diff --git a/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch b/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
deleted file mode 100644
index 9dccf5a..0000000
--- a/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 11 Jul 2018 13:48:48 -0400
-Subject: [PATCH] Disable multiboot, multiboot2, and linux16 modules on EFI
- builds.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/Makefile.core.def | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index aa44d66aca4..d3e3bfd4d7a 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -1680,7 +1680,7 @@ module = {
-
- common = loader/multiboot.c;
- common = loader/multiboot_mbi2.c;
-- enable = x86;
-+ enable = i386_pc;
- enable = mips;
- };
-
-@@ -1689,7 +1689,7 @@ module = {
- common = loader/multiboot.c;
- x86 = loader/i386/multiboot_mbi.c;
- extra_dist = loader/multiboot_elfxx.c;
-- enable = x86;
-+ enable = i386_pc;
- };
-
- module = {
diff --git a/SOURCES/0216-Force-everything-to-use-python3.patch b/SOURCES/0216-Force-everything-to-use-python3.patch
new file mode 100644
index 0000000..b4b0d74
--- /dev/null
+++ b/SOURCES/0216-Force-everything-to-use-python3.patch
@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 10 Jul 2018 16:54:02 -0400
+Subject: [PATCH] Force everything to use python3
+
+But this still means you need to do PYTHON=python=3 ./autogen.sh if you
+run the world's worst tooling before you patch.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ conf/Makefile.common | 4 ++--
+ gentpl.py | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/conf/Makefile.common b/conf/Makefile.common
+index c75848f5c06..1ecb921db65 100644
+--- a/conf/Makefile.common
++++ b/conf/Makefile.common
+@@ -128,11 +128,11 @@ BUILT_SOURCES =
+
+ .PRECIOUS: $(top_srcdir)/Makefile.util.am
+ $(top_srcdir)/Makefile.util.am: $(top_srcdir)/gentpl.py $(top_srcdir)/Makefile.util.def $(top_srcdir)/Makefile.utilgcry.def
+- python $^ > $@.new || (rm -f $@.new; exit 1)
++ python3 $^ > $@.new || (rm -f $@.new; exit 1)
+ mv $@.new $@
+
+ .PRECIOUS: $(top_srcdir)/grub-core/Makefile.core.am
+ $(top_srcdir)/grub-core/Makefile.core.am: $(top_srcdir)/gentpl.py $(top_srcdir)/grub-core/Makefile.core.def $(top_srcdir)/grub-core/Makefile.gcry.def
+ if [ "x$$GRUB_CONTRIB" != x ]; then echo "You need to run ./autogen.sh manually." >&2; exit 1; fi
+- python $^ > $@.new || (rm -f $@.new; exit 1)
++ python3 $^ > $@.new || (rm -f $@.new; exit 1)
+ mv $@.new $@
+diff --git a/gentpl.py b/gentpl.py
+index baac6a2af69..6409736e81c 100644
+--- a/gentpl.py
++++ b/gentpl.py
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python
++#! /usr/bin/env python3
+ # GRUB -- GRand Unified Bootloader
+ # Copyright (C) 2010,2011,2012,2013 Free Software Foundation, Inc.
+ #
diff --git a/SOURCES/0217-Fix-an-8-year-old-typo.patch b/SOURCES/0217-Fix-an-8-year-old-typo.patch
new file mode 100644
index 0000000..642e46a
--- /dev/null
+++ b/SOURCES/0217-Fix-an-8-year-old-typo.patch
@@ -0,0 +1,23 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 26 Jul 2018 14:54:44 -0400
+Subject: [PATCH] Fix an 8 year old typo.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5f47a9265f3..9ab683fefac 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -307,7 +307,7 @@ fi
+
+ AC_SUBST(bootdirname)
+ AC_DEFINE_UNQUOTED(GRUB_BOOT_DIR_NAME, "$bootdirname",
+- [Default boot directory name]")
++ [Default boot directory name])
+
+ AC_ARG_WITH([grubdir],
+ AS_HELP_STRING([--with-grubdir=DIR],
diff --git a/SOURCES/0217-Force-everything-to-use-python3.patch b/SOURCES/0217-Force-everything-to-use-python3.patch
deleted file mode 100644
index b4b0d74..0000000
--- a/SOURCES/0217-Force-everything-to-use-python3.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 10 Jul 2018 16:54:02 -0400
-Subject: [PATCH] Force everything to use python3
-
-But this still means you need to do PYTHON=python=3 ./autogen.sh if you
-run the world's worst tooling before you patch.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- conf/Makefile.common | 4 ++--
- gentpl.py | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/conf/Makefile.common b/conf/Makefile.common
-index c75848f5c06..1ecb921db65 100644
---- a/conf/Makefile.common
-+++ b/conf/Makefile.common
-@@ -128,11 +128,11 @@ BUILT_SOURCES =
-
- .PRECIOUS: $(top_srcdir)/Makefile.util.am
- $(top_srcdir)/Makefile.util.am: $(top_srcdir)/gentpl.py $(top_srcdir)/Makefile.util.def $(top_srcdir)/Makefile.utilgcry.def
-- python $^ > $@.new || (rm -f $@.new; exit 1)
-+ python3 $^ > $@.new || (rm -f $@.new; exit 1)
- mv $@.new $@
-
- .PRECIOUS: $(top_srcdir)/grub-core/Makefile.core.am
- $(top_srcdir)/grub-core/Makefile.core.am: $(top_srcdir)/gentpl.py $(top_srcdir)/grub-core/Makefile.core.def $(top_srcdir)/grub-core/Makefile.gcry.def
- if [ "x$$GRUB_CONTRIB" != x ]; then echo "You need to run ./autogen.sh manually." >&2; exit 1; fi
-- python $^ > $@.new || (rm -f $@.new; exit 1)
-+ python3 $^ > $@.new || (rm -f $@.new; exit 1)
- mv $@.new $@
-diff --git a/gentpl.py b/gentpl.py
-index baac6a2af69..6409736e81c 100644
---- a/gentpl.py
-+++ b/gentpl.py
-@@ -1,4 +1,4 @@
--#! /usr/bin/python
-+#! /usr/bin/env python3
- # GRUB -- GRand Unified Bootloader
- # Copyright (C) 2010,2011,2012,2013 Free Software Foundation, Inc.
- #
diff --git a/SOURCES/0218-Fix-an-8-year-old-typo.patch b/SOURCES/0218-Fix-an-8-year-old-typo.patch
deleted file mode 100644
index 642e46a..0000000
--- a/SOURCES/0218-Fix-an-8-year-old-typo.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 26 Jul 2018 14:54:44 -0400
-Subject: [PATCH] Fix an 8 year old typo.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5f47a9265f3..9ab683fefac 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -307,7 +307,7 @@ fi
-
- AC_SUBST(bootdirname)
- AC_DEFINE_UNQUOTED(GRUB_BOOT_DIR_NAME, "$bootdirname",
-- [Default boot directory name]")
-+ [Default boot directory name])
-
- AC_ARG_WITH([grubdir],
- AS_HELP_STRING([--with-grubdir=DIR],
diff --git a/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch
new file mode 100644
index 0000000..e5b7c33
--- /dev/null
+++ b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch
@@ -0,0 +1,21 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 26 Jul 2018 15:47:48 -0400
+Subject: [PATCH] autogen: don't run autoreconf in the topdir
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ autogen.sh | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/autogen.sh b/autogen.sh
+index 7537561ad0d..f608b9467a0 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -82,6 +82,4 @@ done
+ echo "Saving timestamps..."
+ echo timestamp > stamp-h.in
+
+-echo "Running autoreconf..."
+-autoreconf -vi
+ exit 0
diff --git a/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
new file mode 100644
index 0000000..292e565
--- /dev/null
+++ b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
@@ -0,0 +1,149 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 26 Jun 2018 17:16:06 -0400
+Subject: [PATCH] Make it so we can tell configure which cflags utils are built
+ with
+
+This lets us have kernel.img be built with TARGET_CFLAGS but grub-mkimage and
+friends built with HOST_CFLAGS. That in turn lets us build with an ARM compiler
+that only has hard-float ABI versions of crt*.o and libgcc*, but still use soft
+float for grub.efi.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ conf/Makefile.common | 23 ++++++++++++-----------
+ gentpl.py | 8 ++++----
+ 3 files changed, 64 insertions(+), 16 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9ab683fefac..819212095ff 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -850,11 +850,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p
+ TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
+ fi
+
++# Should grub utils get the host CFLAGS, or the target CFLAGS?
++AC_ARG_WITH([utils],
++ AS_HELP_STRING([--with-utils=host|target|build],
++ [choose which flags to build utilities with. (default=target)]),
++ [have_with_utils=y],
++ [have_with_utils=n])
++if test x"$have_with_utils" = xy ; then
++ with_utils="$withval"
++else
++ with_utils=target
++fi
++
+ # GRUB doesn't use float or doubles at all. Yet some toolchains may decide
+ # that floats are a good fit to run instead of what's written in the code.
+ # Given that floating point unit is disabled (if present to begin with)
+ # when GRUB is running which may result in various hard crashes.
+-if test x"$platform" != xemu ; then
++if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then
+ AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [
+ grub_cv_target_cc_soft_float=no
+ if test "x$target_cpu" = xarm64; then
+@@ -1939,6 +1951,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include"
+ TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include"
+ TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include"
+
++case "$with_utils" in
++ host)
++ UTILS_CFLAGS=$HOST_CFLAGS
++ UTILS_CPPFLAGS=$HOST_CPPFLAGS
++ UTILS_CCASFLAGS=$HOST_CCASFLAGS
++ UTILS_LDFLAGS=$HOST_LDFLAGS
++ ;;
++ target)
++ UTILS_CFLAGS=$TARGET_CFLAGS
++ UTILS_CPPFLAGS=$TARGET_CPPFLAGS
++ UTILS_CCASFLAGS=$TARGET_CCASFLAGS
++ UTILS_LDFLAGS=$TARGET_LDFLAGS
++ ;;
++ build)
++ UTILS_CFLAGS=$BUILD_CFLAGS
++ UTILS_CPPFLAGS=$BUILD_CPPFLAGS
++ UTILS_CCASFLAGS=$BUILD_CCASFLAGS
++ UTILS_LDFLAGS=$BUILD_LDFLAGS
++ ;;
++ *)
++ AC_MSG_ERROR([--with-utils must be either host, target, or build])
++ ;;
++esac
++AC_MSG_NOTICE([Using $with_utils flags for utilities.])
++
++unset CFLAGS
++unset CPPFLAGS
++unset CCASFLAGS
++unset LDFLAGS
++
++AC_SUBST(UTILS_CFLAGS)
++AC_SUBST(UTILS_CPPFLAGS)
++AC_SUBST(UTILS_CCASFLAGS)
++AC_SUBST(UTILS_LDFLAGS)
++
+ GRUB_TARGET_CPU="${target_cpu}"
+ GRUB_PLATFORM="${platform}"
+
+diff --git a/conf/Makefile.common b/conf/Makefile.common
+index 1ecb921db65..b93879804c0 100644
+--- a/conf/Makefile.common
++++ b/conf/Makefile.common
+@@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1
+ CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
+ STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes
+
+-CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
+-LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
+-CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
+-CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
++CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding
++LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
++CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
++CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
+
+ CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin
+ LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S
+ CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
+ CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
+
+-CFLAGS_PROGRAM =
+-LDFLAGS_PROGRAM =
+-CPPFLAGS_PROGRAM =
+-CCASFLAGS_PROGRAM =
++CFLAGS_PROGRAM = $(UTILS_CFLAGS)
++LDFLAGS_PROGRAM = $(UTILS_LDFLAGS)
++CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS)
++CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS)
+
+-CFLAGS_LIBRARY =
+-CPPFLAGS_LIBRARY =
+-CCASFLAGS_LIBRARY =
++CFLAGS_LIBRARY = $(UTILS_CFLAGS)
++LDFLAGS_LIBRARY = $(UTILS_LDFLAGS)
++CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS)
++CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS)
+
+ # Other variables
+
+diff --git a/gentpl.py b/gentpl.py
+index 6409736e81c..1e4635f4426 100644
+--- a/gentpl.py
++++ b/gentpl.py
+@@ -694,10 +694,10 @@ def module(defn, platform):
+ var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources")
+ var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources")
+ var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform))
+- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform))
+- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
+- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
+- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
++ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform))
++ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
++ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
++ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
+ var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform))
+
+ gvar_add("dist_noinst_DATA", extra_dist(defn))
diff --git a/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch b/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch
deleted file mode 100644
index e5b7c33..0000000
--- a/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 26 Jul 2018 15:47:48 -0400
-Subject: [PATCH] autogen: don't run autoreconf in the topdir
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- autogen.sh | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/autogen.sh b/autogen.sh
-index 7537561ad0d..f608b9467a0 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -82,6 +82,4 @@ done
- echo "Saving timestamps..."
- echo timestamp > stamp-h.in
-
--echo "Running autoreconf..."
--autoreconf -vi
- exit 0
diff --git a/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
deleted file mode 100644
index 292e565..0000000
--- a/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 26 Jun 2018 17:16:06 -0400
-Subject: [PATCH] Make it so we can tell configure which cflags utils are built
- with
-
-This lets us have kernel.img be built with TARGET_CFLAGS but grub-mkimage and
-friends built with HOST_CFLAGS. That in turn lets us build with an ARM compiler
-that only has hard-float ABI versions of crt*.o and libgcc*, but still use soft
-float for grub.efi.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
- conf/Makefile.common | 23 ++++++++++++-----------
- gentpl.py | 8 ++++----
- 3 files changed, 64 insertions(+), 16 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9ab683fefac..819212095ff 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -850,11 +850,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p
- TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
- fi
-
-+# Should grub utils get the host CFLAGS, or the target CFLAGS?
-+AC_ARG_WITH([utils],
-+ AS_HELP_STRING([--with-utils=host|target|build],
-+ [choose which flags to build utilities with. (default=target)]),
-+ [have_with_utils=y],
-+ [have_with_utils=n])
-+if test x"$have_with_utils" = xy ; then
-+ with_utils="$withval"
-+else
-+ with_utils=target
-+fi
-+
- # GRUB doesn't use float or doubles at all. Yet some toolchains may decide
- # that floats are a good fit to run instead of what's written in the code.
- # Given that floating point unit is disabled (if present to begin with)
- # when GRUB is running which may result in various hard crashes.
--if test x"$platform" != xemu ; then
-+if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then
- AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [
- grub_cv_target_cc_soft_float=no
- if test "x$target_cpu" = xarm64; then
-@@ -1939,6 +1951,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include"
- TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include"
- TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include"
-
-+case "$with_utils" in
-+ host)
-+ UTILS_CFLAGS=$HOST_CFLAGS
-+ UTILS_CPPFLAGS=$HOST_CPPFLAGS
-+ UTILS_CCASFLAGS=$HOST_CCASFLAGS
-+ UTILS_LDFLAGS=$HOST_LDFLAGS
-+ ;;
-+ target)
-+ UTILS_CFLAGS=$TARGET_CFLAGS
-+ UTILS_CPPFLAGS=$TARGET_CPPFLAGS
-+ UTILS_CCASFLAGS=$TARGET_CCASFLAGS
-+ UTILS_LDFLAGS=$TARGET_LDFLAGS
-+ ;;
-+ build)
-+ UTILS_CFLAGS=$BUILD_CFLAGS
-+ UTILS_CPPFLAGS=$BUILD_CPPFLAGS
-+ UTILS_CCASFLAGS=$BUILD_CCASFLAGS
-+ UTILS_LDFLAGS=$BUILD_LDFLAGS
-+ ;;
-+ *)
-+ AC_MSG_ERROR([--with-utils must be either host, target, or build])
-+ ;;
-+esac
-+AC_MSG_NOTICE([Using $with_utils flags for utilities.])
-+
-+unset CFLAGS
-+unset CPPFLAGS
-+unset CCASFLAGS
-+unset LDFLAGS
-+
-+AC_SUBST(UTILS_CFLAGS)
-+AC_SUBST(UTILS_CPPFLAGS)
-+AC_SUBST(UTILS_CCASFLAGS)
-+AC_SUBST(UTILS_LDFLAGS)
-+
- GRUB_TARGET_CPU="${target_cpu}"
- GRUB_PLATFORM="${platform}"
-
-diff --git a/conf/Makefile.common b/conf/Makefile.common
-index 1ecb921db65..b93879804c0 100644
---- a/conf/Makefile.common
-+++ b/conf/Makefile.common
-@@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1
- CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
- STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes
-
--CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
--LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
--CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
--CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-+CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding
-+LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
-+CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
-+CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-
- CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin
- LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S
- CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
- CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-
--CFLAGS_PROGRAM =
--LDFLAGS_PROGRAM =
--CPPFLAGS_PROGRAM =
--CCASFLAGS_PROGRAM =
-+CFLAGS_PROGRAM = $(UTILS_CFLAGS)
-+LDFLAGS_PROGRAM = $(UTILS_LDFLAGS)
-+CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS)
-+CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS)
-
--CFLAGS_LIBRARY =
--CPPFLAGS_LIBRARY =
--CCASFLAGS_LIBRARY =
-+CFLAGS_LIBRARY = $(UTILS_CFLAGS)
-+LDFLAGS_LIBRARY = $(UTILS_LDFLAGS)
-+CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS)
-+CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS)
-
- # Other variables
-
-diff --git a/gentpl.py b/gentpl.py
-index 6409736e81c..1e4635f4426 100644
---- a/gentpl.py
-+++ b/gentpl.py
-@@ -694,10 +694,10 @@ def module(defn, platform):
- var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources")
- var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources")
- var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform))
-- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform))
-- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
-- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
-- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
-+ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform))
-+ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
-+ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
-+ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
- var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform))
-
- gvar_add("dist_noinst_DATA", extra_dist(defn))
diff --git a/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch
new file mode 100644
index 0000000..0bdfca1
--- /dev/null
+++ b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch
@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 1 Aug 2018 10:24:52 -0400
+Subject: [PATCH] module-verifier: make it possible to run checkers on
+ grub-module-verifierxx.c
+
+This makes it so you can treat grub-module-verifierxx.c as a file you can
+build directly, so syntax checkers like vim's "syntastic" plugin, which uses
+"gcc -x c -fsyntax-only" to build it, will work.
+
+One still has to do whatever setup is required to make it pick the right
+include dirs, which -W options we use, etc., but this makes it so you can do
+the checking on the file you're editing, rather than on a different file.
+
+v2: fix the typo in the #else clause in util/grub-module-verifierXX.c
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ util/grub-module-verifier32.c | 2 ++
+ util/grub-module-verifier64.c | 2 ++
+ util/grub-module-verifierXX.c | 9 +++++++++
+ 3 files changed, 13 insertions(+)
+
+diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c
+index 257229f8f08..ba7d41aafea 100644
+--- a/util/grub-module-verifier32.c
++++ b/util/grub-module-verifier32.c
+@@ -1,2 +1,4 @@
+ #define MODULEVERIFIER_ELF32 1
++#ifndef GRUB_MODULE_VERIFIERXX
+ #include "grub-module-verifierXX.c"
++#endif
+diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c
+index 4db6b4bedd1..fc23ef800b3 100644
+--- a/util/grub-module-verifier64.c
++++ b/util/grub-module-verifier64.c
+@@ -1,2 +1,4 @@
+ #define MODULEVERIFIER_ELF64 1
++#ifndef GRUB_MODULE_VERIFIERXX
+ #include "grub-module-verifierXX.c"
++#endif
+diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
+index 1feaafc9b9e..597ded14362 100644
+--- a/util/grub-module-verifierXX.c
++++ b/util/grub-module-verifierXX.c
+@@ -1,3 +1,12 @@
++#define GRUB_MODULE_VERIFIERXX
++#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64)
++#if __SIZEOF_POINTER__ == 8
++#include "grub-module-verifier64.c"
++#else
++#include "grub-module-verifier32.c"
++#endif
++#endif
++
+ #include <string.h>
+
+ #include <grub/elf.h>
diff --git a/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch
new file mode 100644
index 0000000..c27d065
--- /dev/null
+++ b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch
@@ -0,0 +1,250 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 1 Aug 2018 10:12:47 -0400
+Subject: [PATCH] grub-module-verifier: report the filename or modname in
+ errors.
+
+Make it so that when grub-module-verifier complains of an issue, it tells you
+which module the issue was with.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ util/grub-module-verifier.c | 6 ++---
+ util/grub-module-verifierXX.c | 58 ++++++++++++++++++++++--------------------
+ include/grub/module_verifier.h | 4 +--
+ 3 files changed, 36 insertions(+), 32 deletions(-)
+
+diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
+index a79271f6631..03ba1ab437a 100644
+--- a/util/grub-module-verifier.c
++++ b/util/grub-module-verifier.c
+@@ -157,7 +157,7 @@ main (int argc, char **argv)
+ if (strcmp(archs[arch].name, argv[2]) == 0)
+ break;
+ if (arch == ARRAY_SIZE(archs))
+- grub_util_error("unknown arch: %s", argv[2]);
++ grub_util_error("%s: unknown arch: %s", argv[1], argv[2]);
+
+ for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++)
+ if (strcmp(whitelists[whitelist].arch, argv[2]) == 0
+@@ -169,8 +169,8 @@ main (int argc, char **argv)
+ module_size = grub_util_get_image_size (argv[1]);
+ module_img = grub_util_read_image (argv[1]);
+ if (archs[arch].voidp_sizeof == 8)
+- grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty);
++ grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
+ else
+- grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty);
++ grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
+ return 0;
+ }
+diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
+index 597ded14362..a98e2f9b1ac 100644
+--- a/util/grub-module-verifierXX.c
++++ b/util/grub-module-verifierXX.c
+@@ -160,14 +160,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c
+ }
+
+ static void
+-check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
++check_license (const char * const filename,
++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
+ {
+ Elf_Shdr *s = find_section (arch, e, ".module_license");
+ if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
+ return;
+- grub_util_error ("incompatible license");
++ grub_util_error ("%s: incompatible license", filename);
+ }
+
+ static Elf_Sym *
+@@ -233,10 +234,10 @@ check_symbols (const struct grub_module_verifier_arch *arch,
+ s = find_section (arch, e, ".moddeps");
+
+ if (!s)
+- grub_util_error ("no symbol table and no .moddeps section");
++ grub_util_error ("%s: no symbol table and no .moddeps section", modname);
+
+ if (!s->sh_size)
+- grub_util_error ("no symbol table and empty .moddeps section");
++ grub_util_error ("%s: no symbol table and empty .moddeps section", modname);
+
+ return;
+ }
+@@ -257,7 +258,7 @@ check_symbols (const struct grub_module_verifier_arch *arch,
+ break;
+
+ default:
+- return grub_util_error ("unknown symbol type `%d'", (int) type);
++ return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type);
+ }
+ }
+ }
+@@ -283,7 +284,8 @@ is_symbol_local(Elf_Sym *sym)
+ }
+
+ static void
+-section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr,
++section_check_relocations (const char * const modname,
++ const struct grub_module_verifier_arch *arch, void *ehdr,
+ Elf_Shdr *s, size_t target_seg_size)
+ {
+ Elf_Rel *rel, *max;
+@@ -292,7 +294,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
+
+ symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize);
+ if (!symtab)
+- grub_util_error ("relocation without symbol table");
++ grub_util_error ("%s: relocation without symbol table", modname);
+
+ for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)),
+ max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size));
+@@ -303,7 +305,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
+ unsigned i;
+
+ if (target_seg_size < grub_target_to_host (rel->r_offset))
+- grub_util_error ("reloc offset is out of the segment");
++ grub_util_error ("%s: reloc offset is out of the segment", modname);
+
+ grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info));
+
+@@ -316,17 +318,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
+ if (arch->supported_relocations[i] != -1)
+ continue;
+ if (!arch->short_relocations)
+- grub_util_error ("unsupported relocation 0x%x", type);
++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
+ for (i = 0; arch->short_relocations[i] != -1; i++)
+ if (type == arch->short_relocations[i])
+ break;
+ if (arch->short_relocations[i] == -1)
+- grub_util_error ("unsupported relocation 0x%x", type);
++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
+ sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info)));
+
+ if (is_symbol_local (sym))
+ continue;
+- grub_util_error ("relocation 0x%x is not module-local", type);
++ grub_util_error ("%s: relocation 0x%x is not module-local", modname, type);
+ }
+ #if defined(MODULEVERIFIER_ELF64)
+ if (arch->machine == EM_AARCH64)
+@@ -351,11 +353,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
+ && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC)
+ break;
+ if (rel2 >= (Elf_Rela *) max)
+- grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC");
++ grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname);
+ break;
+ case R_AARCH64_LD64_GOT_LO12_NC:
+ if (unmatched_adr_got_page == 0)
+- grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE");
++ grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname);
+ unmatched_adr_got_page--;
+ break;
+ }
+@@ -365,7 +367,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
+ }
+
+ static void
+-check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
++check_relocations (const char * const modname,
++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
+ {
+ Elf_Shdr *s;
+ unsigned i;
+@@ -378,21 +381,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
+ Elf_Shdr *ts;
+
+ if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL))
+- grub_util_error ("unsupported SHT_REL");
++ grub_util_error ("%s: unsupported SHT_REL", modname);
+ if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA))
+- grub_util_error ("unsupported SHT_RELA");
++ grub_util_error ("%s: unsupported SHT_RELA", modname);
+
+ /* Find the target segment. */
+ if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum))
+- grub_util_error ("orphaned reloc section");
++ grub_util_error ("%s: orphaned reloc section", modname);
+ ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize));
+
+- section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size));
++ section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size));
+ }
+ }
+
+ void
+-SUFFIX(grub_module_verify) (void *module_img, size_t size,
++SUFFIX(grub_module_verify) (const char * const filename,
++ void *module_img, size_t size,
+ const struct grub_module_verifier_arch *arch,
+ const char **whitelist_empty)
+ {
+@@ -400,7 +404,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
+
+ /* Check the header size. */
+ if (size < sizeof (Elf_Ehdr))
+- grub_util_error ("ELF header smaller than expected");
++ grub_util_error ("%s: ELF header smaller than expected", filename);
+
+ /* Check the magic numbers. */
+ if (e->e_ident[EI_MAG0] != ELFMAG0
+@@ -409,36 +413,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
+ || e->e_ident[EI_MAG3] != ELFMAG3
+ || e->e_ident[EI_VERSION] != EV_CURRENT
+ || grub_target_to_host32 (e->e_version) != EV_CURRENT)
+- grub_util_error ("invalid arch-independent ELF magic");
++ grub_util_error ("%s: invalid arch-independent ELF magic", filename);
+
+ if (e->e_ident[EI_CLASS] != ELFCLASSXX
+ || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB)
+ || grub_target_to_host16 (e->e_machine) != arch->machine)
+- grub_util_error ("invalid arch-dependent ELF magic");
++ grub_util_error ("%s: invalid arch-dependent ELF magic", filename);
+
+ if (grub_target_to_host16 (e->e_type) != ET_REL)
+ {
+- grub_util_error ("this ELF file is not of the right type");
++ grub_util_error ("%s: this ELF file is not of the right type", filename);
+ }
+
+ /* Make sure that every section is within the core. */
+ if (size < grub_target_to_host (e->e_shoff)
+ + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum))
+ {
+- grub_util_error ("ELF sections outside core");
++ grub_util_error ("%s: ELF sections outside core", filename);
+ }
+
+- check_license (arch, e);
++ check_license (filename, arch, e);
+
+ Elf_Shdr *s;
+ const char *modname;
+
+ s = find_section (arch, e, ".modname");
+ if (!s)
+- grub_util_error ("no module name found");
++ grub_util_error ("%s: no module name found", filename);
+
+ modname = (const char *) e + grub_target_to_host (s->sh_offset);
+
+ check_symbols(arch, e, modname, whitelist_empty);
+- check_relocations(arch, e);
++ check_relocations(modname, arch, e);
+ }
+diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h
+index f4870cb9c2d..ba21c75e2eb 100644
+--- a/include/grub/module_verifier.h
++++ b/include/grub/module_verifier.h
+@@ -16,5 +16,5 @@ struct grub_module_verifier_arch {
+ const int *short_relocations;
+ };
+
+-void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
+-void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
++void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
++void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
diff --git a/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch
deleted file mode 100644
index 0bdfca1..0000000
--- a/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 1 Aug 2018 10:24:52 -0400
-Subject: [PATCH] module-verifier: make it possible to run checkers on
- grub-module-verifierxx.c
-
-This makes it so you can treat grub-module-verifierxx.c as a file you can
-build directly, so syntax checkers like vim's "syntastic" plugin, which uses
-"gcc -x c -fsyntax-only" to build it, will work.
-
-One still has to do whatever setup is required to make it pick the right
-include dirs, which -W options we use, etc., but this makes it so you can do
-the checking on the file you're editing, rather than on a different file.
-
-v2: fix the typo in the #else clause in util/grub-module-verifierXX.c
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- util/grub-module-verifier32.c | 2 ++
- util/grub-module-verifier64.c | 2 ++
- util/grub-module-verifierXX.c | 9 +++++++++
- 3 files changed, 13 insertions(+)
-
-diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c
-index 257229f8f08..ba7d41aafea 100644
---- a/util/grub-module-verifier32.c
-+++ b/util/grub-module-verifier32.c
-@@ -1,2 +1,4 @@
- #define MODULEVERIFIER_ELF32 1
-+#ifndef GRUB_MODULE_VERIFIERXX
- #include "grub-module-verifierXX.c"
-+#endif
-diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c
-index 4db6b4bedd1..fc23ef800b3 100644
---- a/util/grub-module-verifier64.c
-+++ b/util/grub-module-verifier64.c
-@@ -1,2 +1,4 @@
- #define MODULEVERIFIER_ELF64 1
-+#ifndef GRUB_MODULE_VERIFIERXX
- #include "grub-module-verifierXX.c"
-+#endif
-diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
-index 1feaafc9b9e..597ded14362 100644
---- a/util/grub-module-verifierXX.c
-+++ b/util/grub-module-verifierXX.c
-@@ -1,3 +1,12 @@
-+#define GRUB_MODULE_VERIFIERXX
-+#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64)
-+#if __SIZEOF_POINTER__ == 8
-+#include "grub-module-verifier64.c"
-+#else
-+#include "grub-module-verifier32.c"
-+#endif
-+#endif
-+
- #include <string.h>
-
- #include <grub/elf.h>
diff --git a/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
new file mode 100644
index 0000000..394ba2d
--- /dev/null
+++ b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 11 Jul 2018 13:50:00 -0400
+Subject: [PATCH] Make efi_netfs not duplicate symbols from efinet
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/Makefile.core.def | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index aa44d66aca4..e35217b8668 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -2186,12 +2186,6 @@ module = {
+ module = {
+ name = efi_netfs;
+ common = net/efi/efi_netfs.c;
+- common = net/efi/net.c;
+- common = net/efi/http.c;
+- common = net/efi/pxe.c;
+- common = net/efi/ip4_config.c;
+- common = net/efi/ip6_config.c;
+- common = net/efi/dhcp.c;
+ enable = efi;
+ };
+
diff --git a/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch b/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch
deleted file mode 100644
index c27d065..0000000
--- a/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch
+++ /dev/null
@@ -1,250 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 1 Aug 2018 10:12:47 -0400
-Subject: [PATCH] grub-module-verifier: report the filename or modname in
- errors.
-
-Make it so that when grub-module-verifier complains of an issue, it tells you
-which module the issue was with.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- util/grub-module-verifier.c | 6 ++---
- util/grub-module-verifierXX.c | 58 ++++++++++++++++++++++--------------------
- include/grub/module_verifier.h | 4 +--
- 3 files changed, 36 insertions(+), 32 deletions(-)
-
-diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
-index a79271f6631..03ba1ab437a 100644
---- a/util/grub-module-verifier.c
-+++ b/util/grub-module-verifier.c
-@@ -157,7 +157,7 @@ main (int argc, char **argv)
- if (strcmp(archs[arch].name, argv[2]) == 0)
- break;
- if (arch == ARRAY_SIZE(archs))
-- grub_util_error("unknown arch: %s", argv[2]);
-+ grub_util_error("%s: unknown arch: %s", argv[1], argv[2]);
-
- for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++)
- if (strcmp(whitelists[whitelist].arch, argv[2]) == 0
-@@ -169,8 +169,8 @@ main (int argc, char **argv)
- module_size = grub_util_get_image_size (argv[1]);
- module_img = grub_util_read_image (argv[1]);
- if (archs[arch].voidp_sizeof == 8)
-- grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty);
-+ grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
- else
-- grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty);
-+ grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty);
- return 0;
- }
-diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
-index 597ded14362..a98e2f9b1ac 100644
---- a/util/grub-module-verifierXX.c
-+++ b/util/grub-module-verifierXX.c
-@@ -160,14 +160,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c
- }
-
- static void
--check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
-+check_license (const char * const filename,
-+ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
- {
- Elf_Shdr *s = find_section (arch, e, ".module_license");
- if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
- || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
- || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
- return;
-- grub_util_error ("incompatible license");
-+ grub_util_error ("%s: incompatible license", filename);
- }
-
- static Elf_Sym *
-@@ -233,10 +234,10 @@ check_symbols (const struct grub_module_verifier_arch *arch,
- s = find_section (arch, e, ".moddeps");
-
- if (!s)
-- grub_util_error ("no symbol table and no .moddeps section");
-+ grub_util_error ("%s: no symbol table and no .moddeps section", modname);
-
- if (!s->sh_size)
-- grub_util_error ("no symbol table and empty .moddeps section");
-+ grub_util_error ("%s: no symbol table and empty .moddeps section", modname);
-
- return;
- }
-@@ -257,7 +258,7 @@ check_symbols (const struct grub_module_verifier_arch *arch,
- break;
-
- default:
-- return grub_util_error ("unknown symbol type `%d'", (int) type);
-+ return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type);
- }
- }
- }
-@@ -283,7 +284,8 @@ is_symbol_local(Elf_Sym *sym)
- }
-
- static void
--section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr,
-+section_check_relocations (const char * const modname,
-+ const struct grub_module_verifier_arch *arch, void *ehdr,
- Elf_Shdr *s, size_t target_seg_size)
- {
- Elf_Rel *rel, *max;
-@@ -292,7 +294,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
-
- symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize);
- if (!symtab)
-- grub_util_error ("relocation without symbol table");
-+ grub_util_error ("%s: relocation without symbol table", modname);
-
- for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)),
- max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size));
-@@ -303,7 +305,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
- unsigned i;
-
- if (target_seg_size < grub_target_to_host (rel->r_offset))
-- grub_util_error ("reloc offset is out of the segment");
-+ grub_util_error ("%s: reloc offset is out of the segment", modname);
-
- grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info));
-
-@@ -316,17 +318,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
- if (arch->supported_relocations[i] != -1)
- continue;
- if (!arch->short_relocations)
-- grub_util_error ("unsupported relocation 0x%x", type);
-+ grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
- for (i = 0; arch->short_relocations[i] != -1; i++)
- if (type == arch->short_relocations[i])
- break;
- if (arch->short_relocations[i] == -1)
-- grub_util_error ("unsupported relocation 0x%x", type);
-+ grub_util_error ("%s: unsupported relocation 0x%x", modname, type);
- sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info)));
-
- if (is_symbol_local (sym))
- continue;
-- grub_util_error ("relocation 0x%x is not module-local", type);
-+ grub_util_error ("%s: relocation 0x%x is not module-local", modname, type);
- }
- #if defined(MODULEVERIFIER_ELF64)
- if (arch->machine == EM_AARCH64)
-@@ -351,11 +353,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
- && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC)
- break;
- if (rel2 >= (Elf_Rela *) max)
-- grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC");
-+ grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname);
- break;
- case R_AARCH64_LD64_GOT_LO12_NC:
- if (unmatched_adr_got_page == 0)
-- grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE");
-+ grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname);
- unmatched_adr_got_page--;
- break;
- }
-@@ -365,7 +367,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e
- }
-
- static void
--check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
-+check_relocations (const char * const modname,
-+ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
- {
- Elf_Shdr *s;
- unsigned i;
-@@ -378,21 +381,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e)
- Elf_Shdr *ts;
-
- if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL))
-- grub_util_error ("unsupported SHT_REL");
-+ grub_util_error ("%s: unsupported SHT_REL", modname);
- if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA))
-- grub_util_error ("unsupported SHT_RELA");
-+ grub_util_error ("%s: unsupported SHT_RELA", modname);
-
- /* Find the target segment. */
- if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum))
-- grub_util_error ("orphaned reloc section");
-+ grub_util_error ("%s: orphaned reloc section", modname);
- ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize));
-
-- section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size));
-+ section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size));
- }
- }
-
- void
--SUFFIX(grub_module_verify) (void *module_img, size_t size,
-+SUFFIX(grub_module_verify) (const char * const filename,
-+ void *module_img, size_t size,
- const struct grub_module_verifier_arch *arch,
- const char **whitelist_empty)
- {
-@@ -400,7 +404,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
-
- /* Check the header size. */
- if (size < sizeof (Elf_Ehdr))
-- grub_util_error ("ELF header smaller than expected");
-+ grub_util_error ("%s: ELF header smaller than expected", filename);
-
- /* Check the magic numbers. */
- if (e->e_ident[EI_MAG0] != ELFMAG0
-@@ -409,36 +413,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size,
- || e->e_ident[EI_MAG3] != ELFMAG3
- || e->e_ident[EI_VERSION] != EV_CURRENT
- || grub_target_to_host32 (e->e_version) != EV_CURRENT)
-- grub_util_error ("invalid arch-independent ELF magic");
-+ grub_util_error ("%s: invalid arch-independent ELF magic", filename);
-
- if (e->e_ident[EI_CLASS] != ELFCLASSXX
- || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB)
- || grub_target_to_host16 (e->e_machine) != arch->machine)
-- grub_util_error ("invalid arch-dependent ELF magic");
-+ grub_util_error ("%s: invalid arch-dependent ELF magic", filename);
-
- if (grub_target_to_host16 (e->e_type) != ET_REL)
- {
-- grub_util_error ("this ELF file is not of the right type");
-+ grub_util_error ("%s: this ELF file is not of the right type", filename);
- }
-
- /* Make sure that every section is within the core. */
- if (size < grub_target_to_host (e->e_shoff)
- + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum))
- {
-- grub_util_error ("ELF sections outside core");
-+ grub_util_error ("%s: ELF sections outside core", filename);
- }
-
-- check_license (arch, e);
-+ check_license (filename, arch, e);
-
- Elf_Shdr *s;
- const char *modname;
-
- s = find_section (arch, e, ".modname");
- if (!s)
-- grub_util_error ("no module name found");
-+ grub_util_error ("%s: no module name found", filename);
-
- modname = (const char *) e + grub_target_to_host (s->sh_offset);
-
- check_symbols(arch, e, modname, whitelist_empty);
-- check_relocations(arch, e);
-+ check_relocations(modname, arch, e);
- }
-diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h
-index f4870cb9c2d..ba21c75e2eb 100644
---- a/include/grub/module_verifier.h
-+++ b/include/grub/module_verifier.h
-@@ -16,5 +16,5 @@ struct grub_module_verifier_arch {
- const int *short_relocations;
- };
-
--void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
--void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
-+void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
-+void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty);
diff --git a/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch b/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
deleted file mode 100644
index e1b9bb4..0000000
--- a/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 11 Jul 2018 13:50:00 -0400
-Subject: [PATCH] Make efi_netfs not duplicate symbols from efinet
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/Makefile.core.def | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index d3e3bfd4d7a..715d3a3ec02 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -2186,12 +2186,6 @@ module = {
- module = {
- name = efi_netfs;
- common = net/efi/efi_netfs.c;
-- common = net/efi/net.c;
-- common = net/efi/http.c;
-- common = net/efi/pxe.c;
-- common = net/efi/ip4_config.c;
-- common = net/efi/ip6_config.c;
-- common = net/efi/dhcp.c;
- enable = efi;
- };
-
diff --git a/SOURCES/0223-Rework-how-the-fdt-command-builds.patch b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch
new file mode 100644
index 0000000..e864a5e
--- /dev/null
+++ b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch
@@ -0,0 +1,118 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 12 Jul 2018 11:00:45 -0400
+Subject: [PATCH] Rework how the fdt command builds.
+
+Trying to avoid all variants of:
+cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1)
+grub_fdt_install in linux is not defined
+grub_fdt_load in linux is not defined
+grub_fdt_unload in linux is not defined
+grub_fdt_install in xen_boot is not defined
+grub_fdt_load in xen_boot is not defined
+grub_fdt_unload in xen_boot is not defined
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/Makefile.core.def | 5 ++---
+ grub-core/lib/fdt.c | 2 --
+ grub-core/loader/efi/fdt.c | 2 ++
+ include/grub/fdt.h | 4 ++++
+ grub-core/Makefile.am | 1 +
+ 5 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index e35217b8668..cf3d549d212 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -166,7 +166,6 @@ kernel = {
+ arm_coreboot = kern/arm/coreboot/init.c;
+ arm_coreboot = kern/arm/coreboot/timer.c;
+ arm_coreboot = kern/arm/coreboot/coreboot.S;
+- arm_coreboot = lib/fdt.c;
+ arm_coreboot = bus/fdt.c;
+ arm_coreboot = term/ps2.c;
+ arm_coreboot = term/arm/pl050.c;
+@@ -317,6 +316,8 @@ kernel = {
+ arm64 = kern/arm64/dl.c;
+ arm64 = kern/arm64/dl_helper.c;
+
++ fdt = lib/fdt.c;
++
+ emu = disk/host.c;
+ emu = kern/emu/cache_s.S;
+ emu = kern/emu/hostdisk.c;
+@@ -1714,7 +1715,6 @@ module = {
+ arm_uboot = loader/arm/linux.c;
+ arm64 = loader/arm64/linux.c;
+ emu = loader/emu/linux.c;
+- fdt = lib/fdt.c;
+
+ common = loader/linux.c;
+ common = lib/cmdline.c;
+@@ -1725,7 +1725,6 @@ module = {
+ module = {
+ name = fdt;
+ efi = loader/efi/fdt.c;
+- common = lib/fdt.c;
+ enable = fdt;
+ };
+
+diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c
+index 0d371c5633e..37e04bd69e7 100644
+--- a/grub-core/lib/fdt.c
++++ b/grub-core/lib/fdt.c
+@@ -21,8 +21,6 @@
+ #include <grub/mm.h>
+ #include <grub/dl.h>
+
+-GRUB_MOD_LICENSE ("GPLv3+");
+-
+ #define FDT_SUPPORTED_VERSION 17
+
+ #define FDT_BEGIN_NODE 0x00000001
+diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
+index a4c6e803645..a9dbcfdfeaf 100644
+--- a/grub-core/loader/efi/fdt.c
++++ b/grub-core/loader/efi/fdt.c
+@@ -26,6 +26,8 @@
+ #include <grub/efi/fdtload.h>
+ #include <grub/efi/memory.h>
+
++GRUB_MOD_LICENSE ("GPLv3+");
++
+ static void *loaded_fdt;
+ static void *fdt;
+
+diff --git a/include/grub/fdt.h b/include/grub/fdt.h
+index 158b1bc4b3a..6ee57e11ab3 100644
+--- a/include/grub/fdt.h
++++ b/include/grub/fdt.h
+@@ -19,6 +19,8 @@
+ #ifndef GRUB_FDT_HEADER
+ #define GRUB_FDT_HEADER 1
+
++#if defined(__arm__) || defined(__aarch64__)
++
+ #include <grub/types.h>
+ #include <grub/symbol.h>
+
+@@ -141,4 +143,6 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch
+ grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \
+ })
+
++#endif /* defined(__arm__) || defined(__aarch64__) */
++
+ #endif /* ! GRUB_FDT_HEADER */
+diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
+index 3781bb9cbb9..4062652506d 100644
+--- a/grub-core/Makefile.am
++++ b/grub-core/Makefile.am
+@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h
++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h
diff --git a/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch
new file mode 100644
index 0000000..5c627a3
--- /dev/null
+++ b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 2 Aug 2018 10:56:38 -0400
+Subject: [PATCH] Disable non-wordsize allocations on arm
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ configure.ac | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 819212095ff..9323c125469 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1234,6 +1234,26 @@ if test "x$target_cpu" = xarm; then
+ done
+ ])
+
++ AC_CACHE_CHECK([for options to disable movt and movw relocations],
++ grub_cv_target_cc_mword_relocations,
++ [grub_cv_target_cc_mword_relocations=no
++ for cand in "-mword-relocations" ; do
++ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then
++ break
++ fi
++ CFLAGS="$TARGET_CFLAGS $cand -Werror"
++ CPPFLAGS="$TARGET_CPPFLAGS"
++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
++ [grub_cv_target_cc_mword_relocations="$cand"],
++ [])
++ done
++ ])
++ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then
++ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"])
++ else
++ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations"
++ fi
++
+ if test x"$grub_cv_target_cc_mno_movt" != xno ; then
+ # A trick so that clang doesn't see it on link stage
+ TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt"
diff --git a/SOURCES/0224-Rework-how-the-fdt-command-builds.patch b/SOURCES/0224-Rework-how-the-fdt-command-builds.patch
deleted file mode 100644
index 5f66a7a..0000000
--- a/SOURCES/0224-Rework-how-the-fdt-command-builds.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 12 Jul 2018 11:00:45 -0400
-Subject: [PATCH] Rework how the fdt command builds.
-
-Trying to avoid all variants of:
-cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1)
-grub_fdt_install in linux is not defined
-grub_fdt_load in linux is not defined
-grub_fdt_unload in linux is not defined
-grub_fdt_install in xen_boot is not defined
-grub_fdt_load in xen_boot is not defined
-grub_fdt_unload in xen_boot is not defined
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/Makefile.core.def | 5 ++---
- grub-core/lib/fdt.c | 2 --
- grub-core/loader/efi/fdt.c | 2 ++
- include/grub/fdt.h | 4 ++++
- grub-core/Makefile.am | 1 +
- 5 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 715d3a3ec02..203584fb00b 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -166,7 +166,6 @@ kernel = {
- arm_coreboot = kern/arm/coreboot/init.c;
- arm_coreboot = kern/arm/coreboot/timer.c;
- arm_coreboot = kern/arm/coreboot/coreboot.S;
-- arm_coreboot = lib/fdt.c;
- arm_coreboot = bus/fdt.c;
- arm_coreboot = term/ps2.c;
- arm_coreboot = term/arm/pl050.c;
-@@ -317,6 +316,8 @@ kernel = {
- arm64 = kern/arm64/dl.c;
- arm64 = kern/arm64/dl_helper.c;
-
-+ fdt = lib/fdt.c;
-+
- emu = disk/host.c;
- emu = kern/emu/cache_s.S;
- emu = kern/emu/hostdisk.c;
-@@ -1714,7 +1715,6 @@ module = {
- arm_uboot = loader/arm/linux.c;
- arm64 = loader/arm64/linux.c;
- emu = loader/emu/linux.c;
-- fdt = lib/fdt.c;
-
- common = loader/linux.c;
- common = lib/cmdline.c;
-@@ -1725,7 +1725,6 @@ module = {
- module = {
- name = fdt;
- efi = loader/efi/fdt.c;
-- common = lib/fdt.c;
- enable = fdt;
- };
-
-diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c
-index 0d371c5633e..37e04bd69e7 100644
---- a/grub-core/lib/fdt.c
-+++ b/grub-core/lib/fdt.c
-@@ -21,8 +21,6 @@
- #include <grub/mm.h>
- #include <grub/dl.h>
-
--GRUB_MOD_LICENSE ("GPLv3+");
--
- #define FDT_SUPPORTED_VERSION 17
-
- #define FDT_BEGIN_NODE 0x00000001
-diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
-index a4c6e803645..a9dbcfdfeaf 100644
---- a/grub-core/loader/efi/fdt.c
-+++ b/grub-core/loader/efi/fdt.c
-@@ -26,6 +26,8 @@
- #include <grub/efi/fdtload.h>
- #include <grub/efi/memory.h>
-
-+GRUB_MOD_LICENSE ("GPLv3+");
-+
- static void *loaded_fdt;
- static void *fdt;
-
-diff --git a/include/grub/fdt.h b/include/grub/fdt.h
-index 158b1bc4b3a..6ee57e11ab3 100644
---- a/include/grub/fdt.h
-+++ b/include/grub/fdt.h
-@@ -19,6 +19,8 @@
- #ifndef GRUB_FDT_HEADER
- #define GRUB_FDT_HEADER 1
-
-+#if defined(__arm__) || defined(__aarch64__)
-+
- #include <grub/types.h>
- #include <grub/symbol.h>
-
-@@ -141,4 +143,6 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch
- grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \
- })
-
-+#endif /* defined(__arm__) || defined(__aarch64__) */
-+
- #endif /* ! GRUB_FDT_HEADER */
-diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
-index 3781bb9cbb9..4062652506d 100644
---- a/grub-core/Makefile.am
-+++ b/grub-core/Makefile.am
-@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h
-+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h
- KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h
diff --git a/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch
deleted file mode 100644
index 5c627a3..0000000
--- a/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 2 Aug 2018 10:56:38 -0400
-Subject: [PATCH] Disable non-wordsize allocations on arm
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- configure.ac | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index 819212095ff..9323c125469 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1234,6 +1234,26 @@ if test "x$target_cpu" = xarm; then
- done
- ])
-
-+ AC_CACHE_CHECK([for options to disable movt and movw relocations],
-+ grub_cv_target_cc_mword_relocations,
-+ [grub_cv_target_cc_mword_relocations=no
-+ for cand in "-mword-relocations" ; do
-+ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then
-+ break
-+ fi
-+ CFLAGS="$TARGET_CFLAGS $cand -Werror"
-+ CPPFLAGS="$TARGET_CPPFLAGS"
-+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-+ [grub_cv_target_cc_mword_relocations="$cand"],
-+ [])
-+ done
-+ ])
-+ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then
-+ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"])
-+ else
-+ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations"
-+ fi
-+
- if test x"$grub_cv_target_cc_mno_movt" != xno ; then
- # A trick so that clang doesn't see it on link stage
- TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt"
diff --git a/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch
new file mode 100644
index 0000000..0bd0be0
--- /dev/null
+++ b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch
@@ -0,0 +1,82 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 3 Aug 2018 15:07:23 -0400
+Subject: [PATCH] strip "-R .note.gnu.property" at more places.
+
+For whatever reason, sometimes I see:
+
+ lzma_decompress.image: file format elf32-i386
+ lzma_decompress.image
+ architecture: i386, flags 0x00000012:
+ EXEC_P, HAS_SYMS
+ start address 0x00008200
+
+ Program Header:
+ LOAD off 0x000000c0 vaddr 0x00008200 paddr 0x00008200 align 2**5
+ filesz 0x00000b10 memsz 0x00000b10 flags rwx
+ LOAD off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2
+ filesz 0x0000001c memsz 0x0000001c flags r--
+ NOTE off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2
+ filesz 0x0000001c memsz 0x0000001c flags r--
+ STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4
+ filesz 0x00000000 memsz 0x00000000 flags rw-
+
+ Sections:
+ Idx Name Size VMA LMA File off Algn
+ 0 .note.gnu.property 0000001c 080480b4 080480b4 00000bd0 2**2
+ CONTENTS, ALLOC, LOAD, READONLY, DATA
+ 1 .text 00000b10 00008200 00008200 000000c0 2**5
+ CONTENTS, ALLOC, LOAD, CODE
+ SYMBOL TABLE:
+ 080480b4 l d .note.gnu.property 00000000 .note.gnu.property
+ 00008200 l d .text 00000000 .text
+ 00000000 l df *ABS* 00000000 startup_raw.S
+ ...
+
+Which just looks wrong no matter what to my eyes (seriously it's at
+128M? Why?), and when we fail to strip it, we get:
+
+trillian:~/tmp/f29$ hexdump -C usr/lib/grub/i386-pc/lzma_decompress.img | tail -6
+00000b00 ff 45 e8 5a 83 c2 02 89 d1 e9 df fe ff ff 66 90 |.E.Z..........f.|
+00000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+*
+0803feb0 00 00 00 00 04 00 00 00 0c 00 00 00 05 00 00 00 |................|
+0803fec0 47 4e 55 00 02 00 00 c0 04 00 00 00 03 00 00 00 |GNU.............|
+0803fed0
+
+Which is very very much not what we want.
+
+Cut it out.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile.am | 2 +-
+ gentpl.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index c7b0e6a9c46..287fff66b20 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -209,7 +209,7 @@ pc-chainloader.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-
+ $(TARGET_CC) -o $@ $< -static -DTARGET_CHAINLOADER=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0x7c00 -m32
+
+ pc-chainloader.bin: pc-chainloader.elf
+- $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version $< $@;
++ $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property $< $@;
+
+ ntldr.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-core/tests/boot/qemu-shutdown-x86.S
+ $(TARGET_CC) -o $@ $< -DTARGET_NTLDR=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -static -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0 -m32
+diff --git a/gentpl.py b/gentpl.py
+index 1e4635f4426..d662c305f66 100644
+--- a/gentpl.py
++++ b/gentpl.py
+@@ -776,7 +776,7 @@ def image(defn, platform):
+ if test x$(TARGET_APPLE_LINKER) = x1; then \
+ $(MACHO2IMG) $< $@; \
+ else \
+- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \
++ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx -R .note.gnu.property $< $@; \
+ fi
+ """)
+
diff --git a/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch
new file mode 100644
index 0000000..9e90636
--- /dev/null
+++ b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch
@@ -0,0 +1,150 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stephen Benjamin <stephen@redhat.com>
+Date: Thu, 16 Aug 2018 16:58:51 -0400
+Subject: [PATCH] Prepend prefix when HTTP path is relative
+
+This sets a couple of variables. With the url http://www.example.com/foo/bar :
+http_path: /foo/bar
+http_url: http://www.example.com/foo/bar
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/kern/main.c | 10 +++++-
+ grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 71 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
+index da47b18b50e..dcf48726d54 100644
+--- a/grub-core/kern/main.c
++++ b/grub-core/kern/main.c
+@@ -130,11 +130,19 @@ grub_set_prefix_and_root (void)
+ if (fwdevice && fwpath)
+ {
+ char *fw_path;
++ char separator[3] = ")";
+
+- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath);
++ grub_dprintf ("fw_path", "\n");
++ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath);
++
++ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/')
++ grub_strcpy(separator, ")/");
++
++ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath);
+ if (fw_path)
+ {
+ grub_env_set ("fw_path", fw_path);
++ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path);
+ grub_free (fw_path);
+ }
+ }
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index 243acbaa35b..2a9624dacc4 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -9,10 +9,52 @@
+ static void
+ http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
+ {
++ grub_efi_ipv6_address_t address;
+ grub_efi_http_config_data_t http_config;
+ grub_efi_httpv4_access_point_t httpv4_node;
+ grub_efi_httpv6_access_point_t httpv6_node;
+ grub_efi_status_t status;
++ int https;
++ char *http_url;
++ const char *rest, *http_server, *http_path = NULL;
++
++ http_server = grub_env_get ("root");
++ https = grub_strncmp (http_server, "https", 5) ? 1 : 0;
++
++ /* extract http server + port */
++ if (http_server)
++ {
++ http_server = grub_strchr (http_server, ',');
++ if (http_server)
++ http_server++;
++ }
++
++ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */
++ http_path = grub_env_get ("fw_path");
++ if (http_path)
++ {
++ http_path = grub_strchr (http_path, ')');
++ if (http_path)
++ {
++ http_path++;
++ grub_env_unset ("http_path");
++ grub_env_set ("http_path", http_path);
++ }
++ }
++
++ if (http_server && http_path)
++ {
++ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0)
++ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path);
++ else
++ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path);
++ if (http_url)
++ {
++ grub_env_unset ("http_url");
++ grub_env_set ("http_url", http_url);
++ grub_free (http_url);
++ }
++ }
+
+ grub_efi_http_t *http = dev->http;
+
+@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
+ grub_err_t err;
+ grub_off_t size;
+ char *buf;
+- char *root_url;
+- grub_efi_ipv6_address_t address;
+- const char *rest;
++ char *file_name;
++ const char *http_path;
+
+- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0)
+- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server);
++ /* If path is relative, prepend http_path */
++ http_path = grub_env_get ("http_path");
++ if (http_path && file->device->net->name[0] != '/')
++ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name);
+ else
+- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server);
+- if (root_url)
+- {
+- grub_env_unset ("root_url");
+- grub_env_set ("root_url", root_url);
+- grub_free (root_url);
+- }
+- else
+- {
+- return grub_errno;
+- }
++ file_name = grub_strdup (file->device->net->name);
+
+- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0);
++ if (!file_name)
++ return grub_errno;
++
++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0);
+ if (err != GRUB_ERR_NONE)
+- return err;
++ {
++ grub_free (file_name);
++ return err;
++ }
+
+- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size);
++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size);
++ grub_free (file_name);
+ if (err != GRUB_ERR_NONE)
+- return err;
++ {
++ return err;
++ }
+
+ buf = grub_malloc (size);
+ efihttp_read (dev, buf, size);
diff --git a/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch b/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch
deleted file mode 100644
index 0bd0be0..0000000
--- a/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 3 Aug 2018 15:07:23 -0400
-Subject: [PATCH] strip "-R .note.gnu.property" at more places.
-
-For whatever reason, sometimes I see:
-
- lzma_decompress.image: file format elf32-i386
- lzma_decompress.image
- architecture: i386, flags 0x00000012:
- EXEC_P, HAS_SYMS
- start address 0x00008200
-
- Program Header:
- LOAD off 0x000000c0 vaddr 0x00008200 paddr 0x00008200 align 2**5
- filesz 0x00000b10 memsz 0x00000b10 flags rwx
- LOAD off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2
- filesz 0x0000001c memsz 0x0000001c flags r--
- NOTE off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2
- filesz 0x0000001c memsz 0x0000001c flags r--
- STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4
- filesz 0x00000000 memsz 0x00000000 flags rw-
-
- Sections:
- Idx Name Size VMA LMA File off Algn
- 0 .note.gnu.property 0000001c 080480b4 080480b4 00000bd0 2**2
- CONTENTS, ALLOC, LOAD, READONLY, DATA
- 1 .text 00000b10 00008200 00008200 000000c0 2**5
- CONTENTS, ALLOC, LOAD, CODE
- SYMBOL TABLE:
- 080480b4 l d .note.gnu.property 00000000 .note.gnu.property
- 00008200 l d .text 00000000 .text
- 00000000 l df *ABS* 00000000 startup_raw.S
- ...
-
-Which just looks wrong no matter what to my eyes (seriously it's at
-128M? Why?), and when we fail to strip it, we get:
-
-trillian:~/tmp/f29$ hexdump -C usr/lib/grub/i386-pc/lzma_decompress.img | tail -6
-00000b00 ff 45 e8 5a 83 c2 02 89 d1 e9 df fe ff ff 66 90 |.E.Z..........f.|
-00000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-*
-0803feb0 00 00 00 00 04 00 00 00 0c 00 00 00 05 00 00 00 |................|
-0803fec0 47 4e 55 00 02 00 00 c0 04 00 00 00 03 00 00 00 |GNU.............|
-0803fed0
-
-Which is very very much not what we want.
-
-Cut it out.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- Makefile.am | 2 +-
- gentpl.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index c7b0e6a9c46..287fff66b20 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -209,7 +209,7 @@ pc-chainloader.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-
- $(TARGET_CC) -o $@ $< -static -DTARGET_CHAINLOADER=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0x7c00 -m32
-
- pc-chainloader.bin: pc-chainloader.elf
-- $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version $< $@;
-+ $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property $< $@;
-
- ntldr.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-core/tests/boot/qemu-shutdown-x86.S
- $(TARGET_CC) -o $@ $< -DTARGET_NTLDR=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -static -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0 -m32
-diff --git a/gentpl.py b/gentpl.py
-index 1e4635f4426..d662c305f66 100644
---- a/gentpl.py
-+++ b/gentpl.py
-@@ -776,7 +776,7 @@ def image(defn, platform):
- if test x$(TARGET_APPLE_LINKER) = x1; then \
- $(MACHO2IMG) $< $@; \
- else \
-- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \
-+ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx -R .note.gnu.property $< $@; \
- fi
- """)
-
diff --git a/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
new file mode 100644
index 0000000..e0becd6
--- /dev/null
+++ b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
@@ -0,0 +1,71 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 16 Aug 2018 11:08:11 -0400
+Subject: [PATCH] Make linux_arm_kernel_header.hdr_offset be at the right place
+
+The kernel in front of me (slightly edited to make objdump work) looks like:
+
+00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..|
+00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......|
+00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.|
+00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...|
+00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........|
+00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.|
+00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................|
+00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............|
+00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............|
+000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................|
+000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+*
+
+(I don't know why the MZ header is there 7 times, but the offsets work out, so
+it's merely a surprising distraction.)
+
+If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is
+here:
+
+00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...|
+00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........|
+ ^^^^^^^^^^^
+
+But it's supposed to be 4 bytes before that.
+
+This patch makes the reserved field be 3*32 instead of 4*32, and that means we
+can find the PE header correcrtly at 0x40 by reading the value at 0x3c.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/loader/efi/linux.c | 3 +++
+ include/grub/arm/linux.h | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
+index 0622dfa48d4..b56ea0bc041 100644
+--- a/grub-core/loader/efi/linux.c
++++ b/grub-core/loader/efi/linux.c
+@@ -79,7 +79,10 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
+ offset = 512;
+ #endif
+
++ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
++ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
+ hf = (handover_func)((char *)kernel_addr + handover_offset + offset);
++ grub_dprintf ("linux", "handover_func() = %p\n", hf);
+ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
+
+ return GRUB_ERR_BUG;
+diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h
+index 5900fc8a40c..bed308f22cb 100644
+--- a/include/grub/arm/linux.h
++++ b/include/grub/arm/linux.h
+@@ -31,7 +31,7 @@ struct linux_arm_kernel_header {
+ grub_uint32_t magic;
+ grub_uint32_t start; /* _start */
+ grub_uint32_t end; /* _edata */
+- grub_uint32_t reserved2[4];
++ grub_uint32_t reserved2[3];
+ grub_uint32_t hdr_offset;
+ };
+
diff --git a/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch
deleted file mode 100644
index 9e90636..0000000
--- a/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stephen Benjamin <stephen@redhat.com>
-Date: Thu, 16 Aug 2018 16:58:51 -0400
-Subject: [PATCH] Prepend prefix when HTTP path is relative
-
-This sets a couple of variables. With the url http://www.example.com/foo/bar :
-http_path: /foo/bar
-http_url: http://www.example.com/foo/bar
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/kern/main.c | 10 +++++-
- grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------
- 2 files changed, 71 insertions(+), 21 deletions(-)
-
-diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
-index da47b18b50e..dcf48726d54 100644
---- a/grub-core/kern/main.c
-+++ b/grub-core/kern/main.c
-@@ -130,11 +130,19 @@ grub_set_prefix_and_root (void)
- if (fwdevice && fwpath)
- {
- char *fw_path;
-+ char separator[3] = ")";
-
-- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath);
-+ grub_dprintf ("fw_path", "\n");
-+ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath);
-+
-+ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/')
-+ grub_strcpy(separator, ")/");
-+
-+ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath);
- if (fw_path)
- {
- grub_env_set ("fw_path", fw_path);
-+ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path);
- grub_free (fw_path);
- }
- }
-diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
-index 243acbaa35b..2a9624dacc4 100644
---- a/grub-core/net/efi/http.c
-+++ b/grub-core/net/efi/http.c
-@@ -9,10 +9,52 @@
- static void
- http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
- {
-+ grub_efi_ipv6_address_t address;
- grub_efi_http_config_data_t http_config;
- grub_efi_httpv4_access_point_t httpv4_node;
- grub_efi_httpv6_access_point_t httpv6_node;
- grub_efi_status_t status;
-+ int https;
-+ char *http_url;
-+ const char *rest, *http_server, *http_path = NULL;
-+
-+ http_server = grub_env_get ("root");
-+ https = grub_strncmp (http_server, "https", 5) ? 1 : 0;
-+
-+ /* extract http server + port */
-+ if (http_server)
-+ {
-+ http_server = grub_strchr (http_server, ',');
-+ if (http_server)
-+ http_server++;
-+ }
-+
-+ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */
-+ http_path = grub_env_get ("fw_path");
-+ if (http_path)
-+ {
-+ http_path = grub_strchr (http_path, ')');
-+ if (http_path)
-+ {
-+ http_path++;
-+ grub_env_unset ("http_path");
-+ grub_env_set ("http_path", http_path);
-+ }
-+ }
-+
-+ if (http_server && http_path)
-+ {
-+ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0)
-+ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path);
-+ else
-+ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path);
-+ if (http_url)
-+ {
-+ grub_env_unset ("http_url");
-+ grub_env_set ("http_url", http_url);
-+ grub_free (http_url);
-+ }
-+ }
-
- grub_efi_http_t *http = dev->http;
-
-@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
- grub_err_t err;
- grub_off_t size;
- char *buf;
-- char *root_url;
-- grub_efi_ipv6_address_t address;
-- const char *rest;
-+ char *file_name;
-+ const char *http_path;
-
-- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0)
-- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server);
-+ /* If path is relative, prepend http_path */
-+ http_path = grub_env_get ("http_path");
-+ if (http_path && file->device->net->name[0] != '/')
-+ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name);
- else
-- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server);
-- if (root_url)
-- {
-- grub_env_unset ("root_url");
-- grub_env_set ("root_url", root_url);
-- grub_free (root_url);
-- }
-- else
-- {
-- return grub_errno;
-- }
-+ file_name = grub_strdup (file->device->net->name);
-
-- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0);
-+ if (!file_name)
-+ return grub_errno;
-+
-+ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0);
- if (err != GRUB_ERR_NONE)
-- return err;
-+ {
-+ grub_free (file_name);
-+ return err;
-+ }
-
-- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size);
-+ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size);
-+ grub_free (file_name);
- if (err != GRUB_ERR_NONE)
-- return err;
-+ {
-+ return err;
-+ }
-
- buf = grub_malloc (size);
- efihttp_read (dev, buf, size);
diff --git a/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
deleted file mode 100644
index e0becd6..0000000
--- a/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 16 Aug 2018 11:08:11 -0400
-Subject: [PATCH] Make linux_arm_kernel_header.hdr_offset be at the right place
-
-The kernel in front of me (slightly edited to make objdump work) looks like:
-
-00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..|
-00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......|
-00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.|
-00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...|
-00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........|
-00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.|
-00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................|
-00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............|
-00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............|
-000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................|
-000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-*
-
-(I don't know why the MZ header is there 7 times, but the offsets work out, so
-it's merely a surprising distraction.)
-
-If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is
-here:
-
-00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...|
-00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........|
- ^^^^^^^^^^^
-
-But it's supposed to be 4 bytes before that.
-
-This patch makes the reserved field be 3*32 instead of 4*32, and that means we
-can find the PE header correcrtly at 0x40 by reading the value at 0x3c.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/loader/efi/linux.c | 3 +++
- include/grub/arm/linux.h | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
-index 0622dfa48d4..b56ea0bc041 100644
---- a/grub-core/loader/efi/linux.c
-+++ b/grub-core/loader/efi/linux.c
-@@ -79,7 +79,10 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
- offset = 512;
- #endif
-
-+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
-+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
- hf = (handover_func)((char *)kernel_addr + handover_offset + offset);
-+ grub_dprintf ("linux", "handover_func() = %p\n", hf);
- hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
-
- return GRUB_ERR_BUG;
-diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h
-index 5900fc8a40c..bed308f22cb 100644
---- a/include/grub/arm/linux.h
-+++ b/include/grub/arm/linux.h
-@@ -31,7 +31,7 @@ struct linux_arm_kernel_header {
- grub_uint32_t magic;
- grub_uint32_t start; /* _start */
- grub_uint32_t end; /* _edata */
-- grub_uint32_t reserved2[4];
-+ grub_uint32_t reserved2[3];
- grub_uint32_t hdr_offset;
- };
-
diff --git a/SOURCES/0228-Mark-some-unused-stuff-unused.patch b/SOURCES/0228-Mark-some-unused-stuff-unused.patch
new file mode 100644
index 0000000..2561754
--- /dev/null
+++ b/SOURCES/0228-Mark-some-unused-stuff-unused.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 27 Aug 2018 13:10:08 -0400
+Subject: [PATCH] Mark some unused stuff unused
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/commands/blscfg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index bdb1c5a95aa..abd6f00d0de 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -434,7 +434,7 @@ finish:
+
+ static grub_envblk_t saved_env = NULL;
+
+-static int
++static int UNUSED
+ save_var (const char *name, const char *value, void *whitelist UNUSED)
+ {
+ const char *val = grub_env_get (name);
+@@ -446,7 +446,7 @@ save_var (const char *name, const char *value, void *whitelist UNUSED)
+ return 0;
+ }
+
+-static int
++static int UNUSED
+ unset_var (const char *name, const char *value UNUSED, void *whitelist)
+ {
+ grub_dprintf("blscfg", "restoring \"%s\"\n", name);
diff --git a/SOURCES/0229-Make-grub_error-more-verbose.patch b/SOURCES/0229-Make-grub_error-more-verbose.patch
new file mode 100644
index 0000000..6fffdeb
--- /dev/null
+++ b/SOURCES/0229-Make-grub_error-more-verbose.patch
@@ -0,0 +1,98 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 27 Aug 2018 13:14:06 -0400
+Subject: [PATCH] Make grub_error() more verbose
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/kern/efi/mm.c | 17 ++++++++++++++---
+ grub-core/kern/err.c | 13 +++++++++++--
+ include/grub/err.h | 5 ++++-
+ 3 files changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index 5cdf6c943f2..7692e63ba24 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+
+ /* Limit the memory access to less than 4GB for 32-bit platforms. */
+ if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
+- return 0;
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("invalid memory address (0x%llx > 0x%llx)"),
++ address, GRUB_EFI_MAX_USABLE_ADDRESS);
++ return NULL;
++ }
+
+ b = grub_efi_system_table->boot_services;
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
+ if (status != GRUB_EFI_SUCCESS)
+- return 0;
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
++ return NULL;
++ }
+
+ if (address == 0)
+ {
+@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
+ grub_efi_free_pages (0, pages);
+ if (status != GRUB_EFI_SUCCESS)
+- return 0;
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
++ return NULL;
++ }
+ }
+
+ grub_efi_store_alloc (address, pages);
+diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c
+index 53c734de70e..aebfe0cf839 100644
+--- a/grub-core/kern/err.c
++++ b/grub-core/kern/err.c
+@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE];
+ static int grub_error_stack_pos;
+ static int grub_error_stack_assert;
+
++#ifdef grub_error
++#undef grub_error
++#endif
++
+ grub_err_t
+-grub_error (grub_err_t n, const char *fmt, ...)
++grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...)
+ {
+ va_list ap;
++ int m;
+
+ grub_errno = n;
+
++ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line);
++ if (m < 0)
++ m = 0;
++
+ va_start (ap, fmt);
+- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap);
++ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap);
+ va_end (ap);
+
+ return n;
+diff --git a/include/grub/err.h b/include/grub/err.h
+index 1590c688e1d..9b830757d35 100644
+--- a/include/grub/err.h
++++ b/include/grub/err.h
+@@ -84,7 +84,10 @@ struct grub_error_saved
+ extern grub_err_t EXPORT_VAR(grub_errno);
+ extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG];
+
+-grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...);
++grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...);
++
++#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__)
++
+ void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn));
+ void EXPORT_FUNC(grub_error_push) (void);
+ int EXPORT_FUNC(grub_error_pop) (void);
diff --git a/SOURCES/0229-Mark-some-unused-stuff-unused.patch b/SOURCES/0229-Mark-some-unused-stuff-unused.patch
deleted file mode 100644
index 2561754..0000000
--- a/SOURCES/0229-Mark-some-unused-stuff-unused.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 27 Aug 2018 13:10:08 -0400
-Subject: [PATCH] Mark some unused stuff unused
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/commands/blscfg.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index bdb1c5a95aa..abd6f00d0de 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -434,7 +434,7 @@ finish:
-
- static grub_envblk_t saved_env = NULL;
-
--static int
-+static int UNUSED
- save_var (const char *name, const char *value, void *whitelist UNUSED)
- {
- const char *val = grub_env_get (name);
-@@ -446,7 +446,7 @@ save_var (const char *name, const char *value, void *whitelist UNUSED)
- return 0;
- }
-
--static int
-+static int UNUSED
- unset_var (const char *name, const char *value UNUSED, void *whitelist)
- {
- grub_dprintf("blscfg", "restoring \"%s\"\n", name);
diff --git a/SOURCES/0230-Make-grub_error-more-verbose.patch b/SOURCES/0230-Make-grub_error-more-verbose.patch
deleted file mode 100644
index 6fffdeb..0000000
--- a/SOURCES/0230-Make-grub_error-more-verbose.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 27 Aug 2018 13:14:06 -0400
-Subject: [PATCH] Make grub_error() more verbose
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/kern/efi/mm.c | 17 ++++++++++++++---
- grub-core/kern/err.c | 13 +++++++++++--
- include/grub/err.h | 5 ++++-
- 3 files changed, 29 insertions(+), 6 deletions(-)
-
-diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
-index 5cdf6c943f2..7692e63ba24 100644
---- a/grub-core/kern/efi/mm.c
-+++ b/grub-core/kern/efi/mm.c
-@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
-
- /* Limit the memory access to less than 4GB for 32-bit platforms. */
- if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
-- return 0;
-+ {
-+ grub_error (GRUB_ERR_BAD_ARGUMENT,
-+ N_("invalid memory address (0x%llx > 0x%llx)"),
-+ address, GRUB_EFI_MAX_USABLE_ADDRESS);
-+ return NULL;
-+ }
-
- b = grub_efi_system_table->boot_services;
- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
- if (status != GRUB_EFI_SUCCESS)
-- return 0;
-+ {
-+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
-+ return NULL;
-+ }
-
- if (address == 0)
- {
-@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
- grub_efi_free_pages (0, pages);
- if (status != GRUB_EFI_SUCCESS)
-- return 0;
-+ {
-+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
-+ return NULL;
-+ }
- }
-
- grub_efi_store_alloc (address, pages);
-diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c
-index 53c734de70e..aebfe0cf839 100644
---- a/grub-core/kern/err.c
-+++ b/grub-core/kern/err.c
-@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE];
- static int grub_error_stack_pos;
- static int grub_error_stack_assert;
-
-+#ifdef grub_error
-+#undef grub_error
-+#endif
-+
- grub_err_t
--grub_error (grub_err_t n, const char *fmt, ...)
-+grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...)
- {
- va_list ap;
-+ int m;
-
- grub_errno = n;
-
-+ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line);
-+ if (m < 0)
-+ m = 0;
-+
- va_start (ap, fmt);
-- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap);
-+ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap);
- va_end (ap);
-
- return n;
-diff --git a/include/grub/err.h b/include/grub/err.h
-index 1590c688e1d..9b830757d35 100644
---- a/include/grub/err.h
-+++ b/include/grub/err.h
-@@ -84,7 +84,10 @@ struct grub_error_saved
- extern grub_err_t EXPORT_VAR(grub_errno);
- extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG];
-
--grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...);
-+grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...);
-+
-+#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__)
-+
- void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn));
- void EXPORT_FUNC(grub_error_push) (void);
- int EXPORT_FUNC(grub_error_pop) (void);
diff --git a/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch
new file mode 100644
index 0000000..a5cc064
--- /dev/null
+++ b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch
@@ -0,0 +1,307 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 14 Aug 2018 14:07:44 -0400
+Subject: [PATCH] arm/arm64 loader: Better memory allocation and error
+ messages.
+
+On mustang, our memory map looks like:
+
+Type Physical start - end #Pages Size Attributes
+reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB
+conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB
+ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB
+BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB
+conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB
+ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB
+ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB
+conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB
+ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB
+ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB
+BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB
+RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB
+RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB
+RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB
+ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB
+BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB
+reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB
+ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB
+ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB
+ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB
+RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB
+RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB
+RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB
+RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB
+RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB
+RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB
+BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB
+reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB
+conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB
+BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB
+conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB
+BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB
+conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB
+BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB
+conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB
+BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB
+BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB
+RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB
+conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB
+RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB
+conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB
+BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB
+MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT
+MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT
+MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT
+MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT
+
+When we're trying to find the base of ram, if we start with GRUB_UINT_MAX
+(0xffffffff on all platforms) and always use min(), that means we eventually
+decide that the base of ram is GRUB_UINT_MAX, which is lower than our first
+memory address, and thus our allocation of the initramfs, which specifies this
+value as the maximum possible address it can be at, fails.
+
+This patch changes it to start at GRUB_EFI_MAX_USABLE_ADDRESS, which is always
+at least 0xffffffff on 32-bit platforms and at least 0x7ffffffffffffff on
+64-bit platforms. Additionally, this adds a requirement that the memory we
+choose is actually /allocatable/ conventional memory, not merely
+write-combining. On this machine that means we wind up with an allocation
+around 0x4392XXXXXX, which is a reasonable address.
+
+This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it
+tries to allocate again starting with the same max address it did the first
+time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any
+per-platform constraints on its given address are maintained.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/kern/efi/mm.c | 32 ++++++++++++-----
+ grub-core/loader/arm64/linux.c | 78 ++++++++++++++++++++++++++++++++----------
+ 2 files changed, 82 insertions(+), 28 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index 7692e63ba24..306924f73a4 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+ {
+ grub_efi_status_t status;
+ grub_efi_boot_services_t *b;
++ grub_efi_physical_address_t ret = address;
+
+ /* Limit the memory access to less than 4GB for 32-bit platforms. */
+ if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
+@@ -165,19 +166,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+ }
+
+ b = grub_efi_system_table->boot_services;
+- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ return NULL;
+ }
+
+- if (address == 0)
++ if (ret == 0)
+ {
+ /* Uggh, the address 0 was allocated... This is too annoying,
+ so reallocate another one. */
+- address = GRUB_EFI_MAX_USABLE_ADDRESS;
+- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
++ ret = address;
++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
+ grub_efi_free_pages (0, pages);
+ if (status != GRUB_EFI_SUCCESS)
+ {
+@@ -186,9 +187,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
+ }
+ }
+
+- grub_efi_store_alloc (address, pages);
++ grub_efi_store_alloc (ret, pages);
+
+- return (void *) ((grub_addr_t) address);
++ return (void *) ((grub_addr_t) ret);
+ }
+
+ void *
+@@ -696,11 +697,24 @@ grub_efi_get_ram_base(grub_addr_t *base_addr)
+ if (ret < 1)
+ return GRUB_ERR_BUG;
+
+- for (desc = memory_map, *base_addr = GRUB_UINT_MAX;
++ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS;
+ (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size);
+ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
+- if (desc->attribute & GRUB_EFI_MEMORY_WB)
+- *base_addr = grub_min (*base_addr, desc->physical_start);
++ {
++ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY &&
++ (desc->attribute & GRUB_EFI_MEMORY_WB))
++ {
++ *base_addr = grub_min (*base_addr, desc->physical_start);
++ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr);
++ }
++ else
++ {
++ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start);
++ }
++ }
++
++ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS)
++ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr);
+
+ grub_free(memory_map);
+
+diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
+index 93b5cd306eb..e1110749eb9 100644
+--- a/grub-core/loader/arm64/linux.c
++++ b/grub-core/loader/arm64/linux.c
+@@ -70,13 +70,15 @@ finalize_params_linux (void)
+ {
+ grub_efi_loaded_image_t *loaded_image = NULL;
+ int node, retval, len;
+-
++ grub_err_t err = GRUB_ERR_NONE;
+ void *fdt;
+
+ fdt = grub_fdt_load (0x400);
+-
+ if (!fdt)
+- goto failure;
++ {
++ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT");
++ goto failure;
++ }
+
+ node = grub_fdt_find_subnode (fdt, 0, "chosen");
+ if (node < 0)
+@@ -87,17 +89,26 @@ finalize_params_linux (void)
+ */
+ retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2);
+ if (retval)
+- goto failure;
++ {
++ err = grub_error(retval, "Could not find #address-cells");
++ goto failure;
++ }
+
+ retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2);
+ if (retval)
+- goto failure;
++ {
++ err = grub_error(retval, "Could not find #size-cells");
++ goto failure;
++ }
+
+ node = grub_fdt_add_subnode (fdt, 0, "chosen");
+ }
+
+ if (node < 1)
+- goto failure;
++ {
++ err = grub_error(grub_errno, "failed to load chosen fdt node.");
++ goto failure;
++ }
+
+ /* Set initrd info */
+ if (initrd_start && initrd_end > initrd_start)
+@@ -108,15 +119,26 @@ finalize_params_linux (void)
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start",
+ initrd_start);
+ if (retval)
+- goto failure;
++ {
++ err = grub_error(retval, "Failed to set linux,initrd-start property");
++ goto failure;
++ }
++
+ retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end",
+ initrd_end);
+ if (retval)
+- goto failure;
++ {
++ err = grub_error(retval, "Failed to set linux,initrd-end property");
++ goto failure;
++ }
+ }
+
+- if (grub_fdt_install() != GRUB_ERR_NONE)
+- goto failure;
++ retval = grub_fdt_install();
++ if (retval != GRUB_ERR_NONE)
++ {
++ err = grub_error(retval, "Failed to install fdt");
++ goto failure;
++ }
+
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
+ fdt);
+@@ -124,14 +146,20 @@ finalize_params_linux (void)
+ /* Convert command line to UCS-2 */
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (!loaded_image)
+- goto failure;
++ {
++ err = grub_error(grub_errno, "Failed to install fdt");
++ goto failure;
++ }
+
+ loaded_image->load_options_size = len =
+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
+ loaded_image->load_options =
+ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ if (!loaded_image->load_options)
+- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
++ {
++ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
++ goto failure;
++ }
+
+ loaded_image->load_options_size =
+ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
+@@ -141,7 +169,7 @@ finalize_params_linux (void)
+
+ failure:
+ grub_fdt_unload();
+- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
++ return err;
+ }
+
+ static void
+@@ -225,16 +253,28 @@ grub_linux_unload (void)
+ static void *
+ allocate_initrd_mem (int initrd_pages)
+ {
+- grub_addr_t max_addr;
++ grub_addr_t max_addr = 0;
++ grub_err_t err;
++ void *ret;
+
+- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE)
+- return NULL;
++ err = grub_efi_get_ram_base (&max_addr);
++ if (err != GRUB_ERR_NONE)
++ {
++ grub_error (err, "grub_efi_get_ram_base() failed");
++ return NULL;
++ }
++
++ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n",
++ max_addr, INITRD_MAX_ADDRESS_OFFSET);
+
+ max_addr += INITRD_MAX_ADDRESS_OFFSET - 1;
++ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages);
+
+- return grub_efi_allocate_pages_real (max_addr, initrd_pages,
+- GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+- GRUB_EFI_LOADER_DATA);
++ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages,
++ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
++ GRUB_EFI_LOADER_DATA);
++ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret);
++ return ret;
+ }
+
+ static grub_err_t
diff --git a/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch
deleted file mode 100644
index a5cc064..0000000
--- a/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+++ /dev/null
@@ -1,307 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 14 Aug 2018 14:07:44 -0400
-Subject: [PATCH] arm/arm64 loader: Better memory allocation and error
- messages.
-
-On mustang, our memory map looks like:
-
-Type Physical start - end #Pages Size Attributes
-reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB
-conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB
-ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB
-BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB
-conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB
-ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB
-ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB
-conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB
-ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB
-ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB
-BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB
-RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB
-RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB
-RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB
-ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB
-BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB
-reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB
-ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB
-ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB
-ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB
-RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB
-RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB
-RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB
-RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB
-RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB
-RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB
-BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB
-reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB
-conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB
-BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB
-conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB
-BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB
-conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB
-BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB
-conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB
-BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB
-BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB
-RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB
-conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB
-RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB
-conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB
-BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB
-MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT
-MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT
-MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT
-MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT
-
-When we're trying to find the base of ram, if we start with GRUB_UINT_MAX
-(0xffffffff on all platforms) and always use min(), that means we eventually
-decide that the base of ram is GRUB_UINT_MAX, which is lower than our first
-memory address, and thus our allocation of the initramfs, which specifies this
-value as the maximum possible address it can be at, fails.
-
-This patch changes it to start at GRUB_EFI_MAX_USABLE_ADDRESS, which is always
-at least 0xffffffff on 32-bit platforms and at least 0x7ffffffffffffff on
-64-bit platforms. Additionally, this adds a requirement that the memory we
-choose is actually /allocatable/ conventional memory, not merely
-write-combining. On this machine that means we wind up with an allocation
-around 0x4392XXXXXX, which is a reasonable address.
-
-This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it
-tries to allocate again starting with the same max address it did the first
-time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any
-per-platform constraints on its given address are maintained.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/kern/efi/mm.c | 32 ++++++++++++-----
- grub-core/loader/arm64/linux.c | 78 ++++++++++++++++++++++++++++++++----------
- 2 files changed, 82 insertions(+), 28 deletions(-)
-
-diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
-index 7692e63ba24..306924f73a4 100644
---- a/grub-core/kern/efi/mm.c
-+++ b/grub-core/kern/efi/mm.c
-@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
- {
- grub_efi_status_t status;
- grub_efi_boot_services_t *b;
-+ grub_efi_physical_address_t ret = address;
-
- /* Limit the memory access to less than 4GB for 32-bit platforms. */
- if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
-@@ -165,19 +166,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
- }
-
- b = grub_efi_system_table->boot_services;
-- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
-+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
- if (status != GRUB_EFI_SUCCESS)
- {
- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
- return NULL;
- }
-
-- if (address == 0)
-+ if (ret == 0)
- {
- /* Uggh, the address 0 was allocated... This is too annoying,
- so reallocate another one. */
-- address = GRUB_EFI_MAX_USABLE_ADDRESS;
-- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
-+ ret = address;
-+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
- grub_efi_free_pages (0, pages);
- if (status != GRUB_EFI_SUCCESS)
- {
-@@ -186,9 +187,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
- }
- }
-
-- grub_efi_store_alloc (address, pages);
-+ grub_efi_store_alloc (ret, pages);
-
-- return (void *) ((grub_addr_t) address);
-+ return (void *) ((grub_addr_t) ret);
- }
-
- void *
-@@ -696,11 +697,24 @@ grub_efi_get_ram_base(grub_addr_t *base_addr)
- if (ret < 1)
- return GRUB_ERR_BUG;
-
-- for (desc = memory_map, *base_addr = GRUB_UINT_MAX;
-+ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS;
- (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size);
- desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
-- if (desc->attribute & GRUB_EFI_MEMORY_WB)
-- *base_addr = grub_min (*base_addr, desc->physical_start);
-+ {
-+ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY &&
-+ (desc->attribute & GRUB_EFI_MEMORY_WB))
-+ {
-+ *base_addr = grub_min (*base_addr, desc->physical_start);
-+ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr);
-+ }
-+ else
-+ {
-+ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start);
-+ }
-+ }
-+
-+ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS)
-+ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr);
-
- grub_free(memory_map);
-
-diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
-index 93b5cd306eb..e1110749eb9 100644
---- a/grub-core/loader/arm64/linux.c
-+++ b/grub-core/loader/arm64/linux.c
-@@ -70,13 +70,15 @@ finalize_params_linux (void)
- {
- grub_efi_loaded_image_t *loaded_image = NULL;
- int node, retval, len;
--
-+ grub_err_t err = GRUB_ERR_NONE;
- void *fdt;
-
- fdt = grub_fdt_load (0x400);
--
- if (!fdt)
-- goto failure;
-+ {
-+ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT");
-+ goto failure;
-+ }
-
- node = grub_fdt_find_subnode (fdt, 0, "chosen");
- if (node < 0)
-@@ -87,17 +89,26 @@ finalize_params_linux (void)
- */
- retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2);
- if (retval)
-- goto failure;
-+ {
-+ err = grub_error(retval, "Could not find #address-cells");
-+ goto failure;
-+ }
-
- retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2);
- if (retval)
-- goto failure;
-+ {
-+ err = grub_error(retval, "Could not find #size-cells");
-+ goto failure;
-+ }
-
- node = grub_fdt_add_subnode (fdt, 0, "chosen");
- }
-
- if (node < 1)
-- goto failure;
-+ {
-+ err = grub_error(grub_errno, "failed to load chosen fdt node.");
-+ goto failure;
-+ }
-
- /* Set initrd info */
- if (initrd_start && initrd_end > initrd_start)
-@@ -108,15 +119,26 @@ finalize_params_linux (void)
- retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start",
- initrd_start);
- if (retval)
-- goto failure;
-+ {
-+ err = grub_error(retval, "Failed to set linux,initrd-start property");
-+ goto failure;
-+ }
-+
- retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end",
- initrd_end);
- if (retval)
-- goto failure;
-+ {
-+ err = grub_error(retval, "Failed to set linux,initrd-end property");
-+ goto failure;
-+ }
- }
-
-- if (grub_fdt_install() != GRUB_ERR_NONE)
-- goto failure;
-+ retval = grub_fdt_install();
-+ if (retval != GRUB_ERR_NONE)
-+ {
-+ err = grub_error(retval, "Failed to install fdt");
-+ goto failure;
-+ }
-
- grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
- fdt);
-@@ -124,14 +146,20 @@ finalize_params_linux (void)
- /* Convert command line to UCS-2 */
- loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
- if (!loaded_image)
-- goto failure;
-+ {
-+ err = grub_error(grub_errno, "Failed to install fdt");
-+ goto failure;
-+ }
-
- loaded_image->load_options_size = len =
- (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
- loaded_image->load_options =
- grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
- if (!loaded_image->load_options)
-- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
-+ {
-+ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
-+ goto failure;
-+ }
-
- loaded_image->load_options_size =
- 2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
-@@ -141,7 +169,7 @@ finalize_params_linux (void)
-
- failure:
- grub_fdt_unload();
-- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
-+ return err;
- }
-
- static void
-@@ -225,16 +253,28 @@ grub_linux_unload (void)
- static void *
- allocate_initrd_mem (int initrd_pages)
- {
-- grub_addr_t max_addr;
-+ grub_addr_t max_addr = 0;
-+ grub_err_t err;
-+ void *ret;
-
-- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE)
-- return NULL;
-+ err = grub_efi_get_ram_base (&max_addr);
-+ if (err != GRUB_ERR_NONE)
-+ {
-+ grub_error (err, "grub_efi_get_ram_base() failed");
-+ return NULL;
-+ }
-+
-+ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n",
-+ max_addr, INITRD_MAX_ADDRESS_OFFSET);
-
- max_addr += INITRD_MAX_ADDRESS_OFFSET - 1;
-+ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages);
-
-- return grub_efi_allocate_pages_real (max_addr, initrd_pages,
-- GRUB_EFI_ALLOCATE_MAX_ADDRESS,
-- GRUB_EFI_LOADER_DATA);
-+ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages,
-+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
-+ GRUB_EFI_LOADER_DATA);
-+ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret);
-+ return ret;
- }
-
- static grub_err_t
diff --git a/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch
new file mode 100644
index 0000000..e979dd2
--- /dev/null
+++ b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch
@@ -0,0 +1,401 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 21 Sep 2018 17:51:16 +0200
+Subject: [PATCH] drop TPM support for legacy BIOS
+
+Currently there's TPM support for both EFI and legacy BIOS.
+
+A software interrupt call interface is used in legacy BIOS to communicate
+with the TPM chips. But with some BIOS firmwares, the machine just hangs
+after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command.
+
+It's hard to know what exactly is causing this, but the Trousers project
+mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due
+the command not working reliable on some BIOS.
+
+The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler
+interface, doesn't require to setup any data structure and doesn't return
+anything. So it could be used to do measurements and logs events instead.
+
+But even when using this command can be a workaround on some systems, it
+doesn't guarantee that could not fail on others. So since the TPM support
+for some legacy BIOS don't work and can lead to machines failing to boot,
+let's just drop it and only support TPM for EFI.
+
+[0]: http://trousers.sourceforge.net/grub.html
+
+Resolves: rhbz#1579835
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/Makefile.core.def | 1 -
+ grub-core/kern/i386/pc/tpm.c | 145 --------------------------------------
+ grub-core/loader/i386/pc/linux.c | 4 --
+ include/grub/tpm.h | 2 +-
+ grub-core/boot/i386/pc/boot.S | 30 +-------
+ grub-core/boot/i386/pc/diskboot.S | 44 ------------
+ 6 files changed, 2 insertions(+), 224 deletions(-)
+ delete mode 100644 grub-core/kern/i386/pc/tpm.c
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index cf3d549d212..fb0a1e0babb 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -246,7 +246,6 @@ kernel = {
+
+ i386_pc = kern/i386/pc/init.c;
+ i386_pc = kern/i386/pc/mmap.c;
+- i386_pc = kern/i386/pc/tpm.c;
+ i386_pc = term/i386/pc/console.c;
+
+ i386_qemu = bus/pci.c;
+diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
+deleted file mode 100644
+index f6f264aff2e..00000000000
+--- a/grub-core/kern/i386/pc/tpm.c
++++ /dev/null
+@@ -1,145 +0,0 @@
+-#include <grub/err.h>
+-#include <grub/i18n.h>
+-#include <grub/mm.h>
+-#include <grub/tpm.h>
+-#include <grub/misc.h>
+-#include <grub/i386/pc/int.h>
+-
+-#define TCPA_MAGIC 0x41504354
+-
+-static int tpm_presence = -1;
+-
+-int tpm_present(void);
+-
+-int tpm_present(void)
+-{
+- struct grub_bios_int_registers regs;
+-
+- if (tpm_presence != -1)
+- return tpm_presence;
+-
+- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+- regs.eax = 0xbb00;
+- regs.ebx = TCPA_MAGIC;
+- grub_bios_interrupt (0x1a, ®s);
+-
+- if (regs.eax == 0)
+- tpm_presence = 1;
+- else
+- tpm_presence = 0;
+-
+- return tpm_presence;
+-}
+-
+-grub_err_t
+-grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+- PassThroughToTPM_OutputParamBlock *outbuf)
+-{
+- struct grub_bios_int_registers regs;
+- grub_addr_t inaddr, outaddr;
+-
+- if (!tpm_present())
+- return 0;
+-
+- inaddr = (grub_addr_t) inbuf;
+- outaddr = (grub_addr_t) outbuf;
+- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+- regs.eax = 0xbb02;
+- regs.ebx = TCPA_MAGIC;
+- regs.ecx = 0;
+- regs.edx = 0;
+- regs.es = (inaddr & 0xffff0000) >> 4;
+- regs.edi = inaddr & 0xffff;
+- regs.ds = outaddr >> 4;
+- regs.esi = outaddr & 0xf;
+-
+- grub_bios_interrupt (0x1a, ®s);
+-
+- if (regs.eax)
+- {
+- tpm_presence = 0;
+- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
+- }
+-
+- return 0;
+-}
+-
+-typedef struct {
+- grub_uint32_t pcrindex;
+- grub_uint32_t eventtype;
+- grub_uint8_t digest[20];
+- grub_uint32_t eventdatasize;
+- grub_uint8_t event[0];
+-} GRUB_PACKED Event;
+-
+-typedef struct {
+- grub_uint16_t ipblength;
+- grub_uint16_t reserved;
+- grub_uint32_t hashdataptr;
+- grub_uint32_t hashdatalen;
+- grub_uint32_t pcr;
+- grub_uint32_t reserved2;
+- grub_uint32_t logdataptr;
+- grub_uint32_t logdatalen;
+-} GRUB_PACKED EventIncoming;
+-
+-typedef struct {
+- grub_uint16_t opblength;
+- grub_uint16_t reserved;
+- grub_uint32_t eventnum;
+- grub_uint8_t hashvalue[20];
+-} GRUB_PACKED EventOutgoing;
+-
+-grub_err_t
+-grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+- const char *description)
+-{
+- struct grub_bios_int_registers regs;
+- EventIncoming incoming;
+- EventOutgoing outgoing;
+- Event *event;
+- grub_uint32_t datalength;
+-
+- if (!tpm_present())
+- return 0;
+-
+- datalength = grub_strlen(description);
+- event = grub_zalloc(datalength + sizeof(Event));
+- if (!event)
+- return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+- N_("cannot allocate TPM event buffer"));
+-
+- event->pcrindex = pcr;
+- event->eventtype = 0x0d;
+- event->eventdatasize = grub_strlen(description);
+- grub_memcpy(event->event, description, datalength);
+-
+- incoming.ipblength = sizeof(incoming);
+- incoming.hashdataptr = (grub_uint32_t)buf;
+- incoming.hashdatalen = size;
+- incoming.pcr = pcr;
+- incoming.logdataptr = (grub_uint32_t)event;
+- incoming.logdatalen = datalength + sizeof(Event);
+-
+- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+- regs.eax = 0xbb01;
+- regs.ebx = TCPA_MAGIC;
+- regs.ecx = 0;
+- regs.edx = 0;
+- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
+- regs.edi = ((grub_addr_t) &incoming) & 0xffff;
+- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
+- regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
+-
+- grub_bios_interrupt (0x1a, ®s);
+-
+- grub_free(event);
+-
+- if (regs.eax)
+- {
+- tpm_presence = 0;
+- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
+- }
+-
+- return 0;
+-}
+diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
+index cfff25c21b5..783a3cd93bc 100644
+--- a/grub-core/loader/i386/pc/linux.c
++++ b/grub-core/loader/i386/pc/linux.c
+@@ -36,7 +36,6 @@
+ #include <grub/lib/cmdline.h>
+ #include <grub/linux.h>
+ #include <grub/efi/sb.h>
+-#include <grub/tpm.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ goto fail;
+ }
+
+- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
+- grub_print_error();
+-
+ grub_memcpy (&lh, kernel, sizeof (lh));
+ kernel_offset = sizeof (lh);
+
+diff --git a/include/grub/tpm.h b/include/grub/tpm.h
+index 972a5edc836..ce52be4ff7f 100644
+--- a/include/grub/tpm.h
++++ b/include/grub/tpm.h
+@@ -69,7 +69,7 @@ typedef struct {
+ grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
+ grub_uint8_t pcr, const char *kind,
+ const char *description);
+-#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
++#if defined (GRUB_MACHINE_EFI)
+ grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ PassThroughToTPM_OutputParamBlock *outbuf);
+ grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
+diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
+index acab37369ae..ea167fe1206 100644
+--- a/grub-core/boot/i386/pc/boot.S
++++ b/grub-core/boot/i386/pc/boot.S
+@@ -24,14 +24,11 @@
+ * defines for the code go here
+ */
+
+-#define TPM 1
+-
+ /* Print message string */
+ #define MSG(x) movw $x, %si; call LOCAL(message)
+ #define ERR(x) movw $x, %si; jmp LOCAL(error_message)
+
+ .macro floppy
+-#ifndef TPM
+ part_start:
+
+ LOCAL(probe_values):
+@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy"
+ movb MACRO_DOLLAR(79), %ch
+
+ jmp LOCAL(final_init)
+-#endif
+ .endm
+
+ .macro scratch
+@@ -256,7 +252,6 @@ real_start:
+ /* set %si to the disk address packet */
+ movw $disk_address_packet, %si
+
+-#ifndef TPM
+ /* check if LBA is supported */
+ movb $0x41, %ah
+ movw $0x55aa, %bx
+@@ -276,7 +271,6 @@ real_start:
+
+ andw $1, %cx
+ jz LOCAL(chs_mode)
+-#endif
+
+ LOCAL(lba_mode):
+ xorw %ax, %ax
+@@ -320,9 +314,6 @@ LOCAL(lba_mode):
+ jmp LOCAL(copy_buffer)
+
+ LOCAL(chs_mode):
+-#ifdef TPM
+- jmp LOCAL(general_error)
+-#else
+ /*
+ * Determine the hard disk geometry from the BIOS!
+ * We do this first, so that LS-120 IDE floppies work correctly.
+@@ -434,7 +425,7 @@ setup_sectors:
+ jc LOCAL(read_error)
+
+ movw %es, %bx
+-#endif /* TPM */
++
+ LOCAL(copy_buffer):
+ /*
+ * We need to save %cx and %si because the startup code in
+@@ -457,25 +448,6 @@ LOCAL(copy_buffer):
+ popw %ds
+ popa
+
+-#ifdef TPM
+- pusha
+-
+- movw $0xBB00, %ax /* TCG_StatusCheck */
+- int $0x1A
+- test %eax, %eax
+- jnz boot /* No TPM or TPM deactivated */
+-
+- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
+- xorl %esi, %esi
+- movl $0x41504354, %ebx /* TCPA */
+- movl $0x200, %ecx /* Measure 512 bytes */
+- movl $0x8, %edx /* PCR 8 */
+- int $0x1A
+-
+-boot:
+- popa
+-#endif
+ /* boot kernel */
+ jmp *(LOCAL(kernel_address))
+
+diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
+index f4744ec6fcb..68d31de0c4c 100644
+--- a/grub-core/boot/i386/pc/diskboot.S
++++ b/grub-core/boot/i386/pc/diskboot.S
+@@ -19,8 +19,6 @@
+ #include <grub/symbol.h>
+ #include <grub/machine/boot.h>
+
+-#define TPM 1
+-
+ /*
+ * defines for the code go here
+ */
+@@ -55,21 +53,6 @@ _start:
+ /* this sets up for the first run through "bootloop" */
+ movw $LOCAL(firstlist), %di
+
+-#ifdef TPM
+- /* clear EAX to remove potential garbage */
+- xorl %eax, %eax
+- /* 8(%di) = number of sectors to read */
+- movw 8(%di), %ax
+-
+- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit
+- * which is large enough to hold values of up to 4GB. I doubt there
+- * will ever be a core.img larger than that. ;-) */
+- shll $9, %eax
+-
+- /* write result to bytes_to_measure var */
+- movl %eax, bytes_to_measure
+-#endif
+-
+ /* save the sector number of the second sector in %ebp */
+ movl (%di), %ebp
+
+@@ -307,29 +290,6 @@ LOCAL(copy_buffer):
+ /* END OF MAIN LOOP */
+
+ LOCAL(bootit):
+-#ifdef TPM
+- pusha
+- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
+-
+- movw $0x0, %bx
+- movw %bx, %es
+-
+- /* We've already measured the first 512 bytes, now measure the rest */
+- xorl %edi, %edi
+- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
+-
+- movl $0x41504354, %ebx /* EBX = "TCPA" */
+-
+- /* %ecx = The length, in bytes, of the buffer to measure */
+- movl $bytes_to_measure, %esi
+- movl (%esi), %ecx
+- xorl %esi, %esi
+- movl $0x9, %edx /* PCR 9 */
+-
+- int $0x1A
+-
+- popa
+-#endif
+ /* print a newline */
+ MSG(notification_done)
+ popw %dx /* this makes sure %dl is our "boot" drive */
+@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom"
+ read_error_string: .asciz "Read"
+ general_error_string: .asciz " Error"
+
+-#ifdef TPM
+-bytes_to_measure: .long 0
+-#endif
+-
+ /*
+ * message: write the string pointed to by %si
+ *
diff --git a/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
new file mode 100644
index 0000000..bd153f2
--- /dev/null
+++ b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
@@ -0,0 +1,148 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 27 Sep 2018 10:49:14 +0200
+Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module
+
+The qsort function is defined in the grub2 kernel and exported for modules
+to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels
+that don't export this symbol.
+
+Loading the latest blscfg module might be useful on legacy BIOS systems to
+avoid updating the first and second stage grub2 images in the boot device.
+
+Since the only caller of the qsort function is the blscfg module, move the
+qsort function out of the grub2 kernel and only have it in the blscfg.mod.
+
+While being there, also remove the grub_bsearch() function that is unused.
+
+Related: rhbz#1633646
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/Makefile.core.def | 2 +-
+ grub-core/commands/blscfg.c | 3 ++-
+ grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++---------------------
+ include/grub/misc.h | 15 ------------
+ 4 files changed, 6 insertions(+), 44 deletions(-)
+ rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%)
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index fb0a1e0babb..3346d1be658 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -129,7 +129,6 @@ kernel = {
+ common = kern/rescue_parser.c;
+ common = kern/rescue_reader.c;
+ common = kern/term.c;
+- common = kern/qsort.c;
+ common = kern/backtrace.c;
+ common = kern/tpm.c;
+
+@@ -781,6 +780,7 @@ module = {
+ module = {
+ name = blscfg;
+ common = commands/blscfg.c;
++ common = commands/bls_qsort.h;
+ common = commands/loadenv.h;
+ enable = efi;
+ enable = i386_pc;
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index abd6f00d0de..bec5a9ffe3e 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -36,6 +36,7 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
++#include "bls_qsort.h"
+ #include "loadenv.h"
+
+ #define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+@@ -717,7 +718,7 @@ read_fallback:
+ use_version = false;
+ }
+
+- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
++ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
+
+ grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries);
+ for (r = nentries - 1; r >= 0; r--)
+diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h
+similarity index 93%
+rename from grub-core/kern/qsort.c
+rename to grub-core/commands/bls_qsort.h
+index 7f3fc9ffdae..572765fa3f2 100644
+--- a/grub-core/kern/qsort.c
++++ b/grub-core/commands/bls_qsort.h
+@@ -64,6 +64,7 @@ typedef struct
+ #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))
+ #define STACK_NOT_EMPTY (stack < top)
+
++typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
+
+ /* Order size using quicksort. This implementation incorporates
+ four optimizations discussed in Sedgewick:
+@@ -89,8 +90,8 @@ typedef struct
+ smaller partition. This *guarantees* no more than log (total_elems)
+ stack size is needed (actually O(1) in this case)! */
+
+-void
+-grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
++static inline void UNUSED
++bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
+ grub_compar_d_fn_t cmp, void *arg)
+ {
+ char *base_ptr = (char *) pbase;
+@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
+ }
+ }
+
+-void *
+-grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size,
+- grub_compar_d_fn_t compar, void *state)
+-{
+- grub_size_t l, u, idx;
+- const void *p;
+- int comparison;
+-
+- l = 0;
+- u = nmemb;
+- while (l < u)
+- {
+- idx = (l + u) / 2;
+- p = (void *) (((const char *) base) + (idx * size));
+- comparison = (*compar) (key, p, state);
+- if (comparison < 0)
+- u = idx;
+- else if (comparison > 0)
+- l = idx + 1;
+- else
+- return (void *) p;
+- }
+-
+- return NULL;
+-}
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index 5f1c1c1be4e..de9016ab709 100644
+--- a/include/grub/misc.h
++++ b/include/grub/misc.h
+@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file,
+ #define grub_max(a, b) (((a) > (b)) ? (a) : (b))
+ #define grub_min(a, b) (((a) < (b)) ? (a) : (b))
+
+-typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
+-
+-void *EXPORT_FUNC(grub_bsearch) (const void *key,
+- const void *base,
+- grub_size_t nmemb,
+- grub_size_t size,
+- grub_compar_d_fn_t compar,
+- void *state);
+-
+-void EXPORT_FUNC(grub_qsort) (void *const pbase,
+- grub_size_t total_elems,
+- grub_size_t size,
+- grub_compar_d_fn_t cmp,
+- void *state);
+-
+ #endif /* ! GRUB_MISC_HEADER */
diff --git a/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch b/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch
deleted file mode 100644
index ab7867b..0000000
--- a/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch
+++ /dev/null
@@ -1,401 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 21 Sep 2018 17:51:16 +0200
-Subject: [PATCH] drop TPM support for legacy BIOS
-
-Currently there's TPM support for both EFI and legacy BIOS.
-
-A software interrupt call interface is used in legacy BIOS to communicate
-with the TPM chips. But with some BIOS firmwares, the machine just hangs
-after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command.
-
-It's hard to know what exactly is causing this, but the Trousers project
-mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due
-the command not working reliable on some BIOS.
-
-The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler
-interface, doesn't require to setup any data structure and doesn't return
-anything. So it could be used to do measurements and logs events instead.
-
-But even when using this command can be a workaround on some systems, it
-doesn't guarantee that could not fail on others. So since the TPM support
-for some legacy BIOS don't work and can lead to machines failing to boot,
-let's just drop it and only support TPM for EFI.
-
-[0]: http://trousers.sourceforge.net/grub.html
-
-Resolves: rhbz#1579835
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/Makefile.core.def | 1 -
- grub-core/kern/i386/pc/tpm.c | 145 --------------------------------------
- grub-core/loader/i386/pc/linux.c | 4 --
- include/grub/tpm.h | 2 +-
- grub-core/boot/i386/pc/boot.S | 30 +-------
- grub-core/boot/i386/pc/diskboot.S | 44 ------------
- 6 files changed, 2 insertions(+), 224 deletions(-)
- delete mode 100644 grub-core/kern/i386/pc/tpm.c
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 203584fb00b..01c5f9ae351 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -246,7 +246,6 @@ kernel = {
-
- i386_pc = kern/i386/pc/init.c;
- i386_pc = kern/i386/pc/mmap.c;
-- i386_pc = kern/i386/pc/tpm.c;
- i386_pc = term/i386/pc/console.c;
-
- i386_qemu = bus/pci.c;
-diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
-deleted file mode 100644
-index f6f264aff2e..00000000000
---- a/grub-core/kern/i386/pc/tpm.c
-+++ /dev/null
-@@ -1,145 +0,0 @@
--#include <grub/err.h>
--#include <grub/i18n.h>
--#include <grub/mm.h>
--#include <grub/tpm.h>
--#include <grub/misc.h>
--#include <grub/i386/pc/int.h>
--
--#define TCPA_MAGIC 0x41504354
--
--static int tpm_presence = -1;
--
--int tpm_present(void);
--
--int tpm_present(void)
--{
-- struct grub_bios_int_registers regs;
--
-- if (tpm_presence != -1)
-- return tpm_presence;
--
-- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-- regs.eax = 0xbb00;
-- regs.ebx = TCPA_MAGIC;
-- grub_bios_interrupt (0x1a, ®s);
--
-- if (regs.eax == 0)
-- tpm_presence = 1;
-- else
-- tpm_presence = 0;
--
-- return tpm_presence;
--}
--
--grub_err_t
--grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
-- PassThroughToTPM_OutputParamBlock *outbuf)
--{
-- struct grub_bios_int_registers regs;
-- grub_addr_t inaddr, outaddr;
--
-- if (!tpm_present())
-- return 0;
--
-- inaddr = (grub_addr_t) inbuf;
-- outaddr = (grub_addr_t) outbuf;
-- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-- regs.eax = 0xbb02;
-- regs.ebx = TCPA_MAGIC;
-- regs.ecx = 0;
-- regs.edx = 0;
-- regs.es = (inaddr & 0xffff0000) >> 4;
-- regs.edi = inaddr & 0xffff;
-- regs.ds = outaddr >> 4;
-- regs.esi = outaddr & 0xf;
--
-- grub_bios_interrupt (0x1a, ®s);
--
-- if (regs.eax)
-- {
-- tpm_presence = 0;
-- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
-- }
--
-- return 0;
--}
--
--typedef struct {
-- grub_uint32_t pcrindex;
-- grub_uint32_t eventtype;
-- grub_uint8_t digest[20];
-- grub_uint32_t eventdatasize;
-- grub_uint8_t event[0];
--} GRUB_PACKED Event;
--
--typedef struct {
-- grub_uint16_t ipblength;
-- grub_uint16_t reserved;
-- grub_uint32_t hashdataptr;
-- grub_uint32_t hashdatalen;
-- grub_uint32_t pcr;
-- grub_uint32_t reserved2;
-- grub_uint32_t logdataptr;
-- grub_uint32_t logdatalen;
--} GRUB_PACKED EventIncoming;
--
--typedef struct {
-- grub_uint16_t opblength;
-- grub_uint16_t reserved;
-- grub_uint32_t eventnum;
-- grub_uint8_t hashvalue[20];
--} GRUB_PACKED EventOutgoing;
--
--grub_err_t
--grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
-- const char *description)
--{
-- struct grub_bios_int_registers regs;
-- EventIncoming incoming;
-- EventOutgoing outgoing;
-- Event *event;
-- grub_uint32_t datalength;
--
-- if (!tpm_present())
-- return 0;
--
-- datalength = grub_strlen(description);
-- event = grub_zalloc(datalength + sizeof(Event));
-- if (!event)
-- return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-- N_("cannot allocate TPM event buffer"));
--
-- event->pcrindex = pcr;
-- event->eventtype = 0x0d;
-- event->eventdatasize = grub_strlen(description);
-- grub_memcpy(event->event, description, datalength);
--
-- incoming.ipblength = sizeof(incoming);
-- incoming.hashdataptr = (grub_uint32_t)buf;
-- incoming.hashdatalen = size;
-- incoming.pcr = pcr;
-- incoming.logdataptr = (grub_uint32_t)event;
-- incoming.logdatalen = datalength + sizeof(Event);
--
-- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-- regs.eax = 0xbb01;
-- regs.ebx = TCPA_MAGIC;
-- regs.ecx = 0;
-- regs.edx = 0;
-- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
-- regs.edi = ((grub_addr_t) &incoming) & 0xffff;
-- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
-- regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
--
-- grub_bios_interrupt (0x1a, ®s);
--
-- grub_free(event);
--
-- if (regs.eax)
-- {
-- tpm_presence = 0;
-- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
-- }
--
-- return 0;
--}
-diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
-index cfff25c21b5..783a3cd93bc 100644
---- a/grub-core/loader/i386/pc/linux.c
-+++ b/grub-core/loader/i386/pc/linux.c
-@@ -36,7 +36,6 @@
- #include <grub/lib/cmdline.h>
- #include <grub/linux.h>
- #include <grub/efi/sb.h>
--#include <grub/tpm.h>
-
- GRUB_MOD_LICENSE ("GPLv3+");
-
-@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
- goto fail;
- }
-
-- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
-- grub_print_error();
--
- grub_memcpy (&lh, kernel, sizeof (lh));
- kernel_offset = sizeof (lh);
-
-diff --git a/include/grub/tpm.h b/include/grub/tpm.h
-index 972a5edc836..ce52be4ff7f 100644
---- a/include/grub/tpm.h
-+++ b/include/grub/tpm.h
-@@ -69,7 +69,7 @@ typedef struct {
- grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
- grub_uint8_t pcr, const char *kind,
- const char *description);
--#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
-+#if defined (GRUB_MACHINE_EFI)
- grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
- PassThroughToTPM_OutputParamBlock *outbuf);
- grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
-diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
-index acab37369ae..ea167fe1206 100644
---- a/grub-core/boot/i386/pc/boot.S
-+++ b/grub-core/boot/i386/pc/boot.S
-@@ -24,14 +24,11 @@
- * defines for the code go here
- */
-
--#define TPM 1
--
- /* Print message string */
- #define MSG(x) movw $x, %si; call LOCAL(message)
- #define ERR(x) movw $x, %si; jmp LOCAL(error_message)
-
- .macro floppy
--#ifndef TPM
- part_start:
-
- LOCAL(probe_values):
-@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy"
- movb MACRO_DOLLAR(79), %ch
-
- jmp LOCAL(final_init)
--#endif
- .endm
-
- .macro scratch
-@@ -256,7 +252,6 @@ real_start:
- /* set %si to the disk address packet */
- movw $disk_address_packet, %si
-
--#ifndef TPM
- /* check if LBA is supported */
- movb $0x41, %ah
- movw $0x55aa, %bx
-@@ -276,7 +271,6 @@ real_start:
-
- andw $1, %cx
- jz LOCAL(chs_mode)
--#endif
-
- LOCAL(lba_mode):
- xorw %ax, %ax
-@@ -320,9 +314,6 @@ LOCAL(lba_mode):
- jmp LOCAL(copy_buffer)
-
- LOCAL(chs_mode):
--#ifdef TPM
-- jmp LOCAL(general_error)
--#else
- /*
- * Determine the hard disk geometry from the BIOS!
- * We do this first, so that LS-120 IDE floppies work correctly.
-@@ -434,7 +425,7 @@ setup_sectors:
- jc LOCAL(read_error)
-
- movw %es, %bx
--#endif /* TPM */
-+
- LOCAL(copy_buffer):
- /*
- * We need to save %cx and %si because the startup code in
-@@ -457,25 +448,6 @@ LOCAL(copy_buffer):
- popw %ds
- popa
-
--#ifdef TPM
-- pusha
--
-- movw $0xBB00, %ax /* TCG_StatusCheck */
-- int $0x1A
-- test %eax, %eax
-- jnz boot /* No TPM or TPM deactivated */
--
-- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
-- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
-- xorl %esi, %esi
-- movl $0x41504354, %ebx /* TCPA */
-- movl $0x200, %ecx /* Measure 512 bytes */
-- movl $0x8, %edx /* PCR 8 */
-- int $0x1A
--
--boot:
-- popa
--#endif
- /* boot kernel */
- jmp *(LOCAL(kernel_address))
-
-diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
-index f4744ec6fcb..68d31de0c4c 100644
---- a/grub-core/boot/i386/pc/diskboot.S
-+++ b/grub-core/boot/i386/pc/diskboot.S
-@@ -19,8 +19,6 @@
- #include <grub/symbol.h>
- #include <grub/machine/boot.h>
-
--#define TPM 1
--
- /*
- * defines for the code go here
- */
-@@ -55,21 +53,6 @@ _start:
- /* this sets up for the first run through "bootloop" */
- movw $LOCAL(firstlist), %di
-
--#ifdef TPM
-- /* clear EAX to remove potential garbage */
-- xorl %eax, %eax
-- /* 8(%di) = number of sectors to read */
-- movw 8(%di), %ax
--
-- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit
-- * which is large enough to hold values of up to 4GB. I doubt there
-- * will ever be a core.img larger than that. ;-) */
-- shll $9, %eax
--
-- /* write result to bytes_to_measure var */
-- movl %eax, bytes_to_measure
--#endif
--
- /* save the sector number of the second sector in %ebp */
- movl (%di), %ebp
-
-@@ -307,29 +290,6 @@ LOCAL(copy_buffer):
- /* END OF MAIN LOOP */
-
- LOCAL(bootit):
--#ifdef TPM
-- pusha
-- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
--
-- movw $0x0, %bx
-- movw %bx, %es
--
-- /* We've already measured the first 512 bytes, now measure the rest */
-- xorl %edi, %edi
-- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
--
-- movl $0x41504354, %ebx /* EBX = "TCPA" */
--
-- /* %ecx = The length, in bytes, of the buffer to measure */
-- movl $bytes_to_measure, %esi
-- movl (%esi), %ecx
-- xorl %esi, %esi
-- movl $0x9, %edx /* PCR 9 */
--
-- int $0x1A
--
-- popa
--#endif
- /* print a newline */
- MSG(notification_done)
- popw %dx /* this makes sure %dl is our "boot" drive */
-@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom"
- read_error_string: .asciz "Read"
- general_error_string: .asciz " Error"
-
--#ifdef TPM
--bytes_to_measure: .long 0
--#endif
--
- /*
- * message: write the string pointed to by %si
- *
diff --git a/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch
new file mode 100644
index 0000000..1240713
--- /dev/null
+++ b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 27 Sep 2018 19:03:43 +0200
+Subject: [PATCH] Include blscfg module for powerpc ieee1275
+
+The blscfg module is currently not built for powerpc ieee1275, but this
+is still needed when the machine is not booted in bare metal with OPAL.
+
+Related: rhbz#1633646
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/Makefile.core.def | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 3346d1be658..6864e780fd4 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -782,6 +782,7 @@ module = {
+ common = commands/blscfg.c;
+ common = commands/bls_qsort.h;
+ common = commands/loadenv.h;
++ enable = powerpc_ieee1275;
+ enable = efi;
+ enable = i386_pc;
+ enable = emu;
diff --git a/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
deleted file mode 100644
index 61189da..0000000
--- a/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 27 Sep 2018 10:49:14 +0200
-Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module
-
-The qsort function is defined in the grub2 kernel and exported for modules
-to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels
-that don't export this symbol.
-
-Loading the latest blscfg module might be useful on legacy BIOS systems to
-avoid updating the first and second stage grub2 images in the boot device.
-
-Since the only caller of the qsort function is the blscfg module, move the
-qsort function out of the grub2 kernel and only have it in the blscfg.mod.
-
-While being there, also remove the grub_bsearch() function that is unused.
-
-Related: rhbz#1633646
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/Makefile.core.def | 2 +-
- grub-core/commands/blscfg.c | 3 ++-
- grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++---------------------
- include/grub/misc.h | 15 ------------
- 4 files changed, 6 insertions(+), 44 deletions(-)
- rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 01c5f9ae351..f99fc994f6b 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -129,7 +129,6 @@ kernel = {
- common = kern/rescue_parser.c;
- common = kern/rescue_reader.c;
- common = kern/term.c;
-- common = kern/qsort.c;
- common = kern/backtrace.c;
- common = kern/tpm.c;
-
-@@ -781,6 +780,7 @@ module = {
- module = {
- name = blscfg;
- common = commands/blscfg.c;
-+ common = commands/bls_qsort.h;
- common = commands/loadenv.h;
- enable = efi;
- enable = i386_pc;
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index abd6f00d0de..bec5a9ffe3e 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -36,6 +36,7 @@
-
- GRUB_MOD_LICENSE ("GPLv3+");
-
-+#include "bls_qsort.h"
- #include "loadenv.h"
-
- #define GRUB_BLS_CONFIG_PATH "/loader/entries/"
-@@ -717,7 +718,7 @@ read_fallback:
- use_version = false;
- }
-
-- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
-+ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
-
- grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries);
- for (r = nentries - 1; r >= 0; r--)
-diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h
-similarity index 93%
-rename from grub-core/kern/qsort.c
-rename to grub-core/commands/bls_qsort.h
-index 7f3fc9ffdae..572765fa3f2 100644
---- a/grub-core/kern/qsort.c
-+++ b/grub-core/commands/bls_qsort.h
-@@ -64,6 +64,7 @@ typedef struct
- #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))
- #define STACK_NOT_EMPTY (stack < top)
-
-+typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
-
- /* Order size using quicksort. This implementation incorporates
- four optimizations discussed in Sedgewick:
-@@ -89,8 +90,8 @@ typedef struct
- smaller partition. This *guarantees* no more than log (total_elems)
- stack size is needed (actually O(1) in this case)! */
-
--void
--grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
-+static inline void UNUSED
-+bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
- grub_compar_d_fn_t cmp, void *arg)
- {
- char *base_ptr = (char *) pbase;
-@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
- }
- }
-
--void *
--grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size,
-- grub_compar_d_fn_t compar, void *state)
--{
-- grub_size_t l, u, idx;
-- const void *p;
-- int comparison;
--
-- l = 0;
-- u = nmemb;
-- while (l < u)
-- {
-- idx = (l + u) / 2;
-- p = (void *) (((const char *) base) + (idx * size));
-- comparison = (*compar) (key, p, state);
-- if (comparison < 0)
-- u = idx;
-- else if (comparison > 0)
-- l = idx + 1;
-- else
-- return (void *) p;
-- }
--
-- return NULL;
--}
-diff --git a/include/grub/misc.h b/include/grub/misc.h
-index 5f1c1c1be4e..de9016ab709 100644
---- a/include/grub/misc.h
-+++ b/include/grub/misc.h
-@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file,
- #define grub_max(a, b) (((a) > (b)) ? (a) : (b))
- #define grub_min(a, b) (((a) < (b)) ? (a) : (b))
-
--typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
--
--void *EXPORT_FUNC(grub_bsearch) (const void *key,
-- const void *base,
-- grub_size_t nmemb,
-- grub_size_t size,
-- grub_compar_d_fn_t compar,
-- void *state);
--
--void EXPORT_FUNC(grub_qsort) (void *const pbase,
-- grub_size_t total_elems,
-- grub_size_t size,
-- grub_compar_d_fn_t cmp,
-- void *state);
--
- #endif /* ! GRUB_MISC_HEADER */
diff --git a/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch b/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch
deleted file mode 100644
index a60299b..0000000
--- a/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 27 Sep 2018 19:03:43 +0200
-Subject: [PATCH] Include blscfg module for powerpc ieee1275
-
-The blscfg module is currently not built for powerpc ieee1275, but this
-is still needed when the machine is not booted in bare metal with OPAL.
-
-Related: rhbz#1633646
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/Makefile.core.def | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index f99fc994f6b..5b4841e1f00 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -782,6 +782,7 @@ module = {
- common = commands/blscfg.c;
- common = commands/bls_qsort.h;
- common = commands/loadenv.h;
-+ enable = powerpc_ieee1275;
- enable = efi;
- enable = i386_pc;
- enable = emu;
diff --git a/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
new file mode 100644
index 0000000..2559203
--- /dev/null
+++ b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
@@ -0,0 +1,55 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 28 Sep 2018 10:35:38 +0200
+Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and
+ ppc ieee1275
+
+On platforms that load the blscfg module the latest version should be used,
+so copy the module to the boot directory to make sure that the grub2 kernel
+will load the latest version of the BLS parsing code.
+
+Related: rhbz#1633646
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub-switch-to-blscfg.in | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
+index 9cf64f8e725..1c6bd1882a7 100644
+--- a/util/grub-switch-to-blscfg.in
++++ b/util/grub-switch-to-blscfg.in
+@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'`
+
+ backupsuffix=.bak
+
++arch="$(uname -m)"
++
+ export TEXTDOMAIN=@PACKAGE@
+ export TEXTDOMAINDIR="@localedir@"
+
+@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
+ fi
+
+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+- arch="$(uname -m)"
+ bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")"
+ cp -aT "${bls_target}" "${bls_debug}"
+ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
+@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
+ fi
+
+ if [ "${GENERATE}" -eq 1 ] ; then
++ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
++ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then
++ exit 1
++ fi
++ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then
++ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then
++ exit 1
++ fi
++ fi
++
+ cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
+ if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then
+ cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}"
diff --git a/SOURCES/0235-Fix-getroot.c-s-trampolines.patch b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch
new file mode 100644
index 0000000..3a808f7
--- /dev/null
+++ b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch
@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 28 Sep 2018 15:42:19 -0400
+Subject: [PATCH] Fix getroot.c's trampolines.
+
+This makes the stack executable on most of the grub utilities, which is
+bad, and rpmdiff complains about it.
+
+Related: rhbz#1633646
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/osdep/linux/getroot.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
+index 4c5a13022dc..388a0f70638 100644
+--- a/grub-core/osdep/linux/getroot.c
++++ b/grub-core/osdep/linux/getroot.c
+@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev)
+ return grub_dev;
+ }
+
++static void *mp = NULL;
++static void
++btrfs_mount_path_hook(const char *m)
++{
++ mp = strdup (m);
++}
+
+ char *
+ grub_util_get_btrfs_subvol (const char *path, char **mount_path)
+ {
+- char *mp = NULL;
+-
+ if (mount_path)
+ *mount_path = NULL;
+
+- auto void
+- mount_path_hook (const char *m)
+- {
+- mp = strdup (m);
+- }
+-
+- grub_find_root_btrfs_mount_path_hook = mount_path_hook;
++ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook;
+ grub_free (grub_find_root_devices_from_mountinfo (path, NULL));
+ grub_find_root_btrfs_mount_path_hook = NULL;
+
diff --git a/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
deleted file mode 100644
index 2559203..0000000
--- a/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 28 Sep 2018 10:35:38 +0200
-Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and
- ppc ieee1275
-
-On platforms that load the blscfg module the latest version should be used,
-so copy the module to the boot directory to make sure that the grub2 kernel
-will load the latest version of the BLS parsing code.
-
-Related: rhbz#1633646
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub-switch-to-blscfg.in | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
-index 9cf64f8e725..1c6bd1882a7 100644
---- a/util/grub-switch-to-blscfg.in
-+++ b/util/grub-switch-to-blscfg.in
-@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'`
-
- backupsuffix=.bak
-
-+arch="$(uname -m)"
-+
- export TEXTDOMAIN=@PACKAGE@
- export TEXTDOMAINDIR="@localedir@"
-
-@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
- fi
-
- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-- arch="$(uname -m)"
- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")"
- cp -aT "${bls_target}" "${bls_debug}"
- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
-@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
- fi
-
- if [ "${GENERATE}" -eq 1 ] ; then
-+ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
-+ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then
-+ exit 1
-+ fi
-+ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then
-+ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then
-+ exit 1
-+ fi
-+ fi
-+
- cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
- if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then
- cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}"
diff --git a/SOURCES/0236-Fix-getroot.c-s-trampolines.patch b/SOURCES/0236-Fix-getroot.c-s-trampolines.patch
deleted file mode 100644
index 3a808f7..0000000
--- a/SOURCES/0236-Fix-getroot.c-s-trampolines.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 28 Sep 2018 15:42:19 -0400
-Subject: [PATCH] Fix getroot.c's trampolines.
-
-This makes the stack executable on most of the grub utilities, which is
-bad, and rpmdiff complains about it.
-
-Related: rhbz#1633646
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/osdep/linux/getroot.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
-index 4c5a13022dc..388a0f70638 100644
---- a/grub-core/osdep/linux/getroot.c
-+++ b/grub-core/osdep/linux/getroot.c
-@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev)
- return grub_dev;
- }
-
-+static void *mp = NULL;
-+static void
-+btrfs_mount_path_hook(const char *m)
-+{
-+ mp = strdup (m);
-+}
-
- char *
- grub_util_get_btrfs_subvol (const char *path, char **mount_path)
- {
-- char *mp = NULL;
--
- if (mount_path)
- *mount_path = NULL;
-
-- auto void
-- mount_path_hook (const char *m)
-- {
-- mp = strdup (m);
-- }
--
-- grub_find_root_btrfs_mount_path_hook = mount_path_hook;
-+ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook;
- grub_free (grub_find_root_devices_from_mountinfo (path, NULL));
- grub_find_root_btrfs_mount_path_hook = NULL;
-
diff --git a/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
new file mode 100644
index 0000000..bb1b012
--- /dev/null
+++ b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
@@ -0,0 +1,485 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 3 Oct 2018 20:48:32 +0200
+Subject: [PATCH] add 10_linux_bls grub.d snippet to generate menu entries from
+ BLS files
+
+This grub.d snippet can be used on platforms where the bootloader doesn't
+have BLS support and only can parse a normal grub configuration file.
+
+Portions of this script were taken from the ostree-grub-generator script
+included in the OSTree project.
+
+Resolves: rhbz#1636013
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ Makefile.util.def | 7 +
+ util/grub.d/10_linux_bls.in | 440 ++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 447 insertions(+)
+ create mode 100644 util/grub.d/10_linux_bls.in
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index cba4d500198..08cc98ddb8b 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -502,6 +502,13 @@ script = {
+ condition = COND_HOST_LINUX;
+ };
+
++script = {
++ name = '10_linux_bls';
++ common = util/grub.d/10_linux_bls.in;
++ installdir = grubconf;
++ condition = COND_HOST_LINUX;
++};
++
+ script = {
+ name = '10_xnu';
+ common = util/grub.d/10_xnu.in;
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+new file mode 100644
+index 00000000000..3cc7803c6a1
+--- /dev/null
++++ b/util/grub.d/10_linux_bls.in
+@@ -0,0 +1,440 @@
++#! /bin/sh
++set -e
++
++# grub-mkconfig helper script.
++# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
++#
++# GRUB is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# GRUB is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++
++prefix="@prefix@"
++exec_prefix="@exec_prefix@"
++datarootdir="@datarootdir@"
++
++. "$pkgdatadir/grub-mkconfig_lib"
++
++export TEXTDOMAIN=@PACKAGE@
++export TEXTDOMAINDIR="@localedir@"
++
++CLASS="--class gnu-linux --class gnu --class os --unrestricted"
++
++if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
++ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})"
++ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}"
++else
++ OS="${GRUB_DISTRIBUTOR}"
++ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
++fi
++
++# loop-AES arranges things so that /dev/loop/X can be our root device, but
++# the initrds that Linux uses don't like that.
++case ${GRUB_DEVICE} in
++ /dev/loop/*|/dev/loop[0-9])
++ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
++ ;;
++esac
++
++# Default to disabling partition uuid support to maintian compatibility with
++# older kernels.
++GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true}
++
++# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
++# and mounting btrfs requires user space scanning, so force UUID in this case.
++if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \
++ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
++ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \
++ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
++ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \
++ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
++ LINUX_ROOT_DEVICE=${GRUB_DEVICE}
++elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \
++ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then
++ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID}
++else
++ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
++fi
++
++case x"$GRUB_FS" in
++ xbtrfs)
++ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then
++ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}"
++ else
++ rootsubvol="`make_system_path_relative_to_its_root /`"
++ rootsubvol="${rootsubvol#/}"
++ if [ "x${rootsubvol}" != x ]; then
++ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
++ fi
++ fi;;
++ xzfs)
++ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
++ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
++ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}"
++ ;;
++esac
++
++mktitle ()
++{
++ local title_type
++ local version
++ local OS_NAME
++ local OS_VERS
++
++ title_type=$1 && shift
++ version=$1 && shift
++
++ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})"
++ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})"
++
++ case $title_type in
++ recovery)
++ title=$(printf '%s (%s) %s (recovery mode)' \
++ "${OS_NAME}" "${version}" "${OS_VERS}")
++ ;;
++ *)
++ title=$(printf '%s (%s) %s' \
++ "${OS_NAME}" "${version}" "${OS_VERS}")
++ ;;
++ esac
++ echo -n ${title}
++}
++
++title_correction_code=
++
++populate_header_warn()
++{
++cat <<EOF
++
++# This section was generated by a script. Do not modify the generated file - all changes
++# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
++
++EOF
++}
++
++read_config()
++{
++ config_file=${1}
++ title=""
++ initrd=""
++ options=""
++ linux=""
++
++ while read -r line
++ do
++ record=$(echo ${line} | cut -f 1 -d ' ')
++ value=$(echo ${line} | cut -s -f2- -d ' ')
++ case "${record}" in
++ "title")
++ title=${value}
++ ;;
++ "initrd")
++ initrd=${value}
++ ;;
++ "linux")
++ linux=${value}
++ ;;
++ "options")
++ options=${value}
++ ;;
++ esac
++ done < ${config_file}
++}
++
++populate_menu()
++{
++ entries_path="/boot/loader/entries"
++ gettext_printf "Generating boot entries from BLS files...\n" >&2
++ for config in $(ls -v -r $entries_path/*.conf); do
++ read_config ${config}
++ menu="${menu}menuentry '${title}' {\n"
++ menu="${menu}\t linux ${linux} ${options}\n"
++ if [ -n "${initrd}" ] ; then
++ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
++ fi
++ menu="${menu}}\n\n"
++ done
++ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation
++ printf "$menu"
++}
++
++linux_entry ()
++{
++ os="$1"
++ version="$2"
++ type="$3"
++ isdebug="$4"
++ args="$5"
++
++ if [ -z "$boot_device_id" ]; then
++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
++ fi
++
++ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
++ if [ x$dirname = x/ ]; then
++ if [ -z "${prepare_root_cache}" ]; then
++ prepare_grub_to_access_device ${GRUB_DEVICE}
++ fi
++ else
++ if [ -z "${prepare_boot_cache}" ]; then
++ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT}
++ fi
++ fi
++
++ if [ -d /sys/firmware/efi ]; then
++ bootefi_device="`${grub_probe} --target=device /boot/efi/`"
++ prepare_grub_to_access_device ${bootefi_device} boot
++ else
++ boot_device="`${grub_probe} --target=device /boot/`"
++ prepare_grub_to_access_device ${boot_device} boot
++ fi
++
++ populate_header_warn
++ populate_menu
++
++ ${grub_editenv} - set saved_entry=0
++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++
++ exit 0
++ fi
++
++ if [ x$type != xsimple ] ; then
++ title=$(mktitle "$type" "$version")
++ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
++ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
++ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
++ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
++ fi
++ if [ x$isdebug = xdebug ]; then
++ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}"
++ fi
++ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
++ else
++ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
++ fi
++ if [ x$type != xrecovery ] ; then
++ save_default_entry | grub_add_tab
++ fi
++
++ # Use ELILO's generic "efifb" when it's known to be available.
++ # FIXME: We need an interface to select vesafb in case efifb can't be used.
++ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
++ echo " load_video" | sed "s/^/$submenu_indentation/"
++ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \
++ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then
++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
++ fi
++ else
++ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
++ echo " load_video" | sed "s/^/$submenu_indentation/"
++ fi
++ echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/"
++ fi
++
++ echo " insmod gzio" | sed "s/^/$submenu_indentation/"
++
++ if [ x$dirname = x/ ]; then
++ if [ -z "${prepare_root_cache}" ]; then
++ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)"
++ fi
++ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/"
++ else
++ if [ -z "${prepare_boot_cache}" ]; then
++ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
++ fi
++ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
++ fi
++ sed "s/^/$submenu_indentation/" << EOF
++ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
++EOF
++ if test -n "${initrd}" ; then
++ initrd_path=
++ for i in ${initrd}; do
++ initrd_path="${initrd_path} ${rel_dirname}/${i}"
++ done
++ sed "s/^/$submenu_indentation/" << EOF
++ initrd $(echo $initrd_path)
++EOF
++ fi
++ if test -n "${fdt}" ; then
++ sed "s/^/$submenu_indentation/" << EOF
++ devicetree ${rel_dirname}/${fdt}
++EOF
++ fi
++ sed "s/^/$submenu_indentation/" << EOF
++}
++EOF
++}
++
++machine=`uname -m`
++case "x$machine" in
++ xi?86 | xx86_64)
++ list=
++ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do
++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
++ done ;;
++ *)
++ list=
++ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do
++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
++ done ;;
++esac
++
++if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
++ for i in /boot/ostree/*/vmlinuz-* ; do
++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
++ done
++fi
++
++case "$machine" in
++ i?86) GENKERNEL_ARCH="x86" ;;
++ mips|mips64) GENKERNEL_ARCH="mips" ;;
++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++ arm*) GENKERNEL_ARCH="arm" ;;
++ *) GENKERNEL_ARCH="$machine" ;;
++esac
++
++prepare_boot_cache=
++prepare_root_cache=
++boot_device_id=
++title_correction_code=
++
++# Extra indentation to add to menu entries in a submenu. We're not in a submenu
++# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
++submenu_indentation=""
++
++is_top_level=true
++while [ "x$list" != "x" ] ; do
++ linux=`version_find_latest $list`
++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
++ gettext_printf "Found linux image: %s\n" "$linux" >&2
++ fi
++
++ basename=`basename $linux`
++ dirname=`dirname $linux`
++ rel_dirname=`make_system_path_relative_to_its_root $dirname`
++ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
++ alt_version=`echo $version | sed -e "s,\.old$,,g"`
++ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
++
++ initrd_early=
++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \
++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do
++ if test -e "${dirname}/${i}" ; then
++ initrd_early="${initrd_early} ${i}"
++ fi
++ done
++
++ initrd_real=
++ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
++ "initrd-${version}" "initramfs-${version}.img" \
++ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
++ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
++ "initramfs-genkernel-${version}" \
++ "initramfs-genkernel-${alt_version}" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
++ if test -e "${dirname}/${i}" ; then
++ initrd_real="${i}"
++ break
++ fi
++ done
++
++ initrd=
++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then
++ initrd="${initrd_early} ${initrd_real}"
++
++ initrd_display=
++ for i in ${initrd}; do
++ initrd_display="${initrd_display} ${dirname}/${i}"
++ done
++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
++ fi
++ fi
++
++ fdt=
++ for i in "dtb-${version}" "dtb-${alt_version}"; do
++ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then
++ fdt="${i}/${GRUB_DEFAULT_DTB}"
++ break
++ fi
++ done
++
++ config=
++ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
++ if test -e "${i}" ; then
++ config="${i}"
++ break
++ fi
++ done
++
++ initramfs=
++ if test -n "${config}" ; then
++ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
++ fi
++
++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then
++ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's
++ # no initrd or builtin initramfs, it can't work here.
++ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \
++ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then
++
++ linux_root_device_thisversion=${GRUB_DEVICE}
++ else
++ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID}
++ fi
++ fi
++
++ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then
++ GRUB_DISABLE_SUBMENU="true"
++ fi
++
++ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
++ linux_entry "${OS}" "${version}" simple standard \
++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
++ linux_entry "${OS}" "${version}" simple debug \
++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
++ fi
++
++ submenu_indentation="$grub_tab"
++
++ if [ -z "$boot_device_id" ]; then
++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
++ fi
++ # TRANSLATORS: %s is replaced with an OS name
++ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
++ is_top_level=false
++ fi
++
++ linux_entry "${OS}" "${version}" advanced standard \
++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
++ linux_entry "${OS}" "${version}" advanced debug \
++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
++ fi
++
++ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
++ linux_entry "${OS}" "${version}" recovery standard \
++ "single ${GRUB_CMDLINE_LINUX}"
++ fi
++
++ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
++done
++
++# If at least one kernel was found, then we need to
++# add a closing '}' for the submenu command.
++if [ x"$is_top_level" != xtrue ]; then
++ echo '}'
++fi
++
++echo "$title_correction_code"
diff --git a/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
new file mode 100644
index 0000000..be3c867
--- /dev/null
+++ b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
@@ -0,0 +1,79 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 5 Oct 2018 16:29:47 +0200
+Subject: [PATCH] Only set kernelopts in grubenv if it wasn't set before
+
+Users may want to use a different command line parameters, so if there's
+a kernelopts var set in grubenv, grub2-mkconfig shouldn't reset it.
+
+While being there, print a warning so users know that they shouldn't edit
+the grub config file and instead edit the BootLoaderSpec config files.
+
+Resolves: rhbz#1636466
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux.in | 20 +++++++++++++++++++-
+ util/grub.d/10_linux_bls.in | 4 +++-
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 9682e97b7f5..01e66e5fc74 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -82,6 +82,20 @@ case x"$GRUB_FS" in
+ ;;
+ esac
+
++populate_header_warn()
++{
++cat <<EOF
++
++# This section was generated by a script. Do not modify the generated file - all changes
++# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
++#
++# The blscfg command parses the BootLoaderSpec files stored in /boot/loader/entries and
++# populates the boot menu. Please refer to the Boot Loader Specification documentation
++# for the files format: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/.
++
++EOF
++}
++
+ mktitle ()
+ {
+ local title_type
+@@ -141,6 +155,8 @@ linux_entry ()
+ prepare_grub_to_access_device ${boot_device} boot
+ fi
+
++ populate_header_warn
++
+ cat << EOF
+ insmod blscfg
+ blscfg
+@@ -150,7 +166,9 @@ fi
+ EOF
+
+ ${grub_editenv} - set saved_entry=0
+- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++ if ! grub2-editenv - list | grep -q kernelopts; then
++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++ fi
+
+ exit 0
+ fi
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 3cc7803c6a1..8a3379578bd 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -201,7 +201,9 @@ linux_entry ()
+ populate_menu
+
+ ${grub_editenv} - set saved_entry=0
+- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++ if ! grub2-editenv - list | grep -q kernelopts; then
++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++ fi
+
+ exit 0
+ fi
diff --git a/SOURCES/0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch b/SOURCES/0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
deleted file mode 100644
index bb1b012..0000000
--- a/SOURCES/0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
+++ /dev/null
@@ -1,485 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Wed, 3 Oct 2018 20:48:32 +0200
-Subject: [PATCH] add 10_linux_bls grub.d snippet to generate menu entries from
- BLS files
-
-This grub.d snippet can be used on platforms where the bootloader doesn't
-have BLS support and only can parse a normal grub configuration file.
-
-Portions of this script were taken from the ostree-grub-generator script
-included in the OSTree project.
-
-Resolves: rhbz#1636013
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- Makefile.util.def | 7 +
- util/grub.d/10_linux_bls.in | 440 ++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 447 insertions(+)
- create mode 100644 util/grub.d/10_linux_bls.in
-
-diff --git a/Makefile.util.def b/Makefile.util.def
-index cba4d500198..08cc98ddb8b 100644
---- a/Makefile.util.def
-+++ b/Makefile.util.def
-@@ -502,6 +502,13 @@ script = {
- condition = COND_HOST_LINUX;
- };
-
-+script = {
-+ name = '10_linux_bls';
-+ common = util/grub.d/10_linux_bls.in;
-+ installdir = grubconf;
-+ condition = COND_HOST_LINUX;
-+};
-+
- script = {
- name = '10_xnu';
- common = util/grub.d/10_xnu.in;
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-new file mode 100644
-index 00000000000..3cc7803c6a1
---- /dev/null
-+++ b/util/grub.d/10_linux_bls.in
-@@ -0,0 +1,440 @@
-+#! /bin/sh
-+set -e
-+
-+# grub-mkconfig helper script.
-+# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
-+#
-+# GRUB is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+#
-+# GRUB is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
-+
-+prefix="@prefix@"
-+exec_prefix="@exec_prefix@"
-+datarootdir="@datarootdir@"
-+
-+. "$pkgdatadir/grub-mkconfig_lib"
-+
-+export TEXTDOMAIN=@PACKAGE@
-+export TEXTDOMAINDIR="@localedir@"
-+
-+CLASS="--class gnu-linux --class gnu --class os --unrestricted"
-+
-+if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
-+ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})"
-+ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}"
-+else
-+ OS="${GRUB_DISTRIBUTOR}"
-+ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
-+fi
-+
-+# loop-AES arranges things so that /dev/loop/X can be our root device, but
-+# the initrds that Linux uses don't like that.
-+case ${GRUB_DEVICE} in
-+ /dev/loop/*|/dev/loop[0-9])
-+ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
-+ ;;
-+esac
-+
-+# Default to disabling partition uuid support to maintian compatibility with
-+# older kernels.
-+GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true}
-+
-+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
-+# and mounting btrfs requires user space scanning, so force UUID in this case.
-+if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \
-+ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
-+ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \
-+ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
-+ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \
-+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
-+ LINUX_ROOT_DEVICE=${GRUB_DEVICE}
-+elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \
-+ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then
-+ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID}
-+else
-+ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
-+fi
-+
-+case x"$GRUB_FS" in
-+ xbtrfs)
-+ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then
-+ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}"
-+ else
-+ rootsubvol="`make_system_path_relative_to_its_root /`"
-+ rootsubvol="${rootsubvol#/}"
-+ if [ "x${rootsubvol}" != x ]; then
-+ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
-+ fi
-+ fi;;
-+ xzfs)
-+ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
-+ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
-+ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}"
-+ ;;
-+esac
-+
-+mktitle ()
-+{
-+ local title_type
-+ local version
-+ local OS_NAME
-+ local OS_VERS
-+
-+ title_type=$1 && shift
-+ version=$1 && shift
-+
-+ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})"
-+ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})"
-+
-+ case $title_type in
-+ recovery)
-+ title=$(printf '%s (%s) %s (recovery mode)' \
-+ "${OS_NAME}" "${version}" "${OS_VERS}")
-+ ;;
-+ *)
-+ title=$(printf '%s (%s) %s' \
-+ "${OS_NAME}" "${version}" "${OS_VERS}")
-+ ;;
-+ esac
-+ echo -n ${title}
-+}
-+
-+title_correction_code=
-+
-+populate_header_warn()
-+{
-+cat <<EOF
-+
-+# This section was generated by a script. Do not modify the generated file - all changes
-+# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
-+
-+EOF
-+}
-+
-+read_config()
-+{
-+ config_file=${1}
-+ title=""
-+ initrd=""
-+ options=""
-+ linux=""
-+
-+ while read -r line
-+ do
-+ record=$(echo ${line} | cut -f 1 -d ' ')
-+ value=$(echo ${line} | cut -s -f2- -d ' ')
-+ case "${record}" in
-+ "title")
-+ title=${value}
-+ ;;
-+ "initrd")
-+ initrd=${value}
-+ ;;
-+ "linux")
-+ linux=${value}
-+ ;;
-+ "options")
-+ options=${value}
-+ ;;
-+ esac
-+ done < ${config_file}
-+}
-+
-+populate_menu()
-+{
-+ entries_path="/boot/loader/entries"
-+ gettext_printf "Generating boot entries from BLS files...\n" >&2
-+ for config in $(ls -v -r $entries_path/*.conf); do
-+ read_config ${config}
-+ menu="${menu}menuentry '${title}' {\n"
-+ menu="${menu}\t linux ${linux} ${options}\n"
-+ if [ -n "${initrd}" ] ; then
-+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
-+ fi
-+ menu="${menu}}\n\n"
-+ done
-+ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation
-+ printf "$menu"
-+}
-+
-+linux_entry ()
-+{
-+ os="$1"
-+ version="$2"
-+ type="$3"
-+ isdebug="$4"
-+ args="$5"
-+
-+ if [ -z "$boot_device_id" ]; then
-+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
-+ fi
-+
-+ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
-+ if [ x$dirname = x/ ]; then
-+ if [ -z "${prepare_root_cache}" ]; then
-+ prepare_grub_to_access_device ${GRUB_DEVICE}
-+ fi
-+ else
-+ if [ -z "${prepare_boot_cache}" ]; then
-+ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT}
-+ fi
-+ fi
-+
-+ if [ -d /sys/firmware/efi ]; then
-+ bootefi_device="`${grub_probe} --target=device /boot/efi/`"
-+ prepare_grub_to_access_device ${bootefi_device} boot
-+ else
-+ boot_device="`${grub_probe} --target=device /boot/`"
-+ prepare_grub_to_access_device ${boot_device} boot
-+ fi
-+
-+ populate_header_warn
-+ populate_menu
-+
-+ ${grub_editenv} - set saved_entry=0
-+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+
-+ exit 0
-+ fi
-+
-+ if [ x$type != xsimple ] ; then
-+ title=$(mktitle "$type" "$version")
-+ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
-+ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
-+ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
-+ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
-+ fi
-+ if [ x$isdebug = xdebug ]; then
-+ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}"
-+ fi
-+ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
-+ else
-+ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
-+ fi
-+ if [ x$type != xrecovery ] ; then
-+ save_default_entry | grub_add_tab
-+ fi
-+
-+ # Use ELILO's generic "efifb" when it's known to be available.
-+ # FIXME: We need an interface to select vesafb in case efifb can't be used.
-+ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
-+ echo " load_video" | sed "s/^/$submenu_indentation/"
-+ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \
-+ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then
-+ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
-+ fi
-+ else
-+ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
-+ echo " load_video" | sed "s/^/$submenu_indentation/"
-+ fi
-+ echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/"
-+ fi
-+
-+ echo " insmod gzio" | sed "s/^/$submenu_indentation/"
-+
-+ if [ x$dirname = x/ ]; then
-+ if [ -z "${prepare_root_cache}" ]; then
-+ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)"
-+ fi
-+ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/"
-+ else
-+ if [ -z "${prepare_boot_cache}" ]; then
-+ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
-+ fi
-+ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
-+ fi
-+ sed "s/^/$submenu_indentation/" << EOF
-+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
-+EOF
-+ if test -n "${initrd}" ; then
-+ initrd_path=
-+ for i in ${initrd}; do
-+ initrd_path="${initrd_path} ${rel_dirname}/${i}"
-+ done
-+ sed "s/^/$submenu_indentation/" << EOF
-+ initrd $(echo $initrd_path)
-+EOF
-+ fi
-+ if test -n "${fdt}" ; then
-+ sed "s/^/$submenu_indentation/" << EOF
-+ devicetree ${rel_dirname}/${fdt}
-+EOF
-+ fi
-+ sed "s/^/$submenu_indentation/" << EOF
-+}
-+EOF
-+}
-+
-+machine=`uname -m`
-+case "x$machine" in
-+ xi?86 | xx86_64)
-+ list=
-+ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do
-+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
-+ done ;;
-+ *)
-+ list=
-+ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do
-+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
-+ done ;;
-+esac
-+
-+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
-+ for i in /boot/ostree/*/vmlinuz-* ; do
-+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
-+ done
-+fi
-+
-+case "$machine" in
-+ i?86) GENKERNEL_ARCH="x86" ;;
-+ mips|mips64) GENKERNEL_ARCH="mips" ;;
-+ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
-+ arm*) GENKERNEL_ARCH="arm" ;;
-+ *) GENKERNEL_ARCH="$machine" ;;
-+esac
-+
-+prepare_boot_cache=
-+prepare_root_cache=
-+boot_device_id=
-+title_correction_code=
-+
-+# Extra indentation to add to menu entries in a submenu. We're not in a submenu
-+# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
-+submenu_indentation=""
-+
-+is_top_level=true
-+while [ "x$list" != "x" ] ; do
-+ linux=`version_find_latest $list`
-+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
-+ gettext_printf "Found linux image: %s\n" "$linux" >&2
-+ fi
-+
-+ basename=`basename $linux`
-+ dirname=`dirname $linux`
-+ rel_dirname=`make_system_path_relative_to_its_root $dirname`
-+ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
-+ alt_version=`echo $version | sed -e "s,\.old$,,g"`
-+ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
-+
-+ initrd_early=
-+ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \
-+ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do
-+ if test -e "${dirname}/${i}" ; then
-+ initrd_early="${initrd_early} ${i}"
-+ fi
-+ done
-+
-+ initrd_real=
-+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
-+ "initrd-${version}" "initramfs-${version}.img" \
-+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
-+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
-+ "initramfs-genkernel-${version}" \
-+ "initramfs-genkernel-${alt_version}" \
-+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
-+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
-+ if test -e "${dirname}/${i}" ; then
-+ initrd_real="${i}"
-+ break
-+ fi
-+ done
-+
-+ initrd=
-+ if test -n "${initrd_early}" || test -n "${initrd_real}"; then
-+ initrd="${initrd_early} ${initrd_real}"
-+
-+ initrd_display=
-+ for i in ${initrd}; do
-+ initrd_display="${initrd_display} ${dirname}/${i}"
-+ done
-+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
-+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
-+ fi
-+ fi
-+
-+ fdt=
-+ for i in "dtb-${version}" "dtb-${alt_version}"; do
-+ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then
-+ fdt="${i}/${GRUB_DEFAULT_DTB}"
-+ break
-+ fi
-+ done
-+
-+ config=
-+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
-+ if test -e "${i}" ; then
-+ config="${i}"
-+ break
-+ fi
-+ done
-+
-+ initramfs=
-+ if test -n "${config}" ; then
-+ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
-+ fi
-+
-+ if test -z "${initramfs}" && test -z "${initrd_real}" ; then
-+ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's
-+ # no initrd or builtin initramfs, it can't work here.
-+ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \
-+ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then
-+
-+ linux_root_device_thisversion=${GRUB_DEVICE}
-+ else
-+ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID}
-+ fi
-+ fi
-+
-+ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then
-+ GRUB_DISABLE_SUBMENU="true"
-+ fi
-+
-+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
-+ linux_entry "${OS}" "${version}" simple standard \
-+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
-+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-+ linux_entry "${OS}" "${version}" simple debug \
-+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
-+ fi
-+
-+ submenu_indentation="$grub_tab"
-+
-+ if [ -z "$boot_device_id" ]; then
-+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
-+ fi
-+ # TRANSLATORS: %s is replaced with an OS name
-+ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
-+ is_top_level=false
-+ fi
-+
-+ linux_entry "${OS}" "${version}" advanced standard \
-+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
-+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-+ linux_entry "${OS}" "${version}" advanced debug \
-+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}"
-+ fi
-+
-+ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
-+ linux_entry "${OS}" "${version}" recovery standard \
-+ "single ${GRUB_CMDLINE_LINUX}"
-+ fi
-+
-+ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
-+done
-+
-+# If at least one kernel was found, then we need to
-+# add a closing '}' for the submenu command.
-+if [ x"$is_top_level" != xtrue ]; then
-+ echo '}'
-+fi
-+
-+echo "$title_correction_code"
diff --git a/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch b/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
deleted file mode 100644
index be3c867..0000000
--- a/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 5 Oct 2018 16:29:47 +0200
-Subject: [PATCH] Only set kernelopts in grubenv if it wasn't set before
-
-Users may want to use a different command line parameters, so if there's
-a kernelopts var set in grubenv, grub2-mkconfig shouldn't reset it.
-
-While being there, print a warning so users know that they shouldn't edit
-the grub config file and instead edit the BootLoaderSpec config files.
-
-Resolves: rhbz#1636466
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux.in | 20 +++++++++++++++++++-
- util/grub.d/10_linux_bls.in | 4 +++-
- 2 files changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index 9682e97b7f5..01e66e5fc74 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -82,6 +82,20 @@ case x"$GRUB_FS" in
- ;;
- esac
-
-+populate_header_warn()
-+{
-+cat <<EOF
-+
-+# This section was generated by a script. Do not modify the generated file - all changes
-+# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
-+#
-+# The blscfg command parses the BootLoaderSpec files stored in /boot/loader/entries and
-+# populates the boot menu. Please refer to the Boot Loader Specification documentation
-+# for the files format: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/.
-+
-+EOF
-+}
-+
- mktitle ()
- {
- local title_type
-@@ -141,6 +155,8 @@ linux_entry ()
- prepare_grub_to_access_device ${boot_device} boot
- fi
-
-+ populate_header_warn
-+
- cat << EOF
- insmod blscfg
- blscfg
-@@ -150,7 +166,9 @@ fi
- EOF
-
- ${grub_editenv} - set saved_entry=0
-- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+ if ! grub2-editenv - list | grep -q kernelopts; then
-+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+ fi
-
- exit 0
- fi
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 3cc7803c6a1..8a3379578bd 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -201,7 +201,9 @@ linux_entry ()
- populate_menu
-
- ${grub_editenv} - set saved_entry=0
-- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+ if ! grub2-editenv - list | grep -q kernelopts; then
-+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+ fi
-
- exit 0
- fi
diff --git a/SOURCES/0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch b/SOURCES/0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
new file mode 100644
index 0000000..59adb84
--- /dev/null
+++ b/SOURCES/0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 11 Oct 2018 15:30:13 -0400
+Subject: [PATCH] blscfg: don't include ".conf" at the end of our "id".
+
+Related: rhbz#1638117
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/commands/blscfg.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index bec5a9ffe3e..3847572dabd 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -575,6 +575,7 @@ static void create_entry (struct bls_entry *entry)
+ char **initrds = NULL;
+ char *initrd = NULL;
+ char *id = entry->filename;
++ char *dotconf = id;
+ char *hotkey = NULL;
+
+ char *users = NULL;
+@@ -593,6 +594,16 @@ static void create_entry (struct bls_entry *entry)
+ goto finish;
+ }
+
++ /*
++ * strip the ".conf" off the end before we make it our "id" field.
++ */
++ do
++ {
++ dotconf = grub_strstr(dotconf, ".conf");
++ } while (dotconf != NULL && dotconf[5] != '\0');
++ if (dotconf)
++ dotconf[0] = '\0';
++
+ title = bls_get_val (entry, "title", NULL);
+ options = expand_val (bls_get_val (entry, "options", NULL));
+ initrds = bls_make_list (entry, "initrd", NULL);
diff --git a/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch b/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
deleted file mode 100644
index 59adb84..0000000
--- a/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 11 Oct 2018 15:30:13 -0400
-Subject: [PATCH] blscfg: don't include ".conf" at the end of our "id".
-
-Related: rhbz#1638117
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/commands/blscfg.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index bec5a9ffe3e..3847572dabd 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -575,6 +575,7 @@ static void create_entry (struct bls_entry *entry)
- char **initrds = NULL;
- char *initrd = NULL;
- char *id = entry->filename;
-+ char *dotconf = id;
- char *hotkey = NULL;
-
- char *users = NULL;
-@@ -593,6 +594,16 @@ static void create_entry (struct bls_entry *entry)
- goto finish;
- }
-
-+ /*
-+ * strip the ".conf" off the end before we make it our "id" field.
-+ */
-+ do
-+ {
-+ dotconf = grub_strstr(dotconf, ".conf");
-+ } while (dotconf != NULL && dotconf[5] != '\0');
-+ if (dotconf)
-+ dotconf[0] = '\0';
-+
- title = bls_get_val (entry, "title", NULL);
- options = expand_val (bls_get_val (entry, "options", NULL));
- initrds = bls_make_list (entry, "initrd", NULL);
diff --git a/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch
new file mode 100644
index 0000000..2471e5f
--- /dev/null
+++ b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 11 Oct 2018 15:31:04 -0400
+Subject: [PATCH] grub-get-kernel-settings: expose some more config variables
+
+This exposes MAKEDEFAULT as GRUB_UPDATE_DEFAULT_KERNEL and DEFAULTDEBUG as
+GRUB_DEFAULT_TO_DEBUG
+
+Related: rhbz#1638117
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ util/grub-get-kernel-settings.in | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
+index 12046219878..7e87dfccc0e 100644
+--- a/util/grub-get-kernel-settings.in
++++ b/util/grub-get-kernel-settings.in
+@@ -76,3 +76,13 @@ if [ "$MAKEDEBUG" = "yes" ]; then
+ echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\"
+ echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX
+ fi
++if [ "$DEFAULTDEBUG" = "yes" ]; then
++ echo GRUB_DEFAULT_TO_DEBUG=true
++else
++ echo GRUB_DEFAULT_TO_DEBUG=false
++fi
++echo export GRUB_DEFAULT_TO_DEBUG
++if [ "$UPDATEDEFAULT" = "yes" ]; then
++ echo GRUB_UPDATE_DEFAULT_KERNEL=true
++ echo export GRUB_UPDATE_DEFAULT_KERNEL
++fi
diff --git a/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch
new file mode 100644
index 0000000..f1d848c
--- /dev/null
+++ b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch
@@ -0,0 +1,161 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Oct 2018 15:08:33 -0400
+Subject: [PATCH] blscfg: sort everything with rpm *package* comparison
+
+This makes comparisons use the n-v-r tuple, and compare name with name,
+version with version, and release with release.
+
+Related: rhbz#1638103
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/commands/blscfg.c | 118 ++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 108 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 3847572dabd..347128c9ddd 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -206,7 +206,7 @@ static int vercmp(const char * a, const char * b)
+ int isnum;
+ int ret = 0;
+
+- grub_dprintf("blscfg", "%s got here\n", __func__);
++ grub_dprintf("blscfg", "%s got here\n", __func__);
+ if (!grub_strcmp(a, b))
+ return 0;
+
+@@ -315,6 +315,81 @@ finish:
+ return ret;
+ }
+
++/* returns name/version/release */
++/* NULL string pointer returned if nothing found */
++static void
++split_package_string (char *package_string, char **name,
++ char **version, char **release)
++{
++ char *package_version, *package_release;
++
++ /* Release */
++ package_release = grub_strrchr (package_string, '-');
++
++ if (package_release != NULL)
++ *package_release++ = '\0';
++
++ *release = package_release;
++
++ if (name == NULL)
++ {
++ *version = package_string;
++ }
++ else
++ {
++ /* Version */
++ package_version = grub_strrchr(package_string, '-');
++
++ if (package_version != NULL)
++ *package_version++ = '\0';
++
++ *version = package_version;
++ /* Name */
++ *name = package_string;
++ }
++
++ /* Bubble up non-null values from release to name */
++ if (name != NULL && *name == NULL)
++ {
++ *name = (*version == NULL ? *release : *version);
++ *version = *release;
++ *release = NULL;
++ }
++ if (*version == NULL)
++ {
++ *version = *release;
++ *release = NULL;
++ }
++}
++
++static int
++split_cmp(char *nvr0, char *nvr1, int has_name)
++{
++ int ret = 0;
++ char *name0, *version0, *release0;
++ char *name1, *version1, *release1;
++
++ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0);
++ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1);
++
++ if (has_name)
++ {
++ ret = vercmp(name0 == NULL ? "" : name0,
++ name1 == NULL ? "" : name1);
++ if (ret != 0)
++ return ret;
++ }
++
++ ret = vercmp(version0 == NULL ? "" : version0,
++ version1 == NULL ? "" : version1);
++ if (ret != 0)
++ return ret;
++
++ ret = vercmp(release0 == NULL ? "" : release0,
++ release1 == NULL ? "" : release1);
++ return ret;
++}
++
+ /* return 1: p0 is newer than p1 */
+ /* 0: p0 and p1 are the same version */
+ /* -1: p1 is newer than p0 */
+@@ -323,18 +398,41 @@ static int bls_cmp(const void *p0, const void *p1, void *state)
+ struct bls_entry * e0 = *(struct bls_entry **)p0;
+ struct bls_entry * e1 = *(struct bls_entry **)p1;
+ bool use_version = *(bool *)state;
+- const char *v0, *v1;
+- int r;
++ char *v0, *v1;
++ char *id0, *id1;
++ int l, r;
+
+- if (use_version) {
+- v0 = bls_get_val(e0, "version", NULL);
+- v1 = bls_get_val(e1, "version", NULL);
++ if (use_version)
++ {
++ v0 = grub_strdup(bls_get_val(e0, "version", NULL));
++ v1 = grub_strdup(bls_get_val(e1, "version", NULL));
+
+- if ((r = vercmp(v0, v1)) != 0)
+- return r;
+- }
++ r = split_cmp(v0, v1, 0);
+
+- return vercmp(e0->filename, e1->filename);
++ grub_free(v0);
++ grub_free(v1);
++
++ if (r != 0)
++ return r;
++ }
++
++ id0 = grub_strdup(e0->filename);
++ id1 = grub_strdup(e1->filename);
++
++ l = grub_strlen(id0);
++ if (l > 5 && grub_strcmp(id0 + l - 5, ".conf"))
++ id0[l-5] = '\0';
++
++ l = grub_strlen(id1);
++ if (l > 5 && grub_strcmp(id1 + l - 5, ".conf"))
++ id1[l-5] = '\0';
++
++ r = split_cmp(id0, id1, 1);
++
++ grub_free(id0);
++ grub_free(id1);
++
++ return r;
+ }
+
+ struct read_entry_info {
diff --git a/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch b/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch
deleted file mode 100644
index 2471e5f..0000000
--- a/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 11 Oct 2018 15:31:04 -0400
-Subject: [PATCH] grub-get-kernel-settings: expose some more config variables
-
-This exposes MAKEDEFAULT as GRUB_UPDATE_DEFAULT_KERNEL and DEFAULTDEBUG as
-GRUB_DEFAULT_TO_DEBUG
-
-Related: rhbz#1638117
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- util/grub-get-kernel-settings.in | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
-index 12046219878..7e87dfccc0e 100644
---- a/util/grub-get-kernel-settings.in
-+++ b/util/grub-get-kernel-settings.in
-@@ -76,3 +76,13 @@ if [ "$MAKEDEBUG" = "yes" ]; then
- echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\"
- echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX
- fi
-+if [ "$DEFAULTDEBUG" = "yes" ]; then
-+ echo GRUB_DEFAULT_TO_DEBUG=true
-+else
-+ echo GRUB_DEFAULT_TO_DEBUG=false
-+fi
-+echo export GRUB_DEFAULT_TO_DEBUG
-+if [ "$UPDATEDEFAULT" = "yes" ]; then
-+ echo GRUB_UPDATE_DEFAULT_KERNEL=true
-+ echo export GRUB_UPDATE_DEFAULT_KERNEL
-+fi
diff --git a/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
new file mode 100644
index 0000000..f23cd47
--- /dev/null
+++ b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 16 Oct 2018 15:48:15 +0200
+Subject: [PATCH] 10_linux_bls: use grub2-rpm-sort instead of ls -vr to sort
+ entries
+
+Using ls -vr is wrong since it's not the same than the RPM sort algorithm.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux_bls.in | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 8a3379578bd..1bc97f29898 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -151,10 +151,22 @@ read_config()
+
+ populate_menu()
+ {
+- entries_path="/boot/loader/entries"
++ blsdir="/boot/loader/entries"
++ local -a files
++ local IFS=$'\n'
+ gettext_printf "Generating boot entries from BLS files...\n" >&2
+- for config in $(ls -v -r $entries_path/*.conf); do
+- read_config ${config}
++
++ files=($(for bls in ${blsdir}/*.conf ; do
++ if ! [[ -e "${bls}" ]] ; then
++ continue
++ fi
++ bls="${bls%.conf}"
++ bls="${bls##*/}"
++ echo "${bls}"
++ done | ${kernel_sort} | tac)) || :
++
++ for bls in "${files[@]}" ; do
++ read_config "${blsdir}/${bls}.conf"
+ menu="${menu}menuentry '${title}' {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
diff --git a/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch b/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch
deleted file mode 100644
index f1d848c..0000000
--- a/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 15 Oct 2018 15:08:33 -0400
-Subject: [PATCH] blscfg: sort everything with rpm *package* comparison
-
-This makes comparisons use the n-v-r tuple, and compare name with name,
-version with version, and release with release.
-
-Related: rhbz#1638103
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/commands/blscfg.c | 118 ++++++++++++++++++++++++++++++++++++++++----
- 1 file changed, 108 insertions(+), 10 deletions(-)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index 3847572dabd..347128c9ddd 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -206,7 +206,7 @@ static int vercmp(const char * a, const char * b)
- int isnum;
- int ret = 0;
-
-- grub_dprintf("blscfg", "%s got here\n", __func__);
-+ grub_dprintf("blscfg", "%s got here\n", __func__);
- if (!grub_strcmp(a, b))
- return 0;
-
-@@ -315,6 +315,81 @@ finish:
- return ret;
- }
-
-+/* returns name/version/release */
-+/* NULL string pointer returned if nothing found */
-+static void
-+split_package_string (char *package_string, char **name,
-+ char **version, char **release)
-+{
-+ char *package_version, *package_release;
-+
-+ /* Release */
-+ package_release = grub_strrchr (package_string, '-');
-+
-+ if (package_release != NULL)
-+ *package_release++ = '\0';
-+
-+ *release = package_release;
-+
-+ if (name == NULL)
-+ {
-+ *version = package_string;
-+ }
-+ else
-+ {
-+ /* Version */
-+ package_version = grub_strrchr(package_string, '-');
-+
-+ if (package_version != NULL)
-+ *package_version++ = '\0';
-+
-+ *version = package_version;
-+ /* Name */
-+ *name = package_string;
-+ }
-+
-+ /* Bubble up non-null values from release to name */
-+ if (name != NULL && *name == NULL)
-+ {
-+ *name = (*version == NULL ? *release : *version);
-+ *version = *release;
-+ *release = NULL;
-+ }
-+ if (*version == NULL)
-+ {
-+ *version = *release;
-+ *release = NULL;
-+ }
-+}
-+
-+static int
-+split_cmp(char *nvr0, char *nvr1, int has_name)
-+{
-+ int ret = 0;
-+ char *name0, *version0, *release0;
-+ char *name1, *version1, *release1;
-+
-+ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0);
-+ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1);
-+
-+ if (has_name)
-+ {
-+ ret = vercmp(name0 == NULL ? "" : name0,
-+ name1 == NULL ? "" : name1);
-+ if (ret != 0)
-+ return ret;
-+ }
-+
-+ ret = vercmp(version0 == NULL ? "" : version0,
-+ version1 == NULL ? "" : version1);
-+ if (ret != 0)
-+ return ret;
-+
-+ ret = vercmp(release0 == NULL ? "" : release0,
-+ release1 == NULL ? "" : release1);
-+ return ret;
-+}
-+
- /* return 1: p0 is newer than p1 */
- /* 0: p0 and p1 are the same version */
- /* -1: p1 is newer than p0 */
-@@ -323,18 +398,41 @@ static int bls_cmp(const void *p0, const void *p1, void *state)
- struct bls_entry * e0 = *(struct bls_entry **)p0;
- struct bls_entry * e1 = *(struct bls_entry **)p1;
- bool use_version = *(bool *)state;
-- const char *v0, *v1;
-- int r;
-+ char *v0, *v1;
-+ char *id0, *id1;
-+ int l, r;
-
-- if (use_version) {
-- v0 = bls_get_val(e0, "version", NULL);
-- v1 = bls_get_val(e1, "version", NULL);
-+ if (use_version)
-+ {
-+ v0 = grub_strdup(bls_get_val(e0, "version", NULL));
-+ v1 = grub_strdup(bls_get_val(e1, "version", NULL));
-
-- if ((r = vercmp(v0, v1)) != 0)
-- return r;
-- }
-+ r = split_cmp(v0, v1, 0);
-
-- return vercmp(e0->filename, e1->filename);
-+ grub_free(v0);
-+ grub_free(v1);
-+
-+ if (r != 0)
-+ return r;
-+ }
-+
-+ id0 = grub_strdup(e0->filename);
-+ id1 = grub_strdup(e1->filename);
-+
-+ l = grub_strlen(id0);
-+ if (l > 5 && grub_strcmp(id0 + l - 5, ".conf"))
-+ id0[l-5] = '\0';
-+
-+ l = grub_strlen(id1);
-+ if (l > 5 && grub_strcmp(id1 + l - 5, ".conf"))
-+ id1[l-5] = '\0';
-+
-+ r = split_cmp(id0, id1, 1);
-+
-+ grub_free(id0);
-+ grub_free(id1);
-+
-+ return r;
- }
-
- struct read_entry_info {
diff --git a/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch b/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
deleted file mode 100644
index f23cd47..0000000
--- a/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 16 Oct 2018 15:48:15 +0200
-Subject: [PATCH] 10_linux_bls: use grub2-rpm-sort instead of ls -vr to sort
- entries
-
-Using ls -vr is wrong since it's not the same than the RPM sort algorithm.
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux_bls.in | 18 +++++++++++++++---
- 1 file changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 8a3379578bd..1bc97f29898 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -151,10 +151,22 @@ read_config()
-
- populate_menu()
- {
-- entries_path="/boot/loader/entries"
-+ blsdir="/boot/loader/entries"
-+ local -a files
-+ local IFS=$'\n'
- gettext_printf "Generating boot entries from BLS files...\n" >&2
-- for config in $(ls -v -r $entries_path/*.conf); do
-- read_config ${config}
-+
-+ files=($(for bls in ${blsdir}/*.conf ; do
-+ if ! [[ -e "${bls}" ]] ; then
-+ continue
-+ fi
-+ bls="${bls%.conf}"
-+ bls="${bls##*/}"
-+ echo "${bls}"
-+ done | ${kernel_sort} | tac)) || :
-+
-+ for bls in "${files[@]}" ; do
-+ read_config "${blsdir}/${bls}.conf"
- menu="${menu}menuentry '${title}' {\n"
- menu="${menu}\t linux ${linux} ${options}\n"
- if [ -n "${initrd}" ] ; then
diff --git a/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch
new file mode 100644
index 0000000..8e3ea47
--- /dev/null
+++ b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch
@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 19 Oct 2018 14:42:41 +0200
+Subject: [PATCH] don't set saved_entry on grub2-mkconfig
+
+The original plan was for grub2 to rely on the BLS sort criteria to choose
+the default entry to boot, to avoid modifying any files when a new kernel
+was installed. But that was changed and now 20-grub.install changes the
+default, so 10_linux{,bls} shouldn't overwrite this.
+
+Resolves: rhbz#1636466
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux.in | 1 -
+ util/grub.d/10_linux_bls.in | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 01e66e5fc74..b54d2774a7d 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -165,7 +165,6 @@ if [ -s \$prefix/grubenv ]; then
+ fi
+ EOF
+
+- ${grub_editenv} - set saved_entry=0
+ if ! grub2-editenv - list | grep -q kernelopts; then
+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+ fi
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 1bc97f29898..8745e598d0e 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -212,7 +212,6 @@ linux_entry ()
+ populate_header_warn
+ populate_menu
+
+- ${grub_editenv} - set saved_entry=0
+ if ! grub2-editenv - list | grep -q kernelopts; then
+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+ fi
diff --git a/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch b/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch
deleted file mode 100644
index 8e3ea47..0000000
--- a/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 19 Oct 2018 14:42:41 +0200
-Subject: [PATCH] don't set saved_entry on grub2-mkconfig
-
-The original plan was for grub2 to rely on the BLS sort criteria to choose
-the default entry to boot, to avoid modifying any files when a new kernel
-was installed. But that was changed and now 20-grub.install changes the
-default, so 10_linux{,bls} shouldn't overwrite this.
-
-Resolves: rhbz#1636466
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux.in | 1 -
- util/grub.d/10_linux_bls.in | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index 01e66e5fc74..b54d2774a7d 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -165,7 +165,6 @@ if [ -s \$prefix/grubenv ]; then
- fi
- EOF
-
-- ${grub_editenv} - set saved_entry=0
- if ! grub2-editenv - list | grep -q kernelopts; then
- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
- fi
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 1bc97f29898..8745e598d0e 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -212,7 +212,6 @@ linux_entry ()
- populate_header_warn
- populate_menu
-
-- ${grub_editenv} - set saved_entry=0
- if ! grub2-editenv - list | grep -q kernelopts; then
- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
- fi
diff --git a/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
new file mode 100644
index 0000000..9256c23
--- /dev/null
+++ b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 19 Oct 2018 18:48:27 +0200
+Subject: [PATCH] grub-switch-to-blscfg: use ~debug instead of -debug as suffix
+ to sort correctly
+
+For the debug BLS entries a -debug suffix was added so they are sorted after
+the kernel entries, but that only works with version sort and not rpm sort.
+
+So instead use ~debug prefix so rpm sort algorithm could sort it correctly.
+
+Related: rhbz#1638103
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub-switch-to-blscfg.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
+index 1c6bd1882a7..60cd6ca63cc 100644
+--- a/util/grub-switch-to-blscfg.in
++++ b/util/grub-switch-to-blscfg.in
+@@ -250,7 +250,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
+ fi
+
+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")"
++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
+ cp -aT "${bls_target}" "${bls_debug}"
+ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
+ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
diff --git a/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch
new file mode 100644
index 0000000..9a05606
--- /dev/null
+++ b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch
@@ -0,0 +1,175 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Oct 2018 10:03:28 -0400
+Subject: [PATCH] Make blscfg debug messages more useful
+
+Related: rhbz#1640979
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/commands/blscfg.c | 12 +++++-------
+ grub-core/commands/legacycfg.c | 4 ++--
+ grub-core/commands/menuentry.c | 18 ++++++++++++++----
+ include/grub/normal.h | 2 +-
+ 4 files changed, 22 insertions(+), 14 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 347128c9ddd..42892cbfd55 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -46,8 +46,6 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define GRUB_BOOT_DEVICE "($root)"
+ #endif
+
+-#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); })
+-
+ struct keyval
+ {
+ const char *key;
+@@ -134,7 +132,7 @@ static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
+ kv->val = v;
+
+ entry->keyvals[entry->nkeyvals] = kv;
+- grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v);
++ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v);
+ entry->nkeyvals = new_n;
+
+ return 0;
+@@ -144,7 +142,6 @@ static void bls_free_entry(struct bls_entry *entry)
+ {
+ int i;
+
+- grub_dprintf("blscfg", "%s got here\n", __func__);
+ for (i = 0; i < entry->nkeyvals; i++)
+ {
+ struct keyval *kv = entry->keyvals[i];
+@@ -206,7 +203,7 @@ static int vercmp(const char * a, const char * b)
+ int isnum;
+ int ret = 0;
+
+- grub_dprintf("blscfg", "%s got here\n", __func__);
++ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b);
+ if (!grub_strcmp(a, b))
+ return 0;
+
+@@ -682,7 +679,7 @@ static void create_entry (struct bls_entry *entry)
+ char **args = NULL;
+
+ char *src = NULL;
+- int i;
++ int i, index;
+
+ grub_dprintf("blscfg", "%s got here\n", __func__);
+ clinux = bls_get_val (entry, "linux", NULL);
+@@ -756,7 +753,8 @@ static void create_entry (struct bls_entry *entry)
+ GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
+ initrd ? initrd : "");
+
+- grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0);
++ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index);
++ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id);
+
+ finish:
+ grub_free (initrd);
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index b32f3c74cb1..f9d7627bdc3 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -133,7 +133,7 @@ legacy_file (const char *filename)
+ args[0] = oldname;
+ grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
+ NULL, NULL,
+- entrysrc, 0);
++ entrysrc, 0, NULL);
+ grub_free (args);
+ entrysrc[0] = 0;
+ grub_free (oldname);
+@@ -186,7 +186,7 @@ legacy_file (const char *filename)
+ }
+ args[0] = entryname;
+ grub_normal_add_menu_entry (1, args, NULL, NULL, NULL,
+- NULL, NULL, entrysrc, 0);
++ NULL, NULL, entrysrc, 0, NULL);
+ grub_free (args);
+ }
+
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 2c5363da7f5..8d242b0187e 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ char **classes, const char *id,
+ const char *users, const char *hotkey,
+ const char *prefix, const char *sourcecode,
+- int submenu)
++ int submenu, int *index)
+ {
+ int menu_hotkey = 0;
+ char **menu_args = NULL;
+@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ if (! menu_title)
+ goto fail;
+
++ grub_dprintf ("menu", "id:\"%s\"\n", id);
++ grub_dprintf ("menu", "title:\"%s\"\n", menu_title);
+ menu_id = grub_strdup (id ? : menu_title);
+ if (! menu_id)
+ goto fail;
++ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id);
+
+ /* Save argc, args to pass as parameters to block arg later. */
+ menu_args = grub_malloc (sizeof (char*) * (argc + 1));
+@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ }
+
+ /* Add the menu entry at the end of the list. */
++ int ind=0;
+ while (*last)
+- last = &(*last)->next;
++ {
++ ind++;
++ last = &(*last)->next;
++ }
+
+ *last = grub_zalloc (sizeof (**last));
+ if (! *last)
+@@ -190,6 +197,8 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ (*last)->submenu = submenu;
+
+ menu->size++;
++ if (index)
++ *index = ind;
+ return GRUB_ERR_NONE;
+
+ fail:
+@@ -286,7 +295,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
+ users,
+ ctxt->state[2].arg, 0,
+ ctxt->state[3].arg,
+- ctxt->extcmd->cmd->name[0] == 's');
++ ctxt->extcmd->cmd->name[0] == 's',
++ NULL);
+
+ src = args[argc - 1];
+ args[argc - 1] = NULL;
+@@ -303,7 +313,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
+ ctxt->state[0].args, ctxt->state[4].arg,
+ users,
+ ctxt->state[2].arg, prefix, src + 1,
+- ctxt->extcmd->cmd->name[0] == 's');
++ ctxt->extcmd->cmd->name[0] == 's', NULL);
+
+ src[len - 1] = ch;
+ args[argc - 1] = src;
+diff --git a/include/grub/normal.h b/include/grub/normal.h
+index 218cbabccaf..cb9901f41b3 100644
+--- a/include/grub/normal.h
++++ b/include/grub/normal.h
+@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes,
+ const char *id,
+ const char *users, const char *hotkey,
+ const char *prefix, const char *sourcecode,
+- int submenu);
++ int submenu, int *index);
+
+ grub_err_t
+ grub_normal_set_password (const char *user, const char *password);
diff --git a/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch b/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
deleted file mode 100644
index 9256c23..0000000
--- a/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 19 Oct 2018 18:48:27 +0200
-Subject: [PATCH] grub-switch-to-blscfg: use ~debug instead of -debug as suffix
- to sort correctly
-
-For the debug BLS entries a -debug suffix was added so they are sorted after
-the kernel entries, but that only works with version sort and not rpm sort.
-
-So instead use ~debug prefix so rpm sort algorithm could sort it correctly.
-
-Related: rhbz#1638103
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub-switch-to-blscfg.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
-index 1c6bd1882a7..60cd6ca63cc 100644
---- a/util/grub-switch-to-blscfg.in
-+++ b/util/grub-switch-to-blscfg.in
-@@ -250,7 +250,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
- fi
-
- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")"
-+ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
- cp -aT "${bls_target}" "${bls_debug}"
- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
diff --git a/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch b/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch
deleted file mode 100644
index 9a05606..0000000
--- a/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 19 Oct 2018 10:03:28 -0400
-Subject: [PATCH] Make blscfg debug messages more useful
-
-Related: rhbz#1640979
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/commands/blscfg.c | 12 +++++-------
- grub-core/commands/legacycfg.c | 4 ++--
- grub-core/commands/menuentry.c | 18 ++++++++++++++----
- include/grub/normal.h | 2 +-
- 4 files changed, 22 insertions(+), 14 deletions(-)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index 347128c9ddd..42892cbfd55 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -46,8 +46,6 @@ GRUB_MOD_LICENSE ("GPLv3+");
- #define GRUB_BOOT_DEVICE "($root)"
- #endif
-
--#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); })
--
- struct keyval
- {
- const char *key;
-@@ -134,7 +132,7 @@ static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
- kv->val = v;
-
- entry->keyvals[entry->nkeyvals] = kv;
-- grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v);
-+ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v);
- entry->nkeyvals = new_n;
-
- return 0;
-@@ -144,7 +142,6 @@ static void bls_free_entry(struct bls_entry *entry)
- {
- int i;
-
-- grub_dprintf("blscfg", "%s got here\n", __func__);
- for (i = 0; i < entry->nkeyvals; i++)
- {
- struct keyval *kv = entry->keyvals[i];
-@@ -206,7 +203,7 @@ static int vercmp(const char * a, const char * b)
- int isnum;
- int ret = 0;
-
-- grub_dprintf("blscfg", "%s got here\n", __func__);
-+ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b);
- if (!grub_strcmp(a, b))
- return 0;
-
-@@ -682,7 +679,7 @@ static void create_entry (struct bls_entry *entry)
- char **args = NULL;
-
- char *src = NULL;
-- int i;
-+ int i, index;
-
- grub_dprintf("blscfg", "%s got here\n", __func__);
- clinux = bls_get_val (entry, "linux", NULL);
-@@ -756,7 +753,8 @@ static void create_entry (struct bls_entry *entry)
- GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
- initrd ? initrd : "");
-
-- grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0);
-+ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index);
-+ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id);
-
- finish:
- grub_free (initrd);
-diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
-index b32f3c74cb1..f9d7627bdc3 100644
---- a/grub-core/commands/legacycfg.c
-+++ b/grub-core/commands/legacycfg.c
-@@ -133,7 +133,7 @@ legacy_file (const char *filename)
- args[0] = oldname;
- grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
- NULL, NULL,
-- entrysrc, 0);
-+ entrysrc, 0, NULL);
- grub_free (args);
- entrysrc[0] = 0;
- grub_free (oldname);
-@@ -186,7 +186,7 @@ legacy_file (const char *filename)
- }
- args[0] = entryname;
- grub_normal_add_menu_entry (1, args, NULL, NULL, NULL,
-- NULL, NULL, entrysrc, 0);
-+ NULL, NULL, entrysrc, 0, NULL);
- grub_free (args);
- }
-
-diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
-index 2c5363da7f5..8d242b0187e 100644
---- a/grub-core/commands/menuentry.c
-+++ b/grub-core/commands/menuentry.c
-@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
- char **classes, const char *id,
- const char *users, const char *hotkey,
- const char *prefix, const char *sourcecode,
-- int submenu)
-+ int submenu, int *index)
- {
- int menu_hotkey = 0;
- char **menu_args = NULL;
-@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
- if (! menu_title)
- goto fail;
-
-+ grub_dprintf ("menu", "id:\"%s\"\n", id);
-+ grub_dprintf ("menu", "title:\"%s\"\n", menu_title);
- menu_id = grub_strdup (id ? : menu_title);
- if (! menu_id)
- goto fail;
-+ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id);
-
- /* Save argc, args to pass as parameters to block arg later. */
- menu_args = grub_malloc (sizeof (char*) * (argc + 1));
-@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
- }
-
- /* Add the menu entry at the end of the list. */
-+ int ind=0;
- while (*last)
-- last = &(*last)->next;
-+ {
-+ ind++;
-+ last = &(*last)->next;
-+ }
-
- *last = grub_zalloc (sizeof (**last));
- if (! *last)
-@@ -190,6 +197,8 @@ grub_normal_add_menu_entry (int argc, const char **args,
- (*last)->submenu = submenu;
-
- menu->size++;
-+ if (index)
-+ *index = ind;
- return GRUB_ERR_NONE;
-
- fail:
-@@ -286,7 +295,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
- users,
- ctxt->state[2].arg, 0,
- ctxt->state[3].arg,
-- ctxt->extcmd->cmd->name[0] == 's');
-+ ctxt->extcmd->cmd->name[0] == 's',
-+ NULL);
-
- src = args[argc - 1];
- args[argc - 1] = NULL;
-@@ -303,7 +313,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
- ctxt->state[0].args, ctxt->state[4].arg,
- users,
- ctxt->state[2].arg, prefix, src + 1,
-- ctxt->extcmd->cmd->name[0] == 's');
-+ ctxt->extcmd->cmd->name[0] == 's', NULL);
-
- src[len - 1] = ch;
- args[argc - 1] = src;
-diff --git a/include/grub/normal.h b/include/grub/normal.h
-index 218cbabccaf..cb9901f41b3 100644
---- a/include/grub/normal.h
-+++ b/include/grub/normal.h
-@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes,
- const char *id,
- const char *users, const char *hotkey,
- const char *prefix, const char *sourcecode,
-- int submenu);
-+ int submenu, int *index);
-
- grub_err_t
- grub_normal_set_password (const char *user, const char *password);
diff --git a/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
new file mode 100644
index 0000000..99787bd
--- /dev/null
+++ b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
@@ -0,0 +1,391 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Oct 2018 13:41:48 -0400
+Subject: [PATCH] Make grub_strtoul "end" pointer have the right
+ constification.
+
+Related: rhbz#1640979
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/kern/fs.c | 2 +-
+ grub-core/kern/misc.c | 8 ++++----
+ grub-core/kern/partition.c | 2 +-
+ grub-core/lib/legacy_parse.c | 2 +-
+ grub-core/lib/syslinux_parse.c | 6 +++---
+ grub-core/loader/i386/xen_fileXX.c | 2 +-
+ grub-core/net/efi/ip4_config.c | 2 +-
+ grub-core/net/efi/ip6_config.c | 2 +-
+ grub-core/net/efi/net.c | 4 ++--
+ grub-core/net/efi/pxe.c | 6 +++---
+ grub-core/net/http.c | 4 ++--
+ grub-core/net/net.c | 8 ++++----
+ grub-core/net/url.c | 2 +-
+ grub-core/script/execute.c | 6 +++---
+ grub-core/term/serial.c | 2 +-
+ grub-core/term/terminfo.c | 2 +-
+ grub-core/tests/strtoull_test.c | 2 +-
+ include/grub/misc.h | 6 +++---
+ 18 files changed, 34 insertions(+), 34 deletions(-)
+
+diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
+index 9085895b6fe..1bd748be83b 100644
+--- a/grub-core/kern/fs.c
++++ b/grub-core/kern/fs.c
+@@ -134,7 +134,7 @@ struct grub_fs_block
+ static grub_err_t
+ grub_fs_blocklist_open (grub_file_t file, const char *name)
+ {
+- char *p = (char *) name;
++ const char *p = name;
+ unsigned num = 0;
+ unsigned i;
+ grub_disk_t disk = file->device->disk;
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index 5c3899f0e5b..aaae9aa0ab7 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -383,7 +383,7 @@ grub_isspace (int c)
+ }
+
+ unsigned long
+-grub_strtoul (const char *str, char **end, int base)
++grub_strtoul (const char *str, const char ** const end, int base)
+ {
+ unsigned long long num;
+
+@@ -400,7 +400,7 @@ grub_strtoul (const char *str, char **end, int base)
+ }
+
+ unsigned long long
+-grub_strtoull (const char *str, char **end, int base)
++grub_strtoull (const char *str, const char ** const end, int base)
+ {
+ unsigned long long num = 0;
+ int found = 0;
+@@ -901,14 +901,14 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0,
+ {
+ if (fmt[0] == '0')
+ zerofill = '0';
+- format1 = grub_strtoul (fmt, (char **) &fmt, 10);
++ format1 = grub_strtoul (fmt, &fmt, 10);
+ }
+
+ if (*fmt == '.')
+ fmt++;
+
+ if (grub_isdigit (*fmt))
+- format2 = grub_strtoul (fmt, (char **) &fmt, 10);
++ format2 = grub_strtoul (fmt, &fmt, 10);
+
+ if (*fmt == '$')
+ {
+diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
+index e499147cbcb..2c401b866c4 100644
+--- a/grub-core/kern/partition.c
++++ b/grub-core/kern/partition.c
+@@ -126,7 +126,7 @@ grub_partition_probe (struct grub_disk *disk, const char *str)
+ while (*ptr && grub_isalpha (*ptr))
+ ptr++;
+ partname_end = ptr;
+- num = grub_strtoul (ptr, (char **) &ptr, 0) - 1;
++ num = grub_strtoul (ptr, &ptr, 0) - 1;
+
+ curpart = 0;
+ /* Use the first partition map type found. */
+diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c
+index ef56150ac77..05719ab2ccb 100644
+--- a/grub-core/lib/legacy_parse.c
++++ b/grub-core/lib/legacy_parse.c
+@@ -418,7 +418,7 @@ adjust_file (const char *in, grub_size_t len)
+ }
+ if (*comma != ',')
+ return grub_legacy_escape (in, len);
+- part = grub_strtoull (comma + 1, (char **) &rest, 0);
++ part = grub_strtoull (comma + 1, &rest, 0);
+ if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z')
+ {
+ subpart = rest[1] - 'a';
+diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c
+index 28ba3aef0bb..21ca040ada7 100644
+--- a/grub-core/lib/syslinux_parse.c
++++ b/grub-core/lib/syslinux_parse.c
+@@ -1058,7 +1058,7 @@ write_entry (struct output_buffer *outbuf,
+ if (ptr[0] == 'h' && ptr[1] == 'd')
+ {
+ is_fd = 0;
+- devn = grub_strtoul (ptr + 2, &ptr, 0);
++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0);
+ continue;
+ }
+ if (grub_strncasecmp (ptr, "file=", 5) == 0)
+@@ -1082,12 +1082,12 @@ write_entry (struct output_buffer *outbuf,
+ if (ptr[0] == 'f' && ptr[1] == 'd')
+ {
+ is_fd = 1;
+- devn = grub_strtoul (ptr + 2, &ptr, 0);
++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0);
+ continue;
+ }
+ if (grub_isdigit (ptr[0]))
+ {
+- part = grub_strtoul (ptr, &ptr, 0);
++ part = grub_strtoul (ptr, (const char **)&ptr, 0);
+ continue;
+ }
+ /* FIXME: isolinux, ntldr, cmldr, *dos, seg, hide
+diff --git a/grub-core/loader/i386/xen_fileXX.c b/grub-core/loader/i386/xen_fileXX.c
+index fb66e66fe96..293f1ad5c3e 100644
+--- a/grub-core/loader/i386/xen_fileXX.c
++++ b/grub-core/loader/i386/xen_fileXX.c
+@@ -25,7 +25,7 @@ parse_xen_guest (grub_elf_t elf, struct grub_xen_file_info *xi,
+ grub_off_t off, grub_size_t sz)
+ {
+ char *buf;
+- char *ptr;
++ const char *ptr;
+ int has_paddr = 0;
+
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
+index b711a5d9457..38e2a04747a 100644
+--- a/grub-core/net/efi/ip4_config.c
++++ b/grub-core/net/efi/ip4_config.c
+@@ -62,7 +62,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres
+ for (i = 0; i < 4; i++)
+ {
+ unsigned long t;
+- t = grub_strtoul (ptr, (char **) &ptr, 0);
++ t = grub_strtoul (ptr, &ptr, 0);
+ if (grub_errno)
+ {
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c
+index 017c4d05bc7..e0e00c23d21 100644
+--- a/grub-core/net/efi/ip6_config.c
++++ b/grub-core/net/efi/ip6_config.c
+@@ -84,7 +84,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres
+ ptr++;
+ continue;
+ }
+- t = grub_strtoul (ptr, (char **) &ptr, 16);
++ t = grub_strtoul (ptr, &ptr, 16);
+ if (grub_errno)
+ {
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
+index f208d1b180c..4c70fc4da2a 100644
+--- a/grub-core/net/efi/net.c
++++ b/grub-core/net/efi/net.c
+@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address,
+ {
+ grub_uint32_t subnet_mask_size;
+
+- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0);
++ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0);
+
+ if (!grub_errno && subnet_mask_size <= 32 && *rest == 0)
+ {
+@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address,
+ {
+ grub_efi_uint8_t prefix_length;
+
+- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0);
++ prefix_length = grub_strtoul (rest + 1, &rest, 0);
+ if (!grub_errno && prefix_length <= 128 && *rest == 0)
+ {
+ ip6->prefix_length = prefix_length;
+diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c
+index 531949cba5c..73e2bb01c1b 100644
+--- a/grub-core/net/efi/pxe.c
++++ b/grub-core/net/efi/pxe.c
+@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest)
+ ptr++;
+ continue;
+ }
+- t = grub_strtoul (ptr, (char **) &ptr, 16);
++ t = grub_strtoul (ptr, &ptr, 16);
+ if (grub_errno)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev,
+ int type __attribute__((unused)))
+ {
+ int i;
+- char *p;
++ const char *p;
+ grub_efi_status_t status;
+ grub_efi_pxe_ip_address_t server_ip;
+ grub_efi_uint64_t file_size = 0;
+@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev,
+ grub_size_t len)
+ {
+ int i;
+- char *p;
++ const char *p;
+ grub_efi_status_t status;
+ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe;
+ grub_efi_uint64_t bufsz = len;
+diff --git a/grub-core/net/http.c b/grub-core/net/http.c
+index c9c59690a98..b52b558d631 100644
+--- a/grub-core/net/http.c
++++ b/grub-core/net/http.c
+@@ -110,7 +110,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
+ return GRUB_ERR_NONE;
+ }
+ ptr += sizeof ("HTTP/1.1 ") - 1;
+- code = grub_strtoul (ptr, &ptr, 10);
++ code = grub_strtoul (ptr, (const char **)&ptr, 10);
+ if (grub_errno)
+ return grub_errno;
+ switch (code)
+@@ -137,7 +137,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
+ == 0 && !data->size_recv)
+ {
+ ptr += sizeof ("Content-Length: ") - 1;
+- file->size = grub_strtoull (ptr, &ptr, 10);
++ file->size = grub_strtoull (ptr, (const char **)&ptr, 10);
+ data->size_recv = 1;
+ return GRUB_ERR_NONE;
+ }
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index a571ee92efa..a011b940100 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -411,7 +411,7 @@ parse_ip (const char *val, grub_uint32_t *ip, const char **rest)
+ for (i = 0; i < 4; i++)
+ {
+ unsigned long t;
+- t = grub_strtoul (ptr, (char **) &ptr, 0);
++ t = grub_strtoul (ptr, &ptr, 0);
+ if (grub_errno)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -465,7 +465,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest)
+ ptr++;
+ continue;
+ }
+- t = grub_strtoul (ptr, (char **) &ptr, 16);
++ t = grub_strtoul (ptr, &ptr, 16);
+ if (grub_errno)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -577,7 +577,7 @@ grub_net_resolve_net_address (const char *name,
+ addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4;
+ if (*rest == '/')
+ {
+- addr->ipv4.masksize = grub_strtoul (rest + 1, (char **) &rest, 0);
++ addr->ipv4.masksize = grub_strtoul (rest + 1, &rest, 0);
+ if (!grub_errno && *rest == 0)
+ return GRUB_ERR_NONE;
+ grub_errno = GRUB_ERR_NONE;
+@@ -593,7 +593,7 @@ grub_net_resolve_net_address (const char *name,
+ addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6;
+ if (*rest == '/')
+ {
+- addr->ipv6.masksize = grub_strtoul (rest + 1, (char **) &rest, 0);
++ addr->ipv6.masksize = grub_strtoul (rest + 1, &rest, 0);
+ if (!grub_errno && *rest == 0)
+ return GRUB_ERR_NONE;
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/net/url.c b/grub-core/net/url.c
+index 146858284cd..d9d2fc9a9dc 100644
+--- a/grub-core/net/url.c
++++ b/grub-core/net/url.c
+@@ -235,7 +235,7 @@ extract_http_url_info (char *url, int ssl,
+ c = *port_end;
+ *port_end = '\0';
+
+- portul = grub_strtoul (port_off, &separator, 10);
++ portul = grub_strtoul (port_off, (const char **)&separator, 10);
+ *port_end = c;
+ #ifdef URL_TEST
+ if (portul == ULONG_MAX && errno == ERANGE)
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 93965777138..7d327f59d92 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -146,7 +146,7 @@ replace_scope (struct grub_script_scope *new_scope)
+ grub_err_t
+ grub_script_break (grub_command_t cmd, int argc, char *argv[])
+ {
+- char *p = 0;
++ const char *p = NULL;
+ unsigned long count;
+
+ if (argc == 0)
+@@ -178,7 +178,7 @@ grub_err_t
+ grub_script_shift (grub_command_t cmd __attribute__((unused)),
+ int argc, char *argv[])
+ {
+- char *p = 0;
++ const char *p = NULL;
+ unsigned long n = 0;
+
+ if (! scope)
+@@ -239,7 +239,7 @@ grub_err_t
+ grub_script_return (grub_command_t cmd __attribute__((unused)),
+ int argc, char *argv[])
+ {
+- char *p;
++ const char *p = NULL;
+ unsigned long n;
+
+ if (! scope || argc > 1)
+diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c
+index db80b3ba0fb..f9271b09239 100644
+--- a/grub-core/term/serial.c
++++ b/grub-core/term/serial.c
+@@ -269,7 +269,7 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args)
+
+ if (state[OPTION_BASE_CLOCK].set)
+ {
+- char *ptr;
++ const char *ptr;
+ config.base_clock = grub_strtoull (state[OPTION_BASE_CLOCK].arg, &ptr, 0);
+ if (grub_errno)
+ return grub_errno;
+diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
+index 29df35e6d20..537a5c0cb0b 100644
+--- a/grub-core/term/terminfo.c
++++ b/grub-core/term/terminfo.c
+@@ -737,7 +737,7 @@ grub_cmd_terminfo (grub_extcmd_context_t ctxt, int argc, char **args)
+
+ if (state[OPTION_GEOMETRY].set)
+ {
+- char *ptr = state[OPTION_GEOMETRY].arg;
++ const char *ptr = state[OPTION_GEOMETRY].arg;
+ w = grub_strtoul (ptr, &ptr, 0);
+ if (grub_errno)
+ return grub_errno;
+diff --git a/grub-core/tests/strtoull_test.c b/grub-core/tests/strtoull_test.c
+index 7da615ff33e..5488ab26b43 100644
+--- a/grub-core/tests/strtoull_test.c
++++ b/grub-core/tests/strtoull_test.c
+@@ -25,7 +25,7 @@ static void
+ strtoull_testcase (const char *input, int base, unsigned long long expected,
+ int num_digits, grub_err_t error)
+ {
+- char *output;
++ const char *output;
+ unsigned long long value;
+ grub_errno = 0;
+ value = grub_strtoull(input, &output, base);
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index de9016ab709..1258ec6bbf3 100644
+--- a/include/grub/misc.h
++++ b/include/grub/misc.h
+@@ -288,11 +288,11 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n)
+ - (int) grub_tolower ((grub_uint8_t) *s2);
+ }
+
+-unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, char **end, int base);
+-unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, char **end, int base);
++unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, const char ** const end, int base);
++unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, const char ** const end, int base);
+
+ static inline long
+-grub_strtol (const char *str, char **end, int base)
++grub_strtol (const char *str, const char ** const end, int base)
+ {
+ int negative = 0;
+ unsigned long long magnitude;
diff --git a/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch
new file mode 100644
index 0000000..065765c
--- /dev/null
+++ b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch
@@ -0,0 +1,235 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Oct 2018 10:57:52 -0400
+Subject: [PATCH] Fix menu entry selection based on ID and title
+
+Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an
+error, we assume the value it has produced is a correct index into our
+menu entry list, and do not try to interpret the value as the "id" or
+"title" . In cases where "id" or "title" start with a numeral, this
+makes them impossible to use as selection criteria.
+
+This patch splits the search into three phases - matching id, matching
+title, and only once those have been exhausted, trying to interpret the
+ID as a numeral. In that case, we also require that the entire string
+is numeric, not merely a string with leading numeric characters.
+
+Resolves: rhbz#1640979
+---
+ grub-core/normal/menu.c | 146 +++++++++++++++++++++++++-----------------------
+ 1 file changed, 75 insertions(+), 71 deletions(-)
+
+diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
+index 6cb2a071490..95f7abaf2fd 100644
+--- a/grub-core/normal/menu.c
++++ b/grub-core/normal/menu.c
+@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout)
+ }
+
+ static int
+-menuentry_eq (const char *id, const char *spec)
++menuentry_eq (const char *id, const char *spec, int limit)
+ {
+ const char *ptr1, *ptr2;
+ ptr1 = id;
+ ptr2 = spec;
+- while (1)
++ while (limit == -1 || ptr1 - id <= limit)
+ {
+ if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0)
+ return ptr2 - spec;
+@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec)
+ if (*ptr2 == '>')
+ ptr2++;
+ if (*ptr1 != *ptr2)
+- return 0;
++ {
++ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2))
++ return ptr1 -id -1;
++ return 0;
++ }
+ if (*ptr1 == 0)
+ return ptr1 - id;
+ ptr1++;
+@@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec)
+ return 0;
+ }
+
++static int
++get_entry_number_helper(grub_menu_t menu,
++ const char * const val, const char ** const tail)
++{
++ /* See if the variable matches the title of a menu entry. */
++ int entry = -1;
++ grub_menu_entry_t e;
++ int i;
++
++ for (i = 0, e = menu->entry_list; e; i++)
++ {
++ int l = 0;
++ while (val[l] && !grub_isspace(val[l]))
++ l++;
++
++ if (menuentry_eq (e->id, val, l))
++ {
++ if (tail)
++ *tail = val + l;
++ return i;
++ }
++ e = e->next;
++ }
++
++ for (i = 0, e = menu->entry_list; e; i++)
++ {
++ int l = 0;
++ while (val[l] && !grub_isspace(val[l]))
++ l++;
++
++ if (menuentry_eq (e->title, val, l))
++ {
++ if (tail)
++ *tail = val + l;
++ return i;
++ }
++ e = e->next;
++ }
++
++ if (tail)
++ *tail = NULL;
++
++ entry = (int) grub_strtoul (val, tail, 0);
++ if (grub_errno == GRUB_ERR_BAD_NUMBER ||
++ (*tail && **tail && !grub_isspace(**tail)))
++ {
++ entry = -1;
++ if (tail)
++ *tail = NULL;
++ grub_errno = GRUB_ERR_NONE;
++ }
++
++ return entry;
++}
++
+ /* Get the first entry number from the value of the environment variable NAME,
+ which is a space-separated list of non-negative integers. The entry number
+ which is returned is stripped from the value of NAME. If no entry number
+@@ -195,9 +254,8 @@ static int
+ get_and_remove_first_entry_number (grub_menu_t menu, const char *name)
+ {
+ const char *val;
+- char *tail;
++ const char *tail;
+ int entry;
+- int sz = 0;
+
+ val = grub_env_get (name);
+ if (! val)
+@@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name)
+
+ grub_error_push ();
+
+- entry = (int) grub_strtoul (val, &tail, 0);
++ entry = get_entry_number_helper(menu, val, &tail);
++ if (!(*tail == 0 || grub_isspace(*tail)))
++ entry = -1;
+
+- if (grub_errno == GRUB_ERR_BAD_NUMBER)
++ if (entry >= 0)
+ {
+- /* See if the variable matches the title of a menu entry. */
+- grub_menu_entry_t e = menu->entry_list;
+- int i;
+-
+- for (i = 0; e; i++)
+- {
+- sz = menuentry_eq (e->title, val);
+- if (sz < 1)
+- sz = menuentry_eq (e->id, val);
+-
+- if (sz >= 1)
+- {
+- entry = i;
+- break;
+- }
+- e = e->next;
+- }
+-
+- if (sz > 0)
+- grub_errno = GRUB_ERR_NONE;
+-
+- if (! e)
+- entry = -1;
+- }
+-
+- if (grub_errno == GRUB_ERR_NONE)
+- {
+- if (sz > 0)
+- tail += sz;
+-
+ /* Skip whitespace to find the next entry. */
+ while (*tail && grub_isspace (*tail))
+ tail++;
+- grub_env_set (name, tail);
++ if (*tail)
++ grub_env_set (name, tail);
++ else
++ grub_env_unset (name);
+ }
+ else
+ {
+ grub_env_unset (name);
+ grub_errno = GRUB_ERR_NONE;
+- entry = -1;
+ }
+
+ grub_error_pop ();
+@@ -525,6 +557,7 @@ static int
+ get_entry_number (grub_menu_t menu, const char *name)
+ {
+ const char *val;
++ const char *tail;
+ int entry;
+
+ val = grub_env_get (name);
+@@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name)
+ return -1;
+
+ grub_error_push ();
+-
+- entry = (int) grub_strtoul (val, 0, 0);
+-
+- if (grub_errno == GRUB_ERR_BAD_NUMBER)
+- {
+- /* See if the variable matches the title of a menu entry. */
+- grub_menu_entry_t e = menu->entry_list;
+- int i;
+-
+- grub_errno = GRUB_ERR_NONE;
+-
+- for (i = 0; e; i++)
+- {
+- if (menuentry_eq (e->title, val)
+- || menuentry_eq (e->id, val))
+- {
+- entry = i;
+- break;
+- }
+- e = e->next;
+- }
+-
+- if (! e)
+- entry = -1;
+- }
+-
+- if (grub_errno != GRUB_ERR_NONE)
+- {
+- grub_errno = GRUB_ERR_NONE;
+- entry = -1;
+- }
+-
++ entry = get_entry_number_helper(menu, val, &tail);
++ if (*tail != '\0')
++ entry = -1;
+ grub_error_pop ();
+
+ return entry;
diff --git a/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch b/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
deleted file mode 100644
index 99787bd..0000000
--- a/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
+++ /dev/null
@@ -1,391 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 19 Oct 2018 13:41:48 -0400
-Subject: [PATCH] Make grub_strtoul "end" pointer have the right
- constification.
-
-Related: rhbz#1640979
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/kern/fs.c | 2 +-
- grub-core/kern/misc.c | 8 ++++----
- grub-core/kern/partition.c | 2 +-
- grub-core/lib/legacy_parse.c | 2 +-
- grub-core/lib/syslinux_parse.c | 6 +++---
- grub-core/loader/i386/xen_fileXX.c | 2 +-
- grub-core/net/efi/ip4_config.c | 2 +-
- grub-core/net/efi/ip6_config.c | 2 +-
- grub-core/net/efi/net.c | 4 ++--
- grub-core/net/efi/pxe.c | 6 +++---
- grub-core/net/http.c | 4 ++--
- grub-core/net/net.c | 8 ++++----
- grub-core/net/url.c | 2 +-
- grub-core/script/execute.c | 6 +++---
- grub-core/term/serial.c | 2 +-
- grub-core/term/terminfo.c | 2 +-
- grub-core/tests/strtoull_test.c | 2 +-
- include/grub/misc.h | 6 +++---
- 18 files changed, 34 insertions(+), 34 deletions(-)
-
-diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
-index 9085895b6fe..1bd748be83b 100644
---- a/grub-core/kern/fs.c
-+++ b/grub-core/kern/fs.c
-@@ -134,7 +134,7 @@ struct grub_fs_block
- static grub_err_t
- grub_fs_blocklist_open (grub_file_t file, const char *name)
- {
-- char *p = (char *) name;
-+ const char *p = name;
- unsigned num = 0;
- unsigned i;
- grub_disk_t disk = file->device->disk;
-diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
-index 5c3899f0e5b..aaae9aa0ab7 100644
---- a/grub-core/kern/misc.c
-+++ b/grub-core/kern/misc.c
-@@ -383,7 +383,7 @@ grub_isspace (int c)
- }
-
- unsigned long
--grub_strtoul (const char *str, char **end, int base)
-+grub_strtoul (const char *str, const char ** const end, int base)
- {
- unsigned long long num;
-
-@@ -400,7 +400,7 @@ grub_strtoul (const char *str, char **end, int base)
- }
-
- unsigned long long
--grub_strtoull (const char *str, char **end, int base)
-+grub_strtoull (const char *str, const char ** const end, int base)
- {
- unsigned long long num = 0;
- int found = 0;
-@@ -901,14 +901,14 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0,
- {
- if (fmt[0] == '0')
- zerofill = '0';
-- format1 = grub_strtoul (fmt, (char **) &fmt, 10);
-+ format1 = grub_strtoul (fmt, &fmt, 10);
- }
-
- if (*fmt == '.')
- fmt++;
-
- if (grub_isdigit (*fmt))
-- format2 = grub_strtoul (fmt, (char **) &fmt, 10);
-+ format2 = grub_strtoul (fmt, &fmt, 10);
-
- if (*fmt == '$')
- {
-diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
-index e499147cbcb..2c401b866c4 100644
---- a/grub-core/kern/partition.c
-+++ b/grub-core/kern/partition.c
-@@ -126,7 +126,7 @@ grub_partition_probe (struct grub_disk *disk, const char *str)
- while (*ptr && grub_isalpha (*ptr))
- ptr++;
- partname_end = ptr;
-- num = grub_strtoul (ptr, (char **) &ptr, 0) - 1;
-+ num = grub_strtoul (ptr, &ptr, 0) - 1;
-
- curpart = 0;
- /* Use the first partition map type found. */
-diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c
-index ef56150ac77..05719ab2ccb 100644
---- a/grub-core/lib/legacy_parse.c
-+++ b/grub-core/lib/legacy_parse.c
-@@ -418,7 +418,7 @@ adjust_file (const char *in, grub_size_t len)
- }
- if (*comma != ',')
- return grub_legacy_escape (in, len);
-- part = grub_strtoull (comma + 1, (char **) &rest, 0);
-+ part = grub_strtoull (comma + 1, &rest, 0);
- if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z')
- {
- subpart = rest[1] - 'a';
-diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c
-index 28ba3aef0bb..21ca040ada7 100644
---- a/grub-core/lib/syslinux_parse.c
-+++ b/grub-core/lib/syslinux_parse.c
-@@ -1058,7 +1058,7 @@ write_entry (struct output_buffer *outbuf,
- if (ptr[0] == 'h' && ptr[1] == 'd')
- {
- is_fd = 0;
-- devn = grub_strtoul (ptr + 2, &ptr, 0);
-+ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0);
- continue;
- }
- if (grub_strncasecmp (ptr, "file=", 5) == 0)
-@@ -1082,12 +1082,12 @@ write_entry (struct output_buffer *outbuf,
- if (ptr[0] == 'f' && ptr[1] == 'd')
- {
- is_fd = 1;
-- devn = grub_strtoul (ptr + 2, &ptr, 0);
-+ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0);
- continue;
- }
- if (grub_isdigit (ptr[0]))
- {
-- part = grub_strtoul (ptr, &ptr, 0);
-+ part = grub_strtoul (ptr, (const char **)&ptr, 0);
- continue;
- }
- /* FIXME: isolinux, ntldr, cmldr, *dos, seg, hide
-diff --git a/grub-core/loader/i386/xen_fileXX.c b/grub-core/loader/i386/xen_fileXX.c
-index fb66e66fe96..293f1ad5c3e 100644
---- a/grub-core/loader/i386/xen_fileXX.c
-+++ b/grub-core/loader/i386/xen_fileXX.c
-@@ -25,7 +25,7 @@ parse_xen_guest (grub_elf_t elf, struct grub_xen_file_info *xi,
- grub_off_t off, grub_size_t sz)
- {
- char *buf;
-- char *ptr;
-+ const char *ptr;
- int has_paddr = 0;
-
- grub_errno = GRUB_ERR_NONE;
-diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
-index b711a5d9457..38e2a04747a 100644
---- a/grub-core/net/efi/ip4_config.c
-+++ b/grub-core/net/efi/ip4_config.c
-@@ -62,7 +62,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres
- for (i = 0; i < 4; i++)
- {
- unsigned long t;
-- t = grub_strtoul (ptr, (char **) &ptr, 0);
-+ t = grub_strtoul (ptr, &ptr, 0);
- if (grub_errno)
- {
- grub_errno = GRUB_ERR_NONE;
-diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c
-index 017c4d05bc7..e0e00c23d21 100644
---- a/grub-core/net/efi/ip6_config.c
-+++ b/grub-core/net/efi/ip6_config.c
-@@ -84,7 +84,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres
- ptr++;
- continue;
- }
-- t = grub_strtoul (ptr, (char **) &ptr, 16);
-+ t = grub_strtoul (ptr, &ptr, 16);
- if (grub_errno)
- {
- grub_errno = GRUB_ERR_NONE;
-diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
-index f208d1b180c..4c70fc4da2a 100644
---- a/grub-core/net/efi/net.c
-+++ b/grub-core/net/efi/net.c
-@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address,
- {
- grub_uint32_t subnet_mask_size;
-
-- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0);
-+ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0);
-
- if (!grub_errno && subnet_mask_size <= 32 && *rest == 0)
- {
-@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address,
- {
- grub_efi_uint8_t prefix_length;
-
-- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0);
-+ prefix_length = grub_strtoul (rest + 1, &rest, 0);
- if (!grub_errno && prefix_length <= 128 && *rest == 0)
- {
- ip6->prefix_length = prefix_length;
-diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c
-index 531949cba5c..73e2bb01c1b 100644
---- a/grub-core/net/efi/pxe.c
-+++ b/grub-core/net/efi/pxe.c
-@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest)
- ptr++;
- continue;
- }
-- t = grub_strtoul (ptr, (char **) &ptr, 16);
-+ t = grub_strtoul (ptr, &ptr, 16);
- if (grub_errno)
- {
- grub_errno = GRUB_ERR_NONE;
-@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev,
- int type __attribute__((unused)))
- {
- int i;
-- char *p;
-+ const char *p;
- grub_efi_status_t status;
- grub_efi_pxe_ip_address_t server_ip;
- grub_efi_uint64_t file_size = 0;
-@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev,
- grub_size_t len)
- {
- int i;
-- char *p;
-+ const char *p;
- grub_efi_status_t status;
- grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe;
- grub_efi_uint64_t bufsz = len;
-diff --git a/grub-core/net/http.c b/grub-core/net/http.c
-index c9c59690a98..b52b558d631 100644
---- a/grub-core/net/http.c
-+++ b/grub-core/net/http.c
-@@ -110,7 +110,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
- return GRUB_ERR_NONE;
- }
- ptr += sizeof ("HTTP/1.1 ") - 1;
-- code = grub_strtoul (ptr, &ptr, 10);
-+ code = grub_strtoul (ptr, (const char **)&ptr, 10);
- if (grub_errno)
- return grub_errno;
- switch (code)
-@@ -137,7 +137,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
- == 0 && !data->size_recv)
- {
- ptr += sizeof ("Content-Length: ") - 1;
-- file->size = grub_strtoull (ptr, &ptr, 10);
-+ file->size = grub_strtoull (ptr, (const char **)&ptr, 10);
- data->size_recv = 1;
- return GRUB_ERR_NONE;
- }
-diff --git a/grub-core/net/net.c b/grub-core/net/net.c
-index a571ee92efa..a011b940100 100644
---- a/grub-core/net/net.c
-+++ b/grub-core/net/net.c
-@@ -411,7 +411,7 @@ parse_ip (const char *val, grub_uint32_t *ip, const char **rest)
- for (i = 0; i < 4; i++)
- {
- unsigned long t;
-- t = grub_strtoul (ptr, (char **) &ptr, 0);
-+ t = grub_strtoul (ptr, &ptr, 0);
- if (grub_errno)
- {
- grub_errno = GRUB_ERR_NONE;
-@@ -465,7 +465,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest)
- ptr++;
- continue;
- }
-- t = grub_strtoul (ptr, (char **) &ptr, 16);
-+ t = grub_strtoul (ptr, &ptr, 16);
- if (grub_errno)
- {
- grub_errno = GRUB_ERR_NONE;
-@@ -577,7 +577,7 @@ grub_net_resolve_net_address (const char *name,
- addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4;
- if (*rest == '/')
- {
-- addr->ipv4.masksize = grub_strtoul (rest + 1, (char **) &rest, 0);
-+ addr->ipv4.masksize = grub_strtoul (rest + 1, &rest, 0);
- if (!grub_errno && *rest == 0)
- return GRUB_ERR_NONE;
- grub_errno = GRUB_ERR_NONE;
-@@ -593,7 +593,7 @@ grub_net_resolve_net_address (const char *name,
- addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6;
- if (*rest == '/')
- {
-- addr->ipv6.masksize = grub_strtoul (rest + 1, (char **) &rest, 0);
-+ addr->ipv6.masksize = grub_strtoul (rest + 1, &rest, 0);
- if (!grub_errno && *rest == 0)
- return GRUB_ERR_NONE;
- grub_errno = GRUB_ERR_NONE;
-diff --git a/grub-core/net/url.c b/grub-core/net/url.c
-index 146858284cd..d9d2fc9a9dc 100644
---- a/grub-core/net/url.c
-+++ b/grub-core/net/url.c
-@@ -235,7 +235,7 @@ extract_http_url_info (char *url, int ssl,
- c = *port_end;
- *port_end = '\0';
-
-- portul = grub_strtoul (port_off, &separator, 10);
-+ portul = grub_strtoul (port_off, (const char **)&separator, 10);
- *port_end = c;
- #ifdef URL_TEST
- if (portul == ULONG_MAX && errno == ERANGE)
-diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
-index 93965777138..7d327f59d92 100644
---- a/grub-core/script/execute.c
-+++ b/grub-core/script/execute.c
-@@ -146,7 +146,7 @@ replace_scope (struct grub_script_scope *new_scope)
- grub_err_t
- grub_script_break (grub_command_t cmd, int argc, char *argv[])
- {
-- char *p = 0;
-+ const char *p = NULL;
- unsigned long count;
-
- if (argc == 0)
-@@ -178,7 +178,7 @@ grub_err_t
- grub_script_shift (grub_command_t cmd __attribute__((unused)),
- int argc, char *argv[])
- {
-- char *p = 0;
-+ const char *p = NULL;
- unsigned long n = 0;
-
- if (! scope)
-@@ -239,7 +239,7 @@ grub_err_t
- grub_script_return (grub_command_t cmd __attribute__((unused)),
- int argc, char *argv[])
- {
-- char *p;
-+ const char *p = NULL;
- unsigned long n;
-
- if (! scope || argc > 1)
-diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c
-index db80b3ba0fb..f9271b09239 100644
---- a/grub-core/term/serial.c
-+++ b/grub-core/term/serial.c
-@@ -269,7 +269,7 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args)
-
- if (state[OPTION_BASE_CLOCK].set)
- {
-- char *ptr;
-+ const char *ptr;
- config.base_clock = grub_strtoull (state[OPTION_BASE_CLOCK].arg, &ptr, 0);
- if (grub_errno)
- return grub_errno;
-diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
-index 29df35e6d20..537a5c0cb0b 100644
---- a/grub-core/term/terminfo.c
-+++ b/grub-core/term/terminfo.c
-@@ -737,7 +737,7 @@ grub_cmd_terminfo (grub_extcmd_context_t ctxt, int argc, char **args)
-
- if (state[OPTION_GEOMETRY].set)
- {
-- char *ptr = state[OPTION_GEOMETRY].arg;
-+ const char *ptr = state[OPTION_GEOMETRY].arg;
- w = grub_strtoul (ptr, &ptr, 0);
- if (grub_errno)
- return grub_errno;
-diff --git a/grub-core/tests/strtoull_test.c b/grub-core/tests/strtoull_test.c
-index 7da615ff33e..5488ab26b43 100644
---- a/grub-core/tests/strtoull_test.c
-+++ b/grub-core/tests/strtoull_test.c
-@@ -25,7 +25,7 @@ static void
- strtoull_testcase (const char *input, int base, unsigned long long expected,
- int num_digits, grub_err_t error)
- {
-- char *output;
-+ const char *output;
- unsigned long long value;
- grub_errno = 0;
- value = grub_strtoull(input, &output, base);
-diff --git a/include/grub/misc.h b/include/grub/misc.h
-index de9016ab709..1258ec6bbf3 100644
---- a/include/grub/misc.h
-+++ b/include/grub/misc.h
-@@ -288,11 +288,11 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n)
- - (int) grub_tolower ((grub_uint8_t) *s2);
- }
-
--unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, char **end, int base);
--unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, char **end, int base);
-+unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, const char ** const end, int base);
-+unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, const char ** const end, int base);
-
- static inline long
--grub_strtol (const char *str, char **end, int base)
-+grub_strtol (const char *str, const char ** const end, int base)
- {
- int negative = 0;
- unsigned long long magnitude;
diff --git a/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch
deleted file mode 100644
index 065765c..0000000
--- a/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 19 Oct 2018 10:57:52 -0400
-Subject: [PATCH] Fix menu entry selection based on ID and title
-
-Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an
-error, we assume the value it has produced is a correct index into our
-menu entry list, and do not try to interpret the value as the "id" or
-"title" . In cases where "id" or "title" start with a numeral, this
-makes them impossible to use as selection criteria.
-
-This patch splits the search into three phases - matching id, matching
-title, and only once those have been exhausted, trying to interpret the
-ID as a numeral. In that case, we also require that the entire string
-is numeric, not merely a string with leading numeric characters.
-
-Resolves: rhbz#1640979
----
- grub-core/normal/menu.c | 146 +++++++++++++++++++++++++-----------------------
- 1 file changed, 75 insertions(+), 71 deletions(-)
-
-diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
-index 6cb2a071490..95f7abaf2fd 100644
---- a/grub-core/normal/menu.c
-+++ b/grub-core/normal/menu.c
-@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout)
- }
-
- static int
--menuentry_eq (const char *id, const char *spec)
-+menuentry_eq (const char *id, const char *spec, int limit)
- {
- const char *ptr1, *ptr2;
- ptr1 = id;
- ptr2 = spec;
-- while (1)
-+ while (limit == -1 || ptr1 - id <= limit)
- {
- if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0)
- return ptr2 - spec;
-@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec)
- if (*ptr2 == '>')
- ptr2++;
- if (*ptr1 != *ptr2)
-- return 0;
-+ {
-+ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2))
-+ return ptr1 -id -1;
-+ return 0;
-+ }
- if (*ptr1 == 0)
- return ptr1 - id;
- ptr1++;
-@@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec)
- return 0;
- }
-
-+static int
-+get_entry_number_helper(grub_menu_t menu,
-+ const char * const val, const char ** const tail)
-+{
-+ /* See if the variable matches the title of a menu entry. */
-+ int entry = -1;
-+ grub_menu_entry_t e;
-+ int i;
-+
-+ for (i = 0, e = menu->entry_list; e; i++)
-+ {
-+ int l = 0;
-+ while (val[l] && !grub_isspace(val[l]))
-+ l++;
-+
-+ if (menuentry_eq (e->id, val, l))
-+ {
-+ if (tail)
-+ *tail = val + l;
-+ return i;
-+ }
-+ e = e->next;
-+ }
-+
-+ for (i = 0, e = menu->entry_list; e; i++)
-+ {
-+ int l = 0;
-+ while (val[l] && !grub_isspace(val[l]))
-+ l++;
-+
-+ if (menuentry_eq (e->title, val, l))
-+ {
-+ if (tail)
-+ *tail = val + l;
-+ return i;
-+ }
-+ e = e->next;
-+ }
-+
-+ if (tail)
-+ *tail = NULL;
-+
-+ entry = (int) grub_strtoul (val, tail, 0);
-+ if (grub_errno == GRUB_ERR_BAD_NUMBER ||
-+ (*tail && **tail && !grub_isspace(**tail)))
-+ {
-+ entry = -1;
-+ if (tail)
-+ *tail = NULL;
-+ grub_errno = GRUB_ERR_NONE;
-+ }
-+
-+ return entry;
-+}
-+
- /* Get the first entry number from the value of the environment variable NAME,
- which is a space-separated list of non-negative integers. The entry number
- which is returned is stripped from the value of NAME. If no entry number
-@@ -195,9 +254,8 @@ static int
- get_and_remove_first_entry_number (grub_menu_t menu, const char *name)
- {
- const char *val;
-- char *tail;
-+ const char *tail;
- int entry;
-- int sz = 0;
-
- val = grub_env_get (name);
- if (! val)
-@@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name)
-
- grub_error_push ();
-
-- entry = (int) grub_strtoul (val, &tail, 0);
-+ entry = get_entry_number_helper(menu, val, &tail);
-+ if (!(*tail == 0 || grub_isspace(*tail)))
-+ entry = -1;
-
-- if (grub_errno == GRUB_ERR_BAD_NUMBER)
-+ if (entry >= 0)
- {
-- /* See if the variable matches the title of a menu entry. */
-- grub_menu_entry_t e = menu->entry_list;
-- int i;
--
-- for (i = 0; e; i++)
-- {
-- sz = menuentry_eq (e->title, val);
-- if (sz < 1)
-- sz = menuentry_eq (e->id, val);
--
-- if (sz >= 1)
-- {
-- entry = i;
-- break;
-- }
-- e = e->next;
-- }
--
-- if (sz > 0)
-- grub_errno = GRUB_ERR_NONE;
--
-- if (! e)
-- entry = -1;
-- }
--
-- if (grub_errno == GRUB_ERR_NONE)
-- {
-- if (sz > 0)
-- tail += sz;
--
- /* Skip whitespace to find the next entry. */
- while (*tail && grub_isspace (*tail))
- tail++;
-- grub_env_set (name, tail);
-+ if (*tail)
-+ grub_env_set (name, tail);
-+ else
-+ grub_env_unset (name);
- }
- else
- {
- grub_env_unset (name);
- grub_errno = GRUB_ERR_NONE;
-- entry = -1;
- }
-
- grub_error_pop ();
-@@ -525,6 +557,7 @@ static int
- get_entry_number (grub_menu_t menu, const char *name)
- {
- const char *val;
-+ const char *tail;
- int entry;
-
- val = grub_env_get (name);
-@@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name)
- return -1;
-
- grub_error_push ();
--
-- entry = (int) grub_strtoul (val, 0, 0);
--
-- if (grub_errno == GRUB_ERR_BAD_NUMBER)
-- {
-- /* See if the variable matches the title of a menu entry. */
-- grub_menu_entry_t e = menu->entry_list;
-- int i;
--
-- grub_errno = GRUB_ERR_NONE;
--
-- for (i = 0; e; i++)
-- {
-- if (menuentry_eq (e->title, val)
-- || menuentry_eq (e->id, val))
-- {
-- entry = i;
-- break;
-- }
-- e = e->next;
-- }
--
-- if (! e)
-- entry = -1;
-- }
--
-- if (grub_errno != GRUB_ERR_NONE)
-- {
-- grub_errno = GRUB_ERR_NONE;
-- entry = -1;
-- }
--
-+ entry = get_entry_number_helper(menu, val, &tail);
-+ if (*tail != '\0')
-+ entry = -1;
- grub_error_pop ();
-
- return entry;
diff --git a/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
new file mode 100644
index 0000000..b81f46f
--- /dev/null
+++ b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
@@ -0,0 +1,46 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 21 Nov 2018 15:37:32 +0100
+Subject: [PATCH] Remove quotes when reading ID value from /etc/os-release
+
+The field is used to obtain the path to the GRUB directory in the ESP for
+UEFI installs. But in some OS the ID value is quoted, which leads to some
+of the scripts to fail:
+
+ $ grub2-setpassword
+ /boot/efi/EFI/"redhat"/ does not exist.
+ Usage: /usr/sbin/grub2-setpassword [OPTION]
+
+Related: rhbz#1650706
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub-set-password.in | 2 +-
+ util/grub-switch-to-blscfg.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/util/grub-set-password.in b/util/grub-set-password.in
+index 5ebf50576d6..c0b5ebbfdc5 100644
+--- a/util/grub-set-password.in
++++ b/util/grub-set-password.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh -e
+
+-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')
++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
+ if [ -d /sys/firmware/efi/efivars/ ]; then
+ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
+ else
+diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
+index 60cd6ca63cc..d353370cc51 100644
+--- a/util/grub-switch-to-blscfg.in
++++ b/util/grub-switch-to-blscfg.in
+@@ -40,7 +40,7 @@ etcdefaultgrub=/etc/default/grub
+
+ eval "$("${grub_get_kernel_settings}")" || true
+
+-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')
++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
+ if [ -d /sys/firmware/efi/efivars/ ]; then
+ startlink=/etc/grub2-efi.cfg
+ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
diff --git a/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch b/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
deleted file mode 100644
index b81f46f..0000000
--- a/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Wed, 21 Nov 2018 15:37:32 +0100
-Subject: [PATCH] Remove quotes when reading ID value from /etc/os-release
-
-The field is used to obtain the path to the GRUB directory in the ESP for
-UEFI installs. But in some OS the ID value is quoted, which leads to some
-of the scripts to fail:
-
- $ grub2-setpassword
- /boot/efi/EFI/"redhat"/ does not exist.
- Usage: /usr/sbin/grub2-setpassword [OPTION]
-
-Related: rhbz#1650706
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub-set-password.in | 2 +-
- util/grub-switch-to-blscfg.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util/grub-set-password.in b/util/grub-set-password.in
-index 5ebf50576d6..c0b5ebbfdc5 100644
---- a/util/grub-set-password.in
-+++ b/util/grub-set-password.in
-@@ -1,6 +1,6 @@
- #!/bin/sh -e
-
--EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')
-+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
- if [ -d /sys/firmware/efi/efivars/ ]; then
- grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
- else
-diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
-index 60cd6ca63cc..d353370cc51 100644
---- a/util/grub-switch-to-blscfg.in
-+++ b/util/grub-switch-to-blscfg.in
-@@ -40,7 +40,7 @@ etcdefaultgrub=/etc/default/grub
-
- eval "$("${grub_get_kernel_settings}")" || true
-
--EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')
-+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
- if [ -d /sys/firmware/efi/efivars/ ]; then
- startlink=/etc/grub2-efi.cfg
- grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
diff --git a/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
new file mode 100644
index 0000000..d5951b4
--- /dev/null
+++ b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 21 Nov 2018 15:38:50 +0100
+Subject: [PATCH] blscfg: expand grub_users before passing to
+ grub_normal_add_menu_entry()
+
+The "grub_users" field from the BLS snippet file is used to specifcy the
+users that are allowed to execute a given menu entry if the "superusers"
+environment variable is set.
+
+If the "grub_users" isn't set, the menu entry is unrestricted and it can
+be executed without any authentication and if is set then only the users
+defined in "grub_users" can execute the menu entry after authentication.
+
+But this field can contain an environment variable so has to be expanded
+or otherwise grub2 will wrongly assume that the user is "$var", and will
+populate a menu entry that it's resctrited even when "$var" isn't set.
+
+Resolves: rhbz#1650706
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/blscfg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 42892cbfd55..c432c6ba27a 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
+ initrds = bls_make_list (entry, "initrd", NULL);
+
+ hotkey = bls_get_val (entry, "grub_hotkey", NULL);
+- users = bls_get_val (entry, "grub_users", NULL);
++ users = expand_val (bls_get_val (entry, "grub_users", NULL));
+ classes = bls_make_list (entry, "grub_class", NULL);
+ args = bls_make_list (entry, "grub_arg", &argc);
+
diff --git a/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch
new file mode 100644
index 0000000..50479ce
--- /dev/null
+++ b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch
@@ -0,0 +1,46 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 26 Nov 2018 10:06:42 +0100
+Subject: [PATCH] Make the menu entry users option argument to be optional
+
+The --users option is used to restrict the access to specific menu entries
+only to a set of users. But the option requires an argument to either be a
+constant or a variable that has been set. So for example the following:
+
+ menuentry "May be run by superusers or users in $users" --users $users {
+ linux /vmlinuz
+ }
+
+Would fail if $users is not defined and grub would discard the menu entry.
+Instead, allow the --users option to have an optional argument and ignore
+the option if the argument was not set.
+
+Related: rhbz#1652434
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/menuentry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 8d242b0187e..7004e08ce78 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] =
+ {
+ {"class", 1, GRUB_ARG_OPTION_REPEATABLE,
+ N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING},
+- {"users", 2, 0,
++ {"users", 2, GRUB_ARG_OPTION_OPTIONAL,
+ N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"),
+ ARG_TYPE_STRING},
+ {"hotkey", 3, 0,
+@@ -280,7 +280,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
+ if (! ctxt->state[3].set && ! ctxt->script)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition");
+
+- if (ctxt->state[1].set)
++ if (ctxt->state[1].set && ctxt->state[1].arg)
+ users = ctxt->state[1].arg;
+ else if (ctxt->state[5].set)
+ users = NULL;
diff --git a/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch b/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
deleted file mode 100644
index d5951b4..0000000
--- a/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Wed, 21 Nov 2018 15:38:50 +0100
-Subject: [PATCH] blscfg: expand grub_users before passing to
- grub_normal_add_menu_entry()
-
-The "grub_users" field from the BLS snippet file is used to specifcy the
-users that are allowed to execute a given menu entry if the "superusers"
-environment variable is set.
-
-If the "grub_users" isn't set, the menu entry is unrestricted and it can
-be executed without any authentication and if is set then only the users
-defined in "grub_users" can execute the menu entry after authentication.
-
-But this field can contain an environment variable so has to be expanded
-or otherwise grub2 will wrongly assume that the user is "$var", and will
-populate a menu entry that it's resctrited even when "$var" isn't set.
-
-Resolves: rhbz#1650706
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/commands/blscfg.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index 42892cbfd55..c432c6ba27a 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry)
- initrds = bls_make_list (entry, "initrd", NULL);
-
- hotkey = bls_get_val (entry, "grub_hotkey", NULL);
-- users = bls_get_val (entry, "grub_users", NULL);
-+ users = expand_val (bls_get_val (entry, "grub_users", NULL));
- classes = bls_make_list (entry, "grub_class", NULL);
- args = bls_make_list (entry, "grub_arg", &argc);
-
diff --git a/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch
new file mode 100644
index 0000000..620c55d
--- /dev/null
+++ b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch
@@ -0,0 +1,56 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 22 Nov 2018 16:12:19 +0100
+Subject: [PATCH] 10_linux_bls: add missing menu entries options
+
+The script that generates menu entries in the grub.cfg from BLS snippets
+wasn't filling some important options, like the --id, --class and --user
+if these were defined in the BLS.
+
+Resolves: rhbz#1652434
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux_bls.in | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 8745e598d0e..8cff4c58ab5 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -127,6 +127,9 @@ read_config()
+ initrd=""
+ options=""
+ linux=""
++ grub_users=""
++ grub_arg=""
++ grub_class=""
+
+ while read -r line
+ do
+@@ -145,6 +148,15 @@ read_config()
+ "options")
+ options=${value}
+ ;;
++ "grub_users")
++ grub_users=${value}
++ ;;
++ "grub_arg")
++ grub_arg=${value}
++ ;;
++ "grub_class")
++ grub_class=${value}
++ ;;
+ esac
+ done < ${config_file}
+ }
+@@ -167,7 +179,8 @@ populate_menu()
+
+ for bls in "${files[@]}" ; do
+ read_config "${blsdir}/${bls}.conf"
+- menu="${menu}menuentry '${title}' {\n"
++
++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch
deleted file mode 100644
index 50479ce..0000000
--- a/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Mon, 26 Nov 2018 10:06:42 +0100
-Subject: [PATCH] Make the menu entry users option argument to be optional
-
-The --users option is used to restrict the access to specific menu entries
-only to a set of users. But the option requires an argument to either be a
-constant or a variable that has been set. So for example the following:
-
- menuentry "May be run by superusers or users in $users" --users $users {
- linux /vmlinuz
- }
-
-Would fail if $users is not defined and grub would discard the menu entry.
-Instead, allow the --users option to have an optional argument and ignore
-the option if the argument was not set.
-
-Related: rhbz#1652434
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/commands/menuentry.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
-index 8d242b0187e..7004e08ce78 100644
---- a/grub-core/commands/menuentry.c
-+++ b/grub-core/commands/menuentry.c
-@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] =
- {
- {"class", 1, GRUB_ARG_OPTION_REPEATABLE,
- N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING},
-- {"users", 2, 0,
-+ {"users", 2, GRUB_ARG_OPTION_OPTIONAL,
- N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"),
- ARG_TYPE_STRING},
- {"hotkey", 3, 0,
-@@ -280,7 +280,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
- if (! ctxt->state[3].set && ! ctxt->script)
- return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition");
-
-- if (ctxt->state[1].set)
-+ if (ctxt->state[1].set && ctxt->state[1].arg)
- users = ctxt->state[1].arg;
- else if (ctxt->state[5].set)
- users = NULL;
diff --git a/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch b/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch
deleted file mode 100644
index 620c55d..0000000
--- a/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 22 Nov 2018 16:12:19 +0100
-Subject: [PATCH] 10_linux_bls: add missing menu entries options
-
-The script that generates menu entries in the grub.cfg from BLS snippets
-wasn't filling some important options, like the --id, --class and --user
-if these were defined in the BLS.
-
-Resolves: rhbz#1652434
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux_bls.in | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 8745e598d0e..8cff4c58ab5 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -127,6 +127,9 @@ read_config()
- initrd=""
- options=""
- linux=""
-+ grub_users=""
-+ grub_arg=""
-+ grub_class=""
-
- while read -r line
- do
-@@ -145,6 +148,15 @@ read_config()
- "options")
- options=${value}
- ;;
-+ "grub_users")
-+ grub_users=${value}
-+ ;;
-+ "grub_arg")
-+ grub_arg=${value}
-+ ;;
-+ "grub_class")
-+ grub_class=${value}
-+ ;;
- esac
- done < ${config_file}
- }
-@@ -167,7 +179,8 @@ populate_menu()
-
- for bls in "${files[@]}" ; do
- read_config "${blsdir}/${bls}.conf"
-- menu="${menu}menuentry '${title}' {\n"
-+
-+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n"
- menu="${menu}\t linux ${linux} ${options}\n"
- if [ -n "${initrd}" ] ; then
- menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch
new file mode 100644
index 0000000..31825b0
--- /dev/null
+++ b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 30 Nov 2018 16:39:09 +0100
+Subject: [PATCH] Fix menu entry selection based on title
+
+The get_entry_number_helper() function assumes that there could be a set
+of entries identifiers in a variable (i.e: as used in the fallback case)
+so iterates over the string until it finds a space to get the first id.
+
+But this should only be done for indexes or entries id, since the title
+can contain spaces. In the case of title, the complete string should be
+used to select a given entry.
+
+Resolves: rhbz#1654936
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/normal/menu.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
+index 95f7abaf2fd..fc25c702f3c 100644
+--- a/grub-core/normal/menu.c
++++ b/grub-core/normal/menu.c
+@@ -217,14 +217,11 @@ get_entry_number_helper(grub_menu_t menu,
+
+ for (i = 0, e = menu->entry_list; e; i++)
+ {
+- int l = 0;
+- while (val[l] && !grub_isspace(val[l]))
+- l++;
+
+- if (menuentry_eq (e->title, val, l))
++ if (menuentry_eq (e->title, val, -1))
+ {
+ if (tail)
+- *tail = val + l;
++ *tail = NULL;
+ return i;
+ }
+ e = e->next;
diff --git a/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
new file mode 100644
index 0000000..1fc6e2d
--- /dev/null
+++ b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
@@ -0,0 +1,120 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 4 Dec 2018 10:48:45 +0100
+Subject: [PATCH] BLS files should only be copied by grub-switch-to-blscfg if
+ BLS isn't set
+
+Currently the grub-switch-to-blscfg script doesn't update the grub.cfg if
+GRUB_ENABLE_BLSCFG=true is already set in /etc/default/grub. But it still
+copies the BLS files which may overwrite fields modified by the user.
+
+Related: rhbz#1638117
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub-switch-to-blscfg.in | 80 +++++++++++++++++++++++--------------------
+ 1 file changed, 42 insertions(+), 38 deletions(-)
+
+diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
+index d353370cc51..eeea1307706 100644
+--- a/util/grub-switch-to-blscfg.in
++++ b/util/grub-switch-to-blscfg.in
+@@ -220,49 +220,51 @@ EOF
+ ) | cat
+ }
+
+-for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
+- bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
+- linux="/vmlinuz-${kernelver}"
+- linux_path="/boot${linux}"
+- kernel_dir="/lib/modules/${kernelver}"
++copy_bls() {
++ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
++ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
++ linux="/vmlinuz-${kernelver}"
++ linux_path="/boot${linux}"
++ kernel_dir="/lib/modules/${kernelver}"
+
+- if [ ! -d "${kernel_dir}" ] ; then
+- continue
+- fi
+- if [ ! -f "${linux_path}" ]; then
+- continue
+- fi
++ if [ ! -d "${kernel_dir}" ] ; then
++ continue
++ fi
++ if [ ! -f "${linux_path}" ]; then
++ continue
++ fi
+
+- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
+- bootprefix="${linux_relpath%%"${linux}"}"
++ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
++ bootprefix="${linux_relpath%%"${linux}"}"
+
+- if [ -f "${kernel_dir}/bls.conf" ] ; then
+- cp -af "${kernel_dir}/bls.conf" "${bls_target}"
+- if [ -n "${bootprefix}" ]; then
+- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}"
+- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}"
+- fi
+- else
+- mkbls "${kernelver}" \
+- "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
+- "${bootprefix}" \
+- >"${bls_target}"
+- fi
++ if [ -f "${kernel_dir}/bls.conf" ] ; then
++ cp -af "${kernel_dir}/bls.conf" "${bls_target}"
++ if [ -n "${bootprefix}" ]; then
++ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}"
++ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}"
++ fi
++ else
++ mkbls "${kernelver}" \
++ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
++ "${bootprefix}" \
++ >"${bls_target}"
++ fi
+
+- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
+- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
+- cp -aT "${bls_target}" "${bls_debug}"
+- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
+- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
+- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
+- sed -i -e "s/^id.*/${blsid}/" "${bls_debug}"
+- sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}"
+- fi
+-done
++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
++ cp -aT "${bls_target}" "${bls_debug}"
++ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
++ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
++ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
++ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}"
++ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}"
++ fi
++ done
+
+-if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
+- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
+-fi
++ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
++ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
++ fi
++}
+
+ GENERATE=0
+ if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \
+@@ -283,6 +285,8 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
+ fi
+
+ if [ "${GENERATE}" -eq 1 ] ; then
++ copy_bls
++
+ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
+ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then
+ exit 1
diff --git a/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch b/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch
deleted file mode 100644
index 31825b0..0000000
--- a/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 30 Nov 2018 16:39:09 +0100
-Subject: [PATCH] Fix menu entry selection based on title
-
-The get_entry_number_helper() function assumes that there could be a set
-of entries identifiers in a variable (i.e: as used in the fallback case)
-so iterates over the string until it finds a space to get the first id.
-
-But this should only be done for indexes or entries id, since the title
-can contain spaces. In the case of title, the complete string should be
-used to select a given entry.
-
-Resolves: rhbz#1654936
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/normal/menu.c | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
-index 95f7abaf2fd..fc25c702f3c 100644
---- a/grub-core/normal/menu.c
-+++ b/grub-core/normal/menu.c
-@@ -217,14 +217,11 @@ get_entry_number_helper(grub_menu_t menu,
-
- for (i = 0, e = menu->entry_list; e; i++)
- {
-- int l = 0;
-- while (val[l] && !grub_isspace(val[l]))
-- l++;
-
-- if (menuentry_eq (e->title, val, l))
-+ if (menuentry_eq (e->title, val, -1))
- {
- if (tail)
-- *tail = val + l;
-+ *tail = NULL;
- return i;
- }
- e = e->next;
diff --git a/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch b/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
deleted file mode 100644
index 1fc6e2d..0000000
--- a/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 4 Dec 2018 10:48:45 +0100
-Subject: [PATCH] BLS files should only be copied by grub-switch-to-blscfg if
- BLS isn't set
-
-Currently the grub-switch-to-blscfg script doesn't update the grub.cfg if
-GRUB_ENABLE_BLSCFG=true is already set in /etc/default/grub. But it still
-copies the BLS files which may overwrite fields modified by the user.
-
-Related: rhbz#1638117
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub-switch-to-blscfg.in | 80 +++++++++++++++++++++++--------------------
- 1 file changed, 42 insertions(+), 38 deletions(-)
-
-diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
-index d353370cc51..eeea1307706 100644
---- a/util/grub-switch-to-blscfg.in
-+++ b/util/grub-switch-to-blscfg.in
-@@ -220,49 +220,51 @@ EOF
- ) | cat
- }
-
--for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
-- bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
-- linux="/vmlinuz-${kernelver}"
-- linux_path="/boot${linux}"
-- kernel_dir="/lib/modules/${kernelver}"
-+copy_bls() {
-+ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
-+ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf"
-+ linux="/vmlinuz-${kernelver}"
-+ linux_path="/boot${linux}"
-+ kernel_dir="/lib/modules/${kernelver}"
-
-- if [ ! -d "${kernel_dir}" ] ; then
-- continue
-- fi
-- if [ ! -f "${linux_path}" ]; then
-- continue
-- fi
-+ if [ ! -d "${kernel_dir}" ] ; then
-+ continue
-+ fi
-+ if [ ! -f "${linux_path}" ]; then
-+ continue
-+ fi
-
-- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
-- bootprefix="${linux_relpath%%"${linux}"}"
-+ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")"
-+ bootprefix="${linux_relpath%%"${linux}"}"
-
-- if [ -f "${kernel_dir}/bls.conf" ] ; then
-- cp -af "${kernel_dir}/bls.conf" "${bls_target}"
-- if [ -n "${bootprefix}" ]; then
-- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}"
-- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}"
-- fi
-- else
-- mkbls "${kernelver}" \
-- "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
-- "${bootprefix}" \
-- >"${bls_target}"
-- fi
-+ if [ -f "${kernel_dir}/bls.conf" ] ; then
-+ cp -af "${kernel_dir}/bls.conf" "${bls_target}"
-+ if [ -n "${bootprefix}" ]; then
-+ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}"
-+ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}"
-+ fi
-+ else
-+ mkbls "${kernelver}" \
-+ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \
-+ "${bootprefix}" \
-+ >"${bls_target}"
-+ fi
-
-- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
-- cp -aT "${bls_target}" "${bls_debug}"
-- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
-- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
-- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
-- sed -i -e "s/^id.*/${blsid}/" "${bls_debug}"
-- sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}"
-- fi
--done
-+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
-+ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")"
-+ cp -aT "${bls_target}" "${bls_debug}"
-+ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
-+ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")"
-+ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}"
-+ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}"
-+ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}"
-+ fi
-+ done
-
--if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
-- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
--fi
-+ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then
-+ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf"
-+ fi
-+}
-
- GENERATE=0
- if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \
-@@ -283,6 +285,8 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
- fi
-
- if [ "${GENERATE}" -eq 1 ] ; then
-+ copy_bls
-+
- if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
- if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then
- exit 1
diff --git a/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
new file mode 100644
index 0000000..f1667a1
--- /dev/null
+++ b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 4 Dec 2018 10:53:49 +0100
+Subject: [PATCH] Fix get_entry_number() wrongly dereferencing the tail pointer
+
+The get_entry_number_helper() function attempts to lookup a boot entry by
+either title or id matching the value of an environment variable. If they
+are a substring of the variable, the tail pointer is set to the first char
+of the remainder of the string.
+
+When get_entry_number() calls this function, it checks if this first char
+is a NUL byte, to know if the variable matched correctly. But tail can be
+set to NULL as well to indicate that there isn't a remainder in the string.
+
+Resolves: rhbz#1654936
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/normal/menu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
+index fc25c702f3c..7e32c498aa8 100644
+--- a/grub-core/normal/menu.c
++++ b/grub-core/normal/menu.c
+@@ -563,7 +563,7 @@ get_entry_number (grub_menu_t menu, const char *name)
+
+ grub_error_push ();
+ entry = get_entry_number_helper(menu, val, &tail);
+- if (*tail != '\0')
++ if (tail && *tail != '\0')
+ entry = -1;
+ grub_error_pop ();
+
diff --git a/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch b/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
deleted file mode 100644
index f1667a1..0000000
--- a/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 4 Dec 2018 10:53:49 +0100
-Subject: [PATCH] Fix get_entry_number() wrongly dereferencing the tail pointer
-
-The get_entry_number_helper() function attempts to lookup a boot entry by
-either title or id matching the value of an environment variable. If they
-are a substring of the variable, the tail pointer is set to the first char
-of the remainder of the string.
-
-When get_entry_number() calls this function, it checks if this first char
-is a NUL byte, to know if the variable matched correctly. But tail can be
-set to NULL as well to indicate that there isn't a remainder in the string.
-
-Resolves: rhbz#1654936
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/normal/menu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
-index fc25c702f3c..7e32c498aa8 100644
---- a/grub-core/normal/menu.c
-+++ b/grub-core/normal/menu.c
-@@ -563,7 +563,7 @@ get_entry_number (grub_menu_t menu, const char *name)
-
- grub_error_push ();
- entry = get_entry_number_helper(menu, val, &tail);
-- if (*tail != '\0')
-+ if (tail && *tail != '\0')
- entry = -1;
- grub_error_pop ();
-
diff --git a/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
new file mode 100644
index 0000000..71fbd51
--- /dev/null
+++ b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
@@ -0,0 +1,99 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 10 Dec 2018 13:11:58 +0100
+Subject: [PATCH] Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in
+ /etc/default/grub
+
+The kernelopts grub environment variable is set with the GRUB_CMDLINE_LINUX
+value only if wasn't set before. This is because the kernel cmdline params
+of the entries are not in the grub.cfg anymore so grub2-mkconfig shouldn't
+have side effects on neither the entries nor their kernel cmdline params.
+
+But there's a lot of documentation pointing at modifying GRUB_CMDLINE_LINUX
+to change the kernel cmdline params and users have built a muscle memory on
+it, so the BLS support should be compatible.
+
+Make the grub2-mkconfig script update the $kernelopts environment variable
+unless the --no-grubenv-update option is used.
+
+Resolves: rhbz#1637875
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub-mkconfig.8 | 4 ++++
+ util/grub-mkconfig.in | 6 ++++++
+ util/grub.d/10_linux.in | 2 +-
+ util/grub.d/10_linux_bls.in | 2 +-
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8
+index a2d1f577b9b..434fa4deda4 100644
+--- a/util/grub-mkconfig.8
++++ b/util/grub-mkconfig.8
+@@ -13,5 +13,9 @@
+ \fB--output\fR=\fIFILE\fR
+ Write generated output to \fIFILE\fR.
+
++.TP
++\fB--no-grubenv-update\fR
++Do not update variables in the grubenv file.
++
+ .SH SEE ALSO
+ .BR "info grub"
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c20171919d9..5e643e16973 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
+ export TEXTDOMAIN=@PACKAGE@
+ export TEXTDOMAINDIR="@localedir@"
+
++export GRUB_GRUBENV_UPDATE="yes"
++
+ . "${pkgdatadir}/grub-mkconfig_lib"
+
+ # Usage: usage
+@@ -59,6 +61,7 @@ usage () {
+ gettext "Generate a grub config file"; echo
+ echo
+ print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")"
++ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")"
+ print_option_help "-h, --help" "$(gettext "print this message and exit")"
+ print_option_help "-v, --version" "$(gettext "print the version information and exit")"
+ echo
+@@ -94,6 +97,9 @@ do
+ --output=*)
+ grub_cfg=`echo "$option" | sed 's/--output=//'`
+ ;;
++ --no-grubenv-update)
++ GRUB_GRUBENV_UPDATE="no"
++ ;;
+ -*)
+ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
+ usage
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index b54d2774a7d..da2992ac9f1 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -165,7 +165,7 @@ if [ -s \$prefix/grubenv ]; then
+ fi
+ EOF
+
+- if ! grub2-editenv - list | grep -q kernelopts; then
++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+ fi
+
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 8cff4c58ab5..175bedd0763 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -225,7 +225,7 @@ linux_entry ()
+ populate_header_warn
+ populate_menu
+
+- if ! grub2-editenv - list | grep -q kernelopts; then
++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+ fi
+
diff --git a/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch b/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
deleted file mode 100644
index 71fbd51..0000000
--- a/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Mon, 10 Dec 2018 13:11:58 +0100
-Subject: [PATCH] Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in
- /etc/default/grub
-
-The kernelopts grub environment variable is set with the GRUB_CMDLINE_LINUX
-value only if wasn't set before. This is because the kernel cmdline params
-of the entries are not in the grub.cfg anymore so grub2-mkconfig shouldn't
-have side effects on neither the entries nor their kernel cmdline params.
-
-But there's a lot of documentation pointing at modifying GRUB_CMDLINE_LINUX
-to change the kernel cmdline params and users have built a muscle memory on
-it, so the BLS support should be compatible.
-
-Make the grub2-mkconfig script update the $kernelopts environment variable
-unless the --no-grubenv-update option is used.
-
-Resolves: rhbz#1637875
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub-mkconfig.8 | 4 ++++
- util/grub-mkconfig.in | 6 ++++++
- util/grub.d/10_linux.in | 2 +-
- util/grub.d/10_linux_bls.in | 2 +-
- 4 files changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8
-index a2d1f577b9b..434fa4deda4 100644
---- a/util/grub-mkconfig.8
-+++ b/util/grub-mkconfig.8
-@@ -13,5 +13,9 @@
- \fB--output\fR=\fIFILE\fR
- Write generated output to \fIFILE\fR.
-
-+.TP
-+\fB--no-grubenv-update\fR
-+Do not update variables in the grubenv file.
-+
- .SH SEE ALSO
- .BR "info grub"
-diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
-index c20171919d9..5e643e16973 100644
---- a/util/grub-mkconfig.in
-+++ b/util/grub-mkconfig.in
-@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
- export TEXTDOMAIN=@PACKAGE@
- export TEXTDOMAINDIR="@localedir@"
-
-+export GRUB_GRUBENV_UPDATE="yes"
-+
- . "${pkgdatadir}/grub-mkconfig_lib"
-
- # Usage: usage
-@@ -59,6 +61,7 @@ usage () {
- gettext "Generate a grub config file"; echo
- echo
- print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")"
-+ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")"
- print_option_help "-h, --help" "$(gettext "print this message and exit")"
- print_option_help "-v, --version" "$(gettext "print the version information and exit")"
- echo
-@@ -94,6 +97,9 @@ do
- --output=*)
- grub_cfg=`echo "$option" | sed 's/--output=//'`
- ;;
-+ --no-grubenv-update)
-+ GRUB_GRUBENV_UPDATE="no"
-+ ;;
- -*)
- gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
- usage
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index b54d2774a7d..da2992ac9f1 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -165,7 +165,7 @@ if [ -s \$prefix/grubenv ]; then
- fi
- EOF
-
-- if ! grub2-editenv - list | grep -q kernelopts; then
-+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
- fi
-
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 8cff4c58ab5..175bedd0763 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -225,7 +225,7 @@ linux_entry ()
- populate_header_warn
- populate_menu
-
-- if ! grub2-editenv - list | grep -q kernelopts; then
-+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
- ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
- fi
-
diff --git a/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
new file mode 100644
index 0000000..4f82ba2
--- /dev/null
+++ b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 3 Sep 2018 13:01:58 +0200
+Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the
+ timer
+
+Add 2 Conditions for running the boot-success timer / service:
+
+1) Do not run it for system users, this fixes errors about gdm not being
+allowed to use pkexec when the greeter session lasts for more then 2 minutes:
+https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6
+
+2) Do not run the timer when pkexec is not available (on minimal installs)
+since then it will just lead to a bunch of errors without doing anything:
+https://bugzilla.redhat.com/show_bug.cgi?id=1619445
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ docs/grub-boot-success.timer | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
+index 221b532781b..67bd829b795 100644
+--- a/docs/grub-boot-success.timer
++++ b/docs/grub-boot-success.timer
+@@ -1,5 +1,7 @@
+ [Unit]
+ Description=Mark boot as successful after the user session has run 2 minutes
++ConditionUser=!@system
++ConditionPathExists=/usr/bin/pkexec
+
+ [Timer]
+ OnActiveSec=2min
diff --git a/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
new file mode 100644
index 0000000..bf4ad27
--- /dev/null
+++ b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
@@ -0,0 +1,69 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Fri, 14 Sep 2018 16:39:40 +0200
+Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer
+ / service
+
+We also want to call grub2-set-bootflag under gdm and pkexec does not
+work under gdm because the gdm user has /sbin/nologin as shell.
+
+So instead we are going to install grub2-set-bootflag as suid root,
+grub2-set-bootflag was written with this usage in mind, so is safe
+to be made suid root.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ docs/grub-boot-success.service | 2 +-
+ docs/grub-boot-success.timer | 1 -
+ docs/org.gnu.grub.policy | 20 --------------------
+ 3 files changed, 1 insertion(+), 22 deletions(-)
+ delete mode 100644 docs/org.gnu.grub.policy
+
+diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service
+index c8c91c34d49..80e79584c91 100644
+--- a/docs/grub-boot-success.service
++++ b/docs/grub-boot-success.service
+@@ -3,4 +3,4 @@ Description=Mark boot as successful
+
+ [Service]
+ Type=oneshot
+-ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success
++ExecStart=/usr/sbin/grub2-set-bootflag boot_success
+diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
+index 67bd829b795..5d8fcba21aa 100644
+--- a/docs/grub-boot-success.timer
++++ b/docs/grub-boot-success.timer
+@@ -1,7 +1,6 @@
+ [Unit]
+ Description=Mark boot as successful after the user session has run 2 minutes
+ ConditionUser=!@system
+-ConditionPathExists=/usr/bin/pkexec
+
+ [Timer]
+ OnActiveSec=2min
+diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy
+deleted file mode 100644
+index 18391efc8e7..00000000000
+--- a/docs/org.gnu.grub.policy
++++ /dev/null
+@@ -1,20 +0,0 @@
+-<?xml version="1.0" encoding="UTF-8"?>
+-<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+-<policyconfig>
+- <vendor>GNU GRUB</vendor>
+- <vendor_url>https://www.gnu.org/software/grub/</vendor_url>
+- <action id="org.gnu.grub.set-bootflag">
+- <!-- SECURITY:
+- - A normal active user on the local machine does not need permission
+- to set bootflags to show the menu / mark current boot successful.
+- -->
+- <description>Set GRUB bootflags</description>
+- <message>Authentication is required to modify the bootloaders bootflags</message>
+- <defaults>
+- <allow_any>no</allow_any>
+- <allow_inactive>no</allow_inactive>
+- <allow_active>yes</allow_active>
+- </defaults>
+- <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/grub2-set-bootflag</annotate>
+- </action>
+-</policyconfig>
diff --git a/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch b/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
deleted file mode 100644
index 4f82ba2..0000000
--- a/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Mon, 3 Sep 2018 13:01:58 +0200
-Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the
- timer
-
-Add 2 Conditions for running the boot-success timer / service:
-
-1) Do not run it for system users, this fixes errors about gdm not being
-allowed to use pkexec when the greeter session lasts for more then 2 minutes:
-https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6
-
-2) Do not run the timer when pkexec is not available (on minimal installs)
-since then it will just lead to a bunch of errors without doing anything:
-https://bugzilla.redhat.com/show_bug.cgi?id=1619445
-
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- docs/grub-boot-success.timer | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
-index 221b532781b..67bd829b795 100644
---- a/docs/grub-boot-success.timer
-+++ b/docs/grub-boot-success.timer
-@@ -1,5 +1,7 @@
- [Unit]
- Description=Mark boot as successful after the user session has run 2 minutes
-+ConditionUser=!@system
-+ConditionPathExists=/usr/bin/pkexec
-
- [Timer]
- OnActiveSec=2min
diff --git a/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
new file mode 100644
index 0000000..3469f7a
--- /dev/null
+++ b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
+Date: Tue, 18 Dec 2018 21:27:45 -0500
+Subject: [PATCH] Fix the looking up grub.cfg-XXX while tftp booting.
+
+Currently, grub doesn't look up grub.cfg-UUID, grub.cfg-MAC and grub.cfg-IP
+while the boot is from tftp. That is because the uuid size is got by
+grub_snprintf(, 0, ,), but the grub_snprintf() always returns 0,
+so grub judges there's no available uuid in the client and give up
+the looking up grub.cfg-XXX.
+
+This issue can be fixed by changing grub_snprintf(, 0, ,) behaivior
+to like as snprintf() from glibc, however, somewhere may expect
+such argument as the error, so it's risky.
+
+Let's use sizeof() and grub_strlen() to calculate the uuid size
+instead of grub_snprintf().
+
+Resolves: rhbz#1658500
+---
+ grub-core/net/net.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index a011b940100..19ff2d486a1 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -1942,11 +1942,9 @@ grub_net_search_configfile (char *config)
+ char *client_uuid_var;
+ grub_size_t client_uuid_var_size;
+
+- client_uuid_var_size = grub_snprintf (NULL, 0,
+- "net_%s_clientuuid", inf->name);
+- if (client_uuid_var_size <= 0)
+- continue;
+- client_uuid_var_size += 1;
++ client_uuid_var_size = sizeof ("net_") + grub_strlen (inf->name) +
++ sizeof ("_clientuuid") + 1;
++
+ client_uuid_var = grub_malloc(client_uuid_var_size);
+ if (!client_uuid_var)
+ continue;
diff --git a/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch b/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
deleted file mode 100644
index bf4ad27..0000000
--- a/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Fri, 14 Sep 2018 16:39:40 +0200
-Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer
- / service
-
-We also want to call grub2-set-bootflag under gdm and pkexec does not
-work under gdm because the gdm user has /sbin/nologin as shell.
-
-So instead we are going to install grub2-set-bootflag as suid root,
-grub2-set-bootflag was written with this usage in mind, so is safe
-to be made suid root.
-
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- docs/grub-boot-success.service | 2 +-
- docs/grub-boot-success.timer | 1 -
- docs/org.gnu.grub.policy | 20 --------------------
- 3 files changed, 1 insertion(+), 22 deletions(-)
- delete mode 100644 docs/org.gnu.grub.policy
-
-diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service
-index c8c91c34d49..80e79584c91 100644
---- a/docs/grub-boot-success.service
-+++ b/docs/grub-boot-success.service
-@@ -3,4 +3,4 @@ Description=Mark boot as successful
-
- [Service]
- Type=oneshot
--ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success
-+ExecStart=/usr/sbin/grub2-set-bootflag boot_success
-diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
-index 67bd829b795..5d8fcba21aa 100644
---- a/docs/grub-boot-success.timer
-+++ b/docs/grub-boot-success.timer
-@@ -1,7 +1,6 @@
- [Unit]
- Description=Mark boot as successful after the user session has run 2 minutes
- ConditionUser=!@system
--ConditionPathExists=/usr/bin/pkexec
-
- [Timer]
- OnActiveSec=2min
-diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy
-deleted file mode 100644
-index 18391efc8e7..00000000000
---- a/docs/org.gnu.grub.policy
-+++ /dev/null
-@@ -1,20 +0,0 @@
--<?xml version="1.0" encoding="UTF-8"?>
--<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
--<policyconfig>
-- <vendor>GNU GRUB</vendor>
-- <vendor_url>https://www.gnu.org/software/grub/</vendor_url>
-- <action id="org.gnu.grub.set-bootflag">
-- <!-- SECURITY:
-- - A normal active user on the local machine does not need permission
-- to set bootflags to show the menu / mark current boot successful.
-- -->
-- <description>Set GRUB bootflags</description>
-- <message>Authentication is required to modify the bootloaders bootflags</message>
-- <defaults>
-- <allow_any>no</allow_any>
-- <allow_inactive>no</allow_inactive>
-- <allow_active>yes</allow_active>
-- </defaults>
-- <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/grub2-set-bootflag</annotate>
-- </action>
--</policyconfig>
diff --git a/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch b/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
deleted file mode 100644
index 3469f7a..0000000
--- a/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
-Date: Tue, 18 Dec 2018 21:27:45 -0500
-Subject: [PATCH] Fix the looking up grub.cfg-XXX while tftp booting.
-
-Currently, grub doesn't look up grub.cfg-UUID, grub.cfg-MAC and grub.cfg-IP
-while the boot is from tftp. That is because the uuid size is got by
-grub_snprintf(, 0, ,), but the grub_snprintf() always returns 0,
-so grub judges there's no available uuid in the client and give up
-the looking up grub.cfg-XXX.
-
-This issue can be fixed by changing grub_snprintf(, 0, ,) behaivior
-to like as snprintf() from glibc, however, somewhere may expect
-such argument as the error, so it's risky.
-
-Let's use sizeof() and grub_strlen() to calculate the uuid size
-instead of grub_snprintf().
-
-Resolves: rhbz#1658500
----
- grub-core/net/net.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/grub-core/net/net.c b/grub-core/net/net.c
-index a011b940100..19ff2d486a1 100644
---- a/grub-core/net/net.c
-+++ b/grub-core/net/net.c
-@@ -1942,11 +1942,9 @@ grub_net_search_configfile (char *config)
- char *client_uuid_var;
- grub_size_t client_uuid_var_size;
-
-- client_uuid_var_size = grub_snprintf (NULL, 0,
-- "net_%s_clientuuid", inf->name);
-- if (client_uuid_var_size <= 0)
-- continue;
-- client_uuid_var_size += 1;
-+ client_uuid_var_size = sizeof ("net_") + grub_strlen (inf->name) +
-+ sizeof ("_clientuuid") + 1;
-+
- client_uuid_var = grub_malloc(client_uuid_var_size);
- if (!client_uuid_var)
- continue;
diff --git a/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch
new file mode 100644
index 0000000..e3edefb
--- /dev/null
+++ b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch
@@ -0,0 +1,23 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stephen Benjamin <stephen@redhat.com>
+Date: Fri, 12 Apr 2019 10:43:13 -0400
+Subject: [PATCH] HTTP boot: strncmp returns 0 on equal
+
+Resolves: rhbz#1490991
+---
+ grub-core/net/efi/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index 2a9624dacc4..484e0c68cee 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -19,7 +19,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
+ const char *rest, *http_server, *http_path = NULL;
+
+ http_server = grub_env_get ("root");
+- https = grub_strncmp (http_server, "https", 5) ? 1 : 0;
++ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0;
+
+ /* extract http server + port */
+ if (http_server)
diff --git a/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch
new file mode 100644
index 0000000..f890e90
--- /dev/null
+++ b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch
@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 25 Apr 2019 17:50:23 +0200
+Subject: [PATCH] Don't duplicate net->name string if not needed
+
+Related: rhbz#1490991
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/http.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index 484e0c68cee..de351b2cd03 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -394,27 +394,27 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
+ grub_err_t err;
+ grub_off_t size;
+ char *buf;
+- char *file_name;
++ char *file_name = NULL;
+ const char *http_path;
+
+ /* If path is relative, prepend http_path */
+ http_path = grub_env_get ("http_path");
+- if (http_path && file->device->net->name[0] != '/')
++ if (http_path && file->device->net->name[0] != '/') {
+ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name);
+- else
+- file_name = grub_strdup (file->device->net->name);
++ if (!file_name)
++ return grub_errno;
++ }
+
+- if (!file_name)
+- return grub_errno;
+-
+- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0);
++ err = efihttp_request (dev->http, file->device->net->server,
++ file_name ? file_name : file->device->net->name, type, 1, 0);
+ if (err != GRUB_ERR_NONE)
+ {
+ grub_free (file_name);
+ return err;
+ }
+
+- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size);
++ err = efihttp_request (dev->http, file->device->net->server,
++ file_name ? file_name : file->device->net->name, type, 0, &size);
+ grub_free (file_name);
+ if (err != GRUB_ERR_NONE)
+ {
diff --git a/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch b/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch
deleted file mode 100644
index e3edefb..0000000
--- a/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stephen Benjamin <stephen@redhat.com>
-Date: Fri, 12 Apr 2019 10:43:13 -0400
-Subject: [PATCH] HTTP boot: strncmp returns 0 on equal
-
-Resolves: rhbz#1490991
----
- grub-core/net/efi/http.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
-index 2a9624dacc4..484e0c68cee 100644
---- a/grub-core/net/efi/http.c
-+++ b/grub-core/net/efi/http.c
-@@ -19,7 +19,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
- const char *rest, *http_server, *http_path = NULL;
-
- http_server = grub_env_get ("root");
-- https = grub_strncmp (http_server, "https", 5) ? 1 : 0;
-+ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0;
-
- /* extract http server + port */
- if (http_server)
diff --git a/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch b/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch
deleted file mode 100644
index f890e90..0000000
--- a/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 25 Apr 2019 17:50:23 +0200
-Subject: [PATCH] Don't duplicate net->name string if not needed
-
-Related: rhbz#1490991
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/net/efi/http.c | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
-index 484e0c68cee..de351b2cd03 100644
---- a/grub-core/net/efi/http.c
-+++ b/grub-core/net/efi/http.c
-@@ -394,27 +394,27 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
- grub_err_t err;
- grub_off_t size;
- char *buf;
-- char *file_name;
-+ char *file_name = NULL;
- const char *http_path;
-
- /* If path is relative, prepend http_path */
- http_path = grub_env_get ("http_path");
-- if (http_path && file->device->net->name[0] != '/')
-+ if (http_path && file->device->net->name[0] != '/') {
- file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name);
-- else
-- file_name = grub_strdup (file->device->net->name);
-+ if (!file_name)
-+ return grub_errno;
-+ }
-
-- if (!file_name)
-- return grub_errno;
--
-- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0);
-+ err = efihttp_request (dev->http, file->device->net->server,
-+ file_name ? file_name : file->device->net->name, type, 1, 0);
- if (err != GRUB_ERR_NONE)
- {
- grub_free (file_name);
- return err;
- }
-
-- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size);
-+ err = efihttp_request (dev->http, file->device->net->server,
-+ file_name ? file_name : file->device->net->name, type, 0, &size);
- grub_free (file_name);
- if (err != GRUB_ERR_NONE)
- {
diff --git a/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
new file mode 100644
index 0000000..17f5179
--- /dev/null
+++ b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
@@ -0,0 +1,39 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 15 Jan 2019 14:57:25 -0500
+Subject: [PATCH] Try to set -fPIE and friends on libgnu.a
+
+In order to make sure UTIL_CFLAGS and UTIL_LDFLAGS can correctly get
+-Wl,-z,relro,-z,now , we need everything going in them to be built with at
+least -fPIC (and preferably -fPIE) wherever we can, or else we get relocations
+in some component object that can't be used with the link type that's being
+used for the final ELF object.
+
+So this makes sure libgnu.a gets built with HOST_CFLAGS and HOST_LDFLAGS,
+which are what is later used to define UTIL_CFLAGS and UTIL_LDFLAGS, and
+includes -fPIE.
+
+Fixes an rpmdiff check.
+
+Related: rhbz#1658500
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/gnulib/Makefile.am | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am
+index b7c5e60e1c3..bd3621930ff 100644
+--- a/grub-core/gnulib/Makefile.am
++++ b/grub-core/gnulib/Makefile.am
+@@ -38,8 +38,8 @@ CLEANFILES =
+ DISTCLEANFILES =
+ MAINTAINERCLEANFILES =
+
+-AM_CPPFLAGS =
+-AM_CFLAGS =
++AM_CPPFLAGS = $(HOST_CPPFLAGS)
++AM_CFLAGS = $(HOST_CFLAGS)
+
+ noinst_LIBRARIES += libgnu.a
+
diff --git a/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch b/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
deleted file mode 100644
index 17f5179..0000000
--- a/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 15 Jan 2019 14:57:25 -0500
-Subject: [PATCH] Try to set -fPIE and friends on libgnu.a
-
-In order to make sure UTIL_CFLAGS and UTIL_LDFLAGS can correctly get
--Wl,-z,relro,-z,now , we need everything going in them to be built with at
-least -fPIC (and preferably -fPIE) wherever we can, or else we get relocations
-in some component object that can't be used with the link type that's being
-used for the final ELF object.
-
-So this makes sure libgnu.a gets built with HOST_CFLAGS and HOST_LDFLAGS,
-which are what is later used to define UTIL_CFLAGS and UTIL_LDFLAGS, and
-includes -fPIE.
-
-Fixes an rpmdiff check.
-
-Related: rhbz#1658500
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/gnulib/Makefile.am | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am
-index b7c5e60e1c3..bd3621930ff 100644
---- a/grub-core/gnulib/Makefile.am
-+++ b/grub-core/gnulib/Makefile.am
-@@ -38,8 +38,8 @@ CLEANFILES =
- DISTCLEANFILES =
- MAINTAINERCLEANFILES =
-
--AM_CPPFLAGS =
--AM_CFLAGS =
-+AM_CPPFLAGS = $(HOST_CPPFLAGS)
-+AM_CFLAGS = $(HOST_CFLAGS)
-
- noinst_LIBRARIES += libgnu.a
-
diff --git a/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
new file mode 100644
index 0000000..13e589f
--- /dev/null
+++ b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 26 Feb 2019 20:11:27 +0100
+Subject: [PATCH] blscfg: fallback to default_kernelopts if BLS option field
+ isn't set
+
+If the $kernelopts variable isn't found, then the entry will fail to boot
+since there won't be a kernel command line params set. This makes the BLS
+configuration more fragile than a non-BLS one, since in that case it will
+boot even without a correct grubenv file.
+
+So set a $default_kernelopts in the GRUB config file that will be used as
+a fallback if the value in the BLS options field can't be resolved.
+
+Related: rhbz#1625124
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/blscfg.c | 7 +++++++
+ util/grub.d/10_linux.in | 2 ++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index c432c6ba27a..11cc82b6f31 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -628,6 +628,9 @@ static char *expand_val(char *value)
+ char *end = value;
+ bool is_var = false;
+
++ if (!value)
++ return NULL;
++
+ while (*value) {
+ if (*value == '$') {
+ if (start != end) {
+@@ -701,6 +704,10 @@ static void create_entry (struct bls_entry *entry)
+
+ title = bls_get_val (entry, "title", NULL);
+ options = expand_val (bls_get_val (entry, "options", NULL));
++
++ if (!options)
++ options = expand_val (grub_env_get("default_kernelopts"));
++
+ initrds = bls_make_list (entry, "initrd", NULL);
+
+ hotkey = bls_get_val (entry, "grub_hotkey", NULL);
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index da2992ac9f1..04fd8953f40 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -158,6 +158,8 @@ linux_entry ()
+ populate_header_warn
+
+ cat << EOF
++set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++
+ insmod blscfg
+ blscfg
+ if [ -s \$prefix/grubenv ]; then
diff --git a/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
new file mode 100644
index 0000000..7b09d5f
--- /dev/null
+++ b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 14 May 2019 20:37:44 +0200
+Subject: [PATCH] Remove bogus load_env after blscfg command in 10_linux
+
+The grubenv is already loaded in the 00_header snippet, so there's
+no need to load it anywhere else.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux.in | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 04fd8953f40..58d18504790 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -162,9 +162,6 @@ set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+
+ insmod blscfg
+ blscfg
+-if [ -s \$prefix/grubenv ]; then
+- load_env
+-fi
+ EOF
+
+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
diff --git a/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch b/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
deleted file mode 100644
index 13e589f..0000000
--- a/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 26 Feb 2019 20:11:27 +0100
-Subject: [PATCH] blscfg: fallback to default_kernelopts if BLS option field
- isn't set
-
-If the $kernelopts variable isn't found, then the entry will fail to boot
-since there won't be a kernel command line params set. This makes the BLS
-configuration more fragile than a non-BLS one, since in that case it will
-boot even without a correct grubenv file.
-
-So set a $default_kernelopts in the GRUB config file that will be used as
-a fallback if the value in the BLS options field can't be resolved.
-
-Related: rhbz#1625124
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/commands/blscfg.c | 7 +++++++
- util/grub.d/10_linux.in | 2 ++
- 2 files changed, 9 insertions(+)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index c432c6ba27a..11cc82b6f31 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -628,6 +628,9 @@ static char *expand_val(char *value)
- char *end = value;
- bool is_var = false;
-
-+ if (!value)
-+ return NULL;
-+
- while (*value) {
- if (*value == '$') {
- if (start != end) {
-@@ -701,6 +704,10 @@ static void create_entry (struct bls_entry *entry)
-
- title = bls_get_val (entry, "title", NULL);
- options = expand_val (bls_get_val (entry, "options", NULL));
-+
-+ if (!options)
-+ options = expand_val (grub_env_get("default_kernelopts"));
-+
- initrds = bls_make_list (entry, "initrd", NULL);
-
- hotkey = bls_get_val (entry, "grub_hotkey", NULL);
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index da2992ac9f1..04fd8953f40 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -158,6 +158,8 @@ linux_entry ()
- populate_header_warn
-
- cat << EOF
-+set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-+
- insmod blscfg
- blscfg
- if [ -s \$prefix/grubenv ]; then
diff --git a/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
new file mode 100644
index 0000000..2ea8828
--- /dev/null
+++ b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 19 Jun 2019 15:57:17 +0200
+Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a
+ Petitboot bug
+
+The GRUB menuentry command allows to separate the arguments for options
+using either a '=' or a ' '. The latter is the convention used when the
+menu entries are defined in the GRUB config file, but this is currently
+not supported by Petitboot.
+
+So as a workaround define the menu entries using '--id=${bls}' instead.
+
+Resolves: rhbz#1721815
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux_bls.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 175bedd0763..8e07a79322b 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -180,7 +180,7 @@ populate_menu()
+ for bls in "${files[@]}" ; do
+ read_config "${blsdir}/${bls}.conf"
+
+- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n"
++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch b/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
deleted file mode 100644
index 7b09d5f..0000000
--- a/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 14 May 2019 20:37:44 +0200
-Subject: [PATCH] Remove bogus load_env after blscfg command in 10_linux
-
-The grubenv is already loaded in the 00_header snippet, so there's
-no need to load it anywhere else.
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux.in | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index 04fd8953f40..58d18504790 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -162,9 +162,6 @@ set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
-
- insmod blscfg
- blscfg
--if [ -s \$prefix/grubenv ]; then
-- load_env
--fi
- EOF
-
- if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
diff --git a/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch
new file mode 100644
index 0000000..5b5ecdc
--- /dev/null
+++ b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch
@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 28 Mar 2019 16:34:42 +0100
+Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu
+ entries
+
+The generated menu entries have a --users $grub_users option but this will
+fail on old versions of GRUB, since it expects the --users option argument
+to either be a constant or a variable that has been set.
+
+The latest GRUB version fix this but the GRUB core isn't updated on a GRUB
+package update, so this will cause the entries to not be shown in the menu
+after a system upgrade.
+
+Since can cause issues and because the entries that weren't generated from
+the BLS snippets didn't have the --users option either, just don't add it.
+
+Resolves: rhbz#1755815
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux_bls.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
+index 8e07a79322b..855dbdd190b 100644
+--- a/util/grub.d/10_linux_bls.in
++++ b/util/grub.d/10_linux_bls.in
+@@ -180,7 +180,7 @@ populate_menu()
+ for bls in "${files[@]}" ; do
+ read_config "${blsdir}/${bls}.conf"
+
+- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n"
++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
deleted file mode 100644
index 2ea8828..0000000
--- a/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Wed, 19 Jun 2019 15:57:17 +0200
-Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a
- Petitboot bug
-
-The GRUB menuentry command allows to separate the arguments for options
-using either a '=' or a ' '. The latter is the convention used when the
-menu entries are defined in the GRUB config file, but this is currently
-not supported by Petitboot.
-
-So as a workaround define the menu entries using '--id=${bls}' instead.
-
-Resolves: rhbz#1721815
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux_bls.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 175bedd0763..8e07a79322b 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -180,7 +180,7 @@ populate_menu()
- for bls in "${files[@]}" ; do
- read_config "${blsdir}/${bls}.conf"
-
-- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n"
-+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n"
- menu="${menu}\t linux ${linux} ${options}\n"
- if [ -n "${initrd}" ] ; then
- menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
deleted file mode 100644
index 5b5ecdc..0000000
--- a/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 28 Mar 2019 16:34:42 +0100
-Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu
- entries
-
-The generated menu entries have a --users $grub_users option but this will
-fail on old versions of GRUB, since it expects the --users option argument
-to either be a constant or a variable that has been set.
-
-The latest GRUB version fix this but the GRUB core isn't updated on a GRUB
-package update, so this will cause the entries to not be shown in the menu
-after a system upgrade.
-
-Since can cause issues and because the entries that weren't generated from
-the BLS snippets didn't have the --users option either, just don't add it.
-
-Resolves: rhbz#1755815
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- util/grub.d/10_linux_bls.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in
-index 8e07a79322b..855dbdd190b 100644
---- a/util/grub.d/10_linux_bls.in
-+++ b/util/grub.d/10_linux_bls.in
-@@ -180,7 +180,7 @@ populate_menu()
- for bls in "${files[@]}" ; do
- read_config "${blsdir}/${bls}.conf"
-
-- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n"
-+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n"
- menu="${menu}\t linux ${linux} ${options}\n"
- if [ -n "${initrd}" ] ; then
- menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
diff --git a/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch
new file mode 100644
index 0000000..e1fb2b5
--- /dev/null
+++ b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 13 Nov 2019 12:15:43 +0100
+Subject: [PATCH] grub-set-bootflag: Update comment about running as root
+ through pkexec
+
+We have stopped using pkexec for grub-set-bootflag, instead it is now
+installed suid root, update the comment accordingly.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub-set-bootflag.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
+index f8dc310909a..32f1c104a2b 100644
+--- a/util/grub-set-bootflag.c
++++ b/util/grub-set-bootflag.c
+@@ -18,7 +18,7 @@
+ */
+
+ /*
+- * NOTE this gets run by users as root (through pkexec), so this does not
++ * NOTE this gets run by users as root (its suid root), so this does not
+ * use any grub library / util functions to allow for easy auditing.
+ * The grub headers are only included to get certain defines.
+ */
diff --git a/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
deleted file mode 100644
index e1fb2b5..0000000
--- a/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Wed, 13 Nov 2019 12:15:43 +0100
-Subject: [PATCH] grub-set-bootflag: Update comment about running as root
- through pkexec
-
-We have stopped using pkexec for grub-set-bootflag, instead it is now
-installed suid root, update the comment accordingly.
-
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- util/grub-set-bootflag.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
-index f8dc310909a..32f1c104a2b 100644
---- a/util/grub-set-bootflag.c
-+++ b/util/grub-set-bootflag.c
-@@ -18,7 +18,7 @@
- */
-
- /*
-- * NOTE this gets run by users as root (through pkexec), so this does not
-+ * NOTE this gets run by users as root (its suid root), so this does not
- * use any grub library / util functions to allow for easy auditing.
- * The grub headers are only included to get certain defines.
- */
diff --git a/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
new file mode 100644
index 0000000..32e07d5
--- /dev/null
+++ b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
@@ -0,0 +1,152 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Fri, 22 Nov 2019 11:54:27 +0100
+Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename
+
+Make the grubenv writing code in grub-set-bootflag more robust by
+writing the modified grubenv to a tmpfile first and then renaming the
+tmpfile over the old grubenv (following symlinks).
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 78 insertions(+), 9 deletions(-)
+
+diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
+index 32f1c104a2b..d3b80a0d204 100644
+--- a/util/grub-set-bootflag.c
++++ b/util/grub-set-bootflag.c
+@@ -26,7 +26,9 @@
+ #include <config-util.h> /* For *_DIR_NAME defines */
+ #include <grub/types.h>
+ #include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
++#include <limits.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+
+@@ -52,8 +54,10 @@ int main(int argc, char *argv[])
+ {
+ /* NOTE buf must be at least the longest bootflag length + 4 bytes */
+ char env[GRUBENV_SIZE + 1], buf[64], *s;
++ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */
++ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1];
+ const char *bootflag;
+- int i, len, ret;
++ int i, fd, len, ret;
+ FILE *f;
+
+ if (argc != 2)
+@@ -75,7 +79,32 @@ int main(int argc, char *argv[])
+ bootflag = bootflags[i];
+ len = strlen (bootflag);
+
+- f = fopen (GRUBENV, "r");
++ /*
++ * Really become root. setuid avoids an user killing us, possibly leaking
++ * the tmpfile. setgid avoids the new grubenv's gid being that of the user.
++ */
++ ret = setuid(0);
++ if (ret)
++ {
++ perror ("Error setuid(0) failed");
++ return 1;
++ }
++
++ ret = setgid(0);
++ if (ret)
++ {
++ perror ("Error setgid(0) failed");
++ return 1;
++ }
++
++ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */
++ if (!realpath(GRUBENV, env_filename))
++ {
++ perror ("Error canonicalizing " GRUBENV " filename");
++ return 1;
++ }
++
++ f = fopen (env_filename, "r");
+ if (!f)
+ {
+ perror ("Error opening " GRUBENV " for reading");
+@@ -129,30 +158,70 @@ int main(int argc, char *argv[])
+ snprintf(buf, sizeof(buf), "%s=1\n", bootflag);
+ memcpy(s, buf, len + 3);
+
+- /* "r+", don't truncate so that the diskspace stays reserved */
+- f = fopen (GRUBENV, "r+");
++
++ /*
++ * Create a tempfile for writing the new env. Use the canonicalized filename
++ * for the template so that the tmpfile is in the same dir / on same fs.
++ */
++ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename);
++ fd = mkstemp(tmp_filename);
++ if (fd == -1)
++ {
++ perror ("Creating tmpfile failed");
++ return 1;
++ }
++
++ f = fdopen (fd, "w");
+ if (!f)
+ {
+- perror ("Error opening " GRUBENV " for writing");
++ perror ("Error fdopen of tmpfile failed");
++ unlink(tmp_filename);
+ return 1;
+ }
+
+ ret = fwrite (env, 1, GRUBENV_SIZE, f);
+ if (ret != GRUBENV_SIZE)
+ {
+- perror ("Error writing to " GRUBENV);
++ perror ("Error writing tmpfile");
++ unlink(tmp_filename);
+ return 1;
+ }
+
+ ret = fflush (f);
+ if (ret)
+ {
+- perror ("Error flushing " GRUBENV);
++ perror ("Error flushing tmpfile");
++ unlink(tmp_filename);
+ return 1;
+ }
+
+- fsync (fileno (f));
+- fclose (f);
++ ret = fsync (fileno (f));
++ if (ret)
++ {
++ perror ("Error syncing tmpfile");
++ unlink(tmp_filename);
++ return 1;
++ }
++
++ ret = fclose (f);
++ if (ret)
++ {
++ perror ("Error closing tmpfile");
++ unlink(tmp_filename);
++ return 1;
++ }
++
++ /*
++ * And finally rename the tmpfile with the new env over the old env, the
++ * linux kernel guarantees that this is atomic (from a syscall pov).
++ */
++ ret = rename(tmp_filename, env_filename);
++ if (ret)
++ {
++ perror ("Error renaming tmpfile to " GRUBENV " failed");
++ unlink(tmp_filename);
++ return 1;
++ }
+
+ return 0;
+ }
diff --git a/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch
new file mode 100644
index 0000000..fd71d99
--- /dev/null
+++ b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 28 Nov 2019 13:23:59 +0100
+Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition
+
+The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8
+since in that case the grub_efi_status_t is a grub_int32_t typedef. This
+leads to the following covscan warnings:
+
+grub-2.02/include/grub/dl.h:29: included_from: Included from here.
+grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here.
+grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here.
+grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf'
+grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=]
+grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf'
+
+Related: rhbz#1761811
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ include/grub/efi/api.h | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
+index b337e1a193d..6c440c61316 100644
+--- a/include/grub/efi/api.h
++++ b/include/grub/efi/api.h
+@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t;
+ typedef grub_efi_intn_t grub_efi_status_t;
+ /* Make grub_efi_status_t reasonably printable. */
+ #if GRUB_CPU_SIZEOF_VOID_P == 8
+-#define PRIxGRUB_EFI_STATUS "lx"
+-#define PRIdGRUB_EFI_STATUS "ld"
++# if GRUB_CPU_SIZEOF_LONG == 8
++# define PRIxGRUB_EFI_STATUS "lx"
++# define PRIdGRUB_EFI_STATUS "ld"
++# else
++# define PRIxGRUB_EFI_STATUS "llx"
++# define PRIdGRUB_EFI_STATUS "lld"
++# endif
+ #else
+-#define PRIxGRUB_EFI_STATUS "llx"
+-#define PRIdGRUB_EFI_STATUS "lld"
++# define PRIxGRUB_EFI_STATUS "x"
++# define PRIdGRUB_EFI_STATUS "d"
+ #endif
+
+ #define GRUB_EFI_ERROR_CODE(value) \
diff --git a/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
deleted file mode 100644
index 32e07d5..0000000
--- a/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Fri, 22 Nov 2019 11:54:27 +0100
-Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename
-
-Make the grubenv writing code in grub-set-bootflag more robust by
-writing the modified grubenv to a tmpfile first and then renaming the
-tmpfile over the old grubenv (following symlinks).
-
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 78 insertions(+), 9 deletions(-)
-
-diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
-index 32f1c104a2b..d3b80a0d204 100644
---- a/util/grub-set-bootflag.c
-+++ b/util/grub-set-bootflag.c
-@@ -26,7 +26,9 @@
- #include <config-util.h> /* For *_DIR_NAME defines */
- #include <grub/types.h>
- #include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
-+#include <limits.h>
- #include <stdio.h>
-+#include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-
-@@ -52,8 +54,10 @@ int main(int argc, char *argv[])
- {
- /* NOTE buf must be at least the longest bootflag length + 4 bytes */
- char env[GRUBENV_SIZE + 1], buf[64], *s;
-+ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */
-+ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1];
- const char *bootflag;
-- int i, len, ret;
-+ int i, fd, len, ret;
- FILE *f;
-
- if (argc != 2)
-@@ -75,7 +79,32 @@ int main(int argc, char *argv[])
- bootflag = bootflags[i];
- len = strlen (bootflag);
-
-- f = fopen (GRUBENV, "r");
-+ /*
-+ * Really become root. setuid avoids an user killing us, possibly leaking
-+ * the tmpfile. setgid avoids the new grubenv's gid being that of the user.
-+ */
-+ ret = setuid(0);
-+ if (ret)
-+ {
-+ perror ("Error setuid(0) failed");
-+ return 1;
-+ }
-+
-+ ret = setgid(0);
-+ if (ret)
-+ {
-+ perror ("Error setgid(0) failed");
-+ return 1;
-+ }
-+
-+ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */
-+ if (!realpath(GRUBENV, env_filename))
-+ {
-+ perror ("Error canonicalizing " GRUBENV " filename");
-+ return 1;
-+ }
-+
-+ f = fopen (env_filename, "r");
- if (!f)
- {
- perror ("Error opening " GRUBENV " for reading");
-@@ -129,30 +158,70 @@ int main(int argc, char *argv[])
- snprintf(buf, sizeof(buf), "%s=1\n", bootflag);
- memcpy(s, buf, len + 3);
-
-- /* "r+", don't truncate so that the diskspace stays reserved */
-- f = fopen (GRUBENV, "r+");
-+
-+ /*
-+ * Create a tempfile for writing the new env. Use the canonicalized filename
-+ * for the template so that the tmpfile is in the same dir / on same fs.
-+ */
-+ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename);
-+ fd = mkstemp(tmp_filename);
-+ if (fd == -1)
-+ {
-+ perror ("Creating tmpfile failed");
-+ return 1;
-+ }
-+
-+ f = fdopen (fd, "w");
- if (!f)
- {
-- perror ("Error opening " GRUBENV " for writing");
-+ perror ("Error fdopen of tmpfile failed");
-+ unlink(tmp_filename);
- return 1;
- }
-
- ret = fwrite (env, 1, GRUBENV_SIZE, f);
- if (ret != GRUBENV_SIZE)
- {
-- perror ("Error writing to " GRUBENV);
-+ perror ("Error writing tmpfile");
-+ unlink(tmp_filename);
- return 1;
- }
-
- ret = fflush (f);
- if (ret)
- {
-- perror ("Error flushing " GRUBENV);
-+ perror ("Error flushing tmpfile");
-+ unlink(tmp_filename);
- return 1;
- }
-
-- fsync (fileno (f));
-- fclose (f);
-+ ret = fsync (fileno (f));
-+ if (ret)
-+ {
-+ perror ("Error syncing tmpfile");
-+ unlink(tmp_filename);
-+ return 1;
-+ }
-+
-+ ret = fclose (f);
-+ if (ret)
-+ {
-+ perror ("Error closing tmpfile");
-+ unlink(tmp_filename);
-+ return 1;
-+ }
-+
-+ /*
-+ * And finally rename the tmpfile with the new env over the old env, the
-+ * linux kernel guarantees that this is atomic (from a syscall pov).
-+ */
-+ ret = rename(tmp_filename, env_filename);
-+ if (ret)
-+ {
-+ perror ("Error renaming tmpfile to " GRUBENV " failed");
-+ unlink(tmp_filename);
-+ return 1;
-+ }
-
- return 0;
- }
diff --git a/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
deleted file mode 100644
index fd71d99..0000000
--- a/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 28 Nov 2019 13:23:59 +0100
-Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition
-
-The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8
-since in that case the grub_efi_status_t is a grub_int32_t typedef. This
-leads to the following covscan warnings:
-
-grub-2.02/include/grub/dl.h:29: included_from: Included from here.
-grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here.
-grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here.
-grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf'
-grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=]
-grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf'
-
-Related: rhbz#1761811
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- include/grub/efi/api.h | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
-index b337e1a193d..6c440c61316 100644
---- a/include/grub/efi/api.h
-+++ b/include/grub/efi/api.h
-@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t;
- typedef grub_efi_intn_t grub_efi_status_t;
- /* Make grub_efi_status_t reasonably printable. */
- #if GRUB_CPU_SIZEOF_VOID_P == 8
--#define PRIxGRUB_EFI_STATUS "lx"
--#define PRIdGRUB_EFI_STATUS "ld"
-+# if GRUB_CPU_SIZEOF_LONG == 8
-+# define PRIxGRUB_EFI_STATUS "lx"
-+# define PRIdGRUB_EFI_STATUS "ld"
-+# else
-+# define PRIxGRUB_EFI_STATUS "llx"
-+# define PRIdGRUB_EFI_STATUS "lld"
-+# endif
- #else
--#define PRIxGRUB_EFI_STATUS "llx"
--#define PRIdGRUB_EFI_STATUS "lld"
-+# define PRIxGRUB_EFI_STATUS "x"
-+# define PRIdGRUB_EFI_STATUS "d"
- #endif
-
- #define GRUB_EFI_ERROR_CODE(value) \
diff --git a/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
new file mode 100644
index 0000000..45dd94b
--- /dev/null
+++ b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
@@ -0,0 +1,100 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 16 Oct 2019 15:32:04 +0200
+Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of
+ error
+
+If the calls to EFI services to do TPM measuraments fail, currently error
+messages are printed. But this is not a fatal error and just pollutes the
+output, so instead just print them as debug messages.
+
+Resolves: rhbz#1761811
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++-----------------------
+ 1 file changed, 30 insertions(+), 28 deletions(-)
+
+diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
+index 0d3ebe22e57..5dc90865242 100644
+--- a/grub-core/kern/efi/tpm.c
++++ b/grub-core/kern/efi/tpm.c
+@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+ }
+ }
+
++static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status)
++{
++ switch (status) {
++ case GRUB_EFI_SUCCESS:
++ return 0;
++ case GRUB_EFI_DEVICE_ERROR:
++ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n",
++ status);
++ return GRUB_ERR_IO;
++ case GRUB_EFI_INVALID_PARAMETER:
++ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n",
++ status);
++ return GRUB_ERR_BAD_ARGUMENT;
++ case GRUB_EFI_BUFFER_TOO_SMALL:
++ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n",
++ status);
++ return GRUB_ERR_BAD_ARGUMENT;
++ case GRUB_EFI_NOT_FOUND:
++ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n",
++ status);
++ return GRUB_ERR_UNKNOWN_DEVICE;
++ default:
++ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n",
++ status);
++ return GRUB_ERR_UNKNOWN_DEVICE;
++ }
++}
++
+ static grub_err_t
+ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ (unsigned long) buf, (grub_uint64_t) size,
+ algorithm, event, &eventnum, &lastevent);
+
+- switch (status) {
+- case GRUB_EFI_SUCCESS:
+- return 0;
+- case GRUB_EFI_DEVICE_ERROR:
+- return grub_error (GRUB_ERR_IO, N_("Command failed"));
+- case GRUB_EFI_INVALID_PARAMETER:
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+- case GRUB_EFI_BUFFER_TOO_SMALL:
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+- case GRUB_EFI_NOT_FOUND:
+- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+- default:
+- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+- }
++ return grub_tpm_dprintf(status);
+ }
+
+ static grub_err_t
+@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf,
+ (grub_uint64_t) size, event);
+
+- switch (status) {
+- case GRUB_EFI_SUCCESS:
+- return 0;
+- case GRUB_EFI_DEVICE_ERROR:
+- return grub_error (GRUB_ERR_IO, N_("Command failed"));
+- case GRUB_EFI_INVALID_PARAMETER:
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+- case GRUB_EFI_BUFFER_TOO_SMALL:
+- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+- case GRUB_EFI_NOT_FOUND:
+- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+- default:
+- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+- }
++ return grub_tpm_dprintf(status);
+ }
+
+ grub_err_t
diff --git a/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
deleted file mode 100644
index 45dd94b..0000000
--- a/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Wed, 16 Oct 2019 15:32:04 +0200
-Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of
- error
-
-If the calls to EFI services to do TPM measuraments fail, currently error
-messages are printed. But this is not a fatal error and just pollutes the
-output, so instead just print them as debug messages.
-
-Resolves: rhbz#1761811
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++-----------------------
- 1 file changed, 30 insertions(+), 28 deletions(-)
-
-diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
-index 0d3ebe22e57..5dc90865242 100644
---- a/grub-core/kern/efi/tpm.c
-+++ b/grub-core/kern/efi/tpm.c
-@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
- }
- }
-
-+static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status)
-+{
-+ switch (status) {
-+ case GRUB_EFI_SUCCESS:
-+ return 0;
-+ case GRUB_EFI_DEVICE_ERROR:
-+ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n",
-+ status);
-+ return GRUB_ERR_IO;
-+ case GRUB_EFI_INVALID_PARAMETER:
-+ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n",
-+ status);
-+ return GRUB_ERR_BAD_ARGUMENT;
-+ case GRUB_EFI_BUFFER_TOO_SMALL:
-+ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n",
-+ status);
-+ return GRUB_ERR_BAD_ARGUMENT;
-+ case GRUB_EFI_NOT_FOUND:
-+ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n",
-+ status);
-+ return GRUB_ERR_UNKNOWN_DEVICE;
-+ default:
-+ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n",
-+ status);
-+ return GRUB_ERR_UNKNOWN_DEVICE;
-+ }
-+}
-+
- static grub_err_t
- grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
- grub_size_t size, grub_uint8_t pcr,
-@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
- (unsigned long) buf, (grub_uint64_t) size,
- algorithm, event, &eventnum, &lastevent);
-
-- switch (status) {
-- case GRUB_EFI_SUCCESS:
-- return 0;
-- case GRUB_EFI_DEVICE_ERROR:
-- return grub_error (GRUB_ERR_IO, N_("Command failed"));
-- case GRUB_EFI_INVALID_PARAMETER:
-- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-- case GRUB_EFI_BUFFER_TOO_SMALL:
-- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-- case GRUB_EFI_NOT_FOUND:
-- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-- default:
-- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-- }
-+ return grub_tpm_dprintf(status);
- }
-
- static grub_err_t
-@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
- status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf,
- (grub_uint64_t) size, event);
-
-- switch (status) {
-- case GRUB_EFI_SUCCESS:
-- return 0;
-- case GRUB_EFI_DEVICE_ERROR:
-- return grub_error (GRUB_ERR_IO, N_("Command failed"));
-- case GRUB_EFI_INVALID_PARAMETER:
-- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
-- case GRUB_EFI_BUFFER_TOO_SMALL:
-- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
-- case GRUB_EFI_NOT_FOUND:
-- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
-- default:
-- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
-- }
-+ return grub_tpm_dprintf(status);
- }
-
- grub_err_t
diff --git a/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch
new file mode 100644
index 0000000..8044070
--- /dev/null
+++ b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch
@@ -0,0 +1,66 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paul Menzel <pmenzel@molgen.mpg.de>
+Date: Tue, 23 Oct 2018 15:00:13 +0200
+Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on
+ UEFI system
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On a UEFI system, were no boot entry *grub* is present, currently,
+`grub-install` fails with an error.
+
+ $ efibootmgr
+ BootCurrent: 0000
+ Timeout: 0 seconds
+ BootOrder: 0001,0006,0003,0004,0005
+ Boot0001 Diskette Drive
+ Boot0003* USB Storage Device
+ Boot0004* CD/DVD/CD-RW Drive
+ Boot0005 Onboard NIC
+ Boot0006* WDC WD2500AAKX-75U6AA0
+ $ sudo grub-install /dev/sda
+ Installing for x86_64-efi platform.
+ grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020.
+
+The error code is always different, and the error message (incorrectly)
+points to efibootmgr.
+
+But, the error is in GRUB’s function
+`grub_install_remove_efi_entries_by_distributor()`, where the variable
+`rc` for the return value, is uninitialized and never set, when no boot
+entry for the distributor is found.
+
+The content of that uninitialized variable is then returned as the error
+code of efibootmgr.
+
+Set the variable to 0, so that success is returned, when no entry needs
+to be deleted.
+
+Tested on Dell OptiPlex 7010 with firmware A28.
+
+ $ sudo ./grub-install /dev/sda
+ Installing for x86_64-efi platform.
+ Installation finished. No error reported.
+
+[1]: https://github.com/rhboot/efibootmgr/issues/100
+
+Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/osdep/unix/platform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
+index ca448bc11a0..55b8f401624 100644
+--- a/grub-core/osdep/unix/platform.c
++++ b/grub-core/osdep/unix/platform.c
+@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
+ pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
+ char *line = NULL;
+ size_t len = 0;
+- int rc;
++ int rc = 0;
+
+ if (!pid)
+ {
diff --git a/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch
new file mode 100644
index 0000000..80225c2
--- /dev/null
+++ b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch
@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 26 Nov 2019 09:51:41 +0100
+Subject: [PATCH] blscfg: add a space char when appending fields for variable
+ expansion
+
+The GRUB variables are expanded and replaced by their values before adding
+menu entries, but they didn't include space characters after the values so
+the result was not correct.
+
+For the common case this wasn't a problem but it is if there are variables
+that are part of the values of other variables.
+
+Resolves: rhbz#1669252
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/blscfg.c | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 11cc82b6f31..c92e1c84543 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num)
+
+ static char *field_append(bool is_var, char *buffer, char *start, char *end)
+ {
+- char *temp = grub_strndup(start, end - start + 1);
+- const char *field = temp;
++ char *tmp = grub_strndup(start, end - start + 1);
++ const char *field = tmp;
++ int term = is_var ? 2 : 1;
+
+ if (is_var) {
+- field = grub_env_get (temp);
++ field = grub_env_get (tmp);
+ if (!field)
+ return buffer;
+ }
+
+- if (!buffer) {
+- buffer = grub_strdup(field);
+- if (!buffer)
+- return NULL;
+- } else {
+- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
+- if (!buffer)
+- return NULL;
++ if (!buffer)
++ buffer = grub_zalloc (grub_strlen(field) + term);
++ else
++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term);
+
+- grub_stpcpy (buffer + grub_strlen(buffer), field);
+- }
++ if (!buffer)
++ return NULL;
++
++ tmp = buffer + grub_strlen(buffer);
++ tmp = grub_stpcpy (tmp, field);
++
++ if (is_var)
++ tmp = grub_stpcpy (tmp, " ");
+
+ return buffer;
+ }
+@@ -646,6 +649,8 @@ static char *expand_val(char *value)
+ buffer = field_append(is_var, buffer, start, end);
+ is_var = false;
+ start = value;
++ if (*start == ' ')
++ start++;
+ }
+ }
+
diff --git a/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
deleted file mode 100644
index 8044070..0000000
--- a/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paul Menzel <pmenzel@molgen.mpg.de>
-Date: Tue, 23 Oct 2018 15:00:13 +0200
-Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on
- UEFI system
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-On a UEFI system, were no boot entry *grub* is present, currently,
-`grub-install` fails with an error.
-
- $ efibootmgr
- BootCurrent: 0000
- Timeout: 0 seconds
- BootOrder: 0001,0006,0003,0004,0005
- Boot0001 Diskette Drive
- Boot0003* USB Storage Device
- Boot0004* CD/DVD/CD-RW Drive
- Boot0005 Onboard NIC
- Boot0006* WDC WD2500AAKX-75U6AA0
- $ sudo grub-install /dev/sda
- Installing for x86_64-efi platform.
- grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020.
-
-The error code is always different, and the error message (incorrectly)
-points to efibootmgr.
-
-But, the error is in GRUB’s function
-`grub_install_remove_efi_entries_by_distributor()`, where the variable
-`rc` for the return value, is uninitialized and never set, when no boot
-entry for the distributor is found.
-
-The content of that uninitialized variable is then returned as the error
-code of efibootmgr.
-
-Set the variable to 0, so that success is returned, when no entry needs
-to be deleted.
-
-Tested on Dell OptiPlex 7010 with firmware A28.
-
- $ sudo ./grub-install /dev/sda
- Installing for x86_64-efi platform.
- Installation finished. No error reported.
-
-[1]: https://github.com/rhboot/efibootmgr/issues/100
-
-Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
----
- grub-core/osdep/unix/platform.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
-index ca448bc11a0..55b8f401624 100644
---- a/grub-core/osdep/unix/platform.c
-+++ b/grub-core/osdep/unix/platform.c
-@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
- pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
- char *line = NULL;
- size_t len = 0;
-- int rc;
-+ int rc = 0;
-
- if (!pid)
- {
diff --git a/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch
deleted file mode 100644
index 80225c2..0000000
--- a/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 26 Nov 2019 09:51:41 +0100
-Subject: [PATCH] blscfg: add a space char when appending fields for variable
- expansion
-
-The GRUB variables are expanded and replaced by their values before adding
-menu entries, but they didn't include space characters after the values so
-the result was not correct.
-
-For the common case this wasn't a problem but it is if there are variables
-that are part of the values of other variables.
-
-Resolves: rhbz#1669252
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- grub-core/commands/blscfg.c | 31 ++++++++++++++++++-------------
- 1 file changed, 18 insertions(+), 13 deletions(-)
-
-diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
-index 11cc82b6f31..c92e1c84543 100644
---- a/grub-core/commands/blscfg.c
-+++ b/grub-core/commands/blscfg.c
-@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num)
-
- static char *field_append(bool is_var, char *buffer, char *start, char *end)
- {
-- char *temp = grub_strndup(start, end - start + 1);
-- const char *field = temp;
-+ char *tmp = grub_strndup(start, end - start + 1);
-+ const char *field = tmp;
-+ int term = is_var ? 2 : 1;
-
- if (is_var) {
-- field = grub_env_get (temp);
-+ field = grub_env_get (tmp);
- if (!field)
- return buffer;
- }
-
-- if (!buffer) {
-- buffer = grub_strdup(field);
-- if (!buffer)
-- return NULL;
-- } else {
-- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
-- if (!buffer)
-- return NULL;
-+ if (!buffer)
-+ buffer = grub_zalloc (grub_strlen(field) + term);
-+ else
-+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term);
-
-- grub_stpcpy (buffer + grub_strlen(buffer), field);
-- }
-+ if (!buffer)
-+ return NULL;
-+
-+ tmp = buffer + grub_strlen(buffer);
-+ tmp = grub_stpcpy (tmp, field);
-+
-+ if (is_var)
-+ tmp = grub_stpcpy (tmp, " ");
-
- return buffer;
- }
-@@ -646,6 +649,8 @@ static char *expand_val(char *value)
- buffer = field_append(is_var, buffer, start, end);
- is_var = false;
- start = value;
-+ if (*start == ' ')
-+ start++;
- }
- }
-
diff --git a/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch
new file mode 100644
index 0000000..125ff1b
--- /dev/null
+++ b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch
@@ -0,0 +1,50 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 5 Mar 2020 16:21:47 +0100
+Subject: [PATCH] efi/http: Export {fw,http}_path variables to make them global
+
+The fw_path environment variable is used by http_configure() function to
+determine the HTTP path that should be used as prefix when using relative
+HTTP paths. And this is stored in the http_path environment variable.
+
+Later, that variable is looked up by grub_efihttp_open() to generate the
+complete path to be used in the HTTP request.
+
+But these variables are not exported, which means that are not global and
+so are only found in the initial context.
+
+This can cause commands like configfile that create a new context to fail
+because the fw_path and http_path variables will not be found.
+
+Resolves: rhbz#1811561
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/kern/main.c | 1 +
+ grub-core/net/efi/http.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
+index dcf48726d54..9bf6a8b231a 100644
+--- a/grub-core/kern/main.c
++++ b/grub-core/kern/main.c
+@@ -142,6 +142,7 @@ grub_set_prefix_and_root (void)
+ if (fw_path)
+ {
+ grub_env_set ("fw_path", fw_path);
++ grub_env_export ("fw_path");
+ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path);
+ grub_free (fw_path);
+ }
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index de351b2cd03..755b7a6d054 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
+ http_path++;
+ grub_env_unset ("http_path");
+ grub_env_set ("http_path", http_path);
++ grub_env_export ("http_path");
+ }
+ }
+
diff --git a/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch
new file mode 100644
index 0000000..4756853
--- /dev/null
+++ b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch
@@ -0,0 +1,114 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 5 Mar 2020 16:21:58 +0100
+Subject: [PATCH] efi/http: Enclose literal IPv6 addresses in square brackets
+
+According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6
+addresses must be enclosed in square brackets. But GRUB currently does not
+do this and is causing HTTP servers to send Bad Request (400) responses.
+
+For example, the following is the HTTP stream when fetching a config file:
+
+HEAD /EFI/BOOT/grub.cfg HTTP/1.1
+Host: 2000:dead:beef:a::1
+Accept: */*
+User-Agent: UefiHttpBoot/1.0
+
+HTTP/1.1 400 Bad Request
+Date: Thu, 05 Mar 2020 14:46:02 GMT
+Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d
+Connection: close
+Content-Type: text/html; charset=iso-8859-1
+
+and after enclosing the IPv6 address the HTTP request is successful:
+
+HEAD /EFI/BOOT/grub.cfg HTTP/1.1
+Host: [2000:dead:beef:a::1]
+Accept: */*
+User-Agent: UefiHttpBoot/1.0
+
+HTTP/1.1 200 OK
+Date: Thu, 05 Mar 2020 14:48:04 GMT
+Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d
+Last-Modified: Thu, 27 Feb 2020 17:45:58 GMT
+ETag: "206-59f924b24b1da"
+Accept-Ranges: bytes
+Content-Length: 518
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++---------
+ 1 file changed, 28 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index 755b7a6d054..fc8cb25ae0a 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+ grub_efi_status_t status;
+ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services;
+ char *url = NULL;
+-
+- request_headers[0].field_name = (grub_efi_char8_t *)"Host";
+- request_headers[0].field_value = (grub_efi_char8_t *)server;
+- request_headers[1].field_name = (grub_efi_char8_t *)"Accept";
+- request_headers[1].field_value = (grub_efi_char8_t *)"*/*";
+- request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent";
+- request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0";
++ char *hostname = NULL;
+
+ {
+ grub_efi_ipv6_address_t address;
+@@ -174,9 +168,24 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+ const char *protocol = (use_https == 1) ? "https" : "http";
+
+ if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0)
+- url = grub_xasprintf ("%s://[%s]%s", protocol, server, name);
++ {
++ hostname = grub_xasprintf ("[%s]", server);
++ if (!hostname)
++ return GRUB_ERR_OUT_OF_MEMORY;
++
++ server = hostname;
++
++ url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++ if (!url)
++ {
++ grub_free (hostname);
++ return GRUB_ERR_OUT_OF_MEMORY;
++ }
++ }
+ else
+- url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++ {
++ url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++ }
+
+ if (!url)
+ {
+@@ -199,6 +208,13 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+ request_data.url = ucs2_url;
+ }
+
++ request_headers[0].field_name = (grub_efi_char8_t *)"Host";
++ request_headers[0].field_value = (grub_efi_char8_t *)server;
++ request_headers[1].field_name = (grub_efi_char8_t *)"Accept";
++ request_headers[1].field_value = (grub_efi_char8_t *)"*/*";
++ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent";
++ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0";
++
+ request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET;
+
+ request_message.data.request = &request_data;
+@@ -228,6 +244,9 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+
+ status = efi_call_2 (http->request, http, &request_token);
+
++ if (hostname)
++ grub_free (hostname);
++
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ efi_call_1 (b->close_event, request_token.event);
diff --git a/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
deleted file mode 100644
index 293500b..0000000
--- a/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 12 May 2020 01:00:51 +0200
-Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a
- variable value
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If an existing variable is set with a value whose length is smaller than
-the current value, a memory corruption can happen due copying padding '#'
-characters outside of the environment block buffer.
-
-This is caused by a wrong calculation of the previous free space position
-after moving backward the characters that followed the old variable value.
-
-That position is calculated to fill the remaining of the buffer with the
-padding '#' characters. But since isn't calculated correctly, it can lead
-to copies outside of the buffer.
-
-The issue can be reproduced by creating a variable with a large value and
-then try to set a new value that is much smaller:
-
-$ grub2-editenv --version
-grub2-editenv (GRUB) 2.04
-
-$ grub2-editenv env create
-
-$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)"
-
-$ wc -c env
-1024 grubenv
-
-$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)"
-malloc(): corrupted top size
-Aborted (core dumped)
-
-$ wc -c env
-0 grubenv
-
-Resolves: rhbz#1836196
-
-Reported-by: Renaud Métrich <rmetrich@redhat.com>
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Patch-cc: Daniel Kiper <daniel.kiper@oracle.com>
----
- grub-core/lib/envblk.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
-index 230e0e9d9ab..2e4e78b132d 100644
---- a/grub-core/lib/envblk.c
-+++ b/grub-core/lib/envblk.c
-@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value)
- /* Move the following characters backward, and fill the new
- space with harmless characters. */
- grub_memmove (p + vl, p + len, pend - (p + len));
-- grub_memset (space + len - vl, '#', len - vl);
-+ grub_memset (space - (len - vl), '#', len - vl);
- }
- else
- /* Move the following characters forward. */
diff --git a/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch
new file mode 100644
index 0000000..7d5220f
--- /dev/null
+++ b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 9 Mar 2020 15:29:45 +0100
+Subject: [PATCH] efi/net: Allow to specify a port number in addresses
+
+The grub_efi_net_parse_address() function is not covering the case where a
+port number is specified in an IPv4 or IPv6 address, so will fail to parse
+the network address.
+
+For most cases the issue is harmless, because the function is only used to
+match an address with a network interface and if fails the default is used.
+
+But still is a bug that has to be fixed and it causes error messages to be
+printed like the following:
+
+error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080'
+
+error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080'
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/net.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
+index 4c70fc4da2a..c74854a82b7 100644
+--- a/grub-core/net/efi/net.c
++++ b/grub-core/net/efi/net.c
+@@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address,
+ return GRUB_ERR_NONE;
+ }
+ }
+- else if (*rest == 0)
++ else if (*rest == 0 || *rest == ':')
+ {
+ grub_uint32_t subnet_mask = 0xffffffffU;
+ grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask));
+@@ -768,7 +768,7 @@ grub_efi_net_parse_address (const char *address,
+ return GRUB_ERR_NONE;
+ }
+ }
+- else if (*rest == 0)
++ else if (*rest == 0 || *rest == ':')
+ {
+ ip6->prefix_length = 128;
+ ip6->is_anycast = 0;
diff --git a/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch
new file mode 100644
index 0000000..31d30a8
--- /dev/null
+++ b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 9 Mar 2020 15:30:05 +0100
+Subject: [PATCH] efi/ip4_config: Improve check to detect literal IPv6
+ addresses
+
+The grub_efi_string_to_ip4_address() function wrongly assumes that an IPv6
+address is an IPv4 address, because it doesn't take into account the case
+of a caller passing an IPv6 address as a string.
+
+This leads to the grub_efi_net_parse_address() function to fail and print
+the following error message:
+
+error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1'
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/ip4_config.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
+index 38e2a04747a..6117e60ab12 100644
+--- a/grub-core/net/efi/ip4_config.c
++++ b/grub-core/net/efi/ip4_config.c
+@@ -56,9 +56,20 @@ int
+ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest)
+ {
+ grub_uint32_t newip = 0;
+- int i;
++ int i, ncolon = 0;
+ const char *ptr = val;
+
++ /* Check that is not an IPv6 address */
++ for (i = 0; i < grub_strlen(ptr); i++)
++ {
++ if (ptr[i] == '[' && i == 0)
++ return 0;
++
++ if (ptr[i] == ':')
++ if (i == 0 || ++ncolon == 2)
++ return 0;
++ }
++
+ for (i = 0; i < 4; i++)
+ {
+ unsigned long t;
diff --git a/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch
new file mode 100644
index 0000000..50a9af4
--- /dev/null
+++ b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch
@@ -0,0 +1,68 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 10 Mar 2020 11:23:49 +0100
+Subject: [PATCH] efi/net: Print a debug message if parsing the address fails
+
+Currently if parsing the address fails an error message is printed. But in
+most cases this isn't a fatal error since the grub_efi_net_parse_address()
+function is only used to match an address with a network interface to use.
+
+And if this fails, the default interface is used which is good enough for
+most cases. So instead of printing an error that would pollute the console
+just print a debug message if the address is not parsed correctly.
+
+A user can enable debug messages for the efinet driver to have information
+about the failure and the fact that the default interface is being used.
+
+Related: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/net.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
+index c74854a82b7..3ae1fbbe3c8 100644
+--- a/grub-core/net/efi/net.c
++++ b/grub-core/net/efi/net.c
+@@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address,
+ }
+ }
+
+- return grub_error (GRUB_ERR_NET_BAD_ADDRESS,
+- N_("unrecognised network address `%s'"),
+- address);
++ grub_dprintf ("efinet", "unrecognised network address '%s'\n", address);
++
++ return GRUB_ERR_NET_BAD_ADDRESS;
+ }
+
+ static grub_efi_net_interface_t *
+@@ -795,10 +795,7 @@ match_route (const char *server)
+ err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0);
+
+ if (err)
+- {
+- grub_print_error ();
+ return NULL;
+- }
+
+ if (is_ip6)
+ {
+@@ -1233,8 +1230,15 @@ grub_net_open_real (const char *name __attribute__ ((unused)))
+ /*FIXME: Use DNS translate name to address */
+ net_interface = match_route (server);
+
++ if (!net_interface && net_default_interface)
++ {
++ net_interface = net_default_interface;
++ grub_dprintf ("efinet", "interface lookup failed, using default '%s'\n",
++ net_interface->name);
++ }
++
+ /*XXX: should we check device with default gateway ? */
+- if (!net_interface && !(net_interface = net_default_interface))
++ if (!net_interface)
+ {
+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"),
+ name);
diff --git a/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
new file mode 100644
index 0000000..4c5a2e2
--- /dev/null
+++ b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 23 Apr 2020 15:06:46 +0200
+Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF
+ entry point
+
+Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
+kernel. But our custom EFI loader that supports Secure Boot instead uses
+the EFI handover protocol (for x86) or jumping directly to the PE/COFF
+entry point (for aarch64).
+
+This is done to allow the bootloader to verify the images using the shim
+lock protocol to avoid booting untrusted binaries.
+
+Since the bootloader loads the kernel from the boot media instead of using
+LoadImage(), it is responsible to set the Loaded Image base address before
+booting the kernel.
+
+Otherwise the kernel EFI stub will complain that it was not set correctly
+and print the following warning message:
+
+EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
+
+Resolves: rhbz#1819624
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/loader/efi/linux.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
+index b56ea0bc041..e09f824862b 100644
+--- a/grub-core/loader/efi/linux.c
++++ b/grub-core/loader/efi/linux.c
+@@ -72,6 +72,7 @@ grub_err_t
+ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
+ void *kernel_params)
+ {
++ grub_efi_loaded_image_t *loaded_image = NULL;
+ handover_func hf;
+ int offset = 0;
+
+@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
+ offset = 512;
+ #endif
+
++ /*
++ * Since the EFI loader is not calling the LoadImage() and StartImage()
++ * services for loading the kernel and booting respectively, it has to
++ * set the Loaded Image base address.
++ */
++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
++ if (loaded_image)
++ loaded_image->image_base = kernel_addr;
++ else
++ grub_dprintf ("linux", "Loaded Image base address could not be set\n");
++
+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
+ hf = (handover_func)((char *)kernel_addr + handover_offset + offset);
diff --git a/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
new file mode 100644
index 0000000..293500b
--- /dev/null
+++ b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 12 May 2020 01:00:51 +0200
+Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a
+ variable value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If an existing variable is set with a value whose length is smaller than
+the current value, a memory corruption can happen due copying padding '#'
+characters outside of the environment block buffer.
+
+This is caused by a wrong calculation of the previous free space position
+after moving backward the characters that followed the old variable value.
+
+That position is calculated to fill the remaining of the buffer with the
+padding '#' characters. But since isn't calculated correctly, it can lead
+to copies outside of the buffer.
+
+The issue can be reproduced by creating a variable with a large value and
+then try to set a new value that is much smaller:
+
+$ grub2-editenv --version
+grub2-editenv (GRUB) 2.04
+
+$ grub2-editenv env create
+
+$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)"
+
+$ wc -c env
+1024 grubenv
+
+$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)"
+malloc(): corrupted top size
+Aborted (core dumped)
+
+$ wc -c env
+0 grubenv
+
+Resolves: rhbz#1836196
+
+Reported-by: Renaud Métrich <rmetrich@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Patch-cc: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/envblk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
+index 230e0e9d9ab..2e4e78b132d 100644
+--- a/grub-core/lib/envblk.c
++++ b/grub-core/lib/envblk.c
+@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value)
+ /* Move the following characters backward, and fill the new
+ space with harmless characters. */
+ grub_memmove (p + vl, p + len, pend - (p + len));
+- grub_memset (space + len - vl, '#', len - vl);
++ grub_memset (space - (len - vl), '#', len - vl);
+ }
+ else
+ /* Move the following characters forward. */
diff --git a/SOURCES/0278-Reimplement-boot_counter.patch b/SOURCES/0278-Reimplement-boot_counter.patch
new file mode 100644
index 0000000..3be1786
--- /dev/null
+++ b/SOURCES/0278-Reimplement-boot_counter.patch
@@ -0,0 +1,196 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 4 Oct 2018 14:22:09 -0400
+Subject: [PATCH] Reimplement boot_counter
+
+This adds "increment" and "decrement" commands, and uses them to maintain our
+variables in 01_fallback_counter. It also simplifies the counter logic, so
+that there are no nested tests that conflict with each other.
+
+Apparently, this *really* wasn't tested well enough.
+
+Resolves: rhbz#1614637
+Signed-off-by: Peter Jones <pjones@redhat.com>
+[lorbus: add comments and revert logic changes in 01_fallback_counting]
+Signed-off-by: Christian Glombek <lorbus@fedoraproject.org>
+---
+ Makefile.util.def | 6 +++
+ grub-core/Makefile.core.def | 5 ++
+ grub-core/commands/increment.c | 105 ++++++++++++++++++++++++++++++++++++
+ util/grub.d/01_fallback_counting.in | 22 ++++++++
+ 4 files changed, 138 insertions(+)
+ create mode 100644 grub-core/commands/increment.c
+ create mode 100644 util/grub.d/01_fallback_counting.in
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index 08cc98ddb8b..eca3dfa753f 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -448,6 +448,12 @@ script = {
+ installdir = grubconf;
+ };
+
++script = {
++ name = '01_fallback_counting';
++ common = util/grub.d/01_fallback_counting.in;
++ installdir = grubconf;
++};
++
+ script = {
+ name = '01_menu_auto_hide';
+ common = util/grub.d/01_menu_auto_hide.in;
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 6864e780fd4..c8a50b4fcfa 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -362,6 +362,11 @@ kernel = {
+ extra_dist = kern/mips/cache_flush.S;
+ };
+
++module = {
++ name = increment;
++ common = commands/increment.c;
++};
++
+ program = {
+ name = grub-emu;
+ mansection = 1;
+diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c
+new file mode 100644
+index 00000000000..79cf137656c
+--- /dev/null
++++ b/grub-core/commands/increment.c
+@@ -0,0 +1,105 @@
++/* increment.c - Commands to increment and decrement variables. */
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc.
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <grub/dl.h>
++#include <grub/term.h>
++#include <grub/time.h>
++#include <grub/types.h>
++#include <grub/misc.h>
++#include <grub/extcmd.h>
++#include <grub/i18n.h>
++#include <grub/env.h>
++
++GRUB_MOD_LICENSE ("GPLv3+");
++
++typedef enum {
++ INCREMENT,
++ DECREMENT,
++} operation;
++
++static grub_err_t
++incr_decr(operation op, int argc, char **args)
++{
++ const char *old;
++ char *new;
++ long value;
++
++ if (argc < 1)
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified"));
++ if (argc > 1)
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments"));
++
++ old = grub_env_get (*args);
++ if (!old)
++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""),
++ *args);
++
++ value = grub_strtol (old, NULL, 0);
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
++
++ switch (op)
++ {
++ case INCREMENT:
++ value += 1;
++ break;
++ case DECREMENT:
++ value -= 1;
++ break;
++ }
++
++ new = grub_xasprintf ("%ld", value);
++ if (!new)
++ return grub_errno;
++
++ grub_env_set (*args, new);
++ grub_free (new);
++
++ return GRUB_ERR_NONE;
++}
++
++static grub_err_t
++grub_cmd_incr(struct grub_command *cmd UNUSED,
++ int argc, char **args)
++{
++ return incr_decr(INCREMENT, argc, args);
++}
++
++static grub_err_t
++grub_cmd_decr(struct grub_command *cmd UNUSED,
++ int argc, char **args)
++{
++ return incr_decr(DECREMENT, argc, args);
++}
++
++static grub_command_t cmd_incr, cmd_decr;
++
++GRUB_MOD_INIT(increment)
++{
++ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"),
++ N_("increment VARIABLE"));
++ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"),
++ N_("decrement VARIABLE"));
++}
++
++GRUB_MOD_FINI(increment)
++{
++ grub_unregister_command (cmd_incr);
++ grub_unregister_command (cmd_decr);
++}
+diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in
+new file mode 100644
+index 00000000000..be0e770ea82
+--- /dev/null
++++ b/util/grub.d/01_fallback_counting.in
+@@ -0,0 +1,22 @@
++#! /bin/sh -e
++
++# Boot Counting
++# The boot_counter env var can be used to count down boot attempts after an
++# OSTree upgrade and choose the rollback deployment when 0 is reached. Both
++# boot_counter and boot_success need to be (re-)set from userspace.
++cat << EOF
++insmod increment
++# Check if boot_counter exists and boot_success=0 to activate this behaviour.
++if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
++ # if countdown has ended, choose to boot rollback deployment (default=1 on
++ # OSTree-based systems)
++ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
++ set default=1
++ set boot_counter=-1
++ # otherwise decrement boot_counter
++ else
++ decrement boot_counter
++ fi
++ save_env boot_counter
++fi
++EOF
diff --git a/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch
new file mode 100644
index 0000000..82df575
--- /dev/null
+++ b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch
@@ -0,0 +1,165 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Glombek <lorbus@fedoraproject.org>
+Date: Tue, 2 Apr 2019 16:22:21 +0200
+Subject: [PATCH] grub.d: Split out boot success reset from menu auto hide
+ script
+
+Also rename fallback and menu auto hide script to be executed
+before and after boot success reset script.
+In menu auto hide script, rename last_boot_ok var to menu_hide_ok
+---
+ Makefile.util.def | 14 ++++++++----
+ ...allback_counting.in => 08_fallback_counting.in} | 14 ++++++------
+ util/grub.d/10_reset_boot_success.in | 25 ++++++++++++++++++++++
+ .../{01_menu_auto_hide.in => 12_menu_auto_hide.in} | 23 +++++---------------
+ 4 files changed, 48 insertions(+), 28 deletions(-)
+ rename util/grub.d/{01_fallback_counting.in => 08_fallback_counting.in} (65%)
+ create mode 100644 util/grub.d/10_reset_boot_success.in
+ rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%)
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index eca3dfa753f..5062a0e50fa 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -449,14 +449,14 @@ script = {
+ };
+
+ script = {
+- name = '01_fallback_counting';
+- common = util/grub.d/01_fallback_counting.in;
++ name = '08_fallback_counting';
++ common = util/grub.d/08_fallback_counting.in;
+ installdir = grubconf;
+ };
+
+ script = {
+- name = '01_menu_auto_hide';
+- common = util/grub.d/01_menu_auto_hide.in;
++ name = '12_menu_auto_hide';
++ common = util/grub.d/12_menu_auto_hide.in;
+ installdir = grubconf;
+ };
+
+@@ -515,6 +515,12 @@ script = {
+ condition = COND_HOST_LINUX;
+ };
+
++script = {
++ name = '10_reset_boot_success';
++ common = util/grub.d/10_reset_boot_success.in;
++ installdir = grubconf;
++};
++
+ script = {
+ name = '10_xnu';
+ common = util/grub.d/10_xnu.in;
+diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_counting.in
+similarity index 65%
+rename from util/grub.d/01_fallback_counting.in
+rename to util/grub.d/08_fallback_counting.in
+index be0e770ea82..2e2c3ff7d31 100644
+--- a/util/grub.d/01_fallback_counting.in
++++ b/util/grub.d/08_fallback_counting.in
+@@ -1,15 +1,17 @@
+ #! /bin/sh -e
+-
+-# Boot Counting
++# Fallback Countdown
++#
++# This snippet depends on 10_reset_boot_success and needs to be kept in sync.
++#
+ # The boot_counter env var can be used to count down boot attempts after an
+-# OSTree upgrade and choose the rollback deployment when 0 is reached. Both
+-# boot_counter and boot_success need to be (re-)set from userspace.
++# OSTree upgrade and choose the rollback deployment when 0 is reached.
++# Both boot_counter=X and boot_success=1 need to be set from userspace.
+ cat << EOF
+ insmod increment
+ # Check if boot_counter exists and boot_success=0 to activate this behaviour.
+ if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
+- # if countdown has ended, choose to boot rollback deployment (default=1 on
+- # OSTree-based systems)
++ # if countdown has ended, choose to boot rollback deployment,
++ # i.e. default=1 on OSTree-based systems.
+ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
+ set default=1
+ set boot_counter=-1
+diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
+new file mode 100644
+index 00000000000..6c88d933dde
+--- /dev/null
++++ b/util/grub.d/10_reset_boot_success.in
+@@ -0,0 +1,25 @@
++#! /bin/sh -e
++# Reset Boot Success
++#
++# The 08_fallback_counting and 12_menu_auto_hide snippets rely on this one
++# and need to be kept in sync.
++#
++# The boot_success var needs to be set to 1 from userspace to mark a boot successful.
++cat << EOF
++insmod increment
++# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
++ set menu_hide_ok=1
++else
++ set menu_hide_ok=0
++fi
++# Reset boot_indeterminate after a successful boot, increment otherwise
++if [ "\${boot_success}" = "1" ] ; then
++ set boot_indeterminate=0
++else
++ increment boot_indeterminate
++fi
++# Reset boot_success for current boot
++set boot_success=0
++save_env boot_success boot_indeterminate
++EOF
+diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in
+similarity index 58%
+rename from util/grub.d/01_menu_auto_hide.in
+rename to util/grub.d/12_menu_auto_hide.in
+index ad175870a54..6a7c0fa0d43 100644
+--- a/util/grub.d/01_menu_auto_hide.in
++++ b/util/grub.d/12_menu_auto_hide.in
+@@ -1,5 +1,8 @@
+ #! /bin/sh
+-
++# Menu Auto Hide
++#
++# This snippet depends on 10_reset_boot_success and needs to be kept in sync.
++#
+ # Disable / skip generating menu-auto-hide config parts on serial terminals
+ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
+ case "$x" in
+@@ -10,29 +13,13 @@ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
+ done
+
+ cat << EOF
+-if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
+- set last_boot_ok=1
+-else
+- set last_boot_ok=0
+-fi
+-
+-# Reset boot_indeterminate after a successful boot
+-if [ "\${boot_success}" = "1" ] ; then
+- set boot_indeterminate=0
+-# Avoid boot_indeterminate causing the menu to be hidden more then once
+-elif [ "\${boot_indeterminate}" = "1" ]; then
+- set boot_indeterminate=2
+-fi
+-set boot_success=0
+-save_env boot_success boot_indeterminate
+-
+ if [ x\$feature_timeout_style = xy ] ; then
+ if [ "\${menu_show_once}" ]; then
+ unset menu_show_once
+ save_env menu_show_once
+ set timeout_style=menu
+ set timeout=60
+- elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then
++ elif [ "\${menu_auto_hide}" -a "\${menu_hide_ok}" = "1" ]; then
+ set orig_timeout_style=\${timeout_style}
+ set orig_timeout=\${timeout}
+ if [ "\${fastboot}" = "1" ]; then
diff --git a/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch
new file mode 100644
index 0000000..54b73e6
--- /dev/null
+++ b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch
@@ -0,0 +1,75 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 26 Nov 2019 09:51:41 +0100
+Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0
+ boot
+
+The "grub.d: Split out boot success reset from menu auto hide script"
+not only moved the code to clear boot_success and boot_indeterminate
+but for some reason also mixed in some broken changes to the
+boot_indeterminate handling.
+
+The boot_indeterminate var is meant to suppress the boot menu after
+a reboot from either a selinux-relabel or offline-updates. These
+2 special boot scenarios do not set boot_success since there is no
+successfull interaction with the user. Instead they increment
+boot_indeterminate, and if it is 1 and only when it is 1, so the
+first reboot after a "special" boot we suppress the menu.
+
+To ensure that we do show the menu if we somehow get stuck in a
+"special" boot loop where we do special-boots without them
+incrementing boot_indeterminate, the code before the
+"grub.d: Split out boot success reset from menu auto hide script"
+commit would increment boot_indeterminate once when it is 1, so that
+even if the "special" boot reboot-loop immediately we would show the
+menu on the next boot.
+
+That commit broke this however, because it not only moves the code,
+it also changes it from only "incrementing" boot_indeterminate once to
+always incrementing it, except when boot_success == 1 (and we reset it).
+
+This broken behavior causes the following problem:
+
+1. Boot a broken kernel, system hangs, power-cycle
+2. boot_success now != 1, so we increment boot_indeterminate from 0
+ (unset!) to 1. User either simply tries again, or makes some changes
+ but the end-result still is a system hang, power-cycle
+3. Now boot_indeterminate==1 so we do not show the menu even though the
+ previous boot failed -> BAD
+
+This commit fixes this by restoring the behavior of setting
+boot_indeterminate to 2 when it was 1 before.
+
+Fixes: "grub.d: Split out boot success reset from menu auto hide script"
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub.d/10_reset_boot_success.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
+index 6c88d933dde..737e1ae5b68 100644
+--- a/util/grub.d/10_reset_boot_success.in
++++ b/util/grub.d/10_reset_boot_success.in
+@@ -6,18 +6,18 @@
+ #
+ # The boot_success var needs to be set to 1 from userspace to mark a boot successful.
+ cat << EOF
+-insmod increment
+ # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
+ if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
+ set menu_hide_ok=1
+ else
+ set menu_hide_ok=0
+ fi
+-# Reset boot_indeterminate after a successful boot, increment otherwise
++# Reset boot_indeterminate after a successful boot
+ if [ "\${boot_success}" = "1" ] ; then
+ set boot_indeterminate=0
+-else
+- increment boot_indeterminate
++# Avoid boot_indeterminate causing the menu to be hidden more then once
++elif [ "\${boot_indeterminate}" = "1" ]; then
++ set boot_indeterminate=2
+ fi
+ # Reset boot_success for current boot
+ set boot_success=0
diff --git a/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
new file mode 100644
index 0000000..586f55c
--- /dev/null
+++ b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
@@ -0,0 +1,70 @@
+From 0bde74dcdf9de128317a28796e2690f92214db0d Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 15 Apr 2020 15:45:02 -0400
+Subject: [PATCH 281/314] yylex: Make lexer fatal errors actually be fatal
+
+When presented with a command that can't be tokenized to anything
+smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
+expecting that will stop further processing, as such:
+
+ #define YY_DO_BEFORE_ACTION \
+ yyg->yytext_ptr = yy_bp; \
+ yyleng = (int) (yy_cp - yy_bp); \
+ yyg->yy_hold_char = *yy_cp; \
+ *yy_cp = '\0'; \
+ if ( yyleng >= YYLMAX ) \
+ YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
+ yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
+ yyg->yy_c_buf_p = yy_cp;
+
+The code flex generates expects that YY_FATAL_ERROR() will either return
+for it or do some form of longjmp(), or handle the error in some way at
+least, and so the strncpy() call isn't in an "else" clause, and thus if
+YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
+questionable limit, and predictable results ensue.
+
+Unfortunately, our implementation of YY_FATAL_ERROR() is:
+
+ #define YY_FATAL_ERROR(msg) \
+ do { \
+ grub_printf (_("fatal error: %s\n"), _(msg)); \
+ } while (0)
+
+The same pattern exists in yyless(), and similar problems exist in users
+of YY_INPUT(), several places in the main parsing loop,
+yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
+yy_scan_buffer(), etc.
+
+All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
+the things they do if it returns after calling it are wildly unsafe.
+
+Fixes: CVE-2020-10713
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 926df817dc8
+---
+ grub-core/script/yylex.l | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
+index 7b44c37b76f..b7203c82309 100644
+--- a/grub-core/script/yylex.l
++++ b/grub-core/script/yylex.l
+@@ -37,11 +37,11 @@
+
+ /*
+ * As we don't have access to yyscanner, we cannot do much except to
+- * print the fatal error.
++ * print the fatal error and exit.
+ */
+ #define YY_FATAL_ERROR(msg) \
+ do { \
+- grub_printf (_("fatal error: %s\n"), _(msg)); \
++ grub_fatal (_("fatal error: %s\n"), _(msg));\
+ } while (0)
+
+ #define COPY(str, hint) \
+--
+2.26.2
+
diff --git a/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch
new file mode 100644
index 0000000..24490bd
--- /dev/null
+++ b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch
@@ -0,0 +1,127 @@
+From 42b76ec749c30cb11cad7c070d0b03a7d4f1f7d6 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 10:58:42 -0400
+Subject: [PATCH 282/314] safemath: Add some arithmetic primitives that check
+ for overflow
+
+This adds a new header, include/grub/safemath.h, that includes easy to
+use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
+
+ bool OP(a, b, res)
+
+where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
+case where the operation would overflow and res is not modified.
+Otherwise, false is returned and the operation is executed.
+
+These arithmetic primitives require newer compiler versions. So, bump
+these requirements in the INSTALL file too.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: de1c315841a
+---
+ include/grub/compiler.h | 8 ++++++++
+ include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
+ INSTALL | 22 ++--------------------
+ 3 files changed, 47 insertions(+), 20 deletions(-)
+ create mode 100644 include/grub/safemath.h
+
+diff --git a/include/grub/compiler.h b/include/grub/compiler.h
+index 9859ff4cc79..ebafec68957 100644
+--- a/include/grub/compiler.h
++++ b/include/grub/compiler.h
+@@ -48,6 +48,14 @@
+ # define WARN_UNUSED_RESULT
+ #endif
+
++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
++# define CLANG_PREREQ(maj,min) \
++ ((__clang_major__ > (maj)) || \
++ (__clang_major__ == (maj) && __clang_minor__ >= (min)))
++#else
++# define CLANG_PREREQ(maj,min) 0
++#endif
++
+ #define UNUSED __attribute__((__unused__))
+
+ #endif /* ! GRUB_COMPILER_HEADER */
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+new file mode 100644
+index 00000000000..c17b89bba17
+--- /dev/null
++++ b/include/grub/safemath.h
+@@ -0,0 +1,37 @@
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2020 Free Software Foundation, Inc.
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Arithmetic operations that protect against overflow.
++ */
++
++#ifndef GRUB_SAFEMATH_H
++#define GRUB_SAFEMATH_H 1
++
++#include <grub/compiler.h>
++
++/* These appear in gcc 5.1 and clang 3.8. */
++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
++
++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res)
++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
++
++#else
++#error gcc 5.1 or newer or clang 3.8 or newer is required
++#endif
++
++#endif /* GRUB_SAFEMATH_H */
+diff --git a/INSTALL b/INSTALL
+index f3c20edc844..f8bd9116480 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
+ you don't have any of them, please obtain and install them before
+ configuring the GRUB.
+
+-* GCC 4.1.3 or later
+- Note: older versions may work but support is limited
+-
+- Experimental support for clang 3.3 or later (results in much bigger binaries)
++* GCC 5.1.0 or later
++ Experimental support for clang 3.8.0 or later (results in much bigger binaries)
+ for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
+- Note: clang 3.2 or later works for i386 and x86_64 targets but results in
+- much bigger binaries.
+- earlier versions not tested
+- Note: clang 3.2 or later works for arm
+- earlier versions not tested
+- Note: clang on arm64 is not supported due to
+- https://llvm.org/bugs/show_bug.cgi?id=26030
+- Note: clang 3.3 or later works for mips(el)
+- earlier versions fail to generate .reginfo and hence gprel relocations
+- fail.
+- Note: clang 3.2 or later works for powerpc
+- earlier versions not tested
+- Note: clang 3.5 or later works for sparc64
+- earlier versions return "error: unable to interface with target machine"
+- Note: clang has no support for ia64 and hence you can't compile GRUB
+- for ia64 with clang
+ * GNU Make
+ * GNU Bison 2.3 or later
+ * GNU gettext 0.17 or later
+--
+2.26.2
+
diff --git a/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch
new file mode 100644
index 0000000..2950557
--- /dev/null
+++ b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -0,0 +1,243 @@
+From 832189364ee0c85a94f670952c951252e54d3d1c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:15:29 -0400
+Subject: [PATCH 283/314] calloc: Make sure we always have an overflow-checking
+ calloc() available
+
+This tries to make sure that everywhere in this source tree, we always have
+an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
+available, and that they all safely check for overflow and return NULL when
+it would occur.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 79e51ab7a9a
+---
+ grub-core/kern/emu/misc.c | 12 +++++++++
+ grub-core/kern/emu/mm.c | 10 ++++++++
+ grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++
+ grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++--
+ grub-core/lib/posix_wrap/stdlib.h | 8 +++++-
+ include/grub/emu/misc.h | 1 +
+ include/grub/mm.h | 6 +++++
+ 7 files changed, 85 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
+index 3d3a4a4a975..b4072767391 100644
+--- a/grub-core/kern/emu/misc.c
++++ b/grub-core/kern/emu/misc.c
+@@ -84,6 +84,18 @@ grub_util_error (const char *fmt, ...)
+ grub_exit (1);
+ }
+
++void *
++xcalloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *p;
++
++ p = calloc (nmemb, size);
++ if (!p)
++ grub_util_error ("%s", _("out of memory"));
++
++ return p;
++}
++
+ void *
+ xmalloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
+index f262e95e388..145b01d3719 100644
+--- a/grub-core/kern/emu/mm.c
++++ b/grub-core/kern/emu/mm.c
+@@ -25,6 +25,16 @@
+ #include <string.h>
+ #include <grub/i18n.h>
+
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *ret;
++ ret = calloc (nmemb, size);
++ if (!ret)
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
++ return ret;
++}
++
+ void *
+ grub_malloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
+index 002cbfa4f3d..80d0720d005 100644
+--- a/grub-core/kern/mm.c
++++ b/grub-core/kern/mm.c
+@@ -67,8 +67,10 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/mm_private.h>
++#include <grub/safemath.h>
+
+ #ifdef MM_DEBUG
++# undef grub_calloc
+ # undef grub_malloc
+ # undef grub_zalloc
+ # undef grub_realloc
+@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
+ return 0;
+ }
+
++/*
++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
++ * integer overflow.
++ */
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *ret;
++ grub_size_t sz = 0;
++
++ if (grub_mul (nmemb, size, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ ret = grub_memalign (0, sz);
++ if (!ret)
++ return NULL;
++
++ grub_memset (ret, 0, sz);
++ return ret;
++}
++
+ /* Allocate SIZE bytes and return the pointer. */
+ void *
+ grub_malloc (grub_size_t size)
+@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
+ grub_printf ("\n");
+ }
+
++void *
++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
++{
++ void *ptr;
++
++ if (grub_mm_debug)
++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
++ file, line, size);
++ ptr = grub_calloc (nmemb, size);
++ if (grub_mm_debug)
++ grub_printf ("%p\n", ptr);
++ return ptr;
++}
++
+ void *
+ grub_debug_malloc (const char *file, int line, grub_size_t size)
+ {
+diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
+index beeb661a3c8..74c6eafe525 100644
+--- a/grub-core/lib/libgcrypt_wrap/mem.c
++++ b/grub-core/lib/libgcrypt_wrap/mem.c
+@@ -4,6 +4,7 @@
+ #include <grub/crypto.h>
+ #include <grub/dl.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -36,7 +37,10 @@ void *
+ gcry_xcalloc (size_t n, size_t m)
+ {
+ void *ret;
+- ret = grub_zalloc (n * m);
++ size_t sz;
++ if (grub_mul (n, m, &sz))
++ grub_fatal ("gcry_xcalloc would overflow");
++ ret = grub_zalloc (sz);
+ if (!ret)
+ grub_fatal ("gcry_xcalloc failed");
+ return ret;
+@@ -56,7 +60,10 @@ void *
+ gcry_xcalloc_secure (size_t n, size_t m)
+ {
+ void *ret;
+- ret = grub_zalloc (n * m);
++ size_t sz;
++ if (grub_mul (n, m, &sz))
++ grub_fatal ("gcry_xcalloc would overflow");
++ ret = grub_zalloc (sz);
+ if (!ret)
+ grub_fatal ("gcry_xcalloc failed");
+ return ret;
+diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
+index 3b46f47ff50..7a8d385e973 100644
+--- a/grub-core/lib/posix_wrap/stdlib.h
++++ b/grub-core/lib/posix_wrap/stdlib.h
+@@ -21,6 +21,7 @@
+
+ #include <grub/mm.h>
+ #include <grub/misc.h>
++#include <grub/safemath.h>
+
+ static inline void
+ free (void *ptr)
+@@ -37,7 +38,12 @@ malloc (grub_size_t size)
+ static inline void *
+ calloc (grub_size_t size, grub_size_t nelem)
+ {
+- return grub_zalloc (size * nelem);
++ grub_size_t sz;
++
++ if (grub_mul (size, nelem, &sz))
++ return NULL;
++
++ return grub_zalloc (sz);
+ }
+
+ static inline void *
+diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
+index a653132e36a..09e1f1065f6 100644
+--- a/include/grub/emu/misc.h
++++ b/include/grub/emu/misc.h
+@@ -51,6 +51,7 @@ grub_util_device_is_mapped (const char *dev);
+ #define GRUB_HOST_PRIxLONG_LONG "llx"
+ #endif
+
++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
+ char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
+diff --git a/include/grub/mm.h b/include/grub/mm.h
+index 28e2e53eb32..9c38dd3ca5d 100644
+--- a/include/grub/mm.h
++++ b/include/grub/mm.h
+@@ -29,6 +29,7 @@
+ #endif
+
+ void grub_mm_init_region (void *addr, grub_size_t size);
++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
+ void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
+ void EXPORT_FUNC(grub_free) (void *ptr);
+@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
+ void grub_mm_dump_free (void);
+ void grub_mm_dump (unsigned lineno);
+
++#define grub_calloc(nmemb, size) \
++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
++
+ #define grub_malloc(size) \
+ grub_debug_malloc (GRUB_FILE, __LINE__, size)
+
+@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
+ #define grub_free(ptr) \
+ grub_debug_free (GRUB_FILE, __LINE__, ptr)
+
++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
++ grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
+ grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
+--
+2.26.2
+
diff --git a/SOURCES/0284-calloc-Use-calloc-at-most-places.patch b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch
new file mode 100644
index 0000000..00f1f34
--- /dev/null
+++ b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch
@@ -0,0 +1,1945 @@
+From 778ddaeac8a8a821f6844ec8b8c404d0e437991f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:26:01 -0400
+Subject: [PATCH 284/314] calloc: Use calloc() at most places
+
+This modifies most of the places we do some form of:
+
+ X = malloc(Y * Z);
+
+to use calloc(Y, Z) instead.
+
+Among other issues, this fixes:
+ - allocation of integer overflow in grub_png_decode_image_header()
+ reported by Chris Coulson,
+ - allocation of integer overflow in luks_recover_key()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_lvm_detect()
+ reported by Chris Coulson.
+
+Fixes: CVE-2020-14308
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 48eeedf1e4b
+---
+ grub-core/bus/usb/usbhub.c | 8 ++--
+ grub-core/commands/efi/lsefisystab.c | 3 +-
+ grub-core/commands/legacycfg.c | 6 +--
+ grub-core/commands/menuentry.c | 2 +-
+ grub-core/commands/nativedisk.c | 2 +-
+ grub-core/commands/parttool.c | 12 ++++--
+ grub-core/commands/regexp.c | 2 +-
+ grub-core/commands/search_wrap.c | 2 +-
+ grub-core/disk/diskfilter.c | 4 +-
+ grub-core/disk/ieee1275/ofdisk.c | 2 +-
+ grub-core/disk/ldm.c | 14 +++----
+ grub-core/disk/luks.c | 2 +-
+ grub-core/disk/lvm.c | 8 ++--
+ grub-core/disk/xen/xendisk.c | 2 +-
+ grub-core/efiemu/loadcore.c | 2 +-
+ grub-core/efiemu/mm.c | 6 +--
+ grub-core/font/font.c | 3 +-
+ grub-core/fs/affs.c | 6 +--
+ grub-core/fs/btrfs.c | 4 +-
+ grub-core/fs/hfs.c | 2 +-
+ grub-core/fs/hfsplus.c | 45 +++++++++++++++--------
+ grub-core/fs/iso9660.c | 2 +-
+ grub-core/fs/ntfs.c | 4 +-
+ grub-core/fs/sfs.c | 2 +-
+ grub-core/fs/tar.c | 2 +-
+ grub-core/fs/udf.c | 4 +-
+ grub-core/fs/zfs/zfs.c | 4 +-
+ grub-core/gfxmenu/gui_string_util.c | 2 +-
+ grub-core/gfxmenu/widget-box.c | 4 +-
+ grub-core/io/gzio.c | 2 +-
+ grub-core/kern/efi/efi.c | 33 ++++++++++++++---
+ grub-core/kern/emu/hostdisk.c | 2 +-
+ grub-core/kern/fs.c | 2 +-
+ grub-core/kern/misc.c | 2 +-
+ grub-core/kern/parser.c | 2 +-
+ grub-core/kern/uboot/uboot.c | 2 +-
+ grub-core/lib/libgcrypt/cipher/ac.c | 8 ++--
+ grub-core/lib/libgcrypt/cipher/primegen.c | 4 +-
+ grub-core/lib/libgcrypt/cipher/pubkey.c | 4 +-
+ grub-core/lib/priority_queue.c | 2 +-
+ grub-core/lib/reed_solomon.c | 7 ++--
+ grub-core/lib/relocator.c | 10 ++---
+ grub-core/loader/arm/linux.c | 2 +-
+ grub-core/loader/efi/chainloader.c | 11 ++++--
+ grub-core/loader/i386/bsdXX.c | 2 +-
+ grub-core/loader/i386/xnu.c | 4 +-
+ grub-core/loader/macho.c | 2 +-
+ grub-core/loader/multiboot_elfxx.c | 2 +-
+ grub-core/loader/xnu.c | 2 +-
+ grub-core/mmap/mmap.c | 4 +-
+ grub-core/net/bootp.c | 2 +-
+ grub-core/net/dns.c | 10 ++---
+ grub-core/net/net.c | 4 +-
+ grub-core/normal/charset.c | 10 ++---
+ grub-core/normal/cmdline.c | 14 +++----
+ grub-core/normal/menu_entry.c | 14 +++----
+ grub-core/normal/menu_text.c | 4 +-
+ grub-core/normal/term.c | 4 +-
+ grub-core/osdep/linux/getroot.c | 6 +--
+ grub-core/osdep/unix/config.c | 2 +-
+ grub-core/osdep/windows/getroot.c | 2 +-
+ grub-core/osdep/windows/hostdisk.c | 4 +-
+ grub-core/osdep/windows/init.c | 2 +-
+ grub-core/osdep/windows/platform.c | 4 +-
+ grub-core/osdep/windows/relpath.c | 2 +-
+ grub-core/partmap/gpt.c | 2 +-
+ grub-core/partmap/msdos.c | 2 +-
+ grub-core/script/execute.c | 2 +-
+ grub-core/tests/fake_input.c | 2 +-
+ grub-core/tests/video_checksum.c | 6 +--
+ grub-core/video/capture.c | 2 +-
+ grub-core/video/emu/sdl.c | 2 +-
+ grub-core/video/i386/pc/vga.c | 2 +-
+ grub-core/video/readers/png.c | 2 +-
+ util/getroot.c | 2 +-
+ util/grub-file.c | 2 +-
+ util/grub-fstest.c | 4 +-
+ util/grub-install-common.c | 2 +-
+ util/grub-install.c | 4 +-
+ util/grub-mkimagexx.c | 6 +--
+ util/grub-mkrescue.c | 4 +-
+ util/grub-mkstandalone.c | 2 +-
+ util/grub-pe2elf.c | 12 +++---
+ util/grub-probe.c | 4 +-
+ include/grub/unicode.h | 4 +-
+ 85 files changed, 231 insertions(+), 191 deletions(-)
+
+diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c
+index 34a7ff1b5f8..a06cce302d2 100644
+--- a/grub-core/bus/usb/usbhub.c
++++ b/grub-core/bus/usb/usbhub.c
+@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev)
+ grub_usb_set_configuration (dev, 1);
+
+ dev->nports = hubdesc.portcnt;
+- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0]));
+- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0]));
++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0]));
++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0]));
+ if (!dev->children || !dev->ports)
+ {
+ grub_free (dev->children);
+@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d
+
+ /* Query the number of ports the root Hub has. */
+ hub->nports = controller->dev->hubports (controller);
+- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports);
+- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports);
++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0]));
++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0]));
+ if (!hub->devices || !hub->ports)
+ {
+ grub_free (hub->devices);
+diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c
+index df103022188..cd81507f5d4 100644
+--- a/grub-core/commands/efi/lsefisystab.c
++++ b/grub-core/commands/efi/lsefisystab.c
+@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
+ grub_printf ("Vendor: ");
+
+ for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++);
+- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1);
++ /* Allocate extra 3 bytes to simplify math. */
++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1);
+ if (!vendor)
+ return grub_errno;
+ *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor,
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index f9d7627bdc3..da66a8927c4 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+ if (argc < 2)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+
+- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1));
++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0]));
+ if (!cutargs)
+ return grub_errno;
+ cutargc = argc - 1;
+@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+ {
+ char rbuf[3] = "-r";
+ bsdargc = cutargc + 2;
+- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc);
++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0]));
+ if (!bsdargs)
+ {
+ err = grub_errno;
+@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"),
+ "module");
+
+- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0]));
++ newargs = grub_calloc (argc + 1, sizeof (newargs[0]));
+ if (!newargs)
+ return grub_errno;
+ grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0]));
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 7004e08ce78..4b5fcf2ce9a 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -157,7 +157,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id);
+
+ /* Save argc, args to pass as parameters to block arg later. */
+- menu_args = grub_malloc (sizeof (char*) * (argc + 1));
++ menu_args = grub_calloc (argc + 1, sizeof (char *));
+ if (! menu_args)
+ goto fail;
+
+diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
+index 2f56a870e68..d69214f6de0 100644
+--- a/grub-core/commands/nativedisk.c
++++ b/grub-core/commands/nativedisk.c
+@@ -194,7 +194,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
+ else
+ path_prefix = prefix;
+
+- mods = grub_malloc (argc * sizeof (mods[0]));
++ mods = grub_calloc (argc, sizeof (mods[0]));
+ if (!mods)
+ return grub_errno;
+
+diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c
+index 693e2cb42fc..36dadc0b1db 100644
+--- a/grub-core/commands/parttool.c
++++ b/grub-core/commands/parttool.c
+@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name,
+ for (nargs = 0; args[nargs].name != 0; nargs++);
+ cur->nargs = nargs;
+ cur->args = (struct grub_parttool_argdesc *)
+- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc));
++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc));
++ if (!cur->args)
++ {
++ grub_free (cur);
++ curhandle--;
++ return -1;
++ }
+ grub_memcpy (cur->args, args,
+ (nargs + 1) * sizeof (struct grub_parttool_argdesc));
+
+@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ return err;
+ }
+
+- parsed = (int *) grub_zalloc (argc * sizeof (int));
++ parsed = (int *) grub_calloc (argc, sizeof (int));
+
+ for (i = 1; i < argc; i++)
+ if (! parsed[i])
+@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ }
+ ptool = cur;
+ pargs = (struct grub_parttool_args *)
+- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args));
++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args));
+ for (j = i; j < argc; j++)
+ if (! parsed[j])
+ {
+diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c
+index f00b184c81e..4019164f365 100644
+--- a/grub-core/commands/regexp.c
++++ b/grub-core/commands/regexp.c
+@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args)
+ if (ret)
+ goto fail;
+
+- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1));
++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches));
+ if (! matches)
+ goto fail;
+
+diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
+index d7fd26b9405..47fc8eb9966 100644
+--- a/grub-core/commands/search_wrap.c
++++ b/grub-core/commands/search_wrap.c
+@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
+ for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++)
+ nhints++;
+
+- hints = grub_malloc (sizeof (hints[0]) * nhints);
++ hints = grub_calloc (nhints, sizeof (hints[0]));
+ if (!hints)
+ return grub_errno;
+ j = 0;
+diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
+index 6f901c0adf7..2be019269b1 100644
+--- a/grub-core/disk/diskfilter.c
++++ b/grub-core/disk/diskfilter.c
+@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
+ array->lvs->segments->node_count = nmemb;
+ array->lvs->segments->raid_member_size = disk_size;
+ array->lvs->segments->nodes
+- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0]));
++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
+ array->lvs->segments->stripe_size = stripe_size;
+ for (i = 0; i < nmemb; i++)
+ {
+@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
+ grub_partition_t p;
+ for (p = disk->partition; p; p = p->parent)
+ s++;
+- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0]));
++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0]));
+ s = 0;
+ for (p = disk->partition; p; p = p->parent)
+ pv->partmaps[s++] = xstrdup (p->partmap->name);
+diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
+index 235c0fe2c76..d887d4b6eee 100644
+--- a/grub-core/disk/ieee1275/ofdisk.c
++++ b/grub-core/disk/ieee1275/ofdisk.c
+@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
+ /* Power machines documentation specify 672 as maximum SAS disks in
+ one system. Using a slightly larger value to be safe. */
+ table_size = 768;
+- table = grub_malloc (table_size * sizeof (grub_uint64_t));
++ table = grub_calloc (table_size, sizeof (grub_uint64_t));
+
+ if (!table)
+ {
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 2a22d2d6c1c..e6323701ab3 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk,
+ lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ lv->segments->node_count = 0;
+ lv->segments->node_alloc = 8;
+- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes)
+- * lv->segments->node_alloc);
++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
++ sizeof (*lv->segments->nodes));
+ if (!lv->segments->nodes)
+ goto fail2;
+ ptr = vblk[i].dynamic;
+@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk,
+ {
+ comp->segment_alloc = 8;
+ comp->segment_count = 0;
+- comp->segments = grub_malloc (sizeof (*comp->segments)
+- * comp->segment_alloc);
++ comp->segments = grub_calloc (comp->segment_alloc,
++ sizeof (*comp->segments));
+ if (!comp->segments)
+ goto fail2;
+ }
+@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk,
+ }
+ comp->segments->node_count = read_int (ptr + 1, *ptr);
+ comp->segments->node_alloc = comp->segments->node_count;
+- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes)
+- * comp->segments->node_alloc);
++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
++ sizeof (*comp->segments->nodes));
+ if (!lv->segments->nodes)
+ goto fail2;
+ }
+@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors,
+ *nsectors = lv->size;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 86c50c61217..18b3a8bb1d3 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source,
+ && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
+ max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
+
+- split_key = grub_malloc (keysize * max_stripes);
++ split_key = grub_calloc (keysize, max_stripes);
+ if (!split_key)
+ return grub_errno;
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 7b265c780c3..d1df640b311 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk,
+ first one. */
+
+ /* Allocate buffer space for the circular worst-case scenario. */
+- metadatabuf = grub_malloc (2 * mda_size);
++ metadatabuf = grub_calloc (2, mda_size);
+ if (! metadatabuf)
+ goto fail;
+
+@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk,
+ #endif
+ goto lvs_fail;
+ }
+- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count);
++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
+ seg = lv->segments;
+
+ for (i = 0; i < lv->segment_count; i++)
+@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk,
+ if (seg->node_count != 1)
+ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
+
+- seg->nodes = grub_zalloc (sizeof (*stripe)
+- * seg->node_count);
++ seg->nodes = grub_calloc (seg->node_count,
++ sizeof (*stripe));
+ stripe = seg->nodes;
+
+ p = grub_strstr (p, "stripes = [");
+diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c
+index b18a9238d87..c1b331edba7 100644
+--- a/grub-core/disk/xen/xendisk.c
++++ b/grub-core/disk/xen/xendisk.c
+@@ -426,7 +426,7 @@ grub_xendisk_init (void)
+ if (!ctr)
+ return;
+
+- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0]));
++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0]));
+ if (!virtdisks)
+ return;
+ if (grub_xenstore_dir ("device/vbd", fill, &ctr))
+diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c
+index 44085ef818e..2b924623f51 100644
+--- a/grub-core/efiemu/loadcore.c
++++ b/grub-core/efiemu/loadcore.c
+@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e)
+
+ grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize;
+ grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *)
+- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms);
++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym));
+
+ /* Relocators */
+ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
+diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c
+index 52a032f7b2e..9b8e0d0ad1a 100644
+--- a/grub-core/efiemu/mm.c
++++ b/grub-core/efiemu/mm.c
+@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void)
+ /* Initialize variables*/
+ grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE);
+ scanline_events = (struct grub_efiemu_mmap_scan *)
+- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2);
+
+ /* Number of chunks can't increase more than by factor of 2 */
+ result = (grub_efi_memory_descriptor_t *)
+- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2);
+ if (!result || !scanline_events)
+ {
+ grub_free (result);
+@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void)
+
+ /* Preallocate mmap */
+ efiemu_mmap = (grub_efi_memory_descriptor_t *)
+- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t));
++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t));
+ if (!efiemu_mmap)
+ {
+ grub_efiemu_unload ();
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 53d76a64d04..68967dc1c2b 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct
+ font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE;
+
+ /* Allocate the character index array. */
+- font->char_index = grub_malloc (font->num_chars
+- * sizeof (struct char_index_entry));
++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry));
+ if (!font->char_index)
+ return 1;
+ font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t));
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index f673897e0fd..91073795f90 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node)
+ return 0;
+ }
+ latin1[symlink_size] = 0;
+- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size);
+ if (!utf8)
+ {
+ grub_free (latin1);
+@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ return 1;
+ }
+
+- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable));
++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable));
+ if (!hashtable)
+ return 1;
+
+@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label)
+ len = file.namelen;
+ if (len > sizeof (file.name))
+ len = sizeof (file.name);
+- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len);
+ if (*label)
+ *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
+ }
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index dac73b2fa8b..8c8aa9c3103 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -404,7 +404,7 @@ lower_bound (struct grub_btrfs_data *data,
+ {
+ desc->allocated = 16;
+ desc->depth = 0;
+- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated);
++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0]));
+ if (!desc->data)
+ return grub_errno;
+ }
+@@ -2056,7 +2056,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
+ *nsectors = 64 * 2 - 1;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index fc36831789c..3fd4eec202c 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label)
+ grub_size_t len = data->sblock.volname[0];
+ if (len > sizeof (data->sblock.volname) - 1)
+ len = sizeof (data->sblock.volname) - 1;
+- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len);
+ if (*label)
+ macroman_to_utf8 (*label, data->sblock.volname + 1,
+ len + 1, 0);
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 21159e858ab..f1cd72398ec 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -661,6 +661,7 @@ list_nodes (void *record, void *hook_arg)
+ char *filename;
+ int i;
+ struct grub_fshelp_node *node;
++ grub_uint16_t *keyname;
+ struct grub_hfsplus_catfile *fileinfo;
+ enum grub_fshelp_filetype type = GRUB_FSHELP_UNKNOWN;
+ struct list_nodes_ctx *ctx = hook_arg;
+@@ -719,32 +720,34 @@ list_nodes (void *record, void *hook_arg)
+ if (! filename)
+ return 0;
+
++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname));
++ if (!keyname)
++ {
++ grub_free (filename);
++ return 0;
++ }
++
+ /* Make sure the byte order of the UTF16 string is correct. */
+ for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++)
+ {
+- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]);
++ keyname[i] = grub_be_to_cpu16 (catkey->name[i]);
+
+- if (catkey->name[i] == '/')
+- catkey->name[i] = ':';
++ if (keyname[i] == '/')
++ keyname[i] = ':';
+
+ /* If the name is obviously invalid, skip this node. */
+- if (catkey->name[i] == 0)
++ if (keyname[i] == 0)
+ {
+ grub_free (filename);
++ grub_free (keyname);
+ return 0;
+ }
+ }
+
+- *grub_utf16_to_utf8 ((grub_uint8_t *) filename, catkey->name,
++ *grub_utf16_to_utf8 ((grub_uint8_t *) filename, keyname,
+ grub_be_to_cpu16 (catkey->namelen)) = '\0';
+
+- /* Restore the byte order to what it was previously. */
+- for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++)
+- {
+- if (catkey->name[i] == ':')
+- catkey->name[i] = '/';
+- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]);
+- }
++ grub_free (keyname);
+
+ /* hfs+ is case insensitive. */
+ if (! ctx->dir->data->case_sensitive)
+@@ -975,6 +978,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ grub_disk_t disk = device->disk;
+ struct grub_hfsplus_catkey *catkey;
+ int i, label_len;
++ grub_uint16_t *label_name;
+ struct grub_hfsplus_key_internal intern;
+ struct grub_hfsplus_btnode *node = NULL;
+ grub_disk_addr_t ptr = 0;
+@@ -1003,22 +1007,31 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
+
+ label_len = grub_be_to_cpu16 (catkey->namelen);
++ label_name = grub_calloc (label_len, sizeof (*label_name));
++ if (!label_name)
++ {
++ grub_free (node);
++ grub_free (data);
++ return grub_errno;
++ }
++
+ for (i = 0; i < label_len; i++)
+ {
+- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]);
++ label_name[i] = grub_be_to_cpu16 (catkey->name[i]);
+
+ /* If the name is obviously invalid, skip this node. */
+- if (catkey->name[i] == 0)
++ if (label_name[i] == 0)
+ return 0;
+ }
+
+- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+ if (! *label)
+ return grub_errno;
+
+- *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), catkey->name,
++ *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), label_name,
+ label_len) = '\0';
+
++ grub_free (label_name);
+ grub_free (node);
+ grub_free (data);
+
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index c9c8374bf61..092b8f409ec 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len)
+ int i;
+ grub_uint16_t t[MAX_NAMELEN / 2 + 1];
+
+- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+ if (! p)
+ return NULL;
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 6f846886262..9827f9bb8c4 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
+ grub_uint16_t *tmp;
+ grub_size_t i;
+
+- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
+- tmp = grub_malloc (len * sizeof (tmp[0]));
++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
++ tmp = grub_calloc (len, sizeof (tmp[0]));
+ if (!buf || !tmp)
+ {
+ grub_free (buf);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 57b8d8da60b..663931717fd 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ node->next_extent = node->block;
+ node->cache_size = 0;
+
+- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size);
++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0]));
+ if (!node->cache)
+ {
+ grub_errno = 0;
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 39bf197aabe..4864451e19b 100644
+--- a/grub-core/fs/tar.c
++++ b/grub-core/fs/tar.c
+@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ if (data->linkname_alloc < linksize + 1)
+ {
+ char *n;
+- n = grub_malloc (2 * (linksize + 1));
++ n = grub_calloc (2, linksize + 1);
+ if (!n)
+ return grub_errno;
+ grub_free (data->linkname);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index 00a16098b47..44481da7c6d 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ {
+ unsigned i;
+ utf16len = sz - 1;
+- utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++ utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+ if (!utf16)
+ return NULL;
+ for (i = 0; i < utf16len; i++)
+@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ {
+ unsigned i;
+ utf16len = (sz - 1) / 2;
+- utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++ utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+ if (!utf16)
+ return NULL;
+ for (i = 0; i < utf16len; i++)
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 6e1fff9e9ae..f6b95d4fb02 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
+ }
+ subvol->nkeys = 0;
+ zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data);
+- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0]));
+ if (!subvol->keyring)
+ {
+ grub_free (fsname);
+@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)),
+ *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS);
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c
+index a9a415e3129..ba1e1eab319 100644
+--- a/grub-core/gfxmenu/gui_string_util.c
++++ b/grub-core/gfxmenu/gui_string_util.c
+@@ -55,7 +55,7 @@ canonicalize_path (const char *path)
+ if (*p == '/')
+ components++;
+
+- char **path_array = grub_malloc (components * sizeof (*path_array));
++ char **path_array = grub_calloc (components, sizeof (*path_array));
+ if (! path_array)
+ return 0;
+
+diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c
+index b6060288914..470597ded2b 100644
+--- a/grub-core/gfxmenu/widget-box.c
++++ b/grub-core/gfxmenu/widget-box.c
+@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix,
+ box->content_height = 0;
+ box->raw_pixmaps =
+ (struct grub_video_bitmap **)
+- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+ box->scaled_pixmaps =
+ (struct grub_video_bitmap **)
+- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+
+ /* Initialize all pixmap pointers to NULL so that proper destruction can
+ be performed if an error is encountered partway through construction. */
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 86ea8cfdea2..7024cda84ea 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */
+ z = 1 << j; /* table entries for j-bit table */
+
+ /* allocate and link in new table */
+- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft));
++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft));
+ if (! q)
+ {
+ if (h)
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 4d36fe31177..b1379b92fb8 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -207,7 +207,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
+
+ len = grub_strlen (var);
+ len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++ var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+ if (!var16)
+ return grub_errno;
+ len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -242,7 +242,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+
+ len = grub_strlen (var);
+ len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++ var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+ if (!var16)
+ return NULL;
+ len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -384,6 +384,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ {
+ grub_efi_file_path_device_path_t *fp;
+ grub_efi_uint16_t len;
++ grub_efi_char16_t *dup_name;
+
+ *p++ = '/';
+
+@@ -394,7 +395,16 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ while (len > 0 && fp->path_name[len - 1] == 0)
+ len--;
+
+- p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len);
++ dup_name = grub_calloc (len, sizeof (*dup_name));
++ if (!dup_name)
++ {
++ grub_free (name);
++ return NULL;
++ }
++ p = (char *) grub_utf16_to_utf8 ((unsigned char *) p,
++ grub_memcpy (dup_name, fp->path_name, len * sizeof (*dup_name)),
++ len);
++ grub_free (dup_name);
+ }
+
+ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
+@@ -884,9 +894,20 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
+ fp = (grub_efi_file_path_device_path_t *) dp;
+ buf = grub_malloc ((len - 4) * 2 + 1);
+ if (buf)
+- *grub_utf16_to_utf8 (buf, fp->path_name,
+- (len - 4) / sizeof (grub_efi_char16_t))
+- = '\0';
++ {
++ grub_efi_char16_t *dup_name = grub_malloc (len - 4);
++ if (!dup_name)
++ {
++ grub_errno = GRUB_ERR_NONE;
++ grub_printf ("/File((null))");
++ grub_free (buf);
++ break;
++ }
++ *grub_utf16_to_utf8 (buf, grub_memcpy (dup_name, fp->path_name, len - 4),
++ (len - 4) / sizeof (grub_efi_char16_t))
++ = '\0';
++ grub_free (dup_name);
++ }
+ else
+ grub_errno = GRUB_ERR_NONE;
+ grub_printf ("/File(%s)", buf);
+diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c
+index 87e3e251204..f57bd334c9e 100644
+--- a/grub-core/kern/emu/hostdisk.c
++++ b/grub-core/kern/emu/hostdisk.c
+@@ -615,7 +615,7 @@ static char *
+ grub_util_path_concat_real (size_t n, int ext, va_list ap)
+ {
+ size_t totlen = 0;
+- char **l = xmalloc ((n + ext) * sizeof (l[0]));
++ char **l = xcalloc (n + ext, sizeof (l[0]));
+ char *r, *p, *pi;
+ size_t i;
+ int first = 1;
+diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
+index 1bd748be83b..730d21770f2 100644
+--- a/grub-core/kern/fs.c
++++ b/grub-core/kern/fs.c
+@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
+ while (p);
+
+ /* Allocate a block list. */
+- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1));
++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block));
+ if (! blocks)
+ return 0;
+
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index aaae9aa0ab7..c034f49f97c 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -737,7 +737,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
+ args->ptr = args->prealloc;
+ else
+ {
+- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0]));
++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0]));
+ if (!args->ptr)
+ {
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 78175aac2d3..619db3122a0 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline,
+ return grub_errno;
+ grub_memcpy (args, buffer, bp - buffer);
+
+- *argv = grub_malloc (sizeof (char *) * (*argc + 1));
++ *argv = grub_calloc (*argc + 1, sizeof (char *));
+ if (!*argv)
+ {
+ grub_free (args);
+diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c
+index cf0168e62dd..efa10f2849d 100644
+--- a/grub-core/kern/uboot/uboot.c
++++ b/grub-core/kern/uboot/uboot.c
+@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void)
+ return num_devices;
+
+ max_devices = 2;
+- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices);
++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info));
+ if (!enum_devices)
+ return 0;
+
+diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c
+index f5e946a2d8f..63f6fcd11ef 100644
+--- a/grub-core/lib/libgcrypt/cipher/ac.c
++++ b/grub-core/lib/libgcrypt/cipher/ac.c
+@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
+ gcry_mpi_t mpi;
+ char *label;
+
+- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new));
+ if (! data_mpis_new)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
+ }
+
+ /* Add MPI list. */
+- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags,
+ /* We build a list of arguments to pass to
+ gcry_sexp_build_array(). */
+ data_length = _gcry_ac_data_length (data);
+- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2);
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
+ arg_list_n += 2;
+
+ /* Allocate list. */
+- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c
+index 2788e349fa9..b12e79b1922 100644
+--- a/grub-core/lib/libgcrypt/cipher/primegen.c
++++ b/grub-core/lib/libgcrypt/cipher/primegen.c
+@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor,
+ }
+
+ /* Allocate an array to track pool usage. */
+- pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use);
+ if (!pool_in_use)
+ {
+ err = gpg_err_code_from_errno (errno);
+@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
+ if (nbits < 16)
+ log_fatal ("can't generate a prime with less than %d bits\n", 16);
+
+- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods);
+ /* Make nbits fit into gcry_mpi_t implementation. */
+ val_2 = mpi_alloc_set_ui( 2 );
+ val_3 = mpi_alloc_set_ui( 3);
+diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c
+index 910982141e0..ca087ad75b9 100644
+--- a/grub-core/lib/libgcrypt/cipher/pubkey.c
++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c
+@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
+ * array to a format string, so we have to do it this way :-(. */
+ /* FIXME: There is now such a format specifier, so we can
+ change the code to be more clear. */
+- arg_list = malloc (nelem * sizeof *arg_list);
++ arg_list = calloc (nelem, sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_syserror ();
+@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+ }
+ strcpy (p, "))");
+
+- arg_list = malloc (nelem * sizeof *arg_list);
++ arg_list = calloc (nelem, sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_syserror ();
+diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c
+index 659be0b7f40..7d5e7c05aab 100644
+--- a/grub-core/lib/priority_queue.c
++++ b/grub-core/lib/priority_queue.c
+@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize,
+ {
+ struct grub_priority_queue *ret;
+ void *els;
+- els = grub_malloc (elsize * 8);
++ els = grub_calloc (8, elsize);
+ if (!els)
+ return 0;
+ ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret));
+diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
+index ee9fa7b4feb..467305b46ab 100644
+--- a/grub-core/lib/reed_solomon.c
++++ b/grub-core/lib/reed_solomon.c
+@@ -20,6 +20,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#define xcalloc calloc
+ #define xmalloc malloc
+ #define grub_memset memset
+ #define grub_memcpy memcpy
+@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
+ gf_single_t *rs_polynomial;
+ int i, j;
+ gf_single_t *m;
+- m = xmalloc ((s + rs) * sizeof (gf_single_t));
++ m = xcalloc (s + rs, sizeof (gf_single_t));
+ grub_memcpy (m, data, s * sizeof (gf_single_t));
+- grub_memset (m + s, 0, rs * sizeof (gf_single_t));
+- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t));
+- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t));
++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t));
+ rs_polynomial[rs] = 1;
+ /* Multiply with X - a^r */
+ for (j = 0; j < rs; j++)
+diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
+index ea3ebc719b1..5847aac3643 100644
+--- a/grub-core/lib/relocator.c
++++ b/grub-core/lib/relocator.c
+@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel,
+ }
+ #endif
+
+- eventt = grub_malloc (maxevents * sizeof (events[0]));
++ eventt = grub_calloc (maxevents, sizeof (events[0]));
+ counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0]));
+- events = grub_malloc (maxevents * sizeof (events[0]));
++ events = grub_calloc (maxevents, sizeof (events[0]));
+ if (!events || !eventt || !counter)
+ {
+ grub_dprintf ("relocator", "events or counter allocation failed %d\n",
+@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel,
+ #endif
+ unsigned cural = 0;
+ int oom = 0;
+- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs);
++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0]));
+ if (!res->subchunks)
+ oom = 1;
+ res->nsubchunks = nallocs;
+@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
+ count[(chunk->src & 0xff) + 1]++;
+ }
+ }
+- from = grub_malloc (nchunks * sizeof (sorted[0]));
+- to = grub_malloc (nchunks * sizeof (sorted[0]));
++ from = grub_calloc (nchunks, sizeof (sorted[0]));
++ to = grub_calloc (nchunks, sizeof (sorted[0]));
+ if (!from || !to)
+ {
+ grub_free (from);
+diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c
+index b4f609d2d01..ea29d7a724a 100644
+--- a/grub-core/loader/arm/linux.c
++++ b/grub-core/loader/arm/linux.c
+@@ -77,7 +77,7 @@ linux_prepare_atag (void *target_atag)
+
+ /* some place for cmdline, initrd and terminator. */
+ tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4;
+- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t));
++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t));
+ if (!tmp_atag)
+ return grub_errno;
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 3630b0cbf2d..2da119ad513 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -119,18 +119,23 @@ static void
+ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ const char *str, grub_efi_uint16_t len)
+ {
+- grub_efi_char16_t *p;
++ grub_efi_char16_t *p, *path_name;
+ grub_efi_uint16_t size;
+
+ fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
+ fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
+
+- size = grub_utf8_to_utf16 (fp->path_name, len * GRUB_MAX_UTF16_PER_UTF8,
++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
++ if (!path_name)
++ return;
++
++ size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8,
+ (const grub_uint8_t *) str, len, 0);
+- for (p = fp->path_name; p < fp->path_name + size; p++)
++ for (p = path_name; p < path_name + size; p++)
+ if (*p == '/')
+ *p = '\\';
+
++ grub_memcpy (fp->path_name, path_name, size * sizeof (*fp->path_name));
+ /* File Path is NULL terminated */
+ fp->path_name[size++] = '\0';
+ fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
+diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c
+index af6741d157c..a8d8bf7daed 100644
+--- a/grub-core/loader/i386/bsdXX.c
++++ b/grub-core/loader/i386/bsdXX.c
+@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
+ if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
+ return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
+
+- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize);
+ if (! *shdr)
+ return grub_errno;
+
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index 59ef73a7385..ee0eaadc4ee 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d
+ return grub_errno;
+
+ len = grub_strlen (name);
+- utf16 = grub_malloc (sizeof (grub_uint16_t) * len);
++ utf16 = grub_calloc (len, sizeof (grub_uint16_t));
+ if (!utf16)
+ {
+ grub_free (utf8);
+@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor *
+ grub_uint16_t *utf16;
+ grub_err_t err;
+
+- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen);
++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t));
+ if (!utf16)
+ return grub_errno;
+ grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen);
+diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c
+index 59b195e27ea..f61341af515 100644
+--- a/grub-core/loader/macho.c
++++ b/grub-core/loader/macho.c
+@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit)
+ if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header))
+ == (grub_off_t) -1)
+ goto fail;
+- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+ if (!archs)
+ goto fail;
+ if (grub_file_read (macho->file, archs,
+diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
+index 70cd1db513e..cc6853692a8 100644
+--- a/grub-core/loader/multiboot_elfxx.c
++++ b/grub-core/loader/multiboot_elfxx.c
+@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
+ {
+ grub_uint8_t *shdr, *shdrptr;
+
+- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize);
++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize);
+ if (!shdr)
+ return grub_errno;
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index df8dfdb4ba0..dc7d5409e1e 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -792,7 +792,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)),
+ if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC)
+ {
+ narchs = grub_be_to_cpu32 (head.nfat_arch);
+- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+ if (! archs)
+ {
+ grub_file_close (file);
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 6a31cbae325..57b4e9a72a9 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+
+ /* Initialize variables. */
+ ctx.scanline_events = (struct grub_mmap_scan *)
+- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2);
+
+- present = grub_zalloc (sizeof (present[0]) * current_priority);
++ present = grub_calloc (current_priority, sizeof (present[0]));
+
+ if (! ctx.scanline_events || !present)
+ {
+diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
+index 8b6fc9f2411..adf36fa4a9d 100644
+--- a/grub-core/net/bootp.c
++++ b/grub-core/net/bootp.c
+@@ -1326,7 +1326,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)),
+ if (ncards == 0)
+ return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found"));
+
+- ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
++ ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
+ if (!ifaces)
+ return grub_errno;
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index 5d9afe093c0..e332d5eb4a4 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ ptr++;
+ ptr += 4;
+ }
+- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0])
+- * grub_be_to_cpu16 (head->ancount));
++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount),
++ sizeof ((*data->addresses)[0]));
+ if (!*data->addresses)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ dns_cache[h].addresses = 0;
+ dns_cache[h].name = grub_strdup (data->oname);
+ dns_cache[h].naddresses = *data->naddresses;
+- dns_cache[h].addresses = grub_malloc (*data->naddresses
+- * sizeof (dns_cache[h].addresses[0]));
++ dns_cache[h].addresses = grub_calloc (*data->naddresses,
++ sizeof (dns_cache[h].addresses[0]));
+ dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all;
+ if (!dns_cache[h].addresses || !dns_cache[h].name)
+ {
+@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name,
+ }
+ }
+
+- sockets = grub_malloc (sizeof (sockets[0]) * n_servers);
++ sockets = grub_calloc (n_servers, sizeof (sockets[0]));
+ if (!sockets)
+ return grub_errno;
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 19ff2d486a1..0e72bbb9b39 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -338,8 +338,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)),
+ ncards++;
+ }
+
+- ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
+- slaacs = grub_zalloc (ncards * sizeof (slaacs[0]));
++ ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
++ slaacs = grub_calloc (ncards, sizeof (slaacs[0]));
+ if (!ifaces || !slaacs)
+ {
+ grub_free (ifaces);
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index b0ab47d73fd..d57fb72faa8 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg,
+ {
+ grub_size_t msg_len = grub_strlen (msg);
+
+- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ if (!*unicode_msg)
+ return -1;
+@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ }
+ else
+ {
+- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1));
++ n = grub_calloc (out->ncomb + 1, sizeof (n[0]));
+ if (!n)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical,
+ } \
+ }
+
+- visual = grub_malloc (sizeof (visual[0]) * logical_len);
++ visual = grub_calloc (logical_len, sizeof (visual[0]));
+ if (!visual)
+ return -1;
+
+@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical,
+ {
+ const grub_uint32_t *line_start = logical, *ptr;
+ struct grub_unicode_glyph *visual_ptr;
+- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0])
+- * (logical_len + 2));
++ *visual_out = visual_ptr = grub_calloc (logical_len + 2,
++ 3 * sizeof (visual_ptr[0]));
+ if (!visual_ptr)
+ return -1;
+ for (ptr = logical; ptr <= logical + logical_len; ptr++)
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c037d5050ed..c57242e2ea9 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -41,7 +41,7 @@ grub_err_t
+ grub_set_history (int newsize)
+ {
+ grub_uint32_t **old_hist_lines = hist_lines;
+- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize);
++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *));
+
+ /* Copy the old lines into the new buffer. */
+ if (old_hist_lines)
+@@ -114,7 +114,7 @@ static void
+ grub_history_set (int pos, grub_uint32_t *s, grub_size_t len)
+ {
+ grub_free (hist_lines[pos]);
+- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t));
++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t));
+ if (!hist_lines[pos])
+ {
+ grub_print_error ();
+@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated)
+ char *ret;
+ unsigned nterms;
+
+- buf = grub_malloc (max_len * sizeof (grub_uint32_t));
++ buf = grub_calloc (max_len, sizeof (grub_uint32_t));
+ if (!buf)
+ return 0;
+
+@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated)
+ FOR_ACTIVE_TERM_OUTPUTS(cur)
+ nterms++;
+
+- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms);
++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0]));
+ if (!cl_terms)
+ {
+ grub_free (buf);
+@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated)
+ }
+ cl_term_cur = cl_terms;
+
+- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+ if (!unicode_msg)
+ {
+ grub_free (buf);
+@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated)
+ grub_uint32_t *insert;
+
+ insertlen = grub_strlen (insertu8);
+- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t));
++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t));
+ if (!insert)
+ {
+ grub_free (insertu8);
+@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated)
+
+ grub_free (kill_buf);
+
+- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t));
+ if (grub_errno)
+ {
+ grub_print_error ();
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index 5785f67ee1c..f31487c1f58 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep)
+ {
+ linep->len = 0;
+ linep->max_len = 80;
+- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0]));
+- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0]));
++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0]));
++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0]));
+ if (! linep->buf || !linep->pos)
+ {
+ grub_free (linep->buf);
+@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen,
+ pos = linep->pos + (term_screen - screen->terms);
+
+ if (!*pos)
+- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos));
++ *pos = grub_calloc (linep->len + 1, sizeof (**pos));
+
+ if (i == region_start || linep == screen->lines + screen->line
+ || (i > region_start && mode == ALL_LINES))
+@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update)
+
+ /* Insert the string. */
+ current_linep = screen->lines + screen->line;
+- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t));
+
+ if (!unicode_msg)
+ return 0;
+@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update)
+ if (completion_buffer.buf)
+ {
+ buflen = grub_strlen (completion_buffer.buf);
+- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1));
++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t));
+
+ if (!ucs4)
+ {
+@@ -1265,7 +1265,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+ for (i = 0; i < (unsigned) screen->num_lines; i++)
+ {
+ grub_free (screen->lines[i].pos);
+- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0]));
++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0]));
+ if (! screen->lines[i].pos)
+ {
+ grub_print_error ();
+@@ -1275,7 +1275,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+ }
+ }
+
+- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0]));
++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0]));
+ if (!screen->terms)
+ {
+ grub_print_error ();
+diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
+index 7681f7d2893..ca135624356 100644
+--- a/grub-core/normal/menu_text.c
++++ b/grub-core/normal/menu_text.c
+@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left,
+ grub_size_t msg_len = grub_strlen (msg) + 2;
+ int ret = 0;
+
+- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ if (!unicode_msg)
+ return 0;
+@@ -167,7 +167,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry,
+
+ title = entry ? entry->title : "";
+ title_len = grub_strlen (title);
+- unicode_title = grub_malloc (title_len * sizeof (*unicode_title));
++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title));
+ if (! unicode_title)
+ /* XXX How to show this error? */
+ return;
+diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c
+index ac5d69f0fb5..93a3a0d912e 100644
+--- a/grub-core/normal/term.c
++++ b/grub-core/normal/term.c
+@@ -264,7 +264,7 @@ grub_term_save_pos (void)
+ FOR_ACTIVE_TERM_OUTPUTS(cur)
+ cnt++;
+
+- ret = grub_malloc (cnt * sizeof (ret[0]));
++ ret = grub_calloc (cnt, sizeof (ret[0]));
+ if (!ret)
+ return NULL;
+
+@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len)
+
+ grub_error_push ();
+
+- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ grub_error_pop ();
+
+diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
+index 388a0f70638..e450f5f0a4c 100644
+--- a/grub-core/osdep/linux/getroot.c
++++ b/grub-core/osdep/linux/getroot.c
+@@ -176,7 +176,7 @@ grub_util_raid_getmembers (const char *name, int bootable)
+ if (ret != 0)
+ grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno));
+
+- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *));
++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *));
+
+ for (i = 0, j = 0; j < info.nr_disks; i++)
+ {
+@@ -249,7 +249,7 @@ grub_find_root_devices_from_btrfs (const char *dir)
+ return NULL;
+ }
+
+- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0]));
++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0]));
+
+ for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++)
+ {
+@@ -508,7 +508,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot)
+ if (relroot)
+ *relroot = NULL;
+
+- entries = xmalloc (entry_max * sizeof (*entries));
++ entries = xcalloc (entry_max, sizeof (*entries));
+
+ again:
+ fp = grub_util_fopen ("/proc/self/mountinfo", "r");
+diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c
+index b637c58efb7..46a881530c0 100644
+--- a/grub-core/osdep/unix/config.c
++++ b/grub-core/osdep/unix/config.c
+@@ -102,7 +102,7 @@ grub_util_load_config (struct grub_util_config *cfg)
+ argv[0] = "sh";
+ argv[1] = "-c";
+
+- script = xmalloc (4 * strlen (cfgfile) + 300);
++ script = xcalloc (4, strlen (cfgfile) + 300);
+
+ ptr = script;
+ memcpy (ptr, ". '", 3);
+diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c
+index 661d9546192..eada663b261 100644
+--- a/grub-core/osdep/windows/getroot.c
++++ b/grub-core/osdep/windows/getroot.c
+@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path)
+
+ for (ptr = path; *ptr; ptr++);
+ allocsize = (ptr - path + 10) * 2;
+- out = xmalloc (allocsize * sizeof (out[0]));
++ out = xcalloc (allocsize, sizeof (out[0]));
+
+ /* When pointing to EFI system partition GetVolumePathName fails
+ for ESP root and returns abberant information for everything
+diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c
+index 6f49df465d7..580b3f2dae7 100644
+--- a/grub-core/osdep/windows/hostdisk.c
++++ b/grub-core/osdep/windows/hostdisk.c
+@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path)
+
+ while (1)
+ {
+- fpa = xmalloc (alloc * sizeof (fpa[0]));
++ fpa = xcalloc (alloc, sizeof (fpa[0]));
+
+ len = GetFullPathName (tpath, alloc, fpa, NULL);
+ if (len >= alloc)
+@@ -393,7 +393,7 @@ grub_util_fd_opendir (const char *name)
+ for (l = 0; name_windows[l]; l++);
+ for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--);
+ l++;
+- pattern = xmalloc ((l + 3) * sizeof (pattern[0]));
++ pattern = xcalloc (l + 3, sizeof (pattern[0]));
+ memcpy (pattern, name_windows, l * sizeof (pattern[0]));
+ pattern[l] = '\\';
+ pattern[l + 1] = '*';
+diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c
+index e8ffd62c6a0..6297de6326a 100644
+--- a/grub-core/osdep/windows/init.c
++++ b/grub-core/osdep/windows/init.c
+@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)),
+ LPWSTR *targv;
+
+ targv = CommandLineToArgvW (tcmdline, argc);
+- *argv = xmalloc ((*argc + 1) * sizeof (argv[0]));
++ *argv = xcalloc (*argc + 1, sizeof (argv[0]));
+
+ for (i = 0; i < *argc; i++)
+ (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]);
+diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c
+index 912269191eb..04e0eda9aeb 100644
+--- a/grub-core/osdep/windows/platform.c
++++ b/grub-core/osdep/windows/platform.c
+@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev,
+ grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode"));
+
+ distrib8_len = grub_strlen (efi_distributor);
+- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8
+- * sizeof (grub_uint16_t));
++ distributor16 = xcalloc (distrib8_len + 1,
++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t));
+ distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8,
+ (const grub_uint8_t *) efi_distributor,
+ distrib8_len, 0);
+diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c
+index cb0861744ae..478e8ef14d5 100644
+--- a/grub-core/osdep/windows/relpath.c
++++ b/grub-core/osdep/windows/relpath.c
+@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path)
+ if (dirwindows[0] && dirwindows[1] == ':')
+ offset = 2;
+ }
+- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2));
++ ret = xcalloc (flen - offset + 2, sizeof (ret[0]));
+ if (dirwindows[offset] != '\\'
+ && dirwindows[offset] != '/'
+ && dirwindows[offset])
+diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c
+index 103f6796f39..72a2e37cd48 100644
+--- a/grub-core/partmap/gpt.c
++++ b/grub-core/partmap/gpt.c
+@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+ *nsectors = ctx.len;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c
+index 6d4b455a19c..81ca6b90e67 100644
+--- a/grub-core/partmap/msdos.c
++++ b/grub-core/partmap/msdos.c
+@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+ avail_nsectors = *nsectors;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 7d327f59d92..528ddfd36f0 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -587,7 +587,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str)
+ for (iptr = orig_str; *iptr; iptr++)
+ if (*iptr == '$')
+ dollar_cnt++;
+- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt);
++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0]));
+
+ if (parse_string (orig_str, gettext_save_allow, &ctx, 0))
+ goto fail;
+diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c
+index 2d60852989c..b5eb516be2d 100644
+--- a/grub-core/tests/fake_input.c
++++ b/grub-core/tests/fake_input.c
+@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in)
+ saved = grub_term_inputs;
+ if (seq)
+ grub_free (seq);
+- seq = grub_malloc (nseq_in * sizeof (seq[0]));
++ seq = grub_calloc (nseq_in, sizeof (seq[0]));
+ if (!seq)
+ return;
+
+diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c
+index 74d5b65e5c7..44d0810698a 100644
+--- a/grub-core/tests/video_checksum.c
++++ b/grub-core/tests/video_checksum.c
+@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname,
+ {
+ case 4:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname,
+ }
+ case 3:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname,
+ }
+ case 2:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
+index 4f83c744116..4d3195e017b 100644
+--- a/grub-core/video/capture.c
++++ b/grub-core/video/capture.c
+@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
+ framebuffer.mode_info = *mode_info;
+ framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info);
+
+- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch);
++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
+ if (!framebuffer.ptr)
+ return grub_errno;
+
+diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c
+index a2f639f66de..0ebab6f57dd 100644
+--- a/grub-core/video/emu/sdl.c
++++ b/grub-core/video/emu/sdl.c
+@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count,
+ if (start + count > mode_info.number_of_colors)
+ count = mode_info.number_of_colors - start;
+
+- tmp = grub_malloc (count * sizeof (tmp[0]));
++ tmp = grub_calloc (count, sizeof (tmp[0]));
+ for (i = 0; i < count; i++)
+ {
+ tmp[i].r = palette_data[i].r;
+diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
+index 01f47112d37..b2f776c997b 100644
+--- a/grub-core/video/i386/pc/vga.c
++++ b/grub-core/video/i386/pc/vga.c
+@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
+
+ vga_height = height ? : 480;
+
+- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH);
++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH);
+ framebuffer.front_page = 0;
+ framebuffer.back_page = 0;
+ if (!framebuffer.temporary_buffer)
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index e1a01e99fd0..e85df3c1b04 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ if (data->is_16bit || data->is_gray || data->is_palette)
+ #endif
+ {
+- data->image_data = grub_malloc (data->image_height * data->row_bytes);
++ data->image_data = grub_calloc (data->image_height, data->row_bytes);
+ if (grub_errno)
+ return grub_errno;
+
+diff --git a/util/getroot.c b/util/getroot.c
+index fa3460d6cd8..6feb2a4de40 100644
+--- a/util/getroot.c
++++ b/util/getroot.c
+@@ -219,7 +219,7 @@ make_device_name (const char *drive)
+ char *ret, *ptr;
+ const char *iptr;
+
+- ret = xmalloc (strlen (drive) * 2);
++ ret = xcalloc (2, strlen (drive));
+ ptr = ret;
+ for (iptr = drive; *iptr; iptr++)
+ {
+diff --git a/util/grub-file.c b/util/grub-file.c
+index 50c18b6835a..b2e7dd69f4c 100644
+--- a/util/grub-file.c
++++ b/util/grub-file.c
+@@ -54,7 +54,7 @@ main (int argc, char *argv[])
+
+ grub_util_host_init (&argc, &argv);
+
+- argv2 = xmalloc (argc * sizeof (argv2[0]));
++ argv2 = xcalloc (argc, sizeof (argv2[0]));
+
+ if (argc == 2 && strcmp (argv[1], "--version") == 0)
+ {
+diff --git a/util/grub-fstest.c b/util/grub-fstest.c
+index a358ae47152..793aefa02b1 100644
+--- a/util/grub-fstest.c
++++ b/util/grub-fstest.c
+@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
+ if (args_count < num_disks)
+ {
+ if (args_count == 0)
+- images = xmalloc (num_disks * sizeof (images[0]));
++ images = xcalloc (num_disks, sizeof (images[0]));
+ images[args_count] = grub_canonicalize_file_name (arg);
+ args_count++;
+ return 0;
+@@ -734,7 +734,7 @@ main (int argc, char *argv[])
+
+ grub_util_host_init (&argc, &argv);
+
+- args = xmalloc (argc * sizeof (args[0]));
++ args = xcalloc (argc, sizeof (args[0]));
+
+ argp_parse (&argp, argc, argv, 0, 0, 0);
+
+diff --git a/util/grub-install-common.c b/util/grub-install-common.c
+index 0a2e24a79f1..cf993c059ad 100644
+--- a/util/grub-install-common.c
++++ b/util/grub-install-common.c
+@@ -281,7 +281,7 @@ handle_install_list (struct install_list *il, const char *val,
+ il->n_entries++;
+ }
+ il->n_alloc = il->n_entries + 1;
+- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0]));
++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0]));
+ ptr = val;
+ for (ce = il->entries; ; ce++)
+ {
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 16f137ca854..3bf0e063a86 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -623,7 +623,7 @@ device_map_check_duplicates (const char *dev_map)
+ if (! fp)
+ return;
+
+- d = xmalloc (alloced * sizeof (d[0]));
++ d = xcalloc (alloced, sizeof (d[0]));
+
+ while (fgets (buf, sizeof (buf), fp))
+ {
+@@ -1232,7 +1232,7 @@ main (int argc, char *argv[])
+ ndev++;
+ }
+
+- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1));
++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0]));
+
+ for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
+ curdrive++)
+diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
+index a483c674c49..f9aa1a033b5 100644
+--- a/util/grub-mkimagexx.c
++++ b/util/grub-mkimagexx.c
+@@ -1999,10 +1999,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
+ + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize);
+ smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset);
+
+- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections);
+- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections);
+- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections);
+- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections);
++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs));
++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs));
+
+ SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target);
+
+diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
+index 9545945d8f3..21e72bde474 100644
+--- a/util/grub-mkrescue.c
++++ b/util/grub-mkrescue.c
+@@ -441,8 +441,8 @@ main (int argc, char *argv[])
+ xorriso = xstrdup ("xorriso");
+ label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2");
+
+- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc);
+- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc);
++ argp_argv = xcalloc (argc, sizeof (argp_argv[0]));
++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0]));
+
+ xorriso_tail_argc = 0;
+ /* Program name */
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index 4907d44c0bd..edf309717c3 100644
+--- a/util/grub-mkstandalone.c
++++ b/util/grub-mkstandalone.c
+@@ -296,7 +296,7 @@ main (int argc, char *argv[])
+ grub_util_host_init (&argc, &argv);
+ grub_util_disable_fd_syncs ();
+
+- files = xmalloc ((argc + 1) * sizeof (files[0]));
++ files = xcalloc (argc + 1, sizeof (files[0]));
+
+ argp_parse (&argp, argc, argv, 0, 0, 0);
+
+diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c
+index 0d4084a108e..11331294f1b 100644
+--- a/util/grub-pe2elf.c
++++ b/util/grub-pe2elf.c
+@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image,
+ char *pe_strtab = (image + pe_chdr->symtab_offset
+ + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol));
+
+- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int));
++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int));
+ section_map[0] = 0;
+- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0]));
++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0]));
+ idx = 1;
+ idx_reloc = pe_chdr->num_sections + 1;
+
+@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image,
+
+ pe_sec = pe_shdr + shdr[i].sh_link;
+ pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset);
+- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t));
++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t));
+ num_rels = 0;
+ modified = 0;
+
+@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image,
+ pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset);
+ pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols);
+
+- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) *
+- sizeof (Elf_Sym));
+- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym));
++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym));
+ num_syms = 1;
+
+- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int));
++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int));
+
+ for (i = 0; i < (int) pe_chdr->num_symbols;
+ i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1)
+diff --git a/util/grub-probe.c b/util/grub-probe.c
+index e45dbf9e049..2a8c2cdffd5 100644
+--- a/util/grub-probe.c
++++ b/util/grub-probe.c
+@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim)
+ grub_util_pull_device (*curdev);
+ ndev++;
+ }
+-
+- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1));
++
++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0]));
+
+ for (curdev = device_names, curdrive = drives_names; *curdev; curdev++,
+ curdrive++)
+diff --git a/include/grub/unicode.h b/include/grub/unicode.h
+index a0403e91f9a..4de986a8576 100644
+--- a/include/grub/unicode.h
++++ b/include/grub/unicode.h
+@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in)
+ grub_memcpy (out, in, sizeof (*in));
+ if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+ {
+- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+ if (!out->combining_ptr)
+ {
+ grub_free (out);
+@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out,
+ grub_memcpy (out, in, sizeof (*in));
+ if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+ {
+- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+ if (!out->combining_ptr)
+ return;
+ grub_memcpy (out->combining_ptr, in->combining_ptr,
+--
+2.26.2
+
diff --git a/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch
new file mode 100644
index 0000000..063510f
--- /dev/null
+++ b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -0,0 +1,1323 @@
+From 05c062003cff8dbbf1b394fa836378e88522e29c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:28:27 -0400
+Subject: [PATCH 285/314] malloc: Use overflow checking primitives where we do
+ complex allocations
+
+This attempts to fix the places where we do the following where
+arithmetic_expr may include unvalidated data:
+
+ X = grub_malloc(arithmetic_expr);
+
+It accomplishes this by doing the arithmetic ahead of time using grub_add(),
+grub_sub(), grub_mul() and testing for overflow before proceeding.
+
+Among other issues, this fixes:
+ - allocation of integer overflow in grub_video_bitmap_create()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_png_decode_image_header()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_squash_read_symlink()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_ext2_read_symlink()
+ reported by Chris Coulson,
+ - allocation of integer overflow in read_section_as_string()
+ reported by Chris Coulson.
+
+Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 5fb2befbf04
+---
+ grub-core/commands/legacycfg.c | 29 +++++++++++++++----
+ grub-core/commands/wildcard.c | 36 ++++++++++++++++++++----
+ grub-core/disk/ldm.c | 32 +++++++++++++++------
+ grub-core/font/font.c | 7 ++++-
+ grub-core/fs/btrfs.c | 29 +++++++++++++------
+ grub-core/fs/ext2.c | 10 ++++++-
+ grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++----------
+ grub-core/fs/sfs.c | 27 ++++++++++++++----
+ grub-core/fs/squash4.c | 45 ++++++++++++++++++++++--------
+ grub-core/fs/udf.c | 41 +++++++++++++++++----------
+ grub-core/fs/xfs.c | 11 +++++---
+ grub-core/fs/zfs/zfs.c | 22 ++++++++++-----
+ grub-core/fs/zfs/zfscrypt.c | 7 ++++-
+ grub-core/lib/arg.c | 20 +++++++++++--
+ grub-core/loader/i386/bsd.c | 8 +++++-
+ grub-core/net/dns.c | 9 +++++-
+ grub-core/normal/charset.c | 10 +++++--
+ grub-core/normal/cmdline.c | 14 ++++++++--
+ grub-core/normal/menu_entry.c | 13 +++++++--
+ grub-core/script/argv.c | 16 +++++++++--
+ grub-core/script/lexer.c | 21 ++++++++++++--
+ grub-core/video/bitmap.c | 25 +++++++++++------
+ grub-core/video/readers/png.c | 13 +++++++--
+ 23 files changed, 383 insertions(+), 113 deletions(-)
+
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index da66a8927c4..0de070eacc4 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -32,6 +32,7 @@
+ #include <grub/auth.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -104,13 +105,22 @@ legacy_file (const char *filename)
+ if (newsuffix)
+ {
+ char *t;
+-
++ grub_size_t sz;
++
++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) ||
++ grub_add (sz, 1, &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail_0;
++ }
++
+ t = suffix;
+- suffix = grub_realloc (suffix, grub_strlen (suffix)
+- + grub_strlen (newsuffix) + 1);
++ suffix = grub_realloc (suffix, sz);
+ if (!suffix)
+ {
+ grub_free (t);
++
++ fail_0:
+ grub_free (entrysrc);
+ grub_free (parsed);
+ grub_free (newsuffix);
+@@ -154,13 +164,22 @@ legacy_file (const char *filename)
+ else
+ {
+ char *t;
++ grub_size_t sz;
++
++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) ||
++ grub_add (sz, 1, &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail_1;
++ }
+
+ t = entrysrc;
+- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc)
+- + grub_strlen (parsed) + 1);
++ entrysrc = grub_realloc (entrysrc, sz);
+ if (!entrysrc)
+ {
+ grub_free (t);
++
++ fail_1:
+ grub_free (parsed);
+ grub_free (suffix);
+ return grub_errno;
+diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
+index 02c46f9fdfa..c223411371e 100644
+--- a/grub-core/commands/wildcard.c
++++ b/grub-core/commands/wildcard.c
+@@ -23,6 +23,7 @@
+ #include <grub/file.h>
+ #include <grub/device.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+
+ #include <regex.h>
+
+@@ -48,6 +49,7 @@ merge (char **dest, char **ps)
+ int i;
+ int j;
+ char **p;
++ grub_size_t sz;
+
+ if (! dest)
+ return ps;
+@@ -60,7 +62,12 @@ merge (char **dest, char **ps)
+ for (j = 0; ps[j]; j++)
+ ;
+
+- p = grub_realloc (dest, sizeof (char*) * (i + j + 1));
++ if (grub_add (i, j, &sz) ||
++ grub_add (sz, 1, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return dest;
++
++ p = grub_realloc (dest, sz);
+ if (! p)
+ {
+ grub_free (dest);
+@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp)
+ char ch;
+ int i = 0;
+ unsigned len = end - start;
+- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */
++ char *buffer;
++ grub_size_t sz;
+
++ /* Worst case size is (len * 2 + 2 + 1). */
++ if (grub_mul (len, 2, &sz) ||
++ grub_add (sz, 3, &sz))
++ return 1;
++
++ buffer = grub_malloc (sz);
+ if (! buffer)
+ return 1;
+
+@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data)
+ struct match_devices_ctx *ctx = data;
+ char **t;
+ char *buffer;
++ grub_size_t sz;
+
+ /* skip partitions if asked to. */
+ if (ctx->noparts && grub_strchr (name, ','))
+@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data)
+ if (regexec (ctx->regexp, buffer, 0, 0, 0))
+ {
+ grub_dprintf ("expand", "not matched\n");
++ fail:
+ grub_free (buffer);
+ return 0;
+ }
+
+- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2));
++ if (grub_add (ctx->ndev, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ goto fail;
++
++ t = grub_realloc (ctx->devs, sz);
+ if (! t)
+ {
+ grub_free (buffer);
+@@ -300,6 +320,7 @@ match_files_iter (const char *name,
+ struct match_files_ctx *ctx = data;
+ char **t;
+ char *buffer;
++ grub_size_t sz;
+
+ /* skip . and .. names */
+ if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0)
+@@ -315,9 +336,14 @@ match_files_iter (const char *name,
+ if (! buffer)
+ return 1;
+
+- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2));
+- if (! t)
++ if (grub_add (ctx->nfile, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ goto fail;
++
++ t = grub_realloc (ctx->files, sz);
++ if (!t)
+ {
++ fail:
+ grub_free (buffer);
+ return 1;
+ }
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index e6323701ab3..58f8a53e1ab 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -25,6 +25,7 @@
+ #include <grub/msdos_partition.h>
+ #include <grub/gpt_partition.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ #ifdef GRUB_UTIL
+ #include <grub/emu/misc.h>
+@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk,
+ struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
+ / sizeof (struct grub_ldm_vblk)];
+ unsigned i;
++ grub_size_t sz;
+ err = grub_disk_read (disk, cursec, 0,
+ sizeof(vblk), &vblk);
+ if (err)
+@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk,
+ grub_free (lv);
+ goto fail2;
+ }
+- lv->name = grub_malloc (*ptr + 1);
++ if (grub_add (*ptr, 1, &sz))
++ {
++ grub_free (lv->internal_id);
++ grub_free (lv);
++ goto fail2;
++ }
++ lv->name = grub_malloc (sz);
+ if (!lv->name)
+ {
+ grub_free (lv->internal_id);
+@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk,
+ if (lv->segments->node_alloc == lv->segments->node_count)
+ {
+ void *t;
+- lv->segments->node_alloc *= 2;
+- t = grub_realloc (lv->segments->nodes,
+- sizeof (*lv->segments->nodes)
+- * lv->segments->node_alloc);
++ grub_size_t sz;
++
++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
++ goto fail2;
++
++ t = grub_realloc (lv->segments->nodes, sz);
+ if (!t)
+ goto fail2;
+ lv->segments->nodes = t;
+@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk,
+ if (comp->segment_alloc == comp->segment_count)
+ {
+ void *t;
+- comp->segment_alloc *= 2;
+- t = grub_realloc (comp->segments,
+- comp->segment_alloc
+- * sizeof (*comp->segments));
++ grub_size_t sz;
++
++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) ||
++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz))
++ goto fail2;
++
++ t = grub_realloc (comp->segments, sz);
+ if (!t)
+ goto fail2;
+ comp->segments = t;
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 68967dc1c2b..d63354fb51b 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -30,6 +30,7 @@
+ #include <grub/unicode.h>
+ #include <grub/fontformat.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -360,9 +361,13 @@ static char *
+ read_section_as_string (struct font_file_section *section)
+ {
+ char *str;
++ grub_size_t sz;
+ grub_ssize_t ret;
+
+- str = grub_malloc (section->length + 1);
++ if (grub_add (section->length, 1, &sz))
++ return NULL;
++
++ str = grub_malloc (sz);
+ if (!str)
+ return 0;
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 8c8aa9c3103..1d801f6c9ee 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -33,6 +33,7 @@
+ #include <grub/env.h>
+ #include <grub/extcmd.h>
+ #include <grub/list.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -321,9 +322,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc,
+ if (desc->allocated < desc->depth)
+ {
+ void *newdata;
+- desc->allocated *= 2;
+- newdata = grub_realloc (desc->data, sizeof (desc->data[0])
+- * desc->allocated);
++ grub_size_t sz;
++
++ if (grub_mul (desc->allocated, 2, &desc->allocated) ||
++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ newdata = grub_realloc (desc->data, sz);
+ if (!newdata)
+ return grub_errno;
+ desc->data = newdata;
+@@ -618,15 +623,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan)
+ if (data->n_devices_attached > data->n_devices_allocated)
+ {
+ void *tmp;
+- data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+- data->devices_attached
+- = grub_realloc (tmp = data->devices_attached,
+- data->n_devices_allocated
+- * sizeof (data->devices_attached[0]));
++ grub_size_t sz;
++
++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++ goto fail;
++
++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+ if (!data->devices_attached)
+ {
+- grub_device_close (ctx.dev_found);
+ data->devices_attached = tmp;
++
++ fail:
++ if (ctx.dev_found)
++ grub_device_close (ctx.dev_found);
+ return NULL;
+ }
+ }
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index b8ad75a0ff7..b4bd019f49a 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -46,6 +46,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ {
+ char *symlink;
+ struct grub_fshelp_node *diro = node;
++ grub_size_t sz;
+
+ if (! diro->inode_read)
+ {
+@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ }
+ }
+
+- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ symlink = grub_malloc (sz);
+ if (! symlink)
+ return 0;
+
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 092b8f409ec..f45841e2b47 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -28,6 +28,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx,
+ int len2)
+ {
+ int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
++ grub_size_t sz;
+
+- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1);
++ if (grub_add (size, len2, &sz) ||
++ grub_add (sz, 1, &sz))
++ return;
++
++ ctx->symlink = grub_realloc (ctx->symlink, sz);
+ if (! ctx->symlink)
+ return;
+
+@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ {
+ grub_size_t off = 0, csize = 1;
+ char *old;
++ grub_size_t sz;
++
+ csize = entry->len - 5;
+ old = ctx->filename;
+ if (ctx->filename_alloc)
+ {
+ off = grub_strlen (ctx->filename);
+- ctx->filename = grub_realloc (ctx->filename, csize + off + 1);
++ if (grub_add (csize, off, &sz) ||
++ grub_add (sz, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ ctx->filename = grub_realloc (ctx->filename, sz);
+ }
+ else
+ {
+ off = 0;
+- ctx->filename = grub_zalloc (csize + 1);
++ if (grub_add (csize, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ ctx->filename = grub_zalloc (sz);
+ }
+ if (!ctx->filename)
+ {
+@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ if (node->have_dirents >= node->alloc_dirents)
+ {
+ struct grub_fshelp_node *new_node;
+- node->alloc_dirents *= 2;
+- new_node = grub_realloc (node,
+- sizeof (struct grub_fshelp_node)
+- + ((node->alloc_dirents
+- - ARRAY_SIZE (node->dirents))
+- * sizeof (node->dirents[0])));
++ grub_size_t sz;
++
++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) ||
++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++ grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz))
++ goto fail_0;
++
++ new_node = grub_realloc (node, sz);
+ if (!new_node)
+ {
++ fail_0:
+ if (ctx.filename_alloc)
+ grub_free (ctx.filename);
+ grub_free (node);
+@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1)
+ {
+ struct grub_fshelp_node *new_node;
+- new_node = grub_realloc (node,
+- sizeof (struct grub_fshelp_node)
+- + ((node->alloc_dirents
+- - ARRAY_SIZE (node->dirents))
+- * sizeof (node->dirents[0]))
+- + grub_strlen (ctx.symlink) + 1);
++ grub_size_t sz;
++
++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++ grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) ||
++ grub_add (sz, grub_strlen (ctx.symlink), &sz))
++ goto fail_1;
++
++ new_node = grub_realloc (node, sz);
+ if (!new_node)
+ {
++ fail_1:
+ if (ctx.filename_alloc)
+ grub_free (ctx.filename);
+ grub_free (node);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 663931717fd..3ddc6b5e287 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ if (node->cache && node->cache_size >= node->cache_allocated)
+ {
+ struct cache_entry *e = node->cache;
+- e = grub_realloc (node->cache,node->cache_allocated * 2
+- * sizeof (e[0]));
++ grub_size_t sz;
++
++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz))
++ goto fail;
++
++ e = grub_realloc (node->cache, sz);
+ if (!e)
+ {
++ fail:
+ grub_errno = 0;
+ grub_free (node->cache);
+ node->cache = 0;
+@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node,
+ grub_size_t len = grub_strlen (name);
+ grub_uint8_t *name_u8;
+ int ret;
++ grub_size_t sz;
++
++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++ grub_add (sz, 1, &sz))
++ return 1;
++
+ *node = grub_malloc (sizeof (**node));
+ if (!*node)
+ return 1;
+- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ name_u8 = grub_malloc (sz);
+ if (!name_u8)
+ {
+ grub_free (*node);
+@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label)
+ data = grub_sfs_mount (disk);
+ if (data)
+ {
+- grub_size_t len = grub_strlen (data->label);
+- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ grub_size_t sz, len = grub_strlen (data->label);
++
++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++ grub_add (sz, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ *label = grub_malloc (sz);
+ if (*label)
+ *grub_latin1_to_utf8 ((grub_uint8_t *) *label,
+ (const grub_uint8_t *) data->label,
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index 2c967c65a42..f9bef38fc42 100644
+--- a/grub-core/fs/squash4.c
++++ b/grub-core/fs/squash4.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/deflate.h>
++#include <grub/safemath.h>
+ #include <minilzo.h>
+
+ #include "xz.h"
+@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node)
+ {
+ char *ret;
+ grub_err_t err;
+- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1);
++ grub_size_t sz;
++
++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ ret = grub_malloc (sz);
++ if (!ret)
++ return NULL;
+
+ err = read_chunk (node->data, ret,
+ grub_le_to_cpu32 (node->ino.symlink.namelen),
+@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+
+ {
+ grub_fshelp_node_t node;
+- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_size_t sz;
++
++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (!node)
+ return 0;
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz);
+ if (hook (".", GRUB_FSHELP_DIR, node, hook_data))
+ return 1;
+
+@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ {
+ grub_err_t err;
+
+- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (!node)
+ return 0;
+
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz);
+
+ node->stsize--;
+ err = read_chunk (dir->data, &node->ino, sizeof (node->ino),
+@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG;
+ struct grub_squash_dirent di;
+ struct grub_squash_inode ino;
++ grub_size_t sz;
+
+ err = read_chunk (dir->data, &di, sizeof (di),
+ grub_le_to_cpu64 (dir->data->sb.diroffset)
+@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK)
+ filetype = GRUB_FSHELP_SYMLINK;
+
+- node = grub_malloc (sizeof (*node)
+- + (dir->stsize + 1) * sizeof (dir->stack[0]));
++ if (grub_add (dir->stsize, 1, &sz) ||
++ grub_mul (sz, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (! node)
+ return 0;
+
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0]));
+
+ node->ino = ino;
+ node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index 44481da7c6d..be41b48f913 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -28,6 +28,7 @@
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
+ #include <grub/udf.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2];
+ }
+ if (!outbuf)
+- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ {
++ grub_size_t size;
++
++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) ||
++ grub_add (size, 1, &size))
++ goto fail;
++
++ outbuf = grub_malloc (size);
++ }
+ if (outbuf)
+ *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0';
++
++ fail:
+ grub_free (utf16);
+ return outbuf;
+ }
+@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ grub_size_t sz = U64 (node->block.fe.file_size);
+ grub_uint8_t *raw;
+ const grub_uint8_t *ptr;
+- char *out, *optr;
++ char *out = NULL, *optr;
+
+ if (sz < 4)
+ return NULL;
+@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ if (!raw)
+ return NULL;
+ if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0)
+- {
+- grub_free (raw);
+- return NULL;
+- }
++ goto fail_1;
+
+- out = grub_malloc (sz * 2 + 1);
++ if (grub_mul (sz, 2, &sz) ||
++ grub_add (sz, 1, &sz))
++ goto fail_0;
++
++ out = grub_malloc (sz);
+ if (!out)
+ {
++ fail_0:
+ grub_free (raw);
+ return NULL;
+ }
+@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ {
+ grub_size_t s;
+ if ((grub_size_t) (ptr - raw + 4) > sz)
+- goto fail;
++ goto fail_1;
+ if (!(ptr[2] == 0 && ptr[3] == 0))
+- goto fail;
++ goto fail_1;
+ s = 4 + ptr[1];
+ if ((grub_size_t) (ptr - raw + s) > sz)
+- goto fail;
++ goto fail_1;
+ switch (*ptr)
+ {
+ case 1:
+ if (ptr[1])
+- goto fail;
++ goto fail_1;
+ /* Fallthrough. */
+ case 2:
+ /* in 4 bytes. out: 1 byte. */
+@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ if (optr != out)
+ *optr++ = '/';
+ if (!read_string (ptr + 4, s - 4, optr))
+- goto fail;
++ goto fail_1;
+ optr += grub_strlen (optr);
+ break;
+ default:
+- goto fail;
++ goto fail_1;
+ }
+ ptr += s;
+ }
+@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ grub_free (raw);
+ return out;
+
+- fail:
++ fail_1:
+ grub_free (raw);
+ grub_free (out);
+ grub_error (GRUB_ERR_BAD_FS, "invalid symlink");
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index 3b00c744e23..66e66dd58cc 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -899,6 +900,7 @@ static struct grub_xfs_data *
+ grub_xfs_mount (grub_disk_t disk)
+ {
+ struct grub_xfs_data *data = 0;
++ grub_size_t sz;
+
+ data = grub_zalloc (sizeof (struct grub_xfs_data));
+ if (!data)
+@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk)
+ if (!grub_xfs_sb_valid(data))
+ goto fail;
+
+- data = grub_realloc (data,
+- sizeof (struct grub_xfs_data)
+- - sizeof (struct grub_xfs_inode)
+- + grub_xfs_inode_size(data) + 1);
++ if (grub_add (grub_xfs_inode_size (data),
++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz))
++ goto fail;
++
++ data = grub_realloc (data, sz);
+
+ if (! data)
+ goto fail;
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index f6b95d4fb02..c6204367e78 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -55,6 +55,7 @@
+ #include <grub/deflate.h>
+ #include <grub/crypto.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data,
+ if (data->n_devices_attached > data->n_devices_allocated)
+ {
+ void *tmp;
+- data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+- data->devices_attached
+- = grub_realloc (tmp = data->devices_attached,
+- data->n_devices_allocated
+- * sizeof (data->devices_attached[0]));
++ grub_size_t sz;
++
++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+ if (!data->devices_attached)
+ {
+ data->devices_attached = tmp;
+@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name)
+ {
+ char *nvpair;
+ char *ret;
+- grub_size_t size;
++ grub_size_t size, sz;
+ int found;
+
+ found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair,
+ &size, 0);
+ if (!found)
+ return 0;
+- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t));
++
++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz))
++ return 0;
++
++ ret = grub_zalloc (sz);
+ if (!ret)
+ return 0;
+ grub_memcpy (ret, nvlist, sizeof (grub_uint32_t));
+diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c
+index 87eef621d6d..f8488c35344 100644
+--- a/grub-core/fs/zfs/zfscrypt.c
++++ b/grub-core/fs/zfs/zfscrypt.c
+@@ -22,6 +22,7 @@
+ #include <grub/misc.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/zfs/zfs.h>
+@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in,
+ int passphrase)
+ {
+ struct grub_zfs_wrap_key *key;
++ grub_size_t sz;
++
+ if (!passphrase && keylen > 32)
+ keylen = 32;
+- key = grub_malloc (sizeof (*key) + keylen);
++ if (grub_add (sizeof (*key), keylen, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ key = grub_malloc (sz);
+ if (!key)
+ return grub_errno;
+ key->is_passphrase = passphrase;
+diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c
+index fd7744a6ff6..3288609a5e1 100644
+--- a/grub-core/lib/arg.c
++++ b/grub-core/lib/arg.c
+@@ -23,6 +23,7 @@
+ #include <grub/term.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ /* Built-in parser for default options. */
+ static const struct grub_arg_option help_options[] =
+@@ -216,7 +217,13 @@ static inline grub_err_t
+ add_arg (char ***argl, int *num, char *s)
+ {
+ char **p = *argl;
+- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *));
++ grub_size_t sz;
++
++ if (grub_add (++(*num), 1, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++ *argl = grub_realloc (*argl, sz);
+ if (! *argl)
+ {
+ grub_free (p);
+@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ grub_size_t argcnt;
+ struct grub_arg_list *list;
+ const struct grub_arg_option *options;
++ grub_size_t sz0, sz1;
+
+ options = extcmd->options;
+ if (! options)
+@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */
+ }
+
+- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt);
++ if (grub_mul (sizeof (*list), i, &sz0) ||
++ grub_mul (sizeof (char *), argcnt, &sz1) ||
++ grub_add (sz0, sz1, &sz0))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return 0;
++ }
++
++ list = grub_zalloc (sz0);
+ if (! list)
+ return 0;
+
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index 87709aa23e8..0f317632a3b 100644
+--- a/grub-core/loader/i386/bsd.c
++++ b/grub-core/loader/i386/bsd.c
+@@ -35,6 +35,7 @@
+ #include <grub/ns8250.h>
+ #include <grub/bsdlabel.h>
+ #include <grub/crypto.h>
++#include <grub/safemath.h>
+ #ifdef GRUB_MACHINE_PCBIOS
+ #include <grub/machine/int.h>
+ #endif
+@@ -1007,11 +1008,16 @@ grub_netbsd_add_modules (void)
+ struct grub_netbsd_btinfo_modules *mods;
+ unsigned i;
+ grub_err_t err;
++ grub_size_t sz;
+
+ for (mod = netbsd_mods; mod; mod = mod->next)
+ modcnt++;
+
+- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt);
++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) ||
++ grub_add (sz, sizeof (*mods), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ mods = grub_malloc (sz);
+ if (!mods)
+ return grub_errno;
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index e332d5eb4a4..906ec7d6782 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -22,6 +22,7 @@
+ #include <grub/i18n.h>
+ #include <grub/err.h>
+ #include <grub/time.h>
++#include <grub/safemath.h>
+
+ struct dns_cache_element
+ {
+@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s)
+ {
+ int na = dns_servers_alloc * 2;
+ struct grub_net_network_level_address *ns;
++ grub_size_t sz;
++
+ if (na < 8)
+ na = 8;
+- ns = grub_realloc (dns_servers, na * sizeof (ns[0]));
++
++ if (grub_mul (na, sizeof (ns[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ ns = grub_realloc (dns_servers, sz);
+ if (!ns)
+ return grub_errno;
+ dns_servers_alloc = na;
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index d57fb72faa8..4dfcc31078d 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -48,6 +48,7 @@
+ #include <grub/unicode.h>
+ #include <grub/term.h>
+ #include <grub/normal.h>
++#include <grub/safemath.h>
+
+ #if HAVE_FONT_SOURCE
+ #include "widthspec.h"
+@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ {
+ struct grub_unicode_combining *n;
+ unsigned j;
++ grub_size_t sz;
+
+ if (!haveout)
+ continue;
+@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ n = out->combining_inline;
+ else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline))
+ {
+- n = grub_realloc (out->combining_ptr,
+- sizeof (n[0]) * (out->ncomb + 1));
++ if (grub_add (out->ncomb, 1, &sz) ||
++ grub_mul (sz, sizeof (n[0]), &sz))
++ goto fail;
++
++ n = grub_realloc (out->combining_ptr, sz);
+ if (!n)
+ {
++ fail:
+ grub_errno = GRUB_ERR_NONE;
+ continue;
+ }
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c57242e2ea9..de03fe63b3d 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -28,6 +28,7 @@
+ #include <grub/env.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ static grub_uint32_t *kill_buf;
+
+@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms,
+ if (len + (*llen) >= (*max_len))
+ {
+ grub_uint32_t *nbuf;
+- (*max_len) *= 2;
+- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len));
++ grub_size_t sz;
++
++ if (grub_mul (*max_len, 2, max_len) ||
++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail;
++ }
++
++ nbuf = grub_realloc ((*buf), sz);
+ if (nbuf)
+ (*buf) = nbuf;
+ else
+ {
++ fail:
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
+ (*max_len) /= 2;
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index f31487c1f58..de64a367c4e 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -27,6 +27,7 @@
+ #include <grub/auth.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ enum update_mode
+ {
+@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra)
+ {
+ if (linep->max_len < linep->len + extra)
+ {
+- linep->max_len = 2 * (linep->len + extra);
+- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0]));
++ grub_size_t sz0, sz1;
++
++ if (grub_add (linep->len, extra, &sz0) ||
++ grub_mul (sz0, 2, &sz0) ||
++ grub_add (sz0, 1, &sz1) ||
++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1))
++ return 0;
++
++ linep->buf = grub_realloc (linep->buf, sz1);
+ if (! linep->buf)
+ return 0;
++ linep->max_len = sz0;
+ }
+
+ return 1;
+diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c
+index 217ec5d1e1b..5751fdd5708 100644
+--- a/grub-core/script/argv.c
++++ b/grub-core/script/argv.c
+@@ -20,6 +20,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+
+ /* Return nearest power of two that is >= v. */
+ static unsigned
+@@ -81,11 +82,16 @@ int
+ grub_script_argv_next (struct grub_script_argv *argv)
+ {
+ char **p = argv->args;
++ grub_size_t sz;
+
+ if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0)
+ return 0;
+
+- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *)));
++ if (grub_add (argv->argc, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return 1;
++
++ p = grub_realloc (p, round_up_exp (sz));
+ if (! p)
+ return 1;
+
+@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s,
+ {
+ grub_size_t a;
+ char *p = argv->args[argv->argc - 1];
++ grub_size_t sz;
+
+ if (! s)
+ return 0;
+
+ a = p ? grub_strlen (p) : 0;
+
+- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char)));
++ if (grub_add (a, slen, &sz) ||
++ grub_add (sz, 1, &sz) ||
++ grub_mul (sz, sizeof (char), &sz))
++ return 1;
++
++ p = grub_realloc (p, round_up_exp (sz));
+ if (! p)
+ return 1;
+
+diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c
+index c6bd3172fab..5fb0cbd0bc9 100644
+--- a/grub-core/script/lexer.c
++++ b/grub-core/script/lexer.c
+@@ -24,6 +24,7 @@
+ #include <grub/mm.h>
+ #include <grub/script_sh.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ #define yytext_ptr char *
+ #include "grub_script.tab.h"
+@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str)
+ old = lexer->recording;
+ if (lexer->recordlen < len)
+ lexer->recordlen = len;
+- lexer->recordlen *= 2;
++
++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen))
++ goto fail;
++
+ lexer->recording = grub_realloc (lexer->recording, lexer->recordlen);
+ if (!lexer->recording)
+ {
++ fail:
+ grub_free (old);
+ lexer->recordpos = 0;
+ lexer->recordlen = 0;
+@@ -130,7 +135,7 @@ int
+ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+ const char *input)
+ {
+- grub_size_t len = 0;
++ grub_size_t len = 0, sz;
+ char *p = 0;
+ char *line = 0;
+ YY_BUFFER_STATE buffer;
+@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+ }
+ else if (len && line[len - 1] != '\n')
+ {
+- p = grub_realloc (line, len + 2);
++ if (grub_add (len, 2, &sz))
++ {
++ grub_free (line);
++ grub_script_yyerror (parserstate, N_("overflow is detected"));
++ return 1;
++ }
++
++ p = grub_realloc (line, sz);
+ if (p)
+ {
+ p[len++] = '\n';
+ p[len] = '\0';
+ }
++ else
++ grub_free (line);
++
+ line = p;
+ }
+
+diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c
+index b2e0315665b..6256e209a6b 100644
+--- a/grub-core/video/bitmap.c
++++ b/grub-core/video/bitmap.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+ enum grub_video_blit_format blit_format)
+ {
+ struct grub_video_mode_info *mode_info;
+- unsigned int size;
++ grub_size_t size;
+
+ if (!bitmap)
+ return grub_error (GRUB_ERR_BUG, "invalid argument");
+@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+
+ mode_info->pitch = width * mode_info->bytes_per_pixel;
+
+- /* Calculate size needed for the data. */
+- size = (width * mode_info->bytes_per_pixel) * height;
++ /* Calculate size needed for the data. */
++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) ||
++ grub_mul (size, height, &size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ goto fail;
++ }
+
+ (*bitmap)->data = grub_zalloc (size);
+ if (! (*bitmap)->data)
+- {
+- grub_free (*bitmap);
+- *bitmap = 0;
+-
+- return grub_errno;
+- }
++ goto fail;
+
+ return GRUB_ERR_NONE;
++
++ fail:
++ grub_free (*bitmap);
++ *bitmap = NULL;
++
++ return grub_errno;
+ }
+
+ /* Frees all resources allocated by bitmap. */
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index e85df3c1b04..719e647e44f 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/bufio.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ data->bpp <<= 1;
+
+ data->color_bits = color_bits;
+- data->row_bytes = data->image_width * data->bpp;
++
++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
+ if (data->color_bits <= 4)
+- data->row_bytes = (data->image_width * data->color_bits + 7) / 8;
++ {
++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++ data->row_bytes >>= 3;
++ }
+
+ #ifndef GRUB_CPU_WORDS_BIGENDIAN
+ if (data->is_16bit || data->is_gray || data->is_palette)
+--
+2.26.2
+
diff --git a/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch
new file mode 100644
index 0000000..39680b4
--- /dev/null
+++ b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch
@@ -0,0 +1,69 @@
+From c37e76df9c58c3f170e838c42527ef8544bf4468 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sat, 4 Jul 2020 12:25:09 -0400
+Subject: [PATCH 286/314] iso9660: Don't leak memory on realloc() failures
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: f2bd30b2fe7
+---
+ grub-core/fs/iso9660.c | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index f45841e2b47..6fc9302bce3 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx,
+ {
+ int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
+ grub_size_t sz;
++ char *new;
+
+ if (grub_add (size, len2, &sz) ||
+ grub_add (sz, 1, &sz))
+ return;
+
+- ctx->symlink = grub_realloc (ctx->symlink, sz);
+- if (! ctx->symlink)
+- return;
++ new = grub_realloc (ctx->symlink, sz);
++ if (!new)
++ {
++ grub_free (ctx->symlink);
++ ctx->symlink = NULL;
++ return;
++ }
++ ctx->symlink = new;
+
+ grub_memcpy (ctx->symlink + size, part, len2);
+ ctx->symlink[size + len2] = 0;
+@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ is the length. Both are part of the `Component
+ Record'. */
+ if (ctx->symlink && !ctx->was_continue)
+- add_part (ctx, "/", 1);
++ {
++ add_part (ctx, "/", 1);
++ if (grub_errno)
++ return grub_errno;
++ }
++
+ add_part (ctx, (char *) &entry->data[pos + 2],
+ entry->data[pos + 1]);
+ ctx->was_continue = (entry->data[pos] & 1);
+@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ add_part (ctx, "/", 1);
+ break;
+ }
++
++ /* Check if grub_realloc() failed in add_part(). */
++ if (grub_errno)
++ return grub_errno;
++
+ /* In pos + 1 the length of the `Component Record' is
+ stored. */
+ pos += entry->data[pos + 1] + 2;
+--
+2.26.2
+
diff --git a/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch
new file mode 100644
index 0000000..467c058
--- /dev/null
+++ b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch
@@ -0,0 +1,38 @@
+From 0b3c4b90e1b928a2606f0801e6e872dd6cb85c42 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Tue, 7 Jul 2020 15:36:26 +0200
+Subject: [PATCH 287/314] font: Do not load more than one NAME section
+
+The GRUB font file can have one NAME section only. Though if somebody
+crafts a broken font file with many NAME sections and loads it then the
+GRUB leaks memory. So, prevent against that by loading first NAME
+section and failing in controlled way on following one.
+
+Reported-by: Chris Coulson <chris.coulson@canonical.com>
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
+Upstream-commit-id: 482814113dc
+---
+ grub-core/font/font.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index d63354fb51b..a7b955a1a74 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -532,6 +532,12 @@ grub_font_load (const char *filename)
+ if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME,
+ sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0)
+ {
++ if (font->name != NULL)
++ {
++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections");
++ goto fail;
++ }
++
+ font->name = read_section_as_string (§ion);
+ if (!font->name)
+ goto fail;
+--
+2.26.2
+
diff --git a/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch
new file mode 100644
index 0000000..8673385
--- /dev/null
+++ b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch
@@ -0,0 +1,36 @@
+From 583a48bca23f7c4e0d691f0e6d065dac61bbfca1 Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Wed, 8 Jul 2020 20:41:56 +0000
+Subject: [PATCH 288/314] gfxmenu: Fix double free in load_image()
+
+self->bitmap should be zeroed after free. Otherwise, there is a chance
+to double free (USE_AFTER_FREE) it later in rescale_image().
+
+Fixes: CID 292472
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 5d3e84b15a4
+---
+ grub-core/gfxmenu/gui_image.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
+index 29784ed2d9a..6b2e976f16e 100644
+--- a/grub-core/gfxmenu/gui_image.c
++++ b/grub-core/gfxmenu/gui_image.c
+@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
+ return grub_errno;
+
+ if (self->bitmap && (self->bitmap != self->raw_bitmap))
+- grub_video_bitmap_destroy (self->bitmap);
++ {
++ grub_video_bitmap_destroy (self->bitmap);
++ self->bitmap = 0;
++ }
+ if (self->raw_bitmap)
+ grub_video_bitmap_destroy (self->raw_bitmap);
+
+--
+2.26.2
+
diff --git a/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
new file mode 100644
index 0000000..291e6a6
--- /dev/null
+++ b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
@@ -0,0 +1,57 @@
+From 301523f584d9aa624424c68ab3f085a9b7eca417 Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Wed, 8 Jul 2020 21:30:43 +0000
+Subject: [PATCH 289/314] xnu: Fix double free in
+ grub_xnu_devprop_add_property()
+
+grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
+allocated and freed in the caller.
+
+Minor improvement: do prop fields initialization after memory allocations.
+
+Fixes: CID 292442, CID 292457, CID 292460, CID 292466
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 4d5e2d13519
+---
+ grub-core/loader/i386/xnu.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index ee0eaadc4ee..c760db30fc0 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
+ if (!prop)
+ return grub_errno;
+
++ prop->data = grub_malloc (datalen);
++ if (!prop->data)
++ {
++ grub_free (prop);
++ return grub_errno;
++ }
++ grub_memcpy (prop->data, data, datalen);
++
+ prop->name = utf8;
+ prop->name16 = utf16;
+ prop->name16len = utf16len;
+-
+ prop->length = datalen;
+- prop->data = grub_malloc (prop->length);
+- if (!prop->data)
+- {
+- grub_free (prop->name);
+- grub_free (prop->name16);
+- grub_free (prop);
+- return grub_errno;
+- }
+- grub_memcpy (prop->data, data, prop->length);
++
+ grub_list_push (GRUB_AS_LIST_P (&dev->properties),
+ GRUB_AS_LIST (prop));
+ return GRUB_ERR_NONE;
+--
+2.26.2
+
diff --git a/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch
new file mode 100644
index 0000000..41cef60
--- /dev/null
+++ b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch
@@ -0,0 +1,52 @@
+From 656e3376d52c7244edac9264454c0fadac835749 Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Thu, 9 Jul 2020 03:05:23 +0000
+Subject: [PATCH 290/314] lzma: Make sure we don't dereference past array
+
+The two dimensional array p->posSlotEncoder[4][64] is being dereferenced
+using the GetLenToPosState() macro which checks if len is less than 5,
+and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294.
+Obviously we don't want to dereference that far out so we check if the
+position found is greater or equal kNumLenToPosStates (4) and bail out.
+
+N.B.: Upstream LZMA 18.05 and later has this function completely rewritten
+without any history.
+
+Fixes: CID 51526
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: f91e043bda4
+---
+ grub-core/lib/LzmaEnc.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
+index f2ec04a8c28..753e56a95e3 100644
+--- a/grub-core/lib/LzmaEnc.c
++++ b/grub-core/lib/LzmaEnc.c
+@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize
+ }
+ else
+ {
+- UInt32 posSlot;
++ UInt32 posSlot, lenToPosState;
+ RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
+ p->state = kMatchNextStates[p->state];
+ LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
+ pos -= LZMA_NUM_REPS;
+ GetPosSlot(pos, posSlot);
+- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot);
++ lenToPosState = GetLenToPosState(len);
++ if (lenToPosState >= kNumLenToPosStates)
++ {
++ p->result = SZ_ERROR_DATA;
++ return CheckErrors(p);
++ }
++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot);
+
+ if (posSlot >= kStartPosModelIndex)
+ {
+--
+2.26.2
+
diff --git a/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch
new file mode 100644
index 0000000..c5cc556
--- /dev/null
+++ b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch
@@ -0,0 +1,66 @@
+From 6df814d4f43a47ffe2b354b9fa683ed4022fa5f1 Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Tue, 7 Jul 2020 15:12:25 -0400
+Subject: [PATCH 291/314] term: Fix overflow on user inputs
+
+This requires a very weird input from the serial interface but can cause
+an overflow in input_buf (keys) overwriting the next variable (npending)
+with the user choice:
+
+(pahole output)
+
+struct grub_terminfo_input_state {
+ int input_buf[6]; /* 0 24 */
+ int npending; /* 24 4 */ <- CORRUPT
+ ...snip...
+
+The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow
+npending with "q" (aka increase npending to 161). The simplest fix is to
+just to disallow overwrites input_buf, which exactly what this patch does.
+
+Fixes: CID 292449
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 98dfa546777
+---
+ grub-core/term/terminfo.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
+index 537a5c0cb0b..44d0b3b19fb 100644
+--- a/grub-core/term/terminfo.c
++++ b/grub-core/term/terminfo.c
+@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term)
+ }
+
+ static void
+-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
++grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len,
+ int (*readkey) (struct grub_term_input *term))
+ {
+ int c;
+@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
+ if (c == -1) \
+ return; \
+ \
++ if (*len >= max_len) \
++ return; \
++ \
+ keys[*len] = c; \
+ (*len)++; \
+ }
+@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi)
+ return ret;
+ }
+
+- grub_terminfo_readkey (termi, data->input_buf,
+- &data->npending, data->readkey);
++ grub_terminfo_readkey (termi, data->input_buf, &data->npending,
++ GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey);
+
+ #if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275)
+ if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC
+--
+2.26.2
+
diff --git a/SOURCES/0292-udf-Fix-memory-leak.patch b/SOURCES/0292-udf-Fix-memory-leak.patch
new file mode 100644
index 0000000..b5589cd
--- /dev/null
+++ b/SOURCES/0292-udf-Fix-memory-leak.patch
@@ -0,0 +1,56 @@
+From 1864839f0e0eeb2b93a5b20e4e36f9b80abc3c23 Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Tue, 7 Jul 2020 22:02:31 -0400
+Subject: [PATCH 292/314] udf: Fix memory leak
+
+Fixes: CID 73796
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
+Upstream-commit-id: 8da62d8183c
+---
+ grub-core/fs/udf.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index be41b48f913..6670beb5665 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
+ return 0;
+
+ if (grub_udf_read_icb (dir->data, &dirent.icb, child))
+- return 0;
+-
++ {
++ grub_free (child);
++ return 0;
++ }
+ if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT)
+ {
+ /* This is the parent directory. */
+@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
+ dirent.file_ident_length,
+ (char *) raw))
+ != dirent.file_ident_length)
+- return 0;
++ {
++ grub_free (child);
++ return 0;
++ }
+
+ filename = read_string (raw, dirent.file_ident_length, 0);
+ if (!filename)
+- grub_print_error ();
++ {
++ /* As the hook won't get called. */
++ grub_free (child);
++ grub_print_error ();
++ }
+
+ if (filename && hook (filename, type, child, hook_data))
+ {
+--
+2.26.2
+
diff --git a/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
new file mode 100644
index 0000000..60bb19d
--- /dev/null
+++ b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
@@ -0,0 +1,47 @@
+From 9b970d31434e3fd6a8de36a6adef5cc721b265a8 Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Fri, 26 Jun 2020 10:51:43 -0400
+Subject: [PATCH 293/314] multiboot2: Fix memory leak if
+ grub_create_loader_cmdline() fails
+
+Fixes: CID 292468
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: cd6760b6289
+---
+ grub-core/loader/multiboot_mbi2.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
+index 54078455e2f..872dcd42e97 100644
+--- a/grub-core/loader/multiboot_mbi2.c
++++ b/grub-core/loader/multiboot_mbi2.c
+@@ -1089,6 +1089,7 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
+ {
+ struct module *newmod;
+ grub_size_t len = 0;
++ grub_err_t err = 0;
+
+ newmod = grub_malloc (sizeof (*newmod));
+ if (!newmod)
+@@ -1107,8 +1108,14 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
+ newmod->cmdline_size = len;
+ total_modcmd += ALIGN_UP (len, MULTIBOOT_TAG_ALIGN);
+
+- grub_create_loader_cmdline (argc, argv, newmod->cmdline,
+- newmod->cmdline_size);
++ err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
++ newmod->cmdline_size);
++ if (err)
++ {
++ grub_free (newmod->cmdline);
++ grub_free (newmod);
++ return err;
++ }
+
+ if (modules_last)
+ modules_last->next = newmod;
+--
+2.26.2
+
diff --git a/SOURCES/0294-tftp-Do-not-use-priority-queue.patch b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch
new file mode 100644
index 0000000..7b73129
--- /dev/null
+++ b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch
@@ -0,0 +1,289 @@
+From 0ecb57c7bc38cb5de4a1b23909203a3331f5c84b Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Thu, 9 Jul 2020 08:10:40 +0000
+Subject: [PATCH 294/314] tftp: Do not use priority queue
+
+There is not need to reassemble the order of blocks. Per RFC 1350,
+server must wait for the ACK, before sending next block. Data packets
+can be served immediately without putting them to priority queue.
+
+Logic to handle incoming packet is this:
+ - if packet block id equal to expected block id, then
+ process the packet,
+ - if packet block id is less than expected - this is retransmit
+ of old packet, then ACK it and drop the packet,
+ - if packet block id is more than expected - that shouldn't
+ happen, just drop the packet.
+
+It makes the tftp receive path code simpler, smaller and faster.
+As a benefit, this change fixes CID# 73624 and CID# 96690, caused
+by following while loop:
+
+ while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
+
+where tftph pointer is not moving from one iteration to another, causing
+to serve same packet again. Luckily, double serving didn't happen due to
+data->block++ during the first iteration.
+
+Fixes: CID 73624, CID 96690
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 8316694c4f7
+---
+ grub-core/net/tftp.c | 174 ++++++++++++++-----------------------------
+ 1 file changed, 54 insertions(+), 120 deletions(-)
+
+diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
+index e267af354f4..79c16f9b041 100644
+--- a/grub-core/net/tftp.c
++++ b/grub-core/net/tftp.c
+@@ -25,7 +25,6 @@
+ #include <grub/mm.h>
+ #include <grub/dl.h>
+ #include <grub/file.h>
+-#include <grub/priority_queue.h>
+ #include <grub/i18n.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -106,31 +105,8 @@ typedef struct tftp_data
+ int have_oack;
+ struct grub_error_saved save_err;
+ grub_net_udp_socket_t sock;
+- grub_priority_queue_t pq;
+ } *tftp_data_t;
+
+-static int
+-cmp_block (grub_uint16_t a, grub_uint16_t b)
+-{
+- grub_int16_t i = (grub_int16_t) (a - b);
+- if (i > 0)
+- return +1;
+- if (i < 0)
+- return -1;
+- return 0;
+-}
+-
+-static int
+-cmp (const void *a__, const void *b__)
+-{
+- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__;
+- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__;
+- struct tftphdr *a = (struct tftphdr *) a_->data;
+- struct tftphdr *b = (struct tftphdr *) b_->data;
+- /* We want the first elements to be on top. */
+- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block));
+-}
+-
+ static grub_err_t
+ ack (tftp_data_t data, grub_uint64_t block)
+ {
+@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ return GRUB_ERR_NONE;
+ }
+
+- err = grub_priority_queue_push (data->pq, &nb);
+- if (err)
+- return err;
++ /* Ack old/retransmitted block. */
++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
++ ack (data, grub_be_to_cpu16 (tftph->u.data.block));
++ /* Ignore unexpected block. */
++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block);
++ else
++ {
++ unsigned size;
+
+- {
+- struct grub_net_buff **nb_top_p, *nb_top;
+- while (1)
+- {
+- nb_top_p = grub_priority_queue_top (data->pq);
+- if (!nb_top_p)
+- return GRUB_ERR_NONE;
+- nb_top = *nb_top_p;
+- tftph = (struct tftphdr *) nb_top->data;
+- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0)
+- break;
+- ack (data, grub_be_to_cpu16 (tftph->u.data.block));
+- grub_netbuff_free (nb_top);
+- grub_priority_queue_pop (data->pq);
+- }
+- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
+- {
+- unsigned size;
+-
+- grub_priority_queue_pop (data->pq);
+-
+- if (file->device->net->packs.count < 50)
++ if (file->device->net->packs.count < 50)
++ {
+ err = ack (data, data->block + 1);
+- else
+- {
+- file->device->net->stall = 1;
+- err = 0;
+- }
+- if (err)
+- return err;
++ if (err)
++ return err;
++ }
++ else
++ file->device->net->stall = 1;
+
+- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) +
+- sizeof (tftph->u.data.block));
+- if (err)
+- return err;
+- size = nb_top->tail - nb_top->data;
++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) +
++ sizeof (tftph->u.data.block));
++ if (err)
++ return err;
++ size = nb->tail - nb->data;
+
+- data->block++;
+- if (size < data->block_size)
+- {
+- if (data->ack_sent < data->block)
+- ack (data, data->block);
+- file->device->net->eof = 1;
+- file->device->net->stall = 1;
+- grub_net_udp_close (data->sock);
+- data->sock = NULL;
+- }
+- /* Prevent garbage in broken cards. Is it still necessary
+- given that IP implementation has been fixed?
+- */
+- if (size > data->block_size)
+- {
+- err = grub_netbuff_unput (nb_top, size - data->block_size);
+- if (err)
+- return err;
+- }
+- /* If there is data, puts packet in socket list. */
+- if ((nb_top->tail - nb_top->data) > 0)
+- grub_net_put_packet (&file->device->net->packs, nb_top);
+- else
+- grub_netbuff_free (nb_top);
+- }
+- }
++ data->block++;
++ if (size < data->block_size)
++ {
++ if (data->ack_sent < data->block)
++ ack (data, data->block);
++ file->device->net->eof = 1;
++ file->device->net->stall = 1;
++ grub_net_udp_close (data->sock);
++ data->sock = NULL;
++ }
++ /*
++ * Prevent garbage in broken cards. Is it still necessary
++ * given that IP implementation has been fixed?
++ */
++ if (size > data->block_size)
++ {
++ err = grub_netbuff_unput (nb, size - data->block_size);
++ if (err)
++ return err;
++ }
++ /* If there is data, puts packet in socket list. */
++ if ((nb->tail - nb->data) > 0)
++ {
++ grub_net_put_packet (&file->device->net->packs, nb);
++ /* Do not free nb. */
++ return GRUB_ERR_NONE;
++ }
++ }
++ grub_netbuff_free (nb);
+ return GRUB_ERR_NONE;
+ case TFTP_ERROR:
+ data->have_oack = 1;
+@@ -287,22 +250,10 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ }
+ }
+
+-static void
+-destroy_pq (tftp_data_t data)
+-{
+- struct grub_net_buff **nb_p;
+- while ((nb_p = grub_priority_queue_top (data->pq)))
+- {
+- grub_netbuff_free (*nb_p);
+- grub_priority_queue_pop (data->pq);
+- }
+-
+- grub_priority_queue_destroy (data->pq);
+-}
+-
+-/* Create a normalized copy of the filename.
+- Compress any string of consecutive forward slashes to a single forward
+- slash. */
++/*
++ * Create a normalized copy of the filename. Compress any string of consecutive
++ * forward slashes to a single forward slash.
++ */
+ static void
+ grub_normalize_filename (char *normalized, const char *filename)
+ {
+@@ -395,22 +346,9 @@ tftp_open (struct grub_file *file, const char *filename)
+ file->not_easily_seekable = 1;
+ file->data = data;
+
+- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
+- if (!data->pq)
+- {
+- grub_free (data);
+- return grub_errno;
+- }
+-
+- grub_dprintf("tftp", "resolving address for %s\n", file->device->net->server);
+ err = grub_net_resolve_address (file->device->net->server, &addr);
+ if (err)
+ {
+- grub_dprintf ("tftp", "Address resolution failed: %d\n", err);
+- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n",
+- (unsigned long long)data->file_size,
+- (unsigned long long)data->block_size);
+- destroy_pq (data);
+ grub_free (data);
+ return err;
+ }
+@@ -422,7 +360,6 @@ tftp_open (struct grub_file *file, const char *filename)
+ if (!data->sock)
+ {
+ grub_dprintf("tftp", "connection failed\n");
+- destroy_pq (data);
+ grub_free (data);
+ return grub_errno;
+ }
+@@ -436,7 +373,6 @@ tftp_open (struct grub_file *file, const char *filename)
+ if (err)
+ {
+ grub_net_udp_close (data->sock);
+- destroy_pq (data);
+ grub_free (data);
+ return err;
+ }
+@@ -453,7 +389,6 @@ tftp_open (struct grub_file *file, const char *filename)
+ if (grub_errno)
+ {
+ grub_net_udp_close (data->sock);
+- destroy_pq (data);
+ grub_free (data);
+ return grub_errno;
+ }
+@@ -496,7 +431,6 @@ tftp_close (struct grub_file *file)
+ grub_print_error ();
+ grub_net_udp_close (data->sock);
+ }
+- destroy_pq (data);
+ grub_free (data);
+ return GRUB_ERR_NONE;
+ }
+--
+2.26.2
+
diff --git a/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
new file mode 100644
index 0000000..f4f82ea
--- /dev/null
+++ b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
@@ -0,0 +1,150 @@
+From 320fe69ffff39f90169f793402de4d4223a1a64c Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Wed, 15 Jul 2020 06:42:37 +0000
+Subject: [PATCH 295/314] relocator: Protect grub_relocator_alloc_chunk_addr()
+ input args against integer underflow/overflow
+
+Use arithmetic macros from safemath.h to accomplish it. In this commit,
+I didn't want to be too paranoid to check every possible math equation
+for overflow/underflow. Only obvious places (with non zero chance of
+overflow/underflow) were refactored.
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: ebb15735f10
+---
+ grub-core/loader/i386/linux.c | 9 +++++++--
+ grub-core/loader/i386/pc/linux.c | 9 +++++++--
+ grub-core/loader/i386/xen.c | 12 ++++++++++--
+ grub-core/loader/xnu.c | 11 +++++++----
+ 4 files changed, 31 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
+index 76304f05700..b4a30f607fa 100644
+--- a/grub-core/loader/i386/linux.c
++++ b/grub-core/loader/i386/linux.c
+@@ -37,6 +37,7 @@
+ #include <grub/linux.h>
+ #include <grub/efi/sb.h>
+ #include <grub/tpm.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -593,9 +594,13 @@ grub_linux_boot (void)
+
+ {
+ grub_relocator_chunk_t ch;
++ grub_size_t sz;
++
++ if (grub_add (ctx.real_size, efi_mmap_size, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
+ err = grub_relocator_alloc_chunk_addr (relocator, &ch,
+- ctx.real_mode_target,
+- (ctx.real_size + efi_mmap_size));
++ ctx.real_mode_target, sz);
+ if (err)
+ return err;
+ real_mode_mem = get_virtual_current_address (ch);
+diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
+index 783a3cd93bc..540891371f9 100644
+--- a/grub-core/loader/i386/pc/linux.c
++++ b/grub-core/loader/i386/pc/linux.c
+@@ -36,6 +36,7 @@
+ #include <grub/lib/cmdline.h>
+ #include <grub/linux.h>
+ #include <grub/efi/sb.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -231,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS;
+
+ real_size = setup_sects << GRUB_DISK_SECTOR_BITS;
+- grub_linux16_prot_size = grub_file_size (file)
+- - real_size - GRUB_DISK_SECTOR_SIZE;
++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) ||
++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ goto fail;
++ }
+
+ if (! grub_linux_is_bzimage
+ && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size
+diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
+index 3073f64d5e5..85b93347b25 100644
+--- a/grub-core/loader/i386/xen.c
++++ b/grub-core/loader/i386/xen.c
+@@ -40,6 +40,7 @@
+ #include <grub/xen_file.h>
+ #include <grub/linux.h>
+ #include <grub/i386/memory.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -635,6 +636,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
+ grub_relocator_chunk_t ch;
+ grub_addr_t kern_start;
+ grub_addr_t kern_end;
++ grub_size_t sz;
+
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -699,8 +701,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
+
+ xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE);
+
+- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start,
+- kern_end - kern_start);
++
++ if (grub_sub (kern_end, kern_start, &sz))
++ {
++ err = GRUB_ERR_OUT_OF_RANGE;
++ goto fail;
++ }
++
++ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz);
+ if (err)
+ goto fail;
+ kern_chunk_src = get_virtual_current_address (ch);
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index dc7d5409e1e..2bf02489bad 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -34,6 +34,7 @@
+ #include <grub/env.h>
+ #include <grub/i18n.h>
+ #include <grub/efi/sb.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target)
+ {
+ grub_err_t err;
+ grub_relocator_chunk_t ch;
++ grub_addr_t tgt;
++
++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt))
++ return GRUB_ERR_OUT_OF_RANGE;
+
+- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch,
+- grub_xnu_heap_target_start
+- + grub_xnu_heap_size, size);
++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size);
+ if (err)
+ return err;
+
+ *src = get_virtual_current_address (ch);
+- *target = grub_xnu_heap_target_start + grub_xnu_heap_size;
++ *target = tgt;
+ grub_xnu_heap_size += size;
+ grub_dprintf ("xnu", "val=%p\n", *src);
+ return GRUB_ERR_NONE;
+--
+2.26.2
+
diff --git a/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
new file mode 100644
index 0000000..b1d067e
--- /dev/null
+++ b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
@@ -0,0 +1,338 @@
+From 93d697a46b43ee13e0343c79777af5ce23c313b7 Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Wed, 8 Jul 2020 01:44:38 +0000
+Subject: [PATCH 296/314] relocator: Protect grub_relocator_alloc_chunk_align()
+ max_addr against integer underflow
+
+This commit introduces integer underflow mitigation in max_addr calculation
+in grub_relocator_alloc_chunk_align() invocation.
+
+It consists of 2 fixes:
+ 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
+ sanity check for min/max and size values, and to make safe invocation of
+ grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
+ invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
+ by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
+ 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
+ address (0xffffffff - size + 1) or similar.
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: 10498c8ba17
+---
+ grub-core/lib/i386/relocator.c | 28 ++++++++++----------------
+ grub-core/lib/mips/relocator.c | 6 ++----
+ grub-core/lib/powerpc/relocator.c | 6 ++----
+ grub-core/lib/x86_64/efi/relocator.c | 7 +++----
+ grub-core/loader/i386/linux.c | 5 ++---
+ grub-core/loader/i386/multiboot_mbi.c | 7 +++----
+ grub-core/loader/i386/pc/linux.c | 6 ++----
+ grub-core/loader/mips/linux.c | 9 +++------
+ grub-core/loader/multiboot.c | 2 +-
+ grub-core/loader/multiboot_elfxx.c | 10 ++++-----
+ grub-core/loader/multiboot_mbi2.c | 10 ++++-----
+ grub-core/loader/xnu_resume.c | 2 +-
+ include/grub/relocator.h | 29 +++++++++++++++++++++++++++
+ 13 files changed, 69 insertions(+), 58 deletions(-)
+
+diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c
+index 71dd4f0ab0c..34cbe834fa3 100644
+--- a/grub-core/lib/i386/relocator.c
++++ b/grub-core/lib/i386/relocator.c
+@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel,
+ /* Specific memory range due to Global Descriptor Table for use by payload
+ that we will store in returned chunk. The address range and preference
+ are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */
+- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000,
+- 0x9a000 - RELOCATOR_SIZEOF (32),
+- RELOCATOR_SIZEOF (32), 16,
+- GRUB_RELOCATOR_PREFERENCE_LOW,
+- avoid_efi_bootservices);
++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000,
++ RELOCATOR_SIZEOF (32), 16,
++ GRUB_RELOCATOR_PREFERENCE_LOW,
++ avoid_efi_bootservices);
+ if (err)
+ return err;
+
+@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel,
+ grub_relocator_chunk_t ch;
+
+ /* Put it higher than the byte it checks for A20 check. */
+- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010,
+- 0xa0000 - RELOCATOR_SIZEOF (16)
+- - GRUB_RELOCATOR16_STACK_SIZE,
+- RELOCATOR_SIZEOF (16)
+- + GRUB_RELOCATOR16_STACK_SIZE, 16,
+- GRUB_RELOCATOR_PREFERENCE_NONE,
+- 0);
++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000,
++ RELOCATOR_SIZEOF (16) +
++ GRUB_RELOCATOR16_STACK_SIZE, 16,
++ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ if (err)
+ return err;
+
+@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel,
+ void *relst;
+ grub_relocator_chunk_t ch;
+
+- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr,
+- max_addr - RELOCATOR_SIZEOF (64),
+- RELOCATOR_SIZEOF (64), 16,
+- GRUB_RELOCATOR_PREFERENCE_NONE,
+- 0);
++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr,
++ RELOCATOR_SIZEOF (64), 16,
++ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ if (err)
+ return err;
+
+diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c
+index 9d5f49cb93a..743b213e695 100644
+--- a/grub-core/lib/mips/relocator.c
++++ b/grub-core/lib/mips/relocator.c
+@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
+ unsigned i;
+ grub_addr_t vtarget;
+
+- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+- (0xffffffff - stateset_size)
+- + 1, stateset_size,
+- sizeof (grub_uint32_t),
++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
++ stateset_size, sizeof (grub_uint32_t),
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ if (err)
+ return err;
+diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c
+index bdf2b111be7..8ffb8b68683 100644
+--- a/grub-core/lib/powerpc/relocator.c
++++ b/grub-core/lib/powerpc/relocator.c
+@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
+ unsigned i;
+ grub_relocator_chunk_t ch;
+
+- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+- (0xffffffff - stateset_size)
+- + 1, stateset_size,
+- sizeof (grub_uint32_t),
++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
++ stateset_size, sizeof (grub_uint32_t),
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ if (err)
+ return err;
+diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c
+index 3caef7a4021..7d200a125ee 100644
+--- a/grub-core/lib/x86_64/efi/relocator.c
++++ b/grub-core/lib/x86_64/efi/relocator.c
+@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel,
+ * 64-bit relocator code may live above 4 GiB quite well.
+ * However, I do not want ask for problems. Just in case.
+ */
+- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+- 0x100000000 - RELOCATOR_SIZEOF (64_efi),
+- RELOCATOR_SIZEOF (64_efi), 16,
+- GRUB_RELOCATOR_PREFERENCE_NONE, 1);
++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000,
++ RELOCATOR_SIZEOF (64_efi), 16,
++ GRUB_RELOCATOR_PREFERENCE_NONE, 1);
+ if (err)
+ return err;
+
+diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
+index b4a30f607fa..191f1631e88 100644
+--- a/grub-core/loader/i386/linux.c
++++ b/grub-core/loader/i386/linux.c
+@@ -231,9 +231,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align,
+ for (; err && *align + 1 > min_align; (*align)--)
+ {
+ grub_errno = GRUB_ERR_NONE;
+- err = grub_relocator_alloc_chunk_align (relocator, &ch,
+- 0x1000000,
+- 0xffffffff & ~prot_size,
++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000,
++ UP_TO_TOP32 (prot_size),
+ prot_size, 1 << *align,
+ GRUB_RELOCATOR_PREFERENCE_LOW,
+ 1);
+diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
+index ca85358f771..9d3466d6ace 100644
+--- a/grub-core/loader/i386/multiboot_mbi.c
++++ b/grub-core/loader/i386/multiboot_mbi.c
+@@ -470,10 +470,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target)
+
+ bufsize = grub_multiboot_get_mbi_size ();
+
+- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch,
+- 0x10000, 0xa0000 - bufsize,
+- bufsize, 4,
+- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch,
++ 0x10000, 0xa0000, bufsize, 4,
++ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ if (err)
+ return err;
+ ptrorig = get_virtual_current_address (ch);
+diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
+index 540891371f9..63736fae950 100644
+--- a/grub-core/loader/i386/pc/linux.c
++++ b/grub-core/loader/i386/pc/linux.c
+@@ -460,10 +460,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+
+ {
+ grub_relocator_chunk_t ch;
+- err = grub_relocator_alloc_chunk_align (relocator, &ch,
+- addr_min, addr_max - size,
+- size, 0x1000,
+- GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size,
++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
+ if (err)
+ return err;
+ initrd_chunk = get_virtual_current_address (ch);
+diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c
+index 5f383be3d07..27c1db84a44 100644
+--- a/grub-core/loader/mips/linux.c
++++ b/grub-core/loader/mips/linux.c
+@@ -434,12 +434,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+ {
+ grub_relocator_chunk_t ch;
+
+- err = grub_relocator_alloc_chunk_align (relocator, &ch,
+- (target_addr & 0x1fffffff)
+- + linux_size + 0x10000,
+- (0x10000000 - size),
+- size, 0x10000,
+- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) +
++ linux_size + 0x10000, 0x10000000, size,
++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+
+ if (err)
+ goto fail;
+diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
+index 9a8dae5565b..f455e803910 100644
+--- a/grub-core/loader/multiboot.c
++++ b/grub-core/loader/multiboot.c
+@@ -407,7 +407,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
+ {
+ grub_relocator_chunk_t ch;
+ err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
+- lowest_addr, (0xffffffff - size) + 1,
++ lowest_addr, UP_TO_TOP32 (size),
+ size, MULTIBOOT_MOD_ALIGN,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 1);
+ if (err)
+diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
+index cc6853692a8..f2318e0d165 100644
+--- a/grub-core/loader/multiboot_elfxx.c
++++ b/grub-core/loader/multiboot_elfxx.c
+@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
+ if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size)
+ return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
+
+- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
+- mld->min_addr, mld->max_addr - load_size,
+- load_size, mld->align ? mld->align : 1,
+- mld->preference, mld->avoid_efi_boot_services);
++ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch,
++ mld->min_addr, mld->max_addr,
++ load_size, mld->align ? mld->align : 1,
++ mld->preference, mld->avoid_efi_boot_services);
+
+ if (err)
+ {
+@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
+ continue;
+
+ err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0,
+- (0xffffffff - sh->sh_size) + 1,
++ UP_TO_TOP32 (sh->sh_size),
+ sh->sh_size, sh->sh_addralign,
+ GRUB_RELOCATOR_PREFERENCE_NONE,
+ mld->avoid_efi_boot_services);
+diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
+index 872dcd42e97..3cfb47650a0 100644
+--- a/grub-core/loader/multiboot_mbi2.c
++++ b/grub-core/loader/multiboot_mbi2.c
+@@ -298,10 +298,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
+ return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
+ }
+
+- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
+- mld.min_addr, mld.max_addr - code_size,
+- code_size, mld.align ? mld.align : 1,
+- mld.preference, keep_bs);
++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch,
++ mld.min_addr, mld.max_addr,
++ code_size, mld.align ? mld.align : 1,
++ mld.preference, keep_bs);
+ }
+ else
+ err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator,
+@@ -747,7 +747,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target)
+ COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0);
+
+ err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
+- 0, 0xffffffff - bufsize,
++ 0, UP_TO_TOP32 (bufsize),
+ bufsize, MULTIBOOT_TAG_ALIGN,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 1);
+ if (err)
+diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c
+index 534a74438b2..99119558d21 100644
+--- a/grub-core/loader/xnu_resume.c
++++ b/grub-core/loader/xnu_resume.c
+@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename)
+ {
+ grub_relocator_chunk_t ch;
+ err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0,
+- (0xffffffff - hibhead.image_size) + 1,
++ UP_TO_TOP32 (hibhead.image_size),
+ hibhead.image_size,
+ GRUB_XNU_PAGESIZE,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+diff --git a/include/grub/relocator.h b/include/grub/relocator.h
+index 24d8672d22c..1b3bdd92ac6 100644
+--- a/include/grub/relocator.h
++++ b/include/grub/relocator.h
+@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
+ int preference,
+ int avoid_efi_boot_services);
+
++/*
++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of
++ * protecting against integer underflow.
++ *
++ * Compare to its callee, max_addr has different meaning here.
++ * It covers entire chunk and not just start address of the chunk.
++ */
++static inline grub_err_t
++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel,
++ grub_relocator_chunk_t *out,
++ grub_phys_addr_t min_addr,
++ grub_phys_addr_t max_addr,
++ grub_size_t size, grub_size_t align,
++ int preference,
++ int avoid_efi_boot_services)
++{
++ /* Sanity check and ensure following equation (max_addr - size) is safe. */
++ if (max_addr < size || (max_addr - size) < min_addr)
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ return grub_relocator_alloc_chunk_align (rel, out, min_addr,
++ max_addr - size,
++ size, align, preference,
++ avoid_efi_boot_services);
++}
++
++/* Top 32-bit address minus s bytes and plus 1 byte. */
++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1)
++
+ #define GRUB_RELOCATOR_PREFERENCE_NONE 0
+ #define GRUB_RELOCATOR_PREFERENCE_LOW 1
+ #define GRUB_RELOCATOR_PREFERENCE_HIGH 2
+--
+2.26.2
+
diff --git a/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch
new file mode 100644
index 0000000..6a1074d
--- /dev/null
+++ b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch
@@ -0,0 +1,34 @@
+From 19d627a430f6917afeee167daa9190d1ec83d7b7 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 11:21:14 +0100
+Subject: [PATCH 297/314] script: Remove unused fields from
+ grub_script_function struct
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: d04089c8e52
+---
+ include/grub/script_sh.h | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index 360c2be1f05..b382bcf09bc 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -359,13 +359,8 @@ struct grub_script_function
+ /* The script function. */
+ struct grub_script *func;
+
+- /* The flags. */
+- unsigned flags;
+-
+ /* The next element. */
+ struct grub_script_function *next;
+-
+- int references;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+
+--
+2.26.2
+
diff --git a/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch
new file mode 100644
index 0000000..718e456
--- /dev/null
+++ b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -0,0 +1,108 @@
+From c1de65c0e3d630f33160d34e1e85925f01966b0d Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 14:41:45 +0100
+Subject: [PATCH 298/314] script: Avoid a use-after-free when redefining a
+ function during execution
+
+Defining a new function with the same name as a previously defined
+function causes the grub_script and associated resources for the
+previous function to be freed. If the previous function is currently
+executing when a function with the same name is defined, this results
+in use-after-frees when processing subsequent commands in the original
+function.
+
+Instead, reject a new function definition if it has the same name as
+a previously defined function, and that function is currently being
+executed. Although a behavioural change, this should be backwards
+compatible with existing configurations because they can't be
+dependent on the current behaviour without being broken.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: f6253a1f540
+---
+ grub-core/script/execute.c | 2 ++
+ grub-core/script/function.c | 16 +++++++++++++---
+ include/grub/script_sh.h | 2 ++
+ grub-core/script/parser.y | 3 ++-
+ 4 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 528ddfd36f0..a1aadb9ee05 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -872,7 +872,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
+ old_scope = scope;
+ scope = &new_scope;
+
++ func->executing++;
+ ret = grub_script_execute (func->func);
++ func->executing--;
+
+ function_return = 0;
+ active_loops = loops;
+diff --git a/grub-core/script/function.c b/grub-core/script/function.c
+index d36655e510f..3aad04bf9dd 100644
+--- a/grub-core/script/function.c
++++ b/grub-core/script/function.c
+@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+ func = (grub_script_function_t) grub_malloc (sizeof (*func));
+ if (! func)
+ return 0;
++ func->executing = 0;
+
+ func->name = grub_strdup (functionname_arg->str);
+ if (! func->name)
+@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+ grub_script_function_t q;
+
+ q = *p;
+- grub_script_free (q->func);
+- q->func = cmd;
+ grub_free (func);
+- func = q;
++ if (q->executing > 0)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("attempt to redefine a function being executed"));
++ func = NULL;
++ }
++ else
++ {
++ grub_script_free (q->func);
++ q->func = cmd;
++ func = q;
++ }
+ }
+ else
+ {
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index b382bcf09bc..6c48e075122 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -361,6 +361,8 @@ struct grub_script_function
+
+ /* The next element. */
+ struct grub_script_function *next;
++
++ unsigned executing;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+
+diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
+index 4f0ab8319e3..f80b86b6f15 100644
+--- a/grub-core/script/parser.y
++++ b/grub-core/script/parser.y
+@@ -289,7 +289,8 @@ function: "function" "name"
+ grub_script_mem_free (state->func_mem);
+ else {
+ script->children = state->scripts;
+- grub_script_function_create ($2, script);
++ if (!grub_script_function_create ($2, script))
++ grub_script_free (script);
+ }
+
+ state->scripts = $<scripts>3;
+--
+2.26.2
+
diff --git a/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
new file mode 100644
index 0000000..d4eed6b
--- /dev/null
+++ b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
@@ -0,0 +1,46 @@
+From 7de922a99acd0521b99cd0dd81fe62643ce734a5 Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Fri, 17 Jul 2020 05:17:26 +0000
+Subject: [PATCH 299/314] relocator: Fix grub_relocator_alloc_chunk_align() top
+ memory allocation
+
+Current implementation of grub_relocator_alloc_chunk_align()
+does not allow allocation of the top byte.
+
+Assuming input args are:
+ max_addr = 0xfffff000;
+ size = 0x1000;
+
+And this is valid. But following overflow protection will
+unnecessarily move max_addr one byte down (to 0xffffefff):
+ if (max_addr > ~size)
+ max_addr = ~size;
+
+~size + 1 will fix the situation. In addition, check size
+for non zero to do not zero max_addr.
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-commit-id: ab80a97eb1f
+---
+ grub-core/lib/relocator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
+index 5847aac3643..f2c1944c28d 100644
+--- a/grub-core/lib/relocator.c
++++ b/grub-core/lib/relocator.c
+@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
+ };
+ grub_addr_t min_addr2 = 0, max_addr2;
+
+- if (max_addr > ~size)
+- max_addr = ~size;
++ if (size && (max_addr > ~size))
++ max_addr = ~size + 1;
+
+ #ifdef GRUB_MACHINE_PCBIOS
+ if (min_addr < 0x1000)
+--
+2.26.2
+
diff --git a/SOURCES/0300-hfsplus-fix-two-more-overflows.patch b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch
new file mode 100644
index 0000000..72d35b7
--- /dev/null
+++ b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch
@@ -0,0 +1,57 @@
+From 3a60f2bfd8ab98484a7d8ba52748795f7b225ddc Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 14:43:31 -0400
+Subject: [PATCH 300/314] hfsplus: fix two more overflows
+
+Both node->size and node->namelen come from the supplied filesystem,
+which may be user-supplied. We can't trust them for the math unless we
+know they don't overflow; making sure they go through calloc() first
+will give us that.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Upstream-commit-id: b4915078903
+---
+ grub-core/fs/hfsplus.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index f1cd72398ec..8b17ebba296 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -31,6 +31,7 @@
+ #include <grub/hfs.h>
+ #include <grub/charset.h>
+ #include <grub/hfsplus.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node)
+ {
+ char *symlink;
+ grub_ssize_t numread;
++ grub_size_t sz = node->size;
+
+- symlink = grub_malloc (node->size + 1);
++ if (grub_add (sz, 1, &sz))
++ return NULL;
++
++ symlink = grub_malloc (sz);
+ if (!symlink)
+ return 0;
+
+@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg)
+ if (type == GRUB_FSHELP_UNKNOWN)
+ return 0;
+
+- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen)
+- * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen),
++ GRUB_MAX_UTF8_PER_UTF16 + 1);
+ if (! filename)
+ return 0;
+
+--
+2.26.2
+
diff --git a/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch
new file mode 100644
index 0000000..fd99079
--- /dev/null
+++ b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch
@@ -0,0 +1,113 @@
+From 5c219ca7ec3b481573309245e3b7399c2f19a99c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 15:48:20 -0400
+Subject: [PATCH 301/314] lvm: fix two more potential data-dependent alloc
+ overflows
+
+It appears to be possible to make a (possibly invalid) lvm PV with a
+metadata size field that overflows our type when adding it to the
+address we've allocated. Even if it doesn't, it may be possible to do
+so with the math using the outcome of that as an operand. Check them
+both.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Upstream-commit-id: 45ec6046ea0
+---
+ grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 40 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index d1df640b311..ca09d469990 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -25,6 +25,7 @@
+ #include <grub/lvm.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ #ifdef GRUB_UTIL
+ #include <grub/emu/misc.h>
+@@ -102,10 +103,12 @@ grub_lvm_detect (grub_disk_t disk,
+ {
+ grub_err_t err;
+ grub_uint64_t mda_offset, mda_size;
++ grub_size_t ptr;
+ char buf[GRUB_LVM_LABEL_SIZE];
+ char vg_id[GRUB_LVM_ID_STRLEN+1];
+ char pv_id[GRUB_LVM_ID_STRLEN+1];
+- char *metadatabuf, *p, *q, *vgname;
++ char *metadatabuf, *mda_end, *vgname;
++ char *p, *q;
+ struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf;
+ struct grub_lvm_pv_header *pvh;
+ struct grub_lvm_disk_locn *dlocn;
+@@ -205,19 +208,31 @@ grub_lvm_detect (grub_disk_t disk,
+ grub_le_to_cpu64 (rlocn->size) -
+ grub_le_to_cpu64 (mdah->size));
+ }
+- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset);
+
+- while (*q != ' ' && q < metadatabuf + mda_size)
+- q++;
+-
+- if (q == metadatabuf + mda_size)
++ if (grub_add ((grub_size_t)metadatabuf,
++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset),
++ &ptr))
+ {
++error_parsing_metadata:
+ #ifdef GRUB_UTIL
+ grub_util_info ("error parsing metadata");
+ #endif
+ goto fail2;
+ }
+
++ p = q = (char *)ptr;
++
++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
++ goto error_parsing_metadata;
++
++ mda_end = (char *)ptr;
++
++ while (*q != ' ' && q < mda_end)
++ q++;
++
++ if (q == mda_end)
++ goto error_parsing_metadata;
++
+ vgname_len = q - p;
+ vgname = grub_malloc (vgname_len + 1);
+ if (!vgname)
+@@ -367,8 +382,25 @@ grub_lvm_detect (grub_disk_t disk,
+ {
+ const char *iptr;
+ char *optr;
+- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len
+- + 1 + 2 * s + 1);
++
++ /* this is kind of hard to read with our safe (but rather
++ * baroque) math primatives, but it boils down to:
++ *
++ * sz0 = vgname_len * 2 + 1
++ * + s * 2 + 1
++ * + sizeof ("lvm/") - 1;
++ */
++ grub_size_t sz0 = vgname_len, sz1 = s;
++
++ if (grub_mul (sz0, 2, &sz0) ||
++ grub_add (sz0, 1, &sz0) ||
++ grub_mul (sz1, 2, &sz1) ||
++ grub_add (sz1, 1, &sz1) ||
++ grub_add (sz0, sz1, &sz0) ||
++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0))
++ goto lvs_fail;
++
++ lv->fullname = grub_malloc (sz0);
+ if (!lv->fullname)
+ goto lvs_fail;
+
+--
+2.26.2
+
diff --git a/SOURCES/0302-emu-make-grub_free-NULL-safe.patch b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch
new file mode 100644
index 0000000..868dce1
--- /dev/null
+++ b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch
@@ -0,0 +1,34 @@
+From d38b6703c0668e5d99e6f00aeef5d1b1d7458f9a Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 16:08:08 -0400
+Subject: [PATCH 302/314] emu: make grub_free(NULL) safe
+
+The grub_free() implementation in kern/mm.c safely handles NULL
+pointers, and code at many places depends on this. We don't know that
+the same is true on all host OSes, so we need to handle the same
+behavior in grub-emu's implementation.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Upstream-commit-id: 96bb109e658
+---
+ grub-core/kern/emu/mm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
+index 145b01d3719..4d1046a219e 100644
+--- a/grub-core/kern/emu/mm.c
++++ b/grub-core/kern/emu/mm.c
+@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size)
+ void
+ grub_free (void *ptr)
+ {
+- free (ptr);
++ if (ptr)
++ free (ptr);
+ }
+
+ void *
+--
+2.26.2
+
diff --git a/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch
new file mode 100644
index 0000000..50d2444
--- /dev/null
+++ b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch
@@ -0,0 +1,252 @@
+From 3ca105b5d77e292517091da4777484068848da6d Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 16:53:27 -0400
+Subject: [PATCH 303/314] efi: fix some malformed device path arithmetic
+ errors.
+
+Several places we take the length of a device path and subtract 4 from
+it, without ever checking that it's >= 4. There are also cases where
+this kind of malformation will result in unpredictable iteration,
+including treating the length from one dp node as the type in the next
+node. These are all errors, no matter where the data comes from.
+
+This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
+can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
+return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
+the length is too small. Additionally, it makes several places in the
+code check for and return errors in these cases.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Upstream-commit-id: 23e68a83990
+---
+ grub-core/kern/efi/efi.c | 67 +++++++++++++++++++++++++-----
+ grub-core/loader/efi/chainloader.c | 19 ++++++++-
+ grub-core/loader/i386/xnu.c | 9 ++--
+ include/grub/efi/api.h | 14 ++++---
+ 4 files changed, 88 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index b1379b92fb8..03de9cb14e7 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -344,7 +344,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+
+ dp = dp0;
+
+- while (1)
++ while (dp)
+ {
+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -354,9 +354,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
+ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
+ {
+- grub_efi_uint16_t len;
+- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+- / sizeof (grub_efi_char16_t));
++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++
++ if (len < 4)
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE,
++ "malformed EFI Device Path node has length=%d", len);
++ return NULL;
++ }
++ len = (len - 4) / sizeof (grub_efi_char16_t);
+ filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
+ }
+
+@@ -372,7 +378,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ if (!name)
+ return NULL;
+
+- while (1)
++ while (dp)
+ {
+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -388,8 +394,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+
+ *p++ = '/';
+
+- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+- / sizeof (grub_efi_char16_t));
++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++ if (len < 4)
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE,
++ "malformed EFI Device Path node has length=%d", len);
++ return NULL;
++ }
++
++ len = (len - 4) / sizeof (grub_efi_char16_t);
+ fp = (grub_efi_file_path_device_path_t *) dp;
+ /* According to EFI spec Path Name is NULL terminated */
+ while (len > 0 && fp->path_name[len - 1] == 0)
+@@ -464,7 +477,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp)
+ ;
+ p = GRUB_EFI_NEXT_DEVICE_PATH (p))
+ {
+- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
++
++ /*
++ * In the event that we find a node that's completely garbage, for
++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size
++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and
++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue,
++ * and neither should our consumers, but there won't be any error raised
++ * even though the device path is junk.
++ *
++ * This keeps us from passing junk down back to our caller.
++ */
++ if (len < 4)
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE,
++ "malformed EFI Device Path node has length=%d", len);
++ return NULL;
++ }
++
++ total_size += len;
+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p))
+ break;
+ }
+@@ -509,7 +541,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor)
+ void
+ grub_efi_print_device_path (grub_efi_device_path_t *dp)
+ {
+- while (1)
++ while (GRUB_EFI_DEVICE_PATH_VALID (dp))
+ {
+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -981,7 +1013,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
+ /* Return non-zero. */
+ return 1;
+
+- while (1)
++ if (dp1 == dp2)
++ return 0;
++
++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1)
++ && GRUB_EFI_DEVICE_PATH_VALID (dp2))
+ {
+ grub_efi_uint8_t type1, type2;
+ grub_efi_uint8_t subtype1, subtype2;
+@@ -1017,5 +1053,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
+ dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2);
+ }
+
++ /*
++ * There's no "right" answer here, but we probably don't want to call a valid
++ * dp and an invalid dp equal, so pick one way or the other.
++ */
++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) &&
++ !GRUB_EFI_DEVICE_PATH_VALID (dp2))
++ return 1;
++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) &&
++ GRUB_EFI_DEVICE_PATH_VALID (dp2))
++ return -1;
++
+ return 0;
+ }
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 2da119ad513..c2411b6dab2 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -125,6 +125,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
+ fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
+
++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp))
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid");
++ return;
++ }
++
+ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
+ if (!path_name)
+ return;
+@@ -164,9 +170,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+
+ size = 0;
+ d = dp;
+- while (1)
++ while (d)
+ {
+- size += GRUB_EFI_DEVICE_PATH_LENGTH (d);
++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d);
++
++ if (len < 4)
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE,
++ "malformed EFI Device Path node has length=%d", len);
++ return NULL;
++ }
++
++ size += len;
+ if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d)))
+ break;
+ d = GRUB_EFI_NEXT_DEVICE_PATH (d);
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index c760db30fc0..44f7ebfa2b6 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)),
+
+ devhead = buf;
+ buf = devhead + 1;
+- dpstart = buf;
++ dp = dpstart = buf;
+
+- do
++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend)
+ {
+- dp = buf;
+ buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
++ break;
++ dp = buf;
+ }
+- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend);
+
+ dev = grub_xnu_devprop_add_device (dpstart, (char *) buf
+ - (char *) dpstart);
+diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
+index 6c440c61316..a092fddb629 100644
+--- a/include/grub/efi/api.h
++++ b/include/grub/efi/api.h
+@@ -671,6 +671,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
+ #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f)
+ #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype)
+ #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length)
++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4)
+
+ /* The End of Device Path nodes. */
+ #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f)
+@@ -679,13 +680,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
+ #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01
+
+ #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \
+- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
+- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
+- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))
++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \
++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)))
+
+ #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \
+- ((grub_efi_device_path_t *) ((char *) (dp) \
+- + GRUB_EFI_DEVICE_PATH_LENGTH (dp)))
++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \
++ ? ((grub_efi_device_path_t *) \
++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \
++ : NULL)
+
+ /* Hardware Device Path. */
+ #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1
+--
+2.26.2
+
diff --git a/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch
new file mode 100644
index 0000000..b087f46
--- /dev/null
+++ b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch
@@ -0,0 +1,88 @@
+From cab9214c4caad2ad95ce8bd456c68bc08def0833 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Wed, 22 Jul 2020 17:06:04 +0100
+Subject: [PATCH 304/314] Fix a regression caused by "efi: fix some malformed
+ device path arithmetic errors"
+
+This commit introduced a bogus check inside copy_file_path to
+determine whether the destination grub_efi_file_path_device_path_t
+was valid before anything was copied to it. Depending on the
+contents of the heap buffer, this check could fail which would
+result in copy_file_path returning early.
+
+Without any error propagated to the caller, make_file_path would
+then try to advance the invalid device path node with
+GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL
+pointer that would subsequently be dereferenced.
+
+Remove the bogus check, and also propagate errors from copy_file_path.
+---
+ grub-core/loader/efi/chainloader.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index c2411b6dab2..8b99cf23e9d 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -115,7 +115,7 @@ grub_chainloader_boot (void)
+ return grub_errno;
+ }
+
+-static void
++static grub_err_t
+ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ const char *str, grub_efi_uint16_t len)
+ {
+@@ -125,15 +125,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
+ fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
+
+- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp))
+- {
+- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid");
+- return;
+- }
+-
+ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
+ if (!path_name)
+- return;
++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer");
+
+ size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8,
+ (const grub_uint8_t *) str, len, 0);
+@@ -145,6 +139,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ /* File Path is NULL terminated */
+ fp->path_name[size++] = '\0';
+ fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
++ grub_free (path_name);
++ return GRUB_ERR_NONE;
+ }
+
+ static grub_efi_device_path_t *
+@@ -202,13 +198,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+ /* Fill the file path for the directory. */
+ d = (grub_efi_device_path_t *) ((char *) file_path
+ + ((char *) d - (char *) dp));
+- copy_file_path ((grub_efi_file_path_device_path_t *) d,
+- dir_start, dir_end - dir_start);
++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
++ {
++ fail:
++ grub_free (file_path);
++ return 0;
++ }
+
+ /* Fill the file path for the file. */
+ d = GRUB_EFI_NEXT_DEVICE_PATH (d);
+- copy_file_path ((grub_efi_file_path_device_path_t *) d,
+- dir_end + 1, grub_strlen (dir_end + 1));
++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE)
++ goto fail;
+
+ /* Fill the end of device path nodes. */
+ d = GRUB_EFI_NEXT_DEVICE_PATH (d);
+--
+2.26.2
+
diff --git a/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch
new file mode 100644
index 0000000..dc83ba1
--- /dev/null
+++ b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch
@@ -0,0 +1,151 @@
+From 0bfbb0c63ccc73d8508d1a402f53f9f6a64de903 Mon Sep 17 00:00:00 2001
+From: Alexander Burmashev <alexander.burmashev@oracle.com>
+Date: Wed, 22 Jul 2020 06:04:38 -0700
+Subject: [PATCH 305/314] update safemath with fallback code for gcc older than
+ 5.1
+
+The code used in the header was taken from linux kernel commit
+f0907827a8a9152aedac2833ed1b674a7b2a44f2. Rasmus Villemoes
+<linux@rasmusvillemoes.dk>, the original author of the patch, was
+contacted directly, confirmed his authorship of the code, and gave his
+permission on treating that dual license as MIT and including into GRUB2
+sources
+
+Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
+---
+ include/grub/safemath.h | 119 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 118 insertions(+), 1 deletion(-)
+
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+index c17b89bba17..1ccac276b59 100644
+--- a/include/grub/safemath.h
++++ b/include/grub/safemath.h
+@@ -31,7 +31,124 @@
+ #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+
+ #else
+-#error gcc 5.1 or newer or clang 3.8 or newer is required
++/*
++ * Copyright 2020 Rasmus Villemoes
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to
++ * deal in the Software without restriction, including without limitation the
++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
++ * IN THE SOFTWARE.
++ */
++/*
++ * The code used in this header was taken from linux kernel commit
++ * f0907827a8a9152aedac2833ed1b674a7b2a44f2
++ * Rasmus Villemoes <linux@rasmusvillemoes.dk>, the original author of the
++ * patch, was contacted directly, confirmed his authorship of the code, and
++ * gave his permission on treating that dual license as MIT and including into
++ * GRUB2 sources
++ */
++
++#include <grub/types.h>
++#define is_signed_type(type) (((type)(-1)) < (type)1)
++#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
++#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
++#define type_min(T) ((T)((T)-type_max(T)-(T)1))
++
++#define __unsigned_add_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = __a + __b; \
++ *__d < __a; \
++})
++#define __unsigned_sub_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = __a - __b; \
++ __a < __b; \
++})
++#define __unsigned_mul_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = __a * __b; \
++ __builtin_constant_p(__b) ? \
++ __b > 0 && __a > type_max(typeof(__a)) / __b :\
++ __a > 0 && __b > type_max(typeof(__b)) / __a; \
++})
++
++#define __signed_add_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = (grub_uint64_t)__a + (grub_uint64_t)__b; \
++ (((~(__a ^ __b)) & (*__d ^ __a)) \
++ & type_min(typeof(__a))) != 0; \
++})
++
++#define __signed_sub_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = (grub_uint64_t)__a - (grub_uint64_t)__b; \
++ ((((__a ^ __b)) & (*__d ^ __a)) \
++ & type_min(typeof(__a))) != 0; \
++})
++
++#define __signed_mul_overflow(a, b, d) ({ \
++ typeof(+(a)) __a = (a); \
++ typeof(+(b)) __b = (b); \
++ typeof(d) __d = (d); \
++ typeof(+(a)) __tmax = type_max(typeof(+(a))); \
++ typeof(+(a)) __tmin = type_min(typeof(+(a))); \
++ (void) (&__a == &__b); \
++ (void) (&__a == __d); \
++ *__d = (grub_uint64_t)__a * (grub_uint64_t)__b; \
++ (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) ||\
++ (__b < (typeof(__b))-1 && \
++ (__a > __tmin/__b || __a < __tmax/__b)) || \
++ (__b == (typeof(__b))-1 && __a == __tmin); \
++})
++
++#define grub_add(a, b, d) \
++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \
++ __signed_add_overflow(a, b, d), \
++ __unsigned_add_overflow(a, b, d))
++
++#define grub_sub(a, b, d) \
++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \
++ __signed_sub_overflow(a, b, d), \
++ __unsigned_sub_overflow(a, b, d))
++
++#define grub_mul(a, b, d) \
++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \
++ __signed_mul_overflow(a, b, d), \
++ __unsigned_mul_overflow(a, b, d))
++
+ #endif
+
+ #endif /* GRUB_SAFEMATH_H */
+--
+2.26.2
+
diff --git a/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch
new file mode 100644
index 0000000..ae4e5fc
--- /dev/null
+++ b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch
@@ -0,0 +1,165 @@
+From 7a7d0278212dde624229dd6da973ccfdf60a7982 Mon Sep 17 00:00:00 2001
+From: Alexey Makhalov <amakhalov@vmware.com>
+Date: Mon, 20 Jul 2020 23:03:05 +0000
+Subject: [PATCH 306/314] efi: Fix use-after-free in halt/reboot path
+
+commit 92bfc33db984 ("efi: Free malloc regions on exit")
+introduced memory freeing in grub_efi_fini(), which is
+used not only by exit path but by halt/reboot one as well.
+As result of memory freeing, code and data regions used by
+modules, such as halt, reboot, acpi (used by halt) also got
+freed. After return to module code, CPU executes, filled
+by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
+a code. Which leads to #UD exception later.
+
+grub> halt
+!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
+RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246
+RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
+RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
+RSI - 00000000064DB768, RDI - 000000000832C5C3
+R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52
+R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
+R14 - 0000000003E10D80, R15 - 00000000061E2F60
+DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
+GS - 0000000000000030, SS - 0000000000000030
+CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
+CR4 - 0000000000000668, CR8 - 0000000000000000
+DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
+DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
+GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
+IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000
+FXSAVE_STATE - 0000000007F0F4C0
+
+Proposal here is to continue to free allocated memory for
+exit boot services path but keep it for halt/reboot path
+as it won't be much security concern here.
+Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
+loader flag to be used by efi halt/reboot path.
+
+Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+---
+ grub-core/kern/arm/efi/init.c | 3 +++
+ grub-core/kern/arm64/efi/init.c | 3 +++
+ grub-core/kern/efi/efi.c | 3 ++-
+ grub-core/kern/efi/init.c | 1 -
+ grub-core/kern/i386/efi/init.c | 9 +++++++--
+ grub-core/kern/ia64/efi/init.c | 9 +++++++--
+ grub-core/lib/efi/halt.c | 3 ++-
+ include/grub/loader.h | 1 +
+ 8 files changed, 25 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c
+index 06df60e2f0e..40c3b467fc6 100644
+--- a/grub-core/kern/arm/efi/init.c
++++ b/grub-core/kern/arm/efi/init.c
+@@ -71,4 +71,7 @@ grub_machine_fini (int flags)
+ efi_call_1 (b->close_event, tmr_evt);
+
+ grub_efi_fini ();
++
++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
++ grub_efi_memory_fini ();
+ }
+diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c
+index 6224999ec9c..5010caefd66 100644
+--- a/grub-core/kern/arm64/efi/init.c
++++ b/grub-core/kern/arm64/efi/init.c
+@@ -57,4 +57,7 @@ grub_machine_fini (int flags)
+ return;
+
+ grub_efi_fini ();
++
++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
++ grub_efi_memory_fini ();
+ }
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 03de9cb14e7..5dfcf943322 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle)
+ void
+ grub_reboot (void)
+ {
+- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
+ efi_call_4 (grub_efi_system_table->runtime_services->reset_system,
+ GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL);
+ for (;;) ;
+diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
+index e6183a4c44d..79243b364a1 100644
+--- a/grub-core/kern/efi/init.c
++++ b/grub-core/kern/efi/init.c
+@@ -136,5 +136,4 @@ grub_efi_fini (void)
+ {
+ grub_efidisk_fini ();
+ grub_console_fini ();
+- grub_efi_memory_fini ();
+ }
+diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c
+index a28316cc640..46476e27eae 100644
+--- a/grub-core/kern/i386/efi/init.c
++++ b/grub-core/kern/i386/efi/init.c
+@@ -38,6 +38,11 @@ grub_machine_init (void)
+ void
+ grub_machine_fini (int flags)
+ {
+- if (flags & GRUB_LOADER_FLAG_NORETURN)
+- grub_efi_fini ();
++ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
++ return;
++
++ grub_efi_fini ();
++
++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
++ grub_efi_memory_fini ();
+ }
+diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c
+index b5ecbd09121..f1965571b1d 100644
+--- a/grub-core/kern/ia64/efi/init.c
++++ b/grub-core/kern/ia64/efi/init.c
+@@ -70,6 +70,11 @@ grub_machine_init (void)
+ void
+ grub_machine_fini (int flags)
+ {
+- if (flags & GRUB_LOADER_FLAG_NORETURN)
+- grub_efi_fini ();
++ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
++ return;
++
++ grub_efi_fini ();
++
++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
++ grub_efi_memory_fini ();
+ }
+diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c
+index e9441c844ac..a69a77681e3 100644
+--- a/grub-core/lib/efi/halt.c
++++ b/grub-core/lib/efi/halt.c
+@@ -28,7 +28,8 @@
+ void
+ grub_halt (void)
+ {
+- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
+ #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__)
+ grub_acpi_halt ();
+ #endif
+diff --git a/include/grub/loader.h b/include/grub/loader.h
+index 7f82a499fd9..b208642821b 100644
+--- a/include/grub/loader.h
++++ b/include/grub/loader.h
+@@ -33,6 +33,7 @@ enum
+ {
+ GRUB_LOADER_FLAG_NORETURN = 1,
+ GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2,
++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4,
+ };
+
+ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
+--
+2.26.2
+
diff --git a/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch
new file mode 100644
index 0000000..11ed664
--- /dev/null
+++ b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch
@@ -0,0 +1,40 @@
+From c62652ca26ed1c145d0e820e0f108ce4e61b1f17 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 17:11:06 -0400
+Subject: [PATCH 307/314] efi+dhcp: fix some allocation error checking.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/net/efi/dhcp.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c
+index dbef63d8c08..e5c79b748b0 100644
+--- a/grub-core/net/efi/dhcp.c
++++ b/grub-core/net/efi/dhcp.c
+@@ -80,7 +80,7 @@ grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packe
+ if (status != GRUB_EFI_BUFFER_TOO_SMALL)
+ return NULL;
+
+- option_list = grub_malloc (option_count * sizeof(*option_list));
++ option_list = grub_calloc (option_count, sizeof(*option_list));
+ if (!option_list)
+ return NULL;
+
+@@ -360,8 +360,11 @@ grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)),
+
+ if (status == GRUB_EFI_BUFFER_TOO_SMALL && count)
+ {
+- options = grub_malloc (count * sizeof(*options));
+- status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options);
++ options = grub_calloc (count, sizeof(*options));
++ if (options)
++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options);
++ else
++ status = GRUB_EFI_OUT_OF_RESOURCES;
+ }
+
+ if (status != GRUB_EFI_SUCCESS)
+--
+2.26.2
+
diff --git a/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch
new file mode 100644
index 0000000..e512e99
--- /dev/null
+++ b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch
@@ -0,0 +1,42 @@
+From 4436316229bc5b46016d61215b709ec434f4e0d3 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 17:14:15 -0400
+Subject: [PATCH 308/314] efi+http: fix some allocation error checking.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/net/efi/http.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index fc8cb25ae0a..26647a50fa4 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -412,8 +412,8 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
+ int type)
+ {
+ grub_err_t err;
+- grub_off_t size;
+- char *buf;
++ grub_off_t size = 0;
++ char *buf = NULL;
+ char *file_name = NULL;
+ const char *http_path;
+
+@@ -441,8 +441,11 @@ grub_efihttp_open (struct grub_efi_net_device *dev,
+ return err;
+ }
+
+- buf = grub_malloc (size);
+- efihttp_read (dev, buf, size);
++ if (size)
++ {
++ buf = grub_malloc (size);
++ efihttp_read (dev, buf, size);
++ }
+
+ file->size = size;
+ file->data = buf;
+--
+2.26.2
+
diff --git a/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch
new file mode 100644
index 0000000..c6b7a25
--- /dev/null
+++ b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch
@@ -0,0 +1,131 @@
+From 9f8ce6fac51e229a18ed2fa3321f7fc3d6d822a6 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 17:27:00 -0400
+Subject: [PATCH 309/314] efi/ip[46]_config.c: fix some potential allocation
+ overflows
+
+In theory all of this data comes from the firmware stack and it should
+be safe, but it's better to be paranoid.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/net/efi/ip4_config.c | 25 ++++++++++++++++++-------
+ grub-core/net/efi/ip6_config.c | 13 ++++++++++---
+ 2 files changed, 28 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
+index 6117e60ab12..5ea5ed03925 100644
+--- a/grub-core/net/efi/ip4_config.c
++++ b/grub-core/net/efi/ip4_config.c
+@@ -4,15 +4,20 @@
+ #include <grub/misc.h>
+ #include <grub/net/efi.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ char *
+ grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address)
+ {
+ char *hw_addr, *p;
+- int sz, s;
+- int i;
++ grub_size_t sz, s, i;
+
+- sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1;
++ if (grub_mul (hw_address_size, sizeof ("XX:") - 1, &sz) ||
++ grub_add (sz, 1, &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ return NULL;
++ }
+
+ hw_addr = grub_malloc (sz);
+ if (!hw_addr)
+@@ -20,7 +25,7 @@ grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_a
+
+ p = hw_addr;
+ s = sz;
+- for (i = 0; i < (int)hw_address_size; i++)
++ for (i = 0; i < hw_address_size; i++)
+ {
+ grub_snprintf (p, sz, "%02x:", hw_address[i]);
+ p += sizeof ("XX:") - 1;
+@@ -238,14 +243,20 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev)
+ {
+ grub_efi_ip4_config2_interface_info_t *interface_info;
+ char **ret;
+- int i, id;
++ int id;
++ grub_size_t i, nmemb;
+
+ interface_info = efi_ip4_config_interface_info (dev->ip4_config);
+ if (!interface_info)
+ return NULL;
+
+- ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1));
++ if (grub_add (interface_info->route_table_size, 1, &nmemb))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ return NULL;
++ }
+
++ ret = grub_calloc (nmemb, sizeof (*ret));
+ if (!ret)
+ {
+ grub_free (interface_info);
+@@ -253,7 +264,7 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev)
+ }
+
+ id = 0;
+- for (i = 0; i < (int)interface_info->route_table_size; i++)
++ for (i = 0; i < interface_info->route_table_size; i++)
+ {
+ char *subnet, *gateway, *mask;
+ grub_uint32_t u32_subnet, u32_gateway;
+diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c
+index e0e00c23d21..1c5415d7185 100644
+--- a/grub-core/net/efi/ip6_config.c
++++ b/grub-core/net/efi/ip6_config.c
+@@ -3,6 +3,7 @@
+ #include <grub/misc.h>
+ #include <grub/net/efi.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ char *
+ grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address)
+@@ -228,14 +229,20 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev)
+ {
+ grub_efi_ip6_config_interface_info_t *interface_info;
+ char **ret;
+- int i, id;
++ int id;
++ grub_size_t i, nmemb;
+
+ interface_info = efi_ip6_config_interface_info (dev->ip6_config);
+ if (!interface_info)
+ return NULL;
+
+- ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1));
++ if (grub_add (interface_info->route_count, 1, &nmemb))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ return NULL;
++ }
+
++ ret = grub_calloc (nmemb, sizeof (*ret));
+ if (!ret)
+ {
+ grub_free (interface_info);
+@@ -243,7 +250,7 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev)
+ }
+
+ id = 0;
+- for (i = 0; i < (int)interface_info->route_count ; i++)
++ for (i = 0; i < interface_info->route_count ; i++)
+ {
+ char *gateway, *destination;
+ grub_uint64_t u64_gateway[2];
+--
+2.26.2
+
diff --git a/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch
new file mode 100644
index 0000000..57b8caf
--- /dev/null
+++ b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch
@@ -0,0 +1,219 @@
+From e5ef076d3188c3389769a3bde72382db9b94dc97 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 23 Jul 2020 15:02:48 -0400
+Subject: [PATCH 310/314] Fix up some types for gcc 4.8 compat safemath.h
+
+The compat macros aren't as forgiving as __builtin_*_overflow().
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/disk/lvm.c | 22 ++++++++++++----------
+ grub-core/font/font.c | 4 ++--
+ grub-core/fs/btrfs.c | 20 +++++++++++++++-----
+ grub-core/fs/ext2.c | 3 ++-
+ grub-core/fs/hfsplus.c | 2 +-
+ grub-core/fs/iso9660.c | 8 ++++----
+ grub-core/normal/charset.c | 5 +++--
+ 7 files changed, 39 insertions(+), 25 deletions(-)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index ca09d469990..4fbb3eac0ea 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -103,7 +103,7 @@ grub_lvm_detect (grub_disk_t disk,
+ {
+ grub_err_t err;
+ grub_uint64_t mda_offset, mda_size;
+- grub_size_t ptr;
++ grub_uint64_t ptr;
+ char buf[GRUB_LVM_LABEL_SIZE];
+ char vg_id[GRUB_LVM_ID_STRLEN+1];
+ char pv_id[GRUB_LVM_ID_STRLEN+1];
+@@ -209,9 +209,9 @@ grub_lvm_detect (grub_disk_t disk,
+ grub_le_to_cpu64 (mdah->size));
+ }
+
+- if (grub_add ((grub_size_t)metadatabuf,
+- (grub_size_t)grub_le_to_cpu64 (rlocn->offset),
+- &ptr))
++ grub_uint64_t mdb = (grub_uint64_t)metadatabuf;
++ grub_uint64_t addend = (grub_uint64_t)grub_le_to_cpu64 (rlocn->offset);
++ if (grub_add (mdb, addend, &ptr))
+ {
+ error_parsing_metadata:
+ #ifdef GRUB_UTIL
+@@ -222,7 +222,7 @@ error_parsing_metadata:
+
+ p = q = (char *)ptr;
+
+- if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
++ if (grub_add (mdb, mda_size, &ptr))
+ goto error_parsing_metadata;
+
+ mda_end = (char *)ptr;
+@@ -391,13 +391,15 @@ error_parsing_metadata:
+ * + sizeof ("lvm/") - 1;
+ */
+ grub_size_t sz0 = vgname_len, sz1 = s;
++ grub_size_t one = 1, two = 2;
++ grub_size_t lvm_str_sz = sizeof ("lvm/") - 1;
+
+- if (grub_mul (sz0, 2, &sz0) ||
+- grub_add (sz0, 1, &sz0) ||
+- grub_mul (sz1, 2, &sz1) ||
+- grub_add (sz1, 1, &sz1) ||
++ if (grub_mul (sz0, two, &sz0) ||
++ grub_add (sz0, one, &sz0) ||
++ grub_mul (sz1, two, &sz1) ||
++ grub_add (sz1, one, &sz1) ||
+ grub_add (sz0, sz1, &sz0) ||
+- grub_add (sz0, sizeof ("lvm/") - 1, &sz0))
++ grub_add (sz0, lvm_str_sz, &sz0))
+ goto lvs_fail;
+
+ lv->fullname = grub_malloc (sz0);
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index a7b955a1a74..b36a099b856 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -361,10 +361,10 @@ static char *
+ read_section_as_string (struct font_file_section *section)
+ {
+ char *str;
+- grub_size_t sz;
++ grub_size_t sz = section->length, one = 1;
+ grub_ssize_t ret;
+
+- if (grub_add (section->length, 1, &sz))
++ if (grub_add (sz, one, &sz))
+ return NULL;
+
+ str = grub_malloc (sz);
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 1d801f6c9ee..3faf9056c72 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -323,10 +323,15 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc,
+ {
+ void *newdata;
+ grub_size_t sz;
++ grub_size_t alloced, datasz, two = 2;
+
+- if (grub_mul (desc->allocated, 2, &desc->allocated) ||
+- grub_mul (desc->allocated, sizeof (desc->data[0]), &sz))
++ alloced = desc->allocated;
++ datasz = sizeof (desc->data[0]);
++
++ if (grub_mul (alloced, two, &alloced) ||
++ grub_mul (alloced, datasz, &sz))
+ return GRUB_ERR_OUT_OF_RANGE;
++ desc->allocated = alloced;
+
+ newdata = grub_realloc (desc->data, sz);
+ if (!newdata)
+@@ -624,12 +629,17 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan)
+ {
+ void *tmp;
+ grub_size_t sz;
++ grub_size_t alloced = data->n_devices_allocated;
++ grub_size_t attached_sz = sizeof(data->devices_attached[0]);
++ grub_size_t attached = data->n_devices_attached;
++ const grub_size_t one = 1, two = 2;
+
+- if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
+- grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
+- grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++ if (grub_mul (attached, two, &alloced) ||
++ grub_add (alloced, one, &alloced) ||
++ grub_mul (alloced, attached_sz, &sz))
+ goto fail;
+
++ data->n_devices_allocated = alloced;
+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+ if (!data->devices_attached)
+ {
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index b4bd019f49a..3d59cf13125 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -719,7 +719,8 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ }
+ }
+
+- if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz))
++ sz = grub_le_to_cpu32 (diro->inode.size);
++ if (grub_add (sz, (grub_size_t)1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ return NULL;
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 8b17ebba296..e06bcbb9ba3 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -478,7 +478,7 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node)
+ grub_ssize_t numread;
+ grub_size_t sz = node->size;
+
+- if (grub_add (sz, 1, &sz))
++ if (grub_add (sz, (grub_size_t)1, &sz))
+ return NULL;
+
+ symlink = grub_malloc (sz);
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 6fc9302bce3..a4403e29dee 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -536,7 +536,7 @@ add_part (struct iterate_dir_ctx *ctx,
+ char *new;
+
+ if (grub_add (size, len2, &sz) ||
+- grub_add (sz, 1, &sz))
++ grub_add (sz, (grub_size_t)1, &sz))
+ return;
+
+ new = grub_realloc (ctx->symlink, sz);
+@@ -580,14 +580,14 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ {
+ off = grub_strlen (ctx->filename);
+ if (grub_add (csize, off, &sz) ||
+- grub_add (sz, 1, &sz))
++ grub_add (sz, (grub_size_t)1, &sz))
+ return GRUB_ERR_OUT_OF_RANGE;
+ ctx->filename = grub_realloc (ctx->filename, sz);
+ }
+ else
+ {
+ off = 0;
+- if (grub_add (csize, 1, &sz))
++ if (grub_add (csize, (grub_size_t)1, &sz))
+ return GRUB_ERR_OUT_OF_RANGE;
+ ctx->filename = grub_zalloc (sz);
+ }
+@@ -807,7 +807,7 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ struct grub_fshelp_node *new_node;
+ grub_size_t sz;
+
+- if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) ||
++ if (grub_mul (node->alloc_dirents, (grub_size_t)2, &node->alloc_dirents) ||
+ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
+ grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
+ grub_add (sz, sizeof (struct grub_fshelp_node), &sz))
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index 4dfcc31078d..f902b13b44e 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -479,8 +479,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ n = out->combining_inline;
+ else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline))
+ {
+- if (grub_add (out->ncomb, 1, &sz) ||
+- grub_mul (sz, sizeof (n[0]), &sz))
++ grub_size_t ncomb = out->ncomb, one = 1, nsz = sizeof (n[0]);
++ if (grub_add (ncomb, one, &sz) ||
++ grub_mul (sz, nsz, &sz))
+ goto fail;
+
+ n = grub_realloc (out->combining_ptr, sz);
+--
+2.26.2
+
diff --git a/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
new file mode 100644
index 0000000..892f2bf
--- /dev/null
+++ b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
@@ -0,0 +1,51 @@
+From 0a9a828e88a2e14be684761afe582e7bb286676b Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Fri, 24 Jul 2020 17:18:09 +0100
+Subject: [PATCH 311/314] efilinux: Fix integer overflows in grub_cmd_initrd
+
+These could be triggered by an extremely large number of arguments to
+the initrd command on 32-bit architectures, or a crafted filesystem with
+very large files on any architecture.
+
+Signed-off-by: Colin Watson <cjwatson@debian.org>
+---
+ grub-core/loader/i386/efi/linux.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+index ea9f5134e67..ade7ab8f573 100644
+--- a/grub-core/loader/i386/efi/linux.c
++++ b/grub-core/loader/i386/efi/linux.c
+@@ -28,6 +28,7 @@
+ #include <grub/efi/efi.h>
+ #include <grub/efi/linux.h>
+ #include <grub/tpm.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+ goto fail;
+ }
+
+- files = grub_zalloc (argc * sizeof (files[0]));
++ files = grub_calloc (argc, sizeof (files[0]));
+ if (!files)
+ goto fail;
+
+@@ -105,7 +106,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+ if (! files[i])
+ goto fail;
+ nfiles++;
+- size += ALIGN_UP (grub_file_size (files[i]), 4);
++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ goto fail;
++ }
+ }
+
+ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size));
+--
+2.26.2
+
diff --git a/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
new file mode 100644
index 0000000..6f5b9f0
--- /dev/null
+++ b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
@@ -0,0 +1,29 @@
+From 9fa474528317c2311e2f2ac0fd626316ef7486d4 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 24 Jul 2020 13:57:27 -0400
+Subject: [PATCH 312/314] linux loader: avoid overflow on initrd size
+ calculation
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ grub-core/loader/linux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
+index c2c7cfcd0fd..61a2e144db0 100644
+--- a/grub-core/loader/linux.c
++++ b/grub-core/loader/linux.c
+@@ -152,8 +152,8 @@ grub_initrd_init (int argc, char *argv[],
+ initrd_ctx->nfiles = 0;
+ initrd_ctx->components = 0;
+
+- initrd_ctx->components = grub_zalloc (argc
+- * sizeof (initrd_ctx->components[0]));
++ initrd_ctx->components = grub_calloc (argc,
++ sizeof (initrd_ctx->components[0]));
+ if (!initrd_ctx->components)
+ return grub_errno;
+
+--
+2.26.2
+
diff --git a/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
new file mode 100644
index 0000000..b4c1470
--- /dev/null
+++ b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
@@ -0,0 +1,101 @@
+From 2ba58823b68d5fbf8d625ed6d7e18b09bc556860 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <xnox@ubuntu.com>
+Date: Wed, 22 Jul 2020 11:31:43 +0100
+Subject: [PATCH 313/314] linuxefi: fail kernel validation without shim
+ protocol.
+
+If certificates that signed grub are installed into db, grub can be
+booted directly. It will then boot any kernel without signature
+validation. The booted kernel will think it was booted in secureboot
+mode and will implement lockdown, yet it could have been tampered.
+
+This version of the patch skips calling verification, when booted
+without secureboot. And is indented with gnu ident.
+
+CVE-2020-15705
+
+Reported-by: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
+Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
+---
+ grub-core/loader/arm64/linux.c | 12 ++++++++----
+ grub-core/loader/efi/chainloader.c | 1 +
+ grub-core/loader/efi/linux.c | 1 +
+ grub-core/loader/i386/efi/linux.c | 13 ++++++++-----
+ 4 files changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
+index e1110749eb9..7a076c13171 100644
+--- a/grub-core/loader/arm64/linux.c
++++ b/grub-core/loader/arm64/linux.c
+@@ -381,11 +381,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+
+ grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
+
+- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
+- if (rc < 0)
++ if (grub_efi_secure_boot ())
+ {
+- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
+- goto fail;
++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
++ if (rc <= 0)
++ {
++ grub_error (GRUB_ERR_INVALID_COMMAND,
++ N_("%s has invalid signature"), argv[0]);
++ goto fail;
++ }
+ }
+
+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 8b99cf23e9d..a93edc975cd 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -1079,6 +1079,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+
+ return 0;
+ }
++ // -1 fall-through to fail
+
+ fail:
+ if (dev)
+diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
+index e09f824862b..927d89a90d7 100644
+--- a/grub-core/loader/efi/linux.c
++++ b/grub-core/loader/efi/linux.c
+@@ -33,6 +33,7 @@ struct grub_efi_shim_lock
+ };
+ typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
+
++// Returns 1 on success, -1 on error, 0 when not available
+ int
+ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
+ {
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+index ade7ab8f573..361e503cb52 100644
+--- a/grub-core/loader/i386/efi/linux.c
++++ b/grub-core/loader/i386/efi/linux.c
+@@ -206,12 +206,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
+ grub_print_error();
+
+- rc = grub_linuxefi_secure_validate (kernel, filelen);
+- if (rc < 0)
++ if (grub_efi_secure_boot ())
+ {
+- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
+- argv[0]);
+- goto fail;
++ rc = grub_linuxefi_secure_validate (kernel, filelen);
++ if (rc <= 0)
++ {
++ grub_error (GRUB_ERR_INVALID_COMMAND,
++ N_("%s has invalid signature"), argv[0]);
++ goto fail;
++ }
+ }
+
+ params = grub_efi_allocate_pages_max (0x3fffffff,
+--
+2.26.2
+
diff --git a/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
new file mode 100644
index 0000000..759f91d
--- /dev/null
+++ b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -0,0 +1,168 @@
+From 9715e08cf30ebd8a24ca27b7c4dda8e949e100df Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sat, 25 Jul 2020 12:15:37 +0100
+Subject: [PATCH 314/314] linux: Fix integer overflows in initrd size handling
+
+These could be triggered by a crafted filesystem with very large files.
+
+Fixes: CVE-2020-15707
+
+Signed-off-by: Colin Watson <cjwatson@debian.org>
+Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
+---
+ grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 54 insertions(+), 20 deletions(-)
+
+diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
+index 61a2e144db0..0953f6d3266 100644
+--- a/grub-core/loader/linux.c
++++ b/grub-core/loader/linux.c
+@@ -5,6 +5,7 @@
+ #include <grub/file.h>
+ #include <grub/mm.h>
+ #include <grub/tpm.h>
++#include <grub/safemath.h>
+
+ struct newc_head
+ {
+@@ -99,13 +100,13 @@ free_dir (struct dir *root)
+ grub_free (root);
+ }
+
+-static grub_size_t
++static grub_err_t
+ insert_dir (const char *name, struct dir **root,
+- grub_uint8_t *ptr)
++ grub_uint8_t *ptr, grub_size_t *size)
+ {
+ struct dir *cur, **head = root;
+ const char *cb, *ce = name;
+- grub_size_t size = 0;
++ *size = 0;
+ while (1)
+ {
+ for (cb = ce; *cb == '/'; cb++);
+@@ -131,14 +132,22 @@ insert_dir (const char *name, struct dir **root,
+ ptr = make_header (ptr, name, ce - name,
+ 040777, 0);
+ }
+- size += ALIGN_UP ((ce - (char *) name)
+- + sizeof (struct newc_head), 4);
++ if (grub_add (*size,
++ ALIGN_UP ((ce - (char *) name)
++ + sizeof (struct newc_head), 4),
++ size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ grub_free (n->name);
++ grub_free (n);
++ return grub_errno;
++ }
+ *head = n;
+ cur = n;
+ }
+ root = &cur->next;
+ }
+- return size;
++ return GRUB_ERR_NONE;
+ }
+
+ grub_err_t
+@@ -175,26 +184,33 @@ grub_initrd_init (int argc, char *argv[],
+ if (eptr)
+ {
+ grub_file_filter_disable_compression ();
++ grub_size_t dir_size, name_len;
++
+ initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
+- if (!initrd_ctx->components[i].newc_name)
++ if (!initrd_ctx->components[i].newc_name ||
++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
++ &dir_size))
+ {
+ grub_initrd_close (initrd_ctx);
+ return grub_errno;
+ }
+- initrd_ctx->size
+- += ALIGN_UP (sizeof (struct newc_head)
+- + grub_strlen (initrd_ctx->components[i].newc_name),
+- 4);
+- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
+- &root, 0);
++ name_len = grub_strlen (initrd_ctx->components[i].newc_name);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
++ &initrd_ctx->size) ||
++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
++ goto overflow;
+ newc = 1;
+ fname = eptr + 1;
+ }
+ }
+ else if (newc)
+ {
+- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+- + sizeof ("TRAILER!!!") - 1, 4);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head)
++ + sizeof ("TRAILER!!!") - 1, 4),
++ &initrd_ctx->size))
++ goto overflow;
+ free_dir (root);
+ root = 0;
+ newc = 0;
+@@ -209,19 +225,29 @@ grub_initrd_init (int argc, char *argv[],
+ initrd_ctx->nfiles++;
+ initrd_ctx->components[i].size
+ = grub_file_size (initrd_ctx->components[i].file);
+- initrd_ctx->size += initrd_ctx->components[i].size;
++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
++ &initrd_ctx->size))
++ goto overflow;
+ }
+
+ if (newc)
+ {
+ initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
+- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+- + sizeof ("TRAILER!!!") - 1, 4);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head)
++ + sizeof ("TRAILER!!!") - 1, 4),
++ &initrd_ctx->size))
++ goto overflow;
+ free_dir (root);
+ root = 0;
+ }
+
+ return GRUB_ERR_NONE;
++
++overflow:
++ free_dir (root);
++ grub_initrd_close (initrd_ctx);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ }
+
+ grub_size_t
+@@ -262,8 +288,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
+
+ if (initrd_ctx->components[i].newc_name)
+ {
+- ptr += insert_dir (initrd_ctx->components[i].newc_name,
+- &root, ptr);
++ grub_size_t dir_size;
++
++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
++ &dir_size))
++ {
++ free_dir (root);
++ grub_initrd_close (initrd_ctx);
++ return grub_errno;
++ }
++ ptr += dir_size;
+ ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
+ grub_strlen (initrd_ctx->components[i].newc_name),
+ 0100777,
+--
+2.26.2
+
diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der
deleted file mode 100644
index 44a2563..0000000
Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ
diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt
deleted file mode 100644
index 321c4ec..0000000
--- a/SOURCES/centossecureboot001.crt
+++ /dev/null
@@ -1,81 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b6:16:15:71:72:fb:31:7e
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org
- Validity
- Not Before: Aug 1 11:47:30 2018 GMT
- Not After : Dec 31 11:47:30 2037 GMT
- Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa:
- 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51:
- cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2:
- 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3:
- 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0:
- bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18:
- 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97:
- a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57:
- 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35:
- 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0:
- aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65:
- 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46:
- f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f:
- 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2:
- 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4:
- 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28:
- 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef:
- 94:0f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:FALSE
- X509v3 Key Usage:
- Digital Signature
- X509v3 Subject Key Identifier:
- F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29
- X509v3 Authority Key Identifier:
- keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3
-
- Signature Algorithm: sha256WithRSAEncryption
- 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c:
- dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da:
- 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b:
- 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a:
- 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e:
- b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef:
- f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f:
- 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56:
- a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30:
- 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a:
- ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97:
- 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c:
- 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77:
- da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71:
- da:7f:89:1d
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx
-NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg
-BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4
-MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP
-f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2
-bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/
-VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR
-pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud
-EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb
-Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B
-AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G
-1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV
-IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv
-0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ
-+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD
-bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ==
------END CERTIFICATE-----
diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros
index 1e3705f..ee043da 100644
--- a/SOURCES/grub.macros
+++ b/SOURCES/grub.macros
@@ -370,8 +370,10 @@ done \
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
+%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}} \
+%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}} \
+%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}} \
+%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}} \
%{nil}
%else
%define mkimage() \
@@ -387,7 +389,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\
cat configfile \\\
echo efi_netfs efifwsetup efinet ext2 \\\
fat font gfxmenu gfxterm gzio \\\
- halt hfsplus http iso9660 jpeg \\\
+ halt hfsplus http increment iso9660 jpeg \\\
loadenv loopback linux lvm lsefi lsefimmap \\\
mdraid09 mdraid1x minicmd net \\\
normal part_apple part_msdos part_gpt \\\
@@ -396,14 +398,14 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\
search_label serial sleep syslinuxcfg test tftp \\\
video xfs" \
GRUB_MODULES+=%{platform_modules} \
-%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7}}} \
+%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7} %{8} %{9} %{10}}} \
%{nil}
%define do_primary_efi_build() \
cd grub-%{1}-%{tarversion} \
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
%do_efi_build_all \
-%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9}} \
+%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9} %{10} %{11} %{12}} \
cd .. \
%{nil}
@@ -412,7 +414,7 @@ cd grub-%{1}-%{tarversion} \
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
%do_efi_build_modules \
%{expand:%%do_efi_link_utils %{grubefiarch}} \
-%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ %{7} %{8} %{9}} \
+%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ %{7} %{8} %{9} %{10} %{11} %{12}} \
cd .. \
%{nil}
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
index 67bf4df..681d33d 100644
--- a/SOURCES/grub.patches
+++ b/SOURCES/grub.patches
@@ -213,60 +213,102 @@ Patch0212: 0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch
Patch0213: 0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch
Patch0214: 0214-efinet-also-use-the-firmware-acceleration-for-http.patch
Patch0215: 0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch
-Patch0216: 0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
-Patch0217: 0217-Force-everything-to-use-python3.patch
-Patch0218: 0218-Fix-an-8-year-old-typo.patch
-Patch0219: 0219-autogen-don-t-run-autoreconf-in-the-topdir.patch
-Patch0220: 0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
-Patch0221: 0221-module-verifier-make-it-possible-to-run-checkers-on-.patch
-Patch0222: 0222-grub-module-verifier-report-the-filename-or-modname-.patch
-Patch0223: 0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
-Patch0224: 0224-Rework-how-the-fdt-command-builds.patch
-Patch0225: 0225-Disable-non-wordsize-allocations-on-arm.patch
-Patch0226: 0226-strip-R-.note.gnu.property-at-more-places.patch
-Patch0227: 0227-Prepend-prefix-when-HTTP-path-is-relative.patch
-Patch0228: 0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
-Patch0229: 0229-Mark-some-unused-stuff-unused.patch
-Patch0230: 0230-Make-grub_error-more-verbose.patch
-Patch0231: 0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch
-Patch0232: 0232-drop-TPM-support-for-legacy-BIOS.patch
-Patch0233: 0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
-Patch0234: 0234-Include-blscfg-module-for-powerpc-ieee1275.patch
-Patch0235: 0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
-Patch0236: 0236-Fix-getroot.c-s-trampolines.patch
-Patch0237: 0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
-Patch0238: 0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
-Patch0239: 0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
-Patch0240: 0240-grub-get-kernel-settings-expose-some-more-config-var.patch
-Patch0241: 0241-blscfg-sort-everything-with-rpm-package-comparison.patch
-Patch0242: 0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
-Patch0243: 0243-don-t-set-saved_entry-on-grub2-mkconfig.patch
-Patch0244: 0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
-Patch0245: 0245-Make-blscfg-debug-messages-more-useful.patch
-Patch0246: 0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
-Patch0247: 0247-Fix-menu-entry-selection-based-on-ID-and-title.patch
-Patch0248: 0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
-Patch0249: 0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
-Patch0250: 0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch
-Patch0251: 0251-10_linux_bls-add-missing-menu-entries-options.patch
-Patch0252: 0252-Fix-menu-entry-selection-based-on-title.patch
-Patch0253: 0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
-Patch0254: 0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
-Patch0255: 0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
-Patch0256: 0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
-Patch0257: 0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
-Patch0258: 0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
-Patch0259: 0259-HTTP-boot-strncmp-returns-0-on-equal.patch
-Patch0260: 0260-Don-t-duplicate-net-name-string-if-not-needed.patch
-Patch0261: 0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
-Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
-Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
-Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
-Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
-Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
-Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
-Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
-Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
-Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
-Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch
-Patch0272: 0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
+Patch0216: 0216-Force-everything-to-use-python3.patch
+Patch0217: 0217-Fix-an-8-year-old-typo.patch
+Patch0218: 0218-autogen-don-t-run-autoreconf-in-the-topdir.patch
+Patch0219: 0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
+Patch0220: 0220-module-verifier-make-it-possible-to-run-checkers-on-.patch
+Patch0221: 0221-grub-module-verifier-report-the-filename-or-modname-.patch
+Patch0222: 0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
+Patch0223: 0223-Rework-how-the-fdt-command-builds.patch
+Patch0224: 0224-Disable-non-wordsize-allocations-on-arm.patch
+Patch0225: 0225-strip-R-.note.gnu.property-at-more-places.patch
+Patch0226: 0226-Prepend-prefix-when-HTTP-path-is-relative.patch
+Patch0227: 0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
+Patch0228: 0228-Mark-some-unused-stuff-unused.patch
+Patch0229: 0229-Make-grub_error-more-verbose.patch
+Patch0230: 0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+Patch0231: 0231-drop-TPM-support-for-legacy-BIOS.patch
+Patch0232: 0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
+Patch0233: 0233-Include-blscfg-module-for-powerpc-ieee1275.patch
+Patch0234: 0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
+Patch0235: 0235-Fix-getroot.c-s-trampolines.patch
+Patch0236: 0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
+Patch0237: 0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
+Patch0238: 0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
+Patch0239: 0239-grub-get-kernel-settings-expose-some-more-config-var.patch
+Patch0240: 0240-blscfg-sort-everything-with-rpm-package-comparison.patch
+Patch0241: 0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
+Patch0242: 0242-don-t-set-saved_entry-on-grub2-mkconfig.patch
+Patch0243: 0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
+Patch0244: 0244-Make-blscfg-debug-messages-more-useful.patch
+Patch0245: 0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
+Patch0246: 0246-Fix-menu-entry-selection-based-on-ID-and-title.patch
+Patch0247: 0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
+Patch0248: 0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
+Patch0249: 0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch
+Patch0250: 0250-10_linux_bls-add-missing-menu-entries-options.patch
+Patch0251: 0251-Fix-menu-entry-selection-based-on-title.patch
+Patch0252: 0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
+Patch0253: 0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
+Patch0254: 0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
+Patch0255: 0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
+Patch0256: 0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
+Patch0257: 0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
+Patch0258: 0258-HTTP-boot-strncmp-returns-0-on-equal.patch
+Patch0259: 0259-Don-t-duplicate-net-name-string-if-not-needed.patch
+Patch0260: 0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
+Patch0261: 0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
+Patch0262: 0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
+Patch0263: 0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
+Patch0264: 0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch
+Patch0265: 0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch
+Patch0266: 0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
+Patch0267: 0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch
+Patch0268: 0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
+Patch0269: 0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch
+Patch0270: 0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch
+Patch0271: 0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch
+Patch0272: 0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch
+Patch0273: 0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch
+Patch0274: 0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch
+Patch0275: 0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch
+Patch0276: 0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
+Patch0277: 0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
+Patch0278: 0278-Reimplement-boot_counter.patch
+Patch0279: 0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch
+Patch0280: 0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch
+Patch0281: 0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
+Patch0282: 0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch
+Patch0283: 0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch
+Patch0284: 0284-calloc-Use-calloc-at-most-places.patch
+Patch0285: 0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch
+Patch0286: 0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch
+Patch0287: 0287-font-Do-not-load-more-than-one-NAME-section.patch
+Patch0288: 0288-gfxmenu-Fix-double-free-in-load_image.patch
+Patch0289: 0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
+Patch0290: 0290-lzma-Make-sure-we-don-t-dereference-past-array.patch
+Patch0291: 0291-term-Fix-overflow-on-user-inputs.patch
+Patch0292: 0292-udf-Fix-memory-leak.patch
+Patch0293: 0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
+Patch0294: 0294-tftp-Do-not-use-priority-queue.patch
+Patch0295: 0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
+Patch0296: 0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
+Patch0297: 0297-script-Remove-unused-fields-from-grub_script_functio.patch
+Patch0298: 0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch
+Patch0299: 0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
+Patch0300: 0300-hfsplus-fix-two-more-overflows.patch
+Patch0301: 0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch
+Patch0302: 0302-emu-make-grub_free-NULL-safe.patch
+Patch0303: 0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch
+Patch0304: 0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch
+Patch0305: 0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch
+Patch0306: 0306-efi-Fix-use-after-free-in-halt-reboot-path.patch
+Patch0307: 0307-efi-dhcp-fix-some-allocation-error-checking.patch
+Patch0308: 0308-efi-http-fix-some-allocation-error-checking.patch
+Patch0309: 0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch
+Patch0310: 0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch
+Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
+Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
+Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
+Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
new file mode 100644
index 0000000..4ff8b79
Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ
diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer
new file mode 100644
index 0000000..be0b5e2
Binary files /dev/null and b/SOURCES/redhatsecureboot502.cer differ
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
new file mode 100644
index 0000000..b235400
Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
new file mode 100644
index 0000000..dfb0284
Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ
diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer
deleted file mode 100644
index 4ff8b79..0000000
Binary files a/SOURCES/secureboot.cer and /dev/null differ
diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer
deleted file mode 100644
index b235400..0000000
Binary files a/SOURCES/securebootca.cer and /dev/null differ
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index adf5895..ec045ab 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
-Release: 82%{?dist}.1
+Release: 87%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
@@ -24,8 +24,10 @@ Source6: gitignore
Source8: strtoull_test.c
Source9: 20-grub.install
Source12: 99-grub-mkconfig.install
-Source13: centos-ca-secureboot.der
-Source14: centossecureboot001.crt
+Source13: redhatsecurebootca3.cer
+Source14: redhatsecureboot301.cer
+Source15: redhatsecurebootca5.cer
+Source16: redhatsecureboot502.cer
%include %{SOURCE1}
@@ -52,11 +54,7 @@ BuildRequires: pesign >= 0.99-8
BuildRequires: ccache
%endif
-%if 0%{?centos}
-%global efidir centos
-%endif
-
-ExcludeArch: s390 s390x
+ExcludeArch: s390 s390x %{arm}
Obsoletes: %{name} <= %{evr}
%if 0%{with_legacy_arch}
@@ -168,10 +166,10 @@ git commit -m "After making subdirs"
%build
%if 0%{with_efi_arch}
-%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001}
+%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
%endif
%if 0%{with_alt_efi_arch}
-%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001}
+%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502}
%endif
%if 0%{with_legacy_arch}
%{expand:%do_legacy_build %%{grublegacyarch}}
@@ -502,8 +500,13 @@ fi
%endif
%changelog
-* Tue Jul 21 2020 CentOS Sources <bugs@centos.org> - 2.02-82.el8.centos.1
-- Apply debranding changes
+* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 2.02-87
+- Fix several CVEs
+ Resolves: CVE-2020-10713
+ Resolves: CVE-2020-14308
+ Resolves: CVE-2020-14309
+ Resolves: CVE-2020-14310
+ Resolves: CVE-2020-14311
* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82.el8_2.1
- Fix a segfault in grub2-editenv when attempting to shrink a variable