +24,10 @@ diff --git a/SOURCES/0066-Use-grub_efi_.-memory-helpers-where-reasonable.patch b/SOURCES/0066-Use-grub_efi_.-memory-helpers-where-reasonable.patch index 10ff258..4fa92c0 100644 --- a/SOURCES/0066-Use-grub_efi_.-memory-helpers-where-reasonable.patch +++ b/SOURCES/0066-Use-grub_efi_.-memory-helpers-where-reasonable.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 3ff305b1d3..ba3d293019 100644 +index 3ff305b1d32..ba3d2930197 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -65,7 +65,7 @@ grub_chainloader_unload (void) diff --git a/SOURCES/0067-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch b/SOURCES/0067-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch index 2f526eb..1a96b43 100644 --- a/SOURCES/0067-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch +++ b/SOURCES/0067-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index ba3d293019..47f5aa1481 100644 +index ba3d2930197..47f5aa14817 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -806,7 +806,8 @@ handle_image (void *data, grub_efi_uint32_t datasize) @@ -26,7 +26,7 @@ index ba3d293019..47f5aa1481 100644 efi_status = grub_efi_free_pool (buffer); diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 117469450d..9962880147 100644 +index 117469450d3..99628801478 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -546,7 +546,16 @@ typedef grub_uint64_t grub_efi_uint64_t; diff --git a/SOURCES/0068-don-t-use-int-for-efi-status.patch b/SOURCES/0068-don-t-use-int-for-efi-status.patch index 4d48e37..44d3555 100644 --- a/SOURCES/0068-don-t-use-int-for-efi-status.patch +++ b/SOURCES/0068-don-t-use-int-for-efi-status.patch @@ -8,7 +8,7 @@ Subject: [PATCH] don't use int for efi status 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 05d8237a9b..ae9885edb8 100644 +index 05d8237a9b2..ae9885edb84 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -167,7 +167,7 @@ grub_reboot (void) diff --git a/SOURCES/0069-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch b/SOURCES/0069-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch index fb71ea5..1014900 100644 --- a/SOURCES/0069-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch +++ b/SOURCES/0069-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch @@ -8,7 +8,7 @@ Subject: [PATCH] make GRUB_MOD_INIT() declare its function prototypes. 1 file changed, 2 insertions(+) diff --git a/include/grub/dl.h b/include/grub/dl.h -index b3753c9ca2..91933b85f2 100644 +index b3753c9ca26..91933b85f2c 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h @@ -54,6 +54,7 @@ grub_mod_fini (void) diff --git a/SOURCES/0070-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch b/SOURCES/0070-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch index ae8a8c6..890aa34 100644 --- a/SOURCES/0070-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch +++ b/SOURCES/0070-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch @@ -16,7 +16,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 84ed6e88ec..a2bec7446c 100644 +index 84ed6e88ecb..a2bec7446cb 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1190,18 +1190,8 @@ main (int argc, char *argv[]) diff --git a/SOURCES/0071-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch b/SOURCES/0071-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch index cd58ff4..3fd779f 100644 --- a/SOURCES/0071-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch +++ b/SOURCES/0071-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 5 insertions(+) diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index e9e73b815f..c23b064be6 100644 +index e9e73b815fb..c23b064be6c 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -153,6 +153,7 @@ linux_entry_xsm () diff --git a/SOURCES/0072-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch b/SOURCES/0072-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch index beef0f3..acfb116 100644 --- a/SOURCES/0072-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch +++ b/SOURCES/0072-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch @@ -63,7 +63,7 @@ Signed-off-by: Peter Jones 1 file changed, 89 insertions(+), 20 deletions(-) diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c -index c9c3616997..ca15c3aacd 100644 +index c9c36169978..ca15c3aacd7 100644 --- a/grub-core/kern/i386/tsc_pmtimer.c +++ b/grub-core/kern/i386/tsc_pmtimer.c @@ -28,40 +28,101 @@ diff --git a/SOURCES/0073-align-struct-efi_variable-better.patch b/SOURCES/0073-align-struct-efi_variable-better.patch index 361cb13..ec26def 100644 --- a/SOURCES/0073-align-struct-efi_variable-better.patch +++ b/SOURCES/0073-align-struct-efi_variable-better.patch @@ -9,7 +9,7 @@ Subject: [PATCH] align struct efi_variable better... 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h -index 36d2dedf47..9d93ba88ba 100644 +index 36d2dedf47e..9d93ba88bac 100644 --- a/include/grub/efiemu/runtime.h +++ b/include/grub/efiemu/runtime.h @@ -33,5 +33,5 @@ struct efi_variable @@ -20,7 +20,7 @@ index 36d2dedf47..9d93ba88ba 100644 +} GRUB_PACKED GRUB_ALIGNED(8); #endif /* ! GRUB_EFI_EMU_RUNTIME_HEADER */ diff --git a/include/grub/types.h b/include/grub/types.h -index 0a3ff15913..ba446d9904 100644 +index 0a3ff159136..ba446d99040 100644 --- a/include/grub/types.h +++ b/include/grub/types.h @@ -29,6 +29,7 @@ diff --git a/SOURCES/0074-Add-BLS-support-to-grub-mkconfig.patch b/SOURCES/0074-Add-BLS-support-to-grub-mkconfig.patch index 87fe7ac..6c65440 100644 --- a/SOURCES/0074-Add-BLS-support-to-grub-mkconfig.patch +++ b/SOURCES/0074-Add-BLS-support-to-grub-mkconfig.patch @@ -29,7 +29,7 @@ Signed-off-by: Javier Martinez Canillas 4 files changed, 252 insertions(+), 6 deletions(-) diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 -index a2d1f577b9..434fa4deda 100644 +index a2d1f577b9b..434fa4deda4 100644 --- a/util/grub-mkconfig.8 +++ b/util/grub-mkconfig.8 @@ -13,5 +13,9 @@ @@ -43,7 +43,7 @@ index a2d1f577b9..434fa4deda 100644 .SH SEE ALSO .BR "info grub" diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 535c0f0249..f55339a3f6 100644 +index 535c0f02499..f55339a3f64 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" @@ -84,7 +84,7 @@ index 535c0f0249..f55339a3f6 100644 if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index fafeac9506..d8bb406936 100644 +index fafeac95061..d8bb4069360 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -30,6 +30,9 @@ fi @@ -141,7 +141,7 @@ index fafeac9506..d8bb406936 100644 fi IFS="$old_ifs" diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index cbfaca34cc..68adb55d89 100644 +index cbfaca34cc7..68adb55d893 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -82,6 +82,223 @@ case x"$GRUB_FS" in diff --git a/SOURCES/0075-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch b/SOURCES/0075-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch index 1ac900c..9ff4c8b 100644 --- a/SOURCES/0075-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch +++ b/SOURCES/0075-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch @@ -12,7 +12,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a3e215155b..c60601b699 100644 +index a3e215155bd..c60601b699d 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -1201,7 +1201,7 @@ static void __attribute__ ((noreturn)) diff --git a/SOURCES/0076-Add-linux-and-initrd-commands-for-grub-emu.patch b/SOURCES/0076-Add-linux-and-initrd-commands-for-grub-emu.patch index 3e71391..dd69b13 100644 --- a/SOURCES/0076-Add-linux-and-initrd-commands-for-grub-emu.patch +++ b/SOURCES/0076-Add-linux-and-initrd-commands-for-grub-emu.patch @@ -18,7 +18,7 @@ to the kexec command line tool, to allow booting the selected menu entry. create mode 100644 grub-core/loader/emu/linux.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 058c88ac3a..5354f9613d 100644 +index 058c88ac3af..5354f9613d3 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1826,7 +1826,6 @@ module = { @@ -30,7 +30,7 @@ index 058c88ac3a..5354f9613d 100644 efi = loader/efi/linux.c; }; diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 55ea5a11cc..846fe9715e 100644 +index 55ea5a11ccd..846fe9715ec 100644 --- a/grub-core/kern/emu/main.c +++ b/grub-core/kern/emu/main.c @@ -107,6 +107,7 @@ static struct argp_option options[] = { @@ -52,7 +52,7 @@ index 55ea5a11cc..846fe9715e 100644 case ARGP_KEY_ARG: { diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index 0ff13bcaf8..eeea092752 100644 +index 0ff13bcaf8c..eeea092752d 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -39,6 +39,7 @@ @@ -100,7 +100,7 @@ index 0ff13bcaf8..eeea092752 100644 +} diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c new file mode 100644 -index 0000000000..fda9e00d24 +index 00000000000..fda9e00d24c --- /dev/null +++ b/grub-core/loader/emu/linux.c @@ -0,0 +1,172 @@ @@ -277,7 +277,7 @@ index 0000000000..fda9e00d24 + grub_unregister_command (cmd_initrd); +} diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h -index d1073ef86a..1b61b4a2e5 100644 +index d1073ef86af..1b61b4a2e5d 100644 --- a/include/grub/emu/exec.h +++ b/include/grub/emu/exec.h @@ -23,6 +23,8 @@ @@ -299,7 +299,7 @@ index d1073ef86a..1b61b4a2e5 100644 grub_util_exec_redirect (const char *const *argv, const char *stdin_file, const char *stdout_file); diff --git a/include/grub/emu/hostfile.h b/include/grub/emu/hostfile.h -index cfb1e2b566..a61568e36e 100644 +index cfb1e2b5661..a61568e36e9 100644 --- a/include/grub/emu/hostfile.h +++ b/include/grub/emu/hostfile.h @@ -22,6 +22,7 @@ @@ -320,7 +320,7 @@ index cfb1e2b566..a61568e36e 100644 char * grub_util_path_concat (size_t n, ...); diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h -index ff9c48a649..01056954b9 100644 +index ff9c48a6490..01056954b96 100644 --- a/include/grub/emu/misc.h +++ b/include/grub/emu/misc.h @@ -57,6 +57,9 @@ void EXPORT_FUNC(grub_util_warn) (const char *fmt, ...) __attribute__ ((format ( @@ -334,7 +334,7 @@ index ff9c48a649..01056954b9 100644 #ifdef HAVE_DEVICE_MAPPER diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index ee88e44e97..80e7a83edf 100644 +index ee88e44e97a..80e7a83edf9 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -307,6 +307,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/net.h diff --git a/SOURCES/0077-Add-grub2-switch-to-blscfg.patch b/SOURCES/0077-Add-grub2-switch-to-blscfg.patch index 4d27953..ce40e90 100644 --- a/SOURCES/0077-Add-grub2-switch-to-blscfg.patch +++ b/SOURCES/0077-Add-grub2-switch-to-blscfg.patch @@ -17,7 +17,7 @@ Signed-off-by: Jan Hlavac create mode 100644 util/grub-switch-to-blscfg.in diff --git a/Makefile.util.def b/Makefile.util.def -index cdd2f51fe4..afc4d7b0c3 100644 +index cdd2f51fe4b..afc4d7b0c3e 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1364,6 +1364,13 @@ program = { @@ -35,7 +35,7 @@ index cdd2f51fe4..afc4d7b0c3 100644 name = grub-glue-efi; mansection = 1; diff --git a/util/grub-set-password.in b/util/grub-set-password.in -index 5ebf50576d..c0b5ebbfdc 100644 +index 5ebf50576d6..c0b5ebbfdc5 100644 --- a/util/grub-set-password.in +++ b/util/grub-set-password.in @@ -1,6 +1,6 @@ @@ -48,7 +48,7 @@ index 5ebf50576d..c0b5ebbfdc 100644 else diff --git a/util/grub-switch-to-blscfg.8 b/util/grub-switch-to-blscfg.8 new file mode 100644 -index 0000000000..9a88628297 +index 00000000000..9a886282976 --- /dev/null +++ b/util/grub-switch-to-blscfg.8 @@ -0,0 +1,33 @@ @@ -87,7 +87,7 @@ index 0000000000..9a88628297 +.BR "info grub" diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in new file mode 100644 -index 0000000000..a851424beb +index 00000000000..a851424beb2 --- /dev/null +++ b/util/grub-switch-to-blscfg.in @@ -0,0 +1,317 @@ diff --git a/SOURCES/0078-make-better-backtraces.patch b/SOURCES/0078-make-better-backtraces.patch index ec31f9e..a65af3d 100644 --- a/SOURCES/0078-make-better-backtraces.patch +++ b/SOURCES/0078-make-better-backtraces.patch @@ -38,7 +38,7 @@ Signed-off-by: Peter Jones delete mode 100644 grub-core/lib/i386/backtrace.c diff --git a/Makefile.util.def b/Makefile.util.def -index afc4d7b0c3..41906486a7 100644 +index afc4d7b0c3e..41906486a71 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -51,6 +51,12 @@ library = { @@ -55,7 +55,7 @@ index afc4d7b0c3..41906486a7 100644 library = { diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 5354f9613d..4b7c45a7b0 100644 +index 5354f9613d3..4b7c45a7b06 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -142,6 +142,12 @@ kernel = { @@ -103,7 +103,7 @@ diff --git a/grub-core/lib/backtrace.c b/grub-core/commands/backtrace.c similarity index 98% rename from grub-core/lib/backtrace.c rename to grub-core/commands/backtrace.c -index c0ad6ab8be..8b5ec3913b 100644 +index c0ad6ab8be1..8b5ec3913b5 100644 --- a/grub-core/lib/backtrace.c +++ b/grub-core/commands/backtrace.c @@ -54,7 +54,7 @@ grub_cmd_backtrace (grub_command_t cmd __attribute__ ((unused)), @@ -116,7 +116,7 @@ index c0ad6ab8be..8b5ec3913b 100644 } diff --git a/grub-core/gdb/cstub.c b/grub-core/gdb/cstub.c -index b64acd70fe..99281472d3 100644 +index b64acd70fee..99281472d36 100644 --- a/grub-core/gdb/cstub.c +++ b/grub-core/gdb/cstub.c @@ -215,7 +215,6 @@ grub_gdb_trap (int trap_no) @@ -129,7 +129,7 @@ index b64acd70fe..99281472d3 100644 diff --git a/grub-core/kern/arm64/backtrace.c b/grub-core/kern/arm64/backtrace.c new file mode 100644 -index 0000000000..019c6fdfef +index 00000000000..019c6fdfef2 --- /dev/null +++ b/grub-core/kern/arm64/backtrace.c @@ -0,0 +1,94 @@ @@ -229,7 +229,7 @@ index 0000000000..019c6fdfef +} diff --git a/grub-core/kern/backtrace.c b/grub-core/kern/backtrace.c new file mode 100644 -index 0000000000..4a82e865cc +index 00000000000..4a82e865cc6 --- /dev/null +++ b/grub-core/kern/backtrace.c @@ -0,0 +1,97 @@ @@ -331,7 +331,7 @@ index 0000000000..4a82e865cc + grub_backtrace (skip + 1); +} diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 7afb9e6f72..88d2077709 100644 +index 7afb9e6f724..88d2077709e 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -124,6 +124,50 @@ grub_dl_resolve_symbol (const char *name) @@ -395,7 +395,7 @@ index 7afb9e6f72..88d2077709 100644 i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) diff --git a/grub-core/kern/i386/backtrace.c b/grub-core/kern/i386/backtrace.c new file mode 100644 -index 0000000000..2413f9a57d +index 00000000000..2413f9a57db --- /dev/null +++ b/grub-core/kern/i386/backtrace.c @@ -0,0 +1,125 @@ @@ -525,7 +525,7 @@ index 0000000000..2413f9a57d +#endif +} diff --git a/grub-core/kern/i386/pc/init.c b/grub-core/kern/i386/pc/init.c -index 27bc68b8a5..b51d0abfa6 100644 +index 27bc68b8a53..b51d0abfa6e 100644 --- a/grub-core/kern/i386/pc/init.c +++ b/grub-core/kern/i386/pc/init.c @@ -153,7 +153,7 @@ compact_mem_regions (void) @@ -547,7 +547,7 @@ index 27bc68b8a5..b51d0abfa6 100644 /* Initialize the console as early as possible. */ grub_console_init (); diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 0cd2a62723..937c1bc44c 100644 +index 0cd2a627231..937c1bc44cb 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -63,7 +63,6 @@ @@ -559,7 +559,7 @@ index 0cd2a62723..937c1bc44c 100644 #ifdef __sparc__ diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index c60601b699..a432a6be54 100644 +index c60601b699d..a432a6be54a 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -1197,15 +1197,15 @@ grub_printf_fmt_check (const char *fmt, const char *fmt_expected) @@ -593,7 +593,7 @@ index c60601b699..a432a6be54 100644 grub_vprintf (_(fmt), ap); va_end (ap); diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index c070afc621..d8c8377578 100644 +index c070afc621f..d8c8377578b 100644 --- a/grub-core/kern/mm.c +++ b/grub-core/kern/mm.c @@ -97,13 +97,13 @@ get_header_from_pointer (void *ptr, grub_mm_header_t *p, grub_mm_region_t *r) @@ -615,7 +615,7 @@ index c070afc621..d8c8377578 100644 diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c deleted file mode 100644 -index 1079b5380e..0000000000 +index 1079b5380e1..00000000000 --- a/grub-core/lib/arm64/backtrace.c +++ /dev/null @@ -1,62 +0,0 @@ @@ -683,7 +683,7 @@ index 1079b5380e..0000000000 - diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c deleted file mode 100644 -index c67273db3a..0000000000 +index c67273db3ae..00000000000 --- a/grub-core/lib/i386/backtrace.c +++ /dev/null @@ -1,78 +0,0 @@ @@ -766,7 +766,7 @@ index c67273db3a..0000000000 -} - diff --git a/include/grub/backtrace.h b/include/grub/backtrace.h -index 395519762f..275cf85e2d 100644 +index 395519762f0..275cf85e2d3 100644 --- a/include/grub/backtrace.h +++ b/include/grub/backtrace.h @@ -19,8 +19,14 @@ @@ -787,7 +787,7 @@ index 395519762f..275cf85e2d 100644 #endif diff --git a/include/grub/dl.h b/include/grub/dl.h -index 91933b85f2..2f76e6b043 100644 +index 91933b85f2c..2f76e6b0437 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h @@ -259,6 +259,8 @@ grub_dl_is_persistent (grub_dl_t mod) @@ -800,7 +800,7 @@ index 91933b85f2..2f76e6b043 100644 int isfunc, grub_dl_t mod); diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index abbca5ea33..300a9766cd 100644 +index abbca5ea335..300a9766cda 100644 --- a/include/grub/kernel.h +++ b/include/grub/kernel.h @@ -111,6 +111,9 @@ grub_addr_t grub_modules_get_end (void); @@ -814,7 +814,7 @@ index abbca5ea33..300a9766cd 100644 void grub_main (void) __attribute__ ((noreturn)); diff --git a/grub-core/kern/arm/efi/startup.S b/grub-core/kern/arm/efi/startup.S -index 9f8265315a..f3bc41f9d0 100644 +index 9f8265315a9..f3bc41f9d0f 100644 --- a/grub-core/kern/arm/efi/startup.S +++ b/grub-core/kern/arm/efi/startup.S @@ -23,6 +23,8 @@ @@ -827,7 +827,7 @@ index 9f8265315a..f3bc41f9d0 100644 /* * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in r1/r0. diff --git a/grub-core/kern/arm/startup.S b/grub-core/kern/arm/startup.S -index 3946fe8e18..5679a1d00a 100644 +index 3946fe8e183..5679a1d00ad 100644 --- a/grub-core/kern/arm/startup.S +++ b/grub-core/kern/arm/startup.S @@ -48,6 +48,8 @@ @@ -840,7 +840,7 @@ index 3946fe8e18..5679a1d00a 100644 b codestart diff --git a/grub-core/kern/arm64/efi/startup.S b/grub-core/kern/arm64/efi/startup.S -index 666a7ee3c9..41676bdb2b 100644 +index 666a7ee3c92..41676bdb2b8 100644 --- a/grub-core/kern/arm64/efi/startup.S +++ b/grub-core/kern/arm64/efi/startup.S @@ -19,7 +19,9 @@ @@ -854,7 +854,7 @@ index 666a7ee3c9..41676bdb2b 100644 /* * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in x1/x0. diff --git a/grub-core/kern/i386/qemu/startup.S b/grub-core/kern/i386/qemu/startup.S -index 0d89858d9b..939f182fc7 100644 +index 0d89858d9b3..939f182fc74 100644 --- a/grub-core/kern/i386/qemu/startup.S +++ b/grub-core/kern/i386/qemu/startup.S @@ -24,7 +24,8 @@ @@ -868,7 +868,7 @@ index 0d89858d9b..939f182fc7 100644 jmp codestart diff --git a/grub-core/kern/ia64/efi/startup.S b/grub-core/kern/ia64/efi/startup.S -index d75c6d7cc7..8f2a593e52 100644 +index d75c6d7cc74..8f2a593e529 100644 --- a/grub-core/kern/ia64/efi/startup.S +++ b/grub-core/kern/ia64/efi/startup.S @@ -24,8 +24,9 @@ @@ -883,7 +883,7 @@ index d75c6d7cc7..8f2a593e52 100644 alloc loc0=ar.pfs,2,4,0,0 mov loc1=rp diff --git a/grub-core/kern/sparc64/ieee1275/crt0.S b/grub-core/kern/sparc64/ieee1275/crt0.S -index 03b916f053..701bf63abc 100644 +index 03b916f0534..701bf63abcf 100644 --- a/grub-core/kern/sparc64/ieee1275/crt0.S +++ b/grub-core/kern/sparc64/ieee1275/crt0.S @@ -22,7 +22,8 @@ @@ -897,7 +897,7 @@ index 03b916f053..701bf63abc 100644 ba codestart mov %o4, %o0 diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 80e7a83edf..f512573c0d 100644 +index 80e7a83edf9..f512573c0da 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -66,6 +66,7 @@ CLEANFILES += grub_script.yy.c grub_script.yy.h diff --git a/SOURCES/0079-normal-don-t-draw-our-startup-message-if-debug-is-se.patch b/SOURCES/0079-normal-don-t-draw-our-startup-message-if-debug-is-se.patch index 48823db..9922f2b 100644 --- a/SOURCES/0079-normal-don-t-draw-our-startup-message-if-debug-is-se.patch +++ b/SOURCES/0079-normal-don-t-draw-our-startup-message-if-debug-is-se.patch @@ -8,7 +8,7 @@ Subject: [PATCH] normal: don't draw our startup message if debug is set 1 file changed, 3 insertions(+) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index d5968797f4..e349303c29 100644 +index d5968797f4f..e349303c29b 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -432,6 +432,9 @@ grub_normal_reader_init (int nested) diff --git a/SOURCES/0080-Work-around-some-minor-include-path-weirdnesses.patch b/SOURCES/0080-Work-around-some-minor-include-path-weirdnesses.patch index c7ae8d0..460d792 100644 --- a/SOURCES/0080-Work-around-some-minor-include-path-weirdnesses.patch +++ b/SOURCES/0080-Work-around-some-minor-include-path-weirdnesses.patch @@ -17,7 +17,7 @@ Signed-off-by: Peter Jones diff --git a/include/grub/arm/efi/console.h b/include/grub/arm/efi/console.h new file mode 100644 -index 0000000000..1592f6f76b +index 00000000000..1592f6f76b5 --- /dev/null +++ b/include/grub/arm/efi/console.h @@ -0,0 +1,24 @@ @@ -47,7 +47,7 @@ index 0000000000..1592f6f76b +#endif /* ! GRUB_ARM_EFI_CONSOLE_H */ diff --git a/include/grub/arm64/efi/console.h b/include/grub/arm64/efi/console.h new file mode 100644 -index 0000000000..9568933938 +index 00000000000..95689339384 --- /dev/null +++ b/include/grub/arm64/efi/console.h @@ -0,0 +1,24 @@ @@ -77,7 +77,7 @@ index 0000000000..9568933938 +#endif /* ! GRUB_ARM64_EFI_CONSOLE_H */ diff --git a/include/grub/i386/efi/console.h b/include/grub/i386/efi/console.h new file mode 100644 -index 0000000000..9231375cb0 +index 00000000000..9231375cb07 --- /dev/null +++ b/include/grub/i386/efi/console.h @@ -0,0 +1,24 @@ @@ -107,7 +107,7 @@ index 0000000000..9231375cb0 +#endif /* ! GRUB_I386_EFI_CONSOLE_H */ diff --git a/include/grub/x86_64/efi/console.h b/include/grub/x86_64/efi/console.h new file mode 100644 -index 0000000000..dba9d8678d +index 00000000000..dba9d8678d0 --- /dev/null +++ b/include/grub/x86_64/efi/console.h @@ -0,0 +1,24 @@ diff --git a/SOURCES/0081-Make-it-possible-to-enabled-build-id-sha1.patch b/SOURCES/0081-Make-it-possible-to-enabled-build-id-sha1.patch index 50da5f8..356a4d8 100644 --- a/SOURCES/0081-Make-it-possible-to-enabled-build-id-sha1.patch +++ b/SOURCES/0081-Make-it-possible-to-enabled-build-id-sha1.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 2 files changed, 27 insertions(+) diff --git a/configure.ac b/configure.ac -index 537ed41146..b4455e4732 100644 +index 537ed411469..b4455e4732d 100644 --- a/configure.ac +++ b/configure.ac @@ -1470,7 +1470,15 @@ grub_PROG_TARGET_CC @@ -30,7 +30,7 @@ index 537ed41146..b4455e4732 100644 if test "$platform" != emu && test "x$TARGET_APPLE_LINKER" != x1 ; then if test ! -z "$TARGET_IMG_LDSCRIPT"; then diff --git a/acinclude.m4 b/acinclude.m4 -index 6e14bb553c..21238fcfd0 100644 +index 6e14bb553c6..21238fcfd03 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -136,6 +136,25 @@ if test "x$grub_cv_prog_ld_build_id_none" = xyes; then diff --git a/SOURCES/0082-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch b/SOURCES/0082-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch index 7658e9b..a8a757e 100644 --- a/SOURCES/0082-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch +++ b/SOURCES/0082-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 2 files changed, 20 insertions(+) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a432a6be54..9a2fae6398 100644 +index a432a6be54a..9a2fae6398e 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -191,6 +191,24 @@ grub_real_dprintf (const char *file, const int line, const char *condition, @@ -42,7 +42,7 @@ index a432a6be54..9a2fae6398 100644 int diff --git a/include/grub/misc.h b/include/grub/misc.h -index fd18e6320b..3adc4036e3 100644 +index fd18e6320b8..3adc4036e3b 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -345,6 +345,8 @@ void EXPORT_FUNC(grub_real_dprintf) (const char *file, diff --git a/SOURCES/0083-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch b/SOURCES/0083-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch index ccf34a5..75de764 100644 --- a/SOURCES/0083-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch +++ b/SOURCES/0083-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch @@ -20,7 +20,7 @@ Signed-off-by: Peter Jones 4 files changed, 78 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 88d2077709..9557254035 100644 +index 88d2077709e..9557254035e 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -501,6 +501,23 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) @@ -95,7 +95,7 @@ index 88d2077709..9557254035 100644 { grub_dl_unload (mod); diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index ae9885edb8..d6a2fb5778 100644 +index ae9885edb84..d6a2fb57789 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -296,7 +296,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -117,7 +117,7 @@ index ae9885edb8..d6a2fb5778 100644 } diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 6d39bd3ad2..2d12e6188f 100644 +index 6d39bd3ad29..2d12e6188fd 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -115,10 +115,33 @@ grub_efi_env_init (void) @@ -164,7 +164,7 @@ index 6d39bd3ad2..2d12e6188f 100644 } diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 03f9a9d011..2e0691454b 100644 +index 03f9a9d0118..2e0691454b1 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -138,7 +138,7 @@ grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); diff --git a/SOURCES/0084-Fixup-for-newer-compiler.patch b/SOURCES/0084-Fixup-for-newer-compiler.patch index ed23271..12dd193 100644 --- a/SOURCES/0084-Fixup-for-newer-compiler.patch +++ b/SOURCES/0084-Fixup-for-newer-compiler.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Fixup for newer compiler 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 2b21cbaa67..4cc86e9b79 100644 +index 2b21cbaa67e..4cc86e9b79e 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -218,7 +218,7 @@ struct grub_btrfs_inode @@ -22,7 +22,7 @@ index 2b21cbaa67..4cc86e9b79 100644 struct grub_btrfs_extent_data { diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h -index 7a93f43291..8212697bf6 100644 +index 7a93f43291c..8212697bf6b 100644 --- a/include/grub/gpt_partition.h +++ b/include/grub/gpt_partition.h @@ -76,7 +76,7 @@ struct grub_gpt_partentry diff --git a/SOURCES/0085-Don-t-attempt-to-export-the-start-and-_start-symbols.patch b/SOURCES/0085-Don-t-attempt-to-export-the-start-and-_start-symbols.patch index 9b78c00..0e925ee 100644 --- a/SOURCES/0085-Don-t-attempt-to-export-the-start-and-_start-symbols.patch +++ b/SOURCES/0085-Don-t-attempt-to-export-the-start-and-_start-symbols.patch @@ -26,7 +26,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 2 insertions(+) diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index 300a9766cd..55849777ea 100644 +index 300a9766cda..55849777eaa 100644 --- a/include/grub/kernel.h +++ b/include/grub/kernel.h @@ -111,8 +111,10 @@ grub_addr_t grub_modules_get_end (void); diff --git a/SOURCES/0086-Fixup-for-newer-compiler.patch b/SOURCES/0086-Fixup-for-newer-compiler.patch index 167dca1..11ed6e5 100644 --- a/SOURCES/0086-Fixup-for-newer-compiler.patch +++ b/SOURCES/0086-Fixup-for-newer-compiler.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Fixup for newer compiler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/Makefile.common b/conf/Makefile.common -index 191b1a70c6..5f0ef96985 100644 +index 191b1a70c6b..5f0ef969857 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding diff --git a/SOURCES/0087-Add-support-for-non-Ethernet-network-cards.patch b/SOURCES/0087-Add-support-for-non-Ethernet-network-cards.patch index fb44628..02fb951 100644 --- a/SOURCES/0087-Add-support-for-non-Ethernet-network-cards.patch +++ b/SOURCES/0087-Add-support-for-non-Ethernet-network-cards.patch @@ -38,7 +38,7 @@ Signed-off-by: Mark Salter 12 files changed, 219 insertions(+), 152 deletions(-) diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c -index 54306e3b16..67b409a8ac 100644 +index 54306e3b16d..67b409a8acc 100644 --- a/grub-core/net/arp.c +++ b/grub-core/net/arp.c @@ -31,22 +31,12 @@ enum @@ -271,7 +271,7 @@ index 54306e3b16..67b409a8ac 100644 /* Change operation to REPLY and send packet */ send_ethernet_packet (inf, &nb_reply, target, GRUB_NET_ETHERTYPE_ARP); diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index e28fb6a09f..08b6b2b5d6 100644 +index e28fb6a09f9..08b6b2b5d6c 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -233,7 +233,6 @@ grub_net_configure_by_dhcp_ack (const char *name, @@ -318,7 +318,7 @@ index e28fb6a09f..08b6b2b5d6 100644 grub_netbuff_push (nb, sizeof (*udph)); diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 173fb63153..a673bea807 100644 +index 173fb63153c..a673bea807a 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -279,6 +279,9 @@ grub_efinet_findcards (void) @@ -346,7 +346,7 @@ index 173fb63153..a673bea807 100644 card->efi_handle = *handle; diff --git a/grub-core/net/drivers/emu/emunet.c b/grub-core/net/drivers/emu/emunet.c -index b194920861..5b6c5e16a6 100644 +index b194920861f..5b6c5e16a6d 100644 --- a/grub-core/net/drivers/emu/emunet.c +++ b/grub-core/net/drivers/emu/emunet.c @@ -46,6 +46,7 @@ static struct grub_net_card emucard = @@ -358,7 +358,7 @@ index b194920861..5b6c5e16a6 100644 }, .flags = 0 diff --git a/grub-core/net/drivers/i386/pc/pxe.c b/grub-core/net/drivers/i386/pc/pxe.c -index 3f4152d036..9f8fb4b6d2 100644 +index 3f4152d036c..9f8fb4b6d2b 100644 --- a/grub-core/net/drivers/i386/pc/pxe.c +++ b/grub-core/net/drivers/i386/pc/pxe.c @@ -386,20 +386,21 @@ GRUB_MOD_INIT(pxe) @@ -390,7 +390,7 @@ index 3f4152d036..9f8fb4b6d2 100644 grub_pxe_card.default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c -index 3860b6f78d..bcb3f9ea02 100644 +index 3860b6f78d8..bcb3f9ea02d 100644 --- a/grub-core/net/drivers/ieee1275/ofnet.c +++ b/grub-core/net/drivers/ieee1275/ofnet.c @@ -160,6 +160,7 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, @@ -410,7 +410,7 @@ index 3860b6f78d..bcb3f9ea02 100644 card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; diff --git a/grub-core/net/drivers/uboot/ubootnet.c b/grub-core/net/drivers/uboot/ubootnet.c -index 056052e40d..22ebcbf211 100644 +index 056052e40d5..22ebcbf211e 100644 --- a/grub-core/net/drivers/uboot/ubootnet.c +++ b/grub-core/net/drivers/uboot/ubootnet.c @@ -131,6 +131,7 @@ GRUB_MOD_INIT (ubootnet) @@ -422,7 +422,7 @@ index 056052e40d..22ebcbf211 100644 card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; card->txbuf = grub_zalloc (card->txbufsize); diff --git a/grub-core/net/ethernet.c b/grub-core/net/ethernet.c -index 4d7ceed6f9..9aae83a5eb 100644 +index 4d7ceed6f93..9aae83a5eb4 100644 --- a/grub-core/net/ethernet.c +++ b/grub-core/net/ethernet.c @@ -29,13 +29,6 @@ @@ -572,7 +572,7 @@ index 4d7ceed6f9..9aae83a5eb 100644 { /* ARP packet. */ diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c -index 2cbd95dce2..56a3ec5c8e 100644 +index 2cbd95dce25..56a3ec5c8e8 100644 --- a/grub-core/net/icmp6.c +++ b/grub-core/net/icmp6.c @@ -231,8 +231,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, @@ -612,7 +612,7 @@ index 2cbd95dce2..56a3ec5c8e 100644 } if (ohdr->type == OPTION_PREFIX && ohdr->len == 4) diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ea5edf8f1f..a5896f6dc2 100644 +index ea5edf8f1f6..a5896f6dc26 100644 --- a/grub-core/net/ip.c +++ b/grub-core/net/ip.c @@ -276,8 +276,8 @@ handle_dgram (struct grub_net_buff *nb, @@ -627,7 +627,7 @@ index ea5edf8f1f..a5896f6dc2 100644 grub_net_process_dhcp (nb, inf); grub_netbuff_free (nb); diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 22f2689aae..a46f82362e 100644 +index 22f2689aaeb..a46f82362ed 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -133,8 +133,9 @@ grub_net_link_layer_resolve (struct grub_net_network_level_interface *inf, @@ -713,7 +713,7 @@ index 22f2689aae..a46f82362e 100644 int diff --git a/include/grub/net.h b/include/grub/net.h -index 8a05ec4fe7..af0404db7e 100644 +index 8a05ec4fe7a..af0404db7e3 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -29,7 +29,8 @@ diff --git a/SOURCES/0088-net-read-bracketed-ipv6-addrs-and-port-numbers.patch b/SOURCES/0088-net-read-bracketed-ipv6-addrs-and-port-numbers.patch index 307e33c..834b96e 100644 --- a/SOURCES/0088-net-read-bracketed-ipv6-addrs-and-port-numbers.patch +++ b/SOURCES/0088-net-read-bracketed-ipv6-addrs-and-port-numbers.patch @@ -18,7 +18,7 @@ Signed-off-by: Peter Jones 4 files changed, 109 insertions(+), 12 deletions(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index b616cf40b1..12a2632ea5 100644 +index b616cf40b1e..12a2632ea55 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -289,7 +289,9 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), @@ -87,7 +87,7 @@ index b616cf40b1..12a2632ea5 100644 file); if (!data->sock) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index a46f82362e..0ce5e675ed 100644 +index a46f82362ed..0ce5e675ed7 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -444,6 +444,13 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) @@ -225,7 +225,7 @@ index a46f82362e..0ce5e675ed 100644 } diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 4ab2f5c735..d54b13f09f 100644 +index 4ab2f5c7357..d54b13f09ff 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -295,6 +295,7 @@ tftp_open (struct grub_file *file, const char *filename) @@ -257,7 +257,7 @@ index 4ab2f5c735..d54b13f09f 100644 if (!data->sock) { diff --git a/include/grub/net.h b/include/grub/net.h -index af0404db7e..d55d505a03 100644 +index af0404db7e3..d55d505a03a 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -273,6 +273,7 @@ typedef struct grub_net diff --git a/SOURCES/0089-bootp-New-net_bootp6-command.patch b/SOURCES/0089-bootp-New-net_bootp6-command.patch index bef3acd..21b3871 100644 --- a/SOURCES/0089-bootp-New-net_bootp6-command.patch +++ b/SOURCES/0089-bootp-New-net_bootp6-command.patch @@ -19,7 +19,7 @@ Signed-off-by: Peter Jones 5 files changed, 1002 insertions(+), 209 deletions(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 08b6b2b5d6..fe93b80f1c 100644 +index 08b6b2b5d6c..fe93b80f1cf 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -24,6 +24,98 @@ @@ -1136,7 +1136,7 @@ index 08b6b2b5d6..fe93b80f1c 100644 grub_unregister_command (cmd_bootp); grub_unregister_command (cmd_dhcp); diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index a673bea807..8e25680db0 100644 +index a673bea807a..8e25680db0c 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -393,9 +393,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, @@ -1174,7 +1174,7 @@ index a673bea807..8e25680db0 100644 } else diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index a5896f6dc2..ce6bdc75c6 100644 +index a5896f6dc26..ce6bdc75c6d 100644 --- a/grub-core/net/ip.c +++ b/grub-core/net/ip.c @@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, @@ -1224,7 +1224,7 @@ index a5896f6dc2..ce6bdc75c6 100644 { const struct grub_net_bootp_packet *bootp; diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 9962880147..7614b58dca 100644 +index 99628801478..7614b58dca8 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -1532,7 +1532,7 @@ typedef struct grub_efi_pxe_ip_filter @@ -1237,7 +1237,7 @@ index 9962880147..7614b58dca 100644 } grub_efi_pxe_ip_filter_t; diff --git a/include/grub/net.h b/include/grub/net.h -index d55d505a03..543251f727 100644 +index d55d505a03a..543251f7273 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -451,50 +451,65 @@ struct grub_net_bootp_packet diff --git a/SOURCES/0090-efinet-UEFI-IPv6-PXE-support.patch b/SOURCES/0090-efinet-UEFI-IPv6-PXE-support.patch index 988c178..d8b22b8 100644 --- a/SOURCES/0090-efinet-UEFI-IPv6-PXE-support.patch +++ b/SOURCES/0090-efinet-UEFI-IPv6-PXE-support.patch @@ -15,7 +15,7 @@ Signed-off-by: Ken Lin 2 files changed, 46 insertions(+), 27 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 8e25680db0..014e5bf980 100644 +index 8e25680db0c..014e5bf9802 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -409,6 +409,8 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, @@ -28,7 +28,7 @@ index 8e25680db0..014e5bf980 100644 else { diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 7614b58dca..91ab528e4d 100644 +index 7614b58dca8..91ab528e4d0 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -1524,31 +1524,6 @@ typedef union diff --git a/SOURCES/0091-grub.texi-Add-net_bootp6-doument.patch b/SOURCES/0091-grub.texi-Add-net_bootp6-doument.patch index b42e09b..3f8ec97 100644 --- a/SOURCES/0091-grub.texi-Add-net_bootp6-doument.patch +++ b/SOURCES/0091-grub.texi-Add-net_bootp6-doument.patch @@ -12,7 +12,7 @@ Signed-off-by: Ken Lin 1 file changed, 17 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi -index 0615d0ed97..04ed6ac1f0 100644 +index 0615d0ed97e..04ed6ac1f07 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5487,6 +5487,7 @@ This command is only available on AArch64 systems. diff --git a/SOURCES/0092-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch b/SOURCES/0092-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch index abff9eb..e800dd2 100644 --- a/SOURCES/0092-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch +++ b/SOURCES/0092-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch @@ -22,7 +22,7 @@ Signed-off-by: Ken Lin 2 files changed, 56 insertions(+) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index fe93b80f1c..8fb8918ae7 100644 +index fe93b80f1cf..8fb8918ae7e 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -20,6 +20,7 @@ @@ -95,7 +95,7 @@ index fe93b80f1c..8fb8918ae7 100644 if (opt && opt_len) grub_env_set_net_property (name, "extensionspath", (const char *) opt, opt_len); diff --git a/include/grub/net.h b/include/grub/net.h -index 543251f727..42af7de250 100644 +index 543251f7273..42af7de250a 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -531,6 +531,7 @@ enum diff --git a/SOURCES/0093-efinet-Setting-network-from-UEFI-device-path.patch b/SOURCES/0093-efinet-Setting-network-from-UEFI-device-path.patch index f4faf27..11b2a72 100644 --- a/SOURCES/0093-efinet-Setting-network-from-UEFI-device-path.patch +++ b/SOURCES/0093-efinet-Setting-network-from-UEFI-device-path.patch @@ -32,7 +32,7 @@ Signed-off-by: Ken Lin 2 files changed, 280 insertions(+), 15 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 014e5bf980..8171ecaa5e 100644 +index 014e5bf9802..8171ecaa5e4 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -26,6 +26,7 @@ @@ -375,7 +375,7 @@ index 014e5bf980..8171ecaa5e 100644 } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 91ab528e4d..4a51667adb 100644 +index 91ab528e4d0..4a51667adb1 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -864,6 +864,8 @@ struct grub_efi_ipv4_device_path diff --git a/SOURCES/0094-efinet-Setting-DNS-server-from-UEFI-protocol.patch b/SOURCES/0094-efinet-Setting-DNS-server-from-UEFI-protocol.patch index 2d92ff0..1460c8a 100644 --- a/SOURCES/0094-efinet-Setting-DNS-server-from-UEFI-protocol.patch +++ b/SOURCES/0094-efinet-Setting-DNS-server-from-UEFI-protocol.patch @@ -33,7 +33,7 @@ Signed-off-by: Ken Lin 2 files changed, 238 insertions(+) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 8171ecaa5e..715a6168d7 100644 +index 8171ecaa5e4..715a6168d77 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -33,6 +33,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -242,7 +242,7 @@ index 8171ecaa5e..715a6168d7 100644 } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 4a51667adb..0b490195ad 100644 +index 4a51667adb1..0b490195ad9 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -352,6 +352,15 @@ diff --git a/SOURCES/0095-Support-UEFI-networking-protocols.patch b/SOURCES/0095-Support-UEFI-networking-protocols.patch index 740a9f8..fb14386 100644 --- a/SOURCES/0095-Support-UEFI-networking-protocols.patch +++ b/SOURCES/0095-Support-UEFI-networking-protocols.patch @@ -57,7 +57,7 @@ Signed-off-by: Peter Jones create mode 100644 include/grub/net/efi.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 4b7c45a7b0..c40170f2dd 100644 +index 4b7c45a7b06..c40170f2dd2 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2299,6 +2299,12 @@ module = { @@ -87,7 +87,7 @@ index 4b7c45a7b0..c40170f2dd 100644 module = { diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c -index a458c3aca7..1637731535 100644 +index a458c3aca78..1637731535e 100644 --- a/grub-core/io/bufio.c +++ b/grub-core/io/bufio.c @@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len) @@ -100,7 +100,7 @@ index a458c3aca7..1637731535 100644 if (file->offset + res < next_buf) { diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index d6a2fb5778..2a446f5031 100644 +index d6a2fb57789..2a446f5031b 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -755,7 +755,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) @@ -231,7 +231,7 @@ index d6a2fb5778..2a446f5031 100644 grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); break; diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 715a6168d7..e11d759f19 100644 +index 715a6168d77..e11d759f19a 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -27,6 +27,7 @@ @@ -304,7 +304,7 @@ index 715a6168d7..e11d759f19 100644 diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c new file mode 100644 -index 0000000000..dbef63d8c0 +index 00000000000..dbef63d8c08 --- /dev/null +++ b/grub-core/net/efi/dhcp.c @@ -0,0 +1,397 @@ @@ -707,7 +707,7 @@ index 0000000000..dbef63d8c0 +grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; diff --git a/grub-core/net/efi/efi_netfs.c b/grub-core/net/efi/efi_netfs.c new file mode 100644 -index 0000000000..ef371d885e +index 00000000000..ef371d885ea --- /dev/null +++ b/grub-core/net/efi/efi_netfs.c @@ -0,0 +1,57 @@ @@ -770,7 +770,7 @@ index 0000000000..ef371d885e +} diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c new file mode 100644 -index 0000000000..3f61fd2fa5 +index 00000000000..3f61fd2fa5b --- /dev/null +++ b/grub-core/net/efi/http.c @@ -0,0 +1,419 @@ @@ -1195,7 +1195,7 @@ index 0000000000..3f61fd2fa5 + }; diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c new file mode 100644 -index 0000000000..b711a5d945 +index 00000000000..b711a5d9457 --- /dev/null +++ b/grub-core/net/efi/ip4_config.c @@ -0,0 +1,398 @@ @@ -1599,7 +1599,7 @@ index 0000000000..b711a5d945 + }; diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c new file mode 100644 -index 0000000000..017c4d05bc +index 00000000000..017c4d05bc7 --- /dev/null +++ b/grub-core/net/efi/ip6_config.c @@ -0,0 +1,422 @@ @@ -2027,7 +2027,7 @@ index 0000000000..017c4d05bc + }; diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c new file mode 100644 -index 0000000000..86bce6535d +index 00000000000..86bce6535d3 --- /dev/null +++ b/grub-core/net/efi/net.c @@ -0,0 +1,1428 @@ @@ -3461,7 +3461,7 @@ index 0000000000..86bce6535d +} diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c new file mode 100644 -index 0000000000..531949cba5 +index 00000000000..531949cba5c --- /dev/null +++ b/grub-core/net/efi/pxe.c @@ -0,0 +1,424 @@ @@ -3890,7 +3890,7 @@ index 0000000000..531949cba5 + }; + diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 0ce5e675ed..55aed92722 100644 +index 0ce5e675ed7..55aed92722c 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -32,6 +32,9 @@ @@ -4000,7 +4000,7 @@ index 0ce5e675ed..55aed92722 100644 +#endif } diff --git a/util/grub-mknetdir.c b/util/grub-mknetdir.c -index a2461cda1c..77958dd9dd 100644 +index a2461cda1c4..77958dd9dd5 100644 --- a/util/grub-mknetdir.c +++ b/util/grub-mknetdir.c @@ -32,13 +32,15 @@ @@ -4082,7 +4082,7 @@ index a2461cda1c..77958dd9dd 100644 if (!grub_install_source_directory) { diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 0b490195ad..f431f49973 100644 +index 0b490195ad9..f431f49973e 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -622,6 +622,23 @@ typedef union @@ -4333,7 +4333,7 @@ index 0b490195ad..f431f49973 100644 || defined(__riscv) diff --git a/include/grub/efi/dhcp.h b/include/grub/efi/dhcp.h new file mode 100644 -index 0000000000..fdb88eb810 +index 00000000000..fdb88eb810e --- /dev/null +++ b/include/grub/efi/dhcp.h @@ -0,0 +1,343 @@ @@ -4682,7 +4682,7 @@ index 0000000000..fdb88eb810 +#endif /* ! GRUB_EFI_DHCP_HEADER */ diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h new file mode 100644 -index 0000000000..c5e9a89f50 +index 00000000000..c5e9a89f505 --- /dev/null +++ b/include/grub/efi/http.h @@ -0,0 +1,215 @@ @@ -4903,7 +4903,7 @@ index 0000000000..c5e9a89f50 +#endif /* !GRUB_EFI_HTTP_HEADER */ diff --git a/include/grub/net/efi.h b/include/grub/net/efi.h new file mode 100644 -index 0000000000..de90d223e8 +index 00000000000..de90d223e8e --- /dev/null +++ b/include/grub/net/efi.h @@ -0,0 +1,144 @@ diff --git a/SOURCES/0096-AUDIT-0-http-boot-tracker-bug.patch b/SOURCES/0096-AUDIT-0-http-boot-tracker-bug.patch index b487271..ef3e67b 100644 --- a/SOURCES/0096-AUDIT-0-http-boot-tracker-bug.patch +++ b/SOURCES/0096-AUDIT-0-http-boot-tracker-bug.patch @@ -22,7 +22,7 @@ Signed-off-by: Michael Chang 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 86bce6535d..4bb308026c 100644 +index 86bce6535d3..4bb308026ce 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -645,8 +645,10 @@ grub_efihttp_chunk_read (grub_file_t file, char *buf, @@ -38,7 +38,7 @@ index 86bce6535d..4bb308026c 100644 if (buf) { diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 12a2632ea5..b52b558d63 100644 +index 12a2632ea55..b52b558d631 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -31,7 +31,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SOURCES/0097-grub-editenv-Add-incr-command-to-increment-integer-v.patch b/SOURCES/0097-grub-editenv-Add-incr-command-to-increment-integer-v.patch index 6e2e4e2..f8de42a 100644 --- a/SOURCES/0097-grub-editenv-Add-incr-command-to-increment-integer-v.patch +++ b/SOURCES/0097-grub-editenv-Add-incr-command-to-increment-integer-v.patch @@ -17,7 +17,7 @@ Signed-off-by: Hans de Goede 1 file changed, 50 insertions(+) diff --git a/util/grub-editenv.c b/util/grub-editenv.c -index db6f187cc6..948eec8a11 100644 +index db6f187cc63..948eec8a114 100644 --- a/util/grub-editenv.c +++ b/util/grub-editenv.c @@ -53,6 +53,9 @@ static struct argp_option options[] = { diff --git a/SOURCES/0098-Add-auto-hide-menu-support.patch b/SOURCES/0098-Add-auto-hide-menu-support.patch index c3bbce6..efb76c4 100644 --- a/SOURCES/0098-Add-auto-hide-menu-support.patch +++ b/SOURCES/0098-Add-auto-hide-menu-support.patch @@ -49,7 +49,7 @@ Changes in v2: create mode 100644 util/grub.d/01_menu_auto_hide.in diff --git a/Makefile.util.def b/Makefile.util.def -index 41906486a7..04551e095b 100644 +index 41906486a71..04551e095bd 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -458,6 +458,12 @@ script = { @@ -67,7 +67,7 @@ index 41906486a7..04551e095b 100644 common = util/grub.d/01_users.in; diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/01_menu_auto_hide.in new file mode 100644 -index 0000000000..ad175870a5 +index 00000000000..ad175870a54 --- /dev/null +++ b/util/grub.d/01_menu_auto_hide.in @@ -0,0 +1,48 @@ @@ -120,7 +120,7 @@ index 0000000000..ad175870a5 +fi +EOF diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 4b27bd2015..3c9431cfcf 100644 +index 4b27bd20153..3c9431cfcfb 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -42,6 +42,7 @@ if [ -z "${OSPROBED}" ] ; then diff --git a/SOURCES/0099-Add-grub-set-bootflag-utility.patch b/SOURCES/0099-Add-grub-set-bootflag-utility.patch index 5ac01c7..f5ff7d3 100644 --- a/SOURCES/0099-Add-grub-set-bootflag-utility.patch +++ b/SOURCES/0099-Add-grub-set-bootflag-utility.patch @@ -45,7 +45,7 @@ Signed-off-by: Hans de Goede create mode 100644 util/grub-set-bootflag.1 diff --git a/Makefile.util.def b/Makefile.util.def -index 04551e095b..c6375933fa 100644 +index 04551e095bd..c6375933faa 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1445,3 +1445,10 @@ program = { @@ -61,7 +61,7 @@ index 04551e095b..c6375933fa 100644 +}; diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c new file mode 100644 -index 0000000000..bb198f0235 +index 00000000000..bb198f02351 --- /dev/null +++ b/util/grub-set-bootflag.c @@ -0,0 +1,160 @@ @@ -226,7 +226,7 @@ index 0000000000..bb198f0235 + return 0; +} diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index b909f2c073..ea58362b55 100644 +index b909f2c073a..ea58362b555 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -14,6 +14,9 @@ EXTRA_DIST += util/import_unicode.py @@ -241,7 +241,7 @@ index b909f2c073..ea58362b55 100644 diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service new file mode 100644 -index 0000000000..80e79584c9 +index 00000000000..80e79584c91 --- /dev/null +++ b/docs/grub-boot-success.service @@ -0,0 +1,6 @@ @@ -253,7 +253,7 @@ index 0000000000..80e79584c9 +ExecStart=/usr/sbin/grub2-set-bootflag boot_success diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer new file mode 100644 -index 0000000000..5d8fcba21a +index 00000000000..5d8fcba21aa --- /dev/null +++ b/docs/grub-boot-success.timer @@ -0,0 +1,6 @@ @@ -265,7 +265,7 @@ index 0000000000..5d8fcba21a +OnActiveSec=2min diff --git a/util/grub-set-bootflag.1 b/util/grub-set-bootflag.1 new file mode 100644 -index 0000000000..57801da22a +index 00000000000..57801da22a0 --- /dev/null +++ b/util/grub-set-bootflag.1 @@ -0,0 +1,20 @@ diff --git a/SOURCES/0100-docs-Add-grub-boot-indeterminate.service-example.patch b/SOURCES/0100-docs-Add-grub-boot-indeterminate.service-example.patch index 96eff36..44f6ad3 100644 --- a/SOURCES/0100-docs-Add-grub-boot-indeterminate.service-example.patch +++ b/SOURCES/0100-docs-Add-grub-boot-indeterminate.service-example.patch @@ -16,7 +16,7 @@ Signed-off-by: Hans de Goede diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service new file mode 100644 -index 0000000000..6c8dcb186b +index 00000000000..6c8dcb186b6 --- /dev/null +++ b/docs/grub-boot-indeterminate.service @@ -0,0 +1,11 @@ diff --git a/SOURCES/0101-gentpl-add-disable-support.patch b/SOURCES/0101-gentpl-add-disable-support.patch index 5b0aecf..2c3c998 100644 --- a/SOURCES/0101-gentpl-add-disable-support.patch +++ b/SOURCES/0101-gentpl-add-disable-support.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gentpl.py b/gentpl.py -index 2cba0bbbd6..628e8bec1d 100644 +index 2cba0bbbd6f..628e8bec1d7 100644 --- a/gentpl.py +++ b/gentpl.py @@ -592,11 +592,21 @@ def platform_conditional(platform, closure): diff --git a/SOURCES/0102-gentpl-add-pc-firmware-type.patch b/SOURCES/0102-gentpl-add-pc-firmware-type.patch index f200dd0..96dd2b8 100644 --- a/SOURCES/0102-gentpl-add-pc-firmware-type.patch +++ b/SOURCES/0102-gentpl-add-pc-firmware-type.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+) diff --git a/gentpl.py b/gentpl.py -index 628e8bec1d..34a4eba2b4 100644 +index 628e8bec1d7..34a4eba2b42 100644 --- a/gentpl.py +++ b/gentpl.py @@ -51,6 +51,7 @@ GROUPS["riscv32"] = [ "riscv32_efi" ] diff --git a/SOURCES/0103-efinet-also-use-the-firmware-acceleration-for-http.patch b/SOURCES/0103-efinet-also-use-the-firmware-acceleration-for-http.patch index a3a9400..915b5aa 100644 --- a/SOURCES/0103-efinet-also-use-the-firmware-acceleration-for-http.patch +++ b/SOURCES/0103-efinet-also-use-the-firmware-acceleration-for-http.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 4bb308026c..6603cd83ed 100644 +index 4bb308026ce..6603cd83edc 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -1324,7 +1324,9 @@ grub_efi_net_boot_from_https (void) diff --git a/SOURCES/0104-efi-http-Make-root_url-reflect-the-protocol-hostname.patch b/SOURCES/0104-efi-http-Make-root_url-reflect-the-protocol-hostname.patch index 90d9777..985a037 100644 --- a/SOURCES/0104-efi-http-Make-root_url-reflect-the-protocol-hostname.patch +++ b/SOURCES/0104-efi-http-Make-root_url-reflect-the-protocol-hostname.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 19 insertions(+) diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 3f61fd2fa5..243acbaa35 100644 +index 3f61fd2fa5b..243acbaa35b 100644 --- a/grub-core/net/efi/http.c +++ b/grub-core/net/efi/http.c @@ -4,6 +4,7 @@ diff --git a/SOURCES/0105-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0105-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch index bbd02eb..b65eafc 100644 --- a/SOURCES/0105-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch +++ b/SOURCES/0105-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch @@ -17,7 +17,7 @@ Signed-off-by: Peter Jones 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac -index b4455e4732..3405348178 100644 +index b4455e4732d..3405348178a 100644 --- a/configure.ac +++ b/configure.ac @@ -877,11 +877,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p @@ -88,7 +88,7 @@ index b4455e4732..3405348178 100644 GRUB_PLATFORM="${platform}" diff --git a/conf/Makefile.common b/conf/Makefile.common -index 5f0ef96985..2ff9b39357 100644 +index 5f0ef969857..2ff9b39357c 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 @@ -129,7 +129,7 @@ index 5f0ef96985..2ff9b39357 100644 # Other variables diff --git a/gentpl.py b/gentpl.py -index 34a4eba2b4..59f62ef952 100644 +index 34a4eba2b42..59f62ef9522 100644 --- a/gentpl.py +++ b/gentpl.py @@ -697,10 +697,10 @@ def module(defn, platform): diff --git a/SOURCES/0106-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0106-module-verifier-make-it-possible-to-run-checkers-on-.patch index 78c15d6..e31b38f 100644 --- a/SOURCES/0106-module-verifier-make-it-possible-to-run-checkers-on-.patch +++ b/SOURCES/0106-module-verifier-make-it-possible-to-run-checkers-on-.patch @@ -22,7 +22,7 @@ Signed-off-by: Peter Jones 3 files changed, 13 insertions(+) diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c -index 257229f8f0..ba7d41aafe 100644 +index 257229f8f08..ba7d41aafea 100644 --- a/util/grub-module-verifier32.c +++ b/util/grub-module-verifier32.c @@ -1,2 +1,4 @@ @@ -31,7 +31,7 @@ index 257229f8f0..ba7d41aafe 100644 #include "grub-module-verifierXX.c" +#endif diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c -index 4db6b4bedd..fc23ef800b 100644 +index 4db6b4bedd1..fc23ef800b3 100644 --- a/util/grub-module-verifier64.c +++ b/util/grub-module-verifier64.c @@ -1,2 +1,4 @@ @@ -40,7 +40,7 @@ index 4db6b4bedd..fc23ef800b 100644 #include "grub-module-verifierXX.c" +#endif diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index ceb24309ae..a98e2f9b1a 100644 +index ceb24309aec..a98e2f9b1ac 100644 --- a/util/grub-module-verifierXX.c +++ b/util/grub-module-verifierXX.c @@ -1,3 +1,12 @@ diff --git a/SOURCES/0107-Rework-how-the-fdt-command-builds.patch b/SOURCES/0107-Rework-how-the-fdt-command-builds.patch index f2bd0a5..71328da 100644 --- a/SOURCES/0107-Rework-how-the-fdt-command-builds.patch +++ b/SOURCES/0107-Rework-how-the-fdt-command-builds.patch @@ -22,7 +22,7 @@ Signed-off-by: Peter Jones 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c40170f2dd..84a3d89de9 100644 +index c40170f2dd2..84a3d89de9a 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -177,7 +177,6 @@ kernel = { @@ -59,7 +59,7 @@ index c40170f2dd..84a3d89de9 100644 }; diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c -index 0d371c5633..37e04bd69e 100644 +index 0d371c5633e..37e04bd69e7 100644 --- a/grub-core/lib/fdt.c +++ b/grub-core/lib/fdt.c @@ -21,8 +21,6 @@ @@ -72,7 +72,7 @@ index 0d371c5633..37e04bd69e 100644 #define FDT_BEGIN_NODE 0x00000001 diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index c86f283d75..c572415d38 100644 +index c86f283d756..c572415d38a 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -27,6 +27,8 @@ @@ -85,7 +85,7 @@ index c86f283d75..c572415d38 100644 static void *fdt; diff --git a/include/grub/fdt.h b/include/grub/fdt.h -index e609c7e411..22b7c5463f 100644 +index e609c7e4111..22b7c5463fc 100644 --- a/include/grub/fdt.h +++ b/include/grub/fdt.h @@ -19,6 +19,8 @@ @@ -105,7 +105,7 @@ index e609c7e411..22b7c5463f 100644 + #endif /* ! GRUB_FDT_HEADER */ diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index f512573c0d..dd49939aaa 100644 +index f512573c0da..dd49939aaa9 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h diff --git a/SOURCES/0108-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0108-Disable-non-wordsize-allocations-on-arm.patch index 38a8580..f614c9e 100644 --- a/SOURCES/0108-Disable-non-wordsize-allocations-on-arm.patch +++ b/SOURCES/0108-Disable-non-wordsize-allocations-on-arm.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 20 insertions(+) diff --git a/configure.ac b/configure.ac -index 3405348178..152e7dba65 100644 +index 3405348178a..152e7dba652 100644 --- a/configure.ac +++ b/configure.ac @@ -1288,6 +1288,26 @@ if test "x$target_cpu" = xarm; then diff --git a/SOURCES/0109-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0109-Prepend-prefix-when-HTTP-path-is-relative.patch index 85fa1a1..fc861d9 100644 --- a/SOURCES/0109-Prepend-prefix-when-HTTP-path-is-relative.patch +++ b/SOURCES/0109-Prepend-prefix-when-HTTP-path-is-relative.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 2 files changed, 71 insertions(+), 21 deletions(-) diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 48058d983c..4ec3f5e4d3 100644 +index 48058d983ce..4ec3f5e4d33 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -131,11 +131,19 @@ grub_set_prefix_and_root (void) @@ -39,7 +39,7 @@ index 48058d983c..4ec3f5e4d3 100644 } } diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 243acbaa35..de351b2cd0 100644 +index 243acbaa35b..de351b2cd03 100644 --- a/grub-core/net/efi/http.c +++ b/grub-core/net/efi/http.c @@ -9,10 +9,52 @@ diff --git a/SOURCES/0110-Make-grub_error-more-verbose.patch b/SOURCES/0110-Make-grub_error-more-verbose.patch index 306a3d3..2492e9f 100644 --- a/SOURCES/0110-Make-grub_error-more-verbose.patch +++ b/SOURCES/0110-Make-grub_error-more-verbose.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de70..aebfe0cf83 100644 +index 53c734de70e..aebfe0cf839 100644 --- a/grub-core/kern/err.c +++ b/grub-core/kern/err.c @@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; @@ -41,7 +41,7 @@ index 53c734de70..aebfe0cf83 100644 return n; diff --git a/include/grub/err.h b/include/grub/err.h -index b08d5d0de4..c0f90ef07c 100644 +index b08d5d0de4c..c0f90ef07c8 100644 --- a/include/grub/err.h +++ b/include/grub/err.h @@ -85,8 +85,12 @@ struct grub_error_saved diff --git a/SOURCES/0111-Make-reset-an-alias-for-the-reboot-command.patch b/SOURCES/0111-Make-reset-an-alias-for-the-reboot-command.patch index 22475d6..c86acf1 100644 --- a/SOURCES/0111-Make-reset-an-alias-for-the-reboot-command.patch +++ b/SOURCES/0111-Make-reset-an-alias-for-the-reboot-command.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/grub-core/commands/reboot.c b/grub-core/commands/reboot.c -index 46d364c99a..f5cc228363 100644 +index 46d364c99a9..f5cc2283636 100644 --- a/grub-core/commands/reboot.c +++ b/grub-core/commands/reboot.c @@ -32,15 +32,18 @@ grub_cmd_reboot (grub_command_t cmd __attribute__ ((unused)), diff --git a/SOURCES/0112-Add-a-version-command.patch b/SOURCES/0112-Add-a-version-command.patch index d3b9fa9..30c8224 100644 --- a/SOURCES/0112-Add-a-version-command.patch +++ b/SOURCES/0112-Add-a-version-command.patch @@ -17,7 +17,7 @@ Signed-off-by: Peter Jones create mode 100644 grub-core/commands/version.c diff --git a/configure.ac b/configure.ac -index 152e7dba65..cfdac6bed5 100644 +index 152e7dba652..cfdac6bed5a 100644 --- a/configure.ac +++ b/configure.ac @@ -312,6 +312,19 @@ AC_SUBST(target_cpu) @@ -41,7 +41,7 @@ index 152e7dba65..cfdac6bed5 100644 have_with_bootdir=n AC_ARG_WITH([bootdir], diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 84a3d89de9..498ca11762 100644 +index 84a3d89de9a..498ca11762a 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -579,6 +579,11 @@ image = { @@ -58,7 +58,7 @@ index 84a3d89de9..498ca11762 100644 common = lib/disk.c; diff --git a/grub-core/commands/version.c b/grub-core/commands/version.c new file mode 100644 -index 0000000000..f0966a518f +index 00000000000..f0966a518f7 --- /dev/null +++ b/grub-core/commands/version.c @@ -0,0 +1,56 @@ @@ -119,7 +119,7 @@ index 0000000000..f0966a518f + grub_unregister_command (cmd); +} diff --git a/config.h.in b/config.h.in -index 9e8f9911b1..c7e316f0f1 100644 +index 9e8f9911b18..c7e316f0f1f 100644 --- a/config.h.in +++ b/config.h.in @@ -59,6 +59,7 @@ diff --git a/SOURCES/0113-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch b/SOURCES/0113-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch index 72c8d30..9afb315 100644 --- a/SOURCES/0113-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch +++ b/SOURCES/0113-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 4 files changed, 10 insertions(+) diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index 0320115662..7cdffe3ebd 100644 +index 0320115662f..7cdffe3ebd5 100644 --- a/grub-core/disk/diskfilter.c +++ b/grub-core/disk/diskfilter.c @@ -188,6 +188,8 @@ scan_disk (const char *name, int accept_diskfilter) @@ -33,7 +33,7 @@ index 0320115662..7cdffe3ebd 100644 if (!pv->disk) return grub_errno; diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c -index f077b5f553..fe8ba6e6c9 100644 +index f077b5f5535..fe8ba6e6c93 100644 --- a/grub-core/disk/efi/efidisk.c +++ b/grub-core/disk/efi/efidisk.c @@ -855,6 +855,7 @@ grub_efidisk_get_device_name (grub_efi_handle_t *handle) @@ -45,7 +45,7 @@ index f077b5f553..fe8ba6e6c9 100644 grub_free (dup_dp); diff --git a/grub-core/kern/device.c b/grub-core/kern/device.c -index 73b8ecc0c0..f58b58c89d 100644 +index 73b8ecc0c09..f58b58c89d5 100644 --- a/grub-core/kern/device.c +++ b/grub-core/kern/device.c @@ -34,6 +34,7 @@ grub_device_open (const char *name) @@ -57,7 +57,7 @@ index 73b8ecc0c0..f58b58c89d 100644 { name = grub_env_get ("root"); diff --git a/grub-core/script/script.c b/grub-core/script/script.c -index ec4d4337c6..844e8343ca 100644 +index ec4d4337c66..844e8343ca7 100644 --- a/grub-core/script/script.c +++ b/grub-core/script/script.c @@ -22,6 +22,11 @@ diff --git a/SOURCES/0114-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0114-arm-arm64-loader-Better-memory-allocation-and-error-.patch index 57d937c..1fdc552 100644 --- a/SOURCES/0114-arm-arm64-loader-Better-memory-allocation-and-error-.patch +++ b/SOURCES/0114-arm-arm64-loader-Better-memory-allocation-and-error-.patch @@ -71,7 +71,7 @@ Signed-off-by: Peter Jones 2 files changed, 76 insertions(+), 25 deletions(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index f6aef0ef64..85ad4b4494 100644 +index f6aef0ef649..85ad4b4494c 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, @@ -146,7 +146,7 @@ index f6aef0ef64..85ad4b4494 100644 grub_free(memory_map); diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 04994d5c67..70a0075ec5 100644 +index 04994d5c67d..70a0075ec5e 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -71,20 +71,25 @@ finalize_params_linux (void) diff --git a/SOURCES/0115-Try-to-pick-better-locations-for-kernel-and-initrd.patch b/SOURCES/0115-Try-to-pick-better-locations-for-kernel-and-initrd.patch index fe3a079..ba918ed 100644 --- a/SOURCES/0115-Try-to-pick-better-locations-for-kernel-and-initrd.patch +++ b/SOURCES/0115-Try-to-pick-better-locations-for-kernel-and-initrd.patch @@ -34,7 +34,7 @@ Signed-off-by: Peter Jones 7 files changed, 28 insertions(+), 12 deletions(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 85ad4b4494..e84961d078 100644 +index 85ad4b4494c..e84961d078c 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -122,7 +122,7 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max, @@ -68,7 +68,7 @@ index 85ad4b4494..e84961d078 100644 #endif diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3017d0f3e5..33e981e76e 100644 +index 3017d0f3e52..33e981e76e7 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -27,6 +27,7 @@ @@ -134,7 +134,7 @@ index 3017d0f3e5..33e981e76e 100644 { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); diff --git a/include/grub/arm/efi/memory.h b/include/grub/arm/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 +index 2c64918e3f7..a4c2ec83502 100644 --- a/include/grub/arm/efi/memory.h +++ b/include/grub/arm/efi/memory.h @@ -2,5 +2,6 @@ @@ -145,7 +145,7 @@ index 2c64918e3f..a4c2ec8350 100644 #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/include/grub/arm64/efi/memory.h b/include/grub/arm64/efi/memory.h -index c6cb324171..acb61dca44 100644 +index c6cb3241714..acb61dca44b 100644 --- a/include/grub/arm64/efi/memory.h +++ b/include/grub/arm64/efi/memory.h @@ -2,5 +2,6 @@ @@ -156,7 +156,7 @@ index c6cb324171..acb61dca44 100644 #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/include/grub/i386/efi/memory.h b/include/grub/i386/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 +index 2c64918e3f7..a4c2ec83502 100644 --- a/include/grub/i386/efi/memory.h +++ b/include/grub/i386/efi/memory.h @@ -2,5 +2,6 @@ @@ -167,7 +167,7 @@ index 2c64918e3f..a4c2ec8350 100644 #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/include/grub/ia64/efi/memory.h b/include/grub/ia64/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 +index 2c64918e3f7..a4c2ec83502 100644 --- a/include/grub/ia64/efi/memory.h +++ b/include/grub/ia64/efi/memory.h @@ -2,5 +2,6 @@ @@ -178,7 +178,7 @@ index 2c64918e3f..a4c2ec8350 100644 #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/include/grub/x86_64/efi/memory.h b/include/grub/x86_64/efi/memory.h -index 46e9145a30..e81cfb3221 100644 +index 46e9145a308..e81cfb32213 100644 --- a/include/grub/x86_64/efi/memory.h +++ b/include/grub/x86_64/efi/memory.h @@ -2,9 +2,11 @@ diff --git a/SOURCES/0116-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch b/SOURCES/0116-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch index 534d188..c2f2a59 100644 --- a/SOURCES/0116-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch +++ b/SOURCES/0116-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch @@ -22,7 +22,7 @@ Signed-off-by: Peter Jones create mode 100644 grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index eeea092752..f08a1bb841 100644 +index eeea092752d..f08a1bb8415 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -189,7 +189,7 @@ grub_util_get_image_size (const char *path) @@ -35,7 +35,7 @@ index eeea092752..f08a1bb841 100644 ret = (size_t) sz; diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index 467305b46a..79037c093f 100644 +index 467305b46ab..79037c093f7 100644 --- a/grub-core/lib/reed_solomon.c +++ b/grub-core/lib/reed_solomon.c @@ -157,7 +157,7 @@ static void @@ -57,7 +57,7 @@ index 467305b46a..79037c093f 100644 { grub_size_t ds = (s + SECTOR_SIZE - 1 - i) / SECTOR_SIZE; diff --git a/grub-core/osdep/linux/blocklist.c b/grub-core/osdep/linux/blocklist.c -index c77d6085cc..42a315031f 100644 +index c77d6085ccb..42a315031ff 100644 --- a/grub-core/osdep/linux/blocklist.c +++ b/grub-core/osdep/linux/blocklist.c @@ -109,7 +109,7 @@ grub_install_get_blocklist (grub_device_t root_dev, @@ -70,7 +70,7 @@ index c77d6085cc..42a315031f 100644 + fie1.fm_mapped_extents * sizeof (fie1.fm_extents[1])); diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 28790307e0..9f730b3518 100644 +index 28790307e00..9f730b35189 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -236,7 +236,7 @@ grub_find_root_devices_from_btrfs (const char *dir) @@ -83,7 +83,7 @@ index 28790307e0..9f730b3518 100644 fd = open (dir, 0); diff --git a/grub-core/osdep/linux/hostdisk.c b/grub-core/osdep/linux/hostdisk.c -index da62f924e3..7bc99ac1c1 100644 +index da62f924e35..7bc99ac1c1d 100644 --- a/grub-core/osdep/linux/hostdisk.c +++ b/grub-core/osdep/linux/hostdisk.c @@ -83,7 +83,7 @@ grub_util_get_fd_size_os (grub_util_fd_t fd, const char *name, unsigned *log_sec @@ -96,7 +96,7 @@ index da62f924e3..7bc99ac1c1 100644 if (log_secsize) diff --git a/util/grub-fstest.c b/util/grub-fstest.c -index 8386564200..bfcef852d8 100644 +index 83865642009..bfcef852d83 100644 --- a/util/grub-fstest.c +++ b/util/grub-fstest.c @@ -323,7 +323,7 @@ cmd_cmp (char *src, char *dest) @@ -109,7 +109,7 @@ index 8386564200..bfcef852d8 100644 fseek (ff, 0, SEEK_END); if (pre != ftell (ff)) diff --git a/util/grub-menulst2cfg.c b/util/grub-menulst2cfg.c -index a39f869394..358d604210 100644 +index a39f8693947..358d604210b 100644 --- a/util/grub-menulst2cfg.c +++ b/util/grub-menulst2cfg.c @@ -34,7 +34,7 @@ main (int argc, char **argv) @@ -122,7 +122,7 @@ index a39f869394..358d604210 100644 grub_util_host_init (&argc, &argv); diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c -index 0fe45a6103..3e09240b99 100644 +index 0fe45a6103d..3e09240b99f 100644 --- a/util/grub-mkfont.c +++ b/util/grub-mkfont.c @@ -138,7 +138,8 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, @@ -176,7 +176,7 @@ index 0fe45a6103..3e09240b99 100644 add_pixel (&data, &mask, glyph->bitmap.buffer[i / 8 + j * glyph->bitmap.pitch] & diff --git a/util/grub-probe.c b/util/grub-probe.c -index c08e46bbb4..c6fac732b4 100644 +index c08e46bbb40..c6fac732b40 100644 --- a/util/grub-probe.c +++ b/util/grub-probe.c @@ -798,7 +798,7 @@ argp_parser (int key, char *arg, struct argp_state *state) @@ -189,7 +189,7 @@ index c08e46bbb4..c6fac732b4 100644 for (i = PRINT_FS; i < ARRAY_SIZE (targets); i++) if (strcmp (arg, targets[i]) == 0) diff --git a/util/grub-rpm-sort.c b/util/grub-rpm-sort.c -index f33bd1ed56..8345944105 100644 +index f33bd1ed568..8345944105f 100644 --- a/util/grub-rpm-sort.c +++ b/util/grub-rpm-sort.c @@ -232,7 +232,7 @@ main (int argc, char *argv[]) @@ -202,7 +202,7 @@ index f33bd1ed56..8345944105 100644 grub_util_host_init (&argc, &argv); diff --git a/util/setup.c b/util/setup.c -index da5f2c07f5..8b22bb8cca 100644 +index da5f2c07f50..8b22bb8ccac 100644 --- a/util/setup.c +++ b/util/setup.c @@ -406,7 +406,7 @@ SETUP (const char *dir, @@ -215,7 +215,7 @@ index da5f2c07f5..8b22bb8cca 100644 unsigned int nsec, maxsec; diff --git a/bootstrap.conf b/bootstrap.conf -index 6b043fc354..186be9c48c 100644 +index 6b043fc354c..186be9c48ce 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -80,7 +80,8 @@ cp -a INSTALL INSTALL.grub @@ -230,7 +230,7 @@ index 6b043fc354..186be9c48c 100644 done diff --git a/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch b/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch new file mode 100644 -index 0000000000..479029c056 +index 00000000000..479029c0565 --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch @@ -0,0 +1,161 @@ diff --git a/SOURCES/0117-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch b/SOURCES/0117-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch index 3f67a4d..de71484 100644 --- a/SOURCES/0117-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch +++ b/SOURCES/0117-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch @@ -11,7 +11,7 @@ Signed-off-by: Peter Jones 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index cfdac6bed5..bd28edf314 100644 +index cfdac6bed5a..bd28edf3141 100644 --- a/configure.ac +++ b/configure.ac @@ -1480,11 +1480,11 @@ fi @@ -45,7 +45,7 @@ index cfdac6bed5..bd28edf314 100644 TARGET_CCAS=$TARGET_CC diff --git a/conf/Makefile.common b/conf/Makefile.common -index 2ff9b39357..35e14ff017 100644 +index 2ff9b39357c..35e14ff017e 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d diff --git a/SOURCES/0118-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch b/SOURCES/0118-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch index 5a9c6f2..fdd3096 100644 --- a/SOURCES/0118-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch +++ b/SOURCES/0118-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 33e981e76e..2f0336809e 100644 +index 33e981e76e7..2f0336809e7 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -35,11 +35,16 @@ static grub_dl_t my_mod; diff --git a/SOURCES/0119-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch b/SOURCES/0119-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch index 9b10d68..f8284ec 100644 --- a/SOURCES/0119-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch +++ b/SOURCES/0119-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch @@ -11,7 +11,7 @@ Signed-off-by: Peter Jones 1 file changed, 41 insertions(+), 34 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 2f0336809e..5f48fa5561 100644 +index 2f0336809e7..5f48fa55619 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -243,32 +243,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff --git a/SOURCES/0120-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch b/SOURCES/0120-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch index 700c98b..4ad0696 100644 --- a/SOURCES/0120-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch +++ b/SOURCES/0120-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch @@ -11,7 +11,7 @@ Signed-off-by: Peter Jones 1 file changed, 94 insertions(+), 73 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 5f48fa5561..3e4f7ef39f 100644 +index 5f48fa55619..3e4f7ef39f4 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -47,6 +47,65 @@ static char *linux_cmdline; diff --git a/SOURCES/0121-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch b/SOURCES/0121-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch index 6ac11a1..b1233ce 100644 --- a/SOURCES/0121-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch +++ b/SOURCES/0121-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3e4f7ef39f..6bc18d5aef 100644 +index 3e4f7ef39f4..6bc18d5aef5 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -52,13 +52,22 @@ struct allocation_choice { @@ -153,7 +153,7 @@ index 3e4f7ef39f..6bc18d5aef 100644 grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index 25ef52c04e..fac22476cc 100644 +index 25ef52c04eb..fac22476cc5 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -236,7 +236,11 @@ struct linux_kernel_params diff --git a/SOURCES/0122-Fix-getroot.c-s-trampolines.patch b/SOURCES/0122-Fix-getroot.c-s-trampolines.patch index e744b77..29ec44c 100644 --- a/SOURCES/0122-Fix-getroot.c-s-trampolines.patch +++ b/SOURCES/0122-Fix-getroot.c-s-trampolines.patch @@ -12,7 +12,7 @@ Signed-off-by: Peter Jones 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 9f730b3518..f0c503f43d 100644 +index 9f730b35189..f0c503f43d3 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) diff --git a/SOURCES/0123-Do-not-allow-stack-trampolines-anywhere.patch b/SOURCES/0123-Do-not-allow-stack-trampolines-anywhere.patch index 0968558..4ee639d 100644 --- a/SOURCES/0123-Do-not-allow-stack-trampolines-anywhere.patch +++ b/SOURCES/0123-Do-not-allow-stack-trampolines-anywhere.patch @@ -10,7 +10,7 @@ Signed-off-by: Peter Jones 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index bd28edf314..907477a585 100644 +index bd28edf3141..907477a585c 100644 --- a/configure.ac +++ b/configure.ac @@ -2062,6 +2062,9 @@ if test x"$enable_wextra" != xno ; then @@ -24,7 +24,7 @@ index bd28edf314..907477a585 100644 TARGET_CCAS=$TARGET_CC diff --git a/conf/Makefile.common b/conf/Makefile.common -index 35e14ff017..0647c53b91 100644 +index 35e14ff017e..0647c53b916 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d diff --git a/SOURCES/0124-Reimplement-boot_counter.patch b/SOURCES/0124-Reimplement-boot_counter.patch index b3df73e..164b229 100644 --- a/SOURCES/0124-Reimplement-boot_counter.patch +++ b/SOURCES/0124-Reimplement-boot_counter.patch @@ -23,7 +23,7 @@ Signed-off-by: Christian Glombek create mode 100644 util/grub.d/01_fallback_counting.in diff --git a/Makefile.util.def b/Makefile.util.def -index c6375933fa..2e5e05b25f 100644 +index c6375933faa..2e5e05b25f1 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -458,6 +458,12 @@ script = { @@ -40,7 +40,7 @@ index c6375933fa..2e5e05b25f 100644 name = '01_menu_auto_hide'; common = util/grub.d/01_menu_auto_hide.in; diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 498ca11762..1e15345107 100644 +index 498ca11762a..1e15345107e 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -398,6 +398,11 @@ kernel = { @@ -57,7 +57,7 @@ index 498ca11762..1e15345107 100644 mansection = 1; diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c new file mode 100644 -index 0000000000..79cf137656 +index 00000000000..79cf137656c --- /dev/null +++ b/grub-core/commands/increment.c @@ -0,0 +1,105 @@ @@ -168,7 +168,7 @@ index 0000000000..79cf137656 +} diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in new file mode 100644 -index 0000000000..be0e770ea8 +index 00000000000..be0e770ea82 --- /dev/null +++ b/util/grub.d/01_fallback_counting.in @@ -0,0 +1,22 @@ diff --git a/SOURCES/0125-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0125-Fix-menu-entry-selection-based-on-ID-and-title.patch index d74d51d..84c1370 100644 --- a/SOURCES/0125-Fix-menu-entry-selection-based-on-ID-and-title.patch +++ b/SOURCES/0125-Fix-menu-entry-selection-based-on-ID-and-title.patch @@ -24,7 +24,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 71 insertions(+), 70 deletions(-) diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 37d753d808..ea714d2717 100644 +index 37d753d8081..ea714d27176 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) diff --git a/SOURCES/0126-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0126-Make-the-menu-entry-users-option-argument-to-be-opti.patch index 68779eb..e0d36db 100644 --- a/SOURCES/0126-Make-the-menu-entry-users-option-argument-to-be-opti.patch +++ b/SOURCES/0126-Make-the-menu-entry-users-option-argument-to-be-opti.patch @@ -23,7 +23,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index b194123eb6..b175a1b43b 100644 +index b194123eb67..b175a1b43b7 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -29,7 +29,7 @@ static const struct grub_arg_option options[] = diff --git a/SOURCES/0127-Add-efi-export-env-and-efi-load-env-commands.patch b/SOURCES/0127-Add-efi-export-env-and-efi-load-env-commands.patch index f7bca56..73456bc 100644 --- a/SOURCES/0127-Add-efi-export-env-and-efi-load-env-commands.patch +++ b/SOURCES/0127-Add-efi-export-env-and-efi-load-env-commands.patch @@ -21,7 +21,7 @@ Signed-off-by: Peter Jones create mode 100644 grub-core/commands/efi/env.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1e15345107..81fc274148 100644 +index 1e15345107e..81fc274148e 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -820,6 +820,12 @@ module = { @@ -39,7 +39,7 @@ index 1e15345107..81fc274148 100644 efi = commands/efi/efifwsetup.c; diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c new file mode 100644 -index 0000000000..cbd13e03e8 +index 00000000000..cbd13e03e81 --- /dev/null +++ b/grub-core/commands/efi/env.c @@ -0,0 +1,168 @@ @@ -212,7 +212,7 @@ index 0000000000..cbd13e03e8 + grub_unregister_command (loadenv_cmd); +} diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 2a446f5031..14bc10eb56 100644 +index 2a446f5031b..14bc10eb564 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -225,6 +225,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, @@ -226,7 +226,7 @@ index 2a446f5031..14bc10eb56 100644 } diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 2d12e6188f..0574d8d621 100644 +index 2d12e6188fd..0574d8d6217 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -85,11 +85,6 @@ stack_protector_init (void) @@ -242,7 +242,7 @@ index 2d12e6188f..0574d8d621 100644 static int set_var (const char *name, const char *value, diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c -index 2e4e78b132..874506da16 100644 +index 2e4e78b132d..874506da169 100644 --- a/grub-core/lib/envblk.c +++ b/grub-core/lib/envblk.c @@ -223,6 +223,49 @@ grub_envblk_delete (grub_envblk_t envblk, const char *name) @@ -296,7 +296,7 @@ index 2e4e78b132..874506da16 100644 grub_envblk_iterate (grub_envblk_t envblk, void *hook_data, diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index bb198f0235..6a79ee6744 100644 +index bb198f02351..6a79ee67444 100644 --- a/util/grub-set-bootflag.c +++ b/util/grub-set-bootflag.c @@ -25,6 +25,7 @@ @@ -308,7 +308,7 @@ index bb198f0235..6a79ee6744 100644 #include #include diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 2e0691454b..8dfc89a33b 100644 +index 2e0691454b1..8dfc89a33b9 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -24,6 +24,11 @@ @@ -324,7 +324,7 @@ index 2e0691454b..8dfc89a33b 100644 extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); diff --git a/include/grub/lib/envblk.h b/include/grub/lib/envblk.h -index c3e6559217..ab969af246 100644 +index c3e65592170..ab969af2461 100644 --- a/include/grub/lib/envblk.h +++ b/include/grub/lib/envblk.h @@ -22,6 +22,8 @@ diff --git a/SOURCES/0128-Make-it-possible-to-subtract-conditions-from-debug.patch b/SOURCES/0128-Make-it-possible-to-subtract-conditions-from-debug.patch index 15305f8..fce51ea 100644 --- a/SOURCES/0128-Make-it-possible-to-subtract-conditions-from-debug.patch +++ b/SOURCES/0128-Make-it-possible-to-subtract-conditions-from-debug.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 9a2fae6398..578bf51a5f 100644 +index 9a2fae6398e..578bf51a5fc 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -164,12 +164,24 @@ int diff --git a/SOURCES/0129-Export-all-variables-from-the-initial-context-when-c.patch b/SOURCES/0129-Export-all-variables-from-the-initial-context-when-c.patch index 8b68a30..bfe3165 100644 --- a/SOURCES/0129-Export-all-variables-from-the-initial-context-when-c.patch +++ b/SOURCES/0129-Export-all-variables-from-the-initial-context-when-c.patch @@ -17,7 +17,7 @@ Signed-off-by: Javier Martinez Canillas 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/grub-core/normal/context.c b/grub-core/normal/context.c -index ee53d4a68e..87edd254c4 100644 +index ee53d4a68e5..87edd254c44 100644 --- a/grub-core/normal/context.c +++ b/grub-core/normal/context.c @@ -99,7 +99,7 @@ grub_env_new_context (int export_all) @@ -30,7 +30,7 @@ index ee53d4a68e..87edd254c4 100644 int grub_extractor_level = 0; diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index ea714d2717..d4832f1769 100644 +index ea714d27176..d4832f17699 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -375,8 +375,6 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) diff --git a/SOURCES/0130-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch b/SOURCES/0130-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch index 62d9054..9788fd5 100644 --- a/SOURCES/0130-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch +++ b/SOURCES/0130-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch @@ -18,7 +18,7 @@ In menu auto hide script, rename last_boot_ok var to menu_hide_ok rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%) diff --git a/Makefile.util.def b/Makefile.util.def -index 2e5e05b25f..11ab2d6fad 100644 +index 2e5e05b25f1..11ab2d6fad1 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -459,14 +459,14 @@ script = { @@ -57,7 +57,7 @@ diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_count similarity index 65% rename from util/grub.d/01_fallback_counting.in rename to util/grub.d/08_fallback_counting.in -index be0e770ea8..2e2c3ff7d3 100644 +index be0e770ea82..2e2c3ff7d31 100644 --- a/util/grub.d/01_fallback_counting.in +++ b/util/grub.d/08_fallback_counting.in @@ -1,15 +1,17 @@ @@ -86,7 +86,7 @@ index be0e770ea8..2e2c3ff7d3 100644 set boot_counter=-1 diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in new file mode 100644 -index 0000000000..6c88d933dd +index 00000000000..6c88d933dde --- /dev/null +++ b/util/grub.d/10_reset_boot_success.in @@ -0,0 +1,25 @@ @@ -119,7 +119,7 @@ diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in similarity index 58% rename from util/grub.d/01_menu_auto_hide.in rename to util/grub.d/12_menu_auto_hide.in -index ad175870a5..6a7c0fa0d4 100644 +index ad175870a54..6a7c0fa0d43 100644 --- a/util/grub.d/01_menu_auto_hide.in +++ b/util/grub.d/12_menu_auto_hide.in @@ -1,5 +1,8 @@ diff --git a/SOURCES/0131-Fix-systemctl-kexec-exit-status-check.patch b/SOURCES/0131-Fix-systemctl-kexec-exit-status-check.patch index 567e678..74ecedc 100644 --- a/SOURCES/0131-Fix-systemctl-kexec-exit-status-check.patch +++ b/SOURCES/0131-Fix-systemctl-kexec-exit-status-check.patch @@ -19,7 +19,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c -index fda9e00d24..5b85b225ee 100644 +index fda9e00d24c..5b85b225eed 100644 --- a/grub-core/loader/emu/linux.c +++ b/grub-core/loader/emu/linux.c @@ -71,8 +71,10 @@ grub_linux_boot (void) diff --git a/SOURCES/0132-Print-grub-emu-linux-loader-messages-as-debug.patch b/SOURCES/0132-Print-grub-emu-linux-loader-messages-as-debug.patch index 2718a70..a49ec44 100644 --- a/SOURCES/0132-Print-grub-emu-linux-loader-messages-as-debug.patch +++ b/SOURCES/0132-Print-grub-emu-linux-loader-messages-as-debug.patch @@ -11,7 +11,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c -index 5b85b225ee..22ab6af172 100644 +index 5b85b225eed..22ab6af1727 100644 --- a/grub-core/loader/emu/linux.c +++ b/grub-core/loader/emu/linux.c @@ -50,7 +50,7 @@ grub_linux_boot (void) diff --git a/SOURCES/0133-Don-t-assume-that-boot-commands-will-only-return-on-.patch b/SOURCES/0133-Don-t-assume-that-boot-commands-will-only-return-on-.patch index 27959bd..418a1ef 100644 --- a/SOURCES/0133-Don-t-assume-that-boot-commands-will-only-return-on-.patch +++ b/SOURCES/0133-Don-t-assume-that-boot-commands-will-only-return-on-.patch @@ -17,7 +17,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d4832f1769..14ceb9bb06 100644 +index d4832f17699..14ceb9bb060 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -285,7 +285,7 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) diff --git a/SOURCES/0134-Fix-undefined-references-for-fdt-when-building-with-.patch b/SOURCES/0134-Fix-undefined-references-for-fdt-when-building-with-.patch index 37bfa71..9065da8 100644 --- a/SOURCES/0134-Fix-undefined-references-for-fdt-when-building-with-.patch +++ b/SOURCES/0134-Fix-undefined-references-for-fdt-when-building-with-.patch @@ -27,7 +27,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/fdt.h b/include/grub/fdt.h -index 22b7c5463f..2041341fd6 100644 +index 22b7c5463fc..2041341fd68 100644 --- a/include/grub/fdt.h +++ b/include/grub/fdt.h @@ -19,7 +19,7 @@ diff --git a/SOURCES/0135-Do-better-in-bootstrap.conf.patch b/SOURCES/0135-Do-better-in-bootstrap.conf.patch index f8c6ef0..ec9d8ec 100644 --- a/SOURCES/0135-Do-better-in-bootstrap.conf.patch +++ b/SOURCES/0135-Do-better-in-bootstrap.conf.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Do better in bootstrap.conf 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bootstrap.conf b/bootstrap.conf -index 186be9c48c..9259526e89 100644 +index 186be9c48ce..9259526e891 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -16,7 +16,13 @@ diff --git a/SOURCES/0136-Use-git-to-apply-gnulib-patches.patch b/SOURCES/0136-Use-git-to-apply-gnulib-patches.patch index da9013c..7654648 100644 --- a/SOURCES/0136-Use-git-to-apply-gnulib-patches.patch +++ b/SOURCES/0136-Use-git-to-apply-gnulib-patches.patch @@ -30,7 +30,7 @@ Signed-off-by: Peter Jones delete mode 100644 grub-core/lib/gnulib-patches/no-abort.patch diff --git a/bootstrap.conf b/bootstrap.conf -index 9259526e89..452f4d79b0 100644 +index 9259526e891..452f4d79b0d 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -85,12 +85,6 @@ cp -a INSTALL INSTALL.grub @@ -47,7 +47,7 @@ index 9259526e89..452f4d79b0 100644 0001-Support-POTFILES-shell \ 0002-Handle-gettext_printf-shell-function \ diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index ea58362b55..8ddf22e6c9 100644 +index ea58362b555..8ddf22e6c99 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -30,16 +30,6 @@ EXTRA_DIST += grub-core/gensymlist.sh @@ -69,7 +69,7 @@ index ea58362b55..8ddf22e6c9 100644 EXTRA_DIST += $(shell find $(top_srcdir)/include -name '*.h') diff --git a/grub-core/lib/gnulib-patches/fix-base64.patch b/grub-core/lib/gnulib-patches/fix-base64.patch deleted file mode 100644 -index 985db12797..0000000000 +index 985db127971..00000000000 --- a/grub-core/lib/gnulib-patches/fix-base64.patch +++ /dev/null @@ -1,21 +0,0 @@ @@ -96,7 +96,7 @@ index 985db12797..0000000000 - extern "C" { diff --git a/grub-core/lib/gnulib-patches/fix-null-deref.patch b/grub-core/lib/gnulib-patches/fix-null-deref.patch deleted file mode 100644 -index 8fafa153a4..0000000000 +index 8fafa153a47..00000000000 --- a/grub-core/lib/gnulib-patches/fix-null-deref.patch +++ /dev/null @@ -1,13 +0,0 @@ @@ -115,7 +115,7 @@ index 8fafa153a4..0000000000 - struct parser *parser = state->pstate; diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch deleted file mode 100644 -index 813ec09c8a..0000000000 +index 813ec09c8a1..00000000000 --- a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch +++ /dev/null @@ -1,12 +0,0 @@ @@ -133,7 +133,7 @@ index 813ec09c8a..0000000000 - "rmargin", up->name); diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch deleted file mode 100644 -index 02e06315df..0000000000 +index 02e06315dff..00000000000 --- a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch +++ /dev/null @@ -1,15 +0,0 @@ @@ -154,7 +154,7 @@ index 02e06315df..0000000000 - diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch deleted file mode 100644 -index db6dac9c9e..0000000000 +index db6dac9c9e3..00000000000 --- a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch +++ /dev/null @@ -1,12 +0,0 @@ @@ -172,7 +172,7 @@ index db6dac9c9e..0000000000 - || (next_state_log_idx >= mctx->input.valid_len diff --git a/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch b/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch deleted file mode 100644 -index 479029c056..0000000000 +index 479029c0565..00000000000 --- a/grub-core/lib/gnulib-patches/fix-sign-compare-errors.patch +++ /dev/null @@ -1,161 +0,0 @@ @@ -339,7 +339,7 @@ index 479029c056..0000000000 - } diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch deleted file mode 100644 -index 7b4d9f67af..0000000000 +index 7b4d9f67af4..00000000000 --- a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +++ /dev/null @@ -1,11 +0,0 @@ @@ -356,7 +356,7 @@ index 7b4d9f67af..0000000000 - sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch deleted file mode 100644 -index ba51f1bf22..0000000000 +index ba51f1bf223..00000000000 --- a/grub-core/lib/gnulib-patches/fix-unused-value.patch +++ /dev/null @@ -1,14 +0,0 @@ @@ -376,7 +376,7 @@ index ba51f1bf22..0000000000 - break; /* We found a match. */ diff --git a/grub-core/lib/gnulib-patches/fix-width.patch b/grub-core/lib/gnulib-patches/fix-width.patch deleted file mode 100644 -index 0a208ad08b..0000000000 +index 0a208ad08b5..00000000000 --- a/grub-core/lib/gnulib-patches/fix-width.patch +++ /dev/null @@ -1,217 +0,0 @@ @@ -599,7 +599,7 @@ index 0a208ad08b..0000000000 - #define mbswidth gnu_mbswidth /* avoid clash with UnixWare 7.1.1 function */ diff --git a/grub-core/lib/gnulib-patches/no-abort.patch b/grub-core/lib/gnulib-patches/no-abort.patch deleted file mode 100644 -index e469c4762e..0000000000 +index e469c4762eb..00000000000 --- a/grub-core/lib/gnulib-patches/no-abort.patch +++ /dev/null @@ -1,26 +0,0 @@ diff --git a/SOURCES/0137-Fix-build-error-with-the-fdt-module-on-risc-v.patch b/SOURCES/0137-Fix-build-error-with-the-fdt-module-on-risc-v.patch index cb44cf5..35f2878 100644 --- a/SOURCES/0137-Fix-build-error-with-the-fdt-module-on-risc-v.patch +++ b/SOURCES/0137-Fix-build-error-with-the-fdt-module-on-risc-v.patch @@ -16,7 +16,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/grub/fdt.h b/include/grub/fdt.h -index 2041341fd6..3514aa4a5b 100644 +index 2041341fd68..3514aa4a5b6 100644 --- a/include/grub/fdt.h +++ b/include/grub/fdt.h @@ -19,7 +19,8 @@ diff --git a/SOURCES/0138-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0138-grub-set-bootflag-Update-comment-about-running-as-ro.patch index e7dcf59..cd4ef77 100644 --- a/SOURCES/0138-grub-set-bootflag-Update-comment-about-running-as-ro.patch +++ b/SOURCES/0138-grub-set-bootflag-Update-comment-about-running-as-ro.patch @@ -13,7 +13,7 @@ Signed-off-by: Hans de Goede 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index 6a79ee6744..65d74ce010 100644 +index 6a79ee67444..65d74ce010f 100644 --- a/util/grub-set-bootflag.c +++ b/util/grub-set-bootflag.c @@ -18,7 +18,7 @@ diff --git a/SOURCES/0139-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0139-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch index e0bf9ea..122bf68 100644 --- a/SOURCES/0139-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +++ b/SOURCES/0139-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch @@ -13,7 +13,7 @@ Signed-off-by: Hans de Goede 1 file changed, 78 insertions(+), 9 deletions(-) diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index 65d74ce010..d1c5e28862 100644 +index 65d74ce010f..d1c5e28862b 100644 --- a/util/grub-set-bootflag.c +++ b/util/grub-set-bootflag.c @@ -28,7 +28,9 @@ diff --git a/SOURCES/0140-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/SOURCES/0140-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch index 1ee5598..54b73e6 100644 --- a/SOURCES/0140-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch +++ b/SOURCES/0140-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch @@ -47,7 +47,7 @@ Signed-off-by: Hans de Goede 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in -index 6c88d933dd..737e1ae5b6 100644 +index 6c88d933dde..737e1ae5b68 100644 --- a/util/grub.d/10_reset_boot_success.in +++ b/util/grub.d/10_reset_boot_success.in @@ -6,18 +6,18 @@ diff --git a/SOURCES/0141-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch b/SOURCES/0141-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch index 2928751..b694ec9 100644 --- a/SOURCES/0141-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch +++ b/SOURCES/0141-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch @@ -12,7 +12,7 @@ Signed-off-by: David Abdurachmanov 1 file changed, 1 insertion(+) diff --git a/include/grub/riscv64/efi/memory.h b/include/grub/riscv64/efi/memory.h -index c6cb324171..acb61dca44 100644 +index c6cb3241714..acb61dca44b 100644 --- a/include/grub/riscv64/efi/memory.h +++ b/include/grub/riscv64/efi/memory.h @@ -2,5 +2,6 @@ diff --git a/SOURCES/0142-chainloader-Define-machine-types-for-RISC-V.patch b/SOURCES/0142-chainloader-Define-machine-types-for-RISC-V.patch index 875a2e2..480db52 100644 --- a/SOURCES/0142-chainloader-Define-machine-types-for-RISC-V.patch +++ b/SOURCES/0142-chainloader-Define-machine-types-for-RISC-V.patch @@ -15,7 +15,7 @@ Signed-off-by: David Abdurachmanov 1 file changed, 4 insertions(+) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 47f5aa1481..ac8dfd40c6 100644 +index 47f5aa14817..ac8dfd40c61 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -333,6 +333,10 @@ static const grub_uint16_t machine_type __attribute__((__unused__)) = diff --git a/SOURCES/0143-Add-start-symbol-for-RISC-V.patch b/SOURCES/0143-Add-start-symbol-for-RISC-V.patch index 2746fa2..677efae 100644 --- a/SOURCES/0143-Add-start-symbol-for-RISC-V.patch +++ b/SOURCES/0143-Add-start-symbol-for-RISC-V.patch @@ -15,7 +15,7 @@ Signed-off-by: David Abdurachmanov 1 file changed, 1 insertion(+) diff --git a/grub-core/kern/riscv/efi/startup.S b/grub-core/kern/riscv/efi/startup.S -index f2a7b2b1ed..781773136e 100644 +index f2a7b2b1ede..781773136e8 100644 --- a/grub-core/kern/riscv/efi/startup.S +++ b/grub-core/kern/riscv/efi/startup.S @@ -29,6 +29,7 @@ diff --git a/SOURCES/0144-bootstrap.conf-Force-autogen.sh-to-use-python3.patch b/SOURCES/0144-bootstrap.conf-Force-autogen.sh-to-use-python3.patch index c5784ef..5c3b968 100644 --- a/SOURCES/0144-bootstrap.conf-Force-autogen.sh-to-use-python3.patch +++ b/SOURCES/0144-bootstrap.conf-Force-autogen.sh-to-use-python3.patch @@ -19,7 +19,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap.conf b/bootstrap.conf -index 452f4d79b0..03f1093023 100644 +index 452f4d79b0d..03f10930230 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -93,7 +93,7 @@ bootstrap_post_import_hook () { diff --git a/SOURCES/0145-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SOURCES/0145-efi-http-Export-fw-http-_path-variables-to-make-them.patch index 8a880dd..6f2e93d 100644 --- a/SOURCES/0145-efi-http-Export-fw-http-_path-variables-to-make-them.patch +++ b/SOURCES/0145-efi-http-Export-fw-http-_path-variables-to-make-them.patch @@ -25,7 +25,7 @@ Signed-off-by: Javier Martinez Canillas 2 files changed, 2 insertions(+) diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 4ec3f5e4d3..0285e95a2b 100644 +index 4ec3f5e4d33..0285e95a2bb 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -143,6 +143,7 @@ grub_set_prefix_and_root (void) @@ -37,7 +37,7 @@ index 4ec3f5e4d3..0285e95a2b 100644 grub_free (fw_path); } diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index de351b2cd0..755b7a6d05 100644 +index de351b2cd03..755b7a6d054 100644 --- a/grub-core/net/efi/http.c +++ b/grub-core/net/efi/http.c @@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) diff --git a/SOURCES/0146-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SOURCES/0146-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch index 03d85c2..c394549 100644 --- a/SOURCES/0146-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch +++ b/SOURCES/0146-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch @@ -43,7 +43,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 755b7a6d05..fc8cb25ae0 100644 +index 755b7a6d054..fc8cb25ae0a 100644 --- a/grub-core/net/efi/http.c +++ b/grub-core/net/efi/http.c @@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, diff --git a/SOURCES/0147-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SOURCES/0147-efi-net-Allow-to-specify-a-port-number-in-addresses.patch index 8fe26cd..209aed8 100644 --- a/SOURCES/0147-efi-net-Allow-to-specify-a-port-number-in-addresses.patch +++ b/SOURCES/0147-efi-net-Allow-to-specify-a-port-number-in-addresses.patch @@ -25,7 +25,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 6603cd83ed..84573937b1 100644 +index 6603cd83edc..84573937b18 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address, diff --git a/SOURCES/0148-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SOURCES/0148-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch index 2dc7001..f92dee4 100644 --- a/SOURCES/0148-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch +++ b/SOURCES/0148-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch @@ -21,7 +21,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index b711a5d945..313c818b18 100644 +index b711a5d9457..313c818b184 100644 --- a/grub-core/net/efi/ip4_config.c +++ b/grub-core/net/efi/ip4_config.c @@ -56,9 +56,20 @@ int diff --git a/SOURCES/0149-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SOURCES/0149-efi-net-Print-a-debug-message-if-parsing-the-address.patch index da94e08..33d8f88 100644 --- a/SOURCES/0149-efi-net-Print-a-debug-message-if-parsing-the-address.patch +++ b/SOURCES/0149-efi-net-Print-a-debug-message-if-parsing-the-address.patch @@ -22,7 +22,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 84573937b1..a3f0535d43 100644 +index 84573937b18..a3f0535d43c 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address, diff --git a/SOURCES/0150-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch b/SOURCES/0150-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch index 8793b0d..3dd525a 100644 --- a/SOURCES/0150-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch +++ b/SOURCES/0150-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch @@ -12,7 +12,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c -index 14d5964983..4d61f4e979 100644 +index 14d59649832..4d61f4e9790 100644 --- a/grub-core/kern/term.c +++ b/grub-core/kern/term.c @@ -144,9 +144,10 @@ grub_key_is_interrupt (int key) diff --git a/SOURCES/0151-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/SOURCES/0151-efi-Set-image-base-address-before-jumping-to-the-PE-.patch index 6aa5013..336bcf1 100644 --- a/SOURCES/0151-efi-Set-image-base-address-before-jumping-to-the-PE-.patch +++ b/SOURCES/0151-efi-Set-image-base-address-before-jumping-to-the-PE-.patch @@ -29,7 +29,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 14 insertions(+) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 0622dfa48d..e8b9ecb17f 100644 +index 0622dfa48d4..e8b9ecb17f6 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -72,6 +72,7 @@ grub_err_t diff --git a/SOURCES/0152-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch b/SOURCES/0152-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch index d1c7b17..747773d 100644 --- a/SOURCES/0152-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch +++ b/SOURCES/0152-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch @@ -18,7 +18,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c -index 2052c36eab..e287d042e6 100644 +index 2052c36eaba..e287d042e6b 100644 --- a/grub-core/commands/tpm.c +++ b/grub-core/commands/tpm.c @@ -42,7 +42,8 @@ grub_tpm_verify_init (grub_file_t io, diff --git a/SOURCES/0153-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch b/SOURCES/0153-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch index 7c41e87..825d0f7 100644 --- a/SOURCES/0153-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch +++ b/SOURCES/0153-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch @@ -26,7 +26,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6bc18d5aef..15d40d6e35 100644 +index 6bc18d5aef5..15d40d6e35b 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -144,7 +144,7 @@ grub_linuxefi_unload (void) diff --git a/SOURCES/0154-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch b/SOURCES/0154-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch index 7fef93e..97d2e06 100644 --- a/SOURCES/0154-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch +++ b/SOURCES/0154-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch @@ -20,7 +20,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index b52b558d63..7f878b5615 100644 +index b52b558d631..7f878b56157 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -501,13 +501,20 @@ http_open (struct grub_file *file, const char *filename) diff --git a/SOURCES/0155-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch b/SOURCES/0155-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch index f3b10c1..1657d7a 100644 --- a/SOURCES/0155-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch +++ b/SOURCES/0155-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 1 file changed, 2 insertions(+) diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c -index cbd13e03e8..977edb6b06 100644 +index cbd13e03e81..977edb6b065 100644 --- a/grub-core/commands/efi/env.c +++ b/grub-core/commands/efi/env.c @@ -149,6 +149,8 @@ grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)), diff --git a/SOURCES/0156-efi-dhcp-fix-some-allocation-error-checking.patch b/SOURCES/0156-efi-dhcp-fix-some-allocation-error-checking.patch index 90e7a34..7549733 100644 --- a/SOURCES/0156-efi-dhcp-fix-some-allocation-error-checking.patch +++ b/SOURCES/0156-efi-dhcp-fix-some-allocation-error-checking.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c -index dbef63d8c0..e5c79b748b 100644 +index dbef63d8c08..e5c79b748b0 100644 --- a/grub-core/net/efi/dhcp.c +++ b/grub-core/net/efi/dhcp.c @@ -80,7 +80,7 @@ grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packe diff --git a/SOURCES/0157-efi-http-fix-some-allocation-error-checking.patch b/SOURCES/0157-efi-http-fix-some-allocation-error-checking.patch index 149ada8..4dffab9 100644 --- a/SOURCES/0157-efi-http-fix-some-allocation-error-checking.patch +++ b/SOURCES/0157-efi-http-fix-some-allocation-error-checking.patch @@ -9,7 +9,7 @@ Signed-off-by: Peter Jones 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index fc8cb25ae0..26647a50fa 100644 +index fc8cb25ae0a..26647a50fa4 100644 --- a/grub-core/net/efi/http.c +++ b/grub-core/net/efi/http.c @@ -412,8 +412,8 @@ grub_efihttp_open (struct grub_efi_net_device *dev, diff --git a/SOURCES/0158-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch b/SOURCES/0158-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch index 6413eb6..30c21a5 100644 --- a/SOURCES/0158-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch +++ b/SOURCES/0158-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Jones 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index 313c818b18..9725e928f7 100644 +index 313c818b184..9725e928f7e 100644 --- a/grub-core/net/efi/ip4_config.c +++ b/grub-core/net/efi/ip4_config.c @@ -4,15 +4,20 @@ @@ -82,7 +82,7 @@ index 313c818b18..9725e928f7 100644 char *subnet, *gateway, *mask; grub_uint32_t u32_subnet, u32_gateway; diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -index 017c4d05bc..a46f6f9b68 100644 +index 017c4d05bc7..a46f6f9b685 100644 --- a/grub-core/net/efi/ip6_config.c +++ b/grub-core/net/efi/ip6_config.c @@ -3,6 +3,7 @@ diff --git a/SOURCES/0159-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/SOURCES/0159-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch index 8e63d1d..95f7e20 100644 --- a/SOURCES/0159-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +++ b/SOURCES/0159-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch @@ -13,7 +13,7 @@ Signed-off-by: Colin Watson 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 15d40d6e35..f992ceeef2 100644 +index 15d40d6e35b..f992ceeef20 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -28,6 +28,8 @@ diff --git a/SOURCES/0160-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/SOURCES/0160-linuxefi-fail-kernel-validation-without-shim-protoco.patch index 828fe16..20fc786 100644 --- a/SOURCES/0160-linuxefi-fail-kernel-validation-without-shim-protoco.patch +++ b/SOURCES/0160-linuxefi-fail-kernel-validation-without-shim-protoco.patch @@ -23,7 +23,7 @@ Signed-off-by: Dimitri John Ledkov 4 files changed, 22 insertions(+), 10 deletions(-) diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 70a0075ec5..47f8cf0d84 100644 +index 70a0075ec5e..47f8cf0d84b 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -34,6 +34,7 @@ @@ -55,7 +55,7 @@ index 70a0075ec5..47f8cf0d84 100644 pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index ac8dfd40c6..d41e8ea14a 100644 +index ac8dfd40c61..d41e8ea14a8 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -1084,6 +1084,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), @@ -67,7 +67,7 @@ index ac8dfd40c6..d41e8ea14a 100644 fail: if (dev) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index e8b9ecb17f..9260731c10 100644 +index e8b9ecb17f6..9260731c107 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -33,6 +33,7 @@ struct grub_efi_shim_lock @@ -79,7 +79,7 @@ index e8b9ecb17f..9260731c10 100644 grub_linuxefi_secure_validate (void *data, grub_uint32_t size) { diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index f992ceeef2..3cf0f9b330 100644 +index f992ceeef20..3cf0f9b330b 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -30,6 +30,7 @@ diff --git a/SOURCES/0161-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch b/SOURCES/0161-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch index f20f5c7..9b0db5f 100644 --- a/SOURCES/0161-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch +++ b/SOURCES/0161-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 8fb8918ae7..7baf3540c8 100644 +index 8fb8918ae7e..7baf3540c81 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -329,7 +329,7 @@ grub_net_configure_by_dhcp_ack (const char *name, diff --git a/SOURCES/0162-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch b/SOURCES/0162-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch index ea92110..6c16e9e 100644 --- a/SOURCES/0162-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch +++ b/SOURCES/0162-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index 9725e928f7..cb880fc3e8 100644 +index 9725e928f7e..cb880fc3e8f 100644 --- a/grub-core/net/efi/ip4_config.c +++ b/grub-core/net/efi/ip4_config.c @@ -61,7 +61,8 @@ int diff --git a/SOURCES/0163-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch b/SOURCES/0163-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch index 915e6d7..7c29683 100644 --- a/SOURCES/0163-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch +++ b/SOURCES/0163-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -index a46f6f9b68..1c5415d718 100644 +index a46f6f9b685..1c5415d7185 100644 --- a/grub-core/net/efi/ip6_config.c +++ b/grub-core/net/efi/ip6_config.c @@ -85,7 +85,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres diff --git a/SOURCES/0164-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch b/SOURCES/0164-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch index fbba65a..0fe90c8 100644 --- a/SOURCES/0164-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch +++ b/SOURCES/0164-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index a3f0535d43..78e5442fc5 100644 +index a3f0535d43c..78e5442fc52 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address, diff --git a/SOURCES/0165-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch b/SOURCES/0165-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch index 9b9acfe..59f29e4 100644 --- a/SOURCES/0165-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch +++ b/SOURCES/0165-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c -index 531949cba5..73e2bb01c1 100644 +index 531949cba5c..73e2bb01c1b 100644 --- a/grub-core/net/efi/pxe.c +++ b/grub-core/net/efi/pxe.c @@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) diff --git a/SOURCES/0166-Add-systemd-integration-scripts-to-make-systemctl-re.patch b/SOURCES/0166-Add-systemd-integration-scripts-to-make-systemctl-re.patch index 5b6a0ee..130dc77 100644 --- a/SOURCES/0166-Add-systemd-integration-scripts-to-make-systemctl-re.patch +++ b/SOURCES/0166-Add-systemd-integration-scripts-to-make-systemctl-re.patch @@ -65,7 +65,7 @@ Signed-off-by: Hans de Goede create mode 100644 util/systemd/systemd-integration.sh.in diff --git a/Makefile.util.def b/Makefile.util.def -index 11ab2d6fad..e1242f5402 100644 +index 11ab2d6fad1..e1242f54022 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -470,6 +470,12 @@ script = { @@ -110,7 +110,7 @@ index 11ab2d6fad..e1242f5402 100644 mansection = 1; name = grub-mkrescue; diff --git a/conf/Makefile.common b/conf/Makefile.common -index 0647c53b91..9fe5863b2d 100644 +index 0647c53b916..9fe5863b2d9 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -63,8 +63,11 @@ CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS) @@ -137,7 +137,7 @@ index 0647c53b91..9fe5863b2d 100644 EXTRA_DIST = diff --git a/util/grub.d/14_menu_show_once.in b/util/grub.d/14_menu_show_once.in new file mode 100755 -index 0000000000..1cd7f36142 +index 00000000000..1cd7f36142b --- /dev/null +++ b/util/grub.d/14_menu_show_once.in @@ -0,0 +1,13 @@ @@ -156,7 +156,7 @@ index 0000000000..1cd7f36142 +EOF diff --git a/util/systemd/10-grub-logind-service.conf.in b/util/systemd/10-grub-logind-service.conf.in new file mode 100644 -index 0000000000..f2d4ac0073 +index 00000000000..f2d4ac00732 --- /dev/null +++ b/util/systemd/10-grub-logind-service.conf.in @@ -0,0 +1,2 @@ @@ -164,7 +164,7 @@ index 0000000000..f2d4ac0073 +Environment=SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU=true diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in new file mode 100644 -index 0000000000..c81fb594ce +index 00000000000..c81fb594ce1 --- /dev/null +++ b/util/systemd/grub-systemd-integration.service.in @@ -0,0 +1,8 @@ @@ -178,7 +178,7 @@ index 0000000000..c81fb594ce +ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh diff --git a/util/systemd/systemd-integration.sh.in b/util/systemd/systemd-integration.sh.in new file mode 100644 -index 0000000000..dc1218597b +index 00000000000..dc1218597bc --- /dev/null +++ b/util/systemd/systemd-integration.sh.in @@ -0,0 +1,6 @@ diff --git a/SOURCES/0167-systemd-integration.sh-Also-set-old-menu_show_once-g.patch b/SOURCES/0167-systemd-integration.sh-Also-set-old-menu_show_once-g.patch index a16ed68..9021de5 100644 --- a/SOURCES/0167-systemd-integration.sh-Also-set-old-menu_show_once-g.patch +++ b/SOURCES/0167-systemd-integration.sh-Also-set-old-menu_show_once-g.patch @@ -18,7 +18,7 @@ Signed-off-by: Hans de Goede 1 file changed, 5 insertions(+) diff --git a/util/systemd/systemd-integration.sh.in b/util/systemd/systemd-integration.sh.in -index dc1218597b..a4c071c5b0 100644 +index dc1218597bc..a4c071c5b0c 100644 --- a/util/systemd/systemd-integration.sh.in +++ b/util/systemd/systemd-integration.sh.in @@ -4,3 +4,8 @@ TIMEOUT_USEC=$(cat /run/systemd/reboot-to-boot-loader-menu) diff --git a/SOURCES/0168-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch b/SOURCES/0168-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch index f891a69..c338840 100644 --- a/SOURCES/0168-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch +++ b/SOURCES/0168-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch @@ -29,7 +29,7 @@ Signed-off-by: Renaud Métrich 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index 597111077b..2601438260 100644 +index 597111077bd..26014382608 100644 --- a/grub-core/term/at_keyboard.c +++ b/grub-core/term/at_keyboard.c @@ -135,20 +135,28 @@ query_mode (void) @@ -105,7 +105,7 @@ index 597111077b..2601438260 100644 } diff --git a/include/grub/at_keyboard.h b/include/grub/at_keyboard.h -index bcb4d9ba78..9414dc1b99 100644 +index bcb4d9ba78f..9414dc1b996 100644 --- a/include/grub/at_keyboard.h +++ b/include/grub/at_keyboard.h @@ -19,6 +19,10 @@ diff --git a/SOURCES/0169-grub-install-disable-support-for-EFI-platforms.patch b/SOURCES/0169-grub-install-disable-support-for-EFI-platforms.patch index bf106c8..41003e2 100644 --- a/SOURCES/0169-grub-install-disable-support-for-EFI-platforms.patch +++ b/SOURCES/0169-grub-install-disable-support-for-EFI-platforms.patch @@ -26,7 +26,7 @@ Signed-off-by: Jan Hlavac 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index a2bec7446c..5babc7af55 100644 +index a2bec7446cb..5babc7af551 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -899,6 +899,22 @@ main (int argc, char *argv[]) @@ -82,7 +82,7 @@ index a2bec7446c..5babc7af55 100644 { grub_fs_t fs; diff --git a/docs/grub.texi b/docs/grub.texi -index 04ed6ac1f0..4870faaa00 100644 +index 04ed6ac1f07..4870faaa00a 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -6509,6 +6509,13 @@ grub2-install @var{install_device} @@ -100,7 +100,7 @@ index 04ed6ac1f0..4870faaa00 100644 @table @option diff --git a/util/grub-install.8 b/util/grub-install.8 -index 1db89e94b3..811d441b16 100644 +index 1db89e94b3b..811d441b16c 100644 --- a/util/grub-install.8 +++ b/util/grub-install.8 @@ -1,4 +1,4 @@ diff --git a/SOURCES/0170-New-with-debug-timestamps-configure-flag-to-prepend-.patch b/SOURCES/0170-New-with-debug-timestamps-configure-flag-to-prepend-.patch index 8ebb12d..3eb0d00 100644 --- a/SOURCES/0170-New-with-debug-timestamps-configure-flag-to-prepend-.patch +++ b/SOURCES/0170-New-with-debug-timestamps-configure-flag-to-prepend-.patch @@ -15,7 +15,7 @@ Signed-off-by: Renaud Métrich 3 files changed, 39 insertions(+) diff --git a/configure.ac b/configure.ac -index 907477a585..d5d2a28b4e 100644 +index 907477a585c..d5d2a28b4ef 100644 --- a/configure.ac +++ b/configure.ac @@ -1613,6 +1613,17 @@ else @@ -58,7 +58,7 @@ index 907477a585..d5d2a28b4e 100644 echo efiemu runtime: Yes else diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 578bf51a5f..9f54b6b7d2 100644 +index 578bf51a5fc..9f54b6b7d2d 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -25,6 +25,9 @@ @@ -99,7 +99,7 @@ index 578bf51a5f..9f54b6b7d2 100644 va_start (args, fmt); grub_vprintf (fmt, args); diff --git a/config.h.in b/config.h.in -index c7e316f0f1..c80e3e0aba 100644 +index c7e316f0f1f..c80e3e0aba3 100644 --- a/config.h.in +++ b/config.h.in @@ -12,6 +12,7 @@ diff --git a/SOURCES/0171-Added-debug-statements-to-grub_disk_open-and-grub_di.patch b/SOURCES/0171-Added-debug-statements-to-grub_disk_open-and-grub_di.patch index d26027c..cbb1a38 100644 --- a/SOURCES/0171-Added-debug-statements-to-grub_disk_open-and-grub_di.patch +++ b/SOURCES/0171-Added-debug-statements-to-grub_disk_open-and-grub_di.patch @@ -13,7 +13,7 @@ Signed-off-by: Renaud Métrich 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c -index e1b0e073e0..05a28ab142 100644 +index e1b0e073e09..05a28ab1429 100644 --- a/grub-core/kern/disk.c +++ b/grub-core/kern/disk.c @@ -285,6 +285,8 @@ grub_disk_open (const char *name) diff --git a/SOURCES/0172-Introduce-function-grub_debug_is_enabled-void-return.patch b/SOURCES/0172-Introduce-function-grub_debug_is_enabled-void-return.patch index 9ce5d9d..4e4718b 100644 --- a/SOURCES/0172-Introduce-function-grub_debug_is_enabled-void-return.patch +++ b/SOURCES/0172-Introduce-function-grub_debug_is_enabled-void-return.patch @@ -14,7 +14,7 @@ Signed-off-by: Renaud Métrich 2 files changed, 14 insertions(+) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 9f54b6b7d2..a186ad3dd4 100644 +index 9f54b6b7d2d..a186ad3dd41 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -163,6 +163,19 @@ int grub_err_printf (const char *fmt, ...) @@ -38,7 +38,7 @@ index 9f54b6b7d2..a186ad3dd4 100644 grub_debug_enabled (const char * condition) { diff --git a/include/grub/misc.h b/include/grub/misc.h -index 3adc4036e3..6c4aa85ac5 100644 +index 3adc4036e3b..6c4aa85ac50 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -340,6 +340,7 @@ grub_puts (const char *s) diff --git a/SOURCES/0173-Don-t-clear-screen-when-debugging-is-enabled.patch b/SOURCES/0173-Don-t-clear-screen-when-debugging-is-enabled.patch index 9a9a924..d2a5988 100644 --- a/SOURCES/0173-Don-t-clear-screen-when-debugging-is-enabled.patch +++ b/SOURCES/0173-Don-t-clear-screen-when-debugging-is-enabled.patch @@ -12,7 +12,7 @@ Signed-off-by: Renaud Métrich 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index e349303c29..155bf366da 100644 +index e349303c29b..155bf366da2 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -210,7 +210,8 @@ void diff --git a/SOURCES/0174-grub_file_-instrumentation-new-file-debug-tag.patch b/SOURCES/0174-grub_file_-instrumentation-new-file-debug-tag.patch index 908e1ff..0cc6b8c 100644 --- a/SOURCES/0174-grub_file_-instrumentation-new-file-debug-tag.patch +++ b/SOURCES/0174-grub_file_-instrumentation-new-file-debug-tag.patch @@ -12,7 +12,7 @@ Signed-off-by: Renaud Métrich 1 file changed, 14 insertions(+) diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index 58454458c4..e19aea3e51 100644 +index 58454458c47..e19aea3e514 100644 --- a/grub-core/kern/file.c +++ b/grub-core/kern/file.c @@ -66,6 +66,8 @@ grub_file_open (const char *name, enum grub_file_type type) diff --git a/SOURCES/0175-ieee1275-Avoiding-many-unecessary-open-close.patch b/SOURCES/0175-ieee1275-Avoiding-many-unecessary-open-close.patch index f6c5244..6a0ad75 100644 --- a/SOURCES/0175-ieee1275-Avoiding-many-unecessary-open-close.patch +++ b/SOURCES/0175-ieee1275-Avoiding-many-unecessary-open-close.patch @@ -9,7 +9,7 @@ Signed-off-by: Diego Domingos 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index 03674cb477..ea7f78ac7d 100644 +index 03674cb477e..ea7f78ac7d8 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -44,7 +44,7 @@ struct ofdisk_hash_ent diff --git a/SOURCES/0176-ieee1275-powerpc-implements-fibre-channel-discovery-.patch b/SOURCES/0176-ieee1275-powerpc-implements-fibre-channel-discovery-.patch index 04c5c32..9fa02bb 100644 --- a/SOURCES/0176-ieee1275-powerpc-implements-fibre-channel-discovery-.patch +++ b/SOURCES/0176-ieee1275-powerpc-implements-fibre-channel-discovery-.patch @@ -15,7 +15,7 @@ Signed-off-by: Diego Domingos 1 file changed, 49 insertions(+) diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c -index a6153d3595..0f5d54e9f2 100644 +index a6153d35954..0f5d54e9f2d 100644 --- a/grub-core/osdep/linux/ofpath.c +++ b/grub-core/osdep/linux/ofpath.c @@ -350,6 +350,38 @@ of_path_of_ide(const char *sys_devname __attribute__((unused)), const char *devi diff --git a/SOURCES/0177-ieee1275-powerpc-enables-device-mapper-discovery.patch b/SOURCES/0177-ieee1275-powerpc-enables-device-mapper-discovery.patch index 85dbde7..6f1c21b 100644 --- a/SOURCES/0177-ieee1275-powerpc-enables-device-mapper-discovery.patch +++ b/SOURCES/0177-ieee1275-powerpc-enables-device-mapper-discovery.patch @@ -17,7 +17,7 @@ Signed-off-by: Diego Domingos 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c -index 0f5d54e9f2..cc849d9c94 100644 +index 0f5d54e9f2d..cc849d9c94c 100644 --- a/grub-core/osdep/linux/ofpath.c +++ b/grub-core/osdep/linux/ofpath.c @@ -37,6 +37,7 @@ diff --git a/SOURCES/0178-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch b/SOURCES/0178-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch index 426477c..968a9c1 100644 --- a/SOURCES/0178-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch +++ b/SOURCES/0178-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch @@ -29,7 +29,7 @@ solution": 1 file changed, 96 insertions(+), 25 deletions(-) diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index 2601438260..dac0f946fe 100644 +index 26014382608..dac0f946fe6 100644 --- a/grub-core/term/at_keyboard.c +++ b/grub-core/term/at_keyboard.c @@ -31,6 +31,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SOURCES/0179-Add-suport-for-signing-grub-with-an-appended-signatu.patch b/SOURCES/0179-Add-suport-for-signing-grub-with-an-appended-signatu.patch index 4141e8a..caab8d5 100644 --- a/SOURCES/0179-Add-suport-for-signing-grub-with-an-appended-signatu.patch +++ b/SOURCES/0179-Add-suport-for-signing-grub-with-an-appended-signatu.patch @@ -52,7 +52,7 @@ Platform Reference (PAPR). 6 files changed, 82 insertions(+), 15 deletions(-) diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 4e212e690c..aab2a941f8 100644 +index 4e212e690c5..aab2a941f85 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -461,10 +461,12 @@ static size_t npubkeys; @@ -106,7 +106,7 @@ index 4e212e690c..aab2a941f8 100644 while (dc--) grub_install_pop_module (); diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index c0d5599370..8a53310548 100644 +index c0d55993702..8a53310548b 100644 --- a/util/grub-mkimage.c +++ b/util/grub-mkimage.c @@ -84,6 +84,7 @@ static struct argp_option options[] = { @@ -160,7 +160,7 @@ index c0d5599370..8a53310548 100644 if (grub_util_file_sync (fp) < 0) grub_util_error (_("cannot sync `%s': %s"), arguments.output ? : "stdout", diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index d78fa3e533..393119486d 100644 +index d78fa3e5330..393119486d3 100644 --- a/util/grub-mkimagexx.c +++ b/util/grub-mkimagexx.c @@ -84,6 +84,15 @@ struct grub_ieee1275_note @@ -231,7 +231,7 @@ index d78fa3e533..393119486d 100644 char *str_start = (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr) + shnum * sizeof (*shdr)); diff --git a/util/mkimage.c b/util/mkimage.c -index a26cf76f72..bab1227601 100644 +index a26cf76f72f..bab12276010 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -869,8 +869,9 @@ grub_install_generate_image (const char *dir, const char *prefix, @@ -263,7 +263,7 @@ index a26cf76f72..bab1227601 100644 break; } diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 7df3191f47..cf4531e02b 100644 +index 7df3191f47e..cf4531e02b6 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -67,6 +67,9 @@ @@ -296,7 +296,7 @@ index 7df3191f47..cf4531e02b 100644 const char *sbat_path, const int disable_shim_lock); diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h -index 3819a67441..6f1da89b9b 100644 +index 3819a67441c..6f1da89b9b6 100644 --- a/include/grub/util/mkimage.h +++ b/include/grub/util/mkimage.h @@ -51,12 +51,12 @@ grub_mkimage_load_image64 (const char *kernel_path, diff --git a/SOURCES/0180-docs-grub-Document-signing-grub-under-UEFI.patch b/SOURCES/0180-docs-grub-Document-signing-grub-under-UEFI.patch index f2b5c17..9b9b19a 100644 --- a/SOURCES/0180-docs-grub-Document-signing-grub-under-UEFI.patch +++ b/SOURCES/0180-docs-grub-Document-signing-grub-under-UEFI.patch @@ -13,7 +13,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/grub.texi b/docs/grub.texi -index 4870faaa00..365d1d6931 100644 +index 4870faaa00a..365d1d6931b 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5817,6 +5817,7 @@ environment variables and commands are listed in the same order. diff --git a/SOURCES/0181-docs-grub-Document-signing-grub-with-an-appended-sig.patch b/SOURCES/0181-docs-grub-Document-signing-grub-with-an-appended-sig.patch index ee3d659..4d85d93 100644 --- a/SOURCES/0181-docs-grub-Document-signing-grub-with-an-appended-sig.patch +++ b/SOURCES/0181-docs-grub-Document-signing-grub-with-an-appended-sig.patch @@ -13,7 +13,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 42 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi -index 365d1d6931..afbde7c1f7 100644 +index 365d1d6931b..afbde7c1f7b 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -6087,6 +6087,48 @@ image works under UEFI secure boot and can maintain the secure-boot chain. It diff --git a/SOURCES/0182-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch b/SOURCES/0182-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch index b23ce49..6e46db0 100644 --- a/SOURCES/0182-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch +++ b/SOURCES/0182-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch @@ -16,7 +16,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 11 insertions(+) diff --git a/include/grub/dl.h b/include/grub/dl.h -index 2f76e6b043..20d870f2a4 100644 +index 2f76e6b0437..20d870f2a47 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h @@ -245,11 +245,22 @@ grub_dl_get (const char *name) diff --git a/SOURCES/0183-pgp-factor-out-rsa_pad.patch b/SOURCES/0183-pgp-factor-out-rsa_pad.patch index f1e721d..a8154e7 100644 --- a/SOURCES/0183-pgp-factor-out-rsa_pad.patch +++ b/SOURCES/0183-pgp-factor-out-rsa_pad.patch @@ -27,7 +27,7 @@ Signed-off-by: Daniel Axtens create mode 100644 include/grub/pkcs1_v15.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 81fc274148..97347ae76f 100644 +index 81fc274148e..97347ae76f9 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2510,6 +2510,14 @@ module = { @@ -46,7 +46,7 @@ index 81fc274148..97347ae76f 100644 name = all_video; common = lib/fake_module.c; diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 5daa1e9d00..2408db4994 100644 +index 5daa1e9d00c..2408db4994f 100644 --- a/grub-core/commands/pgp.c +++ b/grub-core/commands/pgp.c @@ -24,6 +24,7 @@ @@ -93,7 +93,7 @@ index 5daa1e9d00..2408db4994 100644 struct grub_pubkey_context diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c new file mode 100644 -index 0000000000..dbacd563d0 +index 00000000000..dbacd563d01 --- /dev/null +++ b/grub-core/lib/pkcs1_v15.c @@ -0,0 +1,59 @@ @@ -158,7 +158,7 @@ index 0000000000..dbacd563d0 +} diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h new file mode 100644 -index 0000000000..5c338c84a1 +index 00000000000..5c338c84a15 --- /dev/null +++ b/include/grub/pkcs1_v15.h @@ -0,0 +1,27 @@ diff --git a/SOURCES/0184-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch b/SOURCES/0184-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch index 541474e..763cdc6 100644 --- a/SOURCES/0184-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch +++ b/SOURCES/0184-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch @@ -40,7 +40,7 @@ Signed-off-by: Daniel Axtens 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 2408db4994..355a43844a 100644 +index 2408db4994f..355a43844ac 100644 --- a/grub-core/commands/pgp.c +++ b/grub-core/commands/pgp.c @@ -147,10 +147,6 @@ const char *hashes[] = { @@ -55,7 +55,7 @@ index 2408db4994..355a43844a 100644 dsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, const gcry_md_spec_t *hash, struct grub_public_subkey *sk); diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index ca334d5a40..c578128a59 100644 +index ca334d5a40e..c578128a59d 100644 --- a/grub-core/lib/crypto.c +++ b/grub-core/lib/crypto.c @@ -121,6 +121,10 @@ grub_md_unregister (gcry_md_spec_t *cipher) diff --git a/SOURCES/0185-posix_wrap-tweaks-in-preparation-for-libtasn1.patch b/SOURCES/0185-posix_wrap-tweaks-in-preparation-for-libtasn1.patch index 3176f1b..a09cab1 100644 --- a/SOURCES/0185-posix_wrap-tweaks-in-preparation-for-libtasn1.patch +++ b/SOURCES/0185-posix_wrap-tweaks-in-preparation-for-libtasn1.patch @@ -23,7 +23,7 @@ Signed-off-by: Daniel Axtens 3 files changed, 10 insertions(+) diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h -index 7217138ffd..591dbf3289 100644 +index 7217138ffd6..591dbf3289d 100644 --- a/grub-core/lib/posix_wrap/limits.h +++ b/grub-core/lib/posix_wrap/limits.h @@ -37,5 +37,6 @@ @@ -34,7 +34,7 @@ index 7217138ffd..591dbf3289 100644 #endif diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 7a8d385e97..4634db09f2 100644 +index 7a8d385e973..4634db09f29 100644 --- a/grub-core/lib/posix_wrap/stdlib.h +++ b/grub-core/lib/posix_wrap/stdlib.h @@ -58,4 +58,12 @@ abs (int c) @@ -51,7 +51,7 @@ index 7a8d385e97..4634db09f2 100644 + #endif diff --git a/grub-core/lib/posix_wrap/sys/types.h b/grub-core/lib/posix_wrap/sys/types.h -index 854eb0122e..f63412c8da 100644 +index 854eb0122ef..f63412c8da0 100644 --- a/grub-core/lib/posix_wrap/sys/types.h +++ b/grub-core/lib/posix_wrap/sys/types.h @@ -51,6 +51,7 @@ typedef grub_uint8_t byte; diff --git a/SOURCES/0186-libtasn1-import-libtasn1-4.16.0.patch b/SOURCES/0186-libtasn1-import-libtasn1-4.16.0.patch index 9587661..89552c8 100644 --- a/SOURCES/0186-libtasn1-import-libtasn1-4.16.0.patch +++ b/SOURCES/0186-libtasn1-import-libtasn1-4.16.0.patch @@ -53,7 +53,7 @@ Signed-off-by: Daniel Axtens diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c new file mode 100644 -index 0000000000..245ea64cf0 +index 00000000000..245ea64cf0a --- /dev/null +++ b/grub-core/lib/libtasn1/lib/coding.c @@ -0,0 +1,1415 @@ @@ -1474,7 +1474,7 @@ index 0000000000..245ea64cf0 +} diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c new file mode 100644 -index 0000000000..ff04eb778c +index 00000000000..ff04eb778cb --- /dev/null +++ b/grub-core/lib/libtasn1/lib/decoding.c @@ -0,0 +1,2478 @@ @@ -3958,7 +3958,7 @@ index 0000000000..ff04eb778c +} diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c new file mode 100644 -index 0000000000..997eb2725d +index 00000000000..997eb2725dc --- /dev/null +++ b/grub-core/lib/libtasn1/lib/element.c @@ -0,0 +1,1111 @@ @@ -5075,7 +5075,7 @@ index 0000000000..997eb2725d +} diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c new file mode 100644 -index 0000000000..cee74daf79 +index 00000000000..cee74daf795 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/errors.c @@ -0,0 +1,100 @@ @@ -5181,7 +5181,7 @@ index 0000000000..cee74daf79 +} diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c new file mode 100644 -index 0000000000..e91a3a151c +index 00000000000..e91a3a151c0 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/gstr.c @@ -0,0 +1,74 @@ @@ -5261,7 +5261,7 @@ index 0000000000..e91a3a151c +} diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c new file mode 100644 -index 0000000000..d5dbbf8765 +index 00000000000..d5dbbf8765d --- /dev/null +++ b/grub-core/lib/libtasn1/lib/parser_aux.c @@ -0,0 +1,1173 @@ @@ -6440,7 +6440,7 @@ index 0000000000..d5dbbf8765 +} diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c new file mode 100644 -index 0000000000..8189c56a4c +index 00000000000..8189c56a4c9 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/structure.c @@ -0,0 +1,1220 @@ @@ -7666,7 +7666,7 @@ index 0000000000..8189c56a4c +} diff --git a/grub-core/lib/libtasn1/lib/element.h b/grub-core/lib/libtasn1/lib/element.h new file mode 100644 -index 0000000000..440a33f4bb +index 00000000000..440a33f4bb1 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/element.h @@ -0,0 +1,40 @@ @@ -7712,7 +7712,7 @@ index 0000000000..440a33f4bb +#endif diff --git a/grub-core/lib/libtasn1/lib/gstr.h b/grub-core/lib/libtasn1/lib/gstr.h new file mode 100644 -index 0000000000..48229844ff +index 00000000000..48229844ff3 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/gstr.h @@ -0,0 +1,47 @@ @@ -7765,7 +7765,7 @@ index 0000000000..48229844ff +#endif /* GSTR_H */ diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h new file mode 100644 -index 0000000000..ea1625786c +index 00000000000..ea1625786c1 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/int.h @@ -0,0 +1,221 @@ @@ -7992,7 +7992,7 @@ index 0000000000..ea1625786c +#endif /* INT_H */ diff --git a/grub-core/lib/libtasn1/lib/parser_aux.h b/grub-core/lib/libtasn1/lib/parser_aux.h new file mode 100644 -index 0000000000..598e684b35 +index 00000000000..598e684b355 --- /dev/null +++ b/grub-core/lib/libtasn1/lib/parser_aux.h @@ -0,0 +1,172 @@ @@ -8170,7 +8170,7 @@ index 0000000000..598e684b35 +#endif diff --git a/grub-core/lib/libtasn1/lib/structure.h b/grub-core/lib/libtasn1/lib/structure.h new file mode 100644 -index 0000000000..99e685da07 +index 00000000000..99e685da07a --- /dev/null +++ b/grub-core/lib/libtasn1/lib/structure.h @@ -0,0 +1,45 @@ @@ -8221,7 +8221,7 @@ index 0000000000..99e685da07 +#endif diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h new file mode 100644 -index 0000000000..6fd7a30dc3 +index 00000000000..6fd7a30dc35 --- /dev/null +++ b/include/grub/libtasn1.h @@ -0,0 +1,588 @@ @@ -8815,7 +8815,7 @@ index 0000000000..6fd7a30dc3 +#endif /* LIBTASN1_H */ diff --git a/grub-core/lib/libtasn1/LICENSE b/grub-core/lib/libtasn1/LICENSE new file mode 100644 -index 0000000000..e8b3628db9 +index 00000000000..e8b3628db9b --- /dev/null +++ b/grub-core/lib/libtasn1/LICENSE @@ -0,0 +1,16 @@ @@ -8837,7 +8837,7 @@ index 0000000000..e8b3628db9 +note that the range specifies every single year in that closed interval. diff --git a/grub-core/lib/libtasn1/README.md b/grub-core/lib/libtasn1/README.md new file mode 100644 -index 0000000000..50a8642296 +index 00000000000..50a8642296c --- /dev/null +++ b/grub-core/lib/libtasn1/README.md @@ -0,0 +1,91 @@ diff --git a/SOURCES/0187-libtasn1-disable-code-not-needed-in-grub.patch b/SOURCES/0187-libtasn1-disable-code-not-needed-in-grub.patch index 84dcbf0..00f5588 100644 --- a/SOURCES/0187-libtasn1-disable-code-not-needed-in-grub.patch +++ b/SOURCES/0187-libtasn1-disable-code-not-needed-in-grub.patch @@ -25,7 +25,7 @@ Signed-off-by: Daniel Axtens 6 files changed, 38 insertions(+), 8 deletions(-) diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c -index 245ea64cf0..52def59836 100644 +index 245ea64cf0a..52def598368 100644 --- a/grub-core/lib/libtasn1/lib/coding.c +++ b/grub-core/lib/libtasn1/lib/coding.c @@ -30,11 +30,11 @@ @@ -99,7 +99,7 @@ index 245ea64cf0..52def59836 100644 +#endif \ No newline at end of file diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -index ff04eb778c..42f9a92b5d 100644 +index ff04eb778cb..42f9a92b5d4 100644 --- a/grub-core/lib/libtasn1/lib/decoding.c +++ b/grub-core/lib/libtasn1/lib/decoding.c @@ -1613,6 +1613,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, @@ -119,7 +119,7 @@ index ff04eb778c..42f9a92b5d 100644 /** * asn1_der_decoding_startEnd: diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -index 997eb2725d..539008d8e9 100644 +index 997eb2725dc..539008d8e94 100644 --- a/grub-core/lib/libtasn1/lib/element.c +++ b/grub-core/lib/libtasn1/lib/element.c @@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) @@ -141,7 +141,7 @@ index 997eb2725d..539008d8e9 100644 #define PUT_VALUE( ptr, ptr_size, data, data_size) \ *len = data_size; \ diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c -index cee74daf79..42785e8622 100644 +index cee74daf795..42785e8622b 100644 --- a/grub-core/lib/libtasn1/lib/errors.c +++ b/grub-core/lib/libtasn1/lib/errors.c @@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = { @@ -162,7 +162,7 @@ index cee74daf79..42785e8622 100644 /** * asn1_strerror: diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c -index 8189c56a4c..fcfde01a39 100644 +index 8189c56a4c9..fcfde01a393 100644 --- a/grub-core/lib/libtasn1/lib/structure.c +++ b/grub-core/lib/libtasn1/lib/structure.c @@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node) @@ -218,7 +218,7 @@ index 8189c56a4c..fcfde01a39 100644 /** * asn1_dup_node: diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -index 6fd7a30dc3..785eda2ae3 100644 +index 6fd7a30dc35..785eda2ae3f 100644 --- a/include/grub/libtasn1.h +++ b/include/grub/libtasn1.h @@ -319,6 +319,8 @@ typedef struct asn1_data_node_st asn1_data_node_st; diff --git a/SOURCES/0188-libtasn1-changes-for-grub-compatibility.patch b/SOURCES/0188-libtasn1-changes-for-grub-compatibility.patch index 7c756bd..9b2275c 100644 --- a/SOURCES/0188-libtasn1-changes-for-grub-compatibility.patch +++ b/SOURCES/0188-libtasn1-changes-for-grub-compatibility.patch @@ -35,7 +35,7 @@ Signed-off-by: Daniel Axtens 6 files changed, 22 insertions(+), 33 deletions(-) diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -index 42f9a92b5d..7856858b27 100644 +index 42f9a92b5d4..7856858b272 100644 --- a/grub-core/lib/libtasn1/lib/decoding.c +++ b/grub-core/lib/libtasn1/lib/decoding.c @@ -32,7 +32,8 @@ @@ -71,7 +71,7 @@ index 42f9a92b5d..7856858b27 100644 result = asn1_create_element (definitions, name, &aux); if (result == ASN1_SUCCESS) diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -index 539008d8e9..ed761ff56b 100644 +index 539008d8e94..ed761ff56bd 100644 --- a/grub-core/lib/libtasn1/lib/element.c +++ b/grub-core/lib/libtasn1/lib/element.c @@ -30,9 +30,10 @@ @@ -87,7 +87,7 @@ index 539008d8e9..ed761ff56b 100644 _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size) { diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c -index e91a3a151c..e33875c2c7 100644 +index e91a3a151c0..e33875c2c7c 100644 --- a/grub-core/lib/libtasn1/lib/gstr.c +++ b/grub-core/lib/libtasn1/lib/gstr.c @@ -36,13 +36,13 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) @@ -107,7 +107,7 @@ index e91a3a151c..e33875c2c7 100644 } } diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c -index d5dbbf8765..89c9be69dc 100644 +index d5dbbf8765d..89c9be69dc2 100644 --- a/grub-core/lib/libtasn1/lib/parser_aux.c +++ b/grub-core/lib/libtasn1/lib/parser_aux.c @@ -26,7 +26,8 @@ @@ -139,7 +139,7 @@ index d5dbbf8765..89c9be69dc 100644 temp[start + count] = '0' + (char) r; count++; diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h -index ea1625786c..4a568efee9 100644 +index ea1625786c1..4a568efee9c 100644 --- a/grub-core/lib/libtasn1/lib/int.h +++ b/grub-core/lib/libtasn1/lib/int.h @@ -35,7 +35,7 @@ @@ -161,7 +161,7 @@ index ea1625786c..4a568efee9 100644 #if SIZEOF_UNSIGNED_LONG_INT == 8 # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -index 785eda2ae3..28dbf16c4e 100644 +index 785eda2ae3f..28dbf16c4e0 100644 --- a/include/grub/libtasn1.h +++ b/include/grub/libtasn1.h @@ -38,29 +38,15 @@ diff --git a/SOURCES/0189-libtasn1-compile-into-asn1-module.patch b/SOURCES/0189-libtasn1-compile-into-asn1-module.patch index b557403..67be4e8 100644 --- a/SOURCES/0189-libtasn1-compile-into-asn1-module.patch +++ b/SOURCES/0189-libtasn1-compile-into-asn1-module.patch @@ -14,7 +14,7 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 97347ae76f..21d2c54185 100644 +index 97347ae76f9..21d2c541850 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2576,3 +2576,18 @@ module = { @@ -38,7 +38,7 @@ index 97347ae76f..21d2c54185 100644 +}; diff --git a/grub-core/lib/libtasn1_wrap/wrap.c b/grub-core/lib/libtasn1_wrap/wrap.c new file mode 100644 -index 0000000000..622ba942e3 +index 00000000000..622ba942e33 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap.c @@ -0,0 +1,26 @@ diff --git a/SOURCES/0190-test_asn1-test-module-for-libtasn1.patch b/SOURCES/0190-test_asn1-test-module-for-libtasn1.patch index f1b20ca..3a02b24 100644 --- a/SOURCES/0190-test_asn1-test-module-for-libtasn1.patch +++ b/SOURCES/0190-test_asn1-test-module-for-libtasn1.patch @@ -51,7 +51,7 @@ Signed-off-by: Daniel Axtens create mode 100644 tests/test_asn1.in diff --git a/Makefile.util.def b/Makefile.util.def -index e1242f5402..8cfbe69a76 100644 +index e1242f54022..8cfbe69a76e 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1305,6 +1305,12 @@ script = { @@ -68,7 +68,7 @@ index e1242f5402..8cfbe69a76 100644 testcase; name = example_unit_test; diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 21d2c54185..b4aaccf7b5 100644 +index 21d2c541850..b4aaccf7b57 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2591,3 +2591,16 @@ module = { @@ -90,7 +90,7 @@ index 21d2c54185..b4aaccf7b5 100644 +}; diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c new file mode 100644 -index 0000000000..534e304521 +index 00000000000..534e304521e --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c @@ -0,0 +1,61 @@ @@ -157,7 +157,7 @@ index 0000000000..534e304521 +} diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c new file mode 100644 -index 0000000000..f48aea0ef8 +index 00000000000..f48aea0ef8b --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c @@ -0,0 +1,138 @@ @@ -301,7 +301,7 @@ index 0000000000..f48aea0ef8 +} diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_simple.c b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c new file mode 100644 -index 0000000000..9f01006ddf +index 00000000000..9f01006ddf4 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c @@ -0,0 +1,207 @@ @@ -514,7 +514,7 @@ index 0000000000..9f01006ddf +} diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_strings.c b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c new file mode 100644 -index 0000000000..dbe1474b20 +index 00000000000..dbe1474b204 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c @@ -0,0 +1,150 @@ @@ -670,7 +670,7 @@ index 0000000000..dbe1474b20 +} diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c new file mode 100644 -index 0000000000..d367bbfb5a +index 00000000000..d367bbfb5a7 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c @@ -0,0 +1,116 @@ @@ -792,7 +792,7 @@ index 0000000000..d367bbfb5a +} diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c new file mode 100644 -index 0000000000..3a83b58c59 +index 00000000000..3a83b58c59f --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c @@ -0,0 +1,120 @@ @@ -918,7 +918,7 @@ index 0000000000..3a83b58c59 +} diff --git a/grub-core/lib/libtasn1_wrap/tests/octet-string.c b/grub-core/lib/libtasn1_wrap/tests/octet-string.c new file mode 100644 -index 0000000000..d8a049e8df +index 00000000000..d8a049e8df0 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/octet-string.c @@ -0,0 +1,211 @@ @@ -1135,7 +1135,7 @@ index 0000000000..d8a049e8df +} diff --git a/grub-core/lib/libtasn1_wrap/tests/reproducers.c b/grub-core/lib/libtasn1_wrap/tests/reproducers.c new file mode 100644 -index 0000000000..dc7268d4c6 +index 00000000000..dc7268d4c6c --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/reproducers.c @@ -0,0 +1,81 @@ @@ -1222,7 +1222,7 @@ index 0000000000..dc7268d4c6 +} diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.c b/grub-core/lib/libtasn1_wrap/wrap_tests.c new file mode 100644 -index 0000000000..75fcd21f0d +index 00000000000..75fcd21f0d5 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap_tests.c @@ -0,0 +1,75 @@ @@ -1303,7 +1303,7 @@ index 0000000000..75fcd21f0d +} diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h new file mode 100644 -index 0000000000..1e7d3d64f5 +index 00000000000..1e7d3d64f55 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h @@ -0,0 +1,32 @@ @@ -1341,7 +1341,7 @@ index 0000000000..1e7d3d64f5 +}; diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h new file mode 100644 -index 0000000000..e2561e5ec6 +index 00000000000..e2561e5ec6d --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h @@ -0,0 +1,36 @@ @@ -1383,7 +1383,7 @@ index 0000000000..e2561e5ec6 +}; diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.h b/grub-core/lib/libtasn1_wrap/wrap_tests.h new file mode 100644 -index 0000000000..555e56dd20 +index 00000000000..555e56dd202 --- /dev/null +++ b/grub-core/lib/libtasn1_wrap/wrap_tests.h @@ -0,0 +1,38 @@ @@ -1426,7 +1426,7 @@ index 0000000000..555e56dd20 + +#endif diff --git a/.gitignore b/.gitignore -index 594d0134d3..856e69bc5c 100644 +index 594d0134d33..856e69bc5c1 100644 --- a/.gitignore +++ b/.gitignore @@ -264,6 +264,7 @@ widthspec.bin @@ -1439,7 +1439,7 @@ index 594d0134d3..856e69bc5c 100644 /tests/syslinux/ubuntu10.04_grub.cfg diff --git a/tests/test_asn1.in b/tests/test_asn1.in new file mode 100644 -index 0000000000..8173c5c270 +index 00000000000..8173c5c270e --- /dev/null +++ b/tests/test_asn1.in @@ -0,0 +1,12 @@ diff --git a/SOURCES/0191-grub-install-support-embedding-x509-certificates.patch b/SOURCES/0191-grub-install-support-embedding-x509-certificates.patch index 6c81870..bd02e6d 100644 --- a/SOURCES/0191-grub-install-support-embedding-x509-certificates.patch +++ b/SOURCES/0191-grub-install-support-embedding-x509-certificates.patch @@ -20,7 +20,7 @@ Signed-off-by: Daniel Axtens 6 files changed, 79 insertions(+), 9 deletions(-) diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 355a43844a..b81ac0ae46 100644 +index 355a43844ac..b81ac0ae46c 100644 --- a/grub-core/commands/pgp.c +++ b/grub-core/commands/pgp.c @@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) @@ -33,7 +33,7 @@ index 355a43844a..b81ac0ae46 100644 pseudo_file.fs = &pseudo_fs; diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index aab2a941f8..422f82362c 100644 +index aab2a941f85..422f82362c7 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -460,6 +460,8 @@ static char **pubkeys; @@ -94,7 +94,7 @@ index aab2a941f8..422f82362c 100644 disable_shim_lock); while (dc--) diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index 8a53310548..e1f1112784 100644 +index 8a53310548b..e1f1112784a 100644 --- a/util/grub-mkimage.c +++ b/util/grub-mkimage.c @@ -75,7 +75,8 @@ static struct argp_option options[] = { @@ -141,7 +141,7 @@ index 8a53310548..e1f1112784 100644 arguments.appsig_size, arguments.comp, arguments.dtb, arguments.sbat, diff --git a/util/mkimage.c b/util/mkimage.c -index bab1227601..8319e8dfbd 100644 +index bab12276010..8319e8dfbde 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -867,7 +867,8 @@ void @@ -211,7 +211,7 @@ index bab1227601..8319e8dfbd 100644 { struct grub_module_header *header; diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index 55849777ea..98edc0863f 100644 +index 55849777eaa..98edc0863f6 100644 --- a/include/grub/kernel.h +++ b/include/grub/kernel.h @@ -30,7 +30,9 @@ enum @@ -226,7 +226,7 @@ index 55849777ea..98edc0863f 100644 /* The module header. */ diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index cf4531e02b..51f3b13ac1 100644 +index cf4531e02b6..51f3b13ac13 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -67,6 +67,8 @@ diff --git a/SOURCES/0192-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch b/SOURCES/0192-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch index 0ebc6c7..7b7d70c 100644 --- a/SOURCES/0192-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch +++ b/SOURCES/0192-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch @@ -22,7 +22,7 @@ Signed-off-by: Daniel Axtens diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c new file mode 100644 -index 0000000000..ddd1314e63 +index 00000000000..ddd1314e63b --- /dev/null +++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c @@ -0,0 +1,121 @@ @@ -149,7 +149,7 @@ index 0000000000..ddd1314e63 +}; diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c new file mode 100644 -index 0000000000..adef69d95c +index 00000000000..adef69d95ce --- /dev/null +++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c @@ -0,0 +1,484 @@ diff --git a/SOURCES/0193-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch b/SOURCES/0193-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch index 5a13d5b..04bf1df 100644 --- a/SOURCES/0193-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch +++ b/SOURCES/0193-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch @@ -29,7 +29,7 @@ Signed-off-by: Daniel Axtens diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c new file mode 100644 -index 0000000000..eff095a9df +index 00000000000..eff095a9df2 --- /dev/null +++ b/grub-core/commands/appendedsig/asn1util.c @@ -0,0 +1,102 @@ @@ -137,7 +137,7 @@ index 0000000000..eff095a9df +} diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c new file mode 100644 -index 0000000000..dc6afe203f +index 00000000000..dc6afe203f7 --- /dev/null +++ b/grub-core/commands/appendedsig/pkcs7.c @@ -0,0 +1,305 @@ @@ -448,7 +448,7 @@ index 0000000000..dc6afe203f +} diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c new file mode 100644 -index 0000000000..2b38b3670a +index 00000000000..2b38b3670a2 --- /dev/null +++ b/grub-core/commands/appendedsig/x509.c @@ -0,0 +1,958 @@ @@ -1412,7 +1412,7 @@ index 0000000000..2b38b3670a +} diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h new file mode 100644 -index 0000000000..9792ef3901 +index 00000000000..9792ef3901e --- /dev/null +++ b/grub-core/commands/appendedsig/appendedsig.h @@ -0,0 +1,110 @@ diff --git a/SOURCES/0194-appended-signatures-support-verifying-appended-signa.patch b/SOURCES/0194-appended-signatures-support-verifying-appended-signa.patch index 3fdc9b6..262efc0 100644 --- a/SOURCES/0194-appended-signatures-support-verifying-appended-signa.patch +++ b/SOURCES/0194-appended-signatures-support-verifying-appended-signa.patch @@ -28,7 +28,7 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/commands/appendedsig/appendedsig.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index b4aaccf7b5..77321d218c 100644 +index b4aaccf7b57..77321d218c8 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -980,6 +980,18 @@ module = { @@ -52,7 +52,7 @@ index b4aaccf7b5..77321d218c 100644 common = commands/hdparm.c; diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c new file mode 100644 -index 0000000000..dc294cd339 +index 00000000000..dc294cd339e --- /dev/null +++ b/grub-core/commands/appendedsig/appendedsig.c @@ -0,0 +1,645 @@ @@ -702,7 +702,7 @@ index 0000000000..dc294cd339 + grub_unregister_command (cmd_distrust); +} diff --git a/include/grub/file.h b/include/grub/file.h -index 31567483cc..96827a4f89 100644 +index 31567483ccf..96827a4f896 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -80,6 +80,8 @@ enum grub_file_type diff --git a/SOURCES/0195-appended-signatures-verification-tests.patch b/SOURCES/0195-appended-signatures-verification-tests.patch index 982b3c8..9f6c3c6 100644 --- a/SOURCES/0195-appended-signatures-verification-tests.patch +++ b/SOURCES/0195-appended-signatures-verification-tests.patch @@ -17,7 +17,7 @@ Signed-off-by: Daniel Axtens create mode 100644 grub-core/tests/appended_signatures.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 77321d218c..6bddc841b8 100644 +index 77321d218c8..6bddc841b85 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2161,6 +2161,12 @@ module = { @@ -35,7 +35,7 @@ index 77321d218c..6bddc841b8 100644 common = tests/signature_test.c; diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c new file mode 100644 -index 0000000000..88a485200d +index 00000000000..88a485200d8 --- /dev/null +++ b/grub-core/tests/appended_signature_test.c @@ -0,0 +1,281 @@ @@ -321,7 +321,7 @@ index 0000000000..88a485200d + +GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c -index 96781fb39b..403fa5c789 100644 +index 96781fb39b5..403fa5c789a 100644 --- a/grub-core/tests/lib/functional_test.c +++ b/grub-core/tests/lib/functional_test.c @@ -73,6 +73,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)), @@ -334,7 +334,7 @@ index 96781fb39b..403fa5c789 100644 grub_dl_load ("ctz_test"); diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h new file mode 100644 -index 0000000000..aa3dc6278e +index 00000000000..aa3dc6278e3 --- /dev/null +++ b/grub-core/tests/appended_signatures.h @@ -0,0 +1,557 @@ diff --git a/SOURCES/0196-appended-signatures-documentation.patch b/SOURCES/0196-appended-signatures-documentation.patch index eb58046..864cfa3 100644 --- a/SOURCES/0196-appended-signatures-documentation.patch +++ b/SOURCES/0196-appended-signatures-documentation.patch @@ -13,7 +13,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 182 insertions(+), 17 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index afbde7c1f7..4816be8561 100644 +index afbde7c1f7b..4816be85611 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -3214,6 +3214,7 @@ These variables have special meaning to GRUB. diff --git a/SOURCES/0197-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch b/SOURCES/0197-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch index ed4c684..40c3b3e 100644 --- a/SOURCES/0197-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch +++ b/SOURCES/0197-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch @@ -15,7 +15,7 @@ Signed-off-by: Daniel Axtens 4 files changed, 32 insertions(+), 3 deletions(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 6bddc841b8..3f3459b2c7 100644 +index 6bddc841b85..3f3459b2c70 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -323,6 +323,7 @@ kernel = { @@ -27,7 +27,7 @@ index 6bddc841b8..3f3459b2c7 100644 sparc64_ieee1275 = kern/sparc64/cache.S; sparc64_ieee1275 = kern/sparc64/dl.c; diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 937c1bc44c..fc7d971272 100644 +index 937c1bc44cb..fc7d9712729 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -44,6 +44,7 @@ @@ -79,7 +79,7 @@ index 937c1bc44c..fc7d971272 100644 void diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h -index 40531fa823..ebfee4bf06 100644 +index 40531fa823b..ebfee4bf06e 100644 --- a/include/grub/lockdown.h +++ b/include/grub/lockdown.h @@ -24,7 +24,8 @@ @@ -93,7 +93,7 @@ index 40531fa823..ebfee4bf06 100644 EXPORT_FUNC (grub_lockdown) (void); extern int diff --git a/docs/grub.texi b/docs/grub.texi -index 4816be8561..a4da9c2a1b 100644 +index 4816be85611..a4da9c2a1b9 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -6227,8 +6227,8 @@ Measured boot is currently only supported on EFI platforms. diff --git a/SOURCES/0198-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch b/SOURCES/0198-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch index a40caea..52fa9d2 100644 --- a/SOURCES/0198-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch +++ b/SOURCES/0198-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch @@ -32,7 +32,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 17 deletions(-) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index fc7d971272..0dcd114ce5 100644 +index fc7d9712729..0dcd114ce54 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -46,9 +46,6 @@ diff --git a/SOURCES/0199-ieee1275-claim-more-memory.patch b/SOURCES/0199-ieee1275-claim-more-memory.patch index 6ec319b..001a9df 100644 --- a/SOURCES/0199-ieee1275-claim-more-memory.patch +++ b/SOURCES/0199-ieee1275-claim-more-memory.patch @@ -86,7 +86,7 @@ Signed-off-by: Daniel Axtens 2 files changed, 69 insertions(+), 18 deletions(-) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 0dcd114ce5..c61d91a028 100644 +index 0dcd114ce54..c61d91a0285 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -46,11 +46,12 @@ @@ -227,7 +227,7 @@ index 0dcd114ce5..c61d91a028 100644 #endif diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 19f708ee66..90083772c8 100644 +index 19f708ee662..90083772c8a 100644 --- a/docs/grub-dev.texi +++ b/docs/grub-dev.texi @@ -1047,7 +1047,9 @@ space is limited to 4GiB. GRUB allocates pages from EFI for its heap, at most diff --git a/SOURCES/0200-ieee1275-request-memory-with-ibm-client-architecture.patch b/SOURCES/0200-ieee1275-request-memory-with-ibm-client-architecture.patch index 4f3ab90..6e6c1f0 100644 --- a/SOURCES/0200-ieee1275-request-memory-with-ibm-client-architecture.patch +++ b/SOURCES/0200-ieee1275-request-memory-with-ibm-client-architecture.patch @@ -69,7 +69,7 @@ Signed-off-by: Daniel Axtens 3 files changed, 152 insertions(+), 3 deletions(-) diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c -index 04df9d2c66..6435628ec5 100644 +index 04df9d2c667..6435628ec57 100644 --- a/grub-core/kern/ieee1275/cmain.c +++ b/grub-core/kern/ieee1275/cmain.c @@ -127,6 +127,9 @@ grub_ieee1275_find_options (void) @@ -83,7 +83,7 @@ index 04df9d2c66..6435628ec5 100644 if (is_smartfirmware) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index c61d91a028..9704715c83 100644 +index c61d91a0285..9704715c837 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -242,6 +242,135 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, @@ -248,7 +248,7 @@ index c61d91a028..9704715c83 100644 total = total / 4; diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h -index b5a1d49bbc..e0a6c2ce1e 100644 +index b5a1d49bbc3..e0a6c2ce1e6 100644 --- a/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h @@ -149,7 +149,13 @@ enum grub_ieee1275_flag diff --git a/SOURCES/0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch b/SOURCES/0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch index 5728f26..a237a21 100644 --- a/SOURCES/0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch +++ b/SOURCES/0201-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch @@ -23,7 +23,7 @@ Signed-off-by: Daniel Axtens 3 files changed, 201 insertions(+), 3 deletions(-) diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c -index 2b38b3670a..42ec65c54a 100644 +index 2b38b3670a2..42ec65c54aa 100644 --- a/grub-core/commands/appendedsig/x509.c +++ b/grub-core/commands/appendedsig/x509.c @@ -47,6 +47,12 @@ const char *keyUsage_oid = "2.5.29.15"; @@ -156,7 +156,7 @@ index 2b38b3670a..42ec65c54a 100644 cleanup_value: diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c -index 88a485200d..dbba061662 100644 +index 88a485200d8..dbba0616621 100644 --- a/grub-core/tests/appended_signature_test.c +++ b/grub-core/tests/appended_signature_test.c @@ -111,6 +111,22 @@ static struct grub_procfs_entry certificate_printable_der_entry = { @@ -225,7 +225,7 @@ index 88a485200d..dbba061662 100644 GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h -index aa3dc6278e..2e5ebd7d8b 100644 +index aa3dc6278e3..2e5ebd7d8bd 100644 --- a/grub-core/tests/appended_signatures.h +++ b/grub-core/tests/appended_signatures.h @@ -555,3 +555,84 @@ unsigned char certificate_printable_der[] = { diff --git a/SOURCES/0202-ieee1275-ofdisk-retry-on-open-failure.patch b/SOURCES/0202-ieee1275-ofdisk-retry-on-open-failure.patch index 9149773..275d14f 100644 --- a/SOURCES/0202-ieee1275-ofdisk-retry-on-open-failure.patch +++ b/SOURCES/0202-ieee1275-ofdisk-retry-on-open-failure.patch @@ -16,7 +16,7 @@ Signed-off-by: Diego Domingos 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index ea7f78ac7d..55346849d3 100644 +index ea7f78ac7d8..55346849d35 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -225,7 +225,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) @@ -85,7 +85,7 @@ index ea7f78ac7d..55346849d3 100644 } diff --git a/include/grub/ieee1275/ofdisk.h b/include/grub/ieee1275/ofdisk.h -index 2f69e3f191..7d2d540930 100644 +index 2f69e3f191d..7d2d5409305 100644 --- a/include/grub/ieee1275/ofdisk.h +++ b/include/grub/ieee1275/ofdisk.h @@ -22,4 +22,12 @@ diff --git a/SOURCES/0203-01_menu_auto_hide.in-fix-a-then-than-typo.patch b/SOURCES/0203-01_menu_auto_hide.in-fix-a-then-than-typo.patch index d1b3f2e..4847ef9 100644 --- a/SOURCES/0203-01_menu_auto_hide.in-fix-a-then-than-typo.patch +++ b/SOURCES/0203-01_menu_auto_hide.in-fix-a-then-than-typo.patch @@ -12,7 +12,7 @@ Signed-off-by: Jan Pokorný 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in -index 737e1ae5b6..e73f4137b3 100644 +index 737e1ae5b68..e73f4137b36 100644 --- a/util/grub.d/10_reset_boot_success.in +++ b/util/grub.d/10_reset_boot_success.in @@ -15,7 +15,7 @@ fi diff --git a/SOURCES/0204-Fix-disabling-grub-rpm-sort.patch b/SOURCES/0204-Fix-disabling-grub-rpm-sort.patch index dd1bec0..dccde3c 100644 --- a/SOURCES/0204-Fix-disabling-grub-rpm-sort.patch +++ b/SOURCES/0204-Fix-disabling-grub-rpm-sort.patch @@ -13,7 +13,7 @@ debug output to ./configure and fixes #44. 2 files changed, 9 insertions(+) diff --git a/configure.ac b/configure.ac -index d5d2a28b4e..c7842ec29d 100644 +index d5d2a28b4ef..c7842ec29d8 100644 --- a/configure.ac +++ b/configure.ac @@ -1936,6 +1936,8 @@ AC_ARG_ENABLE([rpm-sort], @@ -46,7 +46,7 @@ index d5d2a28b4e..c7842ec29d 100644 echo starfield theme: Yes echo With DejaVuSans font from $DJVU_FONT_SOURCE diff --git a/Makefile.util.def b/Makefile.util.def -index 8cfbe69a76..3f191aa809 100644 +index 8cfbe69a76e..3f191aa8095 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -774,6 +774,7 @@ program = { diff --git a/SOURCES/0205-Don-t-check-for-rpmvercmp-in-librpm.patch b/SOURCES/0205-Don-t-check-for-rpmvercmp-in-librpm.patch index 4cf5325..c21dca4 100644 --- a/SOURCES/0205-Don-t-check-for-rpmvercmp-in-librpm.patch +++ b/SOURCES/0205-Don-t-check-for-rpmvercmp-in-librpm.patch @@ -22,7 +22,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac -index c7842ec29d..3c808a7223 100644 +index c7842ec29d8..3c808a72230 100644 --- a/configure.ac +++ b/configure.ac @@ -1947,24 +1947,15 @@ if test x"$rpm_sort_excuse" = x ; then diff --git a/SOURCES/0206-Allow-chainloading-EFI-apps-from-loop-mounts.patch b/SOURCES/0206-Allow-chainloading-EFI-apps-from-loop-mounts.patch index f485054..e48f102 100644 --- a/SOURCES/0206-Allow-chainloading-EFI-apps-from-loop-mounts.patch +++ b/SOURCES/0206-Allow-chainloading-EFI-apps-from-loop-mounts.patch @@ -11,7 +11,7 @@ Subject: [PATCH] Allow chainloading EFI apps from loop mounts. create mode 100644 include/grub/loopback.h diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c -index 41bebd14fe..99f47924ec 100644 +index 41bebd14fe3..99f47924ec2 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -21,20 +21,13 @@ @@ -37,7 +37,7 @@ index 41bebd14fe..99f47924ec 100644 static unsigned long last_id = 0; diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index d41e8ea14a..3af6b12292 100644 +index d41e8ea14a8..3af6b122926 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -24,6 +24,7 @@ @@ -100,7 +100,7 @@ index d41e8ea14a..3af6b12292 100644 diff --git a/include/grub/loopback.h b/include/grub/loopback.h new file mode 100644 -index 0000000000..3b9a9e32e8 +index 00000000000..3b9a9e32e80 --- /dev/null +++ b/include/grub/loopback.h @@ -0,0 +1,30 @@ diff --git a/SOURCES/0207-efinet-Add-DHCP-proxy-support.patch b/SOURCES/0207-efinet-Add-DHCP-proxy-support.patch index 25065ad..a8755a3 100644 --- a/SOURCES/0207-efinet-Add-DHCP-proxy-support.patch +++ b/SOURCES/0207-efinet-Add-DHCP-proxy-support.patch @@ -11,7 +11,7 @@ server ack packet. Currently that case is not handled, add support for it. 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index e11d759f19..1a24f38a21 100644 +index e11d759f19a..1a24f38a21a 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -850,10 +850,31 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, diff --git a/SOURCES/0208-fs-ext2-Ignore-checksum-seed-incompat-feature.patch b/SOURCES/0208-fs-ext2-Ignore-checksum-seed-incompat-feature.patch index 3d7c641..b4a5fd4 100644 --- a/SOURCES/0208-fs-ext2-Ignore-checksum-seed-incompat-feature.patch +++ b/SOURCES/0208-fs-ext2-Ignore-checksum-seed-incompat-feature.patch @@ -23,7 +23,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index e7dd78e663..731d346f88 100644 +index e7dd78e6635..731d346f886 100644 --- a/grub-core/fs/ext2.c +++ b/grub-core/fs/ext2.c @@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SOURCES/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch b/SOURCES/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch index 8025271..c55b7e3 100644 --- a/SOURCES/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch +++ b/SOURCES/0209-Don-t-update-the-cmdline-when-generating-legacy-menu.patch @@ -20,7 +20,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 68adb55d89..c9296154f5 100644 +index 68adb55d893..c9296154f51 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -261,7 +261,9 @@ if [ -z "\${kernelopts}" ]; then diff --git a/SOURCES/0210-Suppress-gettext-error-message.patch b/SOURCES/0210-Suppress-gettext-error-message.patch index dd87a98..c57e7ff 100644 --- a/SOURCES/0210-Suppress-gettext-error-message.patch +++ b/SOURCES/0210-Suppress-gettext-error-message.patch @@ -14,7 +14,7 @@ Signed-off-by: Paulo Flabiano Smorigo 1 file changed, 7 insertions(+) diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 84d520cd49..87a912ac6e 100644 +index 84d520cd494..87a912ac6e5 100644 --- a/grub-core/gettext/gettext.c +++ b/grub-core/gettext/gettext.c @@ -424,6 +424,13 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, diff --git a/SOURCES/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch b/SOURCES/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch index 017d4cb..61d0f6d 100644 --- a/SOURCES/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch +++ b/SOURCES/0211-grub-boot-success.timer-Only-run-if-not-in-a-contain.patch @@ -19,7 +19,7 @@ Resolves: rhbz#1914571 1 file changed, 1 insertion(+) diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer -index 5d8fcba21a..406f172005 100644 +index 5d8fcba21aa..406f1720056 100644 --- a/docs/grub-boot-success.timer +++ b/docs/grub-boot-success.timer @@ -1,6 +1,7 @@ diff --git a/SOURCES/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch b/SOURCES/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch index b5d5e5c..7ecea22 100644 --- a/SOURCES/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch +++ b/SOURCES/0212-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch @@ -15,7 +15,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/util/grub-set-password.in b/util/grub-set-password.in -index c0b5ebbfdc..d8005e5a14 100644 +index c0b5ebbfdc5..d8005e5a142 100644 --- a/util/grub-set-password.in +++ b/util/grub-set-password.in @@ -1,11 +1,6 @@ diff --git a/SOURCES/0213-Remove-outdated-URL-for-BLS-document.patch b/SOURCES/0213-Remove-outdated-URL-for-BLS-document.patch index 21af1fa..d380fe8 100644 --- a/SOURCES/0213-Remove-outdated-URL-for-BLS-document.patch +++ b/SOURCES/0213-Remove-outdated-URL-for-BLS-document.patch @@ -14,7 +14,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index c9296154f5..6ee0a2cf3d 100644 +index c9296154f51..6ee0a2cf3d0 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -96,7 +96,7 @@ cat < 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in -index d344d3883d..b6041b55e2 100644 +index d344d3883d7..b6041b55e2a 100644 --- a/util/grub.d/30_uefi-firmware.in +++ b/util/grub.d/30_uefi-firmware.in @@ -26,19 +26,14 @@ export TEXTDOMAINDIR="@localedir@" diff --git a/SOURCES/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch b/SOURCES/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch index 3b1a219..65b4aec 100644 --- a/SOURCES/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch +++ b/SOURCES/0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch @@ -21,7 +21,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c -index eaca032838..328c45e82e 100644 +index eaca0328388..328c45e82e0 100644 --- a/grub-core/commands/efi/efifwsetup.c +++ b/grub-core/commands/efi/efifwsetup.c @@ -27,6 +27,25 @@ diff --git a/SOURCES/0216-arm64-Fix-EFI-loader-kernel-image-allocation.patch b/SOURCES/0216-arm64-Fix-EFI-loader-kernel-image-allocation.patch index ce77c63..600b461 100644 --- a/SOURCES/0216-arm64-Fix-EFI-loader-kernel-image-allocation.patch +++ b/SOURCES/0216-arm64-Fix-EFI-loader-kernel-image-allocation.patch @@ -19,7 +19,7 @@ Signed-off-by: Benjamin Herrenschmidt 1 file changed, 66 insertions(+), 34 deletions(-) diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 47f8cf0d84..4a252d5e7e 100644 +index 47f8cf0d84b..4a252d5e7e9 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -41,6 +41,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SOURCES/0217-normal-main-Discover-the-device-to-read-the-config-f.patch b/SOURCES/0217-normal-main-Discover-the-device-to-read-the-config-f.patch index 0f0c66c..cf12fd6 100644 --- a/SOURCES/0217-normal-main-Discover-the-device-to-read-the-config-f.patch +++ b/SOURCES/0217-normal-main-Discover-the-device-to-read-the-config-f.patch @@ -26,7 +26,7 @@ Signed-off-by: Javier Martinez Canillas 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 155bf366da..f9ccca502e 100644 +index 155bf366da2..f9ccca502ee 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -339,18 +339,13 @@ grub_enter_normal_mode (const char *config) diff --git a/SOURCES/0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch b/SOURCES/0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch index fe28e32..70b021d 100644 --- a/SOURCES/0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch +++ b/SOURCES/0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch @@ -23,7 +23,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 0285e95a2b..e809a5edec 100644 +index 0285e95a2bb..e809a5edec1 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -216,13 +216,41 @@ grub_set_prefix_and_root (void) diff --git a/SOURCES/0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch b/SOURCES/0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch index 1bf9fa8..1cb21ef 100644 --- a/SOURCES/0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch +++ b/SOURCES/0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch @@ -15,7 +15,7 @@ Signed-off-by: Daniel Axtens 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index e809a5edec..2d0d2bbd4c 100644 +index e809a5edec1..2d0d2bbd4cf 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -236,9 +236,20 @@ grub_set_prefix_and_root (void) diff --git a/SOURCES/0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch b/SOURCES/0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch index a1a8254..8b5170b 100644 --- a/SOURCES/0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch +++ b/SOURCES/0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch @@ -25,7 +25,7 @@ Signed-off-by: Peter Jones 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 4a252d5e7e..f18d90bd74 100644 +index 4a252d5e7e9..f18d90bd749 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -322,7 +322,7 @@ parse_pe_header (void *kernel, grub_uint64_t *total_size, @@ -38,7 +38,7 @@ index 4a252d5e7e..f18d90bd74 100644 *total_size = pe->opt.image_size; diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index b582f67f66..966a5074f5 100644 +index b582f67f661..966a5074f53 100644 --- a/include/grub/arm/linux.h +++ b/include/grub/arm/linux.h @@ -44,6 +44,7 @@ struct grub_arm_linux_pe_header @@ -50,7 +50,7 @@ index b582f67f66..966a5074f5 100644 # define grub_armxx_linux_pe_header grub_arm_linux_pe_header #endif diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index ea030312df..422bf2bf24 100644 +index ea030312df3..422bf2bf24b 100644 --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h @@ -48,6 +48,7 @@ struct grub_arm64_linux_pe_header diff --git a/SOURCES/0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch b/SOURCES/0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch index 7fc40f1..893d8b4 100644 --- a/SOURCES/0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch +++ b/SOURCES/0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch @@ -81,7 +81,7 @@ Reviewed-by: Daniel Kiper 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 0f524c3a8a..e3816d1ec4 100644 +index 0f524c3a8a6..e3816d1ec4a 100644 --- a/grub-core/fs/xfs.c +++ b/grub-core/fs/xfs.c @@ -192,6 +192,11 @@ struct grub_xfs_time_legacy diff --git a/SOURCES/0222-Print-module-name-on-license-check-failure.patch b/SOURCES/0222-Print-module-name-on-license-check-failure.patch index 5c30859..c4b9a13 100644 --- a/SOURCES/0222-Print-module-name-on-license-check-failure.patch +++ b/SOURCES/0222-Print-module-name-on-license-check-failure.patch @@ -13,7 +13,7 @@ Signed-off-by: Robbie Harwood 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 9557254035..f304494574 100644 +index 9557254035e..f3044945742 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -528,14 +528,16 @@ grub_dl_find_section_index (Elf_Ehdr *e, const char *name) diff --git a/SOURCES/0223-powerpc-ieee1275-load-grub-at-4MB-not-2MB.patch b/SOURCES/0223-powerpc-ieee1275-load-grub-at-4MB-not-2MB.patch index 05417ed..a80727e 100644 --- a/SOURCES/0223-powerpc-ieee1275-load-grub-at-4MB-not-2MB.patch +++ b/SOURCES/0223-powerpc-ieee1275-load-grub-at-4MB-not-2MB.patch @@ -79,7 +79,7 @@ Signed-off-by: Robbie Harwood 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 3f3459b2c7..6b00eb5557 100644 +index 3f3459b2c70..6b00eb55575 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -89,7 +89,7 @@ kernel = { @@ -92,7 +92,7 @@ index 3f3459b2c7..6b00eb5557 100644 mips_arc_ldflags = '-Wl,-Ttext,$(TARGET_LINK_ADDR)'; mips_qemu_mips_ldflags = '-Wl,-Ttext,0x80200000'; diff --git a/include/grub/offsets.h b/include/grub/offsets.h -index 871e1cd4c3..69211aa798 100644 +index 871e1cd4c38..69211aa798b 100644 --- a/include/grub/offsets.h +++ b/include/grub/offsets.h @@ -63,7 +63,7 @@ diff --git a/SOURCES/0224-grub-mkconfig-restore-umask-for-grub.cfg.patch b/SOURCES/0224-grub-mkconfig-restore-umask-for-grub.cfg.patch index f275ed4..bd1bd0c 100644 --- a/SOURCES/0224-grub-mkconfig-restore-umask-for-grub.cfg.patch +++ b/SOURCES/0224-grub-mkconfig-restore-umask-for-grub.cfg.patch @@ -26,7 +26,7 @@ Signed-off-by: Michael Chang 1 file changed, 2 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f55339a3f6..520a672cd2 100644 +index f55339a3f64..520a672cd2c 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -311,7 +311,9 @@ and /etc/grub.d/* files or please file a bug report with diff --git a/SOURCES/0225-commands-search-Fix-bug-stopping-iteration-when-no-f.patch b/SOURCES/0225-commands-search-Fix-bug-stopping-iteration-when-no-f.patch index 8bdf8ae..c5971ac 100644 --- a/SOURCES/0225-commands-search-Fix-bug-stopping-iteration-when-no-f.patch +++ b/SOURCES/0225-commands-search-Fix-bug-stopping-iteration-when-no-f.patch @@ -20,7 +20,7 @@ Signed-off-by: Robbie Harwood 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c -index ed090b3af8..51656e361c 100644 +index ed090b3af8b..51656e361cc 100644 --- a/grub-core/commands/search.c +++ b/grub-core/commands/search.c @@ -64,7 +64,7 @@ iterate_device (const char *name, void *data) diff --git a/SOURCES/0226-search-new-efidisk-only-option-on-EFI-systems.patch b/SOURCES/0226-search-new-efidisk-only-option-on-EFI-systems.patch index 0364677..8e24dac 100644 --- a/SOURCES/0226-search-new-efidisk-only-option-on-EFI-systems.patch +++ b/SOURCES/0226-search-new-efidisk-only-option-on-EFI-systems.patch @@ -27,7 +27,7 @@ Signed-off-by: Robbie Harwood 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c -index 51656e361c..57d26ced8a 100644 +index 51656e361cc..57d26ced8a8 100644 --- a/grub-core/commands/search.c +++ b/grub-core/commands/search.c @@ -47,7 +47,7 @@ struct search_ctx @@ -87,7 +87,7 @@ index 51656e361c..57d26ced8a 100644 .nhints = nhints, .count = 0, diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c -index 47fc8eb996..0b62acf853 100644 +index 47fc8eb9966..0b62acf8535 100644 --- a/grub-core/commands/search_wrap.c +++ b/grub-core/commands/search_wrap.c @@ -40,6 +40,7 @@ static const struct grub_arg_option options[] = @@ -140,7 +140,7 @@ index 47fc8eb996..0b62acf853 100644 grub_error (GRUB_ERR_INVALID_COMMAND, "unspecified search type"); diff --git a/include/grub/search.h b/include/grub/search.h -index d80347df34..4190aeb2cb 100644 +index d80347df34b..4190aeb2cbf 100644 --- a/include/grub/search.h +++ b/include/grub/search.h @@ -19,11 +19,20 @@ diff --git a/SOURCES/0227-efi-new-connectefi-command.patch b/SOURCES/0227-efi-new-connectefi-command.patch index 0d25478..abb6f6f 100644 --- a/SOURCES/0227-efi-new-connectefi-command.patch +++ b/SOURCES/0227-efi-new-connectefi-command.patch @@ -65,7 +65,7 @@ Signed-off-by: Robbie Harwood create mode 100644 grub-core/commands/efi/connectefi.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 6b00eb5557..97abc01f06 100644 +index 6b00eb55575..97abc01f064 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -833,6 +833,12 @@ module = { @@ -83,7 +83,7 @@ index 6b00eb5557..97abc01f06 100644 common = commands/blocklist.c; diff --git a/grub-core/commands/efi/connectefi.c b/grub-core/commands/efi/connectefi.c new file mode 100644 -index 0000000000..8ab75bd51b +index 00000000000..8ab75bd51be --- /dev/null +++ b/grub-core/commands/efi/connectefi.c @@ -0,0 +1,205 @@ @@ -293,7 +293,7 @@ index 0000000000..8ab75bd51b + grub_unregister_command (cmd); +} diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c -index d1ce99af43..f2d2430e66 100644 +index d1ce99af438..f2d2430e666 100644 --- a/grub-core/commands/efi/lsefi.c +++ b/grub-core/commands/efi/lsefi.c @@ -19,6 +19,7 @@ @@ -305,7 +305,7 @@ index d1ce99af43..f2d2430e66 100644 #include #include diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c -index fe8ba6e6c9..062143dfff 100644 +index fe8ba6e6c93..062143dfffd 100644 --- a/grub-core/disk/efi/efidisk.c +++ b/grub-core/disk/efi/efidisk.c @@ -396,6 +396,19 @@ enumerate_disks (void) @@ -329,7 +329,7 @@ index fe8ba6e6c9..062143dfff 100644 grub_efidisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data, grub_disk_pull_t pull) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 14bc10eb56..7fcca69c17 100644 +index 14bc10eb564..7fcca69c17b 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -95,6 +95,19 @@ grub_efi_locate_handle (grub_efi_locate_search_type_t search_type, @@ -353,7 +353,7 @@ index 14bc10eb56..7fcca69c17 100644 grub_efi_open_protocol (grub_efi_handle_t handle, grub_efi_guid_t *protocol, diff --git a/include/grub/efi/disk.h b/include/grub/efi/disk.h -index 254475c842..6845c2f1fd 100644 +index 254475c8428..6845c2f1fd8 100644 --- a/include/grub/efi/disk.h +++ b/include/grub/efi/disk.h @@ -27,6 +27,8 @@ grub_efi_handle_t @@ -366,7 +366,7 @@ index 254475c842..6845c2f1fd 100644 void grub_efidisk_fini (void); diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 8dfc89a33b..ec52083c49 100644 +index 8dfc89a33b9..ec52083c49f 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -41,6 +41,11 @@ EXPORT_FUNC(grub_efi_locate_handle) (grub_efi_locate_search_type_t search_type, @@ -382,7 +382,7 @@ index 8dfc89a33b..ec52083c49 100644 grub_efi_guid_t *protocol, grub_efi_uint32_t attributes); diff --git a/NEWS b/NEWS -index 73b8492bc4..d7c1d23aed 100644 +index 73b8492bc42..d7c1d23aed7 100644 --- a/NEWS +++ b/NEWS @@ -98,7 +98,7 @@ New in 2.02: diff --git a/SOURCES/0228-loader-efi-chainloader-grub_load_and_start_image-doe.patch b/SOURCES/0228-loader-efi-chainloader-grub_load_and_start_image-doe.patch deleted file mode 100644 index 3fcd8e4..0000000 --- a/SOURCES/0228-loader-efi-chainloader-grub_load_and_start_image-doe.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 28 Apr 2022 21:53:36 +0100 -Subject: [PATCH] loader/efi/chainloader: grub_load_and_start_image doesn't - load and start - -grub_load_and_start_image only loads an image - it still requires the -caller to start it. This renames it to grub_load_image. - -It's called from 2 places: -- grub_cmd_chainloader when not using the shim protocol. -- grub_secureboot_chainloader_boot if handle_image returns an error. -In this case, the image is loaded and then nothing else happens which -seems strange. I assume the intention is that it falls back to LoadImage -and StartImage if handle_image fails, so I've made it do that. - -Signed-off-by: Chris Coulson -(cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) -(cherry picked from commit 05b16a6be50b1910609740a66b561276fa490538) ---- - grub-core/loader/efi/chainloader.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 3af6b12292..39158e679e 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -841,7 +841,7 @@ grub_secureboot_chainloader_unload (void) - } - - static grub_err_t --grub_load_and_start_image(void *boot_image) -+grub_load_image(void *boot_image) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -883,13 +883,23 @@ grub_load_and_start_image(void *boot_image) - static grub_err_t - grub_secureboot_chainloader_boot (void) - { -+ grub_efi_boot_services_t *b; - int rc; -+ - rc = handle_image ((void *)(unsigned long)address, fsize); - if (rc == 0) - { -- grub_load_and_start_image((void *)(unsigned long)address); -+ /* We weren't able to attempt to execute the image, so fall back -+ * to LoadImage / StartImage. -+ */ -+ rc = grub_load_image((void *)(unsigned long)address); -+ if (rc == 0) -+ grub_chainloader_boot (); - } - -+ b = grub_efi_system_table->boot_services; -+ efi_call_1 (b->unload_image, image_handle); -+ - grub_loader_unset (); - return grub_errno; - } -@@ -1094,7 +1104,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - else if (rc == 0) - { -- grub_load_and_start_image(boot_image); -+ grub_load_image(boot_image); - grub_file_close (file); - grub_device_close (dev); - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); diff --git a/SOURCES/0228-powerpc-do-CAS-in-a-more-compatible-way.patch b/SOURCES/0228-powerpc-do-CAS-in-a-more-compatible-way.patch new file mode 100644 index 0000000..32c06b0 --- /dev/null +++ b/SOURCES/0228-powerpc-do-CAS-in-a-more-compatible-way.patch @@ -0,0 +1,111 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 8 Apr 2022 12:35:28 +1000 +Subject: [PATCH] powerpc: do CAS in a more compatible way + +I wrongly assumed that the most compatible way to perform CAS +negotiation was to only set the minimum number of vectors required +to ask for more memory. It turns out that this messes up booting +if the minimum VP capacity would be less than the default 10% in +vector 4. + +Linux configures the minimum capacity to be 1%, so copy it for that +and for vector 3 which we now need to specify as well. + +Signed-off-by: Daniel Axtens +(cherry picked from commit e6f02ad4e75cd995a8ee2954d28949c415b6cbfe) +--- + grub-core/kern/ieee1275/init.c | 54 ++++++++++++++++++++++++------------------ + 1 file changed, 31 insertions(+), 23 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 9704715c83..ef55107467 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -298,33 +298,37 @@ grub_ieee1275_total_mem (grub_uint64_t *total) + + /* Based on linux - arch/powerpc/kernel/prom_init.c */ + struct option_vector2 { +- grub_uint8_t byte1; +- grub_uint16_t reserved; +- grub_uint32_t real_base; +- grub_uint32_t real_size; +- grub_uint32_t virt_base; +- grub_uint32_t virt_size; +- grub_uint32_t load_base; +- grub_uint32_t min_rma; +- grub_uint32_t min_load; +- grub_uint8_t min_rma_percent; +- grub_uint8_t max_pft_size; ++ grub_uint8_t byte1; ++ grub_uint16_t reserved; ++ grub_uint32_t real_base; ++ grub_uint32_t real_size; ++ grub_uint32_t virt_base; ++ grub_uint32_t virt_size; ++ grub_uint32_t load_base; ++ grub_uint32_t min_rma; ++ grub_uint32_t min_load; ++ grub_uint8_t min_rma_percent; ++ grub_uint8_t max_pft_size; + } __attribute__((packed)); + + struct pvr_entry { +- grub_uint32_t mask; +- grub_uint32_t entry; ++ grub_uint32_t mask; ++ grub_uint32_t entry; + }; + + struct cas_vector { +- struct { +- struct pvr_entry terminal; +- } pvr_list; +- grub_uint8_t num_vecs; +- grub_uint8_t vec1_size; +- grub_uint8_t vec1; +- grub_uint8_t vec2_size; +- struct option_vector2 vec2; ++ struct { ++ struct pvr_entry terminal; ++ } pvr_list; ++ grub_uint8_t num_vecs; ++ grub_uint8_t vec1_size; ++ grub_uint8_t vec1; ++ grub_uint8_t vec2_size; ++ struct option_vector2 vec2; ++ grub_uint8_t vec3_size; ++ grub_uint16_t vec3; ++ grub_uint8_t vec4_size; ++ grub_uint16_t vec4; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -345,13 +349,17 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 2 - 1, ++ .num_vecs = 4 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, + .vec2 = { + 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 + }, ++ .vec3_size = 2 - 1, ++ .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied ++ .vec4_size = 2 - 1, ++ .vec4 = 0x0001, // set required minimum capacity % to the lowest value + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); +@@ -364,7 +372,7 @@ grub_ieee1275_ibm_cas (void) + args.ihandle = root; + args.cas_addr = (grub_ieee1275_cell_t)&vector; + +- grub_printf("Calling ibm,client-architecture-support..."); ++ grub_printf("Calling ibm,client-architecture-support from grub..."); + IEEE1275_CALL_ENTRY_FN (&args); + grub_printf("done\n"); + diff --git a/SOURCES/0229-loader-efi-chainloader-simplify-the-loader-state.patch b/SOURCES/0229-loader-efi-chainloader-simplify-the-loader-state.patch deleted file mode 100644 index 8e52dd1..0000000 --- a/SOURCES/0229-loader-efi-chainloader-simplify-the-loader-state.patch +++ /dev/null @@ -1,333 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:13:08 +0100 -Subject: [PATCH] loader/efi/chainloader: simplify the loader state - -When not using the shim lock protocol, the chainloader command retains -the source buffer and device path passed to LoadImage, requiring the -unload hook passed to grub_loader_set to free them. It isn't required -to retain this state though - they aren't required by StartImage or -anything else in the boot hook, so clean them up before -grub_cmd_chainloader finishes. - -This also wraps the loader state when using the shim lock protocol -inside a struct. - -Signed-off-by: Chris Coulson -(cherry picked from commit fa39862933b3be1553a580a3a5c28073257d8046) -(cherry picked from commit 0333343ee99c4e88f062789263c94291c057251b) -[rharwood: double-frees and uninitialized, verifying twice] -(cherry picked from commit 8e93db7cb17660c2d48e41909c4671e0e6cbc294) -Signed-off-by: Robbie Harwood ---- - grub-core/loader/efi/chainloader.c | 160 +++++++++++++++++++++++-------------- - 1 file changed, 102 insertions(+), 58 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 39158e679e..0717ce0478 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -48,38 +48,21 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_physical_address_t address; --static grub_efi_uintn_t pages; --static grub_ssize_t fsize; --static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; --static grub_efi_char16_t *cmdline; --static grub_ssize_t cmdline_len; --static grub_efi_handle_t dev_handle; - --static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); -+struct grub_secureboot_chainloader_context { -+ grub_efi_physical_address_t address; -+ grub_efi_uintn_t pages; -+ grub_ssize_t fsize; -+ grub_efi_device_path_t *file_path; -+ grub_efi_char16_t *cmdline; -+ grub_ssize_t cmdline_len; -+ grub_efi_handle_t dev_handle; -+}; -+static struct grub_secureboot_chainloader_context *sb_context; - - static grub_err_t --grub_chainloader_unload (void) --{ -- grub_efi_boot_services_t *b; -- -- b = grub_efi_system_table->boot_services; -- efi_call_1 (b->unload_image, image_handle); -- grub_efi_free_pages (address, pages); -- -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; -- dev_handle = 0; -- -- grub_dl_unref (my_mod); -- return GRUB_ERR_NONE; --} -- --static grub_err_t --grub_chainloader_boot (void) -+grub_start_image (grub_efi_handle_t handle) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -87,7 +70,7 @@ grub_chainloader_boot (void) - grub_efi_char16_t *exit_data = NULL; - - b = grub_efi_system_table->boot_services; -- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data); -+ status = efi_call_3 (b->start_image, handle, &exit_data_size, &exit_data); - if (status != GRUB_EFI_SUCCESS) - { - if (exit_data) -@@ -111,11 +94,37 @@ grub_chainloader_boot (void) - if (exit_data) - grub_efi_free_pool (exit_data); - -- grub_loader_unset (); -- - return grub_errno; - } - -+static grub_err_t -+grub_chainloader_unload (void) -+{ -+ grub_efi_loaded_image_t *loaded_image; -+ grub_efi_boot_services_t *b; -+ -+ loaded_image = grub_efi_get_loaded_image (image_handle); -+ if (loaded_image != NULL) -+ grub_free (loaded_image->load_options); -+ -+ b = grub_efi_system_table->boot_services; -+ efi_call_1 (b->unload_image, image_handle); -+ -+ grub_dl_unref (my_mod); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_chainloader_boot (void) -+{ -+ grub_err_t err; -+ -+ err = grub_start_image (image_handle); -+ -+ grub_loader_unset (); -+ return err; -+} -+ - static grub_err_t - copy_file_path (grub_efi_file_path_device_path_t *fp, - const char *str, grub_efi_uint16_t len) -@@ -150,7 +159,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - char *dir_start; - char *dir_end; - grub_size_t size; -- grub_efi_device_path_t *d; -+ grub_efi_device_path_t *d, *file_path; - - dir_start = grub_strchr (filename, ')'); - if (! dir_start) -@@ -526,10 +535,12 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) - } - - static grub_efi_boolean_t --handle_image (void *data, grub_efi_uint32_t datasize) -+handle_image (struct grub_secureboot_chainloader_context *load_context) - { - grub_efi_loaded_image_t *li, li_bak; - grub_efi_status_t efi_status; -+ void *data = (void *)(unsigned long)load_context->address; -+ grub_efi_uint32_t datasize = load_context->fsize; - void *buffer = NULL; - char *buffer_aligned = NULL; - grub_efi_uint32_t i; -@@ -540,6 +551,7 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_uint32_t buffer_size; - int found_entry_point = 0; - int rc; -+ grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); - - rc = read_header (data, datasize, &context); - if (rc < 0) -@@ -797,10 +809,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); - li->image_base = buffer_aligned; - li->image_size = context.image_size; -- li->load_options = cmdline; -- li->load_options_size = cmdline_len; -- li->file_path = grub_efi_get_media_file_path (file_path); -- li->device_handle = dev_handle; -+ li->load_options = load_context->cmdline; -+ li->load_options_size = load_context->cmdline_len; -+ li->file_path = grub_efi_get_media_file_path (load_context->file_path); -+ li->device_handle = load_context->dev_handle; - if (!li->file_path) - { - grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); -@@ -829,19 +841,22 @@ error_exit: - static grub_err_t - grub_secureboot_chainloader_unload (void) - { -- grub_efi_free_pages (address, pages); -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; -- dev_handle = 0; -+ grub_efi_free_pages (sb_context->address, sb_context->pages); -+ grub_free (sb_context->file_path); -+ grub_free (sb_context->cmdline); -+ grub_free (sb_context); -+ -+ sb_context = 0; - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } - - static grub_err_t --grub_load_image(void *boot_image) -+grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, -+ grub_efi_uintn_t image_size, grub_efi_handle_t dev_handle, -+ grub_efi_char16_t *cmdline, grub_ssize_t cmdline_len, -+ grub_efi_handle_t *image_handle_out) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -850,7 +865,7 @@ grub_load_image(void *boot_image) - b = grub_efi_system_table->boot_services; - - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -- boot_image, fsize, &image_handle); -+ boot_image, image_size, image_handle_out); - if (status != GRUB_EFI_SUCCESS) - { - if (status == GRUB_EFI_OUT_OF_RESOURCES) -@@ -863,7 +878,7 @@ grub_load_image(void *boot_image) - /* LoadImage does not set a device handler when the image is - loaded from memory, so it is necessary to set it explicitly here. - This is a mess. */ -- loaded_image = grub_efi_get_loaded_image (image_handle); -+ loaded_image = grub_efi_get_loaded_image (*image_handle_out); - if (! loaded_image) - { - grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); -@@ -885,20 +900,25 @@ grub_secureboot_chainloader_boot (void) - { - grub_efi_boot_services_t *b; - int rc; -+ grub_efi_handle_t handle = 0; - -- rc = handle_image ((void *)(unsigned long)address, fsize); -+ rc = handle_image (sb_context); - if (rc == 0) - { - /* We weren't able to attempt to execute the image, so fall back - * to LoadImage / StartImage. - */ -- rc = grub_load_image((void *)(unsigned long)address); -+ rc = grub_load_image(sb_context->file_path, -+ (void *)(unsigned long)sb_context->address, -+ sb_context->fsize, sb_context->dev_handle, -+ sb_context->cmdline, sb_context->cmdline_len, -+ &handle); - if (rc == 0) -- grub_chainloader_boot (); -+ grub_start_image (handle); - } - - b = grub_efi_system_table->boot_services; -- efi_call_1 (b->unload_image, image_handle); -+ efi_call_1 (b->unload_image, handle); - - grub_loader_unset (); - return grub_errno; -@@ -913,10 +933,16 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_boot_services_t *b; - grub_device_t dev = 0; - grub_device_t orig_dev = 0; -- grub_efi_device_path_t *dp = 0; -+ grub_efi_device_path_t *dp = 0, *file_path = 0; - char *filename; - void *boot_image = 0; - int rc; -+ grub_efi_physical_address_t address = 0; -+ grub_ssize_t fsize; -+ grub_efi_uintn_t pages = 0; -+ grub_efi_char16_t *cmdline = 0; -+ grub_ssize_t cmdline_len = 0; -+ grub_efi_handle_t dev_handle = 0; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -924,12 +950,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -- /* Initialize some global variables. */ -- address = 0; -- image_handle = 0; -- file_path = 0; -- dev_handle = 0; -- - b = grub_efi_system_table->boot_services; - - if (argc > 1) -@@ -1096,17 +1116,35 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); - if (rc > 0) - { -+ sb_context = grub_malloc (sizeof (*sb_context)); -+ if (sb_context == NULL) -+ goto fail; -+ sb_context->address = address; -+ sb_context->fsize = fsize; -+ sb_context->pages = pages; -+ sb_context->file_path = file_path; -+ sb_context->cmdline = cmdline; -+ sb_context->cmdline_len = cmdline_len; -+ sb_context->dev_handle = dev_handle; -+ - grub_file_close (file); - grub_device_close (dev); -+ - grub_loader_set (grub_secureboot_chainloader_boot, - grub_secureboot_chainloader_unload, 0); - return 0; - } - else if (rc == 0) - { -- grub_load_image(boot_image); -+ grub_load_image(file_path, boot_image, fsize, dev_handle, cmdline, -+ cmdline_len, &image_handle); - grub_file_close (file); - grub_device_close (dev); -+ -+ /* We're finished with the source image buffer and file path now */ -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - - return 0; -@@ -1134,6 +1172,12 @@ fail: - if (cmdline) - grub_free (cmdline); - -+ if (image_handle != 0) -+ { -+ efi_call_1 (b->unload_image, image_handle); -+ image_handle = 0; -+ } -+ - grub_dl_unref (my_mod); - - return grub_errno; diff --git a/SOURCES/0229-powerpc-prefix-detection-support-device-names-with-c.patch b/SOURCES/0229-powerpc-prefix-detection-support-device-names-with-c.patch new file mode 100644 index 0000000..a0aeb10 --- /dev/null +++ b/SOURCES/0229-powerpc-prefix-detection-support-device-names-with-c.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 24 Mar 2022 14:34:32 +1100 +Subject: [PATCH] powerpc: prefix detection: support device names with commas + +Frustratingly, the device name itself can contain an embedded comma: +e.g /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b + +So my previous approach was wrong: we cannot rely upon the presence +of a comma to say that a partition has been specified! + +It turns out for prefixes like (,gpt2)/grub2 we really want to make +up a full (device,partition)/patch prefix, because root discovery code +in 10_linux will reset the root variable and use search to fill it again. +If you have run grub-install, you probably don't have search built in, +and if you don't have prefix containing (device,partition), grub will +construct ($root)$prefix/powerpc-ieee1275/search.mod - but because $root +has just been changed, this will no longer work, and the boot will fail! + +Retain the gist of the logic, but instead of looking for a comma, look for +a leading '('. This matches the earlier code better anyway. + +There's certainly a better fix to be had. But any time you chose to build +with a bare prefix like '/grub2', you're almost certainly going to build in +search anyway, so this will do. + +Signed-off-by: Daniel Axtens +(cherry picked from commit 80b6eb5e55e6d1a4c9896361e61de31c29e6939d) +--- + grub-core/kern/main.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 2d0d2bbd4c..4c4e6912f9 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -242,14 +242,29 @@ grub_set_prefix_and_root (void) + what sorts of paths represent disks with partition tables and those + without partition tables. + +- So we act unless there is a comma in the device, which would indicate +- a partition has already been specified. ++ - Frustratingly, the device name itself can contain an embedded comma: ++ /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b ++ So we cannot even rely upon the presence of a comma to say that a ++ partition has been specified! + +- (If we only have a path, the code in normal to discover config files +- will try both without partitions and then with any partitions so we +- will cover both CDs and HDs.) ++ If we only have a path in $prefix, the code in normal to discover ++ config files will try all disks, both without partitions and then with ++ any partitions so we will cover both CDs and HDs. ++ ++ However, it doesn't then set the prefix to be something like ++ (discovered partition)/path, and so it is fragile against runtime ++ changes to $root. For example some of the stuff done in 10_linux to ++ reload $root sets root differently and then uses search to find it ++ again. If the search module is not built in, when we change root, grub ++ will look in (new root)/path/powerpc-ieee1275, that won't work, and we ++ will not be able to load the search module and the boot will fail. ++ ++ This is particularly likely to hit us in the grub-install ++ (,msdos2)/grub2 case, so we act unless the supplied prefix starts with ++ '(', which would likely indicate a partition has already been ++ specified. + */ +- if (grub_strchr (device, ',') == NULL) ++ if (prefix && prefix[0] != '(') + grub_env_set ("prefix", path); + else + #endif diff --git a/SOURCES/0230-commands-boot-Add-API-to-pass-context-to-loader.patch b/SOURCES/0230-commands-boot-Add-API-to-pass-context-to-loader.patch deleted file mode 100644 index 65aac76..0000000 --- a/SOURCES/0230-commands-boot-Add-API-to-pass-context-to-loader.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:16:02 +0100 -Subject: [PATCH] commands/boot: Add API to pass context to loader - -Loaders rely on global variables for saving context which is consumed -in the boot hook and freed in the unload hook. In the case where a loader -command is executed twice, calling grub_loader_set a second time executes -the unload hook, but in some cases this runs when the loader's global -context has already been updated, resulting in the updated context being -freed and potential use-after-free bugs when the boot hook is subsequently -called. - -This adds a new API (grub_loader_set_ex) which allows a loader to specify -context that is passed to its boot and unload hooks. This is an alternative -to requiring that loaders call grub_loader_unset before mutating their -global context. - -Signed-off-by: Chris Coulson -(cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) -(cherry picked from commit 937ad0e2159b6b8cb0d2ce3515da3a8b797c7927) ---- - grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ - include/grub/loader.h | 5 ++++ - 2 files changed, 63 insertions(+), 8 deletions(-) - -diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c -index bbca81e947..53691a62d9 100644 ---- a/grub-core/commands/boot.c -+++ b/grub-core/commands/boot.c -@@ -27,10 +27,20 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --static grub_err_t (*grub_loader_boot_func) (void); --static grub_err_t (*grub_loader_unload_func) (void); -+static grub_err_t (*grub_loader_boot_func) (void *); -+static grub_err_t (*grub_loader_unload_func) (void *); -+static void *grub_loader_context; - static int grub_loader_flags; - -+struct grub_simple_loader_hooks -+{ -+ grub_err_t (*boot) (void); -+ grub_err_t (*unload) (void); -+}; -+ -+/* Don't heap allocate this to avoid making grub_loader_set fallible. */ -+static struct grub_simple_loader_hooks simple_loader_hooks; -+ - struct grub_preboot - { - grub_err_t (*preboot_func) (int); -@@ -44,6 +54,29 @@ static int grub_loader_loaded; - static struct grub_preboot *preboots_head = 0, - *preboots_tail = 0; - -+static grub_err_t -+grub_simple_boot_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ return hooks->boot (); -+} -+ -+static grub_err_t -+grub_simple_unload_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ grub_err_t ret; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ -+ ret = hooks->unload (); -+ grub_memset (hooks, 0, sizeof (*hooks)); -+ -+ return ret; -+} -+ - int - grub_loader_is_loaded (void) - { -@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) - } - - void --grub_loader_set (grub_err_t (*boot) (void), -- grub_err_t (*unload) (void), -- int flags) -+grub_loader_set_ex (grub_err_t (*boot) (void *), -+ grub_err_t (*unload) (void *), -+ void *context, -+ int flags) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = boot; - grub_loader_unload_func = unload; -+ grub_loader_context = context; - grub_loader_flags = flags; - - grub_loader_loaded = 1; - } - -+void -+grub_loader_set (grub_err_t (*boot) (void), -+ grub_err_t (*unload) (void), -+ int flags) -+{ -+ grub_loader_set_ex (grub_simple_boot_hook, -+ grub_simple_unload_hook, -+ &simple_loader_hooks, -+ flags); -+ -+ simple_loader_hooks.boot = boot; -+ simple_loader_hooks.unload = unload; -+} -+ - void - grub_loader_unset(void) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = 0; - grub_loader_unload_func = 0; -+ grub_loader_context = 0; - - grub_loader_loaded = 0; - } -@@ -158,7 +208,7 @@ grub_loader_boot (void) - return err; - } - } -- err = (grub_loader_boot_func) (); -+ err = (grub_loader_boot_func) (grub_loader_context); - - for (cur = preboots_tail; cur; cur = cur->prev) - if (! err) -diff --git a/include/grub/loader.h b/include/grub/loader.h -index b208642821..1846fa6c5f 100644 ---- a/include/grub/loader.h -+++ b/include/grub/loader.h -@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), - grub_err_t (*unload) (void), - int flags); - -+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *), -+ grub_err_t (*unload) (void *), -+ void *context, -+ int flags); -+ - /* Unset current loader, if any. */ - void EXPORT_FUNC (grub_loader_unset) (void); - diff --git a/SOURCES/0230-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch b/SOURCES/0230-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch new file mode 100644 index 0000000..00cf0f7 --- /dev/null +++ b/SOURCES/0230-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch @@ -0,0 +1,237 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Sun, 15 Mar 2020 12:37:10 -0400 +Subject: [PATCH] ibmvtpm: Add support for trusted boot using a vTPM 2.0 + +Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 +PowerPC platform. With this patch grub now measures text and binary data +into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform +does. + +This patch requires Daniel Axtens's patches for claiming more memory. + +For vTPM support to work on PowerVM, system driver levels 1010.30 +or 1020.00 are required. + +Note: Previous versions of firmware levels with the 2hash-ext-log +API call have a bug that, once this API call is invoked, has the +effect of disabling the vTPM driver under Linux causing an error +message to be displayed in the Linux kernel log. Those users will +have to update their machines to the firmware levels mentioned +above. + +Cc: Eric Snowberg +Signed-off-by: Stefan Berger +(cherry picked from commit d3e5a8e6ecb8b87701135d97f45d27bbfbf731a2) +--- + grub-core/Makefile.core.def | 7 ++ + grub-core/commands/ieee1275/ibmvtpm.c | 152 ++++++++++++++++++++++++++++++++++ + include/grub/ieee1275/ieee1275.h | 3 + + docs/grub.texi | 3 +- + 4 files changed, 164 insertions(+), 1 deletion(-) + create mode 100644 grub-core/commands/ieee1275/ibmvtpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 97abc01f06..407d68f917 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1172,6 +1172,13 @@ module = { + enable = powerpc_ieee1275; + }; + ++module = { ++ name = tpm; ++ common = commands/tpm.c; ++ ieee1275 = commands/ieee1275/ibmvtpm.c; ++ enable = powerpc_ieee1275; ++}; ++ + module = { + name = terminal; + common = commands/terminal.c; +diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c +new file mode 100644 +index 0000000000..e68b8448bc +--- /dev/null ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -0,0 +1,152 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * Copyright (C) 2021 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * IBM vTPM support code. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static grub_ieee1275_ihandle_t tpm_ihandle; ++static grub_uint8_t tpm_version; ++ ++#define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_ihandle_t)0) ++ ++static void ++tpm_get_tpm_version (void) ++{ ++ grub_ieee1275_phandle_t vtpm; ++ char buffer[20]; ++ ++ if (!grub_ieee1275_finddevice ("/vdevice/vtpm", &vtpm) && ++ !grub_ieee1275_get_property (vtpm, "compatible", buffer, ++ sizeof (buffer), NULL) && ++ !grub_strcmp (buffer, "IBM,vtpm20")) ++ tpm_version = 2; ++} ++ ++static grub_err_t ++tpm_init (void) ++{ ++ static int init_success = 0; ++ ++ if (!init_success) ++ { ++ if (grub_ieee1275_open ("/vdevice/vtpm", &tpm_ihandle) < 0) { ++ tpm_ihandle = IEEE1275_IHANDLE_INVALID; ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++ ++ init_success = 1; ++ ++ tpm_get_tpm_version (); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static int ++ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex, ++ grub_uint32_t eventtype, ++ const char *description, ++ grub_size_t description_size, ++ void *buf, grub_size_t size) ++{ ++ struct tpm_2hash_ext_log ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t size; ++ grub_ieee1275_cell_t buf; ++ grub_ieee1275_cell_t description_size; ++ grub_ieee1275_cell_t description; ++ grub_ieee1275_cell_t eventtype; ++ grub_ieee1275_cell_t pcrindex; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t rc; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2); ++ args.method = (grub_ieee1275_cell_t) "2hash-ext-log"; ++ args.ihandle = tpm_ihandle; ++ args.pcrindex = pcrindex; ++ args.eventtype = eventtype; ++ args.description = (grub_ieee1275_cell_t) description; ++ args.description_size = description_size; ++ args.buf = (grub_ieee1275_cell_t) buf; ++ args.size = (grub_ieee1275_cell_t) size; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ return -1; ++ ++ /* ++ * catch_result is set if firmware does not support 2hash-ext-log ++ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure ++ */ ++ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE) ++ return -1; ++ ++ return 0; ++} ++ ++static grub_err_t ++tpm2_log_event (unsigned char *buf, ++ grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ static int error_displayed = 0; ++ int err; ++ ++ err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, ++ description, ++ grub_strlen(description) + 1, ++ buf, size); ++ if (err && !error_displayed) ++ { ++ error_displayed++; ++ return grub_error (GRUB_ERR_BAD_DEVICE, ++ "2HASH-EXT-LOG failed: Firmware is likely too old.\n"); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++grub_err_t ++grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ grub_err_t err = tpm_init(); ++ ++ /* Absence of a TPM isn't a failure. */ ++ if (err != GRUB_ERR_NONE) ++ return GRUB_ERR_NONE; ++ ++ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", ++ pcr, size, description); ++ ++ if (tpm_version == 2) ++ return tpm2_log_event (buf, size, pcr, description); ++ ++ return GRUB_ERR_NONE; ++} +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index e0a6c2ce1e..f4c85265fe 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -24,6 +24,9 @@ + #include + #include + ++#define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) ++#define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) ++ + struct grub_ieee1275_mem_region + { + unsigned int start; +diff --git a/docs/grub.texi b/docs/grub.texi +index a4da9c2a1b..c433240f34 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -6221,7 +6221,8 @@ tpm module is loaded. As such it is recommended that the tpm module be built + into @file{core.img} in order to avoid a potential gap in measurement between + @file{core.img} being loaded and the tpm module being loaded. + +-Measured boot is currently only supported on EFI platforms. ++Measured boot is currently only supported on EFI and IBM IEEE1275 PowerPC ++platforms. + + @node Lockdown + @section Lockdown when booting on a secure setup diff --git a/SOURCES/0231-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/SOURCES/0231-loader-efi-chainloader-Use-grub_loader_set_ex.patch deleted file mode 100644 index 9bcdda2..0000000 --- a/SOURCES/0231-loader-efi-chainloader-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:30:56 +0100 -Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex - -This ports the EFI chainloader to use grub_loader_set_ex in order to fix -a use-after-free bug that occurs when grub_cmd_chainloader is executed -more than once before a boot attempt is performed. - -Signed-off-by: Chris Coulson -(cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) -(cherry picked from commit fc1a79bf0e0bc019362ace46d908a92b48dcd55b) -[rharwood: context sludge] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/efi/chainloader.c | 38 ++++++++++++++++++++++---------------- - 1 file changed, 22 insertions(+), 16 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 0717ce0478..8ef508beca 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -48,8 +48,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_handle_t image_handle; -- - struct grub_secureboot_chainloader_context { - grub_efi_physical_address_t address; - grub_efi_uintn_t pages; -@@ -59,7 +57,6 @@ struct grub_secureboot_chainloader_context { - grub_ssize_t cmdline_len; - grub_efi_handle_t dev_handle; - }; --static struct grub_secureboot_chainloader_context *sb_context; - - static grub_err_t - grub_start_image (grub_efi_handle_t handle) -@@ -98,11 +95,14 @@ grub_start_image (grub_efi_handle_t handle) - } - - static grub_err_t --grub_chainloader_unload (void) -+grub_chainloader_unload (void *context) - { -+ grub_efi_handle_t image_handle; - grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -+ image_handle = (grub_efi_handle_t) context; -+ - loaded_image = grub_efi_get_loaded_image (image_handle); - if (loaded_image != NULL) - grub_free (loaded_image->load_options); -@@ -115,10 +115,12 @@ grub_chainloader_unload (void) - } - - static grub_err_t --grub_chainloader_boot (void) -+grub_chainloader_boot (void *context) - { -+ grub_efi_handle_t image_handle; - grub_err_t err; - -+ image_handle = (grub_efi_handle_t) context; - err = grub_start_image (image_handle); - - grub_loader_unset (); -@@ -839,15 +841,17 @@ error_exit: - } - - static grub_err_t --grub_secureboot_chainloader_unload (void) -+grub_secureboot_chainloader_unload (void *context) - { -+ struct grub_secureboot_chainloader_context *sb_context; -+ -+ sb_context = (struct grub_secureboot_chainloader_context *) context; -+ - grub_efi_free_pages (sb_context->address, sb_context->pages); - grub_free (sb_context->file_path); - grub_free (sb_context->cmdline); - grub_free (sb_context); - -- sb_context = 0; -- - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } -@@ -896,12 +900,15 @@ grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, - } - - static grub_err_t --grub_secureboot_chainloader_boot (void) -+grub_secureboot_chainloader_boot (void *context) - { -+ struct grub_secureboot_chainloader_context *sb_context; - grub_efi_boot_services_t *b; - int rc; - grub_efi_handle_t handle = 0; - -+ sb_context = (struct grub_secureboot_chainloader_context *) context; -+ - rc = handle_image (sb_context); - if (rc == 0) - { -@@ -943,6 +950,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_char16_t *cmdline = 0; - grub_ssize_t cmdline_len = 0; - grub_efi_handle_t dev_handle = 0; -+ grub_efi_handle_t image_handle = 0; -+ struct grub_secureboot_chainloader_context *sb_context = 0; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -1130,8 +1139,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (file); - grub_device_close (dev); - -- grub_loader_set (grub_secureboot_chainloader_boot, -- grub_secureboot_chainloader_unload, 0); -+ grub_loader_set_ex (grub_secureboot_chainloader_boot, -+ grub_secureboot_chainloader_unload, sb_context, 0); - return 0; - } - else if (rc == 0) -@@ -1145,7 +1154,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - grub_free (file_path); - -- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); -+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); - - return 0; - } -@@ -1173,10 +1182,7 @@ fail: - grub_free (cmdline); - - if (image_handle != 0) -- { -- efi_call_1 (b->unload_image, image_handle); -- image_handle = 0; -- } -+ efi_call_1 (b->unload_image, image_handle); - - grub_dl_unref (my_mod); - diff --git a/SOURCES/0231-make-ofdisk_retries-optional.patch b/SOURCES/0231-make-ofdisk_retries-optional.patch new file mode 100644 index 0000000..ac0bb44 --- /dev/null +++ b/SOURCES/0231-make-ofdisk_retries-optional.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 24 Mar 2022 13:14:42 -0400 +Subject: [PATCH] make ofdisk_retries optional + +The feature Retry on Fail added to GRUB can cause a LPM to take +longer if the SAN is slow. + +When a LPM to external site occur, the path of the disk can change +and thus the disk search function on grub can take some time since +it is used as a hint. This can cause the Retry on Fail feature to +try to access the disk 20x times (since this is hardcoded number) +and, if the SAN is slow, the boot time can increase a lot. +In some situations not acceptable. + +The following patch enables a configuration at user space of the +maximum number of retries we want for this feature. + +The variable ofdisk_retries should be set using grub2-editenv +and will be checked by retry function. If the variable is not set, +so the default number of retries will be used instead. + +(cherry picked from commit 4c5c7563f45a6410667ca08bcbfac4ab79d7de31) +--- + include/grub/ieee1275/ofdisk.h | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/include/grub/ieee1275/ofdisk.h b/include/grub/ieee1275/ofdisk.h +index 7d2d540930..0074d55eee 100644 +--- a/include/grub/ieee1275/ofdisk.h ++++ b/include/grub/ieee1275/ofdisk.h +@@ -25,7 +25,12 @@ extern void grub_ofdisk_fini (void); + #define MAX_RETRIES 20 + + +-#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) unsigned retry_i=0;for(retry_i=0; retry_i < MAX_RETRIES; retry_i++){ \ ++#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) \ ++ unsigned max_retries = MAX_RETRIES; \ ++ if(grub_env_get("ofdisk_retries") != NULL) \ ++ max_retries = grub_strtoul(grub_env_get("ofdisk_retries"), 0, 10)+1; \ ++ grub_dprintf("ofdisk","MAX_RETRIES set to %u\n",max_retries); \ ++ unsigned retry_i=0;for(retry_i=0; retry_i < max_retries; retry_i++){ \ + if(!grub_ieee1275_open(device, last_ihandle)) \ + break; \ + grub_dprintf("ofdisk","Opening disk %s failed. Retrying...\n",device); } diff --git a/SOURCES/0232-loader-efi-chainloader-grub_load_and_start_image-doe.patch b/SOURCES/0232-loader-efi-chainloader-grub_load_and_start_image-doe.patch new file mode 100644 index 0000000..3fcd8e4 --- /dev/null +++ b/SOURCES/0232-loader-efi-chainloader-grub_load_and_start_image-doe.patch @@ -0,0 +1,70 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 28 Apr 2022 21:53:36 +0100 +Subject: [PATCH] loader/efi/chainloader: grub_load_and_start_image doesn't + load and start + +grub_load_and_start_image only loads an image - it still requires the +caller to start it. This renames it to grub_load_image. + +It's called from 2 places: +- grub_cmd_chainloader when not using the shim protocol. +- grub_secureboot_chainloader_boot if handle_image returns an error. +In this case, the image is loaded and then nothing else happens which +seems strange. I assume the intention is that it falls back to LoadImage +and StartImage if handle_image fails, so I've made it do that. + +Signed-off-by: Chris Coulson +(cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) +(cherry picked from commit 05b16a6be50b1910609740a66b561276fa490538) +--- + grub-core/loader/efi/chainloader.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 3af6b12292..39158e679e 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -841,7 +841,7 @@ grub_secureboot_chainloader_unload (void) + } + + static grub_err_t +-grub_load_and_start_image(void *boot_image) ++grub_load_image(void *boot_image) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -883,13 +883,23 @@ grub_load_and_start_image(void *boot_image) + static grub_err_t + grub_secureboot_chainloader_boot (void) + { ++ grub_efi_boot_services_t *b; + int rc; ++ + rc = handle_image ((void *)(unsigned long)address, fsize); + if (rc == 0) + { +- grub_load_and_start_image((void *)(unsigned long)address); ++ /* We weren't able to attempt to execute the image, so fall back ++ * to LoadImage / StartImage. ++ */ ++ rc = grub_load_image((void *)(unsigned long)address); ++ if (rc == 0) ++ grub_chainloader_boot (); + } + ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ + grub_loader_unset (); + return grub_errno; + } +@@ -1094,7 +1104,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + else if (rc == 0) + { +- grub_load_and_start_image(boot_image); ++ grub_load_image(boot_image); + grub_file_close (file); + grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); diff --git a/SOURCES/0232-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch b/SOURCES/0232-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch deleted file mode 100644 index 4be2008..0000000 --- a/SOURCES/0232-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Mon, 2 May 2022 14:39:31 +0200 -Subject: [PATCH] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi - loader - -In some error paths in grub_cmd_linux, the pointer to lh may be -dereferenced after the buffer it points to has been freed. There aren't -any security implications from this because nothing else uses the -allocator after the buffer is freed and before the pointer is -dereferenced, but fix it anyway. - -Signed-off-by: Chris Coulson -(cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) -(cherry picked from commit 4744b62e20d07674017213ac54d7442d679f9d1a) ---- - grub-core/loader/i386/efi/linux.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3cf0f9b330..08c9fe6b0e 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -478,9 +478,6 @@ fail: - if (file) - grub_file_close (file); - -- if (kernel) -- grub_free (kernel); -- - if (grub_errno != GRUB_ERR_NONE) - { - grub_dl_unref (my_mod); -@@ -496,6 +493,8 @@ fail: - kernel_free (params, sizeof(*params)); - } - -+ grub_free (kernel); -+ - return grub_errno; - } - diff --git a/SOURCES/0233-loader-efi-chainloader-simplify-the-loader-state.patch b/SOURCES/0233-loader-efi-chainloader-simplify-the-loader-state.patch new file mode 100644 index 0000000..76c3d58 --- /dev/null +++ b/SOURCES/0233-loader-efi-chainloader-simplify-the-loader-state.patch @@ -0,0 +1,332 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:13:08 +0100 +Subject: [PATCH] loader/efi/chainloader: simplify the loader state + +When not using the shim lock protocol, the chainloader command retains +the source buffer and device path passed to LoadImage, requiring the +unload hook passed to grub_loader_set to free them. It isn't required +to retain this state though - they aren't required by StartImage or +anything else in the boot hook, so clean them up before +grub_cmd_chainloader finishes. + +This also wraps the loader state when using the shim lock protocol +inside a struct. + +Signed-off-by: Chris Coulson +(cherry picked from commit fa39862933b3be1553a580a3a5c28073257d8046) +(cherry picked from commit 0333343ee99c4e88f062789263c94291c057251b) +[rharwood: double-frees and uninitialized, verifying twice] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/efi/chainloader.c | 160 +++++++++++++++++++++++-------------- + 1 file changed, 102 insertions(+), 58 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 39158e679e..0717ce0478 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -48,38 +48,21 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_ssize_t fsize; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; +-static grub_ssize_t cmdline_len; +-static grub_efi_handle_t dev_handle; + +-static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); ++struct grub_secureboot_chainloader_context { ++ grub_efi_physical_address_t address; ++ grub_efi_uintn_t pages; ++ grub_ssize_t fsize; ++ grub_efi_device_path_t *file_path; ++ grub_efi_char16_t *cmdline; ++ grub_ssize_t cmdline_len; ++ grub_efi_handle_t dev_handle; ++}; ++static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t +-grub_chainloader_unload (void) +-{ +- grub_efi_boot_services_t *b; +- +- b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); +- grub_efi_free_pages (address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; +- +- grub_dl_unref (my_mod); +- return GRUB_ERR_NONE; +-} +- +-static grub_err_t +-grub_chainloader_boot (void) ++grub_start_image (grub_efi_handle_t handle) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -87,7 +70,7 @@ grub_chainloader_boot (void) + grub_efi_char16_t *exit_data = NULL; + + b = grub_efi_system_table->boot_services; +- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data); ++ status = efi_call_3 (b->start_image, handle, &exit_data_size, &exit_data); + if (status != GRUB_EFI_SUCCESS) + { + if (exit_data) +@@ -111,11 +94,37 @@ grub_chainloader_boot (void) + if (exit_data) + grub_efi_free_pool (exit_data); + +- grub_loader_unset (); +- + return grub_errno; + } + ++static grub_err_t ++grub_chainloader_unload (void) ++{ ++ grub_efi_loaded_image_t *loaded_image; ++ grub_efi_boot_services_t *b; ++ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_chainloader_boot (void) ++{ ++ grub_err_t err; ++ ++ err = grub_start_image (image_handle); ++ ++ grub_loader_unset (); ++ return err; ++} ++ + static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) +@@ -150,7 +159,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -526,10 +535,12 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) + } + + static grub_efi_boolean_t +-handle_image (void *data, grub_efi_uint32_t datasize) ++handle_image (struct grub_secureboot_chainloader_context *load_context) + { + grub_efi_loaded_image_t *li, li_bak; + grub_efi_status_t efi_status; ++ void *data = (void *)(unsigned long)load_context->address; ++ grub_efi_uint32_t datasize = load_context->fsize; + void *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i; +@@ -540,6 +551,7 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_uint32_t buffer_size; + int found_entry_point = 0; + int rc; ++ grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + rc = read_header (data, datasize, &context); + if (rc < 0) +@@ -797,10 +809,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); + li->image_base = buffer_aligned; + li->image_size = context.image_size; +- li->load_options = cmdline; +- li->load_options_size = cmdline_len; +- li->file_path = grub_efi_get_media_file_path (file_path); +- li->device_handle = dev_handle; ++ li->load_options = load_context->cmdline; ++ li->load_options_size = load_context->cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (load_context->file_path); ++ li->device_handle = load_context->dev_handle; + if (!li->file_path) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); +@@ -829,19 +841,22 @@ error_exit: + static grub_err_t + grub_secureboot_chainloader_unload (void) + { +- grub_efi_free_pages (address, pages); +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; ++ grub_efi_free_pages (sb_context->address, sb_context->pages); ++ grub_free (sb_context->file_path); ++ grub_free (sb_context->cmdline); ++ grub_free (sb_context); ++ ++ sb_context = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } + + static grub_err_t +-grub_load_image(void *boot_image) ++grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, ++ grub_efi_uintn_t image_size, grub_efi_handle_t dev_handle, ++ grub_efi_char16_t *cmdline, grub_ssize_t cmdline_len, ++ grub_efi_handle_t *image_handle_out) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -850,7 +865,7 @@ grub_load_image(void *boot_image) + b = grub_efi_system_table->boot_services; + + status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, fsize, &image_handle); ++ boot_image, image_size, image_handle_out); + if (status != GRUB_EFI_SUCCESS) + { + if (status == GRUB_EFI_OUT_OF_RESOURCES) +@@ -863,7 +878,7 @@ grub_load_image(void *boot_image) + /* LoadImage does not set a device handler when the image is + loaded from memory, so it is necessary to set it explicitly here. + This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); ++ loaded_image = grub_efi_get_loaded_image (*image_handle_out); + if (! loaded_image) + { + grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +@@ -885,20 +900,25 @@ grub_secureboot_chainloader_boot (void) + { + grub_efi_boot_services_t *b; + int rc; ++ grub_efi_handle_t handle = 0; + +- rc = handle_image ((void *)(unsigned long)address, fsize); ++ rc = handle_image (sb_context); + if (rc == 0) + { + /* We weren't able to attempt to execute the image, so fall back + * to LoadImage / StartImage. + */ +- rc = grub_load_image((void *)(unsigned long)address); ++ rc = grub_load_image(sb_context->file_path, ++ (void *)(unsigned long)sb_context->address, ++ sb_context->fsize, sb_context->dev_handle, ++ sb_context->cmdline, sb_context->cmdline_len, ++ &handle); + if (rc == 0) +- grub_chainloader_boot (); ++ grub_start_image (handle); + } + + b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); ++ efi_call_1 (b->unload_image, handle); + + grub_loader_unset (); + return grub_errno; +@@ -913,10 +933,16 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_boot_services_t *b; + grub_device_t dev = 0; + grub_device_t orig_dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = 0, *file_path = 0; + char *filename; + void *boot_image = 0; + int rc; ++ grub_efi_physical_address_t address = 0; ++ grub_ssize_t fsize; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = 0; ++ grub_ssize_t cmdline_len = 0; ++ grub_efi_handle_t dev_handle = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -924,12 +950,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- dev_handle = 0; +- + b = grub_efi_system_table->boot_services; + + if (argc > 1) +@@ -1096,17 +1116,35 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); + if (rc > 0) + { ++ sb_context = grub_malloc (sizeof (*sb_context)); ++ if (sb_context == NULL) ++ goto fail; ++ sb_context->address = address; ++ sb_context->fsize = fsize; ++ sb_context->pages = pages; ++ sb_context->file_path = file_path; ++ sb_context->cmdline = cmdline; ++ sb_context->cmdline_len = cmdline_len; ++ sb_context->dev_handle = dev_handle; ++ + grub_file_close (file); + grub_device_close (dev); ++ + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; + } + else if (rc == 0) + { +- grub_load_image(boot_image); ++ grub_load_image(file_path, boot_image, fsize, dev_handle, cmdline, ++ cmdline_len, &image_handle); + grub_file_close (file); + grub_device_close (dev); ++ ++ /* We're finished with the source image buffer and file path now */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; +@@ -1134,6 +1172,12 @@ fail: + if (cmdline) + grub_free (cmdline); + ++ if (image_handle != 0) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = 0; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; diff --git a/SOURCES/0233-loader-i386-efi-linux-Use-grub_loader_set_ex.patch b/SOURCES/0233-loader-i386-efi-linux-Use-grub_loader_set_ex.patch deleted file mode 100644 index 9f5c491..0000000 --- a/SOURCES/0233-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,298 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Mon, 2 May 2022 17:04:23 +0200 -Subject: [PATCH] loader/i386/efi/linux: Use grub_loader_set_ex - -This ports the linuxefi loader to use grub_loader_set_ex in order to fix -a use-after-fre bug that occurs when grub_cmd_linux is executed more than -once before a boot attempt is performed. - -This is more complicated than for the chainloader command, as the initrd -command needs access to the loader state. To solve this, the linuxefi -module registers a dummy initrd command at startup that returns an error. -The linuxefi command then registers a proper initrd command with a higher -priority that is passed the loader state. - -Signed-off-by: Chris Coulson -(cherry picked from commit 7cf736436b4c934df5ddfa6f44b46a7e07d99fdc) -[rharwood/pjones: set kernel_size in context] -(cherry picked from commit 9c056391f7a36ea480de9a759c12e55a90f2040a) -[rharwood: verifying twice] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/i386/efi/linux.c | 146 +++++++++++++++++++++++--------------- - 1 file changed, 87 insertions(+), 59 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 08c9fe6b0e..9e25e51ccf 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -35,13 +35,19 @@ - GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; --static int loaded; --static void *kernel_mem; --static grub_uint64_t kernel_size; --static void *initrd_mem; --static grub_uint32_t handover_offset; --struct linux_kernel_params *params; --static char *linux_cmdline; -+ -+static grub_command_t cmd_linux, cmd_initrd; -+static grub_command_t cmd_linuxefi, cmd_initrdefi; -+ -+struct grub_linuxefi_context { -+ void *kernel_mem; -+ grub_uint64_t kernel_size; -+ grub_uint32_t handover_offset; -+ struct linux_kernel_params *params; -+ char *cmdline; -+ -+ void *initrd_mem; -+}; - - #define MIN(a, b) \ - ({ typeof (a) _a = (a); \ -@@ -124,25 +130,32 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - } - - static grub_err_t --grub_linuxefi_boot (void) -+grub_linuxefi_boot (void *data) - { -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; -+ - asm volatile ("cli"); - -- return grub_efi_linux_boot ((char *)kernel_mem, -- handover_offset, -- params); -+ return grub_efi_linux_boot ((char *)context->kernel_mem, -+ context->handover_offset, -+ context->params); - } - - static grub_err_t --grub_linuxefi_unload (void) -+grub_linuxefi_unload (void *data) - { -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; -+ struct linux_kernel_params *params = context->params; -+ - grub_dl_unref (my_mod); -- loaded = 0; - -- kernel_free(initrd_mem, params->ramdisk_size); -- kernel_free(linux_cmdline, params->cmdline_size + 1); -- kernel_free(kernel_mem, kernel_size); -- kernel_free(params, sizeof(*params)); -+ kernel_free (context->initrd_mem, params->ramdisk_size); -+ kernel_free (context->cmdline, params->cmdline_size + 1); -+ kernel_free (context->kernel_mem, context->kernel_size); -+ kernel_free (params, sizeof(*params)); -+ cmd_initrd->data = 0; -+ cmd_initrdefi->data = 0; -+ grub_free (context); - - return GRUB_ERR_NONE; - } -@@ -189,13 +202,14 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) - #define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) - - static grub_err_t --grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), -- int argc, char *argv[]) -+grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - { - grub_file_t *files = 0; - int i, nfiles = 0; - grub_size_t size = 0; - grub_uint8_t *ptr; -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; -+ struct linux_kernel_params *params; - - if (argc == 0) - { -@@ -203,12 +217,14 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- if (!loaded) -+ if (!context) - { - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); - goto fail; - } - -+ params = context->params; -+ - files = grub_calloc (argc, sizeof (files[0])); - if (!files) - goto fail; -@@ -226,19 +242,19 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - } - } - -- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -- if (initrd_mem == NULL) -+ context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ if (context->initrd_mem == NULL) - goto fail; -- grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); -+ grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); - - params->ramdisk_size = LOW_U32(size); -- params->ramdisk_image = LOW_U32(initrd_mem); -+ params->ramdisk_image = LOW_U32(context->initrd_mem); - #if defined(__x86_64__) - params->ext_ramdisk_size = HIGH_U32(size); -- params->ext_ramdisk_image = HIGH_U32(initrd_mem); -+ params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); - #endif - -- ptr = initrd_mem; -+ ptr = context->initrd_mem; - - for (i = 0; i < nfiles; i++) - { -@@ -262,8 +278,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (files[i]); - grub_free (files); - -- if (initrd_mem && grub_errno) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, -+ if (context->initrd_mem && grub_errno) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, - BYTES_TO_PAGES(size)); - - return grub_errno; -@@ -279,6 +295,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - void *kernel = NULL; - int setup_header_end_offset; - int rc; -+ void *kernel_mem = 0; -+ grub_uint64_t kernel_size = 0; -+ grub_uint32_t handover_offset; -+ struct linux_kernel_params *params = 0; -+ char *cmdline = 0; -+ struct grub_linuxefi_context *context = 0; - - grub_dl_ref (my_mod); - -@@ -403,27 +425,27 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -- if (!linux_cmdline) -+ cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -+ if (!cmdline) - goto fail; -- grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); -+ grub_dprintf ("linux", "cmdline = %p\n", cmdline); - -- grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); -+ grub_memcpy (cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - grub_create_loader_cmdline (argc, argv, -- linux_cmdline + sizeof (LINUX_IMAGE) - 1, -+ cmdline + sizeof (LINUX_IMAGE) - 1, - lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), - GRUB_VERIFY_KERNEL_CMDLINE); - -- grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); -+ grub_dprintf ("linux", "cmdline:%s\n", cmdline); - grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", -- LOW_U32(linux_cmdline)); -- lh->cmd_line_ptr = LOW_U32(linux_cmdline); -+ LOW_U32(cmdline)); -+ lh->cmd_line_ptr = LOW_U32(cmdline); - #if defined(__x86_64__) -- if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) -+ if ((grub_efi_uintn_t)cmdline > 0xffffffffull) - { - grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", -- HIGH_U32(linux_cmdline)); -- params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); -+ HIGH_U32(cmdline)); -+ params->ext_cmd_line_ptr = HIGH_U32(cmdline); - } - #endif - -@@ -448,16 +470,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -- kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); -+ kernel_size = lh->init_size; -+ kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) - goto fail; - grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); - -- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -- -- loaded = 1; -- - grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", - LOW_U32(kernel_mem)); - lh->code32_start = LOW_U32(kernel_mem); -@@ -474,33 +493,42 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", - params->ext_loader_type, params->ext_loader_ver); - -+ context = grub_zalloc (sizeof (*context)); -+ if (!context) -+ goto fail; -+ context->kernel_mem = kernel_mem; -+ context->kernel_size = kernel_size; -+ context->handover_offset = handover_offset; -+ context->params = params; -+ context->cmdline = cmdline; -+ -+ grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); -+ -+ cmd_initrd->data = context; -+ cmd_initrdefi->data = context; -+ -+ grub_file_close (file); -+ grub_free (kernel); -+ return 0; -+ - fail: - if (file) - grub_file_close (file); - -- if (grub_errno != GRUB_ERR_NONE) -- { -- grub_dl_unref (my_mod); -- loaded = 0; -- } -+ grub_dl_unref (my_mod); - -- if (!loaded) -- { -- if (lh) -- kernel_free (linux_cmdline, lh->cmdline_size + 1); -+ if (lh) -+ kernel_free (cmdline, lh->cmdline_size + 1); - -- kernel_free (kernel_mem, kernel_size); -- kernel_free (params, sizeof(*params)); -- } -+ kernel_free (kernel_mem, kernel_size); -+ kernel_free (params, sizeof(*params)); - -+ grub_free (context); - grub_free (kernel); - - return grub_errno; - } - --static grub_command_t cmd_linux, cmd_initrd; --static grub_command_t cmd_linuxefi, cmd_initrdefi; -- - GRUB_MOD_INIT(linux) - { - cmd_linux = diff --git a/SOURCES/0234-commands-boot-Add-API-to-pass-context-to-loader.patch b/SOURCES/0234-commands-boot-Add-API-to-pass-context-to-loader.patch new file mode 100644 index 0000000..65aac76 --- /dev/null +++ b/SOURCES/0234-commands-boot-Add-API-to-pass-context-to-loader.patch @@ -0,0 +1,159 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:16:02 +0100 +Subject: [PATCH] commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API (grub_loader_set_ex) which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset before mutating their +global context. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) +(cherry picked from commit 937ad0e2159b6b8cb0d2ce3515da3a8b797c7927) +--- + grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ + include/grub/loader.h | 5 ++++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e947..53691a62d9 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *); ++static grub_err_t (*grub_loader_unload_func) (void *); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b208642821..1846fa6c5f 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + diff --git a/SOURCES/0234-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch b/SOURCES/0234-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch deleted file mode 100644 index fe329e6..0000000 --- a/SOURCES/0234-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 3 May 2022 09:47:35 +0200 -Subject: [PATCH] loader/i386/efi/linux: Fix a memory leak in the initrd - command - -Subsequent invocations of the initrd command result in the previous -initrd being leaked, so fix that. - -Signed-off-by: Chris Coulson -(cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) -(cherry picked from commit 62234d6a00e6d1dd8e017ff161d359feb5234082) ---- - grub-core/loader/i386/efi/linux.c | 21 ++++++++++++--------- - 1 file changed, 12 insertions(+), 9 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 9e25e51ccf..d24553a79d 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -210,6 +210,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - grub_uint8_t *ptr; - struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; - struct linux_kernel_params *params; -+ void *initrd_mem = 0; - - if (argc == 0) - { -@@ -242,19 +243,19 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - } - -- context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -- if (context->initrd_mem == NULL) -+ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ if (initrd_mem == NULL) - goto fail; -- grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); -+ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); - - params->ramdisk_size = LOW_U32(size); -- params->ramdisk_image = LOW_U32(context->initrd_mem); -+ params->ramdisk_image = LOW_U32(initrd_mem); - #if defined(__x86_64__) - params->ext_ramdisk_size = HIGH_U32(size); -- params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); -+ params->ext_ramdisk_image = HIGH_U32(initrd_mem); - #endif - -- ptr = context->initrd_mem; -+ ptr = initrd_mem; - - for (i = 0; i < nfiles; i++) - { -@@ -271,6 +272,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - ptr += ALIGN_UP_OVERHEAD (cursize, 4); - } - -+ kernel_free(context->initrd_mem, params->ramdisk_size); -+ -+ context->initrd_mem = initrd_mem; - params->ramdisk_size = size; - - fail: -@@ -278,9 +282,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - grub_file_close (files[i]); - grub_free (files); - -- if (context->initrd_mem && grub_errno) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, -- BYTES_TO_PAGES(size)); -+ if (initrd_mem && grub_errno) -+ kernel_free (initrd_mem, size); - - return grub_errno; - } diff --git a/SOURCES/0235-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/SOURCES/0235-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch deleted file mode 100644 index 716d1f1..0000000 --- a/SOURCES/0235-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode -Date: Thu, 2 Dec 2021 15:03:53 +0100 -Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock - verifier - -We must not allow other verifiers to pass things like the GRUB modules. -Instead of maintaining a blocklist, maintain an allowlist of things -that we do not care about. - -This allowlist really should be made reusable, and shared by the -lockdown verifier, but this is the minimal patch addressing -security concerns where the TPM verifier was able to mark modules -as verified (or the OpenPGP verifier for that matter), when it -should not do so on shim-powered secure boot systems. - -Fixes: CVE-2022-28735 - -Signed-off-by: Julian Andres Klode -Reviewed-by: Daniel Kiper -(cherry picked from commit fa61ad69861c1cb3f68bf853d78fae7fd93986a0) -(cherry picked from commit f418191e01b38a635319a26925cf345523d4440c) ---- - grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- - include/grub/verify.h | 1 + - 2 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index c52ec6226a..89c4bb3fd1 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - void **context __attribute__ ((unused)), - enum grub_verify_flags *flags) - { -- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ *flags = GRUB_VERIFY_FLAGS_NONE; - - switch (type & GRUB_FILE_TYPE_MASK) - { -+ /* Files we check. */ - case GRUB_FILE_TYPE_LINUX_KERNEL: - case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: - case GRUB_FILE_TYPE_BSD_KERNEL: -@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - case GRUB_FILE_TYPE_PLAN9_KERNEL: - case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ return GRUB_ERR_NONE; - -- /* Fall through. */ -+ /* Files that do not affect secureboot state. */ -+ case GRUB_FILE_TYPE_NONE: -+ case GRUB_FILE_TYPE_LOOPBACK: -+ case GRUB_FILE_TYPE_LINUX_INITRD: -+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: -+ case GRUB_FILE_TYPE_XNU_RAMDISK: -+ case GRUB_FILE_TYPE_SIGNATURE: -+ case GRUB_FILE_TYPE_PUBLIC_KEY: -+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: -+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: -+ case GRUB_FILE_TYPE_TESTLOAD: -+ case GRUB_FILE_TYPE_GET_SIZE: -+ case GRUB_FILE_TYPE_FONT: -+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: -+ case GRUB_FILE_TYPE_CAT: -+ case GRUB_FILE_TYPE_HEXCAT: -+ case GRUB_FILE_TYPE_CMP: -+ case GRUB_FILE_TYPE_HASHLIST: -+ case GRUB_FILE_TYPE_TO_HASH: -+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: -+ case GRUB_FILE_TYPE_PIXMAP: -+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: -+ case GRUB_FILE_TYPE_CONFIG: -+ case GRUB_FILE_TYPE_THEME: -+ case GRUB_FILE_TYPE_GETTEXT_CATALOG: -+ case GRUB_FILE_TYPE_FS_SEARCH: -+ case GRUB_FILE_TYPE_LOADENV: -+ case GRUB_FILE_TYPE_SAVEENV: -+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; - -+ /* Other files. */ - default: -- return GRUB_ERR_NONE; -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); - } - } - -diff --git a/include/grub/verify.h b/include/grub/verify.h -index cd129c398f..672ae16924 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h -@@ -24,6 +24,7 @@ - - enum grub_verify_flags - { -+ GRUB_VERIFY_FLAGS_NONE = 0, - GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, - GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, - /* Defer verification to another authority. */ diff --git a/SOURCES/0235-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/SOURCES/0235-loader-efi-chainloader-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000..6a41992 --- /dev/null +++ b/SOURCES/0235-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -0,0 +1,148 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:30:56 +0100 +Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex + +This ports the EFI chainloader to use grub_loader_set_ex in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader is executed +more than once before a boot attempt is performed. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) +(cherry picked from commit fc1a79bf0e0bc019362ace46d908a92b48dcd55b) +[rharwood: context sludge from previous commit] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/efi/chainloader.c | 38 ++++++++++++++++++++++---------------- + 1 file changed, 22 insertions(+), 16 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 0717ce0478..8ef508beca 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -48,8 +48,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + struct grub_secureboot_chainloader_context { + grub_efi_physical_address_t address; + grub_efi_uintn_t pages; +@@ -59,7 +57,6 @@ struct grub_secureboot_chainloader_context { + grub_ssize_t cmdline_len; + grub_efi_handle_t dev_handle; + }; +-static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t + grub_start_image (grub_efi_handle_t handle) +@@ -98,11 +95,14 @@ grub_start_image (grub_efi_handle_t handle) + } + + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ image_handle = (grub_efi_handle_t) context; ++ + loaded_image = grub_efi_get_loaded_image (image_handle); + if (loaded_image != NULL) + grub_free (loaded_image->load_options); +@@ -115,10 +115,12 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle; + grub_err_t err; + ++ image_handle = (grub_efi_handle_t) context; + err = grub_start_image (image_handle); + + grub_loader_unset (); +@@ -839,15 +841,17 @@ error_exit: + } + + static grub_err_t +-grub_secureboot_chainloader_unload (void) ++grub_secureboot_chainloader_unload (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; ++ ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + grub_efi_free_pages (sb_context->address, sb_context->pages); + grub_free (sb_context->file_path); + grub_free (sb_context->cmdline); + grub_free (sb_context); + +- sb_context = 0; +- + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } +@@ -896,12 +900,15 @@ grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, + } + + static grub_err_t +-grub_secureboot_chainloader_boot (void) ++grub_secureboot_chainloader_boot (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; + grub_efi_boot_services_t *b; + int rc; + grub_efi_handle_t handle = 0; + ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + rc = handle_image (sb_context); + if (rc == 0) + { +@@ -943,6 +950,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_char16_t *cmdline = 0; + grub_ssize_t cmdline_len = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_handle_t image_handle = 0; ++ struct grub_secureboot_chainloader_context *sb_context = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -1130,8 +1139,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (file); + grub_device_close (dev); + +- grub_loader_set (grub_secureboot_chainloader_boot, +- grub_secureboot_chainloader_unload, 0); ++ grub_loader_set_ex (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, sb_context, 0); + return 0; + } + else if (rc == 0) +@@ -1145,7 +1154,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + + return 0; + } +@@ -1173,10 +1182,7 @@ fail: + grub_free (cmdline); + + if (image_handle != 0) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = 0; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + diff --git a/SOURCES/0236-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/SOURCES/0236-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch deleted file mode 100644 index f75512c..0000000 --- a/SOURCES/0236-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 25 Jun 2021 02:19:05 +1000 -Subject: [PATCH] kern/file: Do not leak device_name on error in - grub_file_open() - -If we have an error in grub_file_open() before we free device_name, we -will leak it. - -Free device_name in the error path and null out the pointer in the good -path once we free it there. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea) -(cherry picked from commit 2ec50b289d8b24922433439533113087f111f110) ---- - grub-core/kern/file.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index e19aea3e51..ed69fc0f0f 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -81,6 +81,7 @@ grub_file_open (const char *name, enum grub_file_type type) - - device = grub_device_open (device_name); - grub_free (device_name); -+ device_name = NULL; - if (! device) - goto fail; - -@@ -135,6 +136,7 @@ grub_file_open (const char *name, enum grub_file_type type) - return file; - - fail: -+ grub_free (device_name); - if (device) - grub_device_close (device); - diff --git a/SOURCES/0236-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch b/SOURCES/0236-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch new file mode 100644 index 0000000..4be2008 --- /dev/null +++ b/SOURCES/0236-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Mon, 2 May 2022 14:39:31 +0200 +Subject: [PATCH] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi + loader + +In some error paths in grub_cmd_linux, the pointer to lh may be +dereferenced after the buffer it points to has been freed. There aren't +any security implications from this because nothing else uses the +allocator after the buffer is freed and before the pointer is +dereferenced, but fix it anyway. + +Signed-off-by: Chris Coulson +(cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) +(cherry picked from commit 4744b62e20d07674017213ac54d7442d679f9d1a) +--- + grub-core/loader/i386/efi/linux.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 3cf0f9b330..08c9fe6b0e 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -478,9 +478,6 @@ fail: + if (file) + grub_file_close (file); + +- if (kernel) +- grub_free (kernel); +- + if (grub_errno != GRUB_ERR_NONE) + { + grub_dl_unref (my_mod); +@@ -496,6 +493,8 @@ fail: + kernel_free (params, sizeof(*params)); + } + ++ grub_free (kernel); ++ + return grub_errno; + } + diff --git a/SOURCES/0237-loader-i386-efi-linux-Use-grub_loader_set_ex.patch b/SOURCES/0237-loader-i386-efi-linux-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000..9f5c491 --- /dev/null +++ b/SOURCES/0237-loader-i386-efi-linux-Use-grub_loader_set_ex.patch @@ -0,0 +1,298 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Mon, 2 May 2022 17:04:23 +0200 +Subject: [PATCH] loader/i386/efi/linux: Use grub_loader_set_ex + +This ports the linuxefi loader to use grub_loader_set_ex in order to fix +a use-after-fre bug that occurs when grub_cmd_linux is executed more than +once before a boot attempt is performed. + +This is more complicated than for the chainloader command, as the initrd +command needs access to the loader state. To solve this, the linuxefi +module registers a dummy initrd command at startup that returns an error. +The linuxefi command then registers a proper initrd command with a higher +priority that is passed the loader state. + +Signed-off-by: Chris Coulson +(cherry picked from commit 7cf736436b4c934df5ddfa6f44b46a7e07d99fdc) +[rharwood/pjones: set kernel_size in context] +(cherry picked from commit 9c056391f7a36ea480de9a759c12e55a90f2040a) +[rharwood: verifying twice] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/i386/efi/linux.c | 146 +++++++++++++++++++++++--------------- + 1 file changed, 87 insertions(+), 59 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 08c9fe6b0e..9e25e51ccf 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -35,13 +35,19 @@ + GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; +-static int loaded; +-static void *kernel_mem; +-static grub_uint64_t kernel_size; +-static void *initrd_mem; +-static grub_uint32_t handover_offset; +-struct linux_kernel_params *params; +-static char *linux_cmdline; ++ ++static grub_command_t cmd_linux, cmd_initrd; ++static grub_command_t cmd_linuxefi, cmd_initrdefi; ++ ++struct grub_linuxefi_context { ++ void *kernel_mem; ++ grub_uint64_t kernel_size; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params; ++ char *cmdline; ++ ++ void *initrd_mem; ++}; + + #define MIN(a, b) \ + ({ typeof (a) _a = (a); \ +@@ -124,25 +130,32 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) + } + + static grub_err_t +-grub_linuxefi_boot (void) ++grub_linuxefi_boot (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)kernel_mem, +- handover_offset, +- params); ++ return grub_efi_linux_boot ((char *)context->kernel_mem, ++ context->handover_offset, ++ context->params); + } + + static grub_err_t +-grub_linuxefi_unload (void) ++grub_linuxefi_unload (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ struct linux_kernel_params *params = context->params; ++ + grub_dl_unref (my_mod); +- loaded = 0; + +- kernel_free(initrd_mem, params->ramdisk_size); +- kernel_free(linux_cmdline, params->cmdline_size + 1); +- kernel_free(kernel_mem, kernel_size); +- kernel_free(params, sizeof(*params)); ++ kernel_free (context->initrd_mem, params->ramdisk_size); ++ kernel_free (context->cmdline, params->cmdline_size + 1); ++ kernel_free (context->kernel_mem, context->kernel_size); ++ kernel_free (params, sizeof(*params)); ++ cmd_initrd->data = 0; ++ cmd_initrdefi->data = 0; ++ grub_free (context); + + return GRUB_ERR_NONE; + } +@@ -189,13 +202,14 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) + #define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) + + static grub_err_t +-grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +- int argc, char *argv[]) ++grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + { + grub_file_t *files = 0; + int i, nfiles = 0; + grub_size_t size = 0; + grub_uint8_t *ptr; ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; ++ struct linux_kernel_params *params; + + if (argc == 0) + { +@@ -203,12 +217,14 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- if (!loaded) ++ if (!context) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); + goto fail; + } + ++ params = context->params; ++ + files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; +@@ -226,19 +242,19 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + } + } + +- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); +- if (initrd_mem == NULL) ++ context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ if (context->initrd_mem == NULL) + goto fail; +- grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); ++ grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); + + params->ramdisk_size = LOW_U32(size); +- params->ramdisk_image = LOW_U32(initrd_mem); ++ params->ramdisk_image = LOW_U32(context->initrd_mem); + #if defined(__x86_64__) + params->ext_ramdisk_size = HIGH_U32(size); +- params->ext_ramdisk_image = HIGH_U32(initrd_mem); ++ params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); + #endif + +- ptr = initrd_mem; ++ ptr = context->initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -262,8 +278,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (files[i]); + grub_free (files); + +- if (initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ if (context->initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, + BYTES_TO_PAGES(size)); + + return grub_errno; +@@ -279,6 +295,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + void *kernel = NULL; + int setup_header_end_offset; + int rc; ++ void *kernel_mem = 0; ++ grub_uint64_t kernel_size = 0; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params = 0; ++ char *cmdline = 0; ++ struct grub_linuxefi_context *context = 0; + + grub_dl_ref (my_mod); + +@@ -403,27 +425,27 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); +- if (!linux_cmdline) ++ cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); ++ if (!cmdline) + goto fail; +- grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); ++ grub_dprintf ("linux", "cmdline = %p\n", cmdline); + +- grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); ++ grub_memcpy (cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, +- linux_cmdline + sizeof (LINUX_IMAGE) - 1, ++ cmdline + sizeof (LINUX_IMAGE) - 1, + lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), + GRUB_VERIFY_KERNEL_CMDLINE); + +- grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); ++ grub_dprintf ("linux", "cmdline:%s\n", cmdline); + grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", +- LOW_U32(linux_cmdline)); +- lh->cmd_line_ptr = LOW_U32(linux_cmdline); ++ LOW_U32(cmdline)); ++ lh->cmd_line_ptr = LOW_U32(cmdline); + #if defined(__x86_64__) +- if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) ++ if ((grub_efi_uintn_t)cmdline > 0xffffffffull) + { + grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", +- HIGH_U32(linux_cmdline)); +- params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); ++ HIGH_U32(cmdline)); ++ params->ext_cmd_line_ptr = HIGH_U32(cmdline); + } + #endif + +@@ -448,16 +470,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; +- kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); ++ kernel_size = lh->init_size; ++ kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) + goto fail; + grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); + +- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +- +- loaded = 1; +- + grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", + LOW_U32(kernel_mem)); + lh->code32_start = LOW_U32(kernel_mem); +@@ -474,33 +493,42 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", + params->ext_loader_type, params->ext_loader_ver); + ++ context = grub_zalloc (sizeof (*context)); ++ if (!context) ++ goto fail; ++ context->kernel_mem = kernel_mem; ++ context->kernel_size = kernel_size; ++ context->handover_offset = handover_offset; ++ context->params = params; ++ context->cmdline = cmdline; ++ ++ grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); ++ ++ cmd_initrd->data = context; ++ cmd_initrdefi->data = context; ++ ++ grub_file_close (file); ++ grub_free (kernel); ++ return 0; ++ + fail: + if (file) + grub_file_close (file); + +- if (grub_errno != GRUB_ERR_NONE) +- { +- grub_dl_unref (my_mod); +- loaded = 0; +- } ++ grub_dl_unref (my_mod); + +- if (!loaded) +- { +- if (lh) +- kernel_free (linux_cmdline, lh->cmdline_size + 1); ++ if (lh) ++ kernel_free (cmdline, lh->cmdline_size + 1); + +- kernel_free (kernel_mem, kernel_size); +- kernel_free (params, sizeof(*params)); +- } ++ kernel_free (kernel_mem, kernel_size); ++ kernel_free (params, sizeof(*params)); + ++ grub_free (context); + grub_free (kernel); + + return grub_errno; + } + +-static grub_command_t cmd_linux, cmd_initrd; +-static grub_command_t cmd_linuxefi, cmd_initrdefi; +- + GRUB_MOD_INIT(linux) + { + cmd_linux = diff --git a/SOURCES/0237-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/SOURCES/0237-video-readers-png-Abort-sooner-if-a-read-operation-f.patch deleted file mode 100644 index 870f462..0000000 --- a/SOURCES/0237-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:02:55 +1000 -Subject: [PATCH] video/readers/png: Abort sooner if a read operation fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 882be97d1df6449b9fd4d593f0cb70005fde3494) -(cherry picked from commit 3f6fc3ebfd58fcdb3fe6c2f7a5a4fa05772ae786) ---- - grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- - 1 file changed, 47 insertions(+), 8 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 0157ff7420..e2a6b1cf3c 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -142,6 +142,7 @@ static grub_uint8_t - grub_png_get_byte (struct grub_png_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read = 0; - - if ((data->inside_idat) && (data->idat_remain == 0)) - { -@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) - } - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: unexpected end of data"); -+ return 0; -+ } - - if (data->inside_idat) - data->idat_remain--; -@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, - if (len == 0) - return GRUB_ERR_NONE; - -- for (i = 0; 3 * i < len && i < 256; i++) -+ grub_errno = GRUB_ERR_NONE; -+ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) - for (j = 0; j < 3; j++) - data->palette[i][j] = grub_png_get_byte (data); -- for (i *= 3; i < len; i++) -+ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_get_byte (data); - - grub_png_get_dword (data); - -- return GRUB_ERR_NONE; -+ return grub_errno; - } - - static grub_err_t -@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); - - color_bits = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - data->is_16bit = (color_bits == 16); - - color_type = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* According to PNG spec, no other types are valid. */ - if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) -@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) - if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: compression method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: filter method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: interlace method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* Skip crc checksum. */ - grub_png_get_dword (data); -@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) - int code, i; - - code = 0; -- for (i = 0; i < ht->max_length; i++) -+ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) - { - code = (code << 1) + grub_png_get_bits (data, 1); - if (code < ht->maxval[i]) -@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - grub_uint8_t lens[DEFLATE_HCLEN_MAX]; - - nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || - (nb > DEFLATE_HCLEN_MAX)) -@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - data->dist_offset); - - prev = 0; -- for (i = 0; i < nl + nd; i++) -+ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) - { - int n, code; - struct huff_table *ht; -@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - pos = data->wp - dist; - if (pos < 0) - pos += WSIZE; - -- while (len > 0) -+ while (len > 0 && grub_errno == GRUB_ERR_NONE) - { - data->slide[data->wp] = data->slide[pos]; - grub_png_output_byte (data, data->slide[data->wp]); -@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int final; - - cmf = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - flg = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((cmf & 0xF) != Z_DEFLATED) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, -@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int block_type; - - final = grub_png_get_bits (data, 1); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - block_type = grub_png_get_bits (data, 2); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - switch (block_type) - { -@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) - grub_png_get_byte (data); - grub_png_get_byte (data); - -- for (i = 0; i < len; i++) -+ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_output_byte (data, grub_png_get_byte (data)); - - break; -@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) - - len = grub_png_get_dword (data); - type = grub_png_get_dword (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ break; - data->next_offset = data->file->offset + len + 4; - - switch (type) diff --git a/SOURCES/0238-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch b/SOURCES/0238-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch new file mode 100644 index 0000000..fe329e6 --- /dev/null +++ b/SOURCES/0238-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 3 May 2022 09:47:35 +0200 +Subject: [PATCH] loader/i386/efi/linux: Fix a memory leak in the initrd + command + +Subsequent invocations of the initrd command result in the previous +initrd being leaked, so fix that. + +Signed-off-by: Chris Coulson +(cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) +(cherry picked from commit 62234d6a00e6d1dd8e017ff161d359feb5234082) +--- + grub-core/loader/i386/efi/linux.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 9e25e51ccf..d24553a79d 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -210,6 +210,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_uint8_t *ptr; + struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; + struct linux_kernel_params *params; ++ void *initrd_mem = 0; + + if (argc == 0) + { +@@ -242,19 +243,19 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); +- if (context->initrd_mem == NULL) ++ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ if (initrd_mem == NULL) + goto fail; +- grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); ++ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); + + params->ramdisk_size = LOW_U32(size); +- params->ramdisk_image = LOW_U32(context->initrd_mem); ++ params->ramdisk_image = LOW_U32(initrd_mem); + #if defined(__x86_64__) + params->ext_ramdisk_size = HIGH_U32(size); +- params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); ++ params->ext_ramdisk_image = HIGH_U32(initrd_mem); + #endif + +- ptr = context->initrd_mem; ++ ptr = initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -271,6 +272,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + ptr += ALIGN_UP_OVERHEAD (cursize, 4); + } + ++ kernel_free(context->initrd_mem, params->ramdisk_size); ++ ++ context->initrd_mem = initrd_mem; + params->ramdisk_size = size; + + fail: +@@ -278,9 +282,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_file_close (files[i]); + grub_free (files); + +- if (context->initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, +- BYTES_TO_PAGES(size)); ++ if (initrd_mem && grub_errno) ++ kernel_free (initrd_mem, size); + + return grub_errno; + } diff --git a/SOURCES/0238-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/SOURCES/0238-video-readers-png-Refuse-to-handle-multiple-image-he.patch deleted file mode 100644 index 52832da..0000000 --- a/SOURCES/0238-video-readers-png-Refuse-to-handle-multiple-image-he.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:13:40 +1000 -Subject: [PATCH] video/readers/png: Refuse to handle multiple image headers - -This causes the bitmap to be leaked. Do not permit multiple image headers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 8ce433557adeadbc46429aabb9f850b02ad2bdfb) -(cherry picked from commit 6e10bba6a4cbfd6c7bf116f41fd4e037465e19d8) ---- - grub-core/video/readers/png.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index e2a6b1cf3c..8955b8ecfd 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) - int color_bits; - enum grub_video_blit_format blt; - -+ if (data->image_width || data->image_height) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); -+ - data->image_width = grub_png_get_dword (data); - data->image_height = grub_png_get_dword (data); - diff --git a/SOURCES/0239-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/SOURCES/0239-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch new file mode 100644 index 0000000..716d1f1 --- /dev/null +++ b/SOURCES/0239-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch @@ -0,0 +1,102 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Thu, 2 Dec 2021 15:03:53 +0100 +Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock + verifier + +We must not allow other verifiers to pass things like the GRUB modules. +Instead of maintaining a blocklist, maintain an allowlist of things +that we do not care about. + +This allowlist really should be made reusable, and shared by the +lockdown verifier, but this is the minimal patch addressing +security concerns where the TPM verifier was able to mark modules +as verified (or the OpenPGP verifier for that matter), when it +should not do so on shim-powered secure boot systems. + +Fixes: CVE-2022-28735 + +Signed-off-by: Julian Andres Klode +Reviewed-by: Daniel Kiper +(cherry picked from commit fa61ad69861c1cb3f68bf853d78fae7fd93986a0) +(cherry picked from commit f418191e01b38a635319a26925cf345523d4440c) +--- + grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- + include/grub/verify.h | 1 + + 2 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index c52ec6226a..89c4bb3fd1 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + void **context __attribute__ ((unused)), + enum grub_verify_flags *flags) + { +- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ *flags = GRUB_VERIFY_FLAGS_NONE; + + switch (type & GRUB_FILE_TYPE_MASK) + { ++ /* Files we check. */ + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: + case GRUB_FILE_TYPE_BSD_KERNEL: +@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + case GRUB_FILE_TYPE_PLAN9_KERNEL: + case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: + *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; + +- /* Fall through. */ ++ /* Files that do not affect secureboot state. */ ++ case GRUB_FILE_TYPE_NONE: ++ case GRUB_FILE_TYPE_LOOPBACK: ++ case GRUB_FILE_TYPE_LINUX_INITRD: ++ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: ++ case GRUB_FILE_TYPE_XNU_RAMDISK: ++ case GRUB_FILE_TYPE_SIGNATURE: ++ case GRUB_FILE_TYPE_PUBLIC_KEY: ++ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: ++ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: ++ case GRUB_FILE_TYPE_TESTLOAD: ++ case GRUB_FILE_TYPE_GET_SIZE: ++ case GRUB_FILE_TYPE_FONT: ++ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: ++ case GRUB_FILE_TYPE_CAT: ++ case GRUB_FILE_TYPE_HEXCAT: ++ case GRUB_FILE_TYPE_CMP: ++ case GRUB_FILE_TYPE_HASHLIST: ++ case GRUB_FILE_TYPE_TO_HASH: ++ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: ++ case GRUB_FILE_TYPE_PIXMAP: ++ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: ++ case GRUB_FILE_TYPE_CONFIG: ++ case GRUB_FILE_TYPE_THEME: ++ case GRUB_FILE_TYPE_GETTEXT_CATALOG: ++ case GRUB_FILE_TYPE_FS_SEARCH: ++ case GRUB_FILE_TYPE_LOADENV: ++ case GRUB_FILE_TYPE_SAVEENV: ++ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; + ++ /* Other files. */ + default: +- return GRUB_ERR_NONE; ++ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); + } + } + +diff --git a/include/grub/verify.h b/include/grub/verify.h +index cd129c398f..672ae16924 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -24,6 +24,7 @@ + + enum grub_verify_flags + { ++ GRUB_VERIFY_FLAGS_NONE = 0, + GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, + GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, + /* Defer verification to another authority. */ diff --git a/SOURCES/0239-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/SOURCES/0239-video-readers-png-Drop-greyscale-support-to-fix-heap.patch deleted file mode 100644 index c639780..0000000 --- a/SOURCES/0239-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 18:51:35 +1000 -Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap - out-of-bounds write - -A 16-bit greyscale PNG without alpha is processed in the following loop: - - for (i = 0; i < (data->image_width * data->image_height); - i++, d1 += 4, d2 += 2) - { - d1[R3] = d2[1]; - d1[G3] = d2[1]; - d1[B3] = d2[1]; - } - -The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, -but there are only 3 bytes allocated for storage. This means that image -data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes -out of every 4 following the end of the image. - -This has existed since greyscale support was added in 2013 in commit -3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). - -Saving starfield.png as a 16-bit greyscale image without alpha in the gimp -and attempting to load it causes grub-emu to crash - I don't think this code -has ever worked. - -Delete all PNG greyscale support. - -Fixes: CVE-2021-3695 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 0e1d163382669bd734439d8864ee969616d971d9) -[rharwood: context conflict] -Signed-off-by: Robbie Harwood -(cherry picked from commit 4c631c8119206b3178912df2905434d967661c3d) ---- - grub-core/video/readers/png.c | 85 +++---------------------------------------- - 1 file changed, 6 insertions(+), 79 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 8955b8ecfd..a3161e25b6 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -100,7 +100,7 @@ struct grub_png_data - - unsigned image_width, image_height; - int bpp, is_16bit; -- int raw_bytes, is_gray, is_alpha, is_palette; -+ int raw_bytes, is_alpha, is_palette; - int row_bytes, color_bits; - grub_uint8_t *image_data; - -@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp = 3; - else - { -- data->is_gray = 1; -- data->bpp = 1; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: color type not supported"); - } - - if ((color_bits != 8) && (color_bits != 16) - && (color_bits != 4 -- || !(data->is_gray || data->is_palette))) -+ || !data->is_palette)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: bit depth must be 8 or 16"); - -@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN -- if (data->is_16bit || data->is_gray || data->is_palette) -+ if (data->is_16bit || data->is_palette) - #endif - { - data->image_data = grub_calloc (data->image_height, data->row_bytes); -@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) - int shift; - int mask = (1 << data->color_bits) - 1; - unsigned j; -- if (data->is_gray) -- { -- /* Generic formula is -- (0xff * i) / ((1U << data->color_bits) - 1) -- but for allowed bit depth of 1, 2 and for it's -- equivalent to -- (0xff / ((1U << data->color_bits) - 1)) * i -- Precompute the multipliers to avoid division. -- */ - -- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; -- for (i = 0; i < (1U << data->color_bits); i++) -- { -- grub_uint8_t col = multipliers[data->color_bits] * i; -- palette[i][0] = col; -- palette[i][1] = col; -- palette[i][2] = col; -- } -- } -- else -- grub_memcpy (palette, data->palette, 3 << data->color_bits); -+ grub_memcpy (palette, data->palette, 3 << data->color_bits); - d1c = d1; - d2c = d2; - for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, -@@ -956,60 +937,6 @@ grub_png_convert_image (struct grub_png_data *data) - } - return; - } -- -- if (data->is_gray) -- { -- switch (data->bpp) -- { -- case 4: -- /* 16-bit gray with alpha. */ -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 4) -- { -- d1[R4] = d2[3]; -- d1[G4] = d2[3]; -- d1[B4] = d2[3]; -- d1[A4] = d2[1]; -- } -- break; -- case 2: -- if (data->is_16bit) -- /* 16-bit gray without alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R3] = d2[1]; -- d1[G3] = d2[1]; -- d1[B3] = d2[1]; -- } -- } -- else -- /* 8-bit gray with alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R4] = d2[1]; -- d1[G4] = d2[1]; -- d1[B4] = d2[1]; -- d1[A4] = d2[0]; -- } -- } -- break; -- /* 8-bit gray without alpha. */ -- case 1: -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 3, d2++) -- { -- d1[R3] = d2[0]; -- d1[G3] = d2[0]; -- d1[B3] = d2[0]; -- } -- break; -- } -- return; -- } - - { - /* Only copy the upper 8 bit. */ diff --git a/SOURCES/0240-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/SOURCES/0240-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch new file mode 100644 index 0000000..f75512c --- /dev/null +++ b/SOURCES/0240-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 25 Jun 2021 02:19:05 +1000 +Subject: [PATCH] kern/file: Do not leak device_name on error in + grub_file_open() + +If we have an error in grub_file_open() before we free device_name, we +will leak it. + +Free device_name in the error path and null out the pointer in the good +path once we free it there. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea) +(cherry picked from commit 2ec50b289d8b24922433439533113087f111f110) +--- + grub-core/kern/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index e19aea3e51..ed69fc0f0f 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -81,6 +81,7 @@ grub_file_open (const char *name, enum grub_file_type type) + + device = grub_device_open (device_name); + grub_free (device_name); ++ device_name = NULL; + if (! device) + goto fail; + +@@ -135,6 +136,7 @@ grub_file_open (const char *name, enum grub_file_type type) + return file; + + fail: ++ grub_free (device_name); + if (device) + grub_device_close (device); + diff --git a/SOURCES/0240-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/SOURCES/0240-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch deleted file mode 100644 index c1e232e..0000000 --- a/SOURCES/0240-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 23:25:07 +1000 -Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table - items - -In fuzzing we observed crashes where a code would attempt to be inserted -into a huffman table before the start, leading to a set of heap OOB reads -and writes as table entries with negative indices were shifted around and -the new code written in. - -Catch the case where we would underflow the array and bail. - -Fixes: CVE-2021-3696 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 1ae9a91d42cb40da8a6f11fac65541858e340afa) -(cherry picked from commit 132ccc681cf642ad748580f26b54c9259a7f43fd) ---- - grub-core/video/readers/png.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index a3161e25b6..d7ed5aa6cf 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) - for (i = len; i < ht->max_length; i++) - n += ht->maxval[i]; - -+ if (n > ht->num_values) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: out of range inserting huffman table item"); -+ return; -+ } -+ - for (i = 0; i < n; i++) - ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; - diff --git a/SOURCES/0241-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/SOURCES/0241-video-readers-png-Abort-sooner-if-a-read-operation-f.patch new file mode 100644 index 0000000..870f462 --- /dev/null +++ b/SOURCES/0241-video-readers-png-Abort-sooner-if-a-read-operation-f.patch @@ -0,0 +1,199 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:02:55 +1000 +Subject: [PATCH] video/readers/png: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 882be97d1df6449b9fd4d593f0cb70005fde3494) +(cherry picked from commit 3f6fc3ebfd58fcdb3fe6c2f7a5a4fa05772ae786) +--- + grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- + 1 file changed, 47 insertions(+), 8 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff7420..e2a6b1cf3c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -142,6 +142,7 @@ static grub_uint8_t + grub_png_get_byte (struct grub_png_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read = 0; + + if ((data->inside_idat) && (data->idat_remain == 0)) + { +@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) + } + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: unexpected end of data"); ++ return 0; ++ } + + if (data->inside_idat) + data->idat_remain--; +@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, + if (len == 0) + return GRUB_ERR_NONE; + +- for (i = 0; 3 * i < len && i < 256; i++) ++ grub_errno = GRUB_ERR_NONE; ++ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) + for (j = 0; j < 3; j++) + data->palette[i][j] = grub_png_get_byte (data); +- for (i *= 3; i < len; i++) ++ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_get_byte (data); + + grub_png_get_dword (data); + +- return GRUB_ERR_NONE; ++ return grub_errno; + } + + static grub_err_t +@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); + + color_bits = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + data->is_16bit = (color_bits == 16); + + color_type = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* According to PNG spec, no other types are valid. */ + if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) +@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: compression method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: filter method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: interlace method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* Skip crc checksum. */ + grub_png_get_dword (data); +@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) + int code, i; + + code = 0; +- for (i = 0; i < ht->max_length; i++) ++ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) + { + code = (code << 1) + grub_png_get_bits (data, 1); + if (code < ht->maxval[i]) +@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + grub_uint8_t lens[DEFLATE_HCLEN_MAX]; + + nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || + (nb > DEFLATE_HCLEN_MAX)) +@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + data->dist_offset); + + prev = 0; +- for (i = 0; i < nl + nd; i++) ++ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) + { + int n, code; + struct huff_table *ht; +@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + pos = data->wp - dist; + if (pos < 0) + pos += WSIZE; + +- while (len > 0) ++ while (len > 0 && grub_errno == GRUB_ERR_NONE) + { + data->slide[data->wp] = data->slide[pos]; + grub_png_output_byte (data, data->slide[data->wp]); +@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int final; + + cmf = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + flg = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((cmf & 0xF) != Z_DEFLATED) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, +@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int block_type; + + final = grub_png_get_bits (data, 1); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + block_type = grub_png_get_bits (data, 2); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + switch (block_type) + { +@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) + grub_png_get_byte (data); + grub_png_get_byte (data); + +- for (i = 0; i < len; i++) ++ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_output_byte (data, grub_png_get_byte (data)); + + break; +@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) + + len = grub_png_get_dword (data); + type = grub_png_get_dword (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ break; + data->next_offset = data->file->offset + len + 4; + + switch (type) diff --git a/SOURCES/0241-video-readers-png-Sanity-check-some-huffman-codes.patch b/SOURCES/0241-video-readers-png-Sanity-check-some-huffman-codes.patch deleted file mode 100644 index 01d6333..0000000 --- a/SOURCES/0241-video-readers-png-Sanity-check-some-huffman-codes.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 19:19:11 +1000 -Subject: [PATCH] video/readers/png: Sanity check some huffman codes - -ASAN picked up two OOB global reads: we weren't checking if some code -values fit within the cplens or cpdext arrays. Check and throw an error -if not. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit c3a8ab0cbd24153ec7b1f84a96ddfdd72ef8d117) -(cherry picked from commit 5d09addf58086aa11d5f9a91af5632ff87c2d2ee) ---- - grub-core/video/readers/png.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index d7ed5aa6cf..7f2ba7849b 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - int len, dist, pos; - - n -= 257; -+ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); -+ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); diff --git a/SOURCES/0242-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/SOURCES/0242-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch deleted file mode 100644 index e03b6d9..0000000 --- a/SOURCES/0242-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +++ /dev/null @@ -1,256 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:14 +1000 -Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ab2e5d2e4bff488bbb557ed435a61ae102ef9f0c) -(cherry picked from commit 1ff8df0d2dea8ec7c8575241d5e7d6622c204ec3) ---- - grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 70 insertions(+), 16 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index e31602f766..10225abd53 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -109,9 +109,17 @@ static grub_uint8_t - grub_jpeg_get_byte (struct grub_jpeg_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return r; - } -@@ -120,9 +128,17 @@ static grub_uint16_t - grub_jpeg_get_word (struct grub_jpeg_data *data) - { - grub_uint16_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ -+ if (bytes_read != sizeof (grub_uint16_t)) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return grub_be_to_cpu16 (r); - } -@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - if (data->bit_mask == 0) - { - data->bit_save = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: file read error"); -+ return 0; -+ } - if (data->bit_save == JPEG_ESC_CHAR) - { - if (grub_jpeg_get_byte (data) != 0) -@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - "jpeg: invalid 0xFF in data stream"); - return 0; - } -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); -+ return 0; -+ } - } - data->bit_mask = 0x80; - } -@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) - return 0; - - msb = value = grub_jpeg_get_bit (data); -- for (i = 1; i < num; i++) -+ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) - value = (value << 1) + (grub_jpeg_get_bit (data) != 0); - if (!msb) - value += 1 - (1 << num); -@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - while (data->file->offset + sizeof (count) + 1 <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ac = (id >> 4) & 1; - id &= 0xF; - if (id > 1) -@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (next_marker > data->file->size) - { -@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (id >= 0x10) /* Upper 4-bit is precision. */ - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (grub_jpeg_get_byte (data) != 8) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); - - ss = grub_jpeg_get_byte (data); /* Sampling factor. */ -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (!id) - { - grub_uint8_t vs, hs; -@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) - } - } - --static void -+static grub_err_t - grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - { - int h1, h2, qt; -@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - data->dc_value[id] += - grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; - pos = 1; - while (pos < ARRAY_SIZE (data->quan_table[qt])) -@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - num >>= 4; - pos += num; - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) - { -- grub_error (GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: invalid position in zigzag order!?"); -- return; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: invalid position in zigzag order!?"); - } - - du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; -@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - } - - grub_jpeg_idct_transform (du); -+ return GRUB_ERR_NONE; - } - - static void -@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - data_offset += grub_jpeg_get_word (data); - - cc = grub_jpeg_get_byte (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (cc != 3 && cc != 1) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: component count must be 1 or 3"); -@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - id = grub_jpeg_get_byte (data) - 1; - if ((id < 0) || (id >= 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ht = grub_jpeg_get_byte (data); - data->comp_index[id][1] = (ht >> 4); - data->comp_index[id][2] = (ht & 0xF) + 2; -@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || - (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - } - - grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ - grub_jpeg_get_word (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; - int rst = data->dri; -+ grub_err_t err = GRUB_ERR_NONE; - - vb = 8 << data->log_vs; - hb = 8 << data->log_hs; -@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - - for (r2 = 0; r2 < (1U << data->log_vs); r2++) - for (c2 = 0; c2 < (1U << data->log_hs); c2++) -- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ { -+ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ } - - if (data->color_components >= 3) - { -- grub_jpeg_decode_du (data, 1, data->cbdu); -- grub_jpeg_decode_du (data, 2, data->crdu); -+ err = grub_jpeg_decode_du (data, 1, data->cbdu); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ err = grub_jpeg_decode_du (data, 2, data->crdu); -+ if (err != GRUB_ERR_NONE) -+ return err; - } - -- if (grub_errno) -- return grub_errno; -- - nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; - nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; - diff --git a/SOURCES/0242-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/SOURCES/0242-video-readers-png-Refuse-to-handle-multiple-image-he.patch new file mode 100644 index 0000000..52832da --- /dev/null +++ b/SOURCES/0242-video-readers-png-Refuse-to-handle-multiple-image-he.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:13:40 +1000 +Subject: [PATCH] video/readers/png: Refuse to handle multiple image headers + +This causes the bitmap to be leaked. Do not permit multiple image headers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 8ce433557adeadbc46429aabb9f850b02ad2bdfb) +(cherry picked from commit 6e10bba6a4cbfd6c7bf116f41fd4e037465e19d8) +--- + grub-core/video/readers/png.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e2a6b1cf3c..8955b8ecfd 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) + int color_bits; + enum grub_video_blit_format blt; + ++ if (data->image_width || data->image_height) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); ++ + data->image_width = grub_png_get_dword (data); + data->image_height = grub_png_get_dword (data); + diff --git a/SOURCES/0243-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/SOURCES/0243-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch deleted file mode 100644 index 0ee92d5..0000000 --- a/SOURCES/0243-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:58 +1000 -Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table - -Fix a memory leak where an invalid file could cause us to reallocate -memory for a huffman table we had already allocated memory for. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9) -(cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b) ---- - grub-core/video/readers/jpeg.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 10225abd53..caa211f06d 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - n += count[i]; - - id += ac * 2; -+ if (data->huff_value[id] != NULL) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempt to reallocate huffman table"); - data->huff_value[id] = grub_malloc (n); - if (grub_errno) - return grub_errno; diff --git a/SOURCES/0243-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/SOURCES/0243-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000..c639780 --- /dev/null +++ b/SOURCES/0243-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -0,0 +1,171 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap + out-of-bounds write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 0e1d163382669bd734439d8864ee969616d971d9) +[rharwood: context conflict] +Signed-off-by: Robbie Harwood +(cherry picked from commit 4c631c8119206b3178912df2905434d967661c3d) +--- + grub-core/video/readers/png.c | 85 +++---------------------------------------- + 1 file changed, 6 insertions(+), 79 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 8955b8ecfd..a3161e25b6 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ + +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -956,60 +937,6 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } + + { + /* Only copy the upper 8 bit. */ diff --git a/SOURCES/0244-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/SOURCES/0244-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch deleted file mode 100644 index ed20cda..0000000 --- a/SOURCES/0244-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:25:17 +1000 -Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of - streams - -An invalid file could contain multiple start of stream blocks, which -would cause us to reallocate and leak our bitmap. Refuse to handle -multiple start of streams. - -Additionally, fix a grub_error() call formatting. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f) -(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827) ---- - grub-core/video/readers/jpeg.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index caa211f06d..1df1171d78 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -+ if (*data->bitmap) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); -+ - if (grub_video_bitmap_create (data->bitmap, data->image_width, - data->image_height, - GRUB_VIDEO_BLIT_FORMAT_RGB_888)) -@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); - - if (data->bitmap_ptr == NULL) -- return grub_error(GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: attempted to decode data before start of stream"); -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempted to decode data before start of stream"); - - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) diff --git a/SOURCES/0244-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/SOURCES/0244-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch new file mode 100644 index 0000000..c1e232e --- /dev/null +++ b/SOURCES/0244-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table + items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 1ae9a91d42cb40da8a6f11fac65541858e340afa) +(cherry picked from commit 132ccc681cf642ad748580f26b54c9259a7f43fd) +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e25b6..d7ed5aa6cf 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + diff --git a/SOURCES/0245-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/SOURCES/0245-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch deleted file mode 100644 index ed39a71..0000000 --- a/SOURCES/0245-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Wed, 7 Jul 2021 15:38:19 +1000 -Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write - -Certain 1 px wide images caused a wild pointer write in -grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), -we have the following loop: - -for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - -We did not check if vb * width >= hb * nc1. - -On a 64-bit platform, if that turns out to be negative, it will underflow, -be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so -we see data->bitmap_ptr jump, e.g.: - -0x6180_0000_0480 to -0x6181_0000_0498 - ^ - ~--- carry has occurred and this pointer is now far away from - any object. - -On a 32-bit platform, it will decrement the pointer, creating a pointer -that won't crash but will overwrite random data. - -Catch the underflow and error out. - -Fixes: CVE-2021-3697 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 41aeb2004db9924fecd9f2dd64bc2a5a5594a4b5) -(cherry picked from commit 5f9582490792108306d047379fed2371bee286f8) ---- - grub-core/video/readers/jpeg.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 1df1171d78..2da04094b3 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -705,6 +705,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: attempted to decode data before start of stream"); - -+ if (vb * data->image_width <= hb * nc1) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: cannot decode image with these dimensions"); -+ - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - for (c1 = 0; c1 < nc1 && (!data->dri || rst); diff --git a/SOURCES/0245-video-readers-png-Sanity-check-some-huffman-codes.patch b/SOURCES/0245-video-readers-png-Sanity-check-some-huffman-codes.patch new file mode 100644 index 0000000..01d6333 --- /dev/null +++ b/SOURCES/0245-video-readers-png-Sanity-check-some-huffman-codes.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 19:19:11 +1000 +Subject: [PATCH] video/readers/png: Sanity check some huffman codes + +ASAN picked up two OOB global reads: we weren't checking if some code +values fit within the cplens or cpdext arrays. Check and throw an error +if not. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit c3a8ab0cbd24153ec7b1f84a96ddfdd72ef8d117) +(cherry picked from commit 5d09addf58086aa11d5f9a91af5632ff87c2d2ee) +--- + grub-core/video/readers/png.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index d7ed5aa6cf..7f2ba7849b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + int len, dist, pos; + + n -= 257; ++ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); +@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); ++ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); diff --git a/SOURCES/0246-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/SOURCES/0246-normal-charset-Fix-array-out-of-bounds-formatting-un.patch deleted file mode 100644 index e51d293..0000000 --- a/SOURCES/0246-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 13 Jul 2021 13:24:38 +1000 -Subject: [PATCH] normal/charset: Fix array out-of-bounds formatting unicode - for display - -In some cases attempting to display arbitrary binary strings leads -to ASAN splats reading the widthspec array out of bounds. - -Check the index. If it would be out of bounds, return a width of 1. -I don't know if that's strictly correct, but we're not really expecting -great display of arbitrary binary data, and it's certainly not worse than -an OOB read. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d) -(cherry picked from commit f2c10aaf335b88a69885375c4d68ffab2429df77) ---- - grub-core/normal/charset.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index 4dfcc31078..7a5a7c153c 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) - { - if (grub_unicode_get_comb_type (c->base)) - return 0; -+ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) -+ return 1; - if (widthspec[c->base >> 3] & (1 << (c->base & 7))) - return 2; - else diff --git a/SOURCES/0246-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/SOURCES/0246-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000..e03b6d9 --- /dev/null +++ b/SOURCES/0246-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -0,0 +1,256 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ab2e5d2e4bff488bbb557ed435a61ae102ef9f0c) +(cherry picked from commit 1ff8df0d2dea8ec7c8575241d5e7d6622c204ec3) +--- + grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index e31602f766..10225abd53 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + diff --git a/SOURCES/0247-net-netbuff-Block-overly-large-netbuff-allocs.patch b/SOURCES/0247-net-netbuff-Block-overly-large-netbuff-allocs.patch deleted file mode 100644 index e74df27..0000000 --- a/SOURCES/0247-net-netbuff-Block-overly-large-netbuff-allocs.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 23:47:46 +1100 -Subject: [PATCH] net/netbuff: Block overly large netbuff allocs - -A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment -reassembly. - -This helps avoid some bugs (and provides a spot to instrument to catch -them at their source). - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) -(cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183) ---- - grub-core/net/netbuff.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c -index dbeeefe478..d5e9e9a0d7 100644 ---- a/grub-core/net/netbuff.c -+++ b/grub-core/net/netbuff.c -@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) - - COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); - -+ /* -+ * The largest size of a TCP packet is 64 KiB, and everything else -+ * should be a lot smaller - most MTUs are 1500 or less. Cap data -+ * size at 64 KiB + a buffer. -+ */ -+ if (len > 0xffffUL + 0x1000UL) -+ { -+ grub_error (GRUB_ERR_BUG, -+ "attempted to allocate a packet that is too big"); -+ return NULL; -+ } -+ - if (len < NETBUFFMINLEN) - len = NETBUFFMINLEN; - - len = ALIGN_UP (len, NETBUFF_ALIGN); -+ - #ifdef GRUB_MACHINE_EMU - data = grub_malloc (len + sizeof (*nb)); - #else diff --git a/SOURCES/0247-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/SOURCES/0247-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch new file mode 100644 index 0000000..0ee92d5 --- /dev/null +++ b/SOURCES/0247-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:58 +1000 +Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table + +Fix a memory leak where an invalid file could cause us to reallocate +memory for a huffman table we had already allocated memory for. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9) +(cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b) +--- + grub-core/video/readers/jpeg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 10225abd53..caa211f06d 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + n += count[i]; + + id += ac * 2; ++ if (data->huff_value[id] != NULL) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempt to reallocate huffman table"); + data->huff_value[id] = grub_malloc (n); + if (grub_errno) + return grub_errno; diff --git a/SOURCES/0248-net-ip-Do-IP-fragment-maths-safely.patch b/SOURCES/0248-net-ip-Do-IP-fragment-maths-safely.patch deleted file mode 100644 index 4ba8455..0000000 --- a/SOURCES/0248-net-ip-Do-IP-fragment-maths-safely.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 19:41:21 +1100 -Subject: [PATCH] net/ip: Do IP fragment maths safely - -This avoids an underflow and subsequent unpleasantness. - -Fixes: CVE-2022-28733 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit eb74e5743ca7e18a5e75c392fe0b21d1549a1936) -(cherry picked from commit 552ad34583e788542e9ca08524a0d4bc8f98c297) ---- - grub-core/net/ip.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ce6bdc75c6..cf74f1f794 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - #include - - struct iphdr { -@@ -551,7 +552,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, - { - rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) - + (nb->tail - nb->data)); -- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); -+ -+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), -+ &rsm->total_len)) -+ { -+ grub_dprintf ("net", "IP reassembly size underflow\n"); -+ return GRUB_ERR_NONE; -+ } -+ - rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); - if (!rsm->asm_netbuff) - { diff --git a/SOURCES/0248-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/SOURCES/0248-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000..ed20cda --- /dev/null +++ b/SOURCES/0248-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of + streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f) +(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827) +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index caa211f06d..1df1171d78 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) diff --git a/SOURCES/0249-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/SOURCES/0249-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch deleted file mode 100644 index 96c5361..0000000 --- a/SOURCES/0249-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 16 Sep 2021 01:29:54 +1000 -Subject: [PATCH] net/dns: Fix double-free addresses on corrupt DNS response - -grub_net_dns_lookup() takes as inputs a pointer to an array of addresses -("addresses") for the given name, and pointer to a number of addresses -("naddresses"). grub_net_dns_lookup() is responsible for allocating -"addresses", and the caller is responsible for freeing it if -"naddresses" > 0. - -The DNS recv_hook will sometimes set and free the addresses array, -for example if the packet is too short: - - if (ptr + 10 >= nb->tail) - { - if (!*data->naddresses) - grub_free (*data->addresses); - grub_netbuff_free (nb); - return GRUB_ERR_NONE; - } - -Later on the nslookup command code unconditionally frees the "addresses" -array. Normally this is fine: the array is either populated with valid -data or is NULL. But in these sorts of error cases it is neither NULL -nor valid and we get a double-free. - -Only free "addresses" if "naddresses" > 0. - -It looks like the other use of grub_net_dns_lookup() is not affected. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit eb2e69fcf51307757e43f55ee8c9354d1ee42dd1) -(cherry picked from commit d801a27e7acec6c1a83067fab0bb975877eaf704) ---- - grub-core/net/dns.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 906ec7d678..135faac035 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), - grub_net_addr_to_str (&addresses[i], buf); - grub_printf ("%s\n", buf); - } -- grub_free (addresses); - if (naddresses) -- return GRUB_ERR_NONE; -+ { -+ grub_free (addresses); -+ return GRUB_ERR_NONE; -+ } - return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); - } - diff --git a/SOURCES/0249-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/SOURCES/0249-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch new file mode 100644 index 0000000..ed39a71 --- /dev/null +++ b/SOURCES/0249-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch @@ -0,0 +1,54 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 41aeb2004db9924fecd9f2dd64bc2a5a5594a4b5) +(cherry picked from commit 5f9582490792108306d047379fed2371bee286f8) +--- + grub-core/video/readers/jpeg.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 1df1171d78..2da04094b3 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -705,6 +705,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (vb * data->image_width <= hb * nc1) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); diff --git a/SOURCES/0250-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/SOURCES/0250-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch deleted file mode 100644 index 8451c19..0000000 --- a/SOURCES/0250-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 21:55:43 +1100 -Subject: [PATCH] net/dns: Don't read past the end of the string we're checking - against - -I don't really understand what's going on here but fuzzing found -a bug where we read past the end of check_with. That's a C string, -so use grub_strlen() to make sure we don't overread it. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 6a97b3f4b1d5173aa516edc6dedbc63de7306d21) -(cherry picked from commit e0589624e86bc96666cbdb62f6e55cafec2871b3) ---- - grub-core/net/dns.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 135faac035..17961a9f18 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - int *length, char *set) - { - const char *readable_ptr = check_with; -+ int readable_len; - const grub_uint8_t *ptr; - char *optr = set; - int bytes_processed = 0; - if (length) - *length = 0; -+ -+ if (readable_ptr != NULL) -+ readable_len = grub_strlen (readable_ptr); -+ else -+ readable_len = 0; -+ - for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) - { - /* End marker. */ -@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); - continue; - } -- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) -+ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) - return 0; - if (grub_memchr (ptr + 1, 0, *ptr) - || grub_memchr (ptr + 1, '.', *ptr)) - return 0; - if (readable_ptr) -- readable_ptr += *ptr; -+ { -+ readable_ptr += *ptr; -+ readable_len -= *ptr; -+ } - if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) - return 0; - bytes_processed += *ptr + 1; -@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - if (optr) - *optr++ = '.'; - if (readable_ptr && *readable_ptr) -- readable_ptr++; -+ { -+ readable_ptr++; -+ readable_len--; -+ } - ptr += *ptr + 1; - } - return 0; diff --git a/SOURCES/0250-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/SOURCES/0250-normal-charset-Fix-array-out-of-bounds-formatting-un.patch new file mode 100644 index 0000000..e51d293 --- /dev/null +++ b/SOURCES/0250-normal-charset-Fix-array-out-of-bounds-formatting-un.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 13 Jul 2021 13:24:38 +1000 +Subject: [PATCH] normal/charset: Fix array out-of-bounds formatting unicode + for display + +In some cases attempting to display arbitrary binary strings leads +to ASAN splats reading the widthspec array out of bounds. + +Check the index. If it would be out of bounds, return a width of 1. +I don't know if that's strictly correct, but we're not really expecting +great display of arbitrary binary data, and it's certainly not worse than +an OOB read. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d) +(cherry picked from commit f2c10aaf335b88a69885375c4d68ffab2429df77) +--- + grub-core/normal/charset.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index 4dfcc31078..7a5a7c153c 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) + { + if (grub_unicode_get_comb_type (c->base)) + return 0; ++ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) ++ return 1; + if (widthspec[c->base >> 3] & (1 << (c->base & 7))) + return 2; + else diff --git a/SOURCES/0251-net-netbuff-Block-overly-large-netbuff-allocs.patch b/SOURCES/0251-net-netbuff-Block-overly-large-netbuff-allocs.patch new file mode 100644 index 0000000..e74df27 --- /dev/null +++ b/SOURCES/0251-net-netbuff-Block-overly-large-netbuff-allocs.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 23:47:46 +1100 +Subject: [PATCH] net/netbuff: Block overly large netbuff allocs + +A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment +reassembly. + +This helps avoid some bugs (and provides a spot to instrument to catch +them at their source). + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) +(cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183) +--- + grub-core/net/netbuff.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c +index dbeeefe478..d5e9e9a0d7 100644 +--- a/grub-core/net/netbuff.c ++++ b/grub-core/net/netbuff.c +@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) + + COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); + ++ /* ++ * The largest size of a TCP packet is 64 KiB, and everything else ++ * should be a lot smaller - most MTUs are 1500 or less. Cap data ++ * size at 64 KiB + a buffer. ++ */ ++ if (len > 0xffffUL + 0x1000UL) ++ { ++ grub_error (GRUB_ERR_BUG, ++ "attempted to allocate a packet that is too big"); ++ return NULL; ++ } ++ + if (len < NETBUFFMINLEN) + len = NETBUFFMINLEN; + + len = ALIGN_UP (len, NETBUFF_ALIGN); ++ + #ifdef GRUB_MACHINE_EMU + data = grub_malloc (len + sizeof (*nb)); + #else diff --git a/SOURCES/0251-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/SOURCES/0251-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch deleted file mode 100644 index dba4ca7..0000000 --- a/SOURCES/0251-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Sep 2021 01:12:24 +1000 -Subject: [PATCH] net/tftp: Prevent a UAF and double-free from a failed seek - -A malicious tftp server can cause UAFs and a double free. - -An attempt to read from a network file is handled by grub_net_fs_read(). If -the read is at an offset other than the current offset, grub_net_seek_real() -is invoked. - -In grub_net_seek_real(), if a backwards seek cannot be satisfied from the -currently received packets, and the underlying transport does not provide -a seek method, then grub_net_seek_real() will close and reopen the network -protocol layer. - -For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t -file->data. The file->data pointer is not nulled out after the free. - -If the ->open() call fails, the file->data will not be reallocated and will -continue point to a freed memory block. This could happen from a server -refusing to send the requisite ack to the new tftp request, for example. - -The seek and the read will then fail, but the grub_file continues to exist: -the failed seek does not necessarily cause the entire file to be thrown -away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., -a read failure is interpreted as a decompressor passing on the file, not as -an invalidation of the entire grub_file_t structure). - -This means subsequent attempts to read or seek the file will use the old -file->data after free. Eventually, the file will be close()d again and -file->data will be freed again. - -Mark a net_fs file that doesn't reopen as broken. Do not permit read() or -close() on a broken file (seek is not exposed directly to the file API - -it is only called as part of read, so this blocks seeks as well). - -As an additional defence, null out the ->data pointer if tftp_open() fails. -That would have lead to a simple null pointer dereference rather than -a mess of UAFs. - -This may affect other protocols, I haven't checked. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit dada1dda695439bb55b2848dddc2d89843552f81) -(cherry picked from commit 352c5ae8a9fc715712e6ecbd7ccb6218122c748f) ---- - grub-core/net/net.c | 11 +++++++++-- - grub-core/net/tftp.c | 1 + - include/grub/net.h | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 55aed92722..1001c611d1 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -1625,7 +1625,8 @@ grub_net_fs_close (grub_file_t file) - grub_netbuff_free (file->device->net->packs.first->nb); - grub_net_remove_packet (file->device->net->packs.first); - } -- file->device->net->protocol->close (file); -+ if (!file->device->net->broken) -+ file->device->net->protocol->close (file); - grub_free (file->device->net->name); - return GRUB_ERR_NONE; - } -@@ -1847,7 +1848,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - file->device->net->stall = 0; - err = file->device->net->protocol->open (file, file->device->net->name); - if (err) -- return err; -+ { -+ file->device->net->broken = 1; -+ return err; -+ } - grub_net_fs_read_real (file, NULL, offset); - return grub_errno; - } -@@ -1856,6 +1860,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - static grub_ssize_t - grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) - { -+ if (file->device->net->broken) -+ return -1; -+ - if (file->offset != file->device->net->offset) - { - grub_err_t err; -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index d54b13f09f..788ad1dc44 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -408,6 +408,7 @@ tftp_open (struct grub_file *file, const char *filename) - { - grub_net_udp_close (data->sock); - grub_free (data); -+ file->data = NULL; - return grub_errno; - } - -diff --git a/include/grub/net.h b/include/grub/net.h -index 42af7de250..9e4898cc6b 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -280,6 +280,7 @@ typedef struct grub_net - grub_fs_t fs; - int eof; - int stall; -+ int broken; - } *grub_net_t; - - extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); diff --git a/SOURCES/0252-net-ip-Do-IP-fragment-maths-safely.patch b/SOURCES/0252-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000..4ba8455 --- /dev/null +++ b/SOURCES/0252-net-ip-Do-IP-fragment-maths-safely.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: [PATCH] net/ip: Do IP fragment maths safely + +This avoids an underflow and subsequent unpleasantness. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit eb74e5743ca7e18a5e75c392fe0b21d1549a1936) +(cherry picked from commit 552ad34583e788542e9ca08524a0d4bc8f98c297) +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index ce6bdc75c6..cf74f1f794 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + + struct iphdr { +@@ -551,7 +552,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { diff --git a/SOURCES/0252-net-tftp-Avoid-a-trivial-UAF.patch b/SOURCES/0252-net-tftp-Avoid-a-trivial-UAF.patch deleted file mode 100644 index 09a583a..0000000 --- a/SOURCES/0252-net-tftp-Avoid-a-trivial-UAF.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 18 Jan 2022 14:29:20 +1100 -Subject: [PATCH] net/tftp: Avoid a trivial UAF - -Under tftp errors, we print a tftp error message from the tftp header. -However, the tftph pointer is a pointer inside nb, the netbuff. Previously, -we were freeing the nb and then dereferencing it. Don't do that, use it -and then free it later. - -This isn't really _bad_ per se, especially as we're single-threaded, but -it trips up fuzzers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 956f4329cec23e4375182030ca9b2be631a61ba5) -(cherry picked from commit dbe9abcdee6ce796811111b67e3f24eefe2135d1) ---- - grub-core/net/tftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 788ad1dc44..a95766dcbd 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -251,9 +251,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), - return GRUB_ERR_NONE; - case TFTP_ERROR: - data->have_oack = 1; -- grub_netbuff_free (nb); - grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); - grub_error_save (&data->save_err); -+ grub_netbuff_free (nb); - return GRUB_ERR_NONE; - default: - grub_netbuff_free (nb); diff --git a/SOURCES/0253-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/SOURCES/0253-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch new file mode 100644 index 0000000..96c5361 --- /dev/null +++ b/SOURCES/0253-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 16 Sep 2021 01:29:54 +1000 +Subject: [PATCH] net/dns: Fix double-free addresses on corrupt DNS response + +grub_net_dns_lookup() takes as inputs a pointer to an array of addresses +("addresses") for the given name, and pointer to a number of addresses +("naddresses"). grub_net_dns_lookup() is responsible for allocating +"addresses", and the caller is responsible for freeing it if +"naddresses" > 0. + +The DNS recv_hook will sometimes set and free the addresses array, +for example if the packet is too short: + + if (ptr + 10 >= nb->tail) + { + if (!*data->naddresses) + grub_free (*data->addresses); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + +Later on the nslookup command code unconditionally frees the "addresses" +array. Normally this is fine: the array is either populated with valid +data or is NULL. But in these sorts of error cases it is neither NULL +nor valid and we get a double-free. + +Only free "addresses" if "naddresses" > 0. + +It looks like the other use of grub_net_dns_lookup() is not affected. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit eb2e69fcf51307757e43f55ee8c9354d1ee42dd1) +(cherry picked from commit d801a27e7acec6c1a83067fab0bb975877eaf704) +--- + grub-core/net/dns.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 906ec7d678..135faac035 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), + grub_net_addr_to_str (&addresses[i], buf); + grub_printf ("%s\n", buf); + } +- grub_free (addresses); + if (naddresses) +- return GRUB_ERR_NONE; ++ { ++ grub_free (addresses); ++ return GRUB_ERR_NONE; ++ } + return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); + } + diff --git a/SOURCES/0253-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/SOURCES/0253-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch deleted file mode 100644 index cbc7162..0000000 --- a/SOURCES/0253-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 1 Mar 2022 23:14:15 +1100 -Subject: [PATCH] net/http: Do not tear down socket if it's already been torn - down - -It's possible for data->sock to get torn down in tcp error handling. -If we unconditionally tear it down again we will end up doing writes -to an offset of the NULL pointer when we go to tear it down again. - -Detect if it has been torn down and don't do it again. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85) -(cherry picked from commit d39cf87ed701b9f0900daed7f672e07994d37ce8) ---- - grub-core/net/http.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 7f878b5615..19cb8768e3 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -427,7 +427,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - return err; - } - -- for (i = 0; !data->headers_recv && i < 100; i++) -+ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) - { - grub_net_tcp_retransmit (); - grub_net_poll_cards (300, &data->headers_recv); -@@ -435,7 +435,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - - if (!data->headers_recv) - { -- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); -+ if (data->sock) -+ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); - if (data->err) - { - char *str = data->errmsg; diff --git a/SOURCES/0254-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/SOURCES/0254-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch new file mode 100644 index 0000000..8451c19 --- /dev/null +++ b/SOURCES/0254-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Dec 2021 21:55:43 +1100 +Subject: [PATCH] net/dns: Don't read past the end of the string we're checking + against + +I don't really understand what's going on here but fuzzing found +a bug where we read past the end of check_with. That's a C string, +so use grub_strlen() to make sure we don't overread it. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 6a97b3f4b1d5173aa516edc6dedbc63de7306d21) +(cherry picked from commit e0589624e86bc96666cbdb62f6e55cafec2871b3) +--- + grub-core/net/dns.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 135faac035..17961a9f18 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + int *length, char *set) + { + const char *readable_ptr = check_with; ++ int readable_len; + const grub_uint8_t *ptr; + char *optr = set; + int bytes_processed = 0; + if (length) + *length = 0; ++ ++ if (readable_ptr != NULL) ++ readable_len = grub_strlen (readable_ptr); ++ else ++ readable_len = 0; ++ + for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) + { + /* End marker. */ +@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); + continue; + } +- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) ++ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) + return 0; + if (grub_memchr (ptr + 1, 0, *ptr) + || grub_memchr (ptr + 1, '.', *ptr)) + return 0; + if (readable_ptr) +- readable_ptr += *ptr; ++ { ++ readable_ptr += *ptr; ++ readable_len -= *ptr; ++ } + if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) + return 0; + bytes_processed += *ptr + 1; +@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + if (optr) + *optr++ = '.'; + if (readable_ptr && *readable_ptr) +- readable_ptr++; ++ { ++ readable_ptr++; ++ readable_len--; ++ } + ptr += *ptr + 1; + } + return 0; diff --git a/SOURCES/0254-net-http-Fix-OOB-write-for-split-http-headers.patch b/SOURCES/0254-net-http-Fix-OOB-write-for-split-http-headers.patch deleted file mode 100644 index 367a827..0000000 --- a/SOURCES/0254-net-http-Fix-OOB-write-for-split-http-headers.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 18:17:03 +1100 -Subject: [PATCH] net/http: Fix OOB write for split http headers - -GRUB has special code for handling an http header that is split -across two packets. - -The code tracks the end of line by looking for a "\n" byte. The -code for split headers has always advanced the pointer just past the -end of the line, whereas the code that handles unsplit headers does -not advance the pointer. This extra advance causes the length to be -one greater, which breaks an assumption in parse_line(), leading to -it writing a NUL byte one byte past the end of the buffer where we -reconstruct the line from the two packets. - -It's conceivable that an attacker controlled set of packets could -cause this to zero out the first byte of the "next" pointer of the -grub_mm_region structure following the current_line buffer. - -Do not advance the pointer in the split header case. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit e9fb459638811c12b0989dbf64e3e124974ef617) -(cherry picked from commit b604916beb6c39e8ed27f72851eb16f3eaa293c5) ---- - grub-core/net/http.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 19cb8768e3..58546739a2 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), - int have_line = 1; - char *t; - ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); -- if (ptr) -- ptr++; -- else -+ if (ptr == NULL) - { - have_line = 0; - ptr = (char *) nb->tail; diff --git a/SOURCES/0255-net-http-Error-out-on-headers-with-LF-without-CR.patch b/SOURCES/0255-net-http-Error-out-on-headers-with-LF-without-CR.patch deleted file mode 100644 index ea8ce37..0000000 --- a/SOURCES/0255-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 19:04:40 +1100 -Subject: [PATCH] net/http: Error out on headers with LF without CR - -In a similar vein to the previous patch, parse_line() would write -a NUL byte past the end of the buffer if there was an HTTP header -with a LF rather than a CRLF. - -RFC-2616 says: - - Many HTTP/1.1 header field values consist of words separated by LWS - or special characters. These special characters MUST be in a quoted - string to be used within a parameter value (as defined in section 3.6). - -We don't support quoted sections or continuation lines, etc. - -If we see an LF that's not part of a CRLF, bail out. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit d232ad41ac4979a9de4d746e5fdff9caf0e303de) -(cherry picked from commit 8960e6d6137090a7e8c6592077da6e387a4ef972) ---- - grub-core/net/http.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 58546739a2..57d2721719 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - char *end = ptr + len; - while (end > ptr && *(end - 1) == '\r') - end--; -+ -+ /* LF without CR. */ -+ if (end == ptr + len) -+ { -+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); -+ return GRUB_ERR_NONE; -+ } - *end = 0; -+ - /* Trailing CRLF. */ - if (data->in_chunk_len == 1) - { diff --git a/SOURCES/0255-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/SOURCES/0255-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch new file mode 100644 index 0000000..dba4ca7 --- /dev/null +++ b/SOURCES/0255-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch @@ -0,0 +1,113 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Sep 2021 01:12:24 +1000 +Subject: [PATCH] net/tftp: Prevent a UAF and double-free from a failed seek + +A malicious tftp server can cause UAFs and a double free. + +An attempt to read from a network file is handled by grub_net_fs_read(). If +the read is at an offset other than the current offset, grub_net_seek_real() +is invoked. + +In grub_net_seek_real(), if a backwards seek cannot be satisfied from the +currently received packets, and the underlying transport does not provide +a seek method, then grub_net_seek_real() will close and reopen the network +protocol layer. + +For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t +file->data. The file->data pointer is not nulled out after the free. + +If the ->open() call fails, the file->data will not be reallocated and will +continue point to a freed memory block. This could happen from a server +refusing to send the requisite ack to the new tftp request, for example. + +The seek and the read will then fail, but the grub_file continues to exist: +the failed seek does not necessarily cause the entire file to be thrown +away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., +a read failure is interpreted as a decompressor passing on the file, not as +an invalidation of the entire grub_file_t structure). + +This means subsequent attempts to read or seek the file will use the old +file->data after free. Eventually, the file will be close()d again and +file->data will be freed again. + +Mark a net_fs file that doesn't reopen as broken. Do not permit read() or +close() on a broken file (seek is not exposed directly to the file API - +it is only called as part of read, so this blocks seeks as well). + +As an additional defence, null out the ->data pointer if tftp_open() fails. +That would have lead to a simple null pointer dereference rather than +a mess of UAFs. + +This may affect other protocols, I haven't checked. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit dada1dda695439bb55b2848dddc2d89843552f81) +(cherry picked from commit 352c5ae8a9fc715712e6ecbd7ccb6218122c748f) +--- + grub-core/net/net.c | 11 +++++++++-- + grub-core/net/tftp.c | 1 + + include/grub/net.h | 1 + + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 55aed92722..1001c611d1 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1625,7 +1625,8 @@ grub_net_fs_close (grub_file_t file) + grub_netbuff_free (file->device->net->packs.first->nb); + grub_net_remove_packet (file->device->net->packs.first); + } +- file->device->net->protocol->close (file); ++ if (!file->device->net->broken) ++ file->device->net->protocol->close (file); + grub_free (file->device->net->name); + return GRUB_ERR_NONE; + } +@@ -1847,7 +1848,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + file->device->net->stall = 0; + err = file->device->net->protocol->open (file, file->device->net->name); + if (err) +- return err; ++ { ++ file->device->net->broken = 1; ++ return err; ++ } + grub_net_fs_read_real (file, NULL, offset); + return grub_errno; + } +@@ -1856,6 +1860,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + static grub_ssize_t + grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) + { ++ if (file->device->net->broken) ++ return -1; ++ + if (file->offset != file->device->net->offset) + { + grub_err_t err; +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index d54b13f09f..788ad1dc44 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -408,6 +408,7 @@ tftp_open (struct grub_file *file, const char *filename) + { + grub_net_udp_close (data->sock); + grub_free (data); ++ file->data = NULL; + return grub_errno; + } + +diff --git a/include/grub/net.h b/include/grub/net.h +index 42af7de250..9e4898cc6b 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -280,6 +280,7 @@ typedef struct grub_net + grub_fs_t fs; + int eof; + int stall; ++ int broken; + } *grub_net_t; + + extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); diff --git a/SOURCES/0256-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/SOURCES/0256-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch deleted file mode 100644 index f0292c5..0000000 --- a/SOURCES/0256-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:03:37 +0530 -Subject: [PATCH] fs/f2fs: Do not read past the end of nat journal entries - -A corrupt f2fs file system could specify a nat journal entry count -that is beyond the maximum NAT_JOURNAL_ENTRIES. - -Check if the specified nat journal entry count before accessing the -array, and throw an error if it is too large. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit a3988cb3f0a108dd67ac127a79a4c8479d23334e) -(cherry picked from commit 7125978aa7d6068812ef6da0ab38ce521ae7eba1) ---- - grub-core/fs/f2fs.c | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8a9992ca9e..63702214b0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) - return err; - } - --static grub_uint32_t --get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) -+static grub_err_t -+get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, -+ grub_uint32_t *blkaddr) - { - grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); -- grub_uint32_t blkaddr = 0; - grub_uint16_t i; - -+ if (n >= NAT_JOURNAL_ENTRIES) -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid number of nat journal entries"); -+ - for (i = 0; i < n; i++) - { - if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) - { -- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); -+ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); - break; - } - } - -- return blkaddr; -+ return GRUB_ERR_NONE; - } - - static grub_uint32_t -@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - { - struct grub_f2fs_nat_block *nat_block; - grub_uint32_t seg_off, block_off, entry_off, block_addr; -- grub_uint32_t blkaddr; -+ grub_uint32_t blkaddr = 0; - grub_err_t err; - -- blkaddr = get_blkaddr_from_nat_journal (data, nid); -+ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); -+ if (err != GRUB_ERR_NONE) -+ return 0; -+ - if (blkaddr) - return blkaddr; - diff --git a/SOURCES/0256-net-tftp-Avoid-a-trivial-UAF.patch b/SOURCES/0256-net-tftp-Avoid-a-trivial-UAF.patch new file mode 100644 index 0000000..09a583a --- /dev/null +++ b/SOURCES/0256-net-tftp-Avoid-a-trivial-UAF.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 18 Jan 2022 14:29:20 +1100 +Subject: [PATCH] net/tftp: Avoid a trivial UAF + +Under tftp errors, we print a tftp error message from the tftp header. +However, the tftph pointer is a pointer inside nb, the netbuff. Previously, +we were freeing the nb and then dereferencing it. Don't do that, use it +and then free it later. + +This isn't really _bad_ per se, especially as we're single-threaded, but +it trips up fuzzers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 956f4329cec23e4375182030ca9b2be631a61ba5) +(cherry picked from commit dbe9abcdee6ce796811111b67e3f24eefe2135d1) +--- + grub-core/net/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 788ad1dc44..a95766dcbd 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -251,9 +251,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +- grub_netbuff_free (nb); + grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); + grub_error_save (&data->save_err); ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + default: + grub_netbuff_free (nb); diff --git a/SOURCES/0257-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/SOURCES/0257-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch deleted file mode 100644 index 1d59fb6..0000000 --- a/SOURCES/0257-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:49:09 +0530 -Subject: [PATCH] fs/f2fs: Do not read past the end of nat bitmap - -A corrupt f2fs filesystem could have a block offset or a bitmap -offset that would cause us to read beyond the bounds of the nat -bitmap. - -Introduce the nat_bitmap_size member in grub_f2fs_data which holds -the size of nat bitmap. - -Set the size when loading the nat bitmap in nat_bitmap_ptr(), and -catch when an invalid offset would create a pointer past the end of -the allocated space. - -Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid -reading past the end of the nat bitmap. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 62d63d5e38c67a6e349148bf7cb87c560e935a7e) -(cherry picked from commit 92219e6d379b5b4d30b05361830b72ab1d95d281) ---- - grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ - 1 file changed, 27 insertions(+), 6 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 63702214b0..8898b235e0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ - - #define MAX_VOLUME_NAME 512 -+#define MAX_NAT_BITMAP_SIZE 3900 - - enum FILE_TYPE - { -@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint - grub_uint32_t checksum_offset; - grub_uint64_t elapsed_time; - grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; -- grub_uint8_t sit_nat_version_bitmap[3900]; -+ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; - grub_uint32_t checksum; - } GRUB_PACKED; - -@@ -302,6 +303,7 @@ struct grub_f2fs_data - - struct grub_f2fs_nat_journal nat_j; - char *nat_bitmap; -+ grub_uint32_t nat_bitmap_size; - - grub_disk_t disk; - struct grub_f2fs_node *inode; -@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) - } - - static void * --nat_bitmap_ptr (struct grub_f2fs_data *data) -+nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) - { - struct grub_f2fs_checkpoint *ckpt = &data->ckpt; - grub_uint32_t offset; -+ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; - - if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) - return ckpt->sit_nat_version_bitmap; - - offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); -+ if (offset >= MAX_NAT_BITMAP_SIZE) -+ return NULL; -+ -+ *nat_bitmap_size = *nat_bitmap_size - offset; - - return ckpt->sit_nat_version_bitmap + offset; - } -@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) - } - - static int --grub_f2fs_test_bit (grub_uint32_t nr, const char *p) -+grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) - { - int mask; -+ grub_uint32_t shifted_nr = (nr >> 3); - -- p += (nr >> 3); -+ if (shifted_nr >= len) -+ return -1; -+ -+ p += shifted_nr; - mask = 1 << (7 - (nr & 0x07)); - - return mask & *p; -@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - grub_uint32_t seg_off, block_off, entry_off, block_addr; - grub_uint32_t blkaddr = 0; - grub_err_t err; -+ int result_bit; - - err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); - if (err != GRUB_ERR_NONE) -@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - ((seg_off * data->blocks_per_seg) << 1) + - (block_off & (data->blocks_per_seg - 1)); - -- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) -+ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, -+ data->nat_bitmap_size); -+ if (result_bit > 0) - block_addr += data->blocks_per_seg; -+ else if (result_bit == -1) -+ { -+ grub_free (nat_block); -+ return 0; -+ } - - err = grub_f2fs_block_read (data, block_addr, nat_block); - if (err) -@@ -833,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk) - if (err) - goto fail; - -- data->nat_bitmap = nat_bitmap_ptr (data); -+ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); -+ if (data->nat_bitmap == NULL) -+ goto fail; - - err = get_nat_journal (data); - if (err) diff --git a/SOURCES/0257-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/SOURCES/0257-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch new file mode 100644 index 0000000..cbc7162 --- /dev/null +++ b/SOURCES/0257-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 1 Mar 2022 23:14:15 +1100 +Subject: [PATCH] net/http: Do not tear down socket if it's already been torn + down + +It's possible for data->sock to get torn down in tcp error handling. +If we unconditionally tear it down again we will end up doing writes +to an offset of the NULL pointer when we go to tear it down again. + +Detect if it has been torn down and don't do it again. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85) +(cherry picked from commit d39cf87ed701b9f0900daed7f672e07994d37ce8) +--- + grub-core/net/http.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 7f878b5615..19cb8768e3 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -427,7 +427,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + return err; + } + +- for (i = 0; !data->headers_recv && i < 100; i++) ++ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) + { + grub_net_tcp_retransmit (); + grub_net_poll_cards (300, &data->headers_recv); +@@ -435,7 +435,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + + if (!data->headers_recv) + { +- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); ++ if (data->sock) ++ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); + if (data->err) + { + char *str = data->errmsg; diff --git a/SOURCES/0258-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/SOURCES/0258-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch deleted file mode 100644 index c454897..0000000 --- a/SOURCES/0258-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:17:43 +0530 -Subject: [PATCH] fs/f2fs: Do not copy file names that are too long - -A corrupt f2fs file system might specify a name length which is greater -than the maximum name length supported by the GRUB f2fs driver. - -We will allocate enough memory to store the overly long name, but there -are only F2FS_NAME_LEN bytes in the source, so we would read past the end -of the source. - -While checking directory entries, do not copy a file name with an invalid -length. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a) -(cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7) ---- - grub-core/fs/f2fs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8898b235e0..df6beb544c 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) - - ftype = ctx->dentry[i].file_type; - name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); -+ -+ if (name_len >= F2FS_NAME_LEN) -+ return 0; -+ - filename = grub_malloc (name_len + 1); - if (!filename) - return 0; diff --git a/SOURCES/0258-net-http-Fix-OOB-write-for-split-http-headers.patch b/SOURCES/0258-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000..367a827 --- /dev/null +++ b/SOURCES/0258-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: [PATCH] net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit e9fb459638811c12b0989dbf64e3e124974ef617) +(cherry picked from commit b604916beb6c39e8ed27f72851eb16f3eaa293c5) +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 19cb8768e3..58546739a2 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; diff --git a/SOURCES/0259-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/SOURCES/0259-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch deleted file mode 100644 index 5e8cd4d..0000000 --- a/SOURCES/0259-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 10:49:56 +0000 -Subject: [PATCH] fs/btrfs: Fix several fuzz issues with invalid dir item - sizing - -According to the btrfs code in Linux, the structure of a directory item -leaf should be of the form: - - |struct btrfs_dir_item|name|data| - -in GRUB the name len and data len are in the grub_btrfs_dir_item -structure's n and m fields respectively. - -The combined size of the structure, name and data should be less than -the allocated memory, a difference to the Linux kernel's struct -btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for -where the name is stored, so we adjust for that too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit 6d3f06c0b6a8992b9b1bb0e62af93ac5ff2781f0) -[rharwood: we've an extra variable here] -Signed-off-by: Robbie Harwood -(cherry picked from commit e3e21b9a81aea09dd43368cf097c1029a8380d82) ---- - grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 4cc86e9b79..f3ab64e098 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2254,6 +2254,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, - grub_uint64_t tree; - grub_uint8_t type; - char *new_path = NULL; -+ grub_size_t est_size = 0; - - if (!data) - return grub_errno; -@@ -2320,6 +2321,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, - break; - } - -+ if (direl == NULL || -+ grub_add (grub_le_to_cpu16 (direl->n), -+ grub_le_to_cpu16 (direl->m), &est_size) || -+ grub_add (est_size, sizeof (*direl), &est_size) || -+ grub_sub (est_size, sizeof (direl->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - for (cdirel = direl; - (grub_uint8_t *) cdirel - (grub_uint8_t *) direl - < (grub_ssize_t) elemsize; -@@ -2330,6 +2343,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, - char c; - struct grub_btrfs_inode inode; - struct grub_dirhook_info info; -+ -+ if (cdirel == NULL || -+ grub_add (grub_le_to_cpu16 (cdirel->n), -+ grub_le_to_cpu16 (cdirel->m), &est_size) || -+ grub_add (est_size, sizeof (*cdirel), &est_size) || -+ grub_sub (est_size, sizeof (cdirel->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, - tree); - grub_memset (&info, 0, sizeof (info)); diff --git a/SOURCES/0259-net-http-Error-out-on-headers-with-LF-without-CR.patch b/SOURCES/0259-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000..ea8ce37 --- /dev/null +++ b/SOURCES/0259-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: [PATCH] net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit d232ad41ac4979a9de4d746e5fdff9caf0e303de) +(cherry picked from commit 8960e6d6137090a7e8c6592077da6e387a4ef972) +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 58546739a2..57d2721719 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { diff --git a/SOURCES/0260-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch b/SOURCES/0260-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch deleted file mode 100644 index f2a8815..0000000 --- a/SOURCES/0260-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 15:52:46 +0000 -Subject: [PATCH] fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing - -The fuzzer is generating btrfs file systems that have chunks with -invalid combinations of stripes and substripes for the given RAID -configurations. - -After examining the Linux kernel fs/btrfs/tree-checker.c code, it -appears that sub-stripes should only be applied to RAID10, and in that -case there should only ever be 2 of them. - -Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 -should have 2. 3 or 4 stripes respectively, which is what redundancy -corresponds. - -Some of the chunks ended up with a size of 0, which grub_malloc() still -returned memory for and in turn generated ASAN errors later when -accessed. - -While it would be possible to specifically limit the number of stripes, -a more correct test was on the combination of the chunk item, and the -number of stripes by the size of the chunk stripe structure in -comparison to the size of the chunk itself. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit 3849647b4b98a4419366708fc4b7f339c6f55ec7) -(cherry picked from commit fa5a02a8930bbd8a3b5ae6ed9612307611f18500) ---- - grub-core/fs/btrfs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 55 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index f3ab64e098..b104da085c 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -941,6 +941,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "couldn't find the chunk descriptor"); - -+ if (!chsize) -+ { -+ grub_dprintf ("btrfs", "zero-size chunk\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid zero-size chunk"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -999,6 +1005,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size), - nstripes, - NULL); -+ -+ /* For single, there should be exactly 1 stripe. */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != 1) -+ { -+ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID_SINGLE: nstripes != 1 (%u)", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ } - if (stripe_length == 0) - stripe_length = 512; - stripen = grub_divmod64 (off, stripe_length, &stripe_offset); -@@ -1018,6 +1034,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripen = 0; - stripe_offset = off; - csize = grub_le_to_cpu64 (chunk->size) - off; -+ -+ /* -+ * Redundancy, and substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy) -+ { -+ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID1: nstripes != %u (%u)", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ } - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID0: -@@ -1054,6 +1083,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_offset = low + chunk_stripe_length - * high; - csize = chunk_stripe_length - low; -+ -+ /* -+ * Substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2) -+ { -+ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ } -+ - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID5: -@@ -1153,6 +1196,8 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - - for (j = 0; j < 2; j++) - { -+ grub_size_t est_chunk_alloc = 0; -+ - grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T - "+0x%" PRIxGRUB_UINT64_T - " (%d stripes (%d substripes) of %" -@@ -1165,6 +1210,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n", - addr); - -+ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe), -+ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) || -+ grub_add (est_chunk_alloc, -+ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) || -+ est_chunk_alloc > chunk->size) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SOURCES/0260-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/SOURCES/0260-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch new file mode 100644 index 0000000..f0292c5 --- /dev/null +++ b/SOURCES/0260-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:03:37 +0530 +Subject: [PATCH] fs/f2fs: Do not read past the end of nat journal entries + +A corrupt f2fs file system could specify a nat journal entry count +that is beyond the maximum NAT_JOURNAL_ENTRIES. + +Check if the specified nat journal entry count before accessing the +array, and throw an error if it is too large. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit a3988cb3f0a108dd67ac127a79a4c8479d23334e) +(cherry picked from commit 7125978aa7d6068812ef6da0ab38ce521ae7eba1) +--- + grub-core/fs/f2fs.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 8a9992ca9e..63702214b0 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) + return err; + } + +-static grub_uint32_t +-get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) ++static grub_err_t ++get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, ++ grub_uint32_t *blkaddr) + { + grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); +- grub_uint32_t blkaddr = 0; + grub_uint16_t i; + ++ if (n >= NAT_JOURNAL_ENTRIES) ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid number of nat journal entries"); ++ + for (i = 0; i < n; i++) + { + if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) + { +- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); ++ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); + break; + } + } + +- return blkaddr; ++ return GRUB_ERR_NONE; + } + + static grub_uint32_t +@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + { + struct grub_f2fs_nat_block *nat_block; + grub_uint32_t seg_off, block_off, entry_off, block_addr; +- grub_uint32_t blkaddr; ++ grub_uint32_t blkaddr = 0; + grub_err_t err; + +- blkaddr = get_blkaddr_from_nat_journal (data, nid); ++ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); ++ if (err != GRUB_ERR_NONE) ++ return 0; ++ + if (blkaddr) + return blkaddr; + diff --git a/SOURCES/0261-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch b/SOURCES/0261-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch deleted file mode 100644 index 01294d6..0000000 --- a/SOURCES/0261-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Thu, 7 Apr 2022 15:18:12 +0000 -Subject: [PATCH] fs/btrfs: Fix more fuzz issues related to chunks - -The corpus we generating issues in grub_btrfs_read_logical() when -attempting to iterate over nstripes entries in the boot mapping. - -In most cases the reason for the failure was that the number of strips -exceeded the possible space statically allocated in superblock bootmapping -space. Each stripe entry in the bootmapping block consists of -a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. - -Another issue that came up was that while calculating the chunk size, -in an earlier piece of code in that function, depending on the data -provided in the btrfs file system, it would end up calculating a size -that was too small to contain even 1 grub_btrfs_chunk_item, which is -obviously invalid too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit e00cd76cbadcc897a9cc4087cb2fcb5dbe15e596) -(cherry picked from commit b74a6fc95b0839937acf4f2b7445ae9d179f49ec) ---- - grub-core/fs/btrfs.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index b104da085c..8ec885a93b 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -947,6 +947,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "got an invalid zero-size chunk"); - } -+ -+ /* -+ * The space being allocated for a chunk should at least be able to -+ * contain one chunk item. -+ */ -+ if (chsize < sizeof (struct grub_btrfs_chunk_item)) -+ { -+ grub_dprintf ("btrfs", "chunk-size too small\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid chunk size"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -1194,6 +1205,13 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - if (csize > (grub_uint64_t) size) - csize = size; - -+ /* -+ * The space for a chunk stripe is limited to the space provide in the super-block's -+ * bootstrap mapping with an initial btrfs key at the start of each chunk. -+ */ -+ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) / -+ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe)); -+ - for (j = 0; j < 2; j++) - { - grub_size_t est_chunk_alloc = 0; -@@ -1220,6 +1238,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - break; - } - -+ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SOURCES/0261-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/SOURCES/0261-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch new file mode 100644 index 0000000..1d59fb6 --- /dev/null +++ b/SOURCES/0261-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch @@ -0,0 +1,133 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:49:09 +0530 +Subject: [PATCH] fs/f2fs: Do not read past the end of nat bitmap + +A corrupt f2fs filesystem could have a block offset or a bitmap +offset that would cause us to read beyond the bounds of the nat +bitmap. + +Introduce the nat_bitmap_size member in grub_f2fs_data which holds +the size of nat bitmap. + +Set the size when loading the nat bitmap in nat_bitmap_ptr(), and +catch when an invalid offset would create a pointer past the end of +the allocated space. + +Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid +reading past the end of the nat bitmap. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 62d63d5e38c67a6e349148bf7cb87c560e935a7e) +(cherry picked from commit 92219e6d379b5b4d30b05361830b72ab1d95d281) +--- + grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ + 1 file changed, 27 insertions(+), 6 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 63702214b0..8898b235e0 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ + + #define MAX_VOLUME_NAME 512 ++#define MAX_NAT_BITMAP_SIZE 3900 + + enum FILE_TYPE + { +@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint + grub_uint32_t checksum_offset; + grub_uint64_t elapsed_time; + grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; +- grub_uint8_t sit_nat_version_bitmap[3900]; ++ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; + grub_uint32_t checksum; + } GRUB_PACKED; + +@@ -302,6 +303,7 @@ struct grub_f2fs_data + + struct grub_f2fs_nat_journal nat_j; + char *nat_bitmap; ++ grub_uint32_t nat_bitmap_size; + + grub_disk_t disk; + struct grub_f2fs_node *inode; +@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) + } + + static void * +-nat_bitmap_ptr (struct grub_f2fs_data *data) ++nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) + { + struct grub_f2fs_checkpoint *ckpt = &data->ckpt; + grub_uint32_t offset; ++ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; + + if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) + return ckpt->sit_nat_version_bitmap; + + offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); ++ if (offset >= MAX_NAT_BITMAP_SIZE) ++ return NULL; ++ ++ *nat_bitmap_size = *nat_bitmap_size - offset; + + return ckpt->sit_nat_version_bitmap + offset; + } +@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) + } + + static int +-grub_f2fs_test_bit (grub_uint32_t nr, const char *p) ++grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) + { + int mask; ++ grub_uint32_t shifted_nr = (nr >> 3); + +- p += (nr >> 3); ++ if (shifted_nr >= len) ++ return -1; ++ ++ p += shifted_nr; + mask = 1 << (7 - (nr & 0x07)); + + return mask & *p; +@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + grub_uint32_t seg_off, block_off, entry_off, block_addr; + grub_uint32_t blkaddr = 0; + grub_err_t err; ++ int result_bit; + + err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); + if (err != GRUB_ERR_NONE) +@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + ((seg_off * data->blocks_per_seg) << 1) + + (block_off & (data->blocks_per_seg - 1)); + +- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) ++ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, ++ data->nat_bitmap_size); ++ if (result_bit > 0) + block_addr += data->blocks_per_seg; ++ else if (result_bit == -1) ++ { ++ grub_free (nat_block); ++ return 0; ++ } + + err = grub_f2fs_block_read (data, block_addr, nat_block); + if (err) +@@ -833,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk) + if (err) + goto fail; + +- data->nat_bitmap = nat_bitmap_ptr (data); ++ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); ++ if (data->nat_bitmap == NULL) ++ goto fail; + + err = get_nat_journal (data); + if (err) diff --git a/SOURCES/0262-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/SOURCES/0262-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch new file mode 100644 index 0000000..c454897 --- /dev/null +++ b/SOURCES/0262-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:17:43 +0530 +Subject: [PATCH] fs/f2fs: Do not copy file names that are too long + +A corrupt f2fs file system might specify a name length which is greater +than the maximum name length supported by the GRUB f2fs driver. + +We will allocate enough memory to store the overly long name, but there +are only F2FS_NAME_LEN bytes in the source, so we would read past the end +of the source. + +While checking directory entries, do not copy a file name with an invalid +length. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a) +(cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7) +--- + grub-core/fs/f2fs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 8898b235e0..df6beb544c 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) + + ftype = ctx->dentry[i].file_type; + name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); ++ ++ if (name_len >= F2FS_NAME_LEN) ++ return 0; ++ + filename = grub_malloc (name_len + 1); + if (!filename) + return 0; diff --git a/SOURCES/0262-misc-Make-grub_min-and-grub_max-more-resilient.patch b/SOURCES/0262-misc-Make-grub_min-and-grub_max-more-resilient.patch deleted file mode 100644 index d34a0e3..0000000 --- a/SOURCES/0262-misc-Make-grub_min-and-grub_max-more-resilient.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 16:06:10 -0400 -Subject: [PATCH] misc: Make grub_min() and grub_max() more resilient. - -grub_min(a,b) and grub_max(a,b) use a relatively naive implementation -which leads to several problems: -- they evaluate their parameters more than once -- the naive way to address this, to declare temporary variables in a - statement-expression, isn't resilient against nested uses, because - MIN(a,MIN(b,c)) results in the temporary variables being declared in - two nested scopes, which may result in a build warning depending on - your build options. - -This patch changes our implementation to use a statement-expression -inside a helper macro, and creates the symbols for the temporary -variables with __COUNTER__ (A GNU C cpp extension) and token pasting to -create uniquely named internal variables. - -Signed-off-by: Peter Jones -(cherry picked from commit 2d6800450fa731d7b3ef9893986806e88e819eb6) ---- - grub-core/loader/multiboot_elfxx.c | 4 +--- - include/grub/misc.h | 25 +++++++++++++++++++++++-- - 2 files changed, 24 insertions(+), 5 deletions(-) - -diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index f2318e0d16..87f6e31aa6 100644 ---- a/grub-core/loader/multiboot_elfxx.c -+++ b/grub-core/loader/multiboot_elfxx.c -@@ -35,9 +35,7 @@ - #endif - - #include -- --#define CONCAT(a,b) CONCAT_(a, b) --#define CONCAT_(a,b) a ## b -+#include - - #pragma GCC diagnostic ignored "-Wcast-align" - -diff --git a/include/grub/misc.h b/include/grub/misc.h -index 6c4aa85ac5..cf84aec1db 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -35,6 +35,14 @@ - #define ARRAY_SIZE(array) (sizeof (array) / sizeof (array[0])) - #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; } - -+#ifndef CONCAT_ -+#define CONCAT_(a, b) a ## b -+#endif -+ -+#ifndef CONCAT -+#define CONCAT(a, b) CONCAT_(a, b) -+#endif -+ - #define grub_dprintf(condition, ...) grub_real_dprintf(GRUB_FILE, __LINE__, condition, __VA_ARGS__) - - void *EXPORT_FUNC(grub_memmove) (void *dest, const void *src, grub_size_t n); -@@ -498,8 +506,21 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, - #define grub_boot_time(...) - #endif - --#define grub_max(a, b) (((a) > (b)) ? (a) : (b)) --#define grub_min(a, b) (((a) < (b)) ? (a) : (b)) -+#define _grub_min(a, b, _a, _b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a < _b ? _a : _b; }) -+#define grub_min(a, b) _grub_min(a, b, \ -+ CONCAT(_a_,__COUNTER__), \ -+ CONCAT(_b_,__COUNTER__)) -+ -+#define _grub_max(a, b, _a, _b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a > _b ? _a : _b; }) -+#define grub_max(a, b) _grub_max(a, b, \ -+ CONCAT(_a_,__COUNTER__), \ -+ CONCAT(_b_,__COUNTER__)) - - #define grub_log2ull(n) (GRUB_TYPE_BITS (grub_uint64_t) - __builtin_clzll (n) - 1) - diff --git a/SOURCES/0263-ReiserFS-switch-to-using-grub_min-grub_max.patch b/SOURCES/0263-ReiserFS-switch-to-using-grub_min-grub_max.patch deleted file mode 100644 index e604215..0000000 --- a/SOURCES/0263-ReiserFS-switch-to-using-grub_min-grub_max.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 21 Apr 2022 16:31:17 -0400 -Subject: [PATCH] ReiserFS: switch to using grub_min()/grub_max() - -This is a minor cleanup patch to remove the bespoke MIN() and MAX() -definitions from the reiserfs driver, and uses grub_min() / grub_max() -instead. - -Signed-off-by: Peter Jones -(cherry picked from commit 5fc601574fce99b32fe4dfb55bd8f3ab0175fd6a) ---- - grub-core/fs/reiserfs.c | 28 +++++++++------------------- - 1 file changed, 9 insertions(+), 19 deletions(-) - -diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c -index af6a226a7f..b8253da7fe 100644 ---- a/grub-core/fs/reiserfs.c -+++ b/grub-core/fs/reiserfs.c -@@ -42,16 +42,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MIN(a, b) \ -- ({ typeof (a) _a = (a); \ -- typeof (b) _b = (b); \ -- _a < _b ? _a : _b; }) -- --#define MAX(a, b) \ -- ({ typeof (a) _a = (a); \ -- typeof (b) _b = (b); \ -- _a > _b ? _a : _b; }) -- - #define REISERFS_SUPER_BLOCK_OFFSET 0x10000 - #define REISERFS_MAGIC_LEN 12 - #define REISERFS_MAGIC_STRING "ReIsEr" -@@ -1076,7 +1066,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_reiserfs_set_key_type (&key, GRUB_REISERFS_ANY, 2); - initial_position = off; - current_position = 0; -- final_position = MIN (len + initial_position, node->size); -+ final_position = grub_min (len + initial_position, node->size); - grub_dprintf ("reiserfs", - "Reading from %lld to %lld (%lld instead of requested %ld)\n", - (unsigned long long) initial_position, -@@ -1115,8 +1105,8 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_dprintf ("reiserfs_blocktype", "D: %u\n", (unsigned) block); - if (initial_position < current_position + item_size) - { -- offset = MAX ((signed) (initial_position - current_position), 0); -- length = (MIN (item_size, final_position - current_position) -+ offset = grub_max ((signed) (initial_position - current_position), 0); -+ length = (grub_min (item_size, final_position - current_position) - - offset); - grub_dprintf ("reiserfs", - "Reading direct block %u from %u to %u...\n", -@@ -1161,9 +1151,9 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_dprintf ("reiserfs_blocktype", "I: %u\n", (unsigned) block); - if (current_position + block_size >= initial_position) - { -- offset = MAX ((signed) (initial_position - current_position), -- 0); -- length = (MIN (block_size, final_position - current_position) -+ offset = grub_max ((signed) (initial_position - current_position), -+ 0); -+ length = (grub_min (block_size, final_position - current_position) - - offset); - grub_dprintf ("reiserfs", - "Reading indirect block %u from %u to %u...\n", -@@ -1205,7 +1195,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - switch (found.type) - { - case GRUB_REISERFS_DIRECT: -- read_length = MIN (len, item_size - file->offset); -+ read_length = grub_min (len, item_size - file->offset); - grub_disk_read (found.data->disk, - (found.block_number * block_size) / GRUB_DISK_SECTOR_SIZE, - grub_le_to_cpu16 (found.header.item_location) + file->offset, -@@ -1224,12 +1214,12 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - item_size, (char *) indirect_block_ptr); - if (grub_errno) - goto fail; -- len = MIN (len, file->size - file->offset); -+ len = grub_min (len, file->size - file->offset); - for (indirect_block = file->offset / block_size; - indirect_block < indirect_block_count && read_length < len; - indirect_block++) - { -- read = MIN (block_size, len - read_length); -+ read = grub_min (block_size, len - read_length); - grub_disk_read (found.data->disk, - (grub_le_to_cpu32 (indirect_block_ptr[indirect_block]) * block_size) / GRUB_DISK_SECTOR_SIZE, - file->offset % block_size, read, diff --git a/SOURCES/0263-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/SOURCES/0263-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch new file mode 100644 index 0000000..5e8cd4d --- /dev/null +++ b/SOURCES/0263-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch @@ -0,0 +1,80 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 29 Mar 2022 10:49:56 +0000 +Subject: [PATCH] fs/btrfs: Fix several fuzz issues with invalid dir item + sizing + +According to the btrfs code in Linux, the structure of a directory item +leaf should be of the form: + + |struct btrfs_dir_item|name|data| + +in GRUB the name len and data len are in the grub_btrfs_dir_item +structure's n and m fields respectively. + +The combined size of the structure, name and data should be less than +the allocated memory, a difference to the Linux kernel's struct +btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for +where the name is stored, so we adjust for that too. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +(cherry picked from commit 6d3f06c0b6a8992b9b1bb0e62af93ac5ff2781f0) +[rharwood: we've an extra variable here] +Signed-off-by: Robbie Harwood +(cherry picked from commit e3e21b9a81aea09dd43368cf097c1029a8380d82) +--- + grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 4cc86e9b79..f3ab64e098 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -2254,6 +2254,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, + grub_uint64_t tree; + grub_uint8_t type; + char *new_path = NULL; ++ grub_size_t est_size = 0; + + if (!data) + return grub_errno; +@@ -2320,6 +2321,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, + break; + } + ++ if (direl == NULL || ++ grub_add (grub_le_to_cpu16 (direl->n), ++ grub_le_to_cpu16 (direl->m), &est_size) || ++ grub_add (est_size, sizeof (*direl), &est_size) || ++ grub_sub (est_size, sizeof (direl->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + for (cdirel = direl; + (grub_uint8_t *) cdirel - (grub_uint8_t *) direl + < (grub_ssize_t) elemsize; +@@ -2330,6 +2343,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, + char c; + struct grub_btrfs_inode inode; + struct grub_dirhook_info info; ++ ++ if (cdirel == NULL || ++ grub_add (grub_le_to_cpu16 (cdirel->n), ++ grub_le_to_cpu16 (cdirel->m), &est_size) || ++ grub_add (est_size, sizeof (*cdirel), &est_size) || ++ grub_sub (est_size, sizeof (cdirel->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, + tree); + grub_memset (&info, 0, sizeof (info)); diff --git a/SOURCES/0264-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch b/SOURCES/0264-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch new file mode 100644 index 0000000..f2a8815 --- /dev/null +++ b/SOURCES/0264-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch @@ -0,0 +1,135 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 29 Mar 2022 15:52:46 +0000 +Subject: [PATCH] fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing + +The fuzzer is generating btrfs file systems that have chunks with +invalid combinations of stripes and substripes for the given RAID +configurations. + +After examining the Linux kernel fs/btrfs/tree-checker.c code, it +appears that sub-stripes should only be applied to RAID10, and in that +case there should only ever be 2 of them. + +Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 +should have 2. 3 or 4 stripes respectively, which is what redundancy +corresponds. + +Some of the chunks ended up with a size of 0, which grub_malloc() still +returned memory for and in turn generated ASAN errors later when +accessed. + +While it would be possible to specifically limit the number of stripes, +a more correct test was on the combination of the chunk item, and the +number of stripes by the size of the chunk stripe structure in +comparison to the size of the chunk itself. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +(cherry picked from commit 3849647b4b98a4419366708fc4b7f339c6f55ec7) +(cherry picked from commit fa5a02a8930bbd8a3b5ae6ed9612307611f18500) +--- + grub-core/fs/btrfs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index f3ab64e098..b104da085c 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -941,6 +941,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + return grub_error (GRUB_ERR_BAD_FS, + "couldn't find the chunk descriptor"); + ++ if (!chsize) ++ { ++ grub_dprintf ("btrfs", "zero-size chunk\n"); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "got an invalid zero-size chunk"); ++ } + chunk = grub_malloc (chsize); + if (!chunk) + return grub_errno; +@@ -999,6 +1005,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size), + nstripes, + NULL); ++ ++ /* For single, there should be exactly 1 stripe. */ ++ if (grub_le_to_cpu16 (chunk->nstripes) != 1) ++ { ++ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n", ++ grub_le_to_cpu16 (chunk->nstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID_SINGLE: nstripes != 1 (%u)", ++ grub_le_to_cpu16 (chunk->nstripes)); ++ } + if (stripe_length == 0) + stripe_length = 512; + stripen = grub_divmod64 (off, stripe_length, &stripe_offset); +@@ -1018,6 +1034,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripen = 0; + stripe_offset = off; + csize = grub_le_to_cpu64 (chunk->size) - off; ++ ++ /* ++ * Redundancy, and substripes only apply to RAID10, and there ++ * should be exactly 2 sub-stripes. ++ */ ++ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy) ++ { ++ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n", ++ redundancy, grub_le_to_cpu16 (chunk->nstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID1: nstripes != %u (%u)", ++ redundancy, grub_le_to_cpu16 (chunk->nstripes)); ++ } + break; + } + case GRUB_BTRFS_CHUNK_TYPE_RAID0: +@@ -1054,6 +1083,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripe_offset = low + chunk_stripe_length + * high; + csize = chunk_stripe_length - low; ++ ++ /* ++ * Substripes only apply to RAID10, and there ++ * should be exactly 2 sub-stripes. ++ */ ++ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2) ++ { ++ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)", ++ grub_le_to_cpu16 (chunk->nsubstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID10: nsubstripes != 2 (%u)", ++ grub_le_to_cpu16 (chunk->nsubstripes)); ++ } ++ + break; + } + case GRUB_BTRFS_CHUNK_TYPE_RAID5: +@@ -1153,6 +1196,8 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + + for (j = 0; j < 2; j++) + { ++ grub_size_t est_chunk_alloc = 0; ++ + grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T + "+0x%" PRIxGRUB_UINT64_T + " (%d stripes (%d substripes) of %" +@@ -1165,6 +1210,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n", + addr); + ++ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe), ++ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) || ++ grub_add (est_chunk_alloc, ++ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) || ++ est_chunk_alloc > chunk->size) ++ { ++ err = GRUB_ERR_BAD_FS; ++ break; ++ } ++ + if (is_raid56) + { + err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SOURCES/0264-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch b/SOURCES/0264-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch deleted file mode 100644 index 64bbe31..0000000 --- a/SOURCES/0264-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Mar 2022 14:40:01 -0400 -Subject: [PATCH] misc: make grub_boot_time() also call - grub_dprintf("boot",...) - -Currently grub_boot_time() includes valuable debugging messages, but if -you build without BOOT_TIME_STATS enabled, they are silently and -confusingly compiled away. - -This patch changes grub_boot_time() to also log when "boot" is enabled -in DEBUG, regardless of BOOT_TIME_STATS. - -Signed-off-by: Peter Jones -(cherry picked from commit 4fd282de00df05ce289467861deb7a0e186cfbd7) ---- - grub-core/kern/misc.c | 3 ++- - include/grub/misc.h | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a186ad3dd4..cb45461402 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -1334,7 +1334,8 @@ grub_real_boot_time (const char *file, - n->next = 0; - - va_start (args, fmt); -- n->msg = grub_xvasprintf (fmt, args); -+ n->msg = grub_xvasprintf (fmt, args); -+ grub_dprintf ("boot", "%s\n", n->msg); - va_end (args); - - *boot_time_last = n; -diff --git a/include/grub/misc.h b/include/grub/misc.h -index cf84aec1db..faae0ae860 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -503,7 +503,7 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, - const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 3, 4))); - #define grub_boot_time(...) grub_real_boot_time(GRUB_FILE, __LINE__, __VA_ARGS__) - #else --#define grub_boot_time(...) -+#define grub_boot_time(fmt, ...) grub_dprintf("boot", fmt "\n", ##__VA_ARGS__) - #endif - - #define _grub_min(a, b, _a, _b) \ diff --git a/SOURCES/0265-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch b/SOURCES/0265-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch new file mode 100644 index 0000000..01294d6 --- /dev/null +++ b/SOURCES/0265-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 7 Apr 2022 15:18:12 +0000 +Subject: [PATCH] fs/btrfs: Fix more fuzz issues related to chunks + +The corpus we generating issues in grub_btrfs_read_logical() when +attempting to iterate over nstripes entries in the boot mapping. + +In most cases the reason for the failure was that the number of strips +exceeded the possible space statically allocated in superblock bootmapping +space. Each stripe entry in the bootmapping block consists of +a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. + +Another issue that came up was that while calculating the chunk size, +in an earlier piece of code in that function, depending on the data +provided in the btrfs file system, it would end up calculating a size +that was too small to contain even 1 grub_btrfs_chunk_item, which is +obviously invalid too. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +(cherry picked from commit e00cd76cbadcc897a9cc4087cb2fcb5dbe15e596) +(cherry picked from commit b74a6fc95b0839937acf4f2b7445ae9d179f49ec) +--- + grub-core/fs/btrfs.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index b104da085c..8ec885a93b 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -947,6 +947,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + return grub_error (GRUB_ERR_BAD_FS, + "got an invalid zero-size chunk"); + } ++ ++ /* ++ * The space being allocated for a chunk should at least be able to ++ * contain one chunk item. ++ */ ++ if (chsize < sizeof (struct grub_btrfs_chunk_item)) ++ { ++ grub_dprintf ("btrfs", "chunk-size too small\n"); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "got an invalid chunk size"); ++ } + chunk = grub_malloc (chsize); + if (!chunk) + return grub_errno; +@@ -1194,6 +1205,13 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + if (csize > (grub_uint64_t) size) + csize = size; + ++ /* ++ * The space for a chunk stripe is limited to the space provide in the super-block's ++ * bootstrap mapping with an initial btrfs key at the start of each chunk. ++ */ ++ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) / ++ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe)); ++ + for (j = 0; j < 2; j++) + { + grub_size_t est_chunk_alloc = 0; +@@ -1220,6 +1238,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + break; + } + ++ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes) ++ { ++ err = GRUB_ERR_BAD_FS; ++ break; ++ } ++ + if (is_raid56) + { + err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SOURCES/0265-modules-make-.module_license-read-only.patch b/SOURCES/0265-modules-make-.module_license-read-only.patch deleted file mode 100644 index 51281a3..0000000 --- a/SOURCES/0265-modules-make-.module_license-read-only.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Feb 2022 16:32:51 -0500 -Subject: [PATCH] modules: make .module_license read-only - -Currently .module_license is set writable (that is, the section has the -SHF_WRITE flag set) in the module's ELF headers. This probably never -actually matters, but it can't possibly be correct. - -This patch sets that data as "const", which causes that flag not to be -set. - -Signed-off-by: Peter Jones -(cherry picked from commit 2eff3e2c9d9e6b75daa81b840c96f112ef7d5de6) ---- - include/grub/dl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 20d870f2a4..618ae6f474 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -121,7 +121,7 @@ grub_mod_fini (void) - #define ATTRIBUTE_USED __unused__ - #endif - #define GRUB_MOD_LICENSE(license) \ -- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; -+ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; - #define GRUB_MOD_DEP(name) \ - static const char grub_module_depend_##name[] \ - __attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name diff --git a/SOURCES/0266-misc-Make-grub_min-and-grub_max-more-resilient.patch b/SOURCES/0266-misc-Make-grub_min-and-grub_max-more-resilient.patch new file mode 100644 index 0000000..d34a0e3 --- /dev/null +++ b/SOURCES/0266-misc-Make-grub_min-and-grub_max-more-resilient.patch @@ -0,0 +1,84 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 16:06:10 -0400 +Subject: [PATCH] misc: Make grub_min() and grub_max() more resilient. + +grub_min(a,b) and grub_max(a,b) use a relatively naive implementation +which leads to several problems: +- they evaluate their parameters more than once +- the naive way to address this, to declare temporary variables in a + statement-expression, isn't resilient against nested uses, because + MIN(a,MIN(b,c)) results in the temporary variables being declared in + two nested scopes, which may result in a build warning depending on + your build options. + +This patch changes our implementation to use a statement-expression +inside a helper macro, and creates the symbols for the temporary +variables with __COUNTER__ (A GNU C cpp extension) and token pasting to +create uniquely named internal variables. + +Signed-off-by: Peter Jones +(cherry picked from commit 2d6800450fa731d7b3ef9893986806e88e819eb6) +--- + grub-core/loader/multiboot_elfxx.c | 4 +--- + include/grub/misc.h | 25 +++++++++++++++++++++++-- + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index f2318e0d16..87f6e31aa6 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -35,9 +35,7 @@ + #endif + + #include +- +-#define CONCAT(a,b) CONCAT_(a, b) +-#define CONCAT_(a,b) a ## b ++#include + + #pragma GCC diagnostic ignored "-Wcast-align" + +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 6c4aa85ac5..cf84aec1db 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -35,6 +35,14 @@ + #define ARRAY_SIZE(array) (sizeof (array) / sizeof (array[0])) + #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; } + ++#ifndef CONCAT_ ++#define CONCAT_(a, b) a ## b ++#endif ++ ++#ifndef CONCAT ++#define CONCAT(a, b) CONCAT_(a, b) ++#endif ++ + #define grub_dprintf(condition, ...) grub_real_dprintf(GRUB_FILE, __LINE__, condition, __VA_ARGS__) + + void *EXPORT_FUNC(grub_memmove) (void *dest, const void *src, grub_size_t n); +@@ -498,8 +506,21 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_boot_time(...) + #endif + +-#define grub_max(a, b) (((a) > (b)) ? (a) : (b)) +-#define grub_min(a, b) (((a) < (b)) ? (a) : (b)) ++#define _grub_min(a, b, _a, _b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a < _b ? _a : _b; }) ++#define grub_min(a, b) _grub_min(a, b, \ ++ CONCAT(_a_,__COUNTER__), \ ++ CONCAT(_b_,__COUNTER__)) ++ ++#define _grub_max(a, b, _a, _b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a > _b ? _a : _b; }) ++#define grub_max(a, b) _grub_max(a, b, \ ++ CONCAT(_a_,__COUNTER__), \ ++ CONCAT(_b_,__COUNTER__)) + + #define grub_log2ull(n) (GRUB_TYPE_BITS (grub_uint64_t) - __builtin_clzll (n) - 1) + diff --git a/SOURCES/0266-modules-strip-.llvm_addrsig-sections-and-similar.patch b/SOURCES/0266-modules-strip-.llvm_addrsig-sections-and-similar.patch deleted file mode 100644 index 16528e4..0000000 --- a/SOURCES/0266-modules-strip-.llvm_addrsig-sections-and-similar.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Feb 2022 16:40:11 -0500 -Subject: [PATCH] modules: strip .llvm_addrsig sections and similar. - -Currently grub modules built with clang or gcc have several sections -which we don't actually need or support. - -We already have a list of section to skip in genmod.sh, and this patch -adds the following sections to that list (as well as a few newlines): - -.note.gnu.property -.llvm* - -Note that the glob there won't work without a new enough linker, but the -failure is just reversion to the status quo, so that's not a big problem. - -Signed-off-by: Peter Jones -(cherry picked from commit e85d1c4d795f8135ad0acfa36d64760d12d6fed1) ---- - grub-core/genmod.sh.in | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in -index 1250589b3f..c2c5280d75 100644 ---- a/grub-core/genmod.sh.in -+++ b/grub-core/genmod.sh.in -@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then - @TARGET_STRIP@ --strip-unneeded \ - -K grub_mod_init -K grub_mod_fini \ - -K _grub_mod_init -K _grub_mod_fini \ -- -R .note.gnu.gold-version -R .note.GNU-stack \ -+ -R .note.GNU-stack \ -+ -R .note.gnu.gold-version \ -+ -R .note.gnu.property \ - -R .gnu.build.attributes \ -+ -R '.llvm*' \ - -R .rel.gnu.build.attributes \ - -R .rela.gnu.build.attributes \ - -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ diff --git a/SOURCES/0267-ReiserFS-switch-to-using-grub_min-grub_max.patch b/SOURCES/0267-ReiserFS-switch-to-using-grub_min-grub_max.patch new file mode 100644 index 0000000..e604215 --- /dev/null +++ b/SOURCES/0267-ReiserFS-switch-to-using-grub_min-grub_max.patch @@ -0,0 +1,93 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 21 Apr 2022 16:31:17 -0400 +Subject: [PATCH] ReiserFS: switch to using grub_min()/grub_max() + +This is a minor cleanup patch to remove the bespoke MIN() and MAX() +definitions from the reiserfs driver, and uses grub_min() / grub_max() +instead. + +Signed-off-by: Peter Jones +(cherry picked from commit 5fc601574fce99b32fe4dfb55bd8f3ab0175fd6a) +--- + grub-core/fs/reiserfs.c | 28 +++++++++------------------- + 1 file changed, 9 insertions(+), 19 deletions(-) + +diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c +index af6a226a7f..b8253da7fe 100644 +--- a/grub-core/fs/reiserfs.c ++++ b/grub-core/fs/reiserfs.c +@@ -42,16 +42,6 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-#define MIN(a, b) \ +- ({ typeof (a) _a = (a); \ +- typeof (b) _b = (b); \ +- _a < _b ? _a : _b; }) +- +-#define MAX(a, b) \ +- ({ typeof (a) _a = (a); \ +- typeof (b) _b = (b); \ +- _a > _b ? _a : _b; }) +- + #define REISERFS_SUPER_BLOCK_OFFSET 0x10000 + #define REISERFS_MAGIC_LEN 12 + #define REISERFS_MAGIC_STRING "ReIsEr" +@@ -1076,7 +1066,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_reiserfs_set_key_type (&key, GRUB_REISERFS_ANY, 2); + initial_position = off; + current_position = 0; +- final_position = MIN (len + initial_position, node->size); ++ final_position = grub_min (len + initial_position, node->size); + grub_dprintf ("reiserfs", + "Reading from %lld to %lld (%lld instead of requested %ld)\n", + (unsigned long long) initial_position, +@@ -1115,8 +1105,8 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_dprintf ("reiserfs_blocktype", "D: %u\n", (unsigned) block); + if (initial_position < current_position + item_size) + { +- offset = MAX ((signed) (initial_position - current_position), 0); +- length = (MIN (item_size, final_position - current_position) ++ offset = grub_max ((signed) (initial_position - current_position), 0); ++ length = (grub_min (item_size, final_position - current_position) + - offset); + grub_dprintf ("reiserfs", + "Reading direct block %u from %u to %u...\n", +@@ -1161,9 +1151,9 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_dprintf ("reiserfs_blocktype", "I: %u\n", (unsigned) block); + if (current_position + block_size >= initial_position) + { +- offset = MAX ((signed) (initial_position - current_position), +- 0); +- length = (MIN (block_size, final_position - current_position) ++ offset = grub_max ((signed) (initial_position - current_position), ++ 0); ++ length = (grub_min (block_size, final_position - current_position) + - offset); + grub_dprintf ("reiserfs", + "Reading indirect block %u from %u to %u...\n", +@@ -1205,7 +1195,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + switch (found.type) + { + case GRUB_REISERFS_DIRECT: +- read_length = MIN (len, item_size - file->offset); ++ read_length = grub_min (len, item_size - file->offset); + grub_disk_read (found.data->disk, + (found.block_number * block_size) / GRUB_DISK_SECTOR_SIZE, + grub_le_to_cpu16 (found.header.item_location) + file->offset, +@@ -1224,12 +1214,12 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + item_size, (char *) indirect_block_ptr); + if (grub_errno) + goto fail; +- len = MIN (len, file->size - file->offset); ++ len = grub_min (len, file->size - file->offset); + for (indirect_block = file->offset / block_size; + indirect_block < indirect_block_count && read_length < len; + indirect_block++) + { +- read = MIN (block_size, len - read_length); ++ read = grub_min (block_size, len - read_length); + grub_disk_read (found.data->disk, + (grub_le_to_cpu32 (indirect_block_ptr[indirect_block]) * block_size) / GRUB_DISK_SECTOR_SIZE, + file->offset % block_size, read, diff --git a/SOURCES/0267-modules-Don-t-allocate-space-for-non-allocable-secti.patch b/SOURCES/0267-modules-Don-t-allocate-space-for-non-allocable-secti.patch deleted file mode 100644 index 6599406..0000000 --- a/SOURCES/0267-modules-Don-t-allocate-space-for-non-allocable-secti.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 16:56:10 -0400 -Subject: [PATCH] modules: Don't allocate space for non-allocable sections. - -Currently when loading grub modules, we allocate space for all sections, -including those without SHF_ALLOC set. We then copy the sections that -/do/ have SHF_ALLOC set into the allocated memory, leaving some of our -allocation untouched forever. Additionally, on platforms with GOT -fixups and trampolines, we currently compute alignment round-ups for the -sections and sections with sh_size = 0. - -This patch removes the extra space from the allocation computation, and -makes the allocation computation loop skip empty sections as the loading -loop does. - -Signed-off-by: Peter Jones -(cherry picked from commit 03215e342f552396ab08125ea769b1e166417ec1) ---- - grub-core/kern/dl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index f304494574..aef8af8aa7 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -289,6 +289,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - i < e->e_shnum; - i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) - { -+ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) -+ continue; -+ - tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; - if (talign < s->sh_addralign) - talign = s->sh_addralign; diff --git a/SOURCES/0268-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch b/SOURCES/0268-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch new file mode 100644 index 0000000..64bbe31 --- /dev/null +++ b/SOURCES/0268-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Mar 2022 14:40:01 -0400 +Subject: [PATCH] misc: make grub_boot_time() also call + grub_dprintf("boot",...) + +Currently grub_boot_time() includes valuable debugging messages, but if +you build without BOOT_TIME_STATS enabled, they are silently and +confusingly compiled away. + +This patch changes grub_boot_time() to also log when "boot" is enabled +in DEBUG, regardless of BOOT_TIME_STATS. + +Signed-off-by: Peter Jones +(cherry picked from commit 4fd282de00df05ce289467861deb7a0e186cfbd7) +--- + grub-core/kern/misc.c | 3 ++- + include/grub/misc.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index a186ad3dd4..cb45461402 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1334,7 +1334,8 @@ grub_real_boot_time (const char *file, + n->next = 0; + + va_start (args, fmt); +- n->msg = grub_xvasprintf (fmt, args); ++ n->msg = grub_xvasprintf (fmt, args); ++ grub_dprintf ("boot", "%s\n", n->msg); + va_end (args); + + *boot_time_last = n; +diff --git a/include/grub/misc.h b/include/grub/misc.h +index cf84aec1db..faae0ae860 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -503,7 +503,7 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 3, 4))); + #define grub_boot_time(...) grub_real_boot_time(GRUB_FILE, __LINE__, __VA_ARGS__) + #else +-#define grub_boot_time(...) ++#define grub_boot_time(fmt, ...) grub_dprintf("boot", fmt "\n", ##__VA_ARGS__) + #endif + + #define _grub_min(a, b, _a, _b) \ diff --git a/SOURCES/0268-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch b/SOURCES/0268-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch deleted file mode 100644 index c3f2e0f..0000000 --- a/SOURCES/0268-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 25 Mar 2022 15:40:12 -0400 -Subject: [PATCH] pe: add the DOS header struct and fix some bad naming. - -In order to properly validate a loaded kernel's support for being loaded -without a writable stack or executable, we need to be able to properly -parse arbitrary PE headers. - -Currently, pe32.h is written in such a way that the MS-DOS header that -tells us where to find the PE header in the binary can't be accessed. -Further, for some reason it calls the DOS MZ magic "GRUB_PE32_MAGIC". - -This patch adds the structure for the DOS header, renames the DOS magic -define, and adds defines for the actual PE magic. - -Signed-off-by: Peter Jones -(cherry picked from commit 955f47aa8300387eecf18b0866d21dde7720593d) ---- - grub-core/loader/arm64/linux.c | 2 +- - include/grub/efi/pe32.h | 28 ++++++++++++++++++++++++++-- - 2 files changed, 27 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index f18d90bd74..bcc6ef46e9 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -59,7 +59,7 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) - if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) - return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); - -- if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) -+ if ((lh->code0 & 0xffff) != GRUB_DOS_MAGIC) - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, - N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); - -diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index a43adf2746..2a5e1ee003 100644 ---- a/include/grub/efi/pe32.h -+++ b/include/grub/efi/pe32.h -@@ -46,7 +46,30 @@ - - #define GRUB_PE32_MSDOS_STUB_SIZE 0x80 - --#define GRUB_PE32_MAGIC 0x5a4d -+#define GRUB_DOS_MAGIC 0x5a4d -+ -+struct grub_dos_header -+{ -+ grub_uint16_t magic; -+ grub_uint16_t cblp; -+ grub_uint16_t cp; -+ grub_uint16_t crlc; -+ grub_uint16_t cparhdr; -+ grub_uint16_t minalloc; -+ grub_uint16_t maxalloc; -+ grub_uint16_t ss; -+ grub_uint16_t sp; -+ grub_uint16_t csum; -+ grub_uint16_t ip; -+ grub_uint16_t cs; -+ grub_uint16_t lfarlc; -+ grub_uint16_t ovno; -+ grub_uint16_t res0[4]; -+ grub_uint16_t oemid; -+ grub_uint16_t oeminfo; -+ grub_uint16_t res1[10]; -+ grub_uint32_t lfanew; -+}; - - /* According to the spec, the minimal alignment is 512 bytes... - But some examples (such as EFI drivers in the Intel -@@ -280,7 +303,8 @@ struct grub_pe32_section_table - - - --#define GRUB_PE32_SIGNATURE_SIZE 4 -+#define GRUB_PE32_SIGNATURE_SIZE 4 -+#define GRUB_PE32_SIGNATURE "PE\0\0" - - struct grub_pe32_header - { diff --git a/SOURCES/0269-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch b/SOURCES/0269-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch deleted file mode 100644 index b306f15..0000000 --- a/SOURCES/0269-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 9 Feb 2022 16:08:20 -0500 -Subject: [PATCH] EFI: allocate kernel in EFI_RUNTIME_SERVICES_CODE instead of - EFI_LOADER_DATA. - -On some of the firmwares with more security mitigations, EFI_LOADER_DATA -doesn't get you executable memory, and we take a fault and reboot when -we enter kernel. - -This patch correctly allocates the kernel code as EFI_RUNTIME_SERVICES_CODE -rather than EFI_LOADER_DATA. - -Signed-off-by: Peter Jones -[rharwood: use kernel_size] -Signed-off-by: Robbie Harwood -(cherry picked from commit 8b31058a12d3e85f0f0180ac90b98d6465fccbb7) ---- - grub-core/loader/i386/efi/linux.c | 19 +++++++++++++------ - 1 file changed, 13 insertions(+), 6 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index d24553a79d..b832c85728 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -87,7 +87,9 @@ kernel_free(void *addr, grub_efi_uintn_t size) - } - - static void * --kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) -+kernel_alloc(grub_efi_uintn_t size, -+ grub_efi_memory_type_t memtype, -+ const char * const errmsg) - { - void *addr = 0; - unsigned int i; -@@ -113,7 +115,7 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - prev_max = max; - addr = grub_efi_allocate_pages_real (max, pages, - max_addresses[i].alloc_type, -- GRUB_EFI_LOADER_DATA); -+ memtype); - if (addr) - grub_dprintf ("linux", "Allocated at %p\n", addr); - } -@@ -243,7 +245,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - } - -- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, -+ N_("can't allocate initrd")); - if (initrd_mem == NULL) - goto fail; - grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); -@@ -406,7 +409,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -- params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); -+ params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, -+ "cannot allocate kernel parameters"); - if (!params) - goto fail; - grub_dprintf ("linux", "params = %p\n", params); -@@ -428,7 +432,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -+ cmdline = kernel_alloc (lh->cmdline_size + 1, -+ GRUB_EFI_RUNTIME_SERVICES_DATA, -+ N_("can't allocate cmdline")); - if (!cmdline) - goto fail; - grub_dprintf ("linux", "cmdline = %p\n", cmdline); -@@ -474,7 +480,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - kernel_size = lh->init_size; -- kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); -+ kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, -+ N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) - goto fail; diff --git a/SOURCES/0269-modules-make-.module_license-read-only.patch b/SOURCES/0269-modules-make-.module_license-read-only.patch new file mode 100644 index 0000000..51281a3 --- /dev/null +++ b/SOURCES/0269-modules-make-.module_license-read-only.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Feb 2022 16:32:51 -0500 +Subject: [PATCH] modules: make .module_license read-only + +Currently .module_license is set writable (that is, the section has the +SHF_WRITE flag set) in the module's ELF headers. This probably never +actually matters, but it can't possibly be correct. + +This patch sets that data as "const", which causes that flag not to be +set. + +Signed-off-by: Peter Jones +(cherry picked from commit 2eff3e2c9d9e6b75daa81b840c96f112ef7d5de6) +--- + include/grub/dl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 20d870f2a4..618ae6f474 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -121,7 +121,7 @@ grub_mod_fini (void) + #define ATTRIBUTE_USED __unused__ + #endif + #define GRUB_MOD_LICENSE(license) \ +- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; ++ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; + #define GRUB_MOD_DEP(name) \ + static const char grub_module_depend_##name[] \ + __attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name diff --git a/SOURCES/0270-modules-load-module-sections-at-page-aligned-address.patch b/SOURCES/0270-modules-load-module-sections-at-page-aligned-address.patch deleted file mode 100644 index 1c703d8..0000000 --- a/SOURCES/0270-modules-load-module-sections-at-page-aligned-address.patch +++ /dev/null @@ -1,379 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 17:45:40 -0400 -Subject: [PATCH] modules: load module sections at page-aligned addresses - -Currently we load module sections at whatever alignment gcc+ld happened -to dump into the ELF section header, which is often pretty useless. For -example, by default time.mod has these sections on a current x86_64 -build: - -$ eu-readelf -a grub-core/time.mod |& grep ^Section -A13 -Section Headers: -[Nr] Name Type Addr Off Size ES Flags Lk Inf Al -[ 0] NULL 0 00000000 00000000 0 0 0 0 -[ 1] .text PROGBITS 0 00000040 0000015e 0 AX 0 0 1 -[ 2] .rela.text RELA 0 00000458 000001e0 24 I 8 1 8 -[ 3] .rodata.str1.1 PROGBITS 0 0000019e 000000a1 1 AMS 0 0 1 -[ 4] .module_license PROGBITS 0 00000240 0000000f 0 A 0 0 8 -[ 5] .data PROGBITS 0 0000024f 00000000 0 WA 0 0 1 -[ 6] .bss NOBITS 0 00000250 00000008 0 WA 0 0 8 -[ 7] .modname PROGBITS 0 00000250 00000005 0 0 0 1 -[ 8] .symtab SYMTAB 0 00000258 00000150 24 9 6 8 -[ 9] .strtab STRTAB 0 000003a8 000000ab 0 0 0 1 -[10] .shstrtab STRTAB 0 00000638 00000059 0 0 0 1 - -With NX protections being page based, loading sections with either a 1 -or 8 *byte* alignment does absolutely nothing to help us out. - -This patch switches most EFI platforms to load module sections at 4kB -page-aligned addresses. To do so, it adds an new per-arch function, -grub_arch_dl_min_alignment(), which returns the alignment needed for -dynamically loaded sections (in bytes). Currently it sets it to 4096 -when GRUB_MACHINE_EFI is true on x86_64, i386, arm, arm64, and emu, and -1-byte alignment on everything else. - -It then changes the allocation size computation and the loader code in -grub_dl_load_segments() to align the locations and sizes up to these -boundaries, and fills any added padding with zeros. - -All of this happens before relocations are applied, so the relocations -factor that in with no change. - -As an aside, initially Daniel Kiper and I thought that it might be a -better idea to split the modules up into top-level sections as -.text.modules, .rodata.modules, .data.modules, etc., so that their page -permissions would get set by the loader that's loading grub itself. -This turns out to have two significant downsides: 1) either in mkimage -or in grub_dl_relocate_symbols(), you wind up having to dynamically -process the relocations to accommodate the moved module sections, and 2) -you then need to change the permissions on the modules and change them -back while relocating them in grub_dl_relocate_symbols(), which means -that any loader that /does/ honor the section flags but does /not/ -generally support NX with the memory attributes API will cause grub to -fail. - -Signed-off-by: Peter Jones -(cherry picked from commit 31d52500b281619d92b03b2c2d30fe15aedaf326) ---- - grub-core/kern/arm/dl.c | 13 +++++++++++++ - grub-core/kern/arm64/dl.c | 13 +++++++++++++ - grub-core/kern/dl.c | 29 +++++++++++++++++++++-------- - grub-core/kern/emu/full.c | 13 +++++++++++++ - grub-core/kern/i386/dl.c | 13 +++++++++++++ - grub-core/kern/ia64/dl.c | 9 +++++++++ - grub-core/kern/mips/dl.c | 8 ++++++++ - grub-core/kern/powerpc/dl.c | 9 +++++++++ - grub-core/kern/riscv/dl.c | 13 +++++++++++++ - grub-core/kern/sparc64/dl.c | 9 +++++++++ - grub-core/kern/x86_64/dl.c | 13 +++++++++++++ - include/grub/dl.h | 2 ++ - docs/grub-dev.texi | 6 +++--- - 13 files changed, 139 insertions(+), 11 deletions(-) - -diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c -index eab9d17ff2..9260737936 100644 ---- a/grub-core/kern/arm/dl.c -+++ b/grub-core/kern/arm/dl.c -@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr) - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c -index 512e5a80b0..0d4a26857f 100644 ---- a/grub-core/kern/arm64/dl.c -+++ b/grub-core/kern/arm64/dl.c -@@ -196,3 +196,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index aef8af8aa7..8c7aacef39 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -277,7 +277,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - { - unsigned i; - const Elf_Shdr *s; -- grub_size_t tsize = 0, talign = 1; -+ grub_size_t tsize = 0, talign = 1, arch_addralign = 1; - #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) - grub_size_t tramp; - grub_size_t got; -@@ -285,16 +285,24 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - #endif - char *ptr; - -+ arch_addralign = grub_arch_dl_min_alignment (); -+ - for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); - i < e->e_shnum; - i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) - { -+ grub_size_t sh_addralign; -+ grub_size_t sh_size; -+ - if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) - continue; - -- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; -- if (talign < s->sh_addralign) -- talign = s->sh_addralign; -+ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); -+ sh_size = ALIGN_UP(s->sh_size, sh_addralign); -+ -+ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size; -+ if (talign < sh_addralign) -+ talign = sh_addralign; - } - - #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -@@ -323,6 +331,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - i < e->e_shnum; - i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize)) - { -+ grub_size_t sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); -+ grub_size_t sh_size = ALIGN_UP(s->sh_size, sh_addralign); -+ - if (s->sh_flags & SHF_ALLOC) - { - grub_dl_segment_t seg; -@@ -335,17 +346,19 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - { - void *addr; - -- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign); -+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign); - addr = ptr; -- ptr += s->sh_size; -+ ptr += sh_size; - - switch (s->sh_type) - { - case SHT_PROGBITS: - grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size); -+ grub_memset ((char *)addr + s->sh_size, 0, -+ sh_size - s->sh_size); - break; - case SHT_NOBITS: -- grub_memset (addr, 0, s->sh_size); -+ grub_memset (addr, 0, sh_size); - break; - } - -@@ -354,7 +367,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - else - seg->addr = 0; - -- seg->size = s->sh_size; -+ seg->size = sh_size; - seg->section = i; - seg->next = mod->segment; - mod->segment = seg; -diff --git a/grub-core/kern/emu/full.c b/grub-core/kern/emu/full.c -index e8d63b1f5f..1de1c28eb0 100644 ---- a/grub-core/kern/emu/full.c -+++ b/grub-core/kern/emu/full.c -@@ -67,3 +67,16 @@ grub_arch_dl_init_linker (void) - } - #endif - -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/i386/dl.c b/grub-core/kern/i386/dl.c -index 1346da5cc9..d6b4681fc9 100644 ---- a/grub-core/kern/i386/dl.c -+++ b/grub-core/kern/i386/dl.c -@@ -79,3 +79,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/ia64/dl.c b/grub-core/kern/ia64/dl.c -index db59300fea..92d82c5750 100644 ---- a/grub-core/kern/ia64/dl.c -+++ b/grub-core/kern/ia64/dl.c -@@ -148,3 +148,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - } - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/mips/dl.c b/grub-core/kern/mips/dl.c -index 5d7d299c74..6d83bd71e9 100644 ---- a/grub-core/kern/mips/dl.c -+++ b/grub-core/kern/mips/dl.c -@@ -272,3 +272,11 @@ grub_arch_dl_init_linker (void) - grub_dl_register_symbol ("_gp_disp", &_gp_disp_dummy, 0, 0); - } - -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/powerpc/dl.c b/grub-core/kern/powerpc/dl.c -index cdd61b305f..5d9ba2e158 100644 ---- a/grub-core/kern/powerpc/dl.c -+++ b/grub-core/kern/powerpc/dl.c -@@ -167,3 +167,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c -index f26b12aaa4..aa18f9e990 100644 ---- a/grub-core/kern/riscv/dl.c -+++ b/grub-core/kern/riscv/dl.c -@@ -343,3 +343,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/sparc64/dl.c b/grub-core/kern/sparc64/dl.c -index f3d960186b..f054f08241 100644 ---- a/grub-core/kern/sparc64/dl.c -+++ b/grub-core/kern/sparc64/dl.c -@@ -189,3 +189,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index e5a8bdcf4f..a105dc50ce 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -119,3 +119,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 618ae6f474..f36ed5cb17 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -280,6 +280,8 @@ grub_err_t grub_arch_dl_check_header (void *ehdr); - grub_err_t - grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - Elf_Shdr *s, grub_dl_segment_t seg); -+grub_size_t -+grub_arch_dl_min_alignment (void); - #endif - - #if defined (_mips) -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 90083772c8..c23ba313dc 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -755,9 +755,9 @@ declare startup asm file ($cpu_$platform_startup) as well as any other files - (e.g. init.c and callwrap.S) (e.g. $cpu_$platform = kern/$cpu/$platform/init.c). - At this stage you will also need to add dummy dl.c and cache.S with functions - grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t --grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and --void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They --won't be used for now. -+grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t -+grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void -+*address, grub_size_t len) (cache.S). They won't be used for now. - - You will need to create directory include/$cpu/$platform and a file - include/$cpu/types.h. The later folowing this template: diff --git a/SOURCES/0270-modules-strip-.llvm_addrsig-sections-and-similar.patch b/SOURCES/0270-modules-strip-.llvm_addrsig-sections-and-similar.patch new file mode 100644 index 0000000..16528e4 --- /dev/null +++ b/SOURCES/0270-modules-strip-.llvm_addrsig-sections-and-similar.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Feb 2022 16:40:11 -0500 +Subject: [PATCH] modules: strip .llvm_addrsig sections and similar. + +Currently grub modules built with clang or gcc have several sections +which we don't actually need or support. + +We already have a list of section to skip in genmod.sh, and this patch +adds the following sections to that list (as well as a few newlines): + +.note.gnu.property +.llvm* + +Note that the glob there won't work without a new enough linker, but the +failure is just reversion to the status quo, so that's not a big problem. + +Signed-off-by: Peter Jones +(cherry picked from commit e85d1c4d795f8135ad0acfa36d64760d12d6fed1) +--- + grub-core/genmod.sh.in | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in +index 1250589b3f..c2c5280d75 100644 +--- a/grub-core/genmod.sh.in ++++ b/grub-core/genmod.sh.in +@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then + @TARGET_STRIP@ --strip-unneeded \ + -K grub_mod_init -K grub_mod_fini \ + -K _grub_mod_init -K _grub_mod_fini \ +- -R .note.gnu.gold-version -R .note.GNU-stack \ ++ -R .note.GNU-stack \ ++ -R .note.gnu.gold-version \ ++ -R .note.gnu.property \ + -R .gnu.build.attributes \ ++ -R '.llvm*' \ + -R .rel.gnu.build.attributes \ + -R .rela.gnu.build.attributes \ + -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ diff --git a/SOURCES/0271-modules-Don-t-allocate-space-for-non-allocable-secti.patch b/SOURCES/0271-modules-Don-t-allocate-space-for-non-allocable-secti.patch new file mode 100644 index 0000000..6599406 --- /dev/null +++ b/SOURCES/0271-modules-Don-t-allocate-space-for-non-allocable-secti.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 16:56:10 -0400 +Subject: [PATCH] modules: Don't allocate space for non-allocable sections. + +Currently when loading grub modules, we allocate space for all sections, +including those without SHF_ALLOC set. We then copy the sections that +/do/ have SHF_ALLOC set into the allocated memory, leaving some of our +allocation untouched forever. Additionally, on platforms with GOT +fixups and trampolines, we currently compute alignment round-ups for the +sections and sections with sh_size = 0. + +This patch removes the extra space from the allocation computation, and +makes the allocation computation loop skip empty sections as the loading +loop does. + +Signed-off-by: Peter Jones +(cherry picked from commit 03215e342f552396ab08125ea769b1e166417ec1) +--- + grub-core/kern/dl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index f304494574..aef8af8aa7 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -289,6 +289,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + i < e->e_shnum; + i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) + { ++ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) ++ continue; ++ + tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; + if (talign < s->sh_addralign) + talign = s->sh_addralign; diff --git a/SOURCES/0271-nx-add-memory-attribute-get-set-API.patch b/SOURCES/0271-nx-add-memory-attribute-get-set-API.patch deleted file mode 100644 index 9146ba1..0000000 --- a/SOURCES/0271-nx-add-memory-attribute-get-set-API.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:56:21 -0400 -Subject: [PATCH] nx: add memory attribute get/set API - -For NX, we need to set the page access permission attributes for write -and execute permissions. - -This patch adds two new primitives, grub_set_mem_attrs() and -grub_clear_mem_attrs(), and associated constant definitions, to be used -for that purpose. - -For most platforms, it adds a dummy implementation that returns -GRUB_ERR_NONE. On EFI platforms, it adds a common helper function, -grub_efi_status_to_err(), which translates EFI error codes to grub error -codes, adds headers for the EFI Memory Attribute Protocol (still pending -standardization), and an implementation of the grub nx primitives using -it. - -Signed-off-by: Peter Jones -[rharwood: add pjones's none/nyi fixup] -Signed-off-by: Robbie Harwood -(cherry picked from commit 35de78a8d32b9fad5291ec96fd3cbb9cf2f4a80b) ---- - grub-core/kern/efi/efi.c | 36 +++++++++++++ - grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ - include/grub/efi/api.h | 25 +++++++++ - include/grub/efi/efi.h | 2 + - include/grub/mm.h | 32 ++++++++++++ - 5 files changed, 226 insertions(+) - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 7fcca69c17..4ac2b2754e 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -1096,3 +1096,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, - - return 0; - } -+ -+grub_err_t -+grub_efi_status_to_err (grub_efi_status_t status) -+{ -+ grub_err_t err; -+ switch (status) -+ { -+ case GRUB_EFI_SUCCESS: -+ err = GRUB_ERR_NONE; -+ break; -+ case GRUB_EFI_INVALID_PARAMETER: -+ default: -+ err = GRUB_ERR_BAD_ARGUMENT; -+ break; -+ case GRUB_EFI_OUT_OF_RESOURCES: -+ err = GRUB_ERR_OUT_OF_MEMORY; -+ break; -+ case GRUB_EFI_DEVICE_ERROR: -+ err = GRUB_ERR_IO; -+ break; -+ case GRUB_EFI_WRITE_PROTECTED: -+ err = GRUB_ERR_WRITE_ERROR; -+ break; -+ case GRUB_EFI_SECURITY_VIOLATION: -+ err = GRUB_ERR_ACCESS_DENIED; -+ break; -+ case GRUB_EFI_NOT_FOUND: -+ err = GRUB_ERR_FILE_NOT_FOUND; -+ break; -+ case GRUB_EFI_ABORTED: -+ err = GRUB_ERR_WAIT; -+ break; -+ } -+ -+ return err; -+} -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index e84961d078..2c33758ed7 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -738,3 +738,134 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) - return GRUB_ERR_NONE; - } - #endif -+ -+static inline grub_uint64_t -+grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs) -+{ -+ grub_uint64_t ret = GRUB_EFI_MEMORY_RP | -+ GRUB_EFI_MEMORY_RO | -+ GRUB_EFI_MEMORY_XP; -+ -+ if (attrs & GRUB_MEM_ATTR_R) -+ ret &= ~GRUB_EFI_MEMORY_RP; -+ -+ if (attrs & GRUB_MEM_ATTR_W) -+ ret &= ~GRUB_EFI_MEMORY_RO; -+ -+ if (attrs & GRUB_MEM_ATTR_X) -+ ret &= ~GRUB_EFI_MEMORY_XP; -+ -+ return ret; -+} -+ -+static inline grub_uint64_t -+uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs) -+{ -+ grub_uint64_t ret = GRUB_MEM_ATTR_R | -+ GRUB_MEM_ATTR_W | -+ GRUB_MEM_ATTR_X; -+ -+ if (attrs & GRUB_EFI_MEMORY_RP) -+ ret &= ~GRUB_MEM_ATTR_R; -+ -+ if (attrs & GRUB_EFI_MEMORY_RO) -+ ret &= ~GRUB_MEM_ATTR_W; -+ -+ if (attrs & GRUB_EFI_MEMORY_XP) -+ ret &= ~GRUB_MEM_ATTR_X; -+ -+ return ret; -+} -+ -+grub_err_t -+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs) -+{ -+ grub_efi_memory_attribute_protocol_t *proto; -+ grub_efi_physical_address_t physaddr = addr; -+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; -+ grub_efi_status_t efi_status; -+ -+ proto = grub_efi_locate_protocol (&protocol_guid, 0); -+ if (!proto) -+ return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ -+ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL) -+ { -+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n", -+ __func__, physaddr, physaddr+size-1, attrs); -+ return 0; -+ } -+ -+ efi_status = efi_call_4(proto->get_memory_attributes, -+ proto, physaddr, size, attrs); -+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs); -+ -+ return grub_efi_status_to_err (efi_status); -+} -+ -+grub_err_t -+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size, -+ grub_uint64_t set_attrs, grub_uint64_t clear_attrs) -+{ -+ grub_efi_memory_attribute_protocol_t *proto; -+ grub_efi_physical_address_t physaddr = addr; -+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; -+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS; -+ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs; -+ grub_err_t err; -+ -+ proto = grub_efi_locate_protocol (&protocol_guid, 0); -+ if (!proto) -+ return GRUB_ERR_NONE; -+ -+ err = grub_get_mem_attrs (addr, size, &before); -+ if (err) -+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", -+ addr, size, &before, err); -+ -+ if (physaddr & 0xfff || size & 0xfff || size == 0) -+ { -+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n", -+ __func__, physaddr, physaddr + size - 1, -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); -+ return 0; -+ } -+ -+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs); -+ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs); -+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs); -+ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs); -+ if (uefi_set_attrs) -+ efi_status = efi_call_4(proto->set_memory_attributes, -+ proto, physaddr, size, uefi_set_attrs); -+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs) -+ efi_status = efi_call_4(proto->clear_memory_attributes, -+ proto, physaddr, size, uefi_clear_attrs); -+ -+ err = grub_get_mem_attrs (addr, size, &after); -+ if (err) -+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", -+ addr, size, &after, err); -+ -+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n", -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ addr, addr + size - 1, -+ (before & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (before & GRUB_MEM_ATTR_W) ? 'w' : '-', -+ (before & GRUB_MEM_ATTR_X) ? 'x' : '-', -+ (after & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (after & GRUB_MEM_ATTR_W) ? 'w' : '-', -+ (after & GRUB_MEM_ATTR_X) ? 'x' : '-'); -+ -+ return grub_efi_status_to_err (efi_status); -+} -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index f431f49973..464842ba37 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -363,6 +363,11 @@ - { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ - } - -+#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ -+ { 0xf4560cf6, 0x40ec, 0x4b4a, \ -+ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \ -+ } -+ - struct grub_efi_sal_system_table - { - grub_uint32_t signature; -@@ -2102,6 +2107,26 @@ struct grub_efi_ip6_config_manual_address { - }; - typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; - -+struct grub_efi_memory_attribute_protocol -+{ -+ grub_efi_status_t (*get_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t *attributes); -+ grub_efi_status_t (*set_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t attributes); -+ grub_efi_status_t (*clear_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t attributes); -+}; -+typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t; -+ - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index ec52083c49..34825c4adc 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -164,4 +164,6 @@ struct grub_net_card; - grub_efi_handle_t - grub_efinet_get_device_handle (struct grub_net_card *card); - -+grub_err_t EXPORT_FUNC(grub_efi_status_to_err) (grub_efi_status_t status); -+ - #endif /* ! GRUB_EFI_EFI_HEADER */ -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 9c38dd3ca5..d81623d226 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -22,6 +22,7 @@ - - #include - #include -+#include - #include - - #ifndef NULL -@@ -38,6 +39,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); - void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); - #endif - -+#define GRUB_MEM_ATTR_R 0x0000000000000004LLU -+#define GRUB_MEM_ATTR_W 0x0000000000000002LLU -+#define GRUB_MEM_ATTR_X 0x0000000000000001LLU -+ -+#ifdef GRUB_MACHINE_EFI -+grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr, -+ grub_size_t size, -+ grub_uint64_t *attrs); -+grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr, -+ grub_size_t size, -+ grub_uint64_t set_attrs, -+ grub_uint64_t clear_attrs); -+#else /* !GRUB_MACHINE_EFI */ -+static inline grub_err_t -+grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)), -+ grub_size_t size __attribute__((__unused__)), -+ grub_uint64_t *attrs __attribute__((__unused__))) -+{ -+ return GRUB_ERR_NONE; -+} -+ -+static inline grub_err_t -+grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)), -+ grub_size_t size __attribute__((__unused__)), -+ grub_uint64_t set_attrs __attribute__((__unused__)), -+ grub_uint64_t clear_attrs __attribute__((__unused__))) -+{ -+ return GRUB_ERR_NONE; -+} -+#endif /* GRUB_MACHINE_EFI */ -+ - void grub_mm_check_real (const char *file, int line); - #define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); - diff --git a/SOURCES/0272-nx-set-page-permissions-for-loaded-modules.patch b/SOURCES/0272-nx-set-page-permissions-for-loaded-modules.patch deleted file mode 100644 index ad3c2aa..0000000 --- a/SOURCES/0272-nx-set-page-permissions-for-loaded-modules.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 17:46:35 -0400 -Subject: [PATCH] nx: set page permissions for loaded modules. - -For NX, we need to set write and executable permissions on the sections -of grub modules when we load them. - -On sections with SHF_ALLOC set, which is typically everything except -.modname and the symbol and string tables, this patch clears the Read -Only flag on sections that have the ELF flag SHF_WRITE set, and clears -the No eXecute flag on sections with SHF_EXECINSTR set. In all other -cases it sets both flags. - -Signed-off-by: Peter Jones -[rharwood: arm tgptr -> tgaddr] -Signed-off-by: Robbie Harwood -(cherry-picked from commit ca74904ede0406b594cbedc52ce8e38a6633d2ae) ---- - grub-core/kern/dl.c | 120 +++++++++++++++++++++++++++++++++++++++------------- - include/grub/dl.h | 44 +++++++++++++++++++ - 2 files changed, 134 insertions(+), 30 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 8c7aacef39..d5de80186f 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -285,6 +285,8 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - #endif - char *ptr; - -+ grub_dprintf ("modules", "loading segments for \"%s\"\n", mod->name); -+ - arch_addralign = grub_arch_dl_min_alignment (); - - for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); -@@ -384,6 +386,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - ptr += got; - #endif - -+ grub_dprintf ("modules", "done loading segments for \"%s\"\n", mod->name); - return GRUB_ERR_NONE; - } - -@@ -517,23 +520,6 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) - return s; - return NULL; - } --static long --grub_dl_find_section_index (Elf_Ehdr *e, const char *name) --{ -- Elf_Shdr *s; -- const char *str; -- unsigned i; -- -- s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -- str = (char *) e + s->sh_offset; -- -- for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -- i < e->e_shnum; -- i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -- if (grub_strcmp (str + s->sh_name, name) == 0) -- return (long)i; -- return -1; --} - - /* Me, Vladimir Serbinenko, hereby I add this module check as per new - GNU module policy. Note that this license check is informative only. -@@ -662,6 +648,7 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) - Elf_Shdr *s; - unsigned i; - -+ grub_dprintf ("modules", "relocating symbols for \"%s\"\n", mod->name); - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); - i < e->e_shnum; - i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -@@ -670,24 +657,95 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) - grub_dl_segment_t seg; - grub_err_t err; - -- /* Find the target segment. */ -- for (seg = mod->segment; seg; seg = seg->next) -- if (seg->section == s->sh_info) -- break; -+ seg = grub_dl_find_segment(mod, s->sh_info); -+ if (!seg) -+ continue; - -- if (seg) -- { -- if (!mod->symtab) -- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); -+ if (!mod->symtab) -+ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); - -- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); -- if (err) -- return err; -- } -+ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); -+ if (err) -+ return err; - } - -+ grub_dprintf ("modules", "done relocating symbols for \"%s\"\n", mod->name); - return GRUB_ERR_NONE; - } -+ -+static grub_err_t -+grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr) -+{ -+ unsigned i; -+ const Elf_Shdr *s; -+ const Elf_Ehdr *e = ehdr; -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+ grub_size_t arch_addralign = grub_arch_dl_min_alignment (); -+ grub_addr_t tgaddr; -+ grub_uint64_t tgsz; -+#endif -+ -+ grub_dprintf ("modules", "updating memory attributes for \"%s\"\n", -+ mod->name); -+ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); -+ i < e->e_shnum; -+ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) -+ { -+ grub_dl_segment_t seg; -+ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R; -+ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X; -+ -+ seg = grub_dl_find_segment(mod, i); -+ if (!seg) -+ continue; -+ -+ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC)) -+ continue; -+ -+ if (s->sh_flags & SHF_WRITE) -+ { -+ set_attrs |= GRUB_MEM_ATTR_W; -+ clear_attrs &= ~GRUB_MEM_ATTR_W; -+ } -+ -+ if (s->sh_flags & SHF_EXECINSTR) -+ { -+ set_attrs |= GRUB_MEM_ATTR_X; -+ clear_attrs &= ~GRUB_MEM_ATTR_X; -+ } -+ -+ grub_dprintf ("modules", "setting memory attrs for section \"%s\" to -%s%s%s+%s%s%s\n", -+ grub_dl_get_section_name(e, s), -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); -+ grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size, set_attrs, clear_attrs); -+ } -+ -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got); -+ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) - tgaddr; -+ -+ if (tgsz) -+ { -+ tgsz = ALIGN_UP(tgsz, arch_addralign); -+ -+ grub_dprintf ("modules", "updating attributes for GOT and trampolines\n", -+ mod->name); -+ grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X, -+ GRUB_MEM_ATTR_W); -+ } -+#endif -+ -+ grub_dprintf ("modules", "done updating module memory attributes for \"%s\"\n", -+ mod->name); -+ -+ return GRUB_ERR_NONE; -+} -+ - static void - grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) - { -@@ -753,6 +811,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - mod->ref_count = 1; - - grub_dprintf ("modules", "relocating to %p\n", mod); -+ - /* Me, Vladimir Serbinenko, hereby I add this module check as per new - GNU module policy. Note that this license check is informative only. - Modules have to be licensed under GPLv3 or GPLv3+ (optionally -@@ -766,7 +825,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - || grub_dl_resolve_dependencies (mod, e) - || grub_dl_load_segments (mod, e) - || grub_dl_resolve_symbols (mod, e) -- || grub_dl_relocate_symbols (mod, e)) -+ || grub_dl_relocate_symbols (mod, e) -+ || grub_dl_set_mem_attrs (mod, e)) - { - mod->fini = 0; - grub_dl_unload (mod); -diff --git a/include/grub/dl.h b/include/grub/dl.h -index f36ed5cb17..45ac8e339f 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - #endif - - /* -@@ -268,6 +269,49 @@ grub_dl_is_persistent (grub_dl_t mod) - return mod->persistent; - } - -+static inline const char * -+grub_dl_get_section_name (const Elf_Ehdr *e, const Elf_Shdr *s) -+{ -+ Elf_Shdr *str_s; -+ const char *str; -+ -+ str_s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -+ str = (char *) e + str_s->sh_offset; -+ -+ return str + s->sh_name; -+} -+ -+static inline long -+grub_dl_find_section_index (Elf_Ehdr *e, const char *name) -+{ -+ Elf_Shdr *s; -+ const char *str; -+ unsigned i; -+ -+ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -+ str = (char *) e + s->sh_offset; -+ -+ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -+ i < e->e_shnum; -+ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -+ if (grub_strcmp (str + s->sh_name, name) == 0) -+ return (long)i; -+ return -1; -+} -+ -+/* Return the segment for a section of index N */ -+static inline grub_dl_segment_t -+grub_dl_find_segment (grub_dl_t mod, unsigned n) -+{ -+ grub_dl_segment_t seg; -+ -+ for (seg = mod->segment; seg; seg = seg->next) -+ if (seg->section == n) -+ return seg; -+ -+ return NULL; -+} -+ - #endif - - void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); diff --git a/SOURCES/0272-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch b/SOURCES/0272-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch new file mode 100644 index 0000000..c3f2e0f --- /dev/null +++ b/SOURCES/0272-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 25 Mar 2022 15:40:12 -0400 +Subject: [PATCH] pe: add the DOS header struct and fix some bad naming. + +In order to properly validate a loaded kernel's support for being loaded +without a writable stack or executable, we need to be able to properly +parse arbitrary PE headers. + +Currently, pe32.h is written in such a way that the MS-DOS header that +tells us where to find the PE header in the binary can't be accessed. +Further, for some reason it calls the DOS MZ magic "GRUB_PE32_MAGIC". + +This patch adds the structure for the DOS header, renames the DOS magic +define, and adds defines for the actual PE magic. + +Signed-off-by: Peter Jones +(cherry picked from commit 955f47aa8300387eecf18b0866d21dde7720593d) +--- + grub-core/loader/arm64/linux.c | 2 +- + include/grub/efi/pe32.h | 28 ++++++++++++++++++++++++++-- + 2 files changed, 27 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index f18d90bd74..bcc6ef46e9 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -59,7 +59,7 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) + if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) + return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); + +- if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) ++ if ((lh->code0 & 0xffff) != GRUB_DOS_MAGIC) + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, + N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); + +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index a43adf2746..2a5e1ee003 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -46,7 +46,30 @@ + + #define GRUB_PE32_MSDOS_STUB_SIZE 0x80 + +-#define GRUB_PE32_MAGIC 0x5a4d ++#define GRUB_DOS_MAGIC 0x5a4d ++ ++struct grub_dos_header ++{ ++ grub_uint16_t magic; ++ grub_uint16_t cblp; ++ grub_uint16_t cp; ++ grub_uint16_t crlc; ++ grub_uint16_t cparhdr; ++ grub_uint16_t minalloc; ++ grub_uint16_t maxalloc; ++ grub_uint16_t ss; ++ grub_uint16_t sp; ++ grub_uint16_t csum; ++ grub_uint16_t ip; ++ grub_uint16_t cs; ++ grub_uint16_t lfarlc; ++ grub_uint16_t ovno; ++ grub_uint16_t res0[4]; ++ grub_uint16_t oemid; ++ grub_uint16_t oeminfo; ++ grub_uint16_t res1[10]; ++ grub_uint32_t lfanew; ++}; + + /* According to the spec, the minimal alignment is 512 bytes... + But some examples (such as EFI drivers in the Intel +@@ -280,7 +303,8 @@ struct grub_pe32_section_table + + + +-#define GRUB_PE32_SIGNATURE_SIZE 4 ++#define GRUB_PE32_SIGNATURE_SIZE 4 ++#define GRUB_PE32_SIGNATURE "PE\0\0" + + struct grub_pe32_header + { diff --git a/SOURCES/0273-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch b/SOURCES/0273-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch new file mode 100644 index 0000000..b306f15 --- /dev/null +++ b/SOURCES/0273-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch @@ -0,0 +1,86 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 9 Feb 2022 16:08:20 -0500 +Subject: [PATCH] EFI: allocate kernel in EFI_RUNTIME_SERVICES_CODE instead of + EFI_LOADER_DATA. + +On some of the firmwares with more security mitigations, EFI_LOADER_DATA +doesn't get you executable memory, and we take a fault and reboot when +we enter kernel. + +This patch correctly allocates the kernel code as EFI_RUNTIME_SERVICES_CODE +rather than EFI_LOADER_DATA. + +Signed-off-by: Peter Jones +[rharwood: use kernel_size] +Signed-off-by: Robbie Harwood +(cherry picked from commit 8b31058a12d3e85f0f0180ac90b98d6465fccbb7) +--- + grub-core/loader/i386/efi/linux.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index d24553a79d..b832c85728 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -87,7 +87,9 @@ kernel_free(void *addr, grub_efi_uintn_t size) + } + + static void * +-kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) ++kernel_alloc(grub_efi_uintn_t size, ++ grub_efi_memory_type_t memtype, ++ const char * const errmsg) + { + void *addr = 0; + unsigned int i; +@@ -113,7 +115,7 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) + prev_max = max; + addr = grub_efi_allocate_pages_real (max, pages, + max_addresses[i].alloc_type, +- GRUB_EFI_LOADER_DATA); ++ memtype); + if (addr) + grub_dprintf ("linux", "Allocated at %p\n", addr); + } +@@ -243,7 +245,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; + grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); +@@ -406,7 +409,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); ++ params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, ++ "cannot allocate kernel parameters"); + if (!params) + goto fail; + grub_dprintf ("linux", "params = %p\n", params); +@@ -428,7 +432,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); ++ cmdline = kernel_alloc (lh->cmdline_size + 1, ++ GRUB_EFI_RUNTIME_SERVICES_DATA, ++ N_("can't allocate cmdline")); + if (!cmdline) + goto fail; + grub_dprintf ("linux", "cmdline = %p\n", cmdline); +@@ -474,7 +480,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; +- kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); ++ kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, ++ N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) + goto fail; diff --git a/SOURCES/0273-nx-set-attrs-in-our-kernel-loaders.patch b/SOURCES/0273-nx-set-attrs-in-our-kernel-loaders.patch deleted file mode 100644 index f18293b..0000000 --- a/SOURCES/0273-nx-set-attrs-in-our-kernel-loaders.patch +++ /dev/null @@ -1,572 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:57:07 -0400 -Subject: [PATCH] nx: set attrs in our kernel loaders - -For NX, our kernel loaders need to set write and execute page -permissions on allocated pages and the stack. - -This patch adds those calls. - -Signed-off-by: Peter Jones -[rharwood: fix aarch64 callsites] -(cherry-picked from commit a9f79a997f01a83b36cdfa89ef2e72ac2a17c06c) -[rharwood: uninitialized stack_attrs, double verification] -(cherry picked from commit f9ac7ceef8a35406893c0cb9a4a8b2e5442bbb1d) -Signed-off-by: Robbie Harwood ---- - grub-core/kern/efi/mm.c | 78 ++++++++++++++++++ - grub-core/loader/arm64/linux.c | 16 +++- - grub-core/loader/arm64/xen_boot.c | 4 +- - grub-core/loader/efi/chainloader.c | 11 +++ - grub-core/loader/efi/linux.c | 164 ++++++++++++++++++++++++++++++++++++- - grub-core/loader/i386/efi/linux.c | 26 +++++- - grub-core/loader/i386/linux.c | 5 ++ - include/grub/efi/efi.h | 6 +- - include/grub/efi/linux.h | 17 +++- - include/grub/efi/pe32.h | 2 + - 10 files changed, 314 insertions(+), 15 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 2c33758ed7..88364d764c 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -610,6 +610,82 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, - } - #endif - -+grub_addr_t grub_stack_addr = (grub_addr_t)-1ll; -+grub_size_t grub_stack_size = 0; -+ -+static void -+grub_nx_init (void) -+{ -+ grub_uint64_t attrs, stack_attrs; -+ grub_err_t err; -+ grub_addr_t stack_current, stack_end; -+ const grub_uint64_t page_size = 4096; -+ const grub_uint64_t page_mask = ~(page_size - 1); -+ -+ /* -+ * These are to confirm that the flags are working as expected when -+ * debugging. -+ */ -+ attrs = 0; -+ stack_current = (grub_addr_t)grub_nx_init & page_mask; -+ err = grub_get_mem_attrs (stack_current, page_size, &attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ } -+ else -+ grub_dprintf ("nx", "page attrs for grub_nx_init (%p) are %c%c%c\n", -+ grub_dl_load_core, -+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); -+ -+ stack_current = (grub_addr_t)&stack_current & page_mask; -+ err = grub_get_mem_attrs (stack_current, page_size, &stack_attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ } -+ else -+ { -+ attrs = stack_attrs; -+ grub_dprintf ("nx", "page attrs for stack (%p) are %c%c%c\n", -+ &attrs, -+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); -+ } -+ -+ for (stack_end = stack_current + page_size ; -+ !(attrs & GRUB_MEM_ATTR_R); -+ stack_end += page_size) -+ { -+ err = grub_get_mem_attrs (stack_current, page_size, &attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ break; -+ } -+ } -+ if (stack_end > stack_current) -+ { -+ grub_stack_addr = stack_current; -+ grub_stack_size = stack_end - stack_current; -+ grub_dprintf ("nx", -+ "detected stack from 0x%"PRIxGRUB_ADDR" to 0x%"PRIxGRUB_ADDR"\n", -+ grub_stack_addr, grub_stack_addr + grub_stack_size - 1); -+ } -+} -+ - void - grub_efi_mm_init (void) - { -@@ -623,6 +699,8 @@ grub_efi_mm_init (void) - grub_efi_uint64_t required_pages; - int mm_status; - -+ grub_nx_init (); -+ - /* Prepare a memory region to store two memory maps. */ - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - if (! memory_map) -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index bcc6ef46e9..70db5a6e0b 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -173,7 +173,8 @@ free_params (void) - } - - grub_err_t --grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) -+grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args, -+ int nx_supported) - { - grub_err_t retval; - -@@ -183,7 +184,8 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) - - grub_dprintf ("linux", "linux command line: '%s'\n", args); - -- retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); -+ retval = grub_efi_linux_boot (addr, size, handover_offset, -+ (void *)addr, nx_supported); - - /* Never reached... */ - free_params(); -@@ -193,7 +195,10 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) - static grub_err_t - grub_linux_boot (void) - { -- return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args)); -+ return grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, -+ (grub_size_t)kernel_size, -+ linux_args, -+ 0); - } - - static grub_err_t -@@ -342,6 +347,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_uint32_t align; - void *kernel = NULL; - int rc; -+ int nx_supported = 1; - - grub_dl_ref (my_mod); - -@@ -389,6 +395,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset); - grub_dprintf ("linux", "kernel alignment : 0x%x\n", align); - -+ err = grub_efi_check_nx_image_support((grub_addr_t)kernel, filelen, &nx_supported); -+ if (err != GRUB_ERR_NONE) -+ goto fail; -+ - grub_loader_unset(); - - kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1); -diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index d9b7a9ba40..6e7e920416 100644 ---- a/grub-core/loader/arm64/xen_boot.c -+++ b/grub-core/loader/arm64/xen_boot.c -@@ -266,7 +266,9 @@ xen_boot (void) - return err; - - return grub_arch_efi_linux_boot_image (xen_hypervisor->start, -- xen_hypervisor->cmdline); -+ xen_hypervisor->size, -+ xen_hypervisor->cmdline, -+ 0); - } - - static void -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 8ef508beca..6ac69f0f59 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -1071,6 +1071,17 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ /* -+ * The OS kernel is going to set its own permissions when it takes over -+ * paging a few million instructions from now, and load_image() will set up -+ * anything that's needed based on the section headers, so there's no point -+ * in doing anything but clearing the protection bits here. -+ */ -+ grub_dprintf("nx", "setting attributes for %p (%lu bytes) to %llx\n", -+ (void *)(grub_addr_t)address, fsize, 0llu); -+ grub_update_mem_attrs (address, fsize, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X, 0); -+ - #if defined (__i386__) || defined (__x86_64__) - if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) - { -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 9260731c10..dcc9ea40ea 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -66,16 +66,127 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) - - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wcast-align" -+#pragma GCC diagnostic ignored "-Wint-to-pointer-cast" -+ -+grub_err_t -+grub_efi_check_nx_image_support (grub_addr_t kernel_addr, -+ grub_size_t kernel_size, -+ int *nx_supported) -+{ -+ struct grub_dos_header *doshdr; -+ grub_size_t sz = sizeof (*doshdr); -+ -+ struct grub_pe32_header_32 *pe32; -+ struct grub_pe32_header_64 *pe64; -+ -+ int image_is_compatible = 0; -+ int is_64_bit; -+ -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ doshdr = (void *)kernel_addr; -+ -+ if ((doshdr->magic & 0xffff) != GRUB_DOS_MAGIC) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel DOS magic is invalid")); -+ -+ sz = doshdr->lfanew + sizeof (*pe32); -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ pe32 = (struct grub_pe32_header_32 *)(kernel_addr + doshdr->lfanew); -+ pe64 = (struct grub_pe32_header_64 *)pe32; -+ -+ if (grub_memcmp (pe32->signature, GRUB_PE32_SIGNATURE, -+ GRUB_PE32_SIGNATURE_SIZE) != 0) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel PE magic is invalid")); -+ -+ switch (pe32->coff_header.machine) -+ { -+ case GRUB_PE32_MACHINE_ARMTHUMB_MIXED: -+ case GRUB_PE32_MACHINE_I386: -+ case GRUB_PE32_MACHINE_RISCV32: -+ is_64_bit = 0; -+ break; -+ case GRUB_PE32_MACHINE_ARM64: -+ case GRUB_PE32_MACHINE_IA64: -+ case GRUB_PE32_MACHINE_RISCV64: -+ case GRUB_PE32_MACHINE_X86_64: -+ is_64_bit = 1; -+ break; -+ default: -+ return grub_error (GRUB_ERR_BAD_OS, N_("PE machine type 0x%04hx unknown"), -+ pe32->coff_header.machine); -+ } -+ -+ if (is_64_bit) -+ { -+ sz = doshdr->lfanew + sizeof (*pe64); -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ if (pe64->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) -+ image_is_compatible = 1; -+ } -+ else -+ { -+ if (pe32->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) -+ image_is_compatible = 1; -+ } -+ -+ *nx_supported = image_is_compatible; -+ return GRUB_ERR_NONE; -+} -+ -+grub_err_t -+grub_efi_check_nx_required (int *nx_required) -+{ -+ grub_efi_status_t status; -+ grub_efi_guid_t guid = GRUB_EFI_SHIM_LOCK_GUID; -+ grub_size_t mok_policy_sz = 0; -+ char *mok_policy = NULL; -+ grub_uint32_t mok_policy_attrs = 0; -+ -+ status = grub_efi_get_variable_with_attributes ("MokPolicy", &guid, -+ &mok_policy_sz, -+ (void **)&mok_policy, -+ &mok_policy_attrs); -+ if (status == GRUB_EFI_NOT_FOUND || -+ mok_policy_sz == 0 || -+ mok_policy == NULL) -+ { -+ *nx_required = 0; -+ return GRUB_ERR_NONE; -+ } -+ -+ *nx_required = 0; -+ if (mok_policy_sz < 1 || -+ mok_policy_attrs != (GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ GRUB_EFI_VARIABLE_RUNTIME_ACCESS) || -+ (mok_policy[mok_policy_sz-1] & GRUB_MOK_POLICY_NX_REQUIRED)) -+ *nx_required = 1; -+ -+ return GRUB_ERR_NONE; -+} - - typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); - - grub_err_t --grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, -- void *kernel_params) -+grub_efi_linux_boot (grub_addr_t kernel_addr, grub_size_t kernel_size, -+ grub_off_t handover_offset, void *kernel_params, -+ int nx_supported) - { - grub_efi_loaded_image_t *loaded_image = NULL; - handover_func hf; - int offset = 0; -+ grub_uint64_t stack_set_attrs = GRUB_MEM_ATTR_R | -+ GRUB_MEM_ATTR_W | -+ GRUB_MEM_ATTR_X; -+ grub_uint64_t stack_clear_attrs = 0; -+ grub_uint64_t kernel_set_attrs = stack_set_attrs; -+ grub_uint64_t kernel_clear_attrs = stack_clear_attrs; -+ grub_uint64_t attrs; -+ int nx_required = 0; - - #ifdef __x86_64__ - offset = 512; -@@ -88,12 +199,57 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - */ - loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); - if (loaded_image) -- loaded_image->image_base = kernel_addr; -+ loaded_image->image_base = (void *)kernel_addr; - else - grub_dprintf ("linux", "Loaded Image base address could not be set\n"); - - grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -- kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); -+ (void *)kernel_addr, (void *)handover_offset, kernel_params); -+ -+ -+ if (nx_required && !nx_supported) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel does not support NX loading required by policy")); -+ -+ if (nx_supported) -+ { -+ kernel_set_attrs &= ~GRUB_MEM_ATTR_W; -+ kernel_clear_attrs |= GRUB_MEM_ATTR_W; -+ stack_set_attrs &= ~GRUB_MEM_ATTR_X; -+ stack_clear_attrs |= GRUB_MEM_ATTR_X; -+ } -+ -+ grub_dprintf ("nx", "Setting attributes for 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to r%cx\n", -+ kernel_addr, kernel_addr + kernel_size - 1, -+ (kernel_set_attrs & GRUB_MEM_ATTR_W) ? 'w' : '-'); -+ grub_update_mem_attrs (kernel_addr, kernel_size, -+ kernel_set_attrs, kernel_clear_attrs); -+ -+ grub_get_mem_attrs (kernel_addr, 4096, &attrs); -+ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", -+ (grub_addr_t)kernel_addr, -+ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", -+ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", -+ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); -+ if (grub_stack_addr != (grub_addr_t)-1ll) -+ { -+ grub_dprintf ("nx", "Setting attributes for stack at 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to rw%c\n", -+ grub_stack_addr, grub_stack_addr + grub_stack_size - 1, -+ (stack_set_attrs & GRUB_MEM_ATTR_X) ? 'x' : '-'); -+ grub_update_mem_attrs (grub_stack_addr, grub_stack_size, -+ stack_set_attrs, stack_clear_attrs); -+ -+ grub_get_mem_attrs (grub_stack_addr, 4096, &attrs); -+ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", -+ grub_stack_addr, -+ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", -+ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", -+ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); -+ } -+ -+#if defined(__i386__) || defined(__x86_64__) -+ asm volatile ("cli"); -+#endif -+ - hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index b832c85728..dc98077378 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -45,7 +45,7 @@ struct grub_linuxefi_context { - grub_uint32_t handover_offset; - struct linux_kernel_params *params; - char *cmdline; -- -+ int nx_supported; - void *initrd_mem; - }; - -@@ -111,13 +111,19 @@ kernel_alloc(grub_efi_uintn_t size, - pages = BYTES_TO_PAGES(size); - grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", - (unsigned long)pages, (void *)(unsigned long)max); -+ size = pages * GRUB_EFI_PAGE_SIZE; - - prev_max = max; - addr = grub_efi_allocate_pages_real (max, pages, - max_addresses[i].alloc_type, - memtype); - if (addr) -- grub_dprintf ("linux", "Allocated at %p\n", addr); -+ { -+ grub_dprintf ("linux", "Allocated at %p\n", addr); -+ grub_update_mem_attrs ((grub_addr_t)addr, size, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, -+ GRUB_MEM_ATTR_X); -+ } - } - - while (grub_error_pop ()) -@@ -138,9 +144,11 @@ grub_linuxefi_boot (void *data) - - asm volatile ("cli"); - -- return grub_efi_linux_boot ((char *)context->kernel_mem, -+ return grub_efi_linux_boot ((grub_addr_t)context->kernel_mem, -+ context->kernel_size, - context->handover_offset, -- context->params); -+ context->params, -+ context->nx_supported); - } - - static grub_err_t -@@ -306,7 +314,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_uint32_t handover_offset; - struct linux_kernel_params *params = 0; - char *cmdline = 0; -+ int nx_supported = 1; - struct grub_linuxefi_context *context = 0; -+ grub_err_t err; - - grub_dl_ref (my_mod); - -@@ -347,6 +357,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - } - -+ err = grub_efi_check_nx_image_support ((grub_addr_t)kernel, filelen, -+ &nx_supported); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ grub_dprintf ("linux", "nx is%s supported by this kernel\n", -+ nx_supported ? "" : " not"); -+ - lh = (struct linux_i386_kernel_header *)kernel; - grub_dprintf ("linux", "original lh is at %p\n", kernel); - -@@ -511,6 +528,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - context->handover_offset = handover_offset; - context->params = params; - context->cmdline = cmdline; -+ context->nx_supported = nx_supported; - - grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); - -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 4aeb0e4b9a..3c1ff64763 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -805,6 +805,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - kernel_offset += len; - } - -+ grub_dprintf("efi", "setting attributes for %p (%zu bytes) to +rw-x\n", -+ &linux_params, sizeof (lh) + len); -+ grub_update_mem_attrs ((grub_addr_t)&linux_params, sizeof (lh) + len, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, GRUB_MEM_ATTR_X); -+ - linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR; - linux_params.kernel_alignment = (1 << align); - linux_params.ps_mouse = linux_params.padding11 = 0; -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 34825c4adc..449e55269f 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -140,12 +140,16 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, - char **device, - char **path); - -+extern grub_addr_t EXPORT_VAR(grub_stack_addr); -+extern grub_size_t EXPORT_VAR(grub_stack_size); -+ - #if defined(__arm__) || defined(__aarch64__) || defined(__riscv) - void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); - grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); - #include - grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); --grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args); -+grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, -+ char *args, int nx_enabled); - #endif - - grub_addr_t grub_efi_section_addr (const char *section); -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -index 0033d9305a..8130b19590 100644 ---- a/include/grub/efi/linux.h -+++ b/include/grub/efi/linux.h -@@ -22,10 +22,23 @@ - #include - #include - -+#define GRUB_MOK_POLICY_NX_REQUIRED 0x1 -+ - int - EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); -+ - grub_err_t --EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, -- void *kernel_param); -+EXPORT_FUNC(grub_efi_linux_boot) (grub_addr_t kernel_address, -+ grub_size_t kernel_size, -+ grub_off_t handover_offset, -+ void *kernel_param, int nx_enabled); -+ -+grub_err_t -+EXPORT_FUNC(grub_efi_check_nx_image_support) (grub_addr_t kernel_addr, -+ grub_size_t kernel_size, -+ int *nx_supported); -+ -+grub_err_t -+EXPORT_FUNC(grub_efi_check_nx_required) (int *nx_required); - - #endif /* ! GRUB_EFI_LINUX_HEADER */ -diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 2a5e1ee003..a5e623eb04 100644 ---- a/include/grub/efi/pe32.h -+++ b/include/grub/efi/pe32.h -@@ -181,6 +181,8 @@ struct grub_pe32_optional_header - struct grub_pe32_data_directory reserved_entry; - }; - -+#define GRUB_PE32_NX_COMPAT 0x0100 -+ - struct grub_pe64_optional_header - { - grub_uint16_t magic; diff --git a/SOURCES/0274-modules-load-module-sections-at-page-aligned-address.patch b/SOURCES/0274-modules-load-module-sections-at-page-aligned-address.patch new file mode 100644 index 0000000..1c703d8 --- /dev/null +++ b/SOURCES/0274-modules-load-module-sections-at-page-aligned-address.patch @@ -0,0 +1,379 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 17:45:40 -0400 +Subject: [PATCH] modules: load module sections at page-aligned addresses + +Currently we load module sections at whatever alignment gcc+ld happened +to dump into the ELF section header, which is often pretty useless. For +example, by default time.mod has these sections on a current x86_64 +build: + +$ eu-readelf -a grub-core/time.mod |& grep ^Section -A13 +Section Headers: +[Nr] Name Type Addr Off Size ES Flags Lk Inf Al +[ 0] NULL 0 00000000 00000000 0 0 0 0 +[ 1] .text PROGBITS 0 00000040 0000015e 0 AX 0 0 1 +[ 2] .rela.text RELA 0 00000458 000001e0 24 I 8 1 8 +[ 3] .rodata.str1.1 PROGBITS 0 0000019e 000000a1 1 AMS 0 0 1 +[ 4] .module_license PROGBITS 0 00000240 0000000f 0 A 0 0 8 +[ 5] .data PROGBITS 0 0000024f 00000000 0 WA 0 0 1 +[ 6] .bss NOBITS 0 00000250 00000008 0 WA 0 0 8 +[ 7] .modname PROGBITS 0 00000250 00000005 0 0 0 1 +[ 8] .symtab SYMTAB 0 00000258 00000150 24 9 6 8 +[ 9] .strtab STRTAB 0 000003a8 000000ab 0 0 0 1 +[10] .shstrtab STRTAB 0 00000638 00000059 0 0 0 1 + +With NX protections being page based, loading sections with either a 1 +or 8 *byte* alignment does absolutely nothing to help us out. + +This patch switches most EFI platforms to load module sections at 4kB +page-aligned addresses. To do so, it adds an new per-arch function, +grub_arch_dl_min_alignment(), which returns the alignment needed for +dynamically loaded sections (in bytes). Currently it sets it to 4096 +when GRUB_MACHINE_EFI is true on x86_64, i386, arm, arm64, and emu, and +1-byte alignment on everything else. + +It then changes the allocation size computation and the loader code in +grub_dl_load_segments() to align the locations and sizes up to these +boundaries, and fills any added padding with zeros. + +All of this happens before relocations are applied, so the relocations +factor that in with no change. + +As an aside, initially Daniel Kiper and I thought that it might be a +better idea to split the modules up into top-level sections as +.text.modules, .rodata.modules, .data.modules, etc., so that their page +permissions would get set by the loader that's loading grub itself. +This turns out to have two significant downsides: 1) either in mkimage +or in grub_dl_relocate_symbols(), you wind up having to dynamically +process the relocations to accommodate the moved module sections, and 2) +you then need to change the permissions on the modules and change them +back while relocating them in grub_dl_relocate_symbols(), which means +that any loader that /does/ honor the section flags but does /not/ +generally support NX with the memory attributes API will cause grub to +fail. + +Signed-off-by: Peter Jones +(cherry picked from commit 31d52500b281619d92b03b2c2d30fe15aedaf326) +--- + grub-core/kern/arm/dl.c | 13 +++++++++++++ + grub-core/kern/arm64/dl.c | 13 +++++++++++++ + grub-core/kern/dl.c | 29 +++++++++++++++++++++-------- + grub-core/kern/emu/full.c | 13 +++++++++++++ + grub-core/kern/i386/dl.c | 13 +++++++++++++ + grub-core/kern/ia64/dl.c | 9 +++++++++ + grub-core/kern/mips/dl.c | 8 ++++++++ + grub-core/kern/powerpc/dl.c | 9 +++++++++ + grub-core/kern/riscv/dl.c | 13 +++++++++++++ + grub-core/kern/sparc64/dl.c | 9 +++++++++ + grub-core/kern/x86_64/dl.c | 13 +++++++++++++ + include/grub/dl.h | 2 ++ + docs/grub-dev.texi | 6 +++--- + 13 files changed, 139 insertions(+), 11 deletions(-) + +diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c +index eab9d17ff2..9260737936 100644 +--- a/grub-core/kern/arm/dl.c ++++ b/grub-core/kern/arm/dl.c +@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr) + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c +index 512e5a80b0..0d4a26857f 100644 +--- a/grub-core/kern/arm64/dl.c ++++ b/grub-core/kern/arm64/dl.c +@@ -196,3 +196,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index aef8af8aa7..8c7aacef39 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -277,7 +277,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + { + unsigned i; + const Elf_Shdr *s; +- grub_size_t tsize = 0, talign = 1; ++ grub_size_t tsize = 0, talign = 1, arch_addralign = 1; + #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) + grub_size_t tramp; + grub_size_t got; +@@ -285,16 +285,24 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + #endif + char *ptr; + ++ arch_addralign = grub_arch_dl_min_alignment (); ++ + for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); + i < e->e_shnum; + i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) + { ++ grub_size_t sh_addralign; ++ grub_size_t sh_size; ++ + if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) + continue; + +- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; +- if (talign < s->sh_addralign) +- talign = s->sh_addralign; ++ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); ++ sh_size = ALIGN_UP(s->sh_size, sh_addralign); ++ ++ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size; ++ if (talign < sh_addralign) ++ talign = sh_addralign; + } + + #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) +@@ -323,6 +331,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + i < e->e_shnum; + i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize)) + { ++ grub_size_t sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); ++ grub_size_t sh_size = ALIGN_UP(s->sh_size, sh_addralign); ++ + if (s->sh_flags & SHF_ALLOC) + { + grub_dl_segment_t seg; +@@ -335,17 +346,19 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + { + void *addr; + +- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign); ++ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign); + addr = ptr; +- ptr += s->sh_size; ++ ptr += sh_size; + + switch (s->sh_type) + { + case SHT_PROGBITS: + grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size); ++ grub_memset ((char *)addr + s->sh_size, 0, ++ sh_size - s->sh_size); + break; + case SHT_NOBITS: +- grub_memset (addr, 0, s->sh_size); ++ grub_memset (addr, 0, sh_size); + break; + } + +@@ -354,7 +367,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + else + seg->addr = 0; + +- seg->size = s->sh_size; ++ seg->size = sh_size; + seg->section = i; + seg->next = mod->segment; + mod->segment = seg; +diff --git a/grub-core/kern/emu/full.c b/grub-core/kern/emu/full.c +index e8d63b1f5f..1de1c28eb0 100644 +--- a/grub-core/kern/emu/full.c ++++ b/grub-core/kern/emu/full.c +@@ -67,3 +67,16 @@ grub_arch_dl_init_linker (void) + } + #endif + ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/i386/dl.c b/grub-core/kern/i386/dl.c +index 1346da5cc9..d6b4681fc9 100644 +--- a/grub-core/kern/i386/dl.c ++++ b/grub-core/kern/i386/dl.c +@@ -79,3 +79,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/ia64/dl.c b/grub-core/kern/ia64/dl.c +index db59300fea..92d82c5750 100644 +--- a/grub-core/kern/ia64/dl.c ++++ b/grub-core/kern/ia64/dl.c +@@ -148,3 +148,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + } + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/mips/dl.c b/grub-core/kern/mips/dl.c +index 5d7d299c74..6d83bd71e9 100644 +--- a/grub-core/kern/mips/dl.c ++++ b/grub-core/kern/mips/dl.c +@@ -272,3 +272,11 @@ grub_arch_dl_init_linker (void) + grub_dl_register_symbol ("_gp_disp", &_gp_disp_dummy, 0, 0); + } + ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/powerpc/dl.c b/grub-core/kern/powerpc/dl.c +index cdd61b305f..5d9ba2e158 100644 +--- a/grub-core/kern/powerpc/dl.c ++++ b/grub-core/kern/powerpc/dl.c +@@ -167,3 +167,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c +index f26b12aaa4..aa18f9e990 100644 +--- a/grub-core/kern/riscv/dl.c ++++ b/grub-core/kern/riscv/dl.c +@@ -343,3 +343,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/sparc64/dl.c b/grub-core/kern/sparc64/dl.c +index f3d960186b..f054f08241 100644 +--- a/grub-core/kern/sparc64/dl.c ++++ b/grub-core/kern/sparc64/dl.c +@@ -189,3 +189,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c +index e5a8bdcf4f..a105dc50ce 100644 +--- a/grub-core/kern/x86_64/dl.c ++++ b/grub-core/kern/x86_64/dl.c +@@ -119,3 +119,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 618ae6f474..f36ed5cb17 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -280,6 +280,8 @@ grub_err_t grub_arch_dl_check_header (void *ehdr); + grub_err_t + grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + Elf_Shdr *s, grub_dl_segment_t seg); ++grub_size_t ++grub_arch_dl_min_alignment (void); + #endif + + #if defined (_mips) +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index 90083772c8..c23ba313dc 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -755,9 +755,9 @@ declare startup asm file ($cpu_$platform_startup) as well as any other files + (e.g. init.c and callwrap.S) (e.g. $cpu_$platform = kern/$cpu/$platform/init.c). + At this stage you will also need to add dummy dl.c and cache.S with functions + grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t +-grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and +-void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They +-won't be used for now. ++grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t ++grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void ++*address, grub_size_t len) (cache.S). They won't be used for now. + + You will need to create directory include/$cpu/$platform and a file + include/$cpu/types.h. The later folowing this template: diff --git a/SOURCES/0274-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch b/SOURCES/0274-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch deleted file mode 100644 index 8b5075b..0000000 --- a/SOURCES/0274-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:57:20 -0400 -Subject: [PATCH] nx: set the nx compatible flag in EFI grub images - -For NX, we need the grub binary to announce that it is compatible with -the NX feature. This implies that when loading the executable grub -image, several attributes are true: - -- the binary doesn't need an executable stack -- the binary doesn't need sections to be both executable and writable -- the binary knows how to use the EFI Memory Attributes protocol on code - it is loading. - -This patch adds a definition for the PE DLL Characteristics flag -GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag. - -Signed-off-by: Peter Jones -(cherry picked from commit 0c7f1aed5a87f75051b421903a900ccb4bbd795a) ---- - util/mkimage.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 8319e8dfbd..c3d33aaac8 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1418,6 +1418,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - section = (struct grub_pe32_section_table *)(o64 + 1); - } - -+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); - PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); - PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); - PE_OHDR (o32, o64, image_base) = 0; diff --git a/SOURCES/0275-nx-add-memory-attribute-get-set-API.patch b/SOURCES/0275-nx-add-memory-attribute-get-set-API.patch new file mode 100644 index 0000000..9146ba1 --- /dev/null +++ b/SOURCES/0275-nx-add-memory-attribute-get-set-API.patch @@ -0,0 +1,318 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:56:21 -0400 +Subject: [PATCH] nx: add memory attribute get/set API + +For NX, we need to set the page access permission attributes for write +and execute permissions. + +This patch adds two new primitives, grub_set_mem_attrs() and +grub_clear_mem_attrs(), and associated constant definitions, to be used +for that purpose. + +For most platforms, it adds a dummy implementation that returns +GRUB_ERR_NONE. On EFI platforms, it adds a common helper function, +grub_efi_status_to_err(), which translates EFI error codes to grub error +codes, adds headers for the EFI Memory Attribute Protocol (still pending +standardization), and an implementation of the grub nx primitives using +it. + +Signed-off-by: Peter Jones +[rharwood: add pjones's none/nyi fixup] +Signed-off-by: Robbie Harwood +(cherry picked from commit 35de78a8d32b9fad5291ec96fd3cbb9cf2f4a80b) +--- + grub-core/kern/efi/efi.c | 36 +++++++++++++ + grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 25 +++++++++ + include/grub/efi/efi.h | 2 + + include/grub/mm.h | 32 ++++++++++++ + 5 files changed, 226 insertions(+) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 7fcca69c17..4ac2b2754e 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -1096,3 +1096,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + + return 0; + } ++ ++grub_err_t ++grub_efi_status_to_err (grub_efi_status_t status) ++{ ++ grub_err_t err; ++ switch (status) ++ { ++ case GRUB_EFI_SUCCESS: ++ err = GRUB_ERR_NONE; ++ break; ++ case GRUB_EFI_INVALID_PARAMETER: ++ default: ++ err = GRUB_ERR_BAD_ARGUMENT; ++ break; ++ case GRUB_EFI_OUT_OF_RESOURCES: ++ err = GRUB_ERR_OUT_OF_MEMORY; ++ break; ++ case GRUB_EFI_DEVICE_ERROR: ++ err = GRUB_ERR_IO; ++ break; ++ case GRUB_EFI_WRITE_PROTECTED: ++ err = GRUB_ERR_WRITE_ERROR; ++ break; ++ case GRUB_EFI_SECURITY_VIOLATION: ++ err = GRUB_ERR_ACCESS_DENIED; ++ break; ++ case GRUB_EFI_NOT_FOUND: ++ err = GRUB_ERR_FILE_NOT_FOUND; ++ break; ++ case GRUB_EFI_ABORTED: ++ err = GRUB_ERR_WAIT; ++ break; ++ } ++ ++ return err; ++} +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index e84961d078..2c33758ed7 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -738,3 +738,134 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) + return GRUB_ERR_NONE; + } + #endif ++ ++static inline grub_uint64_t ++grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs) ++{ ++ grub_uint64_t ret = GRUB_EFI_MEMORY_RP | ++ GRUB_EFI_MEMORY_RO | ++ GRUB_EFI_MEMORY_XP; ++ ++ if (attrs & GRUB_MEM_ATTR_R) ++ ret &= ~GRUB_EFI_MEMORY_RP; ++ ++ if (attrs & GRUB_MEM_ATTR_W) ++ ret &= ~GRUB_EFI_MEMORY_RO; ++ ++ if (attrs & GRUB_MEM_ATTR_X) ++ ret &= ~GRUB_EFI_MEMORY_XP; ++ ++ return ret; ++} ++ ++static inline grub_uint64_t ++uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs) ++{ ++ grub_uint64_t ret = GRUB_MEM_ATTR_R | ++ GRUB_MEM_ATTR_W | ++ GRUB_MEM_ATTR_X; ++ ++ if (attrs & GRUB_EFI_MEMORY_RP) ++ ret &= ~GRUB_MEM_ATTR_R; ++ ++ if (attrs & GRUB_EFI_MEMORY_RO) ++ ret &= ~GRUB_MEM_ATTR_W; ++ ++ if (attrs & GRUB_EFI_MEMORY_XP) ++ ret &= ~GRUB_MEM_ATTR_X; ++ ++ return ret; ++} ++ ++grub_err_t ++grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs) ++{ ++ grub_efi_memory_attribute_protocol_t *proto; ++ grub_efi_physical_address_t physaddr = addr; ++ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; ++ grub_efi_status_t efi_status; ++ ++ proto = grub_efi_locate_protocol (&protocol_guid, 0); ++ if (!proto) ++ return GRUB_ERR_NOT_IMPLEMENTED_YET; ++ ++ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL) ++ { ++ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n", ++ __func__, physaddr, physaddr+size-1, attrs); ++ return 0; ++ } ++ ++ efi_status = efi_call_4(proto->get_memory_attributes, ++ proto, physaddr, size, attrs); ++ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs); ++ ++ return grub_efi_status_to_err (efi_status); ++} ++ ++grub_err_t ++grub_update_mem_attrs (grub_addr_t addr, grub_size_t size, ++ grub_uint64_t set_attrs, grub_uint64_t clear_attrs) ++{ ++ grub_efi_memory_attribute_protocol_t *proto; ++ grub_efi_physical_address_t physaddr = addr; ++ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; ++ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS; ++ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs; ++ grub_err_t err; ++ ++ proto = grub_efi_locate_protocol (&protocol_guid, 0); ++ if (!proto) ++ return GRUB_ERR_NONE; ++ ++ err = grub_get_mem_attrs (addr, size, &before); ++ if (err) ++ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", ++ addr, size, &before, err); ++ ++ if (physaddr & 0xfff || size & 0xfff || size == 0) ++ { ++ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n", ++ __func__, physaddr, physaddr + size - 1, ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); ++ return 0; ++ } ++ ++ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs); ++ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs); ++ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs); ++ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs); ++ if (uefi_set_attrs) ++ efi_status = efi_call_4(proto->set_memory_attributes, ++ proto, physaddr, size, uefi_set_attrs); ++ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs) ++ efi_status = efi_call_4(proto->clear_memory_attributes, ++ proto, physaddr, size, uefi_clear_attrs); ++ ++ err = grub_get_mem_attrs (addr, size, &after); ++ if (err) ++ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", ++ addr, size, &after, err); ++ ++ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n", ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ addr, addr + size - 1, ++ (before & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (before & GRUB_MEM_ATTR_W) ? 'w' : '-', ++ (before & GRUB_MEM_ATTR_X) ? 'x' : '-', ++ (after & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (after & GRUB_MEM_ATTR_W) ? 'w' : '-', ++ (after & GRUB_MEM_ATTR_X) ? 'x' : '-'); ++ ++ return grub_efi_status_to_err (efi_status); ++} +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index f431f49973..464842ba37 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -363,6 +363,11 @@ + { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ + } + ++#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ ++ { 0xf4560cf6, 0x40ec, 0x4b4a, \ ++ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; +@@ -2102,6 +2107,26 @@ struct grub_efi_ip6_config_manual_address { + }; + typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; + ++struct grub_efi_memory_attribute_protocol ++{ ++ grub_efi_status_t (*get_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t *attributes); ++ grub_efi_status_t (*set_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t attributes); ++ grub_efi_status_t (*clear_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t attributes); ++}; ++typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ + || defined(__riscv) +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index ec52083c49..34825c4adc 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -164,4 +164,6 @@ struct grub_net_card; + grub_efi_handle_t + grub_efinet_get_device_handle (struct grub_net_card *card); + ++grub_err_t EXPORT_FUNC(grub_efi_status_to_err) (grub_efi_status_t status); ++ + #endif /* ! GRUB_EFI_EFI_HEADER */ +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 9c38dd3ca5..d81623d226 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -22,6 +22,7 @@ + + #include + #include ++#include + #include + + #ifndef NULL +@@ -38,6 +39,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); + void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); + #endif + ++#define GRUB_MEM_ATTR_R 0x0000000000000004LLU ++#define GRUB_MEM_ATTR_W 0x0000000000000002LLU ++#define GRUB_MEM_ATTR_X 0x0000000000000001LLU ++ ++#ifdef GRUB_MACHINE_EFI ++grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr, ++ grub_size_t size, ++ grub_uint64_t *attrs); ++grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr, ++ grub_size_t size, ++ grub_uint64_t set_attrs, ++ grub_uint64_t clear_attrs); ++#else /* !GRUB_MACHINE_EFI */ ++static inline grub_err_t ++grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)), ++ grub_size_t size __attribute__((__unused__)), ++ grub_uint64_t *attrs __attribute__((__unused__))) ++{ ++ return GRUB_ERR_NONE; ++} ++ ++static inline grub_err_t ++grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)), ++ grub_size_t size __attribute__((__unused__)), ++ grub_uint64_t set_attrs __attribute__((__unused__)), ++ grub_uint64_t clear_attrs __attribute__((__unused__))) ++{ ++ return GRUB_ERR_NONE; ++} ++#endif /* GRUB_MACHINE_EFI */ ++ + void grub_mm_check_real (const char *file, int line); + #define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); + diff --git a/SOURCES/0276-nx-set-page-permissions-for-loaded-modules.patch b/SOURCES/0276-nx-set-page-permissions-for-loaded-modules.patch new file mode 100644 index 0000000..ad3c2aa --- /dev/null +++ b/SOURCES/0276-nx-set-page-permissions-for-loaded-modules.patch @@ -0,0 +1,264 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 17:46:35 -0400 +Subject: [PATCH] nx: set page permissions for loaded modules. + +For NX, we need to set write and executable permissions on the sections +of grub modules when we load them. + +On sections with SHF_ALLOC set, which is typically everything except +.modname and the symbol and string tables, this patch clears the Read +Only flag on sections that have the ELF flag SHF_WRITE set, and clears +the No eXecute flag on sections with SHF_EXECINSTR set. In all other +cases it sets both flags. + +Signed-off-by: Peter Jones +[rharwood: arm tgptr -> tgaddr] +Signed-off-by: Robbie Harwood +(cherry-picked from commit ca74904ede0406b594cbedc52ce8e38a6633d2ae) +--- + grub-core/kern/dl.c | 120 +++++++++++++++++++++++++++++++++++++++------------- + include/grub/dl.h | 44 +++++++++++++++++++ + 2 files changed, 134 insertions(+), 30 deletions(-) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 8c7aacef39..d5de80186f 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -285,6 +285,8 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + #endif + char *ptr; + ++ grub_dprintf ("modules", "loading segments for \"%s\"\n", mod->name); ++ + arch_addralign = grub_arch_dl_min_alignment (); + + for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); +@@ -384,6 +386,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + ptr += got; + #endif + ++ grub_dprintf ("modules", "done loading segments for \"%s\"\n", mod->name); + return GRUB_ERR_NONE; + } + +@@ -517,23 +520,6 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) + return s; + return NULL; + } +-static long +-grub_dl_find_section_index (Elf_Ehdr *e, const char *name) +-{ +- Elf_Shdr *s; +- const char *str; +- unsigned i; +- +- s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); +- str = (char *) e + s->sh_offset; +- +- for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +- i < e->e_shnum; +- i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) +- if (grub_strcmp (str + s->sh_name, name) == 0) +- return (long)i; +- return -1; +-} + + /* Me, Vladimir Serbinenko, hereby I add this module check as per new + GNU module policy. Note that this license check is informative only. +@@ -662,6 +648,7 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) + Elf_Shdr *s; + unsigned i; + ++ grub_dprintf ("modules", "relocating symbols for \"%s\"\n", mod->name); + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); + i < e->e_shnum; + i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) +@@ -670,24 +657,95 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) + grub_dl_segment_t seg; + grub_err_t err; + +- /* Find the target segment. */ +- for (seg = mod->segment; seg; seg = seg->next) +- if (seg->section == s->sh_info) +- break; ++ seg = grub_dl_find_segment(mod, s->sh_info); ++ if (!seg) ++ continue; + +- if (seg) +- { +- if (!mod->symtab) +- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); ++ if (!mod->symtab) ++ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); + +- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); +- if (err) +- return err; +- } ++ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); ++ if (err) ++ return err; + } + ++ grub_dprintf ("modules", "done relocating symbols for \"%s\"\n", mod->name); + return GRUB_ERR_NONE; + } ++ ++static grub_err_t ++grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr) ++{ ++ unsigned i; ++ const Elf_Shdr *s; ++ const Elf_Ehdr *e = ehdr; ++#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) ++ grub_size_t arch_addralign = grub_arch_dl_min_alignment (); ++ grub_addr_t tgaddr; ++ grub_uint64_t tgsz; ++#endif ++ ++ grub_dprintf ("modules", "updating memory attributes for \"%s\"\n", ++ mod->name); ++ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); ++ i < e->e_shnum; ++ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) ++ { ++ grub_dl_segment_t seg; ++ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R; ++ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X; ++ ++ seg = grub_dl_find_segment(mod, i); ++ if (!seg) ++ continue; ++ ++ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC)) ++ continue; ++ ++ if (s->sh_flags & SHF_WRITE) ++ { ++ set_attrs |= GRUB_MEM_ATTR_W; ++ clear_attrs &= ~GRUB_MEM_ATTR_W; ++ } ++ ++ if (s->sh_flags & SHF_EXECINSTR) ++ { ++ set_attrs |= GRUB_MEM_ATTR_X; ++ clear_attrs &= ~GRUB_MEM_ATTR_X; ++ } ++ ++ grub_dprintf ("modules", "setting memory attrs for section \"%s\" to -%s%s%s+%s%s%s\n", ++ grub_dl_get_section_name(e, s), ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); ++ grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size, set_attrs, clear_attrs); ++ } ++ ++#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) ++ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got); ++ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) - tgaddr; ++ ++ if (tgsz) ++ { ++ tgsz = ALIGN_UP(tgsz, arch_addralign); ++ ++ grub_dprintf ("modules", "updating attributes for GOT and trampolines\n", ++ mod->name); ++ grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X, ++ GRUB_MEM_ATTR_W); ++ } ++#endif ++ ++ grub_dprintf ("modules", "done updating module memory attributes for \"%s\"\n", ++ mod->name); ++ ++ return GRUB_ERR_NONE; ++} ++ + static void + grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) + { +@@ -753,6 +811,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) + mod->ref_count = 1; + + grub_dprintf ("modules", "relocating to %p\n", mod); ++ + /* Me, Vladimir Serbinenko, hereby I add this module check as per new + GNU module policy. Note that this license check is informative only. + Modules have to be licensed under GPLv3 or GPLv3+ (optionally +@@ -766,7 +825,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) + || grub_dl_resolve_dependencies (mod, e) + || grub_dl_load_segments (mod, e) + || grub_dl_resolve_symbols (mod, e) +- || grub_dl_relocate_symbols (mod, e)) ++ || grub_dl_relocate_symbols (mod, e) ++ || grub_dl_set_mem_attrs (mod, e)) + { + mod->fini = 0; + grub_dl_unload (mod); +diff --git a/include/grub/dl.h b/include/grub/dl.h +index f36ed5cb17..45ac8e339f 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #endif + + /* +@@ -268,6 +269,49 @@ grub_dl_is_persistent (grub_dl_t mod) + return mod->persistent; + } + ++static inline const char * ++grub_dl_get_section_name (const Elf_Ehdr *e, const Elf_Shdr *s) ++{ ++ Elf_Shdr *str_s; ++ const char *str; ++ ++ str_s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); ++ str = (char *) e + str_s->sh_offset; ++ ++ return str + s->sh_name; ++} ++ ++static inline long ++grub_dl_find_section_index (Elf_Ehdr *e, const char *name) ++{ ++ Elf_Shdr *s; ++ const char *str; ++ unsigned i; ++ ++ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); ++ str = (char *) e + s->sh_offset; ++ ++ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); ++ i < e->e_shnum; ++ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) ++ if (grub_strcmp (str + s->sh_name, name) == 0) ++ return (long)i; ++ return -1; ++} ++ ++/* Return the segment for a section of index N */ ++static inline grub_dl_segment_t ++grub_dl_find_segment (grub_dl_t mod, unsigned n) ++{ ++ grub_dl_segment_t seg; ++ ++ for (seg = mod->segment; seg; seg = seg->next) ++ if (seg->section == n) ++ return seg; ++ ++ return NULL; ++} ++ + #endif + + void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); diff --git a/SOURCES/0277-nx-set-attrs-in-our-kernel-loaders.patch b/SOURCES/0277-nx-set-attrs-in-our-kernel-loaders.patch new file mode 100644 index 0000000..9beee6a --- /dev/null +++ b/SOURCES/0277-nx-set-attrs-in-our-kernel-loaders.patch @@ -0,0 +1,571 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:57:07 -0400 +Subject: [PATCH] nx: set attrs in our kernel loaders + +For NX, our kernel loaders need to set write and execute page +permissions on allocated pages and the stack. + +This patch adds those calls. + +Signed-off-by: Peter Jones +[rharwood: fix aarch64 callsites] +(cherry-picked from commit a9f79a997f01a83b36cdfa89ef2e72ac2a17c06c) +[rharwood: uninitialized stack_attrs, double verification] +Signed-off-by: Robbie Harwood +--- + grub-core/kern/efi/mm.c | 78 ++++++++++++++++++ + grub-core/loader/arm64/linux.c | 16 +++- + grub-core/loader/arm64/xen_boot.c | 4 +- + grub-core/loader/efi/chainloader.c | 11 +++ + grub-core/loader/efi/linux.c | 164 ++++++++++++++++++++++++++++++++++++- + grub-core/loader/i386/efi/linux.c | 26 +++++- + grub-core/loader/i386/linux.c | 5 ++ + include/grub/efi/efi.h | 6 +- + include/grub/efi/linux.h | 17 +++- + include/grub/efi/pe32.h | 2 + + 10 files changed, 314 insertions(+), 15 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 2c33758ed7..88364d764c 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -610,6 +610,82 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, + } + #endif + ++grub_addr_t grub_stack_addr = (grub_addr_t)-1ll; ++grub_size_t grub_stack_size = 0; ++ ++static void ++grub_nx_init (void) ++{ ++ grub_uint64_t attrs, stack_attrs; ++ grub_err_t err; ++ grub_addr_t stack_current, stack_end; ++ const grub_uint64_t page_size = 4096; ++ const grub_uint64_t page_mask = ~(page_size - 1); ++ ++ /* ++ * These are to confirm that the flags are working as expected when ++ * debugging. ++ */ ++ attrs = 0; ++ stack_current = (grub_addr_t)grub_nx_init & page_mask; ++ err = grub_get_mem_attrs (stack_current, page_size, &attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ } ++ else ++ grub_dprintf ("nx", "page attrs for grub_nx_init (%p) are %c%c%c\n", ++ grub_dl_load_core, ++ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); ++ ++ stack_current = (grub_addr_t)&stack_current & page_mask; ++ err = grub_get_mem_attrs (stack_current, page_size, &stack_attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ } ++ else ++ { ++ attrs = stack_attrs; ++ grub_dprintf ("nx", "page attrs for stack (%p) are %c%c%c\n", ++ &attrs, ++ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); ++ } ++ ++ for (stack_end = stack_current + page_size ; ++ !(attrs & GRUB_MEM_ATTR_R); ++ stack_end += page_size) ++ { ++ err = grub_get_mem_attrs (stack_current, page_size, &attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ break; ++ } ++ } ++ if (stack_end > stack_current) ++ { ++ grub_stack_addr = stack_current; ++ grub_stack_size = stack_end - stack_current; ++ grub_dprintf ("nx", ++ "detected stack from 0x%"PRIxGRUB_ADDR" to 0x%"PRIxGRUB_ADDR"\n", ++ grub_stack_addr, grub_stack_addr + grub_stack_size - 1); ++ } ++} ++ + void + grub_efi_mm_init (void) + { +@@ -623,6 +699,8 @@ grub_efi_mm_init (void) + grub_efi_uint64_t required_pages; + int mm_status; + ++ grub_nx_init (); ++ + /* Prepare a memory region to store two memory maps. */ + memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); + if (! memory_map) +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index bcc6ef46e9..70db5a6e0b 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -173,7 +173,8 @@ free_params (void) + } + + grub_err_t +-grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) ++grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args, ++ int nx_supported) + { + grub_err_t retval; + +@@ -183,7 +184,8 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) + + grub_dprintf ("linux", "linux command line: '%s'\n", args); + +- retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); ++ retval = grub_efi_linux_boot (addr, size, handover_offset, ++ (void *)addr, nx_supported); + + /* Never reached... */ + free_params(); +@@ -193,7 +195,10 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) + static grub_err_t + grub_linux_boot (void) + { +- return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args)); ++ return grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, ++ (grub_size_t)kernel_size, ++ linux_args, ++ 0); + } + + static grub_err_t +@@ -342,6 +347,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t align; + void *kernel = NULL; + int rc; ++ int nx_supported = 1; + + grub_dl_ref (my_mod); + +@@ -389,6 +395,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset); + grub_dprintf ("linux", "kernel alignment : 0x%x\n", align); + ++ err = grub_efi_check_nx_image_support((grub_addr_t)kernel, filelen, &nx_supported); ++ if (err != GRUB_ERR_NONE) ++ goto fail; ++ + grub_loader_unset(); + + kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1); +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index d9b7a9ba40..6e7e920416 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -266,7 +266,9 @@ xen_boot (void) + return err; + + return grub_arch_efi_linux_boot_image (xen_hypervisor->start, +- xen_hypervisor->cmdline); ++ xen_hypervisor->size, ++ xen_hypervisor->cmdline, ++ 0); + } + + static void +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 8ef508beca..6ac69f0f59 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1071,6 +1071,17 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ /* ++ * The OS kernel is going to set its own permissions when it takes over ++ * paging a few million instructions from now, and load_image() will set up ++ * anything that's needed based on the section headers, so there's no point ++ * in doing anything but clearing the protection bits here. ++ */ ++ grub_dprintf("nx", "setting attributes for %p (%lu bytes) to %llx\n", ++ (void *)(grub_addr_t)address, fsize, 0llu); ++ grub_update_mem_attrs (address, fsize, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X, 0); ++ + #if defined (__i386__) || defined (__x86_64__) + if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + { +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 9260731c10..dcc9ea40ea 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -66,16 +66,127 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wcast-align" ++#pragma GCC diagnostic ignored "-Wint-to-pointer-cast" ++ ++grub_err_t ++grub_efi_check_nx_image_support (grub_addr_t kernel_addr, ++ grub_size_t kernel_size, ++ int *nx_supported) ++{ ++ struct grub_dos_header *doshdr; ++ grub_size_t sz = sizeof (*doshdr); ++ ++ struct grub_pe32_header_32 *pe32; ++ struct grub_pe32_header_64 *pe64; ++ ++ int image_is_compatible = 0; ++ int is_64_bit; ++ ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ doshdr = (void *)kernel_addr; ++ ++ if ((doshdr->magic & 0xffff) != GRUB_DOS_MAGIC) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel DOS magic is invalid")); ++ ++ sz = doshdr->lfanew + sizeof (*pe32); ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ pe32 = (struct grub_pe32_header_32 *)(kernel_addr + doshdr->lfanew); ++ pe64 = (struct grub_pe32_header_64 *)pe32; ++ ++ if (grub_memcmp (pe32->signature, GRUB_PE32_SIGNATURE, ++ GRUB_PE32_SIGNATURE_SIZE) != 0) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel PE magic is invalid")); ++ ++ switch (pe32->coff_header.machine) ++ { ++ case GRUB_PE32_MACHINE_ARMTHUMB_MIXED: ++ case GRUB_PE32_MACHINE_I386: ++ case GRUB_PE32_MACHINE_RISCV32: ++ is_64_bit = 0; ++ break; ++ case GRUB_PE32_MACHINE_ARM64: ++ case GRUB_PE32_MACHINE_IA64: ++ case GRUB_PE32_MACHINE_RISCV64: ++ case GRUB_PE32_MACHINE_X86_64: ++ is_64_bit = 1; ++ break; ++ default: ++ return grub_error (GRUB_ERR_BAD_OS, N_("PE machine type 0x%04hx unknown"), ++ pe32->coff_header.machine); ++ } ++ ++ if (is_64_bit) ++ { ++ sz = doshdr->lfanew + sizeof (*pe64); ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ if (pe64->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) ++ image_is_compatible = 1; ++ } ++ else ++ { ++ if (pe32->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) ++ image_is_compatible = 1; ++ } ++ ++ *nx_supported = image_is_compatible; ++ return GRUB_ERR_NONE; ++} ++ ++grub_err_t ++grub_efi_check_nx_required (int *nx_required) ++{ ++ grub_efi_status_t status; ++ grub_efi_guid_t guid = GRUB_EFI_SHIM_LOCK_GUID; ++ grub_size_t mok_policy_sz = 0; ++ char *mok_policy = NULL; ++ grub_uint32_t mok_policy_attrs = 0; ++ ++ status = grub_efi_get_variable_with_attributes ("MokPolicy", &guid, ++ &mok_policy_sz, ++ (void **)&mok_policy, ++ &mok_policy_attrs); ++ if (status == GRUB_EFI_NOT_FOUND || ++ mok_policy_sz == 0 || ++ mok_policy == NULL) ++ { ++ *nx_required = 0; ++ return GRUB_ERR_NONE; ++ } ++ ++ *nx_required = 0; ++ if (mok_policy_sz < 1 || ++ mok_policy_attrs != (GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ GRUB_EFI_VARIABLE_RUNTIME_ACCESS) || ++ (mok_policy[mok_policy_sz-1] & GRUB_MOK_POLICY_NX_REQUIRED)) ++ *nx_required = 1; ++ ++ return GRUB_ERR_NONE; ++} + + typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); + + grub_err_t +-grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, +- void *kernel_params) ++grub_efi_linux_boot (grub_addr_t kernel_addr, grub_size_t kernel_size, ++ grub_off_t handover_offset, void *kernel_params, ++ int nx_supported) + { + grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; ++ grub_uint64_t stack_set_attrs = GRUB_MEM_ATTR_R | ++ GRUB_MEM_ATTR_W | ++ GRUB_MEM_ATTR_X; ++ grub_uint64_t stack_clear_attrs = 0; ++ grub_uint64_t kernel_set_attrs = stack_set_attrs; ++ grub_uint64_t kernel_clear_attrs = stack_clear_attrs; ++ grub_uint64_t attrs; ++ int nx_required = 0; + + #ifdef __x86_64__ + offset = 512; +@@ -88,12 +199,57 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (loaded_image) +- loaded_image->image_base = kernel_addr; ++ loaded_image->image_base = (void *)kernel_addr; + else + grub_dprintf ("linux", "Loaded Image base address could not be set\n"); + + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", +- kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); ++ (void *)kernel_addr, (void *)handover_offset, kernel_params); ++ ++ ++ if (nx_required && !nx_supported) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel does not support NX loading required by policy")); ++ ++ if (nx_supported) ++ { ++ kernel_set_attrs &= ~GRUB_MEM_ATTR_W; ++ kernel_clear_attrs |= GRUB_MEM_ATTR_W; ++ stack_set_attrs &= ~GRUB_MEM_ATTR_X; ++ stack_clear_attrs |= GRUB_MEM_ATTR_X; ++ } ++ ++ grub_dprintf ("nx", "Setting attributes for 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to r%cx\n", ++ kernel_addr, kernel_addr + kernel_size - 1, ++ (kernel_set_attrs & GRUB_MEM_ATTR_W) ? 'w' : '-'); ++ grub_update_mem_attrs (kernel_addr, kernel_size, ++ kernel_set_attrs, kernel_clear_attrs); ++ ++ grub_get_mem_attrs (kernel_addr, 4096, &attrs); ++ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", ++ (grub_addr_t)kernel_addr, ++ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", ++ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", ++ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); ++ if (grub_stack_addr != (grub_addr_t)-1ll) ++ { ++ grub_dprintf ("nx", "Setting attributes for stack at 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to rw%c\n", ++ grub_stack_addr, grub_stack_addr + grub_stack_size - 1, ++ (stack_set_attrs & GRUB_MEM_ATTR_X) ? 'x' : '-'); ++ grub_update_mem_attrs (grub_stack_addr, grub_stack_size, ++ stack_set_attrs, stack_clear_attrs); ++ ++ grub_get_mem_attrs (grub_stack_addr, 4096, &attrs); ++ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", ++ grub_stack_addr, ++ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", ++ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", ++ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); ++ } ++ ++#if defined(__i386__) || defined(__x86_64__) ++ asm volatile ("cli"); ++#endif ++ + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index b832c85728..dc98077378 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -45,7 +45,7 @@ struct grub_linuxefi_context { + grub_uint32_t handover_offset; + struct linux_kernel_params *params; + char *cmdline; +- ++ int nx_supported; + void *initrd_mem; + }; + +@@ -111,13 +111,19 @@ kernel_alloc(grub_efi_uintn_t size, + pages = BYTES_TO_PAGES(size); + grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", + (unsigned long)pages, (void *)(unsigned long)max); ++ size = pages * GRUB_EFI_PAGE_SIZE; + + prev_max = max; + addr = grub_efi_allocate_pages_real (max, pages, + max_addresses[i].alloc_type, + memtype); + if (addr) +- grub_dprintf ("linux", "Allocated at %p\n", addr); ++ { ++ grub_dprintf ("linux", "Allocated at %p\n", addr); ++ grub_update_mem_attrs ((grub_addr_t)addr, size, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, ++ GRUB_MEM_ATTR_X); ++ } + } + + while (grub_error_pop ()) +@@ -138,9 +144,11 @@ grub_linuxefi_boot (void *data) + + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)context->kernel_mem, ++ return grub_efi_linux_boot ((grub_addr_t)context->kernel_mem, ++ context->kernel_size, + context->handover_offset, +- context->params); ++ context->params, ++ context->nx_supported); + } + + static grub_err_t +@@ -306,7 +314,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t handover_offset; + struct linux_kernel_params *params = 0; + char *cmdline = 0; ++ int nx_supported = 1; + struct grub_linuxefi_context *context = 0; ++ grub_err_t err; + + grub_dl_ref (my_mod); + +@@ -347,6 +357,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + ++ err = grub_efi_check_nx_image_support ((grub_addr_t)kernel, filelen, ++ &nx_supported); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ grub_dprintf ("linux", "nx is%s supported by this kernel\n", ++ nx_supported ? "" : " not"); ++ + lh = (struct linux_i386_kernel_header *)kernel; + grub_dprintf ("linux", "original lh is at %p\n", kernel); + +@@ -511,6 +528,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + context->handover_offset = handover_offset; + context->params = params; + context->cmdline = cmdline; ++ context->nx_supported = nx_supported; + + grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 4aeb0e4b9a..3c1ff64763 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -805,6 +805,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + kernel_offset += len; + } + ++ grub_dprintf("efi", "setting attributes for %p (%zu bytes) to +rw-x\n", ++ &linux_params, sizeof (lh) + len); ++ grub_update_mem_attrs ((grub_addr_t)&linux_params, sizeof (lh) + len, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, GRUB_MEM_ATTR_X); ++ + linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR; + linux_params.kernel_alignment = (1 << align); + linux_params.ps_mouse = linux_params.padding11 = 0; +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 34825c4adc..449e55269f 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -140,12 +140,16 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, + char **device, + char **path); + ++extern grub_addr_t EXPORT_VAR(grub_stack_addr); ++extern grub_size_t EXPORT_VAR(grub_stack_size); ++ + #if defined(__arm__) || defined(__aarch64__) || defined(__riscv) + void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); + grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); + #include + grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); +-grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args); ++grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, ++ char *args, int nx_enabled); + #endif + + grub_addr_t grub_efi_section_addr (const char *section); +diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h +index 0033d9305a..8130b19590 100644 +--- a/include/grub/efi/linux.h ++++ b/include/grub/efi/linux.h +@@ -22,10 +22,23 @@ + #include + #include + ++#define GRUB_MOK_POLICY_NX_REQUIRED 0x1 ++ + int + EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++ + grub_err_t +-EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, +- void *kernel_param); ++EXPORT_FUNC(grub_efi_linux_boot) (grub_addr_t kernel_address, ++ grub_size_t kernel_size, ++ grub_off_t handover_offset, ++ void *kernel_param, int nx_enabled); ++ ++grub_err_t ++EXPORT_FUNC(grub_efi_check_nx_image_support) (grub_addr_t kernel_addr, ++ grub_size_t kernel_size, ++ int *nx_supported); ++ ++grub_err_t ++EXPORT_FUNC(grub_efi_check_nx_required) (int *nx_required); + + #endif /* ! GRUB_EFI_LINUX_HEADER */ +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index 2a5e1ee003..a5e623eb04 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -181,6 +181,8 @@ struct grub_pe32_optional_header + struct grub_pe32_data_directory reserved_entry; + }; + ++#define GRUB_PE32_NX_COMPAT 0x0100 ++ + struct grub_pe64_optional_header + { + grub_uint16_t magic; diff --git a/SOURCES/0278-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch b/SOURCES/0278-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch new file mode 100644 index 0000000..8b5075b --- /dev/null +++ b/SOURCES/0278-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:57:20 -0400 +Subject: [PATCH] nx: set the nx compatible flag in EFI grub images + +For NX, we need the grub binary to announce that it is compatible with +the NX feature. This implies that when loading the executable grub +image, several attributes are true: + +- the binary doesn't need an executable stack +- the binary doesn't need sections to be both executable and writable +- the binary knows how to use the EFI Memory Attributes protocol on code + it is loading. + +This patch adds a definition for the PE DLL Characteristics flag +GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag. + +Signed-off-by: Peter Jones +(cherry picked from commit 0c7f1aed5a87f75051b421903a900ccb4bbd795a) +--- + util/mkimage.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/util/mkimage.c b/util/mkimage.c +index 8319e8dfbd..c3d33aaac8 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1418,6 +1418,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + section = (struct grub_pe32_section_table *)(o64 + 1); + } + ++ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); + PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); + PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); + PE_OHDR (o32, o64, image_base) = 0; diff --git a/SOURCES/0279-Make-debug-file-show-which-file-filters-get-run.patch b/SOURCES/0279-Make-debug-file-show-which-file-filters-get-run.patch new file mode 100644 index 0000000..475b3b4 --- /dev/null +++ b/SOURCES/0279-Make-debug-file-show-which-file-filters-get-run.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 29 Jul 2022 15:56:00 -0400 +Subject: [PATCH] Make debug=file show which file filters get run. + +If one of the file filters breaks things, it's hard to figure out where +it has happened. + +This makes grub log which filter is being run, which makes it easier to +figure out where you are in the sequence of events. + +Signed-off-by: Peter Jones +(cherry picked from commit d3d6518a13b5440a3be6c66b0ae47447182f2891) +--- + grub-core/kern/file.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index ed69fc0f0f..3f175630ea 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -30,6 +30,14 @@ void (*EXPORT_VAR (grub_grubnet_fini)) (void); + + grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX]; + ++static char *filter_names[] = { ++ [GRUB_FILE_FILTER_VERIFY] = "GRUB_FILE_FILTER_VERIFY", ++ [GRUB_FILE_FILTER_GZIO] = "GRUB_FILE_FILTER_GZIO", ++ [GRUB_FILE_FILTER_XZIO] = "GRUB_FILE_FILTER_XZIO", ++ [GRUB_FILE_FILTER_LZOPIO] = "GRUB_FILE_FILTER_LZOPIO", ++ [GRUB_FILE_FILTER_MAX] = "GRUB_FILE_FILTER_MAX" ++}; ++ + /* Get the device part of the filename NAME. It is enclosed by parentheses. */ + char * + grub_file_get_device_name (const char *name) +@@ -121,6 +129,9 @@ grub_file_open (const char *name, enum grub_file_type type) + if (grub_file_filters[filter]) + { + last_file = file; ++ if (filter < GRUB_FILE_FILTER_MAX) ++ grub_dprintf ("file", "Running %s file filter\n", ++ filter_names[filter]); + file = grub_file_filters[filter] (file, type); + if (file && file != last_file) + { diff --git a/SOURCES/0280-efi-make-the-default-arena-most-of-ram.patch b/SOURCES/0280-efi-make-the-default-arena-most-of-ram.patch new file mode 100644 index 0000000..6821cde --- /dev/null +++ b/SOURCES/0280-efi-make-the-default-arena-most-of-ram.patch @@ -0,0 +1,74 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 29 Jul 2022 15:57:57 -0400 +Subject: [PATCH] efi: make the default arena most of ram + +Currently when populating the initial memory arena on EFI systems, we +count the available regions below GRUB_EFI_MAX_ALLOCATION_ADDRESS from +the EFI memory map and then allocates one quarter of that for our arena. + +Because many systems come up without IOMMUs, we currently set +GRUB_EFI_MAX_ALLOCATION_ADDRESS to 0x7fffffff, i.e. all addresses +allocated must be below 2G[0]. Due to firmware and other +considerations, this makes the most memory we can possibly have in our +arena 512M. + +Because our EFI loader doesn't get kernel and initrd memory from grub's +allocator, but rather reserves it directly from UEFI and then simply +marks those as allocated if they're within grub's arena, it was +historically possible to have initrds that are larger than 512M, because +we could use any memory region below 4G, without concern for grub's +choice of arena size. + +Unfortunately, when we switched to using the "verifiers" API (and thus +the file_filter_t API) to do measurement of kernel and initrd, this +introduced a pattern that allocates the entire file when we call +grub_file_open(), and buffers it to pass to the filter. This results in +needing to have enough space for the initramfs in the grub arena. + +This is bad. + +Since it's unlikely you're going to do anything *other* than loading a +kernel and initramfs that takes much of the available free memory from +UEFI, this patch introduces a workaround by changing the amount we give +to the arena be three quarters of the available memory, rather than one +quarter, thus changing our theoretical initrd limit to 1.5G. In +practice, it may still be smaller than that depending on allocation +fragmentation, but generally it will be most of it. + +Note that this doesn't fix the underlying flaw, which is that there is +no safe way to do the validation correctly using the "verifiers" system +with the current file API without buffering the whole file before +grub_file_read() is ever called, and thus you can't set an allocation +policy for the initial buffer of the file at all, so unless we raise the +allocation limit to >4G, it can't be allocated in the big region. + +[0] I'm not sure there was a good reason not to pick 4G, but even if we + had, at least one common firmware routes the first 2G of physical + RAM to 0x0, and any additional memory starting at 0x100000000. + +Related: rhbz#2112134 + +Signed-off-by: Peter Jones +(cherry picked from commit 005a0aaaad2a00a1fa1e60d94cc4fd5407c22e7d) +--- + grub-core/kern/efi/mm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 88364d764c..0288eab361 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -738,10 +738,10 @@ grub_efi_mm_init (void) + filtered_memory_map_end = filter_memory_map (memory_map, filtered_memory_map, + desc_size, memory_map_end); + +- /* By default, request a quarter of the available memory. */ ++ /* By default, request three quarters of the available memory. */ + total_pages = get_total_pages (filtered_memory_map, desc_size, + filtered_memory_map_end); +- required_pages = (total_pages >> 2); ++ required_pages = (total_pages >> 1) + (total_pages >> 2); + if (required_pages < BYTES_TO_PAGES (MIN_HEAP_SIZE)) + required_pages = BYTES_TO_PAGES (MIN_HEAP_SIZE); + else if (required_pages > BYTES_TO_PAGES (MAX_HEAP_SIZE)) diff --git a/SOURCES/0281-efi-use-enumerated-array-positions-for-our-allocatio.patch b/SOURCES/0281-efi-use-enumerated-array-positions-for-our-allocatio.patch new file mode 100644 index 0000000..de5671c --- /dev/null +++ b/SOURCES/0281-efi-use-enumerated-array-positions-for-our-allocatio.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:06:30 -0400 +Subject: [PATCH] efi: use enumerated array positions for our allocation + choices + +In our kernel allocator on EFI systems, we currently have a growing +amount of code that references the various allocation policies by +position in the array, and of course maintenance of this code scales +very poorly. + +This patch changes them to be enumerated, so they're easier to refer to +farther along in the code without confusion. + +Signed-off-by: Peter Jones +(cherry picked from commit 6768026270cca015d7fef0ecc8a4119e9b3d3923) +--- + grub-core/loader/i386/efi/linux.c | 31 ++++++++++++++++++++----------- + 1 file changed, 20 insertions(+), 11 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index dc98077378..781a333162 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -61,17 +61,26 @@ struct allocation_choice { + grub_efi_allocate_type_t alloc_type; + }; + +-static struct allocation_choice max_addresses[4] = ++enum { ++ KERNEL_PREF_ADDRESS, ++ KERNEL_4G_LIMIT, ++ KERNEL_NO_LIMIT, ++}; ++ ++static struct allocation_choice max_addresses[] = + { + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ [KERNEL_PREF_ADDRESS] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* If the flag in params is set, this one gets changed to be above 4GB. */ ++ [KERNEL_4G_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- /* If the flag in params is set, this one gets changed to be above 4GB. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- { 0, 0 } ++ [KERNEL_NO_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; + +@@ -418,7 +427,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) + { + grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); +- max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; + } + else + { +@@ -491,11 +500,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); + if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) + { +- max_addresses[0].addr = lh->pref_address; +- max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; ++ max_addresses[KERNEL_PREF_ADDRESS].addr = lh->pref_address; ++ max_addresses[KERNEL_PREF_ADDRESS].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; + } +- max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; +- max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; + kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); diff --git a/SOURCES/0282-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch b/SOURCES/0282-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch new file mode 100644 index 0000000..4eccd77 --- /dev/null +++ b/SOURCES/0282-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch @@ -0,0 +1,128 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:24:39 -0400 +Subject: [PATCH] efi: split allocation policy for kernel vs initrd memories. + +Currently in our kernel allocator, we use the same set of choices for +all of our various kernel and initramfs allocations, though they do not +have exactly the same constraints. + +This patch adds the concept of an allocation purpose, which currently +can be KERNEL_MEM or INITRD_MEM, and updates kernel_alloc() calls +appropriately, but does not change any current policy decision. It +also adds a few debug prints. + +Signed-off-by: Peter Jones +(cherry picked from commit 36307bed28cd838116fc4af26a30719660d62d4c) +--- + grub-core/loader/i386/efi/linux.c | 35 +++++++++++++++++++++++++++-------- + 1 file changed, 27 insertions(+), 8 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 781a333162..b9cd443a9a 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -56,7 +56,14 @@ struct grub_linuxefi_context { + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + ++typedef enum { ++ NO_MEM, ++ KERNEL_MEM, ++ INITRD_MEM, ++} kernel_alloc_purpose_t; ++ + struct allocation_choice { ++ kernel_alloc_purpose_t purpose; + grub_efi_physical_address_t addr; + grub_efi_allocate_type_t alloc_type; + }; +@@ -65,6 +72,7 @@ enum { + KERNEL_PREF_ADDRESS, + KERNEL_4G_LIMIT, + KERNEL_NO_LIMIT, ++ INITRD_MAX_ADDRESS, + }; + + static struct allocation_choice max_addresses[] = +@@ -72,14 +80,17 @@ static struct allocation_choice max_addresses[] = + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ + [KERNEL_PREF_ADDRESS] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* If the flag in params is set, this one gets changed to be above 4GB. */ + [KERNEL_4G_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ + [KERNEL_NO_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* this is for the initrd */ ++ [INITRD_MAX_ADDRESS] = ++ { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; +@@ -96,7 +107,8 @@ kernel_free(void *addr, grub_efi_uintn_t size) + } + + static void * +-kernel_alloc(grub_efi_uintn_t size, ++kernel_alloc(kernel_alloc_purpose_t purpose, ++ grub_efi_uintn_t size, + grub_efi_memory_type_t memtype, + const char * const errmsg) + { +@@ -109,6 +121,9 @@ kernel_alloc(grub_efi_uintn_t size, + grub_uint64_t max = max_addresses[i].addr; + grub_efi_uintn_t pages; + ++ if (purpose != max_addresses[i].purpose) ++ continue; ++ + /* + * When we're *not* loading the kernel, or >4GB allocations aren't + * supported, these entries are basically all the same, so don't re-try +@@ -262,7 +277,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ grub_dprintf ("linux", "Trying to allocate initrd mem\n"); ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -435,7 +451,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, ++ params = kernel_alloc (KERNEL_MEM, sizeof(*params), ++ GRUB_EFI_RUNTIME_SERVICES_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -458,7 +475,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- cmdline = kernel_alloc (lh->cmdline_size + 1, ++ cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, + GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate cmdline")); + if (!cmdline) +@@ -506,7 +523,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; +- kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, ++ grub_dprintf ("linux", "Trying to allocate kernel mem\n"); ++ kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, ++ GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0283-efi-allocate-the-initrd-within-the-bounds-expressed-.patch b/SOURCES/0283-efi-allocate-the-initrd-within-the-bounds-expressed-.patch new file mode 100644 index 0000000..a58a8b6 --- /dev/null +++ b/SOURCES/0283-efi-allocate-the-initrd-within-the-bounds-expressed-.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:07:50 -0400 +Subject: [PATCH] efi: allocate the initrd within the bounds expressed by the + kernel + +Currently on x86, only linux kernels built with CONFIG_RELOCATABLE for +x86_64 can be loaded above 4G, but the maximum address for the initramfs +is specified via a HdrS field. This allows us to utilize that value, +and unless loading the kernel above 4G, uses the value present there. +If loading kernel above 4G is allowed, we assume loading the initramfs +above 4G also works; in practice this has been true in the kernel code +for quite some time. + +Resolves: rhbz#2112134 + +Signed-off-by: Peter Jones +(cherry picked from commit 3e08c35f316990913718a4457665e8f653ecaa52) +--- + grub-core/loader/i386/efi/linux.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index b9cd443a9a..801e663fee 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -191,6 +191,8 @@ grub_linuxefi_unload (void *data) + cmd_initrdefi->data = 0; + grub_free (context); + ++ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ + return GRUB_ERR_NONE; + } + +@@ -439,11 +441,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + ++ max_addresses[INITRD_MAX_ADDRESS].addr = lh->initrd_addr_max; + #if defined(__x86_64__) + if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) + { + grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); + max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; ++ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_USABLE_ADDRESS; + } + else + { +@@ -573,6 +577,8 @@ fail: + + grub_dl_unref (my_mod); + ++ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ + if (lh) + kernel_free (cmdline, lh->cmdline_size + 1); + diff --git a/SOURCES/0284-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch b/SOURCES/0284-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch new file mode 100644 index 0000000..5ae7c7e --- /dev/null +++ b/SOURCES/0284-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 13:04:43 -0400 +Subject: [PATCH] efi: use EFI_LOADER_(CODE|DATA) for kernel and initrd + allocations + +At some point due to an erroneous kernel warning, we switched kernel and +initramfs to being loaded in EFI_RUNTIME_SERVICES_CODE and +EFI_RUNTIME_SERVICES_DATA memory pools. This doesn't appear to be +correct according to the spec, and that kernel warning has gone away. + +This patch puts them back in EFI_LOADER_CODE and EFI_LOADER_DATA +allocations, respectively. + +Resolves: rhbz#2108456 + +Signed-off-by: Peter Jones +(cherry picked from commit 35b5d5fa47bc394c76022e6595b173e68f53225e) +--- + grub-core/loader/i386/efi/linux.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 801e663fee..f23b3f7b01 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -280,7 +280,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + + grub_dprintf ("linux", "Trying to allocate initrd mem\n"); +- initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_LOADER_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -456,7 +456,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + #endif + + params = kernel_alloc (KERNEL_MEM, sizeof(*params), +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -480,7 +480,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "setting up cmdline\n"); + cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + N_("can't allocate cmdline")); + if (!cmdline) + goto fail; +@@ -529,7 +529,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + kernel_size = lh->init_size; + grub_dprintf ("linux", "Trying to allocate kernel mem\n"); + kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, +- GRUB_EFI_RUNTIME_SERVICES_CODE, ++ GRUB_EFI_LOADER_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0285-BLS-create-etc-kernel-cmdline-during-mkconfig.patch b/SOURCES/0285-BLS-create-etc-kernel-cmdline-during-mkconfig.patch new file mode 100644 index 0000000..8d7405e --- /dev/null +++ b/SOURCES/0285-BLS-create-etc-kernel-cmdline-during-mkconfig.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 2 Aug 2022 15:56:28 -0400 +Subject: [PATCH] BLS: create /etc/kernel/cmdline during mkconfig + +Signed-off-by: Robbie Harwood +(cherry picked from commit 0837dcdf17ac0429bafa4dbf063b2a94385c04ca) +--- + util/grub.d/10_linux.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 6ee0a2cf3d..ec529eb814 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -166,6 +166,12 @@ update_bls_cmdline() + local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + local -a files=($(get_sorted_bls)) + ++ if [[ ! -f /etc/kernel/cmdline ]]; then ++ # anaconda has the correct information to do this during install; ++ # afterward, grubby will take care of syncing on updates. ++ echo "$cmdline rhgb quiet" > /etc/kernel/cmdline ++ fi ++ + for bls in "${files[@]}"; do + local options="${cmdline}" + if [ -z "${bls##*debug*}" ]; then diff --git a/SOURCES/0286-ieee1275-implement-vec5-for-cas-negotiation.patch b/SOURCES/0286-ieee1275-implement-vec5-for-cas-negotiation.patch new file mode 100644 index 0000000..f9f2170 --- /dev/null +++ b/SOURCES/0286-ieee1275-implement-vec5-for-cas-negotiation.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 25 Aug 2022 11:37:56 -0400 +Subject: [PATCH] ieee1275: implement vec5 for cas negotiation + +As a legacy support, if the vector 5 is not implemented, Power +Hypervisor will consider the max CPUs as 64 instead 256 currently +supported during client-architecture-support negotiation. + +This patch implements the vector 5 and set the MAX CPUs to 256 while +setting the others values to 0 (default). + +Signed-off-by: Diego Domingos +Signed-off-by: Robbie Harwood +(cherry picked from commit f735c65b6da8a9d4251242b37774e1a517511253) +--- + grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index ef55107467..6a51c9efab 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -311,6 +311,18 @@ struct option_vector2 { + grub_uint8_t max_pft_size; + } __attribute__((packed)); + ++struct option_vector5 { ++ grub_uint8_t byte1; ++ grub_uint8_t byte2; ++ grub_uint8_t byte3; ++ grub_uint8_t cmo; ++ grub_uint8_t associativity; ++ grub_uint8_t bin_opts; ++ grub_uint8_t micro_checkpoint; ++ grub_uint8_t reserved0; ++ grub_uint32_t max_cpus; ++} __attribute__((packed)); ++ + struct pvr_entry { + grub_uint32_t mask; + grub_uint32_t entry; +@@ -329,6 +341,8 @@ struct cas_vector { + grub_uint16_t vec3; + grub_uint8_t vec4_size; + grub_uint16_t vec4; ++ grub_uint8_t vec5_size; ++ struct option_vector5 vec5; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -349,7 +363,7 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 4 - 1, ++ .num_vecs = 5 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, +@@ -360,6 +374,10 @@ grub_ieee1275_ibm_cas (void) + .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied + .vec4_size = 2 - 1, + .vec4 = 0x0001, // set required minimum capacity % to the lowest value ++ .vec5_size = 1 + sizeof(struct option_vector5) - 2, ++ .vec5 = { ++ 0, 0, 0, 0, 0, 0, 0, 0, 256 ++ } + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); diff --git a/SOURCES/0287-squish-don-t-dup-rhgb-quiet-check-mtimes.patch b/SOURCES/0287-squish-don-t-dup-rhgb-quiet-check-mtimes.patch new file mode 100644 index 0000000..9498f71 --- /dev/null +++ b/SOURCES/0287-squish-don-t-dup-rhgb-quiet-check-mtimes.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 17 Aug 2022 10:26:07 -0400 +Subject: [PATCH] squish: don't dup rhgb quiet, check mtimes + +Signed-off-by: Robbie Harwood +(cherry picked from commit 275a0487c74e309cfd0a8c670740f6c34e729c45) +--- + util/grub.d/10_linux.in | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index ec529eb814..becf5ba9c6 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -166,10 +166,16 @@ update_bls_cmdline() + local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + local -a files=($(get_sorted_bls)) + +- if [[ ! -f /etc/kernel/cmdline ]]; then +- # anaconda has the correct information to do this during install; +- # afterward, grubby will take care of syncing on updates. +- echo "$cmdline rhgb quiet" > /etc/kernel/cmdline ++ if [[ ! -f /etc/kernel/cmdline ]] || ++ [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then ++ # anaconda has the correct information to create this during install; ++ # afterward, grubby will take care of syncing on updates. If the user ++ # has modified /etc/default/grub, try to cope. ++ if [[ ! "$cmdline" =~ "rhgb quiet" ]]; then ++ # ensure these only show up once ++ cmdline="$cmdline rhgb quiet" ++ fi ++ echo "$cmdline" > /etc/kernel/cmdline + fi + + for bls in "${files[@]}"; do diff --git a/SOURCES/0288-squish-give-up-on-rhgb-quiet.patch b/SOURCES/0288-squish-give-up-on-rhgb-quiet.patch new file mode 100644 index 0000000..6e994ed --- /dev/null +++ b/SOURCES/0288-squish-give-up-on-rhgb-quiet.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 17 Aug 2022 11:30:30 -0400 +Subject: [PATCH] squish: give up on rhgb quiet + +Signed-off-by: Robbie Harwood +(cherry picked from commit 12354f586f0748efc5c016b7d2053330f784ab4e) +--- + util/grub.d/10_linux.in | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index becf5ba9c6..5a7e5326da 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -171,10 +171,6 @@ update_bls_cmdline() + # anaconda has the correct information to create this during install; + # afterward, grubby will take care of syncing on updates. If the user + # has modified /etc/default/grub, try to cope. +- if [[ ! "$cmdline" =~ "rhgb quiet" ]]; then +- # ensure these only show up once +- cmdline="$cmdline rhgb quiet" +- fi + echo "$cmdline" > /etc/kernel/cmdline + fi + diff --git a/SOURCES/0289-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch b/SOURCES/0289-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch new file mode 100644 index 0000000..e1e6a87 --- /dev/null +++ b/SOURCES/0289-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Wed, 17 Aug 2022 10:26:03 -0400 +Subject: [PATCH] squish: BLS: only write /etc/kernel/cmdline if writable + +On OSTree systems, `grub2-mkconfig` is run with `/etc` mounted read-only +because as part of the promise of transactional updates, we want to make +sure that we're not modifying the current deployment's state (`/etc` or +`/var`). + +This conflicts with 0837dcdf1 ("BLS: create /etc/kernel/cmdline during +mkconfig") which wants to write to `/etc/kernel/cmdline`. I'm not +exactly sure on the background there, but based on the comment I think +the intent is to fulfill grubby's expectation that the file exists. + +However, in systems like Silverblue, kernel arguments are managed by the +rpm-ostree stack and grubby is not shipped at all. + +Adjust the script slightly so that we only write `/etc/kernel/cmdline` +if the parent directory is writable. + +In the future, we're hoping to simplify things further on rpm-ostree +systems by not running `grub2-mkconfig` at all since libostree already +directly writes BLS entries. Doing that would also have avoided this, +but ratcheting it into existing systems needs more careful thought. + +Signed-off-by: Jonathan Lebon + +Fixes: https://github.com/fedora-silverblue/issue-tracker/issues/322 +(cherry picked from commit 3c3d1a3c4a2dc4adfb38c2724618fefc913a63fc) +--- + util/grub.d/10_linux.in | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 5a7e5326da..b1b9255c32 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -166,12 +166,13 @@ update_bls_cmdline() + local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + local -a files=($(get_sorted_bls)) + +- if [[ ! -f /etc/kernel/cmdline ]] || +- [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then +- # anaconda has the correct information to create this during install; +- # afterward, grubby will take care of syncing on updates. If the user +- # has modified /etc/default/grub, try to cope. +- echo "$cmdline" > /etc/kernel/cmdline ++ if [ -w /etc/kernel ] && ++ [[ ! -f /etc/kernel/cmdline || ++ /etc/kernel/cmdline -ot /etc/default/grub ]]; then ++ # anaconda has the correct information to create this during install; ++ # afterward, grubby will take care of syncing on updates. If the user ++ # has modified /etc/default/grub, try to cope. ++ echo "$cmdline" > /etc/kernel/cmdline + fi + + for bls in "${files[@]}"; do diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index a562c61..62ed7b6 100755 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -122,7 +122,7 @@ %endif %ifarch ppc64le -%global platform_modules " appendedsig " +%global platform_modules " appendedsig tpm " %endif %ifarch aarch64 %{arm} riscv64 @@ -367,7 +367,7 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \ rm -f %{1}.conf \ %{nil} -%global grub_modules " all_video boot blscfg \\\ +%global grub_modules " all_video boot blscfg \\\ cat configfile cryptodisk \\\ echo ext2 f2fs fat font \\\ gcry_rijndael gcry_rsa gcry_serpent \\\ @@ -593,7 +593,7 @@ ln -s ../boot/%{name}/grub.cfg \\\ %{expand:%%files %{1}} \ %defattr(-,root,root,-) \ %config(noreplace) %{_sysconfdir}/%{name}.cfg \ -%ghost %config(noreplace) /boot/%{name}/grub.cfg \ +%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \ %dir %attr(0700,root,root)/boot/loader/entries \ %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \ %ifarch ppc64le \ @@ -622,14 +622,14 @@ ln -s ../boot/%{name}/grub.cfg \\\ %defattr(-,root,root,-) \ %config(noreplace) %{_sysconfdir}/%{name}.cfg \ %config(noreplace) %{_sysconfdir}/%{name}-efi.cfg \ -%attr(0700,root,root)%{efi_esp_dir}/%{2} \ +%attr(0700,root,root) %verify(not mtime) %{efi_esp_dir}/%{2} \ %ifarch %{arm} \ -%attr(0700,root,root)%{efi_esp_boot}/BOOTARM.EFI \ +%attr(0700,root,root) %verify(not mtime) %{efi_esp_boot}/BOOTARM.EFI \ %endif \ %attr(0700,root,root)/boot/%{name}/fonts \ %dir %attr(0700,root,root)/boot/loader/entries \ -%ghost %config(noreplace) /boot/%{name}/grub.cfg \ -%ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \ +%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \ +%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \ %config(noreplace) %verify(not size mode md5 mtime) /boot/%{name}/grubenv \ %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \ %{expand:%if 0%{?without_efi_modules} \ @@ -647,6 +647,6 @@ ln -s ../boot/%{name}/grub.cfg \\\ \ %{expand:%%files %{1}-cdboot} \ %defattr(-,root,root,-) \ -%attr(0700,root,root)%{efi_esp_dir}/%{3} \ +%attr(0700,root,root) %verify(not mtime) %{efi_esp_dir}/%{3} \ %attr(0700,root,root)/boot/%{name}/fonts \ %{nil} diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 2f0eb22..c08b18b 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -225,50 +225,65 @@ Patch0224: 0224-grub-mkconfig-restore-umask-for-grub.cfg.patch Patch0225: 0225-commands-search-Fix-bug-stopping-iteration-when-no-f.patch Patch0226: 0226-search-new-efidisk-only-option-on-EFI-systems.patch Patch0227: 0227-efi-new-connectefi-command.patch -Patch0228: 0228-loader-efi-chainloader-grub_load_and_start_image-doe.patch -Patch0229: 0229-loader-efi-chainloader-simplify-the-loader-state.patch -Patch0230: 0230-commands-boot-Add-API-to-pass-context-to-loader.patch -Patch0231: 0231-loader-efi-chainloader-Use-grub_loader_set_ex.patch -Patch0232: 0232-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch -Patch0233: 0233-loader-i386-efi-linux-Use-grub_loader_set_ex.patch -Patch0234: 0234-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch -Patch0235: 0235-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch -Patch0236: 0236-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch -Patch0237: 0237-video-readers-png-Abort-sooner-if-a-read-operation-f.patch -Patch0238: 0238-video-readers-png-Refuse-to-handle-multiple-image-he.patch -Patch0239: 0239-video-readers-png-Drop-greyscale-support-to-fix-heap.patch -Patch0240: 0240-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch -Patch0241: 0241-video-readers-png-Sanity-check-some-huffman-codes.patch -Patch0242: 0242-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch -Patch0243: 0243-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch -Patch0244: 0244-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch -Patch0245: 0245-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch -Patch0246: 0246-normal-charset-Fix-array-out-of-bounds-formatting-un.patch -Patch0247: 0247-net-netbuff-Block-overly-large-netbuff-allocs.patch -Patch0248: 0248-net-ip-Do-IP-fragment-maths-safely.patch -Patch0249: 0249-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch -Patch0250: 0250-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch -Patch0251: 0251-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch -Patch0252: 0252-net-tftp-Avoid-a-trivial-UAF.patch -Patch0253: 0253-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch -Patch0254: 0254-net-http-Fix-OOB-write-for-split-http-headers.patch -Patch0255: 0255-net-http-Error-out-on-headers-with-LF-without-CR.patch -Patch0256: 0256-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch -Patch0257: 0257-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch -Patch0258: 0258-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch -Patch0259: 0259-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch -Patch0260: 0260-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch -Patch0261: 0261-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch -Patch0262: 0262-misc-Make-grub_min-and-grub_max-more-resilient.patch -Patch0263: 0263-ReiserFS-switch-to-using-grub_min-grub_max.patch -Patch0264: 0264-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch -Patch0265: 0265-modules-make-.module_license-read-only.patch -Patch0266: 0266-modules-strip-.llvm_addrsig-sections-and-similar.patch -Patch0267: 0267-modules-Don-t-allocate-space-for-non-allocable-secti.patch -Patch0268: 0268-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch -Patch0269: 0269-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch -Patch0270: 0270-modules-load-module-sections-at-page-aligned-address.patch -Patch0271: 0271-nx-add-memory-attribute-get-set-API.patch -Patch0272: 0272-nx-set-page-permissions-for-loaded-modules.patch -Patch0273: 0273-nx-set-attrs-in-our-kernel-loaders.patch -Patch0274: 0274-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +Patch0228: 0228-powerpc-do-CAS-in-a-more-compatible-way.patch +Patch0229: 0229-powerpc-prefix-detection-support-device-names-with-c.patch +Patch0230: 0230-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch +Patch0231: 0231-make-ofdisk_retries-optional.patch +Patch0232: 0232-loader-efi-chainloader-grub_load_and_start_image-doe.patch +Patch0233: 0233-loader-efi-chainloader-simplify-the-loader-state.patch +Patch0234: 0234-commands-boot-Add-API-to-pass-context-to-loader.patch +Patch0235: 0235-loader-efi-chainloader-Use-grub_loader_set_ex.patch +Patch0236: 0236-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch +Patch0237: 0237-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +Patch0238: 0238-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +Patch0239: 0239-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch +Patch0240: 0240-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +Patch0241: 0241-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +Patch0242: 0242-video-readers-png-Refuse-to-handle-multiple-image-he.patch +Patch0243: 0243-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +Patch0244: 0244-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +Patch0245: 0245-video-readers-png-Sanity-check-some-huffman-codes.patch +Patch0246: 0246-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +Patch0247: 0247-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +Patch0248: 0248-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +Patch0249: 0249-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +Patch0250: 0250-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +Patch0251: 0251-net-netbuff-Block-overly-large-netbuff-allocs.patch +Patch0252: 0252-net-ip-Do-IP-fragment-maths-safely.patch +Patch0253: 0253-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +Patch0254: 0254-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +Patch0255: 0255-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +Patch0256: 0256-net-tftp-Avoid-a-trivial-UAF.patch +Patch0257: 0257-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +Patch0258: 0258-net-http-Fix-OOB-write-for-split-http-headers.patch +Patch0259: 0259-net-http-Error-out-on-headers-with-LF-without-CR.patch +Patch0260: 0260-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +Patch0261: 0261-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +Patch0262: 0262-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +Patch0263: 0263-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +Patch0264: 0264-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch +Patch0265: 0265-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch +Patch0266: 0266-misc-Make-grub_min-and-grub_max-more-resilient.patch +Patch0267: 0267-ReiserFS-switch-to-using-grub_min-grub_max.patch +Patch0268: 0268-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch +Patch0269: 0269-modules-make-.module_license-read-only.patch +Patch0270: 0270-modules-strip-.llvm_addrsig-sections-and-similar.patch +Patch0271: 0271-modules-Don-t-allocate-space-for-non-allocable-secti.patch +Patch0272: 0272-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch +Patch0273: 0273-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch +Patch0274: 0274-modules-load-module-sections-at-page-aligned-address.patch +Patch0275: 0275-nx-add-memory-attribute-get-set-API.patch +Patch0276: 0276-nx-set-page-permissions-for-loaded-modules.patch +Patch0277: 0277-nx-set-attrs-in-our-kernel-loaders.patch +Patch0278: 0278-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +Patch0279: 0279-Make-debug-file-show-which-file-filters-get-run.patch +Patch0280: 0280-efi-make-the-default-arena-most-of-ram.patch +Patch0281: 0281-efi-use-enumerated-array-positions-for-our-allocatio.patch +Patch0282: 0282-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch +Patch0283: 0283-efi-allocate-the-initrd-within-the-bounds-expressed-.patch +Patch0284: 0284-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch +Patch0285: 0285-BLS-create-etc-kernel-cmdline-during-mkconfig.patch +Patch0286: 0286-ieee1275-implement-vec5-for-cas-negotiation.patch +Patch0287: 0287-squish-don-t-dup-rhgb-quiet-check-mtimes.patch +Patch0288: 0288-squish-give-up-on-rhgb-quiet.patch +Patch0289: 0289-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 9d0893b..97f3882 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 27%{?dist}.7 +Release: 46%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -41,6 +41,7 @@ Source12: sbat.csv.in %endif %if 0%{?centos} + %ifarch x86_64 aarch64 ppc64le %define sb_key centossecureboot202 %endif @@ -49,8 +50,9 @@ Source12: sbat.csv.in %define sb_key redhatsecureboot502 %endif %ifarch ppc64le -%define sb_key redhatsecureboot602 +%define sb_key redhatsecureboot702 %endif + %endif @@ -530,19 +532,67 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog -* Fri Jun 03 2022 Robbie Harwood - 2.06-27.el9_0.7 +* Thu Aug 25 2022 Robbie Harwood - 2.06-46 +- Sync /etc/kernel/cmdline generation with 2.06-52.fc38 +- Resolves: #1969362 + +* Thu Aug 25 2022 Robbie Harowod - 2.06-45 +- ieee1275: implement vec5 for cas negotiation +- Resolves: #2121192 + +* Mon Aug 15 2022 Robbie Harwood - 2.06-44 +- Skip rpm mtime verification on likely-vfat filesystems +- Resolves: #2047979 + +* Thu Aug 11 2022 Robbie Harwood - 2.06-43 +- Generate BLS snippets during mkconfig +- Resolves: #1969362 + +* Tue Aug 02 2022 Robbie Harwood - 2.06-42 +- Rest of kernel allocator fixups +- Resolves: #2108456 + +* Tue Aug 02 2022 Robbie Harwood - 2.06-41 +- Kernel allocator fixups +- Resolves: #2108456 + +* Mon Jul 18 2022 Robbie Harwood - 2.06-40 +- Rebuild against new ppc64le key +- Resolves: #2074761 + +* Tue Jun 28 2022 Robbie Harwood - 2.06-38 +- Bless the TPM module on ppc64le +- Resolves: #2051314 + +* Fri Jun 03 2022 Robbie Harwood - 2.06-37 - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 -- Resolves: #2089810 +- Resolves: #2070688 + +* Tue May 17 2022 Robbie Harwood - 2.06-32 +- ppc64le: make ofdisk_retries optional +- Resolves: #2070725 + +* Wed May 04 2022 Robbie Harwood - 2.06-30 +- ppc64le: CAS improvements, prefix detection, and vTPM support +- Resolves: #2068281 +- Resolves: #2051314 +- Resolves: #2076798 + +* Wed May 04 2022 Robbie Harwood - 2.06-29 +- Fix rpm verification report on grub.cfg permissions +- Resolves: #2076322 + +* Wed May 04 2022 Robbie Harwood - 2.06-28 +- First 9.1 build; no changes from 9.0 +- Resolves: #2062874 * Wed Mar 09 2022 Robbie Harwood - 2.06-27 - Fix initialization on efidisk patch -- Resolves: #2060948 * Tue Mar 08 2022 Robbie Harwood - 2.06-26 - Re-run signing with updated redhat-release -- Resolves: #1873860 * Mon Feb 28 2022 Robbie Harwood - 2.06-25 - Enable connectefi module