diff -Nru grub2-unsigned-2.04/debian/changelog grub2-unsigned-2.04/debian/changelog --- grub2-unsigned-2.04/debian/changelog 2021-05-20 00:51:07.000000000 +0000 +++ grub2-unsigned-2.04/debian/changelog 2022-06-07 16:36:27.000000000 +0000 @@ -1,10 +1,141 @@ -grub2-unsigned (2.04-1ubuntu44.2) focal; urgency=medium +grub2-unsigned (2.04-1ubuntu47.4) impish; urgency=medium - * No-change rebuild to ensure clean upgrade from bionic. LP: #1928674. + [ Chris Coulson ] + * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds + write in heap. + - 0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch: + video/readers/png: Drop greyscale support to fix heap out-of-bounds write + - CVE-2021-3695 + * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during + huffman table handling. + - 0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch: + video/readers/png: Avoid heap OOB R/W inserting huff table items + - CVE-2021-3696 + * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in + the heap. + - 0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch: + video/readers/jpeg: Block int underflow -> wild pointer write + - CVE-2021-3697 + * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets + - 0257-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment + maths safely + - CVE-2022-28733 + * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers + - 0263-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix + OOB write for split http headers + - CVE-2022-28734 + * SECURITY UPDATE: use-after-free in grub_cmd_chainloader() + - 0240-loader-efi-chainloader-simplify-the-loader-state.patch: + loader/efi/chainloader: simplify the loader state + - 0241-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot: + Add API to pass context to loader + - 0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch: + loader/efi/chainloader: Use grub_loader_set_ex + - 0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch: + loader/i386/efi/linux: Use grub_loader_set_ex + * Various fixes as a result of fuzzing and static analysis: + - 0240-misc-Format-string-for-grub_error-should-be-a-litera.patch: + misc: Format string for grub_error() should be a literal + - 0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch: + loader/efi/chainloader: grub_load_and_start_image doesn't load and start + - 0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch: + loader/i386/efi/linux: Fix a memory leak in the initrd command + - 0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch: + kern/file: Do not leak device_name on error in grub_file_open() + - 0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch: + video/readers/png: Abort sooner if a read operation fails + - 0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch: + video/readers/png: Refuse to handle multiple image headers + - 0250-video-readers-png-Sanity-check-some-huffman-codes.patch: + video/readers/png: Sanity check some huffman codes + - 0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch: + video/readers/jpeg: Abort sooner if a read operation fails + - 0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch: + video/readers/jpeg: Do not reallocate a given huff table + - 0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch: + video/readers/jpeg: Refuse to handle multiple start of streams + - 0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch: + normal/charset: Fix array out-of-bounds formatting unicode for display + - 0256-net-netbuff-Block-overly-large-netbuff-allocs.patch: + net/netbuff: Block overly large netbuff allocs + - 0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch: + net/dns: Fix double-free addresses on corrupt DNS response + - 0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch: + net/dns: Don't read past the end of the string we're checking against + - 0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch: + net/tftp: Prevent a UAF and double-free from a failed seek + - 0261-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF + - 0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch: + net/http: Do not tear down socket if it's already been torn down + - 0264-net-http-Error-out-on-headers-with-LF-without-CR.patch: + net/http: Error out on headers with LF without CR + - 0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch: + fs/f2fs: Do not read past the end of nat journal entries + - 0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch: + fs/f2fs: Do not read past the end of nat bitmap + - 0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch: + fs/f2fs: Do not copy file names that are too long + - 0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch: + fs/btrfs: Fix several fuzz issues with invalid dir item sizing + - 0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch: + fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing + - 0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch: + fs/btrfs: Fix more fuzz issues related to chunks + * Bump SBAT generation: + - update debian/sbat.csv.in + * Make the grub2/no_efi_extra_removable setting work correctly + - update debian/postinst.in + * Build grub2-unsigned packages with xz compression for compatibility + with xenial dpkg + - update debian/rules - -- Steve Langasek Thu, 20 May 2021 00:51:07 +0000 + [ Steve Langasek ] + * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for + necessary arm relocation support. LP: #1926748. + * debian/postinst.in: Unconditionally call grub-install with + --force-extra-removable on xenial and bionic, so that the \EFI\BOOT + removable path as used in cloud images receives the updates. LP: #1930742. -grub2-unsigned (2.04-1ubuntu44) hirsute; urgency=medium + -- Chris Coulson Tue, 07 Jun 2022 17:36:27 +0100 + +grub2 (2.04-1ubuntu47) impish; urgency=medium + + * Drop grub.cfg-400.patch (LP: #1933826) + + -- Julian Andres Klode Thu, 02 Sep 2021 14:37:43 +0200 + +grub2 (2.04-1ubuntu46) impish; urgency=medium + + * debian/grub-common.service: change type to oneshot, add wantedby + sleep.target, after sleep.target. The service will now start after + resume from hybernation. LP: #1929860 + * grub-initrd-fallback.service: add wantedby sleep.target, after + sleep.target. The service will now start after resume from + hybernation. LP: #1929860 + * cherrypick upstream fix to make armhf efi boot work. LP: #1788940 + * debian/rules: disable LTO. LP: #1922005 + * grub-initrd-fallback.service, debian/grub-common.service: only start + units when booted with grub. Use presence of /boot/grub/grub.cfg as + proxy. LP: #1925507 + * tests: patch qemu command to use ide-hd instead of the removed + ide-drive. + + -- Dimitri John Ledkov Fri, 16 Jul 2021 14:01:31 +0100 + +grub2 (2.04-1ubuntu45) hirsute; urgency=medium + + * Unapply all patches. + * Stop using git-dpm. + * Start using gbp pq import|export --no-patch-numbers, this brings grub2 + packaging closer to other non-debian distributions. + * It would be nice to separate patches into topic subdirs - + i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security, + etc. + * Drop redundant dh-systemd build-dependency. + + -- Dimitri John Ledkov Tue, 30 Mar 2021 11:55:05 +0100 + +grub2 (2.04-1ubuntu44) hirsute; urgency=medium * Compile grub-efi-amd64 installable i386 platform on hirsute, to make it available in bionic and earlier as part of onegrub builds. diff -Nru grub2-unsigned-2.04/debian/control grub2-unsigned-2.04/debian/control --- grub2-unsigned-2.04/debian/control 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/control 2022-06-07 16:36:27.000000000 +0000 @@ -7,7 +7,6 @@ Build-Depends: debhelper (>= 10~), patchutils, dh-autoreconf, - dh-systemd, automake, python3, flex, @@ -506,7 +505,7 @@ Package: grub-efi-arm64 Architecture: any-arm64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-9), grub-efi-arm64-bin (= ${binary:Version}), ucf +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-36ubuntu3.32), grub-efi-arm64-bin (= ${binary:Version}), ucf Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version) GRUB is a portable, powerful bootloader. This version of GRUB is based on a diff -Nru grub2-unsigned-2.04/debian/.git-dpm grub2-unsigned-2.04/debian/.git-dpm --- grub2-unsigned-2.04/debian/.git-dpm 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/.git-dpm 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -# see git-dpm(1) from git-dpm package -9fd4aa71a88556d25b89d61a55f6efe159b2a273 -9fd4aa71a88556d25b89d61a55f6efe159b2a273 -578bb115fbd47e1c464696f1f8d6183e5443975d -578bb115fbd47e1c464696f1f8d6183e5443975d -grub2_2.04.orig.tar.xz -3ed21de7be5970d7638b9f526bca3292af78e0fc -6393864 -signature:d6df202a9bfa89abe2d7f288c1d438197c6f371a:833:grub2_2.04.orig.tar.xz.asc diff -Nru grub2-unsigned-2.04/debian/grub-common.service grub2-unsigned-2.04/debian/grub-common.service --- grub2-unsigned-2.04/debian/grub-common.service 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/grub-common.service 2022-05-31 13:52:31.000000000 +0000 @@ -1,14 +1,15 @@ [Unit] Description=Record successful boot for GRUB +After=sleep.target +ConditionPathExists=/boot/grub/grub.cfg [Service] -Type=simple +Type=oneshot Restart=no -RemainAfterExit=yes ExecStartPre=/bin/sh -c '[ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv; mkdir -p /boot/grub' ExecStart=grub-editenv /boot/grub/grubenv unset recordfail ExecStartPost=/bin/sh -c 'if grub-editenv /boot/grub/grubenv list | grep -q initrdless_boot_fallback_triggered=1; then echo "grub: GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered."; fi' StandardOutput=kmsg [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target sleep.target diff -Nru grub2-unsigned-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch grub2-unsigned-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch --- grub2-unsigned-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2ab59eb747c4ffea04b87738d53654c981ad9bfb Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 24 Feb 2020 20:29:53 +0000 Subject: uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings @@ -9,7 +8,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in -index 3c9f533d8c..b072d219f6 100644 +index 3c9f533..b072d21 100644 --- a/util/grub.d/30_uefi-firmware.in +++ b/util/grub.d/30_uefi-firmware.in @@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" diff -Nru grub2-unsigned-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch grub2-unsigned-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch --- grub2-unsigned-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From 3e978cdf11a1bd71e4f55478dd4e9099e4a72654 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 3 Mar 2020 16:06:34 +0100 -Subject: smbios: Add a --linux argument to apply linux modalias-like filtering +Subject: smbios: Add a --linux argument to apply linux modalias-like + filtering Linux creates modalias strings by filtering out non-ASCII, space, and colon characters. Provide an option that does the same filtering @@ -16,7 +16,7 @@ 1 file changed, 24 insertions(+) diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c -index 7a6a391fc1..1a9086ddd4 100644 +index 7a6a391..1a9086d 100644 --- a/grub-core/commands/smbios.c +++ b/grub-core/commands/smbios.c @@ -64,6 +64,21 @@ grub_smbios_get_eps3 (void) diff -Nru grub2-unsigned-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch grub2-unsigned-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch --- grub2-unsigned-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 16f433a2d4f8c4ea40077b8b6dc8efcd3d16c2ae Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 11 Mar 2020 16:46:00 +0100 Subject: ubuntu: Make the linux command in EFI grub always try EFI handover @@ -13,12 +12,12 @@ a fallback to the non-EFI handover path on kernels that don't support it, but only if secure boot is disabled. --- - grub-core/loader/i386/efi/linux.c | 14 +++++---- - grub-core/loader/i386/linux.c | 47 +++++++++++++++++-------------- + grub-core/loader/i386/efi/linux.c | 14 +++++++----- + grub-core/loader/i386/linux.c | 47 ++++++++++++++++++++++----------------- 2 files changed, 35 insertions(+), 26 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6b6aef87f7..fe3ca2c596 100644 +index 6b6aef8..fe3ca2c 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -27,6 +27,7 @@ @@ -51,7 +50,7 @@ params = grub_efi_allocate_pages_max (0x3fffffff, diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 4328bcbdb0..991eb29db9 100644 +index 4328bcb..991eb29 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -658,35 +658,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch grub2-unsigned-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch --- grub2-unsigned-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From eb5c0d0b0e52a52dec1f553db11a19133abe0243 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 11 Mar 2020 16:46:41 +0100 Subject: ubuntu: Update the linux boot protocol version check. @@ -11,7 +10,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index fe3ca2c596..2929da7a29 100644 +index fe3ca2c..2929da7 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -245,7 +245,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch grub2-unsigned-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch --- grub2-unsigned-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From aba4f8fd4b27dd1c3db6d992b417366147989080 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 15 Apr 2020 15:45:02 -0400 Subject: yylex: Make lexer fatal errors actually be fatal @@ -47,7 +46,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l -index 7b44c37b76..b7203c8230 100644 +index 7b44c37..b7203c8 100644 --- a/grub-core/script/yylex.l +++ b/grub-core/script/yylex.l @@ -37,11 +37,11 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch grub2-unsigned-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch --- grub2-unsigned-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 90dff2044d8f86bbf1ca1999ba3f6c9e452f275e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Jun 2020 10:58:42 -0400 Subject: safemath: Add some arithmetic primitives that check for overflow @@ -25,7 +24,7 @@ create mode 100644 include/grub/safemath.h diff --git a/INSTALL b/INSTALL -index 342c158e91..991479b521 100644 +index 342c158..991479b 100644 --- a/INSTALL +++ b/INSTALL @@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If @@ -59,7 +58,7 @@ * GNU Bison 2.3 or later * GNU gettext 0.17 or later diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index c9e1d7a73d..8f3be3ae70 100644 +index c9e1d7a..8f3be3a 100644 --- a/include/grub/compiler.h +++ b/include/grub/compiler.h @@ -48,4 +48,12 @@ @@ -77,7 +76,7 @@ #endif /* ! GRUB_COMPILER_HEADER */ diff --git a/include/grub/safemath.h b/include/grub/safemath.h new file mode 100644 -index 0000000000..c17b89bba1 +index 0000000..c17b89b --- /dev/null +++ b/include/grub/safemath.h @@ -0,0 +1,37 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch grub2-unsigned-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch --- grub2-unsigned-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 20fe7d87ad8451f61b313e482be3422ded38a59e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Jun 2020 12:15:29 -0400 Subject: calloc: Make sure we always have an overflow-checking calloc() @@ -12,17 +11,17 @@ Signed-off-by: Peter Jones Reviewed-by: Daniel Kiper --- - grub-core/kern/emu/misc.c | 12 +++++++++ - grub-core/kern/emu/mm.c | 10 ++++++++ - grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++ - grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++-- - grub-core/lib/posix_wrap/stdlib.h | 8 +++++- + grub-core/kern/emu/misc.c | 12 ++++++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- include/grub/emu/misc.h | 1 + - include/grub/mm.h | 6 +++++ + include/grub/mm.h | 6 ++++++ 7 files changed, 85 insertions(+), 3 deletions(-) diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index 65db79baa1..dfd8a8ec48 100644 +index 65db79b..dfd8a8e 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) @@ -45,7 +44,7 @@ xmalloc (grub_size_t size) { diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c -index f262e95e38..145b01d371 100644 +index f262e95..145b01d 100644 --- a/grub-core/kern/emu/mm.c +++ b/grub-core/kern/emu/mm.c @@ -25,6 +25,16 @@ @@ -66,7 +65,7 @@ grub_malloc (grub_size_t size) { diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index ee88ff6118..f2822a8364 100644 +index ee88ff6..f2822a8 100644 --- a/grub-core/kern/mm.c +++ b/grub-core/kern/mm.c @@ -67,8 +67,10 @@ @@ -133,7 +132,7 @@ grub_debug_malloc (const char *file, int line, grub_size_t size) { diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c -index beeb661a3c..74c6eafe52 100644 +index beeb661..74c6eaf 100644 --- a/grub-core/lib/libgcrypt_wrap/mem.c +++ b/grub-core/lib/libgcrypt_wrap/mem.c @@ -4,6 +4,7 @@ @@ -169,7 +168,7 @@ grub_fatal ("gcry_xcalloc failed"); return ret; diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 3b46f47ff5..7a8d385e97 100644 +index 3b46f47..7a8d385 100644 --- a/grub-core/lib/posix_wrap/stdlib.h +++ b/grub-core/lib/posix_wrap/stdlib.h @@ -21,6 +21,7 @@ @@ -195,7 +194,7 @@ static inline void * diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h -index ce464cfd00..ff9c48a649 100644 +index ce464cf..ff9c48a 100644 --- a/include/grub/emu/misc.h +++ b/include/grub/emu/misc.h @@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); @@ -207,7 +206,7 @@ void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; diff --git a/include/grub/mm.h b/include/grub/mm.h -index 28e2e53eb3..9c38dd3ca5 100644 +index 28e2e53..9c38dd3 100644 --- a/include/grub/mm.h +++ b/include/grub/mm.h @@ -29,6 +29,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch grub2-unsigned-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch --- grub2-unsigned-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6f092afab244bc9e6e740be796e1ac3d07b33c33 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Jun 2020 12:26:01 -0400 Subject: calloc: Use calloc() at most places @@ -111,7 +110,7 @@ 86 files changed, 176 insertions(+), 175 deletions(-) diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c -index 34a7ff1b5f..a06cce302d 100644 +index 34a7ff1..a06cce3 100644 --- a/grub-core/bus/usb/usbhub.c +++ b/grub-core/bus/usb/usbhub.c @@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) @@ -137,7 +136,7 @@ { grub_free (hub->devices); diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index 902788250e..d29188efaf 100644 +index 9027882..d29188e 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -73,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), @@ -151,7 +150,7 @@ return grub_errno; *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index db7a8f0027..5e3ec0d5e4 100644 +index db7a8f0..5e3ec0d 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c @@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), @@ -182,7 +181,7 @@ return grub_errno; grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 2c5363da7f..9164df744a 100644 +index 2c5363d..9164df7 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, @@ -195,7 +194,7 @@ goto fail; diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c -index 699447d11e..7c8f97f6ad 100644 +index 699447d..7c8f97f 100644 --- a/grub-core/commands/nativedisk.c +++ b/grub-core/commands/nativedisk.c @@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), @@ -208,7 +207,7 @@ return grub_errno; diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c -index 22b46b1874..051e31320e 100644 +index 22b46b1..051e313 100644 --- a/grub-core/commands/parttool.c +++ b/grub-core/commands/parttool.c @@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, @@ -245,7 +244,7 @@ if (! parsed[j]) { diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c -index f00b184c81..4019164f36 100644 +index f00b184..4019164 100644 --- a/grub-core/commands/regexp.c +++ b/grub-core/commands/regexp.c @@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) @@ -258,7 +257,7 @@ goto fail; diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c -index d7fd26b940..47fc8eb996 100644 +index d7fd26b..47fc8eb 100644 --- a/grub-core/commands/search_wrap.c +++ b/grub-core/commands/search_wrap.c @@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) @@ -271,7 +270,7 @@ return grub_errno; j = 0; diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index c3b578acf2..68ca9e0be9 100644 +index c3b578a..68ca9e0 100644 --- a/grub-core/disk/diskfilter.c +++ b/grub-core/disk/diskfilter.c @@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, @@ -293,7 +292,7 @@ for (p = disk->partition; p; p = p->parent) pv->partmaps[s++] = xstrdup (p->partmap->name); diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index f73257e66d..03674cb477 100644 +index f73257e..03674cb 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) @@ -306,7 +305,7 @@ if (!table) { diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 2a22d2d6c1..e6323701ab 100644 +index 2a22d2d..e632370 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, @@ -352,7 +351,7 @@ return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 86c50c6121..18b3a8bb1d 100644 +index 86c50c6..18b3a8b 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, @@ -365,7 +364,7 @@ return grub_errno; diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 7b265c780c..d1df640b31 100644 +index 7b265c7..d1df640 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, @@ -398,7 +397,7 @@ p = grub_strstr (p, "stripes = ["); diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c -index 48476cbbf9..d6612eebd7 100644 +index 48476cb..d6612ee 100644 --- a/grub-core/disk/xen/xendisk.c +++ b/grub-core/disk/xen/xendisk.c @@ -426,7 +426,7 @@ grub_xendisk_init (void) @@ -411,7 +410,7 @@ return; if (grub_xenstore_dir ("device/vbd", fill, &ctr)) diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c -index 44085ef818..2b924623f5 100644 +index 44085ef..2b92462 100644 --- a/grub-core/efiemu/loadcore.c +++ b/grub-core/efiemu/loadcore.c @@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) @@ -424,7 +423,7 @@ /* Relocators */ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c -index 52a032f7b2..9b8e0d0ad1 100644 +index 52a032f..9b8e0d0 100644 --- a/grub-core/efiemu/mm.c +++ b/grub-core/efiemu/mm.c @@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) @@ -451,7 +450,7 @@ { grub_efiemu_unload (); diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 85a292557a..8e118b315c 100644 +index 85a2925..8e118b3 100644 --- a/grub-core/font/font.c +++ b/grub-core/font/font.c @@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct @@ -465,7 +464,7 @@ return 1; font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c -index 6b6a2bc913..220b3712f2 100644 +index 6b6a2bc..220b371 100644 --- a/grub-core/fs/affs.c +++ b/grub-core/fs/affs.c @@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) @@ -496,7 +495,7 @@ *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; } diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 48bd3d04a5..11272efc1a 100644 +index 48bd3d0..11272ef 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data, @@ -527,7 +526,7 @@ return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c -index ac0a40990e..3fe842b4d8 100644 +index ac0a409..3fe842b 100644 --- a/grub-core/fs/hfs.c +++ b/grub-core/fs/hfs.c @@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) @@ -540,7 +539,7 @@ macroman_to_utf8 (*label, data->sblock.volname + 1, len + 1, 0); diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 54786bb1c6..dae43becc9 100644 +index 54786bb..dae43be 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg) @@ -571,7 +570,7 @@ { grub_free (label_name); diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 49c0c632bf..4f1b52a552 100644 +index 49c0c63..4f1b52a 100644 --- a/grub-core/fs/iso9660.c +++ b/grub-core/fs/iso9660.c @@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) @@ -584,7 +583,7 @@ return NULL; diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index fc4e1f678d..2f34f76da8 100644 +index fc4e1f6..2f34f76 100644 --- a/grub-core/fs/ntfs.c +++ b/grub-core/fs/ntfs.c @@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) @@ -599,7 +598,7 @@ { grub_free (buf); diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 50c1fe72f4..90f7fb3791 100644 +index 50c1fe7..90f7fb3 100644 --- a/grub-core/fs/sfs.c +++ b/grub-core/fs/sfs.c @@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) @@ -612,7 +611,7 @@ { grub_errno = 0; diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c -index 7d63e0c99c..c551ed6b52 100644 +index 7d63e0c..c551ed6 100644 --- a/grub-core/fs/tar.c +++ b/grub-core/fs/tar.c @@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, @@ -625,7 +624,7 @@ return grub_errno; grub_free (data->linkname); diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index dc8b6e2d1c..a83761674a 100644 +index dc8b6e2..a837616 100644 --- a/grub-core/fs/udf.c +++ b/grub-core/fs/udf.c @@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) @@ -647,7 +646,7 @@ return NULL; for (i = 0; i < utf16len; i++) diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 2f72e42bf8..381dde556d 100644 +index 2f72e42..381dde5 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, @@ -669,7 +668,7 @@ return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c -index a9a415e312..ba1e1eab31 100644 +index a9a415e..ba1e1ea 100644 --- a/grub-core/gfxmenu/gui_string_util.c +++ b/grub-core/gfxmenu/gui_string_util.c @@ -55,7 +55,7 @@ canonicalize_path (const char *path) @@ -682,7 +681,7 @@ return 0; diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c -index b606028891..470597ded2 100644 +index b606028..470597d 100644 --- a/grub-core/gfxmenu/widget-box.c +++ b/grub-core/gfxmenu/widget-box.c @@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, @@ -699,7 +698,7 @@ /* Initialize all pixmap pointers to NULL so that proper destruction can be performed if an error is encountered partway through construction. */ diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 6208a97636..43d98a7bdf 100644 +index 6208a97..43d98a7 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ @@ -712,7 +711,7 @@ { if (h) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb9051..dc31caa213 100644 +index 6e1ceb9..dc31caa 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, @@ -743,7 +742,7 @@ { grub_free (name); diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index 8ac5239538..f90b6c9ce4 100644 +index 8ac5239..f90b6c9 100644 --- a/grub-core/kern/emu/hostdisk.c +++ b/grub-core/kern/emu/hostdisk.c @@ -627,7 +627,7 @@ static char * @@ -756,7 +755,7 @@ size_t i; int first = 1; diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c -index 2b85f4950b..f90be6566b 100644 +index 2b85f49..f90be65 100644 --- a/grub-core/kern/fs.c +++ b/grub-core/kern/fs.c @@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) @@ -769,7 +768,7 @@ return 0; diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 18cad5803b..83c068d61b 100644 +index 18cad58..83c068d 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, @@ -782,7 +781,7 @@ { grub_errno = GRUB_ERR_NONE; diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 78175aac2d..619db3122a 100644 +index 78175aa..619db31 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, @@ -795,7 +794,7 @@ { grub_free (args); diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c -index be4816fe6f..aac8f9ae1f 100644 +index be4816f..aac8f9a 100644 --- a/grub-core/kern/uboot/uboot.c +++ b/grub-core/kern/uboot/uboot.c @@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) @@ -808,7 +807,7 @@ return 0; diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c -index f5e946a2d8..63f6fcd11e 100644 +index f5e946a..63f6fcd 100644 --- a/grub-core/lib/libgcrypt/cipher/ac.c +++ b/grub-core/lib/libgcrypt/cipher/ac.c @@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, @@ -848,7 +847,7 @@ { err = gcry_error_from_errno (errno); diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c -index 2788e349fa..b12e79b192 100644 +index 2788e34..b12e79b 100644 --- a/grub-core/lib/libgcrypt/cipher/primegen.c +++ b/grub-core/lib/libgcrypt/cipher/primegen.c @@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, @@ -870,7 +869,7 @@ val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c -index 910982141e..ca087ad75b 100644 +index 9109821..ca087ad 100644 --- a/grub-core/lib/libgcrypt/cipher/pubkey.c +++ b/grub-core/lib/libgcrypt/cipher/pubkey.c @@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) @@ -892,7 +891,7 @@ { rc = gpg_err_code_from_syserror (); diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c -index 659be0b7f4..7d5e7c05aa 100644 +index 659be0b..7d5e7c0 100644 --- a/grub-core/lib/priority_queue.c +++ b/grub-core/lib/priority_queue.c @@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, @@ -905,7 +904,7 @@ return 0; ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index ee9fa7b4fe..467305b46a 100644 +index ee9fa7b..467305b 100644 --- a/grub-core/lib/reed_solomon.c +++ b/grub-core/lib/reed_solomon.c @@ -20,6 +20,7 @@ @@ -931,7 +930,7 @@ /* Multiply with X - a^r */ for (j = 0; j < rs; j++) diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c -index ea3ebc719b..5847aac364 100644 +index ea3ebc7..5847aac 100644 --- a/grub-core/lib/relocator.c +++ b/grub-core/lib/relocator.c @@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, @@ -967,7 +966,7 @@ { grub_free (from); diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c -index 72bbead5be..2227b84bc7 100644 +index 72bbead..2227b84 100644 --- a/grub-core/lib/zstd/fse_decompress.c +++ b/grub-core/lib/zstd/fse_decompress.c @@ -82,7 +82,7 @@ @@ -980,7 +979,7 @@ void FSE_freeDTable (FSE_DTable* dt) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 092e8e3077..979d425dfb 100644 +index 092e8e3..979d425 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -82,7 +82,7 @@ linux_prepare_atag (void *target_atag) @@ -993,7 +992,7 @@ return grub_errno; diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 04e815c052..b9a2df34b1 100644 +index 04e815c..b9a2df3 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -126,7 +126,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, @@ -1006,7 +1005,7 @@ return; diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c -index af6741d157..a8d8bf7dae 100644 +index af6741d..a8d8bf7 100644 --- a/grub-core/loader/i386/bsdXX.c +++ b/grub-core/loader/i386/bsdXX.c @@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) @@ -1019,7 +1018,7 @@ return grub_errno; diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c -index e64ed08f58..b7d176b5d3 100644 +index e64ed08..b7d176b 100644 --- a/grub-core/loader/i386/xnu.c +++ b/grub-core/loader/i386/xnu.c @@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d @@ -1041,7 +1040,7 @@ return grub_errno; grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c -index 085f9c6890..05710c48e0 100644 +index 085f9c6..05710c4 100644 --- a/grub-core/loader/macho.c +++ b/grub-core/loader/macho.c @@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) @@ -1054,7 +1053,7 @@ goto fail; if (grub_file_read (macho->file, archs, diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index 70cd1db513..cc6853692a 100644 +index 70cd1db..cc68536 100644 --- a/grub-core/loader/multiboot_elfxx.c +++ b/grub-core/loader/multiboot_elfxx.c @@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) @@ -1067,7 +1066,7 @@ return grub_errno; diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index e0f47e72b0..2f0ebd0b8b 100644 +index e0f47e7..2f0ebd0 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -801,7 +801,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), @@ -1080,7 +1079,7 @@ { grub_file_close (file); diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 6a31cbae32..57b4e9a72a 100644 +index 6a31cba..57b4e9a 100644 --- a/grub-core/mmap/mmap.c +++ b/grub-core/mmap/mmap.c @@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) @@ -1096,7 +1095,7 @@ if (! ctx.scanline_events || !present) { diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 558d97ba1e..dd0ffcdaea 100644 +index 558d97b..dd0ffcd 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -1559,7 +1559,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), @@ -1109,7 +1108,7 @@ return grub_errno; diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 5d9afe093c..e332d5eb4a 100644 +index 5d9afe0..e332d5e 100644 --- a/grub-core/net/dns.c +++ b/grub-core/net/dns.c @@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), @@ -1144,7 +1143,7 @@ return grub_errno; diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index b917a75d54..fed7bc57cb 100644 +index b917a75..fed7bc5 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), @@ -1159,7 +1158,7 @@ { grub_free (ifaces); diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index b0ab47d73f..d57fb72faa 100644 +index b0ab47d..d57fb72 100644 --- a/grub-core/normal/charset.c +++ b/grub-core/normal/charset.c @@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, @@ -1201,7 +1200,7 @@ return -1; for (ptr = logical; ptr <= logical + logical_len; ptr++) diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c037d5050e..c57242e2ea 100644 +index c037d50..c57242e 100644 --- a/grub-core/normal/cmdline.c +++ b/grub-core/normal/cmdline.c @@ -41,7 +41,7 @@ grub_err_t @@ -1268,7 +1267,7 @@ { grub_print_error (); diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index cdf3590a36..1993995be6 100644 +index cdf3590..1993995 100644 --- a/grub-core/normal/menu_entry.c +++ b/grub-core/normal/menu_entry.c @@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) @@ -1328,7 +1327,7 @@ { grub_print_error (); diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index e22bb91f6e..18240e76ce 100644 +index e22bb91..18240e7 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, @@ -1350,7 +1349,7 @@ /* XXX How to show this error? */ return; diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c -index a1e5c5a0da..cc8c173b6e 100644 +index a1e5c5a..cc8c173 100644 --- a/grub-core/normal/term.c +++ b/grub-core/normal/term.c @@ -264,7 +264,7 @@ grub_term_save_pos (void) @@ -1372,7 +1371,7 @@ grub_error_pop (); diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 7adc0f30ee..a5bd0752fb 100644 +index 7adc0f3..a5bd075 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) @@ -1403,7 +1402,7 @@ again: fp = grub_util_fopen ("/proc/self/mountinfo", "r"); diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 5478030fde..89dc70d93c 100644 +index 5478030..89dc70d 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_config *cfg) @@ -1416,7 +1415,7 @@ if (grub_util_is_regular (cfgfile)) sorted_cfgpaths[i++] = xstrdup (cfgfile); diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c -index 661d954619..eada663b26 100644 +index 661d954..eada663 100644 --- a/grub-core/osdep/windows/getroot.c +++ b/grub-core/osdep/windows/getroot.c @@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) @@ -1429,7 +1428,7 @@ /* When pointing to EFI system partition GetVolumePathName fails for ESP root and returns abberant information for everything diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c -index 355100789a..0be3273949 100644 +index 3551007..0be3273 100644 --- a/grub-core/osdep/windows/hostdisk.c +++ b/grub-core/osdep/windows/hostdisk.c @@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) @@ -1451,7 +1450,7 @@ pattern[l] = '\\'; pattern[l + 1] = '*'; diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c -index e8ffd62c6a..6297de6326 100644 +index e8ffd62..6297de6 100644 --- a/grub-core/osdep/windows/init.c +++ b/grub-core/osdep/windows/init.c @@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), @@ -1464,7 +1463,7 @@ for (i = 0; i < *argc; i++) (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index a3f738fb9b..b160949d8e 100644 +index a3f738f..b160949 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, @@ -1479,7 +1478,7 @@ (const grub_uint8_t *) efi_distributor, distrib8_len, 0); diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c -index cb0861744a..478e8ef14d 100644 +index cb08617..478e8ef 100644 --- a/grub-core/osdep/windows/relpath.c +++ b/grub-core/osdep/windows/relpath.c @@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) @@ -1492,7 +1491,7 @@ && dirwindows[offset] != '/' && dirwindows[offset]) diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c -index 103f6796f3..72a2e37cd4 100644 +index 103f679..72a2e37 100644 --- a/grub-core/partmap/gpt.c +++ b/grub-core/partmap/gpt.c @@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, @@ -1505,7 +1504,7 @@ return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c -index 7b8e450762..ee3f24982b 100644 +index 7b8e450..ee3f249 100644 --- a/grub-core/partmap/msdos.c +++ b/grub-core/partmap/msdos.c @@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, @@ -1518,7 +1517,7 @@ return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index ee299fd0ea..c8d6806fe0 100644 +index ee299fd..c8d6806 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) @@ -1531,7 +1530,7 @@ if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) goto fail; diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c -index 2d60852989..b5eb516be2 100644 +index 2d60852..b5eb516 100644 --- a/grub-core/tests/fake_input.c +++ b/grub-core/tests/fake_input.c @@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) @@ -1544,7 +1543,7 @@ return; diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c -index 74d5b65e5c..44d0810698 100644 +index 74d5b65..44d0810 100644 --- a/grub-core/tests/video_checksum.c +++ b/grub-core/tests/video_checksum.c @@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, @@ -1575,7 +1574,7 @@ grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c -index 4f83c74411..4d3195e017 100644 +index 4f83c74..4d3195e 100644 --- a/grub-core/video/capture.c +++ b/grub-core/video/capture.c @@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, @@ -1588,7 +1587,7 @@ return grub_errno; diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c -index a2f639f66d..0ebab6f57d 100644 +index a2f639f..0ebab6f 100644 --- a/grub-core/video/emu/sdl.c +++ b/grub-core/video/emu/sdl.c @@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, @@ -1601,7 +1600,7 @@ { tmp[i].r = palette_data[i].r; diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c -index 01f47112d3..b2f776c997 100644 +index 01f4711..b2f776c 100644 --- a/grub-core/video/i386/pc/vga.c +++ b/grub-core/video/i386/pc/vga.c @@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, @@ -1614,7 +1613,7 @@ framebuffer.back_page = 0; if (!framebuffer.temporary_buffer) diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 777e71334c..61bd645379 100644 +index 777e713..61bd645 100644 --- a/grub-core/video/readers/png.c +++ b/grub-core/video/readers/png.c @@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) @@ -1627,7 +1626,7 @@ return grub_errno; diff --git a/include/grub/unicode.h b/include/grub/unicode.h -index a0403e91f9..4de986a857 100644 +index a0403e9..4de986a 100644 --- a/include/grub/unicode.h +++ b/include/grub/unicode.h @@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) @@ -1649,7 +1648,7 @@ return; grub_memcpy (out->combining_ptr, in->combining_ptr, diff --git a/util/getroot.c b/util/getroot.c -index cdd41153c5..6ae35ecaa6 100644 +index cdd4115..6ae35ec 100644 --- a/util/getroot.c +++ b/util/getroot.c @@ -200,7 +200,7 @@ make_device_name (const char *drive) @@ -1662,7 +1661,7 @@ for (iptr = drive; *iptr; iptr++) { diff --git a/util/grub-file.c b/util/grub-file.c -index 50c18b6835..b2e7dd69f4 100644 +index 50c18b6..b2e7dd6 100644 --- a/util/grub-file.c +++ b/util/grub-file.c @@ -54,7 +54,7 @@ main (int argc, char *argv[]) @@ -1675,7 +1674,7 @@ if (argc == 2 && strcmp (argv[1], "--version") == 0) { diff --git a/util/grub-fstest.c b/util/grub-fstest.c -index f14e02d972..57246af7c6 100644 +index f14e02d..57246af 100644 --- a/util/grub-fstest.c +++ b/util/grub-fstest.c @@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) @@ -1697,7 +1696,7 @@ argp_parse (&argp, argc, argv, 0, 0, 0); diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index fdfe2c7ead..447504d3f4 100644 +index fdfe2c7..447504d 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val, @@ -1710,7 +1709,7 @@ for (ce = il->entries; ; ce++) { diff --git a/util/grub-install.c b/util/grub-install.c -index f408b19860..843dfc7c80 100644 +index f408b19..843dfc7 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -658,7 +658,7 @@ device_map_check_duplicates (const char *dev_map) @@ -1732,7 +1731,7 @@ for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, curdrive++) diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index bc087c2b57..d97d0e7bef 100644 +index bc087c2..d97d0e7 100644 --- a/util/grub-mkimagexx.c +++ b/util/grub-mkimagexx.c @@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, @@ -1749,7 +1748,7 @@ SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index 45d6140d3e..cb972f120b 100644 +index 45d6140..cb972f1 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -441,8 +441,8 @@ main (int argc, char *argv[]) @@ -1764,7 +1763,7 @@ xorriso_tail_argc = 0; /* Program name */ diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index 4907d44c0b..edf309717c 100644 +index 4907d44..edf3097 100644 --- a/util/grub-mkstandalone.c +++ b/util/grub-mkstandalone.c @@ -296,7 +296,7 @@ main (int argc, char *argv[]) @@ -1777,7 +1776,7 @@ argp_parse (&argp, argc, argv, 0, 0, 0); diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c -index 0d4084a108..11331294f1 100644 +index 0d4084a..1133129 100644 --- a/util/grub-pe2elf.c +++ b/util/grub-pe2elf.c @@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, @@ -1817,7 +1816,7 @@ for (i = 0; i < (int) pe_chdr->num_symbols; i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) diff --git a/util/grub-probe.c b/util/grub-probe.c -index 81d27eead5..cbe6ed94ca 100644 +index 81d27ee..cbe6ed9 100644 --- a/util/grub-probe.c +++ b/util/grub-probe.c @@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) diff -Nru grub2-unsigned-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch grub2-unsigned-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch --- grub2-unsigned-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e8a7a657ccd805880182e0906dc1e3db6abbf01f Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Jun 2020 12:28:27 -0400 Subject: malloc: Use overflow checking primitives where we do complex @@ -29,33 +28,33 @@ Signed-off-by: Peter Jones Reviewed-by: Daniel Kiper --- - grub-core/commands/legacycfg.c | 29 +++++++++++++++---- - grub-core/commands/wildcard.c | 36 ++++++++++++++++++++---- - grub-core/disk/ldm.c | 32 +++++++++++++++------ - grub-core/font/font.c | 7 ++++- - grub-core/fs/btrfs.c | 28 +++++++++++++------ - grub-core/fs/ext2.c | 10 ++++++- - grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++---------- - grub-core/fs/sfs.c | 27 ++++++++++++++---- - grub-core/fs/squash4.c | 45 ++++++++++++++++++++++-------- - grub-core/fs/udf.c | 41 +++++++++++++++++---------- - grub-core/fs/xfs.c | 11 +++++--- - grub-core/fs/zfs/zfs.c | 22 ++++++++++----- - grub-core/fs/zfs/zfscrypt.c | 7 ++++- - grub-core/lib/arg.c | 20 +++++++++++-- - grub-core/loader/i386/bsd.c | 8 +++++- - grub-core/net/dns.c | 9 +++++- - grub-core/normal/charset.c | 10 +++++-- - grub-core/normal/cmdline.c | 14 ++++++++-- - grub-core/normal/menu_entry.c | 13 +++++++-- - grub-core/script/argv.c | 16 +++++++++-- - grub-core/script/lexer.c | 21 ++++++++++++-- - grub-core/video/bitmap.c | 25 +++++++++++------ - grub-core/video/readers/png.c | 13 +++++++-- + grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++----- + grub-core/disk/ldm.c | 32 ++++++++++++++++++-------- + grub-core/font/font.c | 7 +++++- + grub-core/fs/btrfs.c | 28 +++++++++++++++-------- + grub-core/fs/ext2.c | 10 ++++++++- + grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++------------- + grub-core/fs/sfs.c | 27 +++++++++++++++++----- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++--------- + grub-core/fs/udf.c | 41 +++++++++++++++++++++------------ + grub-core/fs/xfs.c | 11 +++++---- + grub-core/fs/zfs/zfs.c | 22 ++++++++++++------ + grub-core/fs/zfs/zfscrypt.c | 7 +++++- + grub-core/lib/arg.c | 20 +++++++++++++++-- + grub-core/loader/i386/bsd.c | 8 ++++++- + grub-core/net/dns.c | 9 +++++++- + grub-core/normal/charset.c | 10 +++++++-- + grub-core/normal/cmdline.c | 14 ++++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++++-- + grub-core/script/argv.c | 16 +++++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++++--- + grub-core/video/bitmap.c | 25 +++++++++++++-------- + grub-core/video/readers/png.c | 13 +++++++++-- 23 files changed, 382 insertions(+), 113 deletions(-) diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index 5e3ec0d5e4..cc5971f4db 100644 +index 5e3ec0d..cc5971f 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c @@ -32,6 +32,7 @@ @@ -118,7 +117,7 @@ grub_free (suffix); return grub_errno; diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c -index 4a106ca040..cc3290311f 100644 +index 4a106ca..cc32903 100644 --- a/grub-core/commands/wildcard.c +++ b/grub-core/commands/wildcard.c @@ -23,6 +23,7 @@ @@ -220,7 +219,7 @@ return 1; } diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index e6323701ab..58f8a53e1a 100644 +index e632370..58f8a53 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -25,6 +25,7 @@ @@ -291,7 +290,7 @@ goto fail2; comp->segments = t; diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 8e118b315c..5edb477ac2 100644 +index 8e118b3..5edb477 100644 --- a/grub-core/font/font.c +++ b/grub-core/font/font.c @@ -30,6 +30,7 @@ @@ -318,7 +317,7 @@ return 0; diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 11272efc1a..2b65bd56a0 100644 +index 11272ef..2b65bd5 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -40,6 +40,7 @@ @@ -375,7 +374,7 @@ } } diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index 9b389802a3..ac33bcd68c 100644 +index 9b38980..ac33bcd 100644 --- a/grub-core/fs/ext2.c +++ b/grub-core/fs/ext2.c @@ -46,6 +46,7 @@ @@ -410,7 +409,7 @@ return 0; diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 4f1b52a552..7ba5b300bc 100644 +index 4f1b52a..7ba5b30 100644 --- a/grub-core/fs/iso9660.c +++ b/grub-core/fs/iso9660.c @@ -28,6 +28,7 @@ @@ -514,7 +513,7 @@ grub_free (ctx.filename); grub_free (node); diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 90f7fb3791..de2b107a4a 100644 +index 90f7fb3..de2b107 100644 --- a/grub-core/fs/sfs.c +++ b/grub-core/fs/sfs.c @@ -26,6 +26,7 @@ @@ -578,7 +577,7 @@ *grub_latin1_to_utf8 ((grub_uint8_t *) *label, (const grub_uint8_t *) data->label, diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c -index 95d5c1e1ff..785123894e 100644 +index 95d5c1e..7851238 100644 --- a/grub-core/fs/squash4.c +++ b/grub-core/fs/squash4.c @@ -26,6 +26,7 @@ @@ -677,7 +676,7 @@ node->ino = ino; node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index a83761674a..21ac7f4460 100644 +index a837616..21ac7f4 100644 --- a/grub-core/fs/udf.c +++ b/grub-core/fs/udf.c @@ -28,6 +28,7 @@ @@ -786,7 +785,7 @@ grub_free (out); grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 96ffecbfc9..ea6590290b 100644 +index 96ffecb..ea65902 100644 --- a/grub-core/fs/xfs.c +++ b/grub-core/fs/xfs.c @@ -25,6 +25,7 @@ @@ -822,7 +821,7 @@ if (! data) goto fail; diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 381dde556d..36d0373a6a 100644 +index 381dde5..36d0373 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -55,6 +55,7 @@ @@ -875,7 +874,7 @@ return 0; grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c -index 1402e0bc29..de3b015f58 100644 +index 1402e0b..de3b015 100644 --- a/grub-core/fs/zfs/zfscrypt.c +++ b/grub-core/fs/zfs/zfscrypt.c @@ -22,6 +22,7 @@ @@ -902,7 +901,7 @@ return grub_errno; key->is_passphrase = passphrase; diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c -index fd7744a6ff..3288609a5e 100644 +index fd7744a..3288609 100644 --- a/grub-core/lib/arg.c +++ b/grub-core/lib/arg.c @@ -23,6 +23,7 @@ @@ -954,7 +953,7 @@ return 0; diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 5b9b92d6ba..ef0d63afc8 100644 +index 5b9b92d..ef0d63a 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -35,6 +35,7 @@ @@ -984,7 +983,7 @@ return grub_errno; diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index e332d5eb4a..906ec7d678 100644 +index e332d5e..906ec7d 100644 --- a/grub-core/net/dns.c +++ b/grub-core/net/dns.c @@ -22,6 +22,7 @@ @@ -1013,7 +1012,7 @@ return grub_errno; dns_servers_alloc = na; diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index d57fb72faa..4dfcc31078 100644 +index d57fb72..4dfcc31 100644 --- a/grub-core/normal/charset.c +++ b/grub-core/normal/charset.c @@ -48,6 +48,7 @@ @@ -1050,7 +1049,7 @@ continue; } diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c57242e2ea..de03fe63b3 100644 +index c57242e..de03fe6 100644 --- a/grub-core/normal/cmdline.c +++ b/grub-core/normal/cmdline.c @@ -28,6 +28,7 @@ @@ -1086,7 +1085,7 @@ grub_errno = GRUB_ERR_NONE; (*max_len) /= 2; diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index 1993995be6..50eef918cf 100644 +index 1993995..50eef91 100644 --- a/grub-core/normal/menu_entry.c +++ b/grub-core/normal/menu_entry.c @@ -27,6 +27,7 @@ @@ -1119,7 +1118,7 @@ return 1; diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c -index 217ec5d1e1..5751fdd570 100644 +index 217ec5d..5751fdd 100644 --- a/grub-core/script/argv.c +++ b/grub-core/script/argv.c @@ -20,6 +20,7 @@ @@ -1170,7 +1169,7 @@ return 1; diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c -index c6bd3172fa..5fb0cbd0bc 100644 +index c6bd317..5fb0cbd 100644 --- a/grub-core/script/lexer.c +++ b/grub-core/script/lexer.c @@ -24,6 +24,7 @@ @@ -1231,7 +1230,7 @@ } diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c -index b2e0315665..6256e209a6 100644 +index b2e0315..6256e20 100644 --- a/grub-core/video/bitmap.c +++ b/grub-core/video/bitmap.c @@ -23,6 +23,7 @@ @@ -1286,7 +1285,7 @@ /* Frees all resources allocated by bitmap. */ diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 61bd645379..0157ff7420 100644 +index 61bd645..0157ff7 100644 --- a/grub-core/video/readers/png.c +++ b/grub-core/video/readers/png.c @@ -23,6 +23,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch grub2-unsigned-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch --- grub2-unsigned-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5ee32ec2cad926af30576a4231c124dca00fce0b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sat, 4 Jul 2020 12:25:09 -0400 Subject: iso9660: Don't leak memory on realloc() failures @@ -10,7 +9,7 @@ 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 7ba5b300bc..5ec4433b8f 100644 +index 7ba5b30..5ec4433 100644 --- a/grub-core/fs/iso9660.c +++ b/grub-core/fs/iso9660.c @@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, diff -Nru grub2-unsigned-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch grub2-unsigned-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch --- grub2-unsigned-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b3ac537cadce863da5f47ca8da555b827430a097 Mon Sep 17 00:00:00 2001 From: Daniel Kiper Date: Tue, 7 Jul 2020 15:36:26 +0200 Subject: font: Do not load more than one NAME section @@ -16,7 +15,7 @@ 1 file changed, 6 insertions(+) diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 5edb477ac2..d09bb38d89 100644 +index 5edb477..d09bb38 100644 --- a/grub-core/font/font.c +++ b/grub-core/font/font.c @@ -532,6 +532,12 @@ grub_font_load (const char *filename) diff -Nru grub2-unsigned-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch grub2-unsigned-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch --- grub2-unsigned-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 118abbf4a05324e0ab81f8508fcfa35e20e52d2f Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Wed, 8 Jul 2020 20:41:56 +0000 Subject: gfxmenu: Fix double free in load_image() @@ -15,7 +14,7 @@ 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c -index 29784ed2d9..6b2e976f16 100644 +index 29784ed..6b2e976 100644 --- a/grub-core/gfxmenu/gui_image.c +++ b/grub-core/gfxmenu/gui_image.c @@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) diff -Nru grub2-unsigned-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch grub2-unsigned-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch --- grub2-unsigned-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d073dea9efca076e20f0a3ec50b3c2bdd68758ca Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Thu, 9 Jul 2020 03:05:23 +0000 Subject: lzma: Make sure we don't dereference past array @@ -21,7 +20,7 @@ 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c -index f2ec04a8c2..753e56a95e 100644 +index f2ec04a..753e56a 100644 --- a/grub-core/lib/LzmaEnc.c +++ b/grub-core/lib/LzmaEnc.c @@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize diff -Nru grub2-unsigned-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch grub2-unsigned-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch --- grub2-unsigned-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 1c063bcd1585bc008c7ceb3183abf1a4c3fba935 Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Thu, 9 Jul 2020 08:10:40 +0000 Subject: tftp: Do not use priority queue @@ -30,11 +29,11 @@ Signed-off-by: Alexey Makhalov Reviewed-by: Daniel Kiper --- - grub-core/net/tftp.c | 171 ++++++++++++++----------------------------- + grub-core/net/tftp.c | 171 ++++++++++++++++----------------------------------- 1 file changed, 53 insertions(+), 118 deletions(-) diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index a0817a075d..e6566fa176 100644 +index a0817a0..e6566fa 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -25,7 +25,6 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch grub2-unsigned-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch --- grub2-unsigned-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6dbb88f1086e59a5a0e0650826b74a01d784baec Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Fri, 10 Jul 2020 11:21:14 +0100 Subject: script: Remove unused fields from grub_script_function struct @@ -10,7 +9,7 @@ 1 file changed, 5 deletions(-) diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index 360c2be1f0..b382bcf09b 100644 +index 360c2be..b382bcf 100644 --- a/include/grub/script_sh.h +++ b/include/grub/script_sh.h @@ -359,13 +359,8 @@ struct grub_script_function diff -Nru grub2-unsigned-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch grub2-unsigned-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch --- grub2-unsigned-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 87ca334a7a3cd8189affc37d62851dffb4f4af5f Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Fri, 10 Jul 2020 14:41:45 +0100 Subject: script: Avoid a use-after-free when redefining a function during @@ -27,7 +26,7 @@ 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index c8d6806fe0..7e028e1355 100644 +index c8d6806..7e028e1 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) @@ -41,7 +40,7 @@ function_return = 0; active_loops = loops; diff --git a/grub-core/script/function.c b/grub-core/script/function.c -index d36655e510..3aad04bf9d 100644 +index d36655e..3aad04b 100644 --- a/grub-core/script/function.c +++ b/grub-core/script/function.c @@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, @@ -76,7 +75,7 @@ else { diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y -index 4f0ab8319e..f80b86b6f1 100644 +index 4f0ab83..f80b86b 100644 --- a/grub-core/script/parser.y +++ b/grub-core/script/parser.y @@ -289,7 +289,8 @@ function: "function" "name" @@ -90,7 +89,7 @@ state->scripts = $3; diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index b382bcf09b..6c48e07512 100644 +index b382bcf..6c48e07 100644 --- a/include/grub/script_sh.h +++ b/include/grub/script_sh.h @@ -361,6 +361,8 @@ struct grub_script_function diff -Nru grub2-unsigned-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch grub2-unsigned-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch --- grub2-unsigned-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0edb485feec47c243d20b85a51bc5924d68d6b45 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 19 Jul 2020 14:43:31 -0400 Subject: hfsplus: fix two more overflows @@ -15,7 +14,7 @@ 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index dae43becc9..9c4e4c88c9 100644 +index dae43be..9c4e4c8 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -31,6 +31,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch grub2-unsigned-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch --- grub2-unsigned-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 468b5308618dd4e9d208b4a74068f2716ee1e088 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 19 Jul 2020 15:48:20 -0400 Subject: lvm: fix two more potential data-dependent alloc overflows @@ -15,7 +14,7 @@ 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index d1df640b31..d154f7c01b 100644 +index d1df640..d154f7c 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -25,6 +25,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch grub2-unsigned-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch --- grub2-unsigned-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From edde11e535d34c8513a10c97ce5d0dbad4a10d58 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 19 Jul 2020 16:53:27 -0400 Subject: efi: fix some malformed device path arithmetic errors. @@ -17,14 +16,14 @@ Signed-off-by: Peter Jones --- - grub-core/kern/efi/efi.c | 67 +++++++++++++++++++++++++----- - grub-core/loader/efi/chainloader.c | 19 ++++++++- - grub-core/loader/i386/xnu.c | 9 ++-- - include/grub/efi/api.h | 14 ++++--- + grub-core/kern/efi/efi.c | 67 ++++++++++++++++++++++++++++++++------ + grub-core/loader/efi/chainloader.c | 19 +++++++++-- + grub-core/loader/i386/xnu.c | 9 ++--- + include/grub/efi/api.h | 14 +++++--- 4 files changed, 88 insertions(+), 21 deletions(-) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index dc31caa213..b1a8b39b49 100644 +index dc31caa..b1a8b39 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) @@ -150,7 +149,7 @@ return 0; } diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index b9a2df34b1..f8a34cd491 100644 +index b9a2df3..f8a34cd 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -126,6 +126,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, @@ -188,7 +187,7 @@ break; d = GRUB_EFI_NEXT_DEVICE_PATH (d); diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c -index b7d176b5d3..c50cb54109 100644 +index b7d176b..c50cb54 100644 --- a/grub-core/loader/i386/xnu.c +++ b/grub-core/loader/i386/xnu.c @@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), @@ -212,7 +211,7 @@ dev = grub_xnu_devprop_add_device (dpstart, (char *) buf - (char *) dpstart); diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 9824fbcd0d..08bff60b51 100644 +index 9824fbc..08bff60 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -640,6 +640,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; diff -Nru grub2-unsigned-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch grub2-unsigned-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch --- grub2-unsigned-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 28f1f927abe2d1bd274442bc575c3802bc4d577d Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 22 Jul 2020 11:31:43 +0100 Subject: linuxefi: fail kernel validation without shim protocol. @@ -20,7 +19,7 @@ 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 1a5296a60c..3f5496fc55 100644 +index 1a5296a..3f5496f 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -34,6 +34,7 @@ @@ -52,7 +51,7 @@ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index f8a34cd491..cf89cedf8d 100644 +index f8a34cd..cf89ced 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -1096,6 +1096,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), @@ -64,7 +63,7 @@ grub_file_close (file); grub_device_close (dev); diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index e372b26a1b..f6d30bcf7c 100644 +index e372b26..f6d30bc 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -34,6 +34,7 @@ struct grub_efi_shim_lock @@ -76,7 +75,7 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) { diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 2929da7a29..e357bf67c6 100644 +index 2929da7..e357bf6 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -199,7 +199,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch grub2-unsigned-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch --- grub2-unsigned-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f87f39f286a5ed66b1fcccd329c4c1f5e6fb3b88 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 22 Jul 2020 17:06:04 +0100 Subject: Fix a regression caused by "efi: fix some malformed device path @@ -21,7 +20,7 @@ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index cf89cedf8d..d0c53077e8 100644 +index cf89ced..d0c5307 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -116,7 +116,7 @@ grub_chainloader_boot (void) diff -Nru grub2-unsigned-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch grub2-unsigned-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch --- grub2-unsigned-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 09e44bd33a938119cb8334e69cbcab38267b50aa Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Mon, 20 Jul 2020 23:03:05 +0000 Subject: efi: Fix use-after-free in halt/reboot path @@ -52,7 +51,7 @@ 9 files changed, 28 insertions(+), 7 deletions(-) diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c -index 06df60e2f0..40c3b467fc 100644 +index 06df60e..40c3b46 100644 --- a/grub-core/kern/arm/efi/init.c +++ b/grub-core/kern/arm/efi/init.c @@ -71,4 +71,7 @@ grub_machine_fini (int flags) @@ -64,7 +63,7 @@ + grub_efi_memory_fini (); } diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c -index 6224999ec9..5010caefd6 100644 +index 6224999..5010cae 100644 --- a/grub-core/kern/arm64/efi/init.c +++ b/grub-core/kern/arm64/efi/init.c @@ -57,4 +57,7 @@ grub_machine_fini (int flags) @@ -76,7 +75,7 @@ + grub_efi_memory_fini (); } diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index b1a8b39b49..88bbd34eac 100644 +index b1a8b39..88bbd34 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) @@ -90,7 +89,7 @@ GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); for (;;) ; diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 3dfdf2d22b..2c31847bf6 100644 +index 3dfdf2d..2c31847 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -80,5 +80,4 @@ grub_efi_fini (void) @@ -100,7 +99,7 @@ - grub_efi_memory_fini (); } diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c -index da499aba04..deb2eacd8d 100644 +index da499ab..deb2eac 100644 --- a/grub-core/kern/i386/efi/init.c +++ b/grub-core/kern/i386/efi/init.c @@ -39,6 +39,11 @@ grub_machine_init (void) @@ -118,7 +117,7 @@ + grub_efi_memory_fini (); } diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c -index b5ecbd0912..f1965571b1 100644 +index b5ecbd0..f196557 100644 --- a/grub-core/kern/ia64/efi/init.c +++ b/grub-core/kern/ia64/efi/init.c @@ -70,6 +70,11 @@ grub_machine_init (void) @@ -136,7 +135,7 @@ + grub_efi_memory_fini (); } diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c -index 7eb1969d0b..38795fe674 100644 +index 7eb1969..38795fe 100644 --- a/grub-core/kern/riscv/efi/init.c +++ b/grub-core/kern/riscv/efi/init.c @@ -73,4 +73,7 @@ grub_machine_fini (int flags) @@ -148,7 +147,7 @@ + grub_efi_memory_fini (); } diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c -index 5859f0498a..29d4136416 100644 +index 5859f04..29d4136 100644 --- a/grub-core/lib/efi/halt.c +++ b/grub-core/lib/efi/halt.c @@ -28,7 +28,8 @@ @@ -162,7 +161,7 @@ !defined(__riscv) grub_acpi_halt (); diff --git a/include/grub/loader.h b/include/grub/loader.h -index 7f82a499fd..b208642821 100644 +index 7f82a49..b208642 100644 --- a/include/grub/loader.h +++ b/include/grub/loader.h @@ -33,6 +33,7 @@ enum diff -Nru grub2-unsigned-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch grub2-unsigned-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch --- grub2-unsigned-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6245b194623730baa9f428e79e889e2907c34e01 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Thu, 23 Jul 2020 14:02:17 +0100 Subject: chainloader: Avoid a double free when validation fails @@ -8,7 +7,7 @@ 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index d0c53077e8..144a6549df 100644 +index d0c5307..144a654 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -1085,6 +1085,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch grub2-unsigned-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch --- grub2-unsigned-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c37a874169397daef4df39ef60e2f3ba91d445ac Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Wed, 15 Jul 2020 06:42:37 +0000 Subject: relocator: Protect grub_relocator_alloc_chunk_addr() input args @@ -19,7 +18,7 @@ 4 files changed, 31 insertions(+), 10 deletions(-) diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 991eb29db9..4e14eb1887 100644 +index 991eb29..4e14eb1 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -36,6 +36,7 @@ @@ -47,7 +46,7 @@ return err; real_mode_mem = get_virtual_current_address (ch); diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 3866f048bb..81ab3c0c15 100644 +index 3866f04..81ab3c0 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -36,6 +36,7 @@ @@ -74,7 +73,7 @@ if (! grub_linux_is_bzimage && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c -index 8f662c8ac8..cd24874ca3 100644 +index 8f662c8..cd24874 100644 --- a/grub-core/loader/i386/xen.c +++ b/grub-core/loader/i386/xen.c @@ -41,6 +41,7 @@ @@ -111,7 +110,7 @@ goto fail; kern_chunk_src = get_virtual_current_address (ch); diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 2f0ebd0b8b..3fd653993f 100644 +index 2f0ebd0..3fd6539 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -35,6 +35,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch grub2-unsigned-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch --- grub2-unsigned-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 52396e83608848f0ca7f8920ac9985259b7cd1cf Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Wed, 8 Jul 2020 01:44:38 +0000 Subject: relocator: Protect grub_relocator_alloc_chunk_align() max_addr @@ -19,7 +18,7 @@ Signed-off-by: Alexey Makhalov Reviewed-by: Daniel Kiper --- - grub-core/lib/i386/relocator.c | 28 ++++++++++---------------- + grub-core/lib/i386/relocator.c | 28 +++++++++++----------------- grub-core/lib/mips/relocator.c | 6 ++---- grub-core/lib/powerpc/relocator.c | 6 ++---- grub-core/lib/x86_64/efi/relocator.c | 7 +++---- @@ -28,14 +27,14 @@ grub-core/loader/i386/pc/linux.c | 6 ++---- grub-core/loader/mips/linux.c | 9 +++------ grub-core/loader/multiboot.c | 2 +- - grub-core/loader/multiboot_elfxx.c | 10 ++++----- - grub-core/loader/multiboot_mbi2.c | 10 ++++----- + grub-core/loader/multiboot_elfxx.c | 10 +++++----- + grub-core/loader/multiboot_mbi2.c | 10 +++++----- grub-core/loader/xnu_resume.c | 2 +- - include/grub/relocator.h | 29 +++++++++++++++++++++++++++ + include/grub/relocator.h | 29 +++++++++++++++++++++++++++++ 13 files changed, 69 insertions(+), 58 deletions(-) diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c -index 71dd4f0ab0..34cbe834fa 100644 +index 71dd4f0..34cbe83 100644 --- a/grub-core/lib/i386/relocator.c +++ b/grub-core/lib/i386/relocator.c @@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, @@ -88,7 +87,7 @@ return err; diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c -index 9d5f49cb93..743b213e69 100644 +index 9d5f49c..743b213 100644 --- a/grub-core/lib/mips/relocator.c +++ b/grub-core/lib/mips/relocator.c @@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, @@ -105,7 +104,7 @@ if (err) return err; diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c -index bdf2b111be..8ffb8b6868 100644 +index bdf2b11..8ffb8b6 100644 --- a/grub-core/lib/powerpc/relocator.c +++ b/grub-core/lib/powerpc/relocator.c @@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, @@ -122,7 +121,7 @@ if (err) return err; diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c -index 3caef7a402..7d200a125e 100644 +index 3caef7a..7d200a1 100644 --- a/grub-core/lib/x86_64/efi/relocator.c +++ b/grub-core/lib/x86_64/efi/relocator.c @@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, @@ -140,7 +139,7 @@ return err; diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 4e14eb1887..04bd78a1fa 100644 +index 4e14eb1..04bd78a 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -184,9 +184,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, @@ -156,7 +155,7 @@ GRUB_RELOCATOR_PREFERENCE_LOW, 1); diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c -index ad3cc292fd..a67d9d0a80 100644 +index ad3cc29..a67d9d0 100644 --- a/grub-core/loader/i386/multiboot_mbi.c +++ b/grub-core/loader/i386/multiboot_mbi.c @@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) @@ -174,7 +173,7 @@ return err; ptrorig = get_virtual_current_address (ch); diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 81ab3c0c15..6400a5b91d 100644 +index 81ab3c0..6400a5b 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -463,10 +463,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -191,7 +190,7 @@ return err; initrd_chunk = get_virtual_current_address (ch); diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c -index 7b723bf189..e4ed95921d 100644 +index 7b723bf..e4ed959 100644 --- a/grub-core/loader/mips/linux.c +++ b/grub-core/loader/mips/linux.c @@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -211,7 +210,7 @@ if (err) goto fail; diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c -index 3e6ad166dc..3e286908dd 100644 +index 3e6ad16..3e28690 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -404,7 +404,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), @@ -224,7 +223,7 @@ GRUB_RELOCATOR_PREFERENCE_NONE, 1); if (err) diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index cc6853692a..f2318e0d16 100644 +index cc68536..f2318e0 100644 --- a/grub-core/loader/multiboot_elfxx.c +++ b/grub-core/loader/multiboot_elfxx.c @@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) @@ -252,7 +251,7 @@ GRUB_RELOCATOR_PREFERENCE_NONE, mld->avoid_efi_boot_services); diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c -index 53da786151..3ec2092839 100644 +index 53da786..3ec2092 100644 --- a/grub-core/loader/multiboot_mbi2.c +++ b/grub-core/loader/multiboot_mbi2.c @@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) @@ -280,7 +279,7 @@ GRUB_RELOCATOR_PREFERENCE_NONE, 1); if (err) diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c -index 8089804d48..d648ef0cd3 100644 +index 8089804..d648ef0 100644 --- a/grub-core/loader/xnu_resume.c +++ b/grub-core/loader/xnu_resume.c @@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) @@ -293,7 +292,7 @@ GRUB_XNU_PAGESIZE, GRUB_RELOCATOR_PREFERENCE_NONE, 0); diff --git a/include/grub/relocator.h b/include/grub/relocator.h -index 24d8672d22..1b3bdd92ac 100644 +index 24d8672..1b3bdd9 100644 --- a/include/grub/relocator.h +++ b/include/grub/relocator.h @@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, diff -Nru grub2-unsigned-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch grub2-unsigned-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch --- grub2-unsigned-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e22a7ea411935cd237ab024da9399bf640ac5d3a Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Fri, 17 Jul 2020 05:17:26 +0000 Subject: relocator: Fix grub_relocator_alloc_chunk_align() top memory @@ -26,7 +25,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c -index 5847aac364..f2c1944c28 100644 +index 5847aac..f2c1944 100644 --- a/grub-core/lib/relocator.c +++ b/grub-core/lib/relocator.c @@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, diff -Nru grub2-unsigned-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch grub2-unsigned-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch --- grub2-unsigned-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 7fcfd002718938add9d174ac52c679376a46d81c Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 24 Jul 2020 13:57:27 -0400 Subject: linux loader: avoid overflow on initrd size calculation @@ -9,7 +8,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 471b214d6c..25624ebc11 100644 +index 471b214..25624eb 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c @@ -151,8 +151,8 @@ grub_initrd_init (int argc, char *argv[], diff -Nru grub2-unsigned-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch grub2-unsigned-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch --- grub2-unsigned-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 16fddf3d3adb7a8d10e67f75cbaaa76ebb6c8c93 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 25 Jul 2020 12:15:37 +0100 Subject: linux: Fix integer overflows in initrd size handling @@ -10,11 +9,11 @@ Signed-off-by: Colin Watson Reviewed-by: Jan Setje-Eilers --- - grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++----------- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 54 insertions(+), 20 deletions(-) diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 25624ebc11..e9f819ee95 100644 +index 25624eb..e9f819e 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c @@ -4,6 +4,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch grub2-unsigned-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch --- grub2-unsigned-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c7c111b9583d0fee45c420629e5be1a9e50fab37 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 27 Jul 2020 14:22:12 +0100 Subject: efilinux: Fix integer overflows in grub_cmd_initrd @@ -15,7 +14,7 @@ 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index e357bf67c6..381459ce08 100644 +index e357bf6..381459c 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -28,6 +28,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0128-kern-Add-lockdown-support.patch grub2-unsigned-2.04/debian/patches/0128-kern-Add-lockdown-support.patch --- grub2-unsigned-2.04/debian/patches/0128-kern-Add-lockdown-support.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0128-kern-Add-lockdown-support.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From acfaa9d2e1e12802ac7c280f61f0dc4d22335142 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Mon, 28 Sep 2020 20:08:02 +0200 Subject: kern: Add lockdown support @@ -36,23 +35,23 @@ Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper --- - conf/Makefile.common | 2 + - docs/grub-dev.texi | 27 ++++++++++++ - docs/grub.texi | 8 ++++ + conf/Makefile.common | 2 ++ + docs/grub-dev.texi | 27 ++++++++++++++ + docs/grub.texi | 8 +++++ grub-core/Makefile.am | 5 ++- grub-core/Makefile.core.def | 1 + - grub-core/commands/extcmd.c | 23 ++++++++++ - grub-core/kern/command.c | 24 +++++++++++ - grub-core/kern/lockdown.c | 86 +++++++++++++++++++++++++++++++++++++ + grub-core/commands/extcmd.c | 23 ++++++++++++ + grub-core/kern/command.c | 24 +++++++++++++ + grub-core/kern/lockdown.c | 86 +++++++++++++++++++++++++++++++++++++++++++++ include/grub/command.h | 5 +++ - include/grub/extcmd.h | 7 +++ - include/grub/lockdown.h | 44 +++++++++++++++++++ + include/grub/extcmd.h | 7 ++++ + include/grub/lockdown.h | 44 +++++++++++++++++++++++ 11 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 grub-core/kern/lockdown.c create mode 100644 include/grub/lockdown.h diff --git a/conf/Makefile.common b/conf/Makefile.common -index 6cd71cbb2a..2a1a886f6d 100644 +index 6cd71cb..2a1a886 100644 --- a/conf/Makefile.common +++ b/conf/Makefile.common @@ -84,7 +84,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER @@ -66,7 +65,7 @@ CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)' CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \ diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index ee389fd83c..635ec72314 100644 +index ee389fd..635ec72 100644 --- a/docs/grub-dev.texi +++ b/docs/grub-dev.texi @@ -86,6 +86,7 @@ This edition documents version @value{VERSION}. @@ -111,7 +110,7 @@ @appendix Copying This Manual diff --git a/docs/grub.texi b/docs/grub.texi -index d949edf88f..eed542594f 100644 +index d949edf..eed5425 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5747,6 +5747,7 @@ environment variables and commands are listed in the same order. @@ -137,7 +136,7 @@ @chapter Platform limitations diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index c6ba5b2d76..b704b77195 100644 +index c6ba5b2..b704b77 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -80,6 +80,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h @@ -161,7 +160,7 @@ platform_DATA += command.lst CLEANFILES += command.lst diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 01819d1044..72a9d4b66b 100644 +index 01819d1..72a9d4b 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -203,6 +203,7 @@ kernel = { @@ -173,7 +172,7 @@ i386_multiboot = kern/i386/pc/acpi.c; i386_coreboot = kern/acpi.c; diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c -index 69574e2b05..90a5ca24a6 100644 +index 69574e2..90a5ca2 100644 --- a/grub-core/commands/extcmd.c +++ b/grub-core/commands/extcmd.c @@ -19,6 +19,7 @@ @@ -214,7 +213,7 @@ grub_unregister_extcmd (grub_extcmd_t ext) { diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c -index acd7218799..4aabcd4b5f 100644 +index acd7218..4aabcd4 100644 --- a/grub-core/kern/command.c +++ b/grub-core/kern/command.c @@ -17,6 +17,7 @@ @@ -257,7 +256,7 @@ { diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c new file mode 100644 -index 0000000000..8f28bf14c3 +index 0000000..8f28bf1 --- /dev/null +++ b/grub-core/kern/lockdown.c @@ -0,0 +1,86 @@ @@ -348,7 +347,7 @@ + return lockdown; +} diff --git a/include/grub/command.h b/include/grub/command.h -index eee4e847ee..2a6f7f8469 100644 +index eee4e84..2a6f7f8 100644 --- a/include/grub/command.h +++ b/include/grub/command.h @@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name, @@ -364,7 +363,7 @@ static inline grub_command_t diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h -index 19fe592669..fe9248b8bb 100644 +index 19fe592..fe9248b 100644 --- a/include/grub/extcmd.h +++ b/include/grub/extcmd.h @@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name, @@ -383,7 +382,7 @@ grub_command_flags_t flags, diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h new file mode 100644 -index 0000000000..40531fa823 +index 0000000..40531fa --- /dev/null +++ b/include/grub/lockdown.h @@ -0,0 +1,44 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0129-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch grub2-unsigned-2.04/debian/patches/0129-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch --- grub2-unsigned-2.04/debian/patches/0129-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0129-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b90760ac6c531327731cb0bdd83f5a9d20e34808 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Mon, 28 Sep 2020 20:08:29 +0200 Subject: efi: Lockdown the GRUB when the UEFI Secure Boot is enabled @@ -14,7 +13,7 @@ 1 file changed, 19 insertions(+) diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 2c31847bf6..01d64d906e 100644 +index 2c31847..01d64d9 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -20,6 +20,8 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0130-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch grub2-unsigned-2.04/debian/patches/0130-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch --- grub2-unsigned-2.04/debian/patches/0130-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0130-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6fb933d5fe1e8dc73e05990012230abff994b55f Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Mon, 28 Sep 2020 20:08:33 +0200 Subject: efi: Use grub_is_lockdown() instead of hardcoding a disabled modules @@ -24,7 +23,7 @@ 4 files changed, 36 insertions(+), 43 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index eed542594f..1f23edcb71 100644 +index eed5425..1f23edc 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5405,6 +5405,9 @@ only applies to the particular cpu/core/thread that runs the command. @@ -64,7 +63,7 @@ @node Measured Boot @section Measuring boot components diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c -index 9c5e510eb4..56a29c29f4 100644 +index 9c5e510..56a29c2 100644 --- a/grub-core/commands/i386/wrmsr.c +++ b/grub-core/commands/i386/wrmsr.c @@ -24,6 +24,7 @@ @@ -87,7 +86,7 @@ GRUB_MOD_FINI(wrmsr) diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index 41a7f3f046..584baec8f9 100644 +index 41a7f3f..584baec 100644 --- a/grub-core/commands/iorw.c +++ b/grub-core/commands/iorw.c @@ -23,7 +23,7 @@ @@ -144,7 +143,7 @@ grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index 088cbe9e2b..d401a6db0e 100644 +index 088cbe9..d401a6d 100644 --- a/grub-core/commands/memrw.c +++ b/grub-core/commands/memrw.c @@ -22,7 +22,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0131-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch grub2-unsigned-2.04/debian/patches/0131-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch --- grub2-unsigned-2.04/debian/patches/0131-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0131-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,9 +1,8 @@ -From 1e57f66a6b1b53ee61a8bdb558ef9961542ea8c5 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Mon, 28 Sep 2020 20:08:41 +0200 Subject: acpi: Don't register the acpi command when locked down MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 +Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit The command is not allowed when lockdown is enforced. Otherwise an @@ -22,7 +21,7 @@ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index 1f23edcb71..b7f2f0d3c4 100644 +index 1f23edc..b7f2f0d 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -4061,6 +4061,11 @@ Normally, this command will replace the Root System Description Pointer @@ -38,7 +37,7 @@ diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c -index 5a1499aa0e..1215f2a62e 100644 +index 5a1499a..1215f2a 100644 --- a/grub-core/commands/acpi.c +++ b/grub-core/commands/acpi.c @@ -27,6 +27,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0132-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch grub2-unsigned-2.04/debian/patches/0132-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch --- grub2-unsigned-2.04/debian/patches/0132-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0132-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 87b5d5985b179eabdbbc8fe9caddc47e5fb333e1 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 14 Oct 2020 16:33:42 +0200 Subject: mmap: Don't register cutmem and badram commands when lockdown is @@ -19,7 +18,7 @@ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index b7f2f0d3c4..787ed1c454 100644 +index b7f2f0d..787ed1c 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -4126,6 +4126,10 @@ this page is to be filtered. This syntax makes it easy to represent patterns @@ -34,7 +33,7 @@ @subsection blocklist diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 57b4e9a72a..7ebf32e1e5 100644 +index 57b4e9a..7ebf32e 100644 --- a/grub-core/mmap/mmap.c +++ b/grub-core/mmap/mmap.c @@ -20,6 +20,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0133-dl-Only-allow-unloading-modules-that-are-not-depende.patch grub2-unsigned-2.04/debian/patches/0133-dl-Only-allow-unloading-modules-that-are-not-depende.patch --- grub2-unsigned-2.04/debian/patches/0133-dl-Only-allow-unloading-modules-that-are-not-depende.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0133-dl-Only-allow-unloading-modules-that-are-not-depende.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 262a964d28f30a7ec12a279126967e4e9cf820fd Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Tue, 29 Sep 2020 14:08:55 +0200 Subject: dl: Only allow unloading modules that are not dependencies @@ -25,7 +24,7 @@ 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c -index 6d66b7c453..2bd3ac76f2 100644 +index 6d66b7c..2bd3ac7 100644 --- a/grub-core/commands/minicmd.c +++ b/grub-core/commands/minicmd.c @@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), @@ -43,7 +42,7 @@ return 0; } diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index d665c10fcc..13ad522014 100644 +index d665c10..13ad522 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -554,6 +554,15 @@ grub_dl_unref (grub_dl_t mod) @@ -63,7 +62,7 @@ grub_dl_flush_cache (grub_dl_t mod) { diff --git a/include/grub/dl.h b/include/grub/dl.h -index f03c03561a..b3753c9ca2 100644 +index f03c035..b3753c9 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h @@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); diff -Nru grub2-unsigned-2.04/debian/patches/0134-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch grub2-unsigned-2.04/debian/patches/0134-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch --- grub2-unsigned-2.04/debian/patches/0134-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0134-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From 215ac19c547ea0448d3218f551a3e7d66480bee5 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Fri, 11 Dec 2020 19:19:21 +0100 -Subject: usb: Avoid possible out-of-bound accesses caused by malicious devices +Subject: usb: Avoid possible out-of-bound accesses caused by malicious + devices The maximum number of configurations and interfaces are fixed but there is no out-of-bound checking to prevent a malicious USB device to report large @@ -18,7 +18,7 @@ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c -index 8da5e4c749..7cb3cc230b 100644 +index 8da5e4c..7cb3cc2 100644 --- a/grub-core/bus/usb/usb.c +++ b/grub-core/bus/usb/usb.c @@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, @@ -67,7 +67,7 @@ return err; diff --git a/include/grub/usb.h b/include/grub/usb.h -index 512ae1dd0e..6475c552fc 100644 +index 512ae1d..6475c55 100644 --- a/include/grub/usb.h +++ b/include/grub/usb.h @@ -23,6 +23,10 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0135-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch grub2-unsigned-2.04/debian/patches/0135-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch --- grub2-unsigned-2.04/debian/patches/0135-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0135-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From dd6f2c5765e088316b8338edde3024629d171c02 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 3 Dec 2020 14:39:45 +0000 Subject: mmap: Fix memory leak when iterating over mapped memory @@ -15,7 +14,7 @@ 1 file changed, 2 insertions(+) diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 7ebf32e1e5..8bf235f340 100644 +index 7ebf32e..8bf235f 100644 --- a/grub-core/mmap/mmap.c +++ b/grub-core/mmap/mmap.c @@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) diff -Nru grub2-unsigned-2.04/debian/patches/0136-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch grub2-unsigned-2.04/debian/patches/0136-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch --- grub2-unsigned-2.04/debian/patches/0136-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0136-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c8528bb4367e6119beb66ff2db3ff8c6ab5b97e5 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 27 Nov 2020 15:10:26 +0000 Subject: net/net: Fix possible dereference to of a NULL pointer @@ -15,7 +14,7 @@ 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index ab506401bf..28cb1d3d8f 100644 +index ab50640..28cb1d3 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -89,8 +89,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card, diff -Nru grub2-unsigned-2.04/debian/patches/0137-kern-parser-Fix-resource-leak-if-argc-0.patch grub2-unsigned-2.04/debian/patches/0137-kern-parser-Fix-resource-leak-if-argc-0.patch --- grub2-unsigned-2.04/debian/patches/0137-kern-parser-Fix-resource-leak-if-argc-0.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0137-kern-parser-Fix-resource-leak-if-argc-0.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4c0e9cdbe1a9d1ebe7fb1017030d7d103cbbaafc Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 22 Jan 2021 12:32:41 +0000 Subject: kern/parser: Fix resource leak if argc == 0 @@ -23,7 +22,7 @@ 1 file changed, 5 insertions(+) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 619db3122a..d1cf061ad6 100644 +index 619db31..d1cf061 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline, diff -Nru grub2-unsigned-2.04/debian/patches/0138-kern-efi-Fix-memory-leak-on-failure.patch grub2-unsigned-2.04/debian/patches/0138-kern-efi-Fix-memory-leak-on-failure.patch --- grub2-unsigned-2.04/debian/patches/0138-kern-efi-Fix-memory-leak-on-failure.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0138-kern-efi-Fix-memory-leak-on-failure.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8bedbdd8291e0128a934c6460d17b64543745b7c Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 5 Nov 2020 10:15:25 +0000 Subject: kern/efi: Fix memory leak on failure @@ -14,7 +13,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index ff200a0457..2e88507f2f 100644 +index ff200a0..2e88507 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -393,6 +393,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) diff -Nru grub2-unsigned-2.04/debian/patches/0139-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch grub2-unsigned-2.04/debian/patches/0139-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch --- grub2-unsigned-2.04/debian/patches/0139-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0139-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9475a78bea72ba60ad8d6dd9c97e9cd0bb81f4f4 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 11 Dec 2020 15:03:13 +0000 Subject: kern/efi/mm: Fix possible NULL pointer dereference @@ -27,7 +26,7 @@ 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index a9e37108c6..7f052c6a4c 100644 +index a9e3710..7f052c6 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -360,15 +360,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size, diff -Nru grub2-unsigned-2.04/debian/patches/0140-gnulib-regexec-Resolve-unused-variable.patch grub2-unsigned-2.04/debian/patches/0140-gnulib-regexec-Resolve-unused-variable.patch --- grub2-unsigned-2.04/debian/patches/0140-gnulib-regexec-Resolve-unused-variable.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0140-gnulib-regexec-Resolve-unused-variable.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 93011687483c00e7d8903a62ce7702988ea698cf Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Wed, 21 Oct 2020 14:41:27 +0000 Subject: gnulib/regexec: Resolve unused variable @@ -17,14 +16,14 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - conf/Makefile.extra-dist | 1 + - .../lib/gnulib-patches/fix-unused-value.patch | 14 ++++++++++++++ - grub-core/lib/gnulib/regexec.c | 4 ++++ + conf/Makefile.extra-dist | 1 + + grub-core/lib/gnulib-patches/fix-unused-value.patch | 14 ++++++++++++++ + grub-core/lib/gnulib/regexec.c | 4 ++++ 3 files changed, 19 insertions(+) create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 46c4e95e2f..9b01152d99 100644 +index 46c4e95..9b01152 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh @@ -37,7 +36,7 @@ diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch new file mode 100644 -index 0000000000..ba51f1bf22 +index 0000000..ba51f1b --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-unused-value.patch @@ -0,0 +1,14 @@ @@ -56,7 +55,7 @@ + else + break; /* We found a match. */ diff --git a/grub-core/lib/gnulib/regexec.c b/grub-core/lib/gnulib/regexec.c -index 21cf7915f7..e472e2514f 100644 +index 21cf791..e472e25 100644 --- a/grub-core/lib/gnulib/regexec.c +++ b/grub-core/lib/gnulib/regexec.c @@ -828,7 +828,11 @@ re_search_internal (const regex_t *preg, const char *string, Idx length, diff -Nru grub2-unsigned-2.04/debian/patches/0141-gnulib-regcomp-Fix-uninitialized-token-structure.patch grub2-unsigned-2.04/debian/patches/0141-gnulib-regcomp-Fix-uninitialized-token-structure.patch --- grub2-unsigned-2.04/debian/patches/0141-gnulib-regcomp-Fix-uninitialized-token-structure.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0141-gnulib-regcomp-Fix-uninitialized-token-structure.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0d1dd6942d5ffe92c2964d6321ab55d4c4c4f7c0 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 22 Oct 2020 13:54:06 +0000 Subject: gnulib/regcomp: Fix uninitialized token structure @@ -14,14 +13,14 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - conf/Makefile.extra-dist | 1 + - .../lib/gnulib-patches/fix-uninit-structure.patch | 11 +++++++++++ - grub-core/lib/gnulib/regcomp.c | 2 +- + conf/Makefile.extra-dist | 1 + + grub-core/lib/gnulib-patches/fix-uninit-structure.patch | 11 +++++++++++ + grub-core/lib/gnulib/regcomp.c | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 9b01152d99..9e55458134 100644 +index 9b01152..9e55458 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh @@ -34,7 +33,7 @@ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch new file mode 100644 -index 0000000000..7b4d9f67af +index 0000000..7b4d9f6 --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch @@ -0,0 +1,11 @@ @@ -50,7 +49,7 @@ + + sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/grub-core/lib/gnulib/regcomp.c b/grub-core/lib/gnulib/regcomp.c -index fe7dfcbe56..2545d3e674 100644 +index fe7dfcb..2545d3e 100644 --- a/grub-core/lib/gnulib/regcomp.c +++ b/grub-core/lib/gnulib/regcomp.c @@ -3662,7 +3662,7 @@ build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans, diff -Nru grub2-unsigned-2.04/debian/patches/0142-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch grub2-unsigned-2.04/debian/patches/0142-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch --- grub2-unsigned-2.04/debian/patches/0142-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0142-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3950edaf0df20f5c393b9d629f1b1154a8c2782d Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Wed, 28 Oct 2020 14:43:01 +0000 Subject: gnulib/argp-help: Fix dereference of a possibly NULL state @@ -12,14 +11,14 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - conf/Makefile.extra-dist | 1 + - .../lib/gnulib-patches/fix-null-state-deref.patch | 12 ++++++++++++ - grub-core/lib/gnulib/argp-help.c | 3 ++- + conf/Makefile.extra-dist | 1 + + grub-core/lib/gnulib-patches/fix-null-state-deref.patch | 12 ++++++++++++ + grub-core/lib/gnulib/argp-help.c | 3 ++- 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 9e55458134..96d7e696eb 100644 +index 9e55458..96d7e69 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh @@ -32,7 +31,7 @@ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch new file mode 100644 -index 0000000000..813ec09c8a +index 0000000..813ec09 --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch @@ -0,0 +1,12 @@ @@ -49,7 +48,7 @@ + ARGP_HELP_FMT: %s value is less than or equal to %s"), + "rmargin", up->name); diff --git a/grub-core/lib/gnulib/argp-help.c b/grub-core/lib/gnulib/argp-help.c -index 5d8f451ec5..c75568cf05 100644 +index 5d8f451..c75568c 100644 --- a/grub-core/lib/gnulib/argp-help.c +++ b/grub-core/lib/gnulib/argp-help.c @@ -145,7 +145,8 @@ validate_uparams (const struct argp_state *state, struct uparams *upptr) diff -Nru grub2-unsigned-2.04/debian/patches/0143-gnulib-regexec-Fix-possible-null-dereference.patch grub2-unsigned-2.04/debian/patches/0143-gnulib-regexec-Fix-possible-null-dereference.patch --- grub2-unsigned-2.04/debian/patches/0143-gnulib-regexec-Fix-possible-null-dereference.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0143-gnulib-regexec-Fix-possible-null-dereference.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8e3c2594f4ee4637b1e81704c76ed1a8f36d8c62 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 5 Nov 2020 10:57:14 +0000 Subject: gnulib/regexec: Fix possible null-dereference @@ -13,14 +12,14 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - conf/Makefile.extra-dist | 1 + - .../lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++ - grub-core/lib/gnulib/regexec.c | 3 +++ + conf/Makefile.extra-dist | 1 + + grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++ + grub-core/lib/gnulib/regexec.c | 3 +++ 3 files changed, 16 insertions(+) create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 96d7e696eb..d27d3a9d0d 100644 +index 96d7e69..d27d3a9 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh @@ -33,7 +32,7 @@ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch new file mode 100644 -index 0000000000..db6dac9c9e +index 0000000..db6dac9 --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch @@ -0,0 +1,12 @@ @@ -50,7 +49,7 @@ + && mctx->input.bufs_len < mctx->input.len) + || (next_state_log_idx >= mctx->input.valid_len diff --git a/grub-core/lib/gnulib/regexec.c b/grub-core/lib/gnulib/regexec.c -index e472e2514f..be787f0f36 100644 +index e472e25..be787f0 100644 --- a/grub-core/lib/gnulib/regexec.c +++ b/grub-core/lib/gnulib/regexec.c @@ -1696,6 +1696,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) diff -Nru grub2-unsigned-2.04/debian/patches/0144-gnulib-regcomp-Fix-uninitialized-re_token.patch grub2-unsigned-2.04/debian/patches/0144-gnulib-regcomp-Fix-uninitialized-re_token.patch --- grub2-unsigned-2.04/debian/patches/0144-gnulib-regcomp-Fix-uninitialized-re_token.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0144-gnulib-regcomp-Fix-uninitialized-re_token.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c540a61ef93d7f5dcdb1c0836096173a420b0c16 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 24 Nov 2020 18:04:22 +0000 Subject: gnulib/regcomp: Fix uninitialized re_token @@ -12,14 +11,14 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - conf/Makefile.extra-dist | 1 + - .../gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++++++++++++++ - grub-core/lib/gnulib/regcomp.c | 6 +----- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++++++++++++++ + grub-core/lib/gnulib/regcomp.c | 6 +----- 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index d27d3a9d0d..ffe6829850 100644 +index d27d3a9..ffe6829 100644 --- a/conf/Makefile.extra-dist +++ b/conf/Makefile.extra-dist @@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh @@ -32,7 +31,7 @@ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch new file mode 100644 -index 0000000000..02e06315df +index 0000000..02e0631 --- /dev/null +++ b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch @@ -0,0 +1,15 @@ @@ -52,7 +51,7 @@ + } + diff --git a/grub-core/lib/gnulib/regcomp.c b/grub-core/lib/gnulib/regcomp.c -index 2545d3e674..64a4fa77a6 100644 +index 2545d3e..64a4fa7 100644 --- a/grub-core/lib/gnulib/regcomp.c +++ b/grub-core/lib/gnulib/regcomp.c @@ -3808,11 +3808,7 @@ static bin_tree_t * diff -Nru grub2-unsigned-2.04/debian/patches/0145-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch grub2-unsigned-2.04/debian/patches/0145-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch --- grub2-unsigned-2.04/debian/patches/0145-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0145-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 81329df40cf16d93abda3972a55f35b75b7b1705 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Wed, 21 Oct 2020 14:44:10 +0000 Subject: io/lzopio: Resolve unnecessary self-assignment errors @@ -15,7 +14,7 @@ 1 file changed, 4 deletions(-) diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c -index 30144857df..a7d442543c 100644 +index 3014485..a7d4425 100644 --- a/grub-core/io/lzopio.c +++ b/grub-core/io/lzopio.c @@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio) diff -Nru grub2-unsigned-2.04/debian/patches/0146-zstd-Initialize-seq_t-structure-fully.patch grub2-unsigned-2.04/debian/patches/0146-zstd-Initialize-seq_t-structure-fully.patch --- grub2-unsigned-2.04/debian/patches/0146-zstd-Initialize-seq_t-structure-fully.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0146-zstd-Initialize-seq_t-structure-fully.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 868d2e56986759584777dbf88a54f634df955fa9 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 5 Nov 2020 10:29:59 +0000 Subject: zstd: Initialize seq_t structure fully @@ -17,7 +16,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c -index 711b5b6d7a..e4b5670c26 100644 +index 711b5b6..e4b5670 100644 --- a/grub-core/lib/zstd/zstd_decompress.c +++ b/grub-core/lib/zstd/zstd_decompress.c @@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, ZSTD_lo_isLongOffset=1 } ZSTD_longOffset diff -Nru grub2-unsigned-2.04/debian/patches/0147-kern-partition-Check-for-NULL-before-dereferencing-i.patch grub2-unsigned-2.04/debian/patches/0147-kern-partition-Check-for-NULL-before-dereferencing-i.patch --- grub2-unsigned-2.04/debian/patches/0147-kern-partition-Check-for-NULL-before-dereferencing-i.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0147-kern-partition-Check-for-NULL-before-dereferencing-i.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 515eb22844fb87d047882859685f52002acbb89e Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 23 Oct 2020 09:49:59 +0000 Subject: kern/partition: Check for NULL before dereferencing input string @@ -18,7 +17,7 @@ 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c -index e499147cbc..b10a184e3f 100644 +index e499147..b10a184 100644 --- a/grub-core/kern/partition.c +++ b/grub-core/kern/partition.c @@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap, diff -Nru grub2-unsigned-2.04/debian/patches/0148-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch grub2-unsigned-2.04/debian/patches/0148-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch --- grub2-unsigned-2.04/debian/patches/0148-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0148-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d809884b49f0c33953b7785a6fd41601867ac1ca Mon Sep 17 00:00:00 2001 From: Marco A Benatto Date: Mon, 7 Dec 2020 11:53:03 -0300 Subject: disk/ldm: Make sure comp data is freed before exiting from make_vg() @@ -12,11 +11,11 @@ Signed-off-by: Marco A Benatto Reviewed-by: Daniel Kiper --- - grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++------ + grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 7 deletions(-) diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 58f8a53e1a..428415fac2 100644 +index 58f8a53..428415f 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -554,7 +554,11 @@ make_vg (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0149-disk-ldm-If-failed-then-free-vg-variable-too.patch grub2-unsigned-2.04/debian/patches/0149-disk-ldm-If-failed-then-free-vg-variable-too.patch --- grub2-unsigned-2.04/debian/patches/0149-disk-ldm-If-failed-then-free-vg-variable-too.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0149-disk-ldm-If-failed-then-free-vg-variable-too.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6bf8cb83f29c5c0a7518b106238ec3ea1d665a01 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Mon, 7 Dec 2020 10:07:47 -0300 Subject: disk/ldm: If failed then free vg variable too @@ -12,7 +11,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 428415fac2..54713f45a1 100644 +index 428415f..54713f4 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -199,6 +199,7 @@ make_vg (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0150-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch grub2-unsigned-2.04/debian/patches/0150-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch --- grub2-unsigned-2.04/debian/patches/0150-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0150-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0269f8189b913bc4f302a6318dd5e33b8c06ce40 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 8 Dec 2020 10:00:51 +0000 Subject: disk/ldm: Fix memory leak on uninserted lv references @@ -18,7 +17,7 @@ 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 54713f45a1..e82e9899f9 100644 +index 54713f4..e82e989 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -321,7 +321,10 @@ make_vg (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0151-disk-cryptodisk-Fix-potential-integer-overflow.patch grub2-unsigned-2.04/debian/patches/0151-disk-cryptodisk-Fix-potential-integer-overflow.patch --- grub2-unsigned-2.04/debian/patches/0151-disk-cryptodisk-Fix-potential-integer-overflow.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0151-disk-cryptodisk-Fix-potential-integer-overflow.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2142b5e45d724319ad2f8e129e13d829cf9c4887 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 21 Jan 2021 11:38:31 +0000 Subject: disk/cryptodisk: Fix potential integer overflow @@ -16,7 +15,7 @@ 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 5037768fc3..6883f48844 100644 +index 5037768..6883f48 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, diff -Nru grub2-unsigned-2.04/debian/patches/0152-hfsplus-Check-that-the-volume-name-length-is-valid.patch grub2-unsigned-2.04/debian/patches/0152-hfsplus-Check-that-the-volume-name-length-is-valid.patch --- grub2-unsigned-2.04/debian/patches/0152-hfsplus-Check-that-the-volume-name-length-is-valid.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0152-hfsplus-Check-that-the-volume-name-length-is-valid.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0554a7139c3703dc92e917b2215dccdb02efa4f4 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 23 Oct 2020 17:09:31 +0000 Subject: hfsplus: Check that the volume name length is valid @@ -19,7 +18,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 9c4e4c88c9..8fe7c12ed8 100644 +index 9c4e4c8..8fe7c12 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -1012,6 +1012,15 @@ grub_hfsplus_label (grub_device_t device, char **label) diff -Nru grub2-unsigned-2.04/debian/patches/0153-zfs-Fix-possible-negative-shift-operation.patch grub2-unsigned-2.04/debian/patches/0153-zfs-Fix-possible-negative-shift-operation.patch --- grub2-unsigned-2.04/debian/patches/0153-zfs-Fix-possible-negative-shift-operation.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0153-zfs-Fix-possible-negative-shift-operation.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 479b89833135474f96cd9faa74b67c7a3e4f5517 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 24 Nov 2020 16:41:49 +0000 Subject: zfs: Fix possible negative shift operation @@ -22,7 +21,7 @@ 1 file changed, 5 insertions(+) diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 36d0373a6a..0c42cba277 100644 +index 36d0373..0c42cba 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type, diff -Nru grub2-unsigned-2.04/debian/patches/0154-zfs-Fix-resource-leaks-while-constructing-path.patch grub2-unsigned-2.04/debian/patches/0154-zfs-Fix-resource-leaks-while-constructing-path.patch --- grub2-unsigned-2.04/debian/patches/0154-zfs-Fix-resource-leaks-while-constructing-path.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0154-zfs-Fix-resource-leaks-while-constructing-path.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 221980d4c8bc8706d336388e7c80d311b893eb40 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Mon, 14 Dec 2020 18:54:49 -0300 Subject: zfs: Fix resource leaks while constructing path @@ -28,7 +27,7 @@ 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 0c42cba277..9087a721c9 100644 +index 0c42cba..9087a72 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, diff -Nru grub2-unsigned-2.04/debian/patches/0155-zfs-Fix-possible-integer-overflows.patch grub2-unsigned-2.04/debian/patches/0155-zfs-Fix-possible-integer-overflows.patch --- grub2-unsigned-2.04/debian/patches/0155-zfs-Fix-possible-integer-overflows.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0155-zfs-Fix-possible-integer-overflows.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 76ed42b6a51c44c087538cd05deffc3abf99b926 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 8 Dec 2020 22:17:04 +0000 Subject: zfs: Fix possible integer overflows @@ -19,7 +18,7 @@ 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 9087a721c9..b078ccc866 100644 +index 9087a72..b078ccc 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array, diff -Nru grub2-unsigned-2.04/debian/patches/0156-zfsinfo-Correct-a-check-for-error-allocating-memory.patch grub2-unsigned-2.04/debian/patches/0156-zfsinfo-Correct-a-check-for-error-allocating-memory.patch --- grub2-unsigned-2.04/debian/patches/0156-zfsinfo-Correct-a-check-for-error-allocating-memory.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0156-zfsinfo-Correct-a-check-for-error-allocating-memory.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 97d13a474dfec603537249da1cc67435504866c9 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 10:56:45 +0000 Subject: zfsinfo: Correct a check for error allocating memory @@ -14,7 +13,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c -index c8a28acf52..bf2918018e 100644 +index c8a28ac..bf29180 100644 --- a/grub-core/fs/zfs/zfsinfo.c +++ b/grub-core/fs/zfs/zfsinfo.c @@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc, diff -Nru grub2-unsigned-2.04/debian/patches/0157-affs-Fix-memory-leaks.patch grub2-unsigned-2.04/debian/patches/0157-affs-Fix-memory-leaks.patch --- grub2-unsigned-2.04/debian/patches/0157-affs-Fix-memory-leaks.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0157-affs-Fix-memory-leaks.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 557f1e24ea388e949db9bc8da1d3f0383bb502d0 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 12:48:07 +0000 Subject: affs: Fix memory leaks @@ -25,7 +24,7 @@ 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c -index 220b3712f2..230e26af0f 100644 +index 220b371..230e26a 100644 --- a/grub-core/fs/affs.c +++ b/grub-core/fs/affs.c @@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, diff -Nru grub2-unsigned-2.04/debian/patches/0158-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch grub2-unsigned-2.04/debian/patches/0158-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch --- grub2-unsigned-2.04/debian/patches/0158-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0158-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e1872c3f48ccab6a6e4de7a44e21a412ade7ce1f Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 3 Nov 2020 16:43:37 +0000 Subject: libgcrypt/mpi: Fix possible unintended sign extension @@ -18,7 +17,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c -index a3435ed142..7ecad27b23 100644 +index a3435ed..7ecad27 100644 --- a/grub-core/lib/libgcrypt/mpi/mpicoder.c +++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c @@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, diff -Nru grub2-unsigned-2.04/debian/patches/0159-libgcrypt-mpi-Fix-possible-NULL-dereference.patch grub2-unsigned-2.04/debian/patches/0159-libgcrypt-mpi-Fix-possible-NULL-dereference.patch --- grub2-unsigned-2.04/debian/patches/0159-libgcrypt-mpi-Fix-possible-NULL-dereference.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0159-libgcrypt-mpi-Fix-possible-NULL-dereference.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 51ea91341deaac79a6f905ba3fc07dbdc58f9502 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 10:41:54 +0000 Subject: libgcrypt/mpi: Fix possible NULL dereference @@ -15,7 +14,7 @@ 1 file changed, 3 insertions(+) diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c -index 7ecad27b23..6fe3891653 100644 +index 7ecad27..6fe3891 100644 --- a/grub-core/lib/libgcrypt/mpi/mpicoder.c +++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c @@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, diff -Nru grub2-unsigned-2.04/debian/patches/0160-syslinux-Fix-memory-leak-while-parsing.patch grub2-unsigned-2.04/debian/patches/0160-syslinux-Fix-memory-leak-while-parsing.patch --- grub2-unsigned-2.04/debian/patches/0160-syslinux-Fix-memory-leak-while-parsing.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0160-syslinux-Fix-memory-leak-while-parsing.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 023fea3fa86cd7f71f30bccdb781e0695dc9d48b Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 15:31:53 +0000 Subject: syslinux: Fix memory leak while parsing @@ -15,7 +14,7 @@ 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c -index 4afa99279a..3acc6b4d19 100644 +index 4afa992..3acc6b4 100644 --- a/grub-core/lib/syslinux_parse.c +++ b/grub-core/lib/syslinux_parse.c @@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu) diff -Nru grub2-unsigned-2.04/debian/patches/0161-normal-completion-Fix-leaking-of-memory-when-process.patch grub2-unsigned-2.04/debian/patches/0161-normal-completion-Fix-leaking-of-memory-when-process.patch --- grub2-unsigned-2.04/debian/patches/0161-normal-completion-Fix-leaking-of-memory-when-process.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0161-normal-completion-Fix-leaking-of-memory-when-process.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From 969cd75b32d8996af852758ac1e229055f80adac Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 4 Dec 2020 18:56:48 +0000 -Subject: normal/completion: Fix leaking of memory when processing a completion +Subject: normal/completion: Fix leaking of memory when processing a + completion It is possible for the code to reach the end of the function without freeing the memory allocated to argv and argc still to be 0. @@ -19,7 +19,7 @@ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c -index 596102848c..46e473c8f2 100644 +index 5961028..46e473c 100644 --- a/grub-core/normal/completion.c +++ b/grub-core/normal/completion.c @@ -400,8 +400,8 @@ char * diff -Nru grub2-unsigned-2.04/debian/patches/0162-commands-hashsum-Fix-a-memory-leak.patch grub2-unsigned-2.04/debian/patches/0162-commands-hashsum-Fix-a-memory-leak.patch --- grub2-unsigned-2.04/debian/patches/0162-commands-hashsum-Fix-a-memory-leak.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0162-commands-hashsum-Fix-a-memory-leak.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f2230a3bb2be7c23ce4973d9bf2a33e4409294c5 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Tue, 1 Dec 2020 23:41:24 +0000 Subject: commands/hashsum: Fix a memory leak @@ -16,7 +15,7 @@ 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c -index 456ba908b6..b8a22b0c8b 100644 +index 456ba90..b8a22b0 100644 --- a/grub-core/commands/hashsum.c +++ b/grub-core/commands/hashsum.c @@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, diff -Nru grub2-unsigned-2.04/debian/patches/0163-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch grub2-unsigned-2.04/debian/patches/0163-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch --- grub2-unsigned-2.04/debian/patches/0163-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0163-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From cb46d13d24fc53965da7e5e262fe92d305b07fb8 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 8 Dec 2020 21:14:31 +0000 Subject: video/efi_gop: Remove unnecessary return value of @@ -19,7 +18,7 @@ 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c -index 7f9d1c2dfa..db2ee98bab 100644 +index 7f9d1c2..db2ee98 100644 --- a/grub-core/video/efi_gop.c +++ b/grub-core/video/efi_gop.c @@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, diff -Nru grub2-unsigned-2.04/debian/patches/0164-video-fb-fbfill-Fix-potential-integer-overflow.patch grub2-unsigned-2.04/debian/patches/0164-video-fb-fbfill-Fix-potential-integer-overflow.patch --- grub2-unsigned-2.04/debian/patches/0164-video-fb-fbfill-Fix-potential-integer-overflow.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0164-video-fb-fbfill-Fix-potential-integer-overflow.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 41c90c9842623e15dfaa56a73f5b588a0dc99b76 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Wed, 4 Nov 2020 15:10:51 +0000 Subject: video/fb/fbfill: Fix potential integer overflow @@ -18,7 +17,7 @@ 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c -index 11816d07a0..a37acd1e29 100644 +index 11816d0..a37acd1 100644 --- a/grub-core/video/fb/fbfill.c +++ b/grub-core/video/fb/fbfill.c @@ -31,6 +31,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0165-video-fb-video_fb-Fix-multiple-integer-overflows.patch grub2-unsigned-2.04/debian/patches/0165-video-fb-video_fb-Fix-multiple-integer-overflows.patch --- grub2-unsigned-2.04/debian/patches/0165-video-fb-video_fb-Fix-multiple-integer-overflows.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0165-video-fb-video_fb-Fix-multiple-integer-overflows.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6430c36cadef812a39599a8624b9b618991c8f1d Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Wed, 4 Nov 2020 14:43:44 +0000 Subject: video/fb/video_fb: Fix multiple integer overflows @@ -12,11 +11,11 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++----------- + grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c -index 1a602c8b25..1c9a138dcd 100644 +index 1a602c8..1c9a138 100644 --- a/grub-core/video/fb/video_fb.c +++ b/grub-core/video/fb/video_fb.c @@ -25,6 +25,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0166-video-fb-video_fb-Fix-possible-integer-overflow.patch grub2-unsigned-2.04/debian/patches/0166-video-fb-video_fb-Fix-possible-integer-overflow.patch --- grub2-unsigned-2.04/debian/patches/0166-video-fb-video_fb-Fix-possible-integer-overflow.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0166-video-fb-video_fb-Fix-possible-integer-overflow.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6c3de1d3590491fdaedaca607cdce5d0b461dd5c Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 4 Dec 2020 14:51:30 +0000 Subject: video/fb/video_fb: Fix possible integer overflow @@ -16,7 +15,7 @@ 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c -index 1c9a138dcd..ae6b89f9ae 100644 +index 1c9a138..ae6b89f 100644 --- a/grub-core/video/fb/video_fb.c +++ b/grub-core/video/fb/video_fb.c @@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info, diff -Nru grub2-unsigned-2.04/debian/patches/0167-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch grub2-unsigned-2.04/debian/patches/0167-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch --- grub2-unsigned-2.04/debian/patches/0167-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0167-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 91370b89d34344d09d7f705d2dba0697b127bb84 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 4 Dec 2020 15:39:00 +0000 Subject: video/readers/jpeg: Test for an invalid next marker reference from a @@ -17,7 +16,7 @@ 1 file changed, 6 insertions(+) diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 31359a4c9c..0b6ce3cee6 100644 +index 31359a4..0b6ce3c 100644 --- a/grub-core/video/readers/jpeg.c +++ b/grub-core/video/readers/jpeg.c @@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) diff -Nru grub2-unsigned-2.04/debian/patches/0168-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch grub2-unsigned-2.04/debian/patches/0168-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch --- grub2-unsigned-2.04/debian/patches/0168-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0168-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f799b4688409656b0c186dc594074c1a29e2b2b9 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Mon, 7 Dec 2020 14:44:47 +0000 Subject: gfxmenu/gui_list: Remove code that coverity is flagging as dead @@ -16,7 +15,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c -index 01477cdf2b..df334a6c56 100644 +index 01477cd..df334a6 100644 --- a/grub-core/gfxmenu/gui_list.c +++ b/grub-core/gfxmenu/gui_list.c @@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value) diff -Nru grub2-unsigned-2.04/debian/patches/0169-loader-bsd-Check-for-NULL-arg-up-front.patch grub2-unsigned-2.04/debian/patches/0169-loader-bsd-Check-for-NULL-arg-up-front.patch --- grub2-unsigned-2.04/debian/patches/0169-loader-bsd-Check-for-NULL-arg-up-front.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0169-loader-bsd-Check-for-NULL-arg-up-front.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 60b344093e6ff0958ef2153e795aed763dafafe0 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Tue, 8 Dec 2020 21:47:13 +0000 Subject: loader/bsd: Check for NULL arg up-front @@ -21,7 +20,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index ef0d63afc8..47bb10540d 100644 +index ef0d63a..47bb105 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -1606,7 +1606,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/0170-loader-xnu-Fix-memory-leak.patch grub2-unsigned-2.04/debian/patches/0170-loader-xnu-Fix-memory-leak.patch --- grub2-unsigned-2.04/debian/patches/0170-loader-xnu-Fix-memory-leak.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0170-loader-xnu-Fix-memory-leak.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 79a73459c3e240056f30e6e050fccba62b7ccf47 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 26 Nov 2020 12:53:10 +0000 Subject: loader/xnu: Fix memory leak @@ -19,7 +18,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 3fd653993f..ac551658ed 100644 +index 3fd6539..ac55165 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -1392,9 +1392,9 @@ grub_xnu_fill_devicetree (void) diff -Nru grub2-unsigned-2.04/debian/patches/0171-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch grub2-unsigned-2.04/debian/patches/0171-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch --- grub2-unsigned-2.04/debian/patches/0171-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0171-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2af419a656fd12382ec54f30b3518f7eeee2cf4f Mon Sep 17 00:00:00 2001 From: Marco A Benatto Date: Mon, 30 Nov 2020 12:18:24 -0300 Subject: loader/xnu: Free driverkey data when an error is detected in @@ -15,7 +14,7 @@ 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index ac551658ed..9f90dc42e8 100644 +index ac55165..9f90dc4 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -228,26 +228,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) diff -Nru grub2-unsigned-2.04/debian/patches/0172-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch grub2-unsigned-2.04/debian/patches/0172-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch --- grub2-unsigned-2.04/debian/patches/0172-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0172-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d1a35425c74abe01008d9e899b483bc54c8f09f3 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Mon, 30 Nov 2020 10:36:00 -0300 Subject: loader/xnu: Check if pointer is NULL before using it @@ -12,7 +11,7 @@ 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 9f90dc42e8..46d1b3fab5 100644 +index 9f90dc4..46d1b3f 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -671,6 +671,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, diff -Nru grub2-unsigned-2.04/debian/patches/0173-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch grub2-unsigned-2.04/debian/patches/0173-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch --- grub2-unsigned-2.04/debian/patches/0173-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0173-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From fcc414af17cf4152a4920a033c5960e5d85fdfb3 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 5 Nov 2020 14:33:50 +0000 Subject: util/grub-editenv: Fix incorrect casting of a signed value @@ -16,7 +15,7 @@ 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/util/grub-editenv.c b/util/grub-editenv.c -index f3662c95ba..db6f187cc6 100644 +index f3662c9..db6f187 100644 --- a/util/grub-editenv.c +++ b/util/grub-editenv.c @@ -125,6 +125,7 @@ open_envblk_file (const char *name) diff -Nru grub2-unsigned-2.04/debian/patches/0174-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch grub2-unsigned-2.04/debian/patches/0174-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch --- grub2-unsigned-2.04/debian/patches/0174-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0174-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9d0dffa692fbd7234b7e44783c0b2dc1495b682a Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 4 Dec 2020 15:04:28 +0000 Subject: util/glue-efi: Fix incorrect use of a possibly negative value @@ -16,7 +15,7 @@ 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/util/glue-efi.c b/util/glue-efi.c -index 68f53168b5..de0fa6d33d 100644 +index 68f5316..de0fa6d 100644 --- a/util/glue-efi.c +++ b/util/glue-efi.c @@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename, diff -Nru grub2-unsigned-2.04/debian/patches/0175-script-execute-Fix-NULL-dereference-in-grub_script_e.patch grub2-unsigned-2.04/debian/patches/0175-script-execute-Fix-NULL-dereference-in-grub_script_e.patch --- grub2-unsigned-2.04/debian/patches/0175-script-execute-Fix-NULL-dereference-in-grub_script_e.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0175-script-execute-Fix-NULL-dereference-in-grub_script_e.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From fef3fbf561e8bdd660e018cf23c642bcb1eea58a Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 3 Apr 2020 23:05:13 +1100 -Subject: script/execute: Fix NULL dereference in grub_script_execute_cmdline() +Subject: script/execute: Fix NULL dereference in + grub_script_execute_cmdline() Signed-off-by: Daniel Axtens Reviewed-by: Daniel Kiper @@ -10,7 +10,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 7e028e1355..5ea2aefb88 100644 +index 7e028e1..5ea2aef 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) diff -Nru grub2-unsigned-2.04/debian/patches/0176-commands-ls-Require-device_name-is-not-NULL-before-p.patch grub2-unsigned-2.04/debian/patches/0176-commands-ls-Require-device_name-is-not-NULL-before-p.patch --- grub2-unsigned-2.04/debian/patches/0176-commands-ls-Require-device_name-is-not-NULL-before-p.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0176-commands-ls-Require-device_name-is-not-NULL-before-p.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8f4403a8695bc299f004cbc8a6b28dbdb2fa6985 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 11 Jan 2021 16:57:37 +1100 Subject: commands/ls: Require device_name is not NULL before printing @@ -16,7 +15,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c -index 5b7491aa49..326d2d6b41 100644 +index 5b7491a..326d2d6 100644 --- a/grub-core/commands/ls.c +++ b/grub-core/commands/ls.c @@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) diff -Nru grub2-unsigned-2.04/debian/patches/0177-script-execute-Avoid-crash-when-using-outside-a-func.patch grub2-unsigned-2.04/debian/patches/0177-script-execute-Avoid-crash-when-using-outside-a-func.patch --- grub2-unsigned-2.04/debian/patches/0177-script-execute-Avoid-crash-when-using-outside-a-func.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0177-script-execute-Avoid-crash-when-using-outside-a-func.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 49298b1408f52a3a03bc67bf49e84538268a3587 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 11 Jan 2021 17:30:42 +1100 Subject: script/execute: Avoid crash when using "$#" outside a function scope @@ -19,7 +18,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 5ea2aefb88..23d34bd77e 100644 +index 5ea2aef..23d34bd 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len, diff -Nru grub2-unsigned-2.04/debian/patches/0178-lib-arg-Block-repeated-short-options-that-require-an.patch grub2-unsigned-2.04/debian/patches/0178-lib-arg-Block-repeated-short-options-that-require-an.patch --- grub2-unsigned-2.04/debian/patches/0178-lib-arg-Block-repeated-short-options-that-require-an.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0178-lib-arg-Block-repeated-short-options-that-require-an.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 667bf1a2258a0c320b62b40c7c3bbf61b883bac9 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 16:07:29 +1100 Subject: lib/arg: Block repeated short options that require an argument @@ -25,7 +24,7 @@ 1 file changed, 13 insertions(+) diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c -index 3288609a5e..537c5e94b8 100644 +index 3288609..537c5e9 100644 --- a/grub-core/lib/arg.c +++ b/grub-core/lib/arg.c @@ -299,6 +299,19 @@ grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv, diff -Nru grub2-unsigned-2.04/debian/patches/0179-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch grub2-unsigned-2.04/debian/patches/0179-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch --- grub2-unsigned-2.04/debian/patches/0179-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0179-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 420751277f2d9272cc59fc557409a2a4dccbc306 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 16:18:26 +1100 Subject: script/execute: Don't crash on a "for" loop with no items @@ -21,7 +20,7 @@ 1 file changed, 3 insertions(+) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 23d34bd77e..31dac254dc 100644 +index 23d34bd..31dac25 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -624,6 +624,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist, diff -Nru grub2-unsigned-2.04/debian/patches/0180-commands-menuentry-Fix-quoting-in-setparams_prefix.patch grub2-unsigned-2.04/debian/patches/0180-commands-menuentry-Fix-quoting-in-setparams_prefix.patch --- grub2-unsigned-2.04/debian/patches/0180-commands-menuentry-Fix-quoting-in-setparams_prefix.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0180-commands-menuentry-Fix-quoting-in-setparams_prefix.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 43838f772e26d70b908074ecfd743b898541886f Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 17:10:48 +1100 Subject: commands/menuentry: Fix quoting in setparams_prefix() @@ -29,7 +28,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 9164df744a..720e6d8ea3 100644 +index 9164df7..720e6d8 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -230,7 +230,7 @@ setparams_prefix (int argc, char **args) diff -Nru grub2-unsigned-2.04/debian/patches/0181-kern-misc-Always-set-end-in-grub_strtoull.patch grub2-unsigned-2.04/debian/patches/0181-kern-misc-Always-set-end-in-grub_strtoull.patch --- grub2-unsigned-2.04/debian/patches/0181-kern-misc-Always-set-end-in-grub_strtoull.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0181-kern-misc-Always-set-end-in-grub_strtoull.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3ab1de941ecf2165737c80fb44b963fbf6eb67bf Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Wed, 13 Jan 2021 22:19:01 +1100 Subject: kern/misc: Always set *end in grub_strtoull() @@ -16,7 +15,7 @@ 1 file changed, 8 insertions(+) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index e742f56d20..8e95d9c464 100644 +index e742f56..8e95d9c 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -406,6 +406,10 @@ grub_strtoull (const char *str, char **end, int base) diff -Nru grub2-unsigned-2.04/debian/patches/0182-video-readers-jpeg-Catch-files-with-unsupported-quan.patch grub2-unsigned-2.04/debian/patches/0182-video-readers-jpeg-Catch-files-with-unsupported-quan.patch --- grub2-unsigned-2.04/debian/patches/0182-video-readers-jpeg-Catch-files-with-unsupported-quan.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0182-video-readers-jpeg-Catch-files-with-unsupported-quan.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3278913932aa57536dd9fe1581e8115d514e5952 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 15 Jan 2021 12:57:04 +1100 Subject: video/readers/jpeg: Catch files with unsupported quantization or @@ -21,7 +20,7 @@ 1 file changed, 8 insertions(+) diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 0b6ce3cee6..23f919aa07 100644 +index 0b6ce3c..23f919a 100644 --- a/grub-core/video/readers/jpeg.c +++ b/grub-core/video/readers/jpeg.c @@ -333,7 +333,11 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) diff -Nru grub2-unsigned-2.04/debian/patches/0183-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch grub2-unsigned-2.04/debian/patches/0183-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch --- grub2-unsigned-2.04/debian/patches/0183-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0183-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 164512b59e1b44d7aa93b0cf473f121fa1cf908f Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 15 Jan 2021 13:29:53 +1100 Subject: video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() @@ -23,7 +22,7 @@ 1 file changed, 8 insertions(+) diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 23f919aa07..e5148120f6 100644 +index 23f919a..e514812 100644 --- a/grub-core/video/readers/jpeg.c +++ b/grub-core/video/readers/jpeg.c @@ -526,6 +526,14 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) diff -Nru grub2-unsigned-2.04/debian/patches/0184-video-readers-jpeg-Don-t-decode-data-before-start-of.patch grub2-unsigned-2.04/debian/patches/0184-video-readers-jpeg-Don-t-decode-data-before-start-of.patch --- grub2-unsigned-2.04/debian/patches/0184-video-readers-jpeg-Don-t-decode-data-before-start-of.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0184-video-readers-jpeg-Don-t-decode-data-before-start-of.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 84ce6f99e54eb53dc35f13c2ca84d3be211dcf8a Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 15 Jan 2021 14:06:46 +1100 Subject: video/readers/jpeg: Don't decode data before start of stream @@ -20,7 +19,7 @@ 1 file changed, 4 insertions(+) diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index e5148120f6..e31602f766 100644 +index e514812..e31602f 100644 --- a/grub-core/video/readers/jpeg.c +++ b/grub-core/video/readers/jpeg.c @@ -646,6 +646,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) diff -Nru grub2-unsigned-2.04/debian/patches/0185-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch grub2-unsigned-2.04/debian/patches/0185-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch --- grub2-unsigned-2.04/debian/patches/0185-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0185-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b1725fb68af57f7f94c02fff11d7a0cf6b213a1e Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 15 Jan 2021 20:03:20 +1100 Subject: term/gfxterm: Don't set up a font with glyphs that are too big @@ -26,7 +25,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/term/gfxterm.c b/grub-core/term/gfxterm.c -index af7c090a3e..b40fcce915 100644 +index af7c090..b40fcce 100644 --- a/grub-core/term/gfxterm.c +++ b/grub-core/term/gfxterm.c @@ -232,6 +232,15 @@ grub_virtual_screen_setup (unsigned int x, unsigned int y, diff -Nru grub2-unsigned-2.04/debian/patches/0186-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch grub2-unsigned-2.04/debian/patches/0186-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch --- grub2-unsigned-2.04/debian/patches/0186-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0186-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From ff2614382ea5af66e162d9832cb7f66b40ca83c1 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 11:46:39 +1100 Subject: fs/fshelp: Catch impermissibly large block sizes in read helper @@ -18,7 +17,7 @@ 1 file changed, 12 insertions(+) diff --git a/grub-core/fs/fshelp.c b/grub-core/fs/fshelp.c -index 4c902adf38..a2d0d297a5 100644 +index 4c902ad..a2d0d29 100644 --- a/grub-core/fs/fshelp.c +++ b/grub-core/fs/fshelp.c @@ -362,6 +362,18 @@ grub_fshelp_read_file (grub_disk_t disk, grub_fshelp_node_t node, diff -Nru grub2-unsigned-2.04/debian/patches/0187-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch grub2-unsigned-2.04/debian/patches/0187-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch --- grub2-unsigned-2.04/debian/patches/0187-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0187-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From a9b1f28200f2e9d2dc8a22ceeaac3172bf26d4a6 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 18:13:56 +1100 Subject: fs/hfsplus: Don't fetch a key beyond the end of the node @@ -13,7 +12,7 @@ 1 file changed, 4 insertions(+) diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 8fe7c12ed8..1c7791b027 100644 +index 8fe7c12..1c7791b 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -635,6 +635,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree *btree, diff -Nru grub2-unsigned-2.04/debian/patches/0188-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch grub2-unsigned-2.04/debian/patches/0188-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch --- grub2-unsigned-2.04/debian/patches/0188-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0188-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3f75a6852e6c01003cee0a78688e0c520fde2407 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Tue, 2 Feb 2021 16:59:35 +1100 Subject: fs/hfsplus: Don't use uninitialized data on corrupt filesystems @@ -50,7 +49,7 @@ 2 files changed, 16 insertions(+) diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 1c7791b027..361e5be492 100644 +index 1c7791b..361e5be 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -177,6 +177,17 @@ grub_hfsplus_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) @@ -89,7 +88,7 @@ sizeof (struct grub_hfsplus_btnode), sizeof (header), (char *) &header) <= 0) diff --git a/include/grub/hfsplus.h b/include/grub/hfsplus.h -index 117740ae26..e14dd31ff5 100644 +index 117740a..e14dd31 100644 --- a/include/grub/hfsplus.h +++ b/include/grub/hfsplus.h @@ -113,6 +113,8 @@ struct grub_hfsplus_data diff -Nru grub2-unsigned-2.04/debian/patches/0189-fs-hfs-Disable-under-lockdown.patch grub2-unsigned-2.04/debian/patches/0189-fs-hfs-Disable-under-lockdown.patch --- grub2-unsigned-2.04/debian/patches/0189-fs-hfs-Disable-under-lockdown.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0189-fs-hfs-Disable-under-lockdown.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 7381c4e8f6727b496b632666d4ded8ef70e5fe61 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 12:19:07 +1100 Subject: fs/hfs: Disable under lockdown @@ -14,7 +13,7 @@ 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c -index 3fe842b4d8..9a5b7bbe90 100644 +index 3fe842b..9a5b7bb 100644 --- a/grub-core/fs/hfs.c +++ b/grub-core/fs/hfs.c @@ -30,6 +30,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0190-fs-sfs-Fix-over-read-of-root-object-name.patch grub2-unsigned-2.04/debian/patches/0190-fs-sfs-Fix-over-read-of-root-object-name.patch --- grub2-unsigned-2.04/debian/patches/0190-fs-sfs-Fix-over-read-of-root-object-name.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0190-fs-sfs-Fix-over-read-of-root-object-name.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 60ec6478f94409ca951dd0688c6ef107463bcb14 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 14:34:58 +1100 Subject: fs/sfs: Fix over-read of root object name @@ -18,7 +17,7 @@ 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index de2b107a4a..983e880088 100644 +index de2b107..983e880 100644 --- a/grub-core/fs/sfs.c +++ b/grub-core/fs/sfs.c @@ -373,6 +373,7 @@ grub_sfs_mount (grub_disk_t disk) diff -Nru grub2-unsigned-2.04/debian/patches/0191-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch grub2-unsigned-2.04/debian/patches/0191-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch --- grub2-unsigned-2.04/debian/patches/0191-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0191-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 31292c59c9cead04ec13dd7d7a8fa927061e43a3 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 14:51:11 +1100 Subject: fs/jfs: Do not move to leaf level if name length is negative @@ -16,7 +15,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c -index d5a6d65278..e5bbda61c5 100644 +index d5a6d65..e5bbda6 100644 --- a/grub-core/fs/jfs.c +++ b/grub-core/fs/jfs.c @@ -567,7 +567,7 @@ grub_jfs_getent (struct grub_jfs_diropen *diro) diff -Nru grub2-unsigned-2.04/debian/patches/0192-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch grub2-unsigned-2.04/debian/patches/0192-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch --- grub2-unsigned-2.04/debian/patches/0192-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0192-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0fecc048e70f700338c6a878b2d992c424556df0 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 14:57:17 +1100 Subject: fs/jfs: Limit the extents that getblk() can consider @@ -18,7 +17,7 @@ 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c -index e5bbda61c5..804c42d31e 100644 +index e5bbda6..804c42d 100644 --- a/grub-core/fs/jfs.c +++ b/grub-core/fs/jfs.c @@ -261,13 +261,15 @@ static grub_err_t grub_jfs_lookup_symlink (struct grub_jfs_data *data, grub_uint diff -Nru grub2-unsigned-2.04/debian/patches/0193-fs-jfs-Catch-infinite-recursion.patch grub2-unsigned-2.04/debian/patches/0193-fs-jfs-Catch-infinite-recursion.patch --- grub2-unsigned-2.04/debian/patches/0193-fs-jfs-Catch-infinite-recursion.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0193-fs-jfs-Catch-infinite-recursion.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 35cbc50bc07805658bb02c16621c9a67a9d62213 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 15:47:24 +1100 Subject: fs/jfs: Catch infinite recursion @@ -19,7 +18,7 @@ 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c -index 804c42d31e..6f7c439049 100644 +index 804c42d..6f7c439 100644 --- a/grub-core/fs/jfs.c +++ b/grub-core/fs/jfs.c @@ -304,7 +304,16 @@ getblk (struct grub_jfs_treehead *treehead, diff -Nru grub2-unsigned-2.04/debian/patches/0194-fs-nilfs2-Reject-too-large-keys.patch grub2-unsigned-2.04/debian/patches/0194-fs-nilfs2-Reject-too-large-keys.patch --- grub2-unsigned-2.04/debian/patches/0194-fs-nilfs2-Reject-too-large-keys.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0194-fs-nilfs2-Reject-too-large-keys.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e7655fae3a5a6ee835f19cdbba96a11816367d56 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 16:49:09 +1100 Subject: fs/nilfs2: Reject too-large keys @@ -16,7 +15,7 @@ 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c -index 7ed148d3b3..fee2242e9c 100644 +index 7ed148d..fee2242 100644 --- a/grub-core/fs/nilfs2.c +++ b/grub-core/fs/nilfs2.c @@ -569,6 +569,11 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, diff -Nru grub2-unsigned-2.04/debian/patches/0195-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch grub2-unsigned-2.04/debian/patches/0195-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch --- grub2-unsigned-2.04/debian/patches/0195-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0195-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 77402915aea57aac36065b30082e9273fa560e3e Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 16:49:44 +1100 Subject: fs/nilfs2: Don't search children if provided number is too large @@ -17,7 +16,7 @@ 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c -index fee2242e9c..43ac1add38 100644 +index fee2242..43ac1ad 100644 --- a/grub-core/fs/nilfs2.c +++ b/grub-core/fs/nilfs2.c @@ -416,14 +416,34 @@ grub_nilfs2_btree_node_get_key (struct grub_nilfs2_btree_node *node, diff -Nru grub2-unsigned-2.04/debian/patches/0196-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch grub2-unsigned-2.04/debian/patches/0196-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch --- grub2-unsigned-2.04/debian/patches/0196-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0196-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From d0fe9749b0243fd6d8800abf38646f9ccce6086e Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 17:06:19 +1100 -Subject: fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() +Subject: fs/nilfs2: Properly bail on errors in + grub_nilfs2_btree_node_lookup() We just introduced an error return in grub_nilfs2_btree_node_lookup(). Make sure the callers catch it. @@ -16,7 +16,7 @@ 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c -index 43ac1add38..aaba002666 100644 +index 43ac1ad..aaba002 100644 --- a/grub-core/fs/nilfs2.c +++ b/grub-core/fs/nilfs2.c @@ -433,7 +433,7 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data, diff -Nru grub2-unsigned-2.04/debian/patches/0197-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch grub2-unsigned-2.04/debian/patches/0197-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch --- grub2-unsigned-2.04/debian/patches/0197-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0197-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 628d23f1c6a90aca9ec35e646a8c3ed2aef84a8d Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Wed, 13 Jan 2021 20:59:09 +1100 Subject: io/gzio: Bail if gzio->tl/td is NULL @@ -17,7 +16,7 @@ 1 file changed, 20 insertions(+) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 43d98a7bdf..4a8eaeae28 100644 +index 43d98a7..4a8eaea 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio) diff -Nru grub2-unsigned-2.04/debian/patches/0198-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch grub2-unsigned-2.04/debian/patches/0198-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch --- grub2-unsigned-2.04/debian/patches/0198-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0198-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 87aef849cf2bf201190b9514cbc53b5c730c16fe Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 00:05:58 +1100 Subject: io/gzio: Add init_dynamic_block() clean up if unpacking codes fails @@ -17,7 +16,7 @@ 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 4a8eaeae28..4236f0fd48 100644 +index 4a8eaea..4236f0f 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -953,7 +953,7 @@ init_dynamic_block (grub_gzio_t gzio) diff -Nru grub2-unsigned-2.04/debian/patches/0199-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch grub2-unsigned-2.04/debian/patches/0199-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch --- grub2-unsigned-2.04/debian/patches/0199-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0199-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 7fd3a3d89a30fff6e9ca337caeb4c294470b91c8 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 12:20:49 +1100 Subject: io/gzio: Catch missing values in huft_build() and bail @@ -20,7 +19,7 @@ 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 4236f0fd48..19adebeede 100644 +index 4236f0f..19adebe 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -507,6 +507,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ diff -Nru grub2-unsigned-2.04/debian/patches/0200-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch grub2-unsigned-2.04/debian/patches/0200-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch --- grub2-unsigned-2.04/debian/patches/0200-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0200-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5817b1d117b8d6c1b5a6cdca95c75b468e8a23f7 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 12:22:28 +1100 Subject: io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() @@ -17,7 +16,7 @@ 1 file changed, 2 insertions(+) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 19adebeede..aea86a0a9a 100644 +index 19adebe..aea86a0 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -1010,6 +1010,7 @@ init_dynamic_block (grub_gzio_t gzio) diff -Nru grub2-unsigned-2.04/debian/patches/0201-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch grub2-unsigned-2.04/debian/patches/0201-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch --- grub2-unsigned-2.04/debian/patches/0201-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0201-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 05b56254c1f4ce6568d0c1a0a068f38b4154776c Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 17:59:14 +1100 Subject: disk/lvm: Don't go beyond the end of the data we read from disk @@ -18,7 +17,7 @@ 1 file changed, 14 insertions(+) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index d154f7c01b..3299ac57b8 100644 +index d154f7c..3299ac5 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -141,6 +141,20 @@ grub_lvm_detect (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0202-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch grub2-unsigned-2.04/debian/patches/0202-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch --- grub2-unsigned-2.04/debian/patches/0202-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0202-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 696ab3582b01f621b887aabd394bce7a0ef6f0c2 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 18:19:51 +1100 Subject: disk/lvm: Don't blast past the end of the circular metadata buffer @@ -16,7 +15,7 @@ 1 file changed, 10 insertions(+) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 3299ac57b8..fc2d91257c 100644 +index 3299ac5..fc2d912 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -214,6 +214,16 @@ grub_lvm_detect (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0203-disk-lvm-Bail-on-missing-PV-list.patch grub2-unsigned-2.04/debian/patches/0203-disk-lvm-Bail-on-missing-PV-list.patch --- grub2-unsigned-2.04/debian/patches/0203-disk-lvm-Bail-on-missing-PV-list.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0203-disk-lvm-Bail-on-missing-PV-list.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From bcbff27c53e07a6b59acac336d6f9bdaab573ee2 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 18:54:29 +1100 Subject: disk/lvm: Bail on missing PV list @@ -17,7 +16,7 @@ 1 file changed, 2 insertions(+) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index fc2d91257c..0f9b3bc40f 100644 +index fc2d912..0f9b3bc 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -370,6 +370,8 @@ error_parsing_metadata: diff -Nru grub2-unsigned-2.04/debian/patches/0204-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch grub2-unsigned-2.04/debian/patches/0204-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch --- grub2-unsigned-2.04/debian/patches/0204-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0204-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From ba2fbd83cec4f88a617136d94792030f5e82513b Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 18:35:22 +1100 Subject: disk/lvm: Do not crash if an expected string is not found @@ -17,7 +16,7 @@ 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 0f9b3bc40f..97153bcccc 100644 +index 0f9b3bc..97153bc 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -530,7 +530,16 @@ error_parsing_metadata: diff -Nru grub2-unsigned-2.04/debian/patches/0205-disk-lvm-Do-not-overread-metadata.patch grub2-unsigned-2.04/debian/patches/0205-disk-lvm-Do-not-overread-metadata.patch --- grub2-unsigned-2.04/debian/patches/0205-disk-lvm-Do-not-overread-metadata.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0205-disk-lvm-Do-not-overread-metadata.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b76f314925b5dae6a209094de551e42c3d7d6724 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 18:35:22 +1100 Subject: disk/lvm: Do not overread metadata @@ -13,7 +12,7 @@ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 97153bcccc..3d9133b62b 100644 +index 97153bc..3d9133b 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -313,17 +313,23 @@ error_parsing_metadata: diff -Nru grub2-unsigned-2.04/debian/patches/0206-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch grub2-unsigned-2.04/debian/patches/0206-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch --- grub2-unsigned-2.04/debian/patches/0206-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0206-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From fc92a2e437466777cf27846de1d7ffd64ad7c94d Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 14:43:58 +1100 Subject: disk/lvm: Sanitize rlocn->offset to prevent wild read @@ -17,7 +16,7 @@ 1 file changed, 8 insertions(+) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 3d9133b62b..630dd6a60c 100644 +index 3d9133b..630dd6a 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -211,6 +211,14 @@ grub_lvm_detect (grub_disk_t disk, diff -Nru grub2-unsigned-2.04/debian/patches/0207-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch grub2-unsigned-2.04/debian/patches/0207-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch --- grub2-unsigned-2.04/debian/patches/0207-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0207-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 30627d7e7854ad8065b2c3c8f9abdb03f55f3149 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 22 Jan 2021 14:42:21 +1100 Subject: disk/lvm: Do not allow a LV to be it's own segment's node's LV @@ -12,7 +11,7 @@ 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 630dd6a60c..f76e2e16ad 100644 +index 630dd6a..f76e2e1 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -829,9 +829,13 @@ error_parsing_metadata: diff -Nru grub2-unsigned-2.04/debian/patches/0208-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch grub2-unsigned-2.04/debian/patches/0208-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch --- grub2-unsigned-2.04/debian/patches/0208-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0208-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e6ee4d07aaeea7074107e8c9eadcede1e2dc1777 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 17:17:16 +1100 Subject: fs/btrfs: Validate the number of stripes/parities in RAID5/6 @@ -14,7 +13,7 @@ 1 file changed, 3 insertions(+) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 2b65bd56a0..e4e87bae6b 100644 +index 2b65bd5..e4e87ba 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -1076,6 +1076,9 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, diff -Nru grub2-unsigned-2.04/debian/patches/0209-fs-btrfs-Squash-some-uninitialized-reads.patch grub2-unsigned-2.04/debian/patches/0209-fs-btrfs-Squash-some-uninitialized-reads.patch --- grub2-unsigned-2.04/debian/patches/0209-fs-btrfs-Squash-some-uninitialized-reads.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0209-fs-btrfs-Squash-some-uninitialized-reads.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9a0c97a83d82bb2bf270e4de87050f724abe04b4 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Mon, 18 Jan 2021 17:27:18 +1100 Subject: fs/btrfs: Squash some uninitialized reads @@ -12,7 +11,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index e4e87bae6b..d489cb0bee 100644 +index e4e87ba..d489cb0 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -381,9 +381,9 @@ next (struct grub_btrfs_data *data, diff -Nru grub2-unsigned-2.04/debian/patches/0210-kern-parser-Fix-a-memory-leak.patch grub2-unsigned-2.04/debian/patches/0210-kern-parser-Fix-a-memory-leak.patch --- grub2-unsigned-2.04/debian/patches/0210-kern-parser-Fix-a-memory-leak.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0210-kern-parser-Fix-a-memory-leak.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 386909377bd95bb9cbddf2e7d7a61877972ef527 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 18 Nov 2020 00:59:24 +0000 Subject: kern/parser: Fix a memory leak @@ -14,7 +13,7 @@ 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index d1cf061ad6..39e4df65b8 100644 +index d1cf061..39e4df6 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -140,6 +140,7 @@ grub_parser_split_cmdline (const char *cmdline, diff -Nru grub2-unsigned-2.04/debian/patches/0211-kern-parser-Introduce-process_char-helper.patch grub2-unsigned-2.04/debian/patches/0211-kern-parser-Introduce-process_char-helper.patch --- grub2-unsigned-2.04/debian/patches/0211-kern-parser-Introduce-process_char-helper.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0211-kern-parser-Introduce-process_char-helper.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 97b42f15b67e6c892616a782cd7248c8c4ad8048 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Tue, 5 Jan 2021 22:17:28 +0000 Subject: kern/parser: Introduce process_char() helper @@ -10,11 +9,11 @@ Signed-off-by: Chris Coulson Reviewed-by: Daniel Kiper --- - grub-core/kern/parser.c | 74 +++++++++++++++++++++++++---------------- + grub-core/kern/parser.c | 74 ++++++++++++++++++++++++++++++------------------- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 39e4df65b8..0d3582bd87 100644 +index 39e4df6..0d3582b 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -1,7 +1,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0212-kern-parser-Introduce-terminate_arg-helper.patch grub2-unsigned-2.04/debian/patches/0212-kern-parser-Introduce-terminate_arg-helper.patch --- grub2-unsigned-2.04/debian/patches/0212-kern-parser-Introduce-terminate_arg-helper.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0212-kern-parser-Introduce-terminate_arg-helper.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 24d9b34795c31b2d8b3b55fe37fd0060ce0f0c36 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Thu, 7 Jan 2021 19:53:55 +0000 Subject: kern/parser: Introduce terminate_arg() helper @@ -13,7 +12,7 @@ 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 0d3582bd87..572c67089f 100644 +index 0d3582b..572c670 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -129,6 +129,16 @@ add_var (char *varname, char **bp, char **vp, diff -Nru grub2-unsigned-2.04/debian/patches/0213-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch grub2-unsigned-2.04/debian/patches/0213-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch --- grub2-unsigned-2.04/debian/patches/0213-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0213-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5d70198bc815fdd017e076a349abce9cd00334e4 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 6 Jan 2021 13:54:26 +0000 Subject: kern/parser: Refactor grub_parser_split_cmdline() cleanup @@ -14,7 +13,7 @@ 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 572c67089f..e010eaa1fa 100644 +index 572c670..e010eaa 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -221,19 +221,13 @@ grub_parser_split_cmdline (const char *cmdline, diff -Nru grub2-unsigned-2.04/debian/patches/0214-kern-buffer-Add-variable-sized-heap-buffer.patch grub2-unsigned-2.04/debian/patches/0214-kern-buffer-Add-variable-sized-heap-buffer.patch --- grub2-unsigned-2.04/debian/patches/0214-kern-buffer-Add-variable-sized-heap-buffer.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0214-kern-buffer-Add-variable-sized-heap-buffer.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5556f1521d03c094ad3eb20d651d9d52e0e97b30 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Thu, 7 Jan 2021 15:15:43 +0000 Subject: kern/buffer: Add variable sized heap buffer @@ -11,14 +10,14 @@ Reviewed-by: Daniel Kiper --- grub-core/Makefile.core.def | 1 + - grub-core/kern/buffer.c | 117 +++++++++++++++++++++++++++++ - include/grub/buffer.h | 144 ++++++++++++++++++++++++++++++++++++ + grub-core/kern/buffer.c | 117 +++++++++++++++++++++++++++++++++++ + include/grub/buffer.h | 144 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 262 insertions(+) create mode 100644 grub-core/kern/buffer.c create mode 100644 include/grub/buffer.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 72a9d4b66b..0fa336f72e 100644 +index 72a9d4b..0fa336f 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -123,6 +123,7 @@ kernel = { @@ -31,7 +30,7 @@ common = kern/device.c; diff --git a/grub-core/kern/buffer.c b/grub-core/kern/buffer.c new file mode 100644 -index 0000000000..9f5f8b8670 +index 0000000..9f5f8b8 --- /dev/null +++ b/grub-core/kern/buffer.c @@ -0,0 +1,117 @@ @@ -154,7 +153,7 @@ +} diff --git a/include/grub/buffer.h b/include/grub/buffer.h new file mode 100644 -index 0000000000..f4b10cf281 +index 0000000..f4b10cf --- /dev/null +++ b/include/grub/buffer.h @@ -0,0 +1,144 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0215-kern-parser-Fix-a-stack-buffer-overflow.patch grub2-unsigned-2.04/debian/patches/0215-kern-parser-Fix-a-stack-buffer-overflow.patch --- grub2-unsigned-2.04/debian/patches/0215-kern-parser-Fix-a-stack-buffer-overflow.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0215-kern-parser-Fix-a-stack-buffer-overflow.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 1922ee7da10726a3f13a50abc1b5684f7d22b398 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Thu, 7 Jan 2021 19:21:03 +0000 Subject: kern/parser: Fix a stack buffer overflow @@ -18,11 +17,11 @@ Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper --- - grub-core/kern/parser.c | 110 ++++++++++++++++++++++++---------------- + grub-core/kern/parser.c | 110 +++++++++++++++++++++++++++++------------------- 1 file changed, 67 insertions(+), 43 deletions(-) diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index e010eaa1fa..6ab7aa427c 100644 +index e010eaa..6ab7aa4 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -18,6 +18,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0216-kern-efi-Add-initial-stack-protector-implementation.patch grub2-unsigned-2.04/debian/patches/0216-kern-efi-Add-initial-stack-protector-implementation.patch --- grub2-unsigned-2.04/debian/patches/0216-kern-efi-Add-initial-stack-protector-implementation.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0216-kern-efi-Add-initial-stack-protector-implementation.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From bade03b870fc579fccf27e39ea65b7850e77f179 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Tue, 1 Dec 2020 23:03:39 +0000 Subject: kern/efi: Add initial stack protector implementation @@ -11,17 +10,17 @@ Reviewed-by: Marco A Benatto Reviewed-by: Javier Martinez Canillas --- - acinclude.m4 | 38 ++++++++++++++++++++++-- - configure.ac | 44 +++++++++++++++++++++++---- + acinclude.m4 | 38 +++++++++++++++++++++++++++-- + configure.ac | 44 ++++++++++++++++++++++++++++++---- grub-core/Makefile.am | 1 + - grub-core/kern/efi/init.c | 54 ++++++++++++++++++++++++++++++++++ - include/grub/efi/api.h | 19 ++++++++++++ - include/grub/stack_protector.h | 30 +++++++++++++++++++ + grub-core/kern/efi/init.c | 54 ++++++++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 19 +++++++++++++++ + include/grub/stack_protector.h | 30 +++++++++++++++++++++++ 6 files changed, 179 insertions(+), 7 deletions(-) create mode 100644 include/grub/stack_protector.h diff --git a/acinclude.m4 b/acinclude.m4 -index 78cdf6e1d0..6e14bb553c 100644 +index 78cdf6e..6e14bb5 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -305,9 +305,9 @@ fi @@ -78,7 +77,7 @@ dnl Check if the C compiler supports `-mstack-arg-probe' (Cygwin). diff --git a/configure.ac b/configure.ac -index fae9171022..e187c91f65 100644 +index fae9171..e187c91 100644 --- a/configure.ac +++ b/configure.ac @@ -1307,12 +1307,41 @@ fi] @@ -141,7 +140,7 @@ echo With quiet boot: Yes else diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index b704b77195..f90ab521a2 100644 +index b704b77..f90ab52 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -90,6 +90,7 @@ endif @@ -153,7 +152,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 01d64d906e..e60d3af3a6 100644 +index 01d64d9..e60d3af 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -27,6 +27,58 @@ @@ -225,7 +224,7 @@ grub_efi_mm_init (); diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 49275e4117..863cf71f63 100644 +index 49275e4..863cf71 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -349,6 +349,11 @@ @@ -263,7 +262,7 @@ || defined(__riscv) diff --git a/include/grub/stack_protector.h b/include/grub/stack_protector.h new file mode 100644 -index 0000000000..c88dc00b5f +index 0000000..c88dc00 --- /dev/null +++ b/include/grub/stack_protector.h @@ -0,0 +1,30 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0217-util-mkimage-Remove-unused-code-to-add-BSS-section.patch grub2-unsigned-2.04/debian/patches/0217-util-mkimage-Remove-unused-code-to-add-BSS-section.patch --- grub2-unsigned-2.04/debian/patches/0217-util-mkimage-Remove-unused-code-to-add-BSS-section.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0217-util-mkimage-Remove-unused-code-to-add-BSS-section.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 69a3ff7afca3b8566b875af7e45d8b122e2dd179 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Thu, 11 Feb 2021 17:06:49 +0100 Subject: util/mkimage: Remove unused code to add BSS section @@ -14,7 +13,7 @@ 1 file changed, 17 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index 37d6249f16..32bb8ea68b 100644 +index 37d6249..32bb8ea 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1304,7 +1304,6 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0218-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch grub2-unsigned-2.04/debian/patches/0218-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch --- grub2-unsigned-2.04/debian/patches/0218-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0218-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5f5bf0a8f47719f577ab9785bf9f0f9ce647b01a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 13:59:21 +0100 Subject: util/mkimage: Use grub_host_to_target32() instead of @@ -16,7 +15,7 @@ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index 32bb8ea68b..02944f28e0 100644 +index 32bb8ea..02944f2 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1302,10 +1302,10 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0219-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch grub2-unsigned-2.04/debian/patches/0219-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch --- grub2-unsigned-2.04/debian/patches/0219-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0219-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3a9ac9abf625ba67841fef3e362fe4f9056e6a84 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 14:14:24 +0100 Subject: util/mkimage: Always use grub_host_to_target32() to initialize PE @@ -15,7 +14,7 @@ 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index 02944f28e0..b94bfb781a 100644 +index 02944f2..b94bfb7 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1351,10 +1351,10 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0220-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch grub2-unsigned-2.04/debian/patches/0220-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch --- grub2-unsigned-2.04/debian/patches/0220-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0220-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8ce0fe0c4fe9d16de8698d36d1b8e7b8876fe1af Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 14:19:31 +0100 Subject: util/mkimage: Unify more of the PE32 and PE32+ header set-up @@ -14,11 +13,11 @@ Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper --- - util/mkimage.c | 111 +++++++++++++++++++++++-------------------------- + util/mkimage.c | 111 ++++++++++++++++++++++++++------------------------------- 1 file changed, 51 insertions(+), 60 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index b94bfb781a..a039039db0 100644 +index b94bfb7..a039039 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -816,6 +816,21 @@ grub_install_get_image_targets_string (void) diff -Nru grub2-unsigned-2.04/debian/patches/0221-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch grub2-unsigned-2.04/debian/patches/0221-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch --- grub2-unsigned-2.04/debian/patches/0221-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0221-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 569e6142eb0fb71cd4f64301625d0381967a0b81 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 14:21:48 +0100 Subject: util/mkimage: Reorder PE optional header fields set-up @@ -14,7 +13,7 @@ 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index a039039db0..deaef56669 100644 +index a039039..deaef56 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1332,16 +1332,12 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0222-util-mkimage-Improve-data_size-value-calculation.patch grub2-unsigned-2.04/debian/patches/0222-util-mkimage-Improve-data_size-value-calculation.patch --- grub2-unsigned-2.04/debian/patches/0222-util-mkimage-Improve-data_size-value-calculation.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0222-util-mkimage-Improve-data_size-value-calculation.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 77b2092f3fb7f1fb0ace2f180e3acfc9e9a14ccf Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 11 Feb 2021 17:07:33 +0100 Subject: util/mkimage: Improve data_size value calculation @@ -21,7 +20,7 @@ 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/util/mkimage.c b/util/mkimage.c -index deaef56669..853a521792 100644 +index deaef56..853a521 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1260,6 +1260,7 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0223-util-mkimage-Refactor-section-setup-to-use-a-helper.patch grub2-unsigned-2.04/debian/patches/0223-util-mkimage-Refactor-section-setup-to-use-a-helper.patch --- grub2-unsigned-2.04/debian/patches/0223-util-mkimage-Refactor-section-setup-to-use-a-helper.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0223-util-mkimage-Refactor-section-setup-to-use-a-helper.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 09c71638fe8b05e1c91326d016d1e326ed21cb48 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 14:58:06 +0100 Subject: util/mkimage: Refactor section setup to use a helper @@ -10,11 +9,11 @@ Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper --- - util/mkimage.c | 143 ++++++++++++++++++++++++++----------------------- + util/mkimage.c | 143 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 77 insertions(+), 66 deletions(-) diff --git a/util/mkimage.c b/util/mkimage.c -index 853a521792..8b475a6910 100644 +index 853a521..8b475a6 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -816,6 +816,38 @@ grub_install_get_image_targets_string (void) diff -Nru grub2-unsigned-2.04/debian/patches/0224-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch grub2-unsigned-2.04/debian/patches/0224-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch --- grub2-unsigned-2.04/debian/patches/0224-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0224-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6caa2946d92eb1c868c78bcaa0d0a9a9a17cb5e2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 15 Feb 2021 17:07:00 +0100 Subject: util/mkimage: Add an option to import SBAT metadata into a .sbat @@ -12,16 +11,16 @@ Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper --- - docs/grub.texi | 19 ++++++++++++++++ + docs/grub.texi | 19 +++++++++++++++++++ include/grub/util/install.h | 3 ++- include/grub/util/mkimage.h | 1 + util/grub-install-common.c | 2 +- - util/grub-mkimage.c | 15 ++++++++++++- - util/mkimage.c | 43 +++++++++++++++++++++++++++++++------ + util/grub-mkimage.c | 15 ++++++++++++++- + util/mkimage.c | 43 ++++++++++++++++++++++++++++++++++++------- 6 files changed, 73 insertions(+), 10 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index 787ed1c454..721e63e9f7 100644 +index 787ed1c..721e63e 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5758,6 +5758,7 @@ environment variables and commands are listed in the same order. @@ -58,7 +57,7 @@ @section Measuring boot components diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index b2ed88e386..2f52cbf17b 100644 +index b2ed88e..2f52cbf 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -183,7 +183,8 @@ grub_install_generate_image (const char *dir, const char *prefix, @@ -72,7 +71,7 @@ const struct grub_install_image_target_desc * grub_install_get_image_target (const char *arg); diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h -index ba9f568f69..3819a67441 100644 +index ba9f568..3819a67 100644 --- a/include/grub/util/mkimage.h +++ b/include/grub/util/mkimage.h @@ -24,6 +24,7 @@ struct grub_mkimage_layout @@ -84,7 +83,7 @@ void *reloc_section; size_t reloc_size; diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 61f9075bcc..192d50d1b2 100644 +index 61f9075..192d50d 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -586,7 +586,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, @@ -97,7 +96,7 @@ grub_install_pop_module (); } diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index 912564e362..75b884710f 100644 +index 912564e..75b8847 100644 --- a/util/grub-mkimage.c +++ b/util/grub-mkimage.c @@ -81,6 +81,7 @@ static struct argp_option options[] = { @@ -150,7 +149,7 @@ return 0; } diff --git a/util/mkimage.c b/util/mkimage.c -index 8b475a6910..b354ec1d9b 100644 +index 8b475a6..b354ec1 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -869,12 +869,13 @@ grub_install_generate_image (const char *dir, const char *prefix, diff -Nru grub2-unsigned-2.04/debian/patches/0225-kern-misc-Split-parse_printf_args-into-format-parsin.patch grub2-unsigned-2.04/debian/patches/0225-kern-misc-Split-parse_printf_args-into-format-parsin.patch --- grub2-unsigned-2.04/debian/patches/0225-kern-misc-Split-parse_printf_args-into-format-parsin.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0225-kern-misc-Split-parse_printf_args-into-format-parsin.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2f97d9879c988542cf228303c467b21485f778b2 Mon Sep 17 00:00:00 2001 From: Thomas Frauendorfer | Miray Software Date: Mon, 15 Feb 2021 13:40:16 +0100 Subject: kern/misc: Split parse_printf_args() into format parsing and va_list @@ -16,7 +15,7 @@ 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 8e95d9c464..556aeda457 100644 +index 8e95d9c..556aeda 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -632,8 +632,7 @@ grub_lltoa (char *str, int c, unsigned long long n) diff -Nru grub2-unsigned-2.04/debian/patches/0226-kern-misc-Add-STRING-type-for-internal-printf-format.patch grub2-unsigned-2.04/debian/patches/0226-kern-misc-Add-STRING-type-for-internal-printf-format.patch --- grub2-unsigned-2.04/debian/patches/0226-kern-misc-Add-STRING-type-for-internal-printf-format.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0226-kern-misc-Add-STRING-type-for-internal-printf-format.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From dcb4b8deb6eecbaca5b959ff043ea419091952bb Mon Sep 17 00:00:00 2001 From: Thomas Frauendorfer | Miray Software Date: Mon, 15 Feb 2021 14:04:26 +0100 Subject: kern/misc: Add STRING type for internal printf() format handling @@ -19,7 +18,7 @@ 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 556aeda457..9d776e9100 100644 +index 556aeda..9d776e9 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -33,7 +33,8 @@ union printf_arg diff -Nru grub2-unsigned-2.04/debian/patches/0227-kern-misc-Add-function-to-check-printf-format-agains.patch grub2-unsigned-2.04/debian/patches/0227-kern-misc-Add-function-to-check-printf-format-agains.patch --- grub2-unsigned-2.04/debian/patches/0227-kern-misc-Add-function-to-check-printf-format-agains.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0227-kern-misc-Add-function-to-check-printf-format-agains.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 12aba674a40d475e55cbd7d3781e359918b30618 Mon Sep 17 00:00:00 2001 From: Thomas Frauendorfer | Miray Software Date: Thu, 4 Feb 2021 19:02:33 +0100 Subject: kern/misc: Add function to check printf() format against expected @@ -44,12 +43,12 @@ Signed-off-by: Thomas Frauendorfer | Miray Software Reviewed-by: Daniel Kiper --- - grub-core/kern/misc.c | 82 ++++++++++++++++++++++++++++++++++++++++--- - include/grub/misc.h | 16 +++++++++ + grub-core/kern/misc.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++--- + include/grub/misc.h | 16 ++++++++++ 2 files changed, 94 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 9d776e9100..c902266566 100644 +index 9d776e9..c902266 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -632,8 +632,26 @@ grub_lltoa (char *str, int c, unsigned long long n) @@ -187,7 +186,7 @@ static void __attribute__ ((noreturn)) grub_abort (void) diff --git a/include/grub/misc.h b/include/grub/misc.h -index f9135b62e3..11bdf8c6c6 100644 +index f9135b6..11bdf8c 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -440,6 +440,22 @@ grub_error_load (const struct grub_error_saved *save) diff -Nru grub2-unsigned-2.04/debian/patches/0228-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch grub2-unsigned-2.04/debian/patches/0228-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch --- grub2-unsigned-2.04/debian/patches/0228-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0228-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0378f0444b420c542796d7ed8ff2d7852cfd3e2a Mon Sep 17 00:00:00 2001 From: Thomas Frauendorfer | Miray Software Date: Tue, 4 Aug 2020 13:49:51 +0200 Subject: gfxmenu/gui: Check printf() format in the gui_progress_bar and @@ -28,7 +27,7 @@ 2 files changed, 7 insertions(+) diff --git a/grub-core/gfxmenu/gui_label.c b/grub-core/gfxmenu/gui_label.c -index a4c817891e..1c190542a2 100644 +index a4c8178..1c19054 100644 --- a/grub-core/gfxmenu/gui_label.c +++ b/grub-core/gfxmenu/gui_label.c @@ -193,6 +193,10 @@ label_set_property (void *vself, const char *name, const char *value) @@ -43,7 +42,7 @@ self->text = grub_xasprintf (value, self->value); } diff --git a/grub-core/gfxmenu/gui_progress_bar.c b/grub-core/gfxmenu/gui_progress_bar.c -index b128f08668..ace85a1256 100644 +index b128f08..ace85a1 100644 --- a/grub-core/gfxmenu/gui_progress_bar.c +++ b/grub-core/gfxmenu/gui_progress_bar.c @@ -348,6 +348,9 @@ progress_bar_set_property (void *vself, const char *name, const char *value) diff -Nru grub2-unsigned-2.04/debian/patches/0229-kern-mm-Fix-grub_debug_calloc-compilation-error.patch grub2-unsigned-2.04/debian/patches/0229-kern-mm-Fix-grub_debug_calloc-compilation-error.patch --- grub2-unsigned-2.04/debian/patches/0229-kern-mm-Fix-grub_debug_calloc-compilation-error.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0229-kern-mm-Fix-grub_debug_calloc-compilation-error.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 59b5442292d3f03aa7168484a2016181729a52a1 Mon Sep 17 00:00:00 2001 From: Marco A Benatto Date: Tue, 9 Feb 2021 12:33:06 -0300 Subject: kern/mm: Fix grub_debug_calloc() compilation error @@ -15,7 +14,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index f2822a8364..c070afc621 100644 +index f2822a8..c070afc 100644 --- a/grub-core/kern/mm.c +++ b/grub-core/kern/mm.c @@ -594,7 +594,7 @@ grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t si diff -Nru grub2-unsigned-2.04/debian/patches/0230-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch grub2-unsigned-2.04/debian/patches/0230-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch --- grub2-unsigned-2.04/debian/patches/0230-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0230-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 13133a9ea9ad9dc736bba3d68291389ca2a6c713 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Tue, 2 Feb 2021 19:59:48 +0100 Subject: kern/lockdown: Set a variable if the GRUB is locked down @@ -16,7 +15,7 @@ 2 files changed, 7 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi -index 721e63e9f7..4c2f7e15de 100644 +index 721e63e..4c2f7e1 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -6000,6 +6000,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl @@ -30,7 +29,7 @@ @chapter Platform limitations diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c -index 8f28bf14c3..306f1c3145 100644 +index 8f28bf1..306f1c3 100644 --- a/grub-core/kern/lockdown.c +++ b/grub-core/kern/lockdown.c @@ -18,6 +18,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/0231-net-tftp-Fix-dangling-memory-pointer.patch grub2-unsigned-2.04/debian/patches/0231-net-tftp-Fix-dangling-memory-pointer.patch --- grub2-unsigned-2.04/debian/patches/0231-net-tftp-Fix-dangling-memory-pointer.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0231-net-tftp-Fix-dangling-memory-pointer.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4604fb11f0732838c809bd47bf1b8150c03a58ee Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Fri, 19 Feb 2021 17:12:23 +0000 Subject: net/tftp: Fix dangling memory pointer @@ -17,7 +16,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 33c0b8214e..b35cda97ae 100644 +index 33c0b82..b35cda9 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -418,6 +418,7 @@ tftp_close (struct grub_file *file) diff -Nru grub2-unsigned-2.04/debian/patches/0232-grub-install-common-Add-sbat-option.patch grub2-unsigned-2.04/debian/patches/0232-grub-install-common-Add-sbat-option.patch --- grub2-unsigned-2.04/debian/patches/0232-grub-install-common-Add-sbat-option.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0232-grub-install-common-Add-sbat-option.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 1632668a6aa1396bf24d01b8cc3ec90266d95c97 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 22 Feb 2021 17:05:25 +0000 Subject: grub-install-common: Add --sbat option @@ -11,7 +10,7 @@ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 2f52cbf17b..3e6997b424 100644 +index 2f52cbf..3e6997b 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -63,6 +63,8 @@ @@ -34,7 +33,7 @@ extern char *grub_install_source_directory; diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 192d50d1b2..c9c1535c02 100644 +index 192d50d..c9c1535 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -382,6 +382,7 @@ handle_install_list (struct install_list *il, const char *val, diff -Nru grub2-unsigned-2.04/debian/patches/0233-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch grub2-unsigned-2.04/debian/patches/0233-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch --- grub2-unsigned-2.04/debian/patches/0233-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0233-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From bf714c5db69d34a161ff9ffed6fc2887626bfa1e Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 24 Feb 2021 09:00:05 +0100 Subject: commands: Restrict commands that can load BIOS or DT blobs when @@ -27,7 +26,7 @@ 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index 4c2f7e15de..c35db85916 100644 +index 4c2f7e1..c35db85 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -4311,6 +4311,9 @@ Load a device tree blob (.dtb) from a filesystem, for later use by a Linux @@ -41,7 +40,7 @@ @node distrust diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c -index d41d521a4a..5c7725f8bd 100644 +index d41d521..5c7725f 100644 --- a/grub-core/commands/efi/loadbios.c +++ b/grub-core/commands/efi/loadbios.c @@ -205,14 +205,14 @@ static grub_command_t cmd_fakebios, cmd_loadbios; @@ -68,7 +67,7 @@ GRUB_MOD_FINI(loadbios) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 979d425dfb..9738b47b66 100644 +index 979d425..9738b47 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -505,9 +505,9 @@ GRUB_MOD_INIT (linux) @@ -85,7 +84,7 @@ current_fdt = (const void *) grub_arm_firmware_get_boot_data (); machine_type = grub_arm_firmware_get_machine_type (); diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index 5360e6c1f7..06a62a7702 100644 +index 5360e6c..06a62a7 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -174,8 +174,8 @@ static grub_command_t cmd_devicetree; diff -Nru grub2-unsigned-2.04/debian/patches/0234-commands-setpci-Restrict-setpci-command-when-locked-.patch grub2-unsigned-2.04/debian/patches/0234-commands-setpci-Restrict-setpci-command-when-locked-.patch --- grub2-unsigned-2.04/debian/patches/0234-commands-setpci-Restrict-setpci-command-when-locked-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0234-commands-setpci-Restrict-setpci-command-when-locked-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 19623dcb7584cd39936d68ba9db5f242213cff93 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 24 Feb 2021 22:59:59 +0100 Subject: commands/setpci: Restrict setpci command when locked down @@ -13,7 +12,7 @@ 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c -index d5bc97d60b..fa2ba7d891 100644 +index d5bc97d..fa2ba7d 100644 --- a/grub-core/commands/setpci.c +++ b/grub-core/commands/setpci.c @@ -329,10 +329,10 @@ static grub_extcmd_t cmd; diff -Nru grub2-unsigned-2.04/debian/patches/0235-commands-hdparm-Restrict-hdparm-command-when-locked-.patch grub2-unsigned-2.04/debian/patches/0235-commands-hdparm-Restrict-hdparm-command-when-locked-.patch --- grub2-unsigned-2.04/debian/patches/0235-commands-hdparm-Restrict-hdparm-command-when-locked-.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0235-commands-hdparm-Restrict-hdparm-command-when-locked-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 84538ac4dbe81d2f01845aa1cd50fa66b937f6e2 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 24 Feb 2021 12:59:29 +0100 Subject: commands/hdparm: Restrict hdparm command when locked down @@ -13,7 +12,7 @@ 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c -index d3fa9661e5..2e2319e645 100644 +index d3fa966..2e2319e 100644 --- a/grub-core/commands/hdparm.c +++ b/grub-core/commands/hdparm.c @@ -436,9 +436,9 @@ static grub_extcmd_t cmd; diff -Nru grub2-unsigned-2.04/debian/patches/0236-gdb-Restrict-GDB-access-when-locked-down.patch grub2-unsigned-2.04/debian/patches/0236-gdb-Restrict-GDB-access-when-locked-down.patch --- grub2-unsigned-2.04/debian/patches/0236-gdb-Restrict-GDB-access-when-locked-down.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0236-gdb-Restrict-GDB-access-when-locked-down.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 76cef0efbb41d5ce83ffa3c50ce379b164bd52ac Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 24 Feb 2021 15:03:26 +0100 Subject: gdb: Restrict GDB access when locked down @@ -14,7 +13,7 @@ 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c -index 847a1e1e36..1818cb6f8e 100644 +index 847a1e1..1818cb6 100644 --- a/grub-core/gdb/gdb.c +++ b/grub-core/gdb/gdb.c @@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break; diff -Nru grub2-unsigned-2.04/debian/patches/0237-loader-xnu-Don-t-allow-loading-extension-and-package.patch grub2-unsigned-2.04/debian/patches/0237-loader-xnu-Don-t-allow-loading-extension-and-package.patch --- grub2-unsigned-2.04/debian/patches/0237-loader-xnu-Don-t-allow-loading-extension-and-package.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0237-loader-xnu-Don-t-allow-loading-extension-and-package.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5ccc376c80cc158c3488ea4cb34dd51ee53020fb Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 24 Feb 2021 14:44:38 +0100 Subject: loader/xnu: Don't allow loading extension and packages when locked @@ -14,7 +13,7 @@ 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 46d1b3fab5..15d410ff2d 100644 +index 46d1b3f..15d410f 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -1505,20 +1505,23 @@ GRUB_MOD_INIT(xnu) diff -Nru grub2-unsigned-2.04/debian/patches/0238-util-grub-install-Fix-NULL-pointer-dereferences.patch grub2-unsigned-2.04/debian/patches/0238-util-grub-install-Fix-NULL-pointer-dereferences.patch --- grub2-unsigned-2.04/debian/patches/0238-util-grub-install-Fix-NULL-pointer-dereferences.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0238-util-grub-install-Fix-NULL-pointer-dereferences.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9fd4aa71a88556d25b89d61a55f6efe159b2a273 Mon Sep 17 00:00:00 2001 From: Daniel Kiper Date: Thu, 25 Feb 2021 18:35:01 +0100 Subject: util/grub-install: Fix NULL pointer dereferences @@ -15,7 +14,7 @@ 1 file changed, 4 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 843dfc7c80..702acc2133 100644 +index 843dfc7..702acc2 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1977,6 +1977,8 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/0239-arm-linux-Fix-ARM-Linux-header-layout.patch grub2-unsigned-2.04/debian/patches/0239-arm-linux-Fix-ARM-Linux-header-layout.patch --- grub2-unsigned-2.04/debian/patches/0239-arm-linux-Fix-ARM-Linux-header-layout.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0239-arm-linux-Fix-ARM-Linux-header-layout.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,29 @@ +From: Ard Biesheuvel +Date: Sun, 25 Oct 2020 14:49:34 +0100 +Subject: arm/linux: Fix ARM Linux header layout + +The hdr_offset member of the ARM Linux image header appears at +offset 0x3c, matching the PE/COFF spec's placement of the COFF +header offset in the MS-DOS header. We're currently off by four, +so fix that. + +Signed-off-by: Ard Biesheuvel +Reviewed-by: Daniel Kiper +(cherry picked from commit a166484483a94f6a414c09a1e449d51fb1beaf05) +--- + include/grub/arm/linux.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h +index 2e98a66..bcd5a7e 100644 +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -30,7 +30,7 @@ struct linux_arm_kernel_header { + grub_uint32_t magic; + grub_uint32_t start; /* _start */ + grub_uint32_t end; /* _edata */ +- grub_uint32_t reserved2[4]; ++ grub_uint32_t reserved2[3]; + grub_uint32_t hdr_offset; + }; + diff -Nru grub2-unsigned-2.04/debian/patches/0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch grub2-unsigned-2.04/debian/patches/0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch --- grub2-unsigned-2.04/debian/patches/0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,67 @@ +From: Chris Coulson +Date: Thu, 28 Apr 2022 21:53:36 +0100 +Subject: loader/efi/chainloader: grub_load_and_start_image doesn't load and + start + +grub_load_and_start_image only loads an image - it still requires the +caller to start it. This renames it to grub_load_image. + +It's called from 2 places: +- grub_cmd_chainloader when not using the shim protocol. +- grub_secureboot_chainloader_boot if handle_image returns an error. +In this case, the image is loaded and then nothing else happens which +seems strange. I assume the intention is that it falls back to LoadImage +and StartImage if handle_image fails, so I've made it do that. + +Signed-off-by: Chris Coulson +(cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) +--- + grub-core/loader/efi/chainloader.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index eb2c0b3..19018a0 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -845,7 +845,7 @@ grub_secureboot_chainloader_unload (void) + } + + static grub_err_t +-grub_load_and_start_image(void *boot_image) ++grub_load_image(void *boot_image) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -887,13 +887,22 @@ grub_load_and_start_image(void *boot_image) + static grub_err_t + grub_secureboot_chainloader_boot (void) + { ++ grub_efi_boot_services_t *b; + int rc; + rc = handle_image ((void *)((grub_addr_t) address), fsize); + if (rc == 0) + { +- grub_load_and_start_image((void *)((grub_addr_t) address)); ++ /* We weren't able to attempt to execute the image, so fall back ++ * to LoadImage / StartImage. ++ */ ++ rc = grub_load_image((void *)((grub_addr_t) address)); ++ if (rc == 0) ++ grub_chainloader_boot (); + } + ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ + grub_loader_unset (); + return grub_errno; + } +@@ -1094,7 +1103,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + else if (rc == 0) + { +- grub_load_and_start_image(boot_image); ++ grub_load_image(boot_image); + grub_file_close (file); + if (orig_dev) + dev = orig_dev; diff -Nru grub2-unsigned-2.04/debian/patches/0240-loader-efi-chainloader-simplify-the-loader-state.patch grub2-unsigned-2.04/debian/patches/0240-loader-efi-chainloader-simplify-the-loader-state.patch --- grub2-unsigned-2.04/debian/patches/0240-loader-efi-chainloader-simplify-the-loader-state.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0240-loader-efi-chainloader-simplify-the-loader-state.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,337 @@ +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:13:08 +0100 +Subject: loader/efi/chainloader: simplify the loader state + +When not using the shim lock protocol, the chainloader command retains +the source buffer and device path passed to LoadImage, requiring the +unload hook passed to grub_loader_set to free them. It isn't required +to retain this state though - they aren't required by StartImage or +anything else in the boot hook, so clean them up before +grub_cmd_chainloader finishes. + +This also wraps the loader state when using the shim lock protocol +inside a struct. + +Signed-off-by: Chris Coulson +(cherry picked from commit fa39862933b3be1553a580a3a5c28073257d8046) +--- + grub-core/loader/efi/chainloader.c | 164 +++++++++++++++++++++++-------------- + 1 file changed, 103 insertions(+), 61 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 19018a0..6b1269e 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -48,38 +48,21 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_ssize_t fsize; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; +-static grub_ssize_t cmdline_len; +-static grub_efi_handle_t dev_handle; + +-static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); ++struct grub_secureboot_chainloader_context { ++ grub_efi_physical_address_t address; ++ grub_efi_uintn_t pages; ++ grub_ssize_t fsize; ++ grub_efi_device_path_t *file_path; ++ grub_efi_char16_t *cmdline; ++ grub_ssize_t cmdline_len; ++ grub_efi_handle_t dev_handle; ++}; ++static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t +-grub_chainloader_unload (void) +-{ +- grub_efi_boot_services_t *b; +- +- b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); +- efi_call_2 (b->free_pages, address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; +- +- grub_dl_unref (my_mod); +- return GRUB_ERR_NONE; +-} +- +-static grub_err_t +-grub_chainloader_boot (void) ++grub_start_image (grub_efi_handle_t handle) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -87,7 +70,7 @@ grub_chainloader_boot (void) + grub_efi_char16_t *exit_data = NULL; + + b = grub_efi_system_table->boot_services; +- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data); ++ status = efi_call_3 (b->start_image, handle, &exit_data_size, &exit_data); + if (status != GRUB_EFI_SUCCESS) + { + if (exit_data) +@@ -111,11 +94,37 @@ grub_chainloader_boot (void) + if (exit_data) + efi_call_1 (b->free_pool, exit_data); + +- grub_loader_unset (); +- + return grub_errno; + } + ++static grub_err_t ++grub_chainloader_unload (void) ++{ ++ grub_efi_loaded_image_t *loaded_image; ++ grub_efi_boot_services_t *b; ++ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_chainloader_boot (void) ++{ ++ grub_err_t err; ++ ++ err = grub_start_image (image_handle); ++ ++ grub_loader_unset (); ++ return err; ++} ++ + static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) +@@ -150,7 +159,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -525,12 +534,14 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) + } + + static grub_efi_boolean_t +-handle_image (void *data, grub_efi_uint32_t datasize) ++handle_image (struct grub_secureboot_chainloader_context *load_context) + { + grub_efi_boot_services_t *b; + grub_efi_loaded_image_t *li, li_bak; + int efi_status; +- char *buffer = NULL; ++ void *data = (void *)(unsigned long)load_context->address; ++ grub_efi_uint32_t datasize = load_context->fsize; ++ void *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i; + struct grub_pe32_section_table *section; +@@ -540,6 +551,7 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_uint32_t buffer_size; + int found_entry_point = 0; + int rc; ++ grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + b = grub_efi_system_table->boot_services; + +@@ -799,10 +811,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); + li->image_base = buffer_aligned; + li->image_size = context.image_size; +- li->load_options = cmdline; +- li->load_options_size = cmdline_len; +- li->file_path = grub_efi_get_media_file_path (file_path); +- li->device_handle = dev_handle; ++ li->load_options = load_context->cmdline; ++ li->load_options_size = load_context->cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (load_context->file_path); ++ li->device_handle = load_context->dev_handle; + if (!li->file_path) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); +@@ -830,22 +842,22 @@ error_exit: + static grub_err_t + grub_secureboot_chainloader_unload (void) + { +- grub_efi_boot_services_t *b; ++ grub_efi_free_pages (sb_context->address, sb_context->pages); ++ grub_free (sb_context->file_path); ++ grub_free (sb_context->cmdline); ++ grub_free (sb_context); + +- b = grub_efi_system_table->boot_services; +- efi_call_2 (b->free_pages, address, pages); +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; ++ sb_context = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } + + static grub_err_t +-grub_load_image(void *boot_image) ++grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, ++ grub_efi_uintn_t image_size, grub_efi_handle_t dev_handle, ++ grub_efi_char16_t *cmdline, grub_ssize_t cmdline_len, ++ grub_efi_handle_t *image_handle_out) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -854,7 +866,7 @@ grub_load_image(void *boot_image) + b = grub_efi_system_table->boot_services; + + status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, fsize, &image_handle); ++ boot_image, image_size, image_handle_out); + if (status != GRUB_EFI_SUCCESS) + { + if (status == GRUB_EFI_OUT_OF_RESOURCES) +@@ -867,7 +879,7 @@ grub_load_image(void *boot_image) + /* LoadImage does not set a device handler when the image is + loaded from memory, so it is necessary to set it explicitly here. + This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); ++ loaded_image = grub_efi_get_loaded_image (*image_handle_out); + if (! loaded_image) + { + grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +@@ -889,19 +901,25 @@ grub_secureboot_chainloader_boot (void) + { + grub_efi_boot_services_t *b; + int rc; +- rc = handle_image ((void *)((grub_addr_t) address), fsize); ++ grub_efi_handle_t handle = 0; ++ ++ rc = handle_image (sb_context); + if (rc == 0) + { + /* We weren't able to attempt to execute the image, so fall back + * to LoadImage / StartImage. + */ +- rc = grub_load_image((void *)((grub_addr_t) address)); ++ rc = grub_load_image(sb_context->file_path, ++ (void *)(unsigned long)sb_context->address, ++ sb_context->fsize, sb_context->dev_handle, ++ sb_context->cmdline, sb_context->cmdline_len, ++ &handle); + if (rc == 0) +- grub_chainloader_boot (); ++ grub_start_image (handle); + } + + b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); ++ efi_call_1 (b->unload_image, handle); + + grub_loader_unset (); + return grub_errno; +@@ -916,10 +934,16 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_boot_services_t *b; + grub_device_t dev = 0; + grub_device_t orig_dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = 0, *file_path = 0; + char *filename; + void *boot_image = 0; + int rc; ++ grub_efi_physical_address_t address = 0; ++ grub_ssize_t fsize; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = 0; ++ grub_ssize_t cmdline_len = 0; ++ grub_efi_handle_t dev_handle = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -927,12 +951,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- dev_handle = 0; +- + b = grub_efi_system_table->boot_services; + + if (argc > 1) +@@ -1093,21 +1111,39 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); + if (rc > 0) + { ++ sb_context = grub_malloc (sizeof (*sb_context)); ++ if (sb_context == NULL) ++ goto fail; ++ sb_context->address = address; ++ sb_context->fsize = fsize; ++ sb_context->pages = pages; ++ sb_context->file_path = file_path; ++ sb_context->cmdline = cmdline; ++ sb_context->cmdline_len = cmdline_len; ++ sb_context->dev_handle = dev_handle; ++ + grub_file_close (file); + if (orig_dev) + dev = orig_dev; + grub_device_close (dev); ++ + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; + } + else if (rc == 0) + { +- grub_load_image(boot_image); ++ grub_load_image(file_path, boot_image, fsize, dev_handle, cmdline, ++ cmdline_len, &image_handle); + grub_file_close (file); + if (orig_dev) + dev = orig_dev; + grub_device_close (dev); ++ ++ /* We're finished with the source image buffer and file path now */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; +@@ -1135,6 +1171,12 @@ fail: + if (cmdline) + grub_free (cmdline); + ++ if (image_handle != 0) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = 0; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; diff -Nru grub2-unsigned-2.04/debian/patches/0240-misc-Format-string-for-grub_error-should-be-a-litera.patch grub2-unsigned-2.04/debian/patches/0240-misc-Format-string-for-grub_error-should-be-a-litera.patch --- grub2-unsigned-2.04/debian/patches/0240-misc-Format-string-for-grub_error-should-be-a-litera.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0240-misc-Format-string-for-grub_error-should-be-a-litera.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,51 @@ +From: Glenn Washburn +Date: Thu, 4 Mar 2021 18:22:32 -0600 +Subject: misc: Format string for grub_error() should be a literal + +Signed-off-by: Glenn Washburn +Reviewed-by: Daniel Kiper +--- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/net/tftp.c | 2 +- + grub-core/script/lexer.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 144a654..eb2c0b3 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -100,7 +100,7 @@ grub_chainloader_boot (void) + *grub_utf16_to_utf8 ((grub_uint8_t *) buf, + exit_data, exit_data_size) = 0; + +- grub_error (GRUB_ERR_BAD_OS, buf); ++ grub_error (GRUB_ERR_BAD_OS, "%s", buf); + grub_free (buf); + } + } +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index b35cda9..32e3cbb 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -252,7 +252,7 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + case TFTP_ERROR: + data->have_oack = 1; + grub_netbuff_free (nb); +- grub_error (GRUB_ERR_IO, (char *) tftph->u.err.errmsg); ++ grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); + grub_error_save (&data->save_err); + return GRUB_ERR_NONE; + default: +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index 5fb0cbd..27daad7 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -349,7 +349,7 @@ void + grub_script_yyerror (struct grub_parser_param *state, char const *err) + { + if (err) +- grub_error (GRUB_ERR_INVALID_COMMAND, err); ++ grub_error (GRUB_ERR_INVALID_COMMAND, "%s", err); + + grub_print_error (); + state->err++; diff -Nru grub2-unsigned-2.04/debian/patches/0240-tests-ahci_test.in-Replace-ide-drive-with-ide-hd.patch grub2-unsigned-2.04/debian/patches/0240-tests-ahci_test.in-Replace-ide-drive-with-ide-hd.patch --- grub2-unsigned-2.04/debian/patches/0240-tests-ahci_test.in-Replace-ide-drive-with-ide-hd.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0240-tests-ahci_test.in-Replace-ide-drive-with-ide-hd.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,25 @@ +From: Dimitri John Ledkov +Date: Fri, 16 Jul 2021 13:49:51 +0100 +Subject: tests/ahci_test.in: Replace ide-drive with ide-hd + +Qemu 6.0 removed ide-drive in favor of ide-cdrom or ide-hd. + +Signed-off-by: Dimitri John Ledkov +(cherry picked from commit 1855f7a0b5e2f8d134c6f3e7b14255747b6e32a4) +--- + tests/ahci_test.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/ahci_test.in b/tests/ahci_test.in +index 7df5604..d844fe6 100644 +--- a/tests/ahci_test.in ++++ b/tests/ahci_test.in +@@ -41,7 +41,7 @@ echo "hello" > "$outfile" + + tar cf "$imgfile" "$outfile" + +-if [ "$(echo "nativedisk; source '(ahci0)/$outfile';" | "${grubshell}" --qemu-opts="-drive id=disk,file=$imgfile,if=none -device ahci,id=ahci -device ide-drive,drive=disk,bus=ahci.0 " | tail -n 1)" != "Hello World" ]; then ++if [ "$(echo "nativedisk; source '(ahci0)/$outfile';" | "${grubshell}" --qemu-opts="-drive id=disk,file=$imgfile,if=none -device ahci,id=ahci -device ide-hd,drive=disk,bus=ahci.0 " | tail -n 1)" != "Hello World" ]; then + rm "$imgfile" + rm "$outfile" + exit 1 diff -Nru grub2-unsigned-2.04/debian/patches/0241-commands-boot-Add-API-to-pass-context-to-loader.patch grub2-unsigned-2.04/debian/patches/0241-commands-boot-Add-API-to-pass-context-to-loader.patch --- grub2-unsigned-2.04/debian/patches/0241-commands-boot-Add-API-to-pass-context-to-loader.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0241-commands-boot-Add-API-to-pass-context-to-loader.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,157 @@ +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:16:02 +0100 +Subject: commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API (grub_loader_set_ex) which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset before mutating their +global context. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) +--- + grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ + include/grub/loader.h | 5 ++++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e..53691a6 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *); ++static grub_err_t (*grub_loader_unload_func) (void *); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b208642..1846fa6 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + diff -Nru grub2-unsigned-2.04/debian/patches/0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch grub2-unsigned-2.04/debian/patches/0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch --- grub2-unsigned-2.04/debian/patches/0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,144 @@ +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:30:56 +0100 +Subject: loader/efi/chainloader: Use grub_loader_set_ex + +This ports the EFI chainloader to use grub_loader_set_ex in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader is executed +more than once before a boot attempt is performed. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) +--- + grub-core/loader/efi/chainloader.c | 38 ++++++++++++++++++++++---------------- + 1 file changed, 22 insertions(+), 16 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 6b1269e..ff724c6 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -48,8 +48,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + struct grub_secureboot_chainloader_context { + grub_efi_physical_address_t address; + grub_efi_uintn_t pages; +@@ -59,7 +57,6 @@ struct grub_secureboot_chainloader_context { + grub_ssize_t cmdline_len; + grub_efi_handle_t dev_handle; + }; +-static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t + grub_start_image (grub_efi_handle_t handle) +@@ -98,11 +95,14 @@ grub_start_image (grub_efi_handle_t handle) + } + + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ image_handle = (grub_efi_handle_t) context; ++ + loaded_image = grub_efi_get_loaded_image (image_handle); + if (loaded_image != NULL) + grub_free (loaded_image->load_options); +@@ -115,10 +115,12 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle; + grub_err_t err; + ++ image_handle = (grub_efi_handle_t) context; + err = grub_start_image (image_handle); + + grub_loader_unset (); +@@ -840,15 +842,17 @@ error_exit: + } + + static grub_err_t +-grub_secureboot_chainloader_unload (void) ++grub_secureboot_chainloader_unload (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; ++ ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + grub_efi_free_pages (sb_context->address, sb_context->pages); + grub_free (sb_context->file_path); + grub_free (sb_context->cmdline); + grub_free (sb_context); + +- sb_context = 0; +- + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } +@@ -897,12 +901,15 @@ grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, + } + + static grub_err_t +-grub_secureboot_chainloader_boot (void) ++grub_secureboot_chainloader_boot (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; + grub_efi_boot_services_t *b; + int rc; + grub_efi_handle_t handle = 0; + ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + rc = handle_image (sb_context); + if (rc == 0) + { +@@ -944,6 +951,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_char16_t *cmdline = 0; + grub_ssize_t cmdline_len = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_handle_t image_handle = 0; ++ struct grub_secureboot_chainloader_context *sb_context = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -1127,8 +1136,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + dev = orig_dev; + grub_device_close (dev); + +- grub_loader_set (grub_secureboot_chainloader_boot, +- grub_secureboot_chainloader_unload, 0); ++ grub_loader_set_ex (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, sb_context, 0); + return 0; + } + else if (rc == 0) +@@ -1144,7 +1153,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + + return 0; + } +@@ -1172,10 +1181,7 @@ fail: + grub_free (cmdline); + + if (image_handle != 0) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = 0; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + diff -Nru grub2-unsigned-2.04/debian/patches/0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch grub2-unsigned-2.04/debian/patches/0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch --- grub2-unsigned-2.04/debian/patches/0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,304 @@ +From: Chris Coulson +Date: Mon, 2 May 2022 17:04:23 +0200 +Subject: loader/i386/efi/linux: Use grub_loader_set_ex + +This ports the linuxefi loader to use grub_loader_set_ex in order to fix +a use-after-fre bug that occurs when grub_cmd_linux is executed more than +once before a boot attempt is performed. + +This is more complicated than for the chainloader command, as the initrd +command needs access to the loader state. To solve this, the linuxefi +module registers a dummy initrd command at startup that returns an error. +The linuxefi command then registers a proper initrd command with a higher +priority that is passed the loader state. + +Signed-off-by: Chris Coulson +(cherry picked from commit 7cf736436b4c934df5ddfa6f44b46a7e07d99fdc) +[rharwood/pjones: set kernel_size in context] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/i386/efi/linux.c | 142 +++++++++++++++++++++++--------------- + 1 file changed, 87 insertions(+), 55 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 381459c..a8a507f 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -33,55 +33,69 @@ + GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; +-static int loaded; +-static void *kernel_mem; +-static grub_uint64_t kernel_size; +-static grub_uint8_t *initrd_mem; +-static grub_uint32_t handover_offset; +-struct linux_kernel_params *params; +-static char *linux_cmdline; ++ ++static grub_command_t cmd_linux, cmd_initrd; ++ ++struct grub_linuxefi_context { ++ void *kernel_mem; ++ grub_uint64_t kernel_size; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params; ++ char *cmdline; ++ ++ void *initrd_mem; ++}; + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + + static grub_err_t +-grub_linuxefi_boot (void) ++grub_linuxefi_boot (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)kernel_mem, +- handover_offset, +- params); ++ return grub_efi_linux_boot ((char *)context->kernel_mem, ++ context->handover_offset, ++ context->params); + } + + static grub_err_t +-grub_linuxefi_unload (void) ++grub_linuxefi_unload (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ struct linux_kernel_params *params = context->params; ++ + grub_dl_unref (my_mod); +- loaded = 0; +- if (initrd_mem) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ ++ if (context->initrd_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, + BYTES_TO_PAGES(params->ramdisk_size)); +- if (linux_cmdline) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) +- linux_cmdline, ++ if (context->cmdline) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->cmdline, + BYTES_TO_PAGES(params->cmdline_size + 1)); +- if (kernel_mem) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, +- BYTES_TO_PAGES(kernel_size)); ++ if (context->kernel_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->kernel_mem, ++ BYTES_TO_PAGES(context->kernel_size)); + if (params) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, + BYTES_TO_PAGES(16384)); ++ ++ cmd_initrd->data = 0; ++ grub_free (context); ++ + return GRUB_ERR_NONE; + } + + static grub_err_t +-grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +- int argc, char *argv[]) ++grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + { + grub_file_t *files = 0; + int i, nfiles = 0; + grub_size_t size = 0; + grub_uint8_t *ptr; ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; ++ struct linux_kernel_params *params; + + if (argc == 0) + { +@@ -89,12 +103,14 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- if (!loaded) ++ if (!context) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); + goto fail; + } + ++ params = context->params; ++ + files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; +@@ -112,20 +128,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + } + } + +- initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); ++ context->initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); + +- if (!initrd_mem) ++ if (!context->initrd_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); + goto fail; + } + +- grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) initrd_mem); ++ grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) context->initrd_mem); + + params->ramdisk_size = size; +- params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; ++ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) context->initrd_mem; + +- ptr = initrd_mem; ++ ptr = context->initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -149,8 +165,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (files[i]); + grub_free (files); + +- if (initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ if (context->initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, + BYTES_TO_PAGES(size)); + + return grub_errno; +@@ -171,6 +187,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + void *kernel = NULL; + int setup_header_end_offset; + int rc; ++ void *kernel_mem = 0; ++ grub_uint64_t kernel_size = 0; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params = 0; ++ char *cmdline = 0; ++ struct grub_linuxefi_context *context = 0; + + grub_dl_ref (my_mod); + +@@ -283,37 +305,37 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + #endif + + grub_dprintf ("linuxefi", "setting up cmdline\n"); +- linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, +- BYTES_TO_PAGES(lh->cmdline_size + 1)); +- if (!linux_cmdline) ++ cmdline = grub_efi_allocate_pages_max(0x3fffffff, ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ if (!cmdline) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); + goto fail; + } + +- grub_dprintf ("linuxefi", "linux_cmdline = %lx\n", +- (unsigned long)linux_cmdline); ++ grub_dprintf ("linuxefi", "cmdline = %lx\n", (unsigned long)cmdline); + +- grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); ++ grub_memcpy (cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, +- linux_cmdline + sizeof (LINUX_IMAGE) - 1, ++ cmdline + sizeof (LINUX_IMAGE) - 1, + lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), + GRUB_VERIFY_KERNEL_CMDLINE); + + grub_dprintf ("linuxefi", "setting lh->cmd_line_ptr\n"); +- lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; ++ lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)cmdline; + + grub_dprintf ("linuxefi", "computing handover offset\n"); + handover_offset = lh->handover_offset; + + start = (lh->setup_sects + 1) * 512; + ++ kernel_size = lh->init_size; + kernel_mem = grub_efi_allocate_fixed(lh->pref_address, +- BYTES_TO_PAGES(lh->init_size)); ++ BYTES_TO_PAGES(kernel_size)); + + if (!kernel_mem) + kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, +- BYTES_TO_PAGES(lh->init_size)); ++ BYTES_TO_PAGES(kernel_size)); + + if (!kernel_mem) + { +@@ -323,8 +345,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); + +- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +- loaded=1; + grub_dprintf ("linuxefi", "setting lh->code32_start to %p\n", kernel_mem); + lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; + +@@ -339,6 +359,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf("linuxefi", "kernel_mem: %p handover_offset: %08x\n", + kernel_mem, handover_offset); + ++ context = grub_zalloc (sizeof (*context)); ++ if (!context) ++ goto fail; ++ context->kernel_mem = kernel_mem; ++ context->kernel_size = kernel_size; ++ context->handover_offset = handover_offset; ++ context->params = params; ++ context->cmdline = cmdline; ++ ++ grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); ++ ++ cmd_initrd->data = context; ++ ++ grub_file_close (file); ++ grub_free (kernel); ++ return 0; ++ + fail: + if (file) + grub_file_close (file); +@@ -346,30 +383,25 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (kernel) + grub_free (kernel); + +- if (grub_errno != GRUB_ERR_NONE) +- { +- grub_dl_unref (my_mod); +- loaded = 0; +- } ++ grub_dl_unref (my_mod); + +- if (linux_cmdline && lh && !loaded) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) +- linux_cmdline, ++ if (cmdline && lh) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)cmdline, + BYTES_TO_PAGES(lh->cmdline_size + 1)); + +- if (kernel_mem && !loaded) ++ if (kernel_mem) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, + BYTES_TO_PAGES(kernel_size)); + +- if (params && !loaded) ++ if (params) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, + BYTES_TO_PAGES(16384)); + ++ grub_free (context); ++ + return grub_errno; + } + +-static grub_command_t cmd_linux, cmd_initrd; +- + GRUB_MOD_INIT(linuxefi) + { + cmd_linux = diff -Nru grub2-unsigned-2.04/debian/patches/0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch grub2-unsigned-2.04/debian/patches/0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch --- grub2-unsigned-2.04/debian/patches/0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,76 @@ +From: Chris Coulson +Date: Tue, 3 May 2022 09:47:35 +0200 +Subject: loader/i386/efi/linux: Fix a memory leak in the initrd command + +Subsequent invocations of the initrd command result in the previous +initrd being leaked, so fix that. + +Signed-off-by: Chris Coulson +(cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) +--- + grub-core/loader/i386/efi/linux.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index a8a507f..842396a 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -96,6 +96,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_uint8_t *ptr; + struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; + struct linux_kernel_params *params; ++ void *initrd_mem = 0; + + if (argc == 0) + { +@@ -128,9 +129,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- context->initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); ++ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); + +- if (!context->initrd_mem) ++ if (!initrd_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); + goto fail; +@@ -139,9 +140,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) context->initrd_mem); + + params->ramdisk_size = size; +- params->ramdisk_image = (grub_uint32_t)(grub_addr_t) context->initrd_mem; ++ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; + +- ptr = context->initrd_mem; ++ ptr = initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -158,6 +159,13 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + ptr += ALIGN_UP_OVERHEAD (cursize, 4); + } + ++ if (context->initrd_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, ++ BYTES_TO_PAGES(params->ramdisk_size)); ++ ++ context->initrd_mem = initrd_mem; ++ ++ context->initrd_mem = initrd_mem; + params->ramdisk_size = size; + + fail: +@@ -165,9 +173,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_file_close (files[i]); + grub_free (files); + +- if (context->initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, +- BYTES_TO_PAGES(size)); ++ if (initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ BYTES_TO_PAGES(size)); + + return grub_errno; + } diff -Nru grub2-unsigned-2.04/debian/patches/0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch grub2-unsigned-2.04/debian/patches/0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch --- grub2-unsigned-2.04/debian/patches/0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,36 @@ +From: Daniel Axtens +Date: Fri, 25 Jun 2021 02:19:05 +1000 +Subject: kern/file: Do not leak device_name on error in grub_file_open() + +If we have an error in grub_file_open() before we free device_name, we +will leak it. + +Free device_name in the error path and null out the pointer in the good +path once we free it there. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/kern/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index 5845445..ffdcaba 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -79,6 +79,7 @@ grub_file_open (const char *name, enum grub_file_type type) + + device = grub_device_open (device_name); + grub_free (device_name); ++ device_name = NULL; + if (! device) + goto fail; + +@@ -131,6 +132,7 @@ grub_file_open (const char *name, enum grub_file_type type) + return file; + + fail: ++ grub_free (device_name); + if (device) + grub_device_close (device); + diff -Nru grub2-unsigned-2.04/debian/patches/0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch grub2-unsigned-2.04/debian/patches/0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch --- grub2-unsigned-2.04/debian/patches/0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,196 @@ +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:02:55 +1000 +Subject: video/readers/png: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- + 1 file changed, 47 insertions(+), 8 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff7..e2a6b1c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -142,6 +142,7 @@ static grub_uint8_t + grub_png_get_byte (struct grub_png_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read = 0; + + if ((data->inside_idat) && (data->idat_remain == 0)) + { +@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) + } + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: unexpected end of data"); ++ return 0; ++ } + + if (data->inside_idat) + data->idat_remain--; +@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, + if (len == 0) + return GRUB_ERR_NONE; + +- for (i = 0; 3 * i < len && i < 256; i++) ++ grub_errno = GRUB_ERR_NONE; ++ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) + for (j = 0; j < 3; j++) + data->palette[i][j] = grub_png_get_byte (data); +- for (i *= 3; i < len; i++) ++ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_get_byte (data); + + grub_png_get_dword (data); + +- return GRUB_ERR_NONE; ++ return grub_errno; + } + + static grub_err_t +@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); + + color_bits = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + data->is_16bit = (color_bits == 16); + + color_type = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* According to PNG spec, no other types are valid. */ + if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) +@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: compression method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: filter method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: interlace method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* Skip crc checksum. */ + grub_png_get_dword (data); +@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) + int code, i; + + code = 0; +- for (i = 0; i < ht->max_length; i++) ++ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) + { + code = (code << 1) + grub_png_get_bits (data, 1); + if (code < ht->maxval[i]) +@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + grub_uint8_t lens[DEFLATE_HCLEN_MAX]; + + nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || + (nb > DEFLATE_HCLEN_MAX)) +@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + data->dist_offset); + + prev = 0; +- for (i = 0; i < nl + nd; i++) ++ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) + { + int n, code; + struct huff_table *ht; +@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + pos = data->wp - dist; + if (pos < 0) + pos += WSIZE; + +- while (len > 0) ++ while (len > 0 && grub_errno == GRUB_ERR_NONE) + { + data->slide[data->wp] = data->slide[pos]; + grub_png_output_byte (data, data->slide[data->wp]); +@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int final; + + cmf = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + flg = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((cmf & 0xF) != Z_DEFLATED) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, +@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int block_type; + + final = grub_png_get_bits (data, 1); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + block_type = grub_png_get_bits (data, 2); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + switch (block_type) + { +@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) + grub_png_get_byte (data); + grub_png_get_byte (data); + +- for (i = 0; i < len; i++) ++ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_output_byte (data, grub_png_get_byte (data)); + + break; +@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) + + len = grub_png_get_dword (data); + type = grub_png_get_dword (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ break; + data->next_offset = data->file->offset + len + 4; + + switch (type) diff -Nru grub2-unsigned-2.04/debian/patches/0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch grub2-unsigned-2.04/debian/patches/0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch --- grub2-unsigned-2.04/debian/patches/0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,26 @@ +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:13:40 +1000 +Subject: video/readers/png: Refuse to handle multiple image headers + +This causes the bitmap to be leaked. Do not permit multiple image headers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/png.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e2a6b1c..8955b8e 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) + int color_bits; + enum grub_video_blit_format blt; + ++ if (data->image_width || data->image_height) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); ++ + data->image_width = grub_png_get_dword (data); + data->image_height = grub_png_get_dword (data); + diff -Nru grub2-unsigned-2.04/debian/patches/0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch grub2-unsigned-2.04/debian/patches/0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch --- grub2-unsigned-2.04/debian/patches/0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,167 @@ +From: Daniel Axtens +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: video/readers/png: Drop greyscale support to fix heap out-of-bounds + write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/png.c | 87 ++++--------------------------------------- + 1 file changed, 7 insertions(+), 80 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 8955b8e..a3161e2 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ +- +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -956,60 +937,6 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } + + { + /* Only copy the upper 8 bit. */ diff -Nru grub2-unsigned-2.04/debian/patches/0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch grub2-unsigned-2.04/debian/patches/0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch --- grub2-unsigned-2.04/debian/patches/0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,37 @@ +From: Daniel Axtens +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: video/readers/png: Avoid heap OOB R/W inserting huff table items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e2..d7ed5aa 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + diff -Nru grub2-unsigned-2.04/debian/patches/0250-video-readers-png-Sanity-check-some-huffman-codes.patch grub2-unsigned-2.04/debian/patches/0250-video-readers-png-Sanity-check-some-huffman-codes.patch --- grub2-unsigned-2.04/debian/patches/0250-video-readers-png-Sanity-check-some-huffman-codes.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0250-video-readers-png-Sanity-check-some-huffman-codes.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,38 @@ +From: Daniel Axtens +Date: Tue, 6 Jul 2021 19:19:11 +1000 +Subject: video/readers/png: Sanity check some huffman codes + +ASAN picked up two OOB global reads: we weren't checking if some code +values fit within the cplens or cpdext arrays. Check and throw an error +if not. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/png.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index d7ed5aa..7f2ba78 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + int len, dist, pos; + + n -= 257; ++ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); +@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); ++ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); diff -Nru grub2-unsigned-2.04/debian/patches/0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch grub2-unsigned-2.04/debian/patches/0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch --- grub2-unsigned-2.04/debian/patches/0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,253 @@ +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index e31602f..10225ab 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + diff -Nru grub2-unsigned-2.04/debian/patches/0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch grub2-unsigned-2.04/debian/patches/0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch --- grub2-unsigned-2.04/debian/patches/0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,27 @@ +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:58 +1000 +Subject: video/readers/jpeg: Do not reallocate a given huff table + +Fix a memory leak where an invalid file could cause us to reallocate +memory for a huffman table we had already allocated memory for. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 10225ab..caa211f 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + n += count[i]; + + id += ac * 2; ++ if (data->huff_value[id] != NULL) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempt to reallocate huffman table"); + data->huff_value[id] = grub_malloc (n); + if (grub_errno) + return grub_errno; diff -Nru grub2-unsigned-2.04/debian/patches/0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch grub2-unsigned-2.04/debian/patches/0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch --- grub2-unsigned-2.04/debian/patches/0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,41 @@ +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: video/readers/jpeg: Refuse to handle multiple start of streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index caa211f..1df1171 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) diff -Nru grub2-unsigned-2.04/debian/patches/0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch grub2-unsigned-2.04/debian/patches/0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch --- grub2-unsigned-2.04/debian/patches/0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,72 @@ +From: Daniel Axtens +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 1df1171..97a533b 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -693,6 +694,7 @@ static grub_err_t + grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; ++ unsigned stride_a, stride_b, stride; + int rst = data->dri; + grub_err_t err = GRUB_ERR_NONE; + +@@ -705,8 +707,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (grub_mul(vb, data->image_width, &stride_a) || ++ grub_mul(hb, nc1, &stride_b) || ++ grub_sub(stride_a, stride_b, &stride)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); +- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) ++ data->r1++, data->bitmap_ptr += stride * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); + c1++, rst--, data->bitmap_ptr += hb * 3) + { diff -Nru grub2-unsigned-2.04/debian/patches/0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch grub2-unsigned-2.04/debian/patches/0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch --- grub2-unsigned-2.04/debian/patches/0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,32 @@ +From: Daniel Axtens +Date: Tue, 13 Jul 2021 13:24:38 +1000 +Subject: normal/charset: Fix array out-of-bounds formatting unicode for + display + +In some cases attempting to display arbitrary binary strings leads +to ASAN splats reading the widthspec array out of bounds. + +Check the index. If it would be out of bounds, return a width of 1. +I don't know if that's strictly correct, but we're not really expecting +great display of arbitrary binary data, and it's certainly not worse than +an OOB read. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/normal/charset.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index 4dfcc31..7a5a7c1 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) + { + if (grub_unicode_get_comb_type (c->base)) + return 0; ++ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) ++ return 1; + if (widthspec[c->base >> 3] & (1 << (c->base & 7))) + return 2; + else diff -Nru grub2-unsigned-2.04/debian/patches/0256-net-netbuff-Block-overly-large-netbuff-allocs.patch grub2-unsigned-2.04/debian/patches/0256-net-netbuff-Block-overly-large-netbuff-allocs.patch --- grub2-unsigned-2.04/debian/patches/0256-net-netbuff-Block-overly-large-netbuff-allocs.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0256-net-netbuff-Block-overly-large-netbuff-allocs.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,44 @@ +From: Daniel Axtens +Date: Tue, 8 Mar 2022 23:47:46 +1100 +Subject: net/netbuff: Block overly large netbuff allocs + +A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment +reassembly. + +This helps avoid some bugs (and provides a spot to instrument to catch +them at their source). + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/netbuff.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c +index dbeeefe..d5e9e9a 100644 +--- a/grub-core/net/netbuff.c ++++ b/grub-core/net/netbuff.c +@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) + + COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); + ++ /* ++ * The largest size of a TCP packet is 64 KiB, and everything else ++ * should be a lot smaller - most MTUs are 1500 or less. Cap data ++ * size at 64 KiB + a buffer. ++ */ ++ if (len > 0xffffUL + 0x1000UL) ++ { ++ grub_error (GRUB_ERR_BUG, ++ "attempted to allocate a packet that is too big"); ++ return NULL; ++ } ++ + if (len < NETBUFFMINLEN) + len = NETBUFFMINLEN; + + len = ALIGN_UP (len, NETBUFF_ALIGN); ++ + #ifdef GRUB_MACHINE_EMU + data = grub_malloc (len + sizeof (*nb)); + #else diff -Nru grub2-unsigned-2.04/debian/patches/0257-net-ip-Do-IP-fragment-maths-safely.patch grub2-unsigned-2.04/debian/patches/0257-net-ip-Do-IP-fragment-maths-safely.patch --- grub2-unsigned-2.04/debian/patches/0257-net-ip-Do-IP-fragment-maths-safely.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0257-net-ip-Do-IP-fragment-maths-safely.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,42 @@ +From: Daniel Axtens +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: net/ip: Do IP fragment maths safely + +This avoids an underflow and subsequent unpleasantness. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index 0141079..937be87 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + + struct iphdr { +@@ -551,7 +552,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { diff -Nru grub2-unsigned-2.04/debian/patches/0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch grub2-unsigned-2.04/debian/patches/0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch --- grub2-unsigned-2.04/debian/patches/0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,54 @@ +From: Daniel Axtens +Date: Thu, 16 Sep 2021 01:29:54 +1000 +Subject: net/dns: Fix double-free addresses on corrupt DNS response + +grub_net_dns_lookup() takes as inputs a pointer to an array of addresses +("addresses") for the given name, and pointer to a number of addresses +("naddresses"). grub_net_dns_lookup() is responsible for allocating +"addresses", and the caller is responsible for freeing it if +"naddresses" > 0. + +The DNS recv_hook will sometimes set and free the addresses array, +for example if the packet is too short: + + if (ptr + 10 >= nb->tail) + { + if (!*data->naddresses) + grub_free (*data->addresses); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + +Later on the nslookup command code unconditionally frees the "addresses" +array. Normally this is fine: the array is either populated with valid +data or is NULL. But in these sorts of error cases it is neither NULL +nor valid and we get a double-free. + +Only free "addresses" if "naddresses" > 0. + +It looks like the other use of grub_net_dns_lookup() is not affected. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/dns.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 906ec7d..135faac 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), + grub_net_addr_to_str (&addresses[i], buf); + grub_printf ("%s\n", buf); + } +- grub_free (addresses); + if (naddresses) +- return GRUB_ERR_NONE; ++ { ++ grub_free (addresses); ++ return GRUB_ERR_NONE; ++ } + return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); + } + diff -Nru grub2-unsigned-2.04/debian/patches/0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch grub2-unsigned-2.04/debian/patches/0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch --- grub2-unsigned-2.04/debian/patches/0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,69 @@ +From: Daniel Axtens +Date: Mon, 20 Dec 2021 21:55:43 +1100 +Subject: net/dns: Don't read past the end of the string we're checking + against + +I don't really understand what's going on here but fuzzing found +a bug where we read past the end of check_with. That's a C string, +so use grub_strlen() to make sure we don't overread it. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/dns.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 135faac..17961a9 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + int *length, char *set) + { + const char *readable_ptr = check_with; ++ int readable_len; + const grub_uint8_t *ptr; + char *optr = set; + int bytes_processed = 0; + if (length) + *length = 0; ++ ++ if (readable_ptr != NULL) ++ readable_len = grub_strlen (readable_ptr); ++ else ++ readable_len = 0; ++ + for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) + { + /* End marker. */ +@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); + continue; + } +- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) ++ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) + return 0; + if (grub_memchr (ptr + 1, 0, *ptr) + || grub_memchr (ptr + 1, '.', *ptr)) + return 0; + if (readable_ptr) +- readable_ptr += *ptr; ++ { ++ readable_ptr += *ptr; ++ readable_len -= *ptr; ++ } + if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) + return 0; + bytes_processed += *ptr + 1; +@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + if (optr) + *optr++ = '.'; + if (readable_ptr && *readable_ptr) +- readable_ptr++; ++ { ++ readable_ptr++; ++ readable_len--; ++ } + ptr += *ptr + 1; + } + return 0; diff -Nru grub2-unsigned-2.04/debian/patches/0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch grub2-unsigned-2.04/debian/patches/0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch --- grub2-unsigned-2.04/debian/patches/0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,110 @@ +From: Daniel Axtens +Date: Mon, 20 Sep 2021 01:12:24 +1000 +Subject: net/tftp: Prevent a UAF and double-free from a failed seek + +A malicious tftp server can cause UAFs and a double free. + +An attempt to read from a network file is handled by grub_net_fs_read(). If +the read is at an offset other than the current offset, grub_net_seek_real() +is invoked. + +In grub_net_seek_real(), if a backwards seek cannot be satisfied from the +currently received packets, and the underlying transport does not provide +a seek method, then grub_net_seek_real() will close and reopen the network +protocol layer. + +For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t +file->data. The file->data pointer is not nulled out after the free. + +If the ->open() call fails, the file->data will not be reallocated and will +continue point to a freed memory block. This could happen from a server +refusing to send the requisite ack to the new tftp request, for example. + +The seek and the read will then fail, but the grub_file continues to exist: +the failed seek does not necessarily cause the entire file to be thrown +away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., +a read failure is interpreted as a decompressor passing on the file, not as +an invalidation of the entire grub_file_t structure). + +This means subsequent attempts to read or seek the file will use the old +file->data after free. Eventually, the file will be close()d again and +file->data will be freed again. + +Mark a net_fs file that doesn't reopen as broken. Do not permit read() or +close() on a broken file (seek is not exposed directly to the file API - +it is only called as part of read, so this blocks seeks as well). + +As an additional defence, null out the ->data pointer if tftp_open() fails. +That would have lead to a simple null pointer dereference rather than +a mess of UAFs. + +This may affect other protocols, I haven't checked. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/net.c | 11 +++++++++-- + grub-core/net/tftp.c | 1 + + include/grub/net.h | 1 + + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 28cb1d3..8c301ee 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1551,7 +1551,8 @@ grub_net_fs_close (grub_file_t file) + grub_netbuff_free (file->device->net->packs.first->nb); + grub_net_remove_packet (file->device->net->packs.first); + } +- file->device->net->protocol->close (file); ++ if (!file->device->net->broken) ++ file->device->net->protocol->close (file); + grub_free (file->device->net->name); + return GRUB_ERR_NONE; + } +@@ -1773,7 +1774,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + file->device->net->stall = 0; + err = file->device->net->protocol->open (file, file->device->net->name); + if (err) +- return err; ++ { ++ file->device->net->broken = 1; ++ return err; ++ } + grub_net_fs_read_real (file, NULL, offset); + return grub_errno; + } +@@ -1782,6 +1786,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + static grub_ssize_t + grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) + { ++ if (file->device->net->broken) ++ return -1; ++ + if (file->offset != file->device->net->offset) + { + grub_err_t err; +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 32e3cbb..8c3dcab 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -376,6 +376,7 @@ tftp_open (struct grub_file *file, const char *filename) + { + grub_net_udp_close (data->sock); + grub_free (data); ++ file->data = NULL; + return grub_errno; + } + +diff --git a/include/grub/net.h b/include/grub/net.h +index b32d02e..ceb9332 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -277,6 +277,7 @@ typedef struct grub_net + grub_fs_t fs; + int eof; + int stall; ++ int broken; + } *grub_net_t; + + extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); diff -Nru grub2-unsigned-2.04/debian/patches/0261-net-tftp-Avoid-a-trivial-UAF.patch grub2-unsigned-2.04/debian/patches/0261-net-tftp-Avoid-a-trivial-UAF.patch --- grub2-unsigned-2.04/debian/patches/0261-net-tftp-Avoid-a-trivial-UAF.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0261-net-tftp-Avoid-a-trivial-UAF.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,33 @@ +From: Daniel Axtens +Date: Tue, 18 Jan 2022 14:29:20 +1100 +Subject: net/tftp: Avoid a trivial UAF + +Under tftp errors, we print a tftp error message from the tftp header. +However, the tftph pointer is a pointer inside nb, the netbuff. Previously, +we were freeing the nb and then dereferencing it. Don't do that, use it +and then free it later. + +This isn't really _bad_ per se, especially as we're single-threaded, but +it trips up fuzzers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 8c3dcab..1f251ef 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -251,9 +251,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +- grub_netbuff_free (nb); + grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); + grub_error_save (&data->save_err); ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + default: + grub_netbuff_free (nb); diff -Nru grub2-unsigned-2.04/debian/patches/0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch grub2-unsigned-2.04/debian/patches/0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch --- grub2-unsigned-2.04/debian/patches/0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,39 @@ +From: Daniel Axtens +Date: Tue, 1 Mar 2022 23:14:15 +1100 +Subject: net/http: Do not tear down socket if it's already been torn down + +It's possible for data->sock to get torn down in tcp error handling. +If we unconditionally tear it down again we will end up doing writes +to an offset of the NULL pointer when we go to tear it down again. + +Detect if it has been torn down and don't do it again. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/http.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index da70e16..4253530 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -425,7 +425,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + return err; + } + +- for (i = 0; !data->headers_recv && i < 100; i++) ++ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) + { + grub_net_tcp_retransmit (); + grub_net_poll_cards (300, &data->headers_recv); +@@ -433,7 +433,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + + if (!data->headers_recv) + { +- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); ++ if (data->sock) ++ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); + if (data->err) + { + char *str = data->errmsg; diff -Nru grub2-unsigned-2.04/debian/patches/0263-net-http-Fix-OOB-write-for-split-http-headers.patch grub2-unsigned-2.04/debian/patches/0263-net-http-Fix-OOB-write-for-split-http-headers.patch --- grub2-unsigned-2.04/debian/patches/0263-net-http-Fix-OOB-write-for-split-http-headers.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0263-net-http-Fix-OOB-write-for-split-http-headers.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,44 @@ +From: Daniel Axtens +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 4253530..c1acc51 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; diff -Nru grub2-unsigned-2.04/debian/patches/0264-net-http-Error-out-on-headers-with-LF-without-CR.patch grub2-unsigned-2.04/debian/patches/0264-net-http-Error-out-on-headers-with-LF-without-CR.patch --- grub2-unsigned-2.04/debian/patches/0264-net-http-Error-out-on-headers-with-LF-without-CR.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0264-net-http-Error-out-on-headers-with-LF-without-CR.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,46 @@ +From: Daniel Axtens +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index c1acc51..ba2a4b2 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { diff -Nru grub2-unsigned-2.04/debian/patches/0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch grub2-unsigned-2.04/debian/patches/0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch --- grub2-unsigned-2.04/debian/patches/0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,70 @@ +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:03:37 +0530 +Subject: fs/f2fs: Do not read past the end of nat journal entries + +A corrupt f2fs file system could specify a nat journal entry count +that is beyond the maximum NAT_JOURNAL_ENTRIES. + +Check if the specified nat journal entry count before accessing the +array, and throw an error if it is too large. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/f2fs.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 8a9992c..6370221 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) + return err; + } + +-static grub_uint32_t +-get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) ++static grub_err_t ++get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, ++ grub_uint32_t *blkaddr) + { + grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); +- grub_uint32_t blkaddr = 0; + grub_uint16_t i; + ++ if (n >= NAT_JOURNAL_ENTRIES) ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid number of nat journal entries"); ++ + for (i = 0; i < n; i++) + { + if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) + { +- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); ++ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); + break; + } + } + +- return blkaddr; ++ return GRUB_ERR_NONE; + } + + static grub_uint32_t +@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + { + struct grub_f2fs_nat_block *nat_block; + grub_uint32_t seg_off, block_off, entry_off, block_addr; +- grub_uint32_t blkaddr; ++ grub_uint32_t blkaddr = 0; + grub_err_t err; + +- blkaddr = get_blkaddr_from_nat_journal (data, nid); ++ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); ++ if (err != GRUB_ERR_NONE) ++ return 0; ++ + if (blkaddr) + return blkaddr; + diff -Nru grub2-unsigned-2.04/debian/patches/0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch grub2-unsigned-2.04/debian/patches/0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch --- grub2-unsigned-2.04/debian/patches/0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,130 @@ +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:49:09 +0530 +Subject: fs/f2fs: Do not read past the end of nat bitmap + +A corrupt f2fs filesystem could have a block offset or a bitmap +offset that would cause us to read beyond the bounds of the nat +bitmap. + +Introduce the nat_bitmap_size member in grub_f2fs_data which holds +the size of nat bitmap. + +Set the size when loading the nat bitmap in nat_bitmap_ptr(), and +catch when an invalid offset would create a pointer past the end of +the allocated space. + +Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid +reading past the end of the nat bitmap. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ + 1 file changed, 27 insertions(+), 6 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 6370221..8898b23 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ + + #define MAX_VOLUME_NAME 512 ++#define MAX_NAT_BITMAP_SIZE 3900 + + enum FILE_TYPE + { +@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint + grub_uint32_t checksum_offset; + grub_uint64_t elapsed_time; + grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; +- grub_uint8_t sit_nat_version_bitmap[3900]; ++ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; + grub_uint32_t checksum; + } GRUB_PACKED; + +@@ -302,6 +303,7 @@ struct grub_f2fs_data + + struct grub_f2fs_nat_journal nat_j; + char *nat_bitmap; ++ grub_uint32_t nat_bitmap_size; + + grub_disk_t disk; + struct grub_f2fs_node *inode; +@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) + } + + static void * +-nat_bitmap_ptr (struct grub_f2fs_data *data) ++nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) + { + struct grub_f2fs_checkpoint *ckpt = &data->ckpt; + grub_uint32_t offset; ++ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; + + if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) + return ckpt->sit_nat_version_bitmap; + + offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); ++ if (offset >= MAX_NAT_BITMAP_SIZE) ++ return NULL; ++ ++ *nat_bitmap_size = *nat_bitmap_size - offset; + + return ckpt->sit_nat_version_bitmap + offset; + } +@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) + } + + static int +-grub_f2fs_test_bit (grub_uint32_t nr, const char *p) ++grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) + { + int mask; ++ grub_uint32_t shifted_nr = (nr >> 3); ++ ++ if (shifted_nr >= len) ++ return -1; + +- p += (nr >> 3); ++ p += shifted_nr; + mask = 1 << (7 - (nr & 0x07)); + + return mask & *p; +@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + grub_uint32_t seg_off, block_off, entry_off, block_addr; + grub_uint32_t blkaddr = 0; + grub_err_t err; ++ int result_bit; + + err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); + if (err != GRUB_ERR_NONE) +@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + ((seg_off * data->blocks_per_seg) << 1) + + (block_off & (data->blocks_per_seg - 1)); + +- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) ++ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, ++ data->nat_bitmap_size); ++ if (result_bit > 0) + block_addr += data->blocks_per_seg; ++ else if (result_bit == -1) ++ { ++ grub_free (nat_block); ++ return 0; ++ } + + err = grub_f2fs_block_read (data, block_addr, nat_block); + if (err) +@@ -833,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk) + if (err) + goto fail; + +- data->nat_bitmap = nat_bitmap_ptr (data); ++ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); ++ if (data->nat_bitmap == NULL) ++ goto fail; + + err = get_nat_journal (data); + if (err) diff -Nru grub2-unsigned-2.04/debian/patches/0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch grub2-unsigned-2.04/debian/patches/0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch --- grub2-unsigned-2.04/debian/patches/0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,36 @@ +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:17:43 +0530 +Subject: fs/f2fs: Do not copy file names that are too long + +A corrupt f2fs file system might specify a name length which is greater +than the maximum name length supported by the GRUB f2fs driver. + +We will allocate enough memory to store the overly long name, but there +are only F2FS_NAME_LEN bytes in the source, so we would read past the end +of the source. + +While checking directory entries, do not copy a file name with an invalid +length. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/f2fs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 8898b23..df6beb5 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) + + ftype = ctx->dentry[i].file_type; + name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); ++ ++ if (name_len >= F2FS_NAME_LEN) ++ return 0; ++ + filename = grub_malloc (name_len + 1); + if (!filename) + return 0; diff -Nru grub2-unsigned-2.04/debian/patches/0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch grub2-unsigned-2.04/debian/patches/0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch --- grub2-unsigned-2.04/debian/patches/0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,74 @@ +From: Darren Kenny +Date: Tue, 29 Mar 2022 10:49:56 +0000 +Subject: fs/btrfs: Fix several fuzz issues with invalid dir item sizing + +According to the btrfs code in Linux, the structure of a directory item +leaf should be of the form: + + |struct btrfs_dir_item|name|data| + +in GRUB the name len and data len are in the grub_btrfs_dir_item +structure's n and m fields respectively. + +The combined size of the structure, name and data should be less than +the allocated memory, a difference to the Linux kernel's struct +btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for +where the name is stored, so we adjust for that too. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index d489cb0..20fb501 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -1954,6 +1954,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, + int r = 0; + grub_uint64_t tree; + grub_uint8_t type; ++ grub_size_t est_size = 0; + + if (!data) + return grub_errno; +@@ -2012,6 +2013,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, + break; + } + ++ if (direl == NULL || ++ grub_add (grub_le_to_cpu16 (direl->n), ++ grub_le_to_cpu16 (direl->m), &est_size) || ++ grub_add (est_size, sizeof (*direl), &est_size) || ++ grub_sub (est_size, sizeof (direl->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + for (cdirel = direl; + (grub_uint8_t *) cdirel - (grub_uint8_t *) direl + < (grub_ssize_t) elemsize; +@@ -2022,6 +2035,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, + char c; + struct grub_btrfs_inode inode; + struct grub_dirhook_info info; ++ ++ if (cdirel == NULL || ++ grub_add (grub_le_to_cpu16 (cdirel->n), ++ grub_le_to_cpu16 (cdirel->m), &est_size) || ++ grub_add (est_size, sizeof (*cdirel), &est_size) || ++ grub_sub (est_size, sizeof (cdirel->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, + tree); + grub_memset (&info, 0, sizeof (info)); diff -Nru grub2-unsigned-2.04/debian/patches/0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch grub2-unsigned-2.04/debian/patches/0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch --- grub2-unsigned-2.04/debian/patches/0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,132 @@ +From: Darren Kenny +Date: Tue, 29 Mar 2022 15:52:46 +0000 +Subject: fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing + +The fuzzer is generating btrfs file systems that have chunks with +invalid combinations of stripes and substripes for the given RAID +configurations. + +After examining the Linux kernel fs/btrfs/tree-checker.c code, it +appears that sub-stripes should only be applied to RAID10, and in that +case there should only ever be 2 of them. + +Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 +should have 2. 3 or 4 stripes respectively, which is what redundancy +corresponds. + +Some of the chunks ended up with a size of 0, which grub_malloc() still +returned memory for and in turn generated ASAN errors later when +accessed. + +While it would be possible to specifically limit the number of stripes, +a more correct test was on the combination of the chunk item, and the +number of stripes by the size of the chunk stripe structure in +comparison to the size of the chunk itself. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/btrfs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 20fb501..d79214c 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -910,6 +910,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + return grub_error (GRUB_ERR_BAD_FS, + "couldn't find the chunk descriptor"); + ++ if (!chsize) ++ { ++ grub_dprintf ("btrfs", "zero-size chunk\n"); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "got an invalid zero-size chunk"); ++ } + chunk = grub_malloc (chsize); + if (!chunk) + return grub_errno; +@@ -968,6 +974,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size), + nstripes, + NULL); ++ ++ /* For single, there should be exactly 1 stripe. */ ++ if (grub_le_to_cpu16 (chunk->nstripes) != 1) ++ { ++ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n", ++ grub_le_to_cpu16 (chunk->nstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID_SINGLE: nstripes != 1 (%u)", ++ grub_le_to_cpu16 (chunk->nstripes)); ++ } + if (stripe_length == 0) + stripe_length = 512; + stripen = grub_divmod64 (off, stripe_length, &stripe_offset); +@@ -982,6 +998,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripe_offset = off; + csize = grub_le_to_cpu64 (chunk->size) - off; + redundancy = 2; ++ ++ /* ++ * Redundancy, and substripes only apply to RAID10, and there ++ * should be exactly 2 sub-stripes. ++ */ ++ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy) ++ { ++ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n", ++ redundancy, grub_le_to_cpu16 (chunk->nstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID1: nstripes != %u (%u)", ++ redundancy, grub_le_to_cpu16 (chunk->nstripes)); ++ } + break; + } + case GRUB_BTRFS_CHUNK_TYPE_RAID0: +@@ -1018,6 +1047,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + stripe_offset = low + chunk_stripe_length + * high; + csize = chunk_stripe_length - low; ++ ++ /* ++ * Substripes only apply to RAID10, and there ++ * should be exactly 2 sub-stripes. ++ */ ++ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2) ++ { ++ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)", ++ grub_le_to_cpu16 (chunk->nsubstripes)); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid RAID10: nsubstripes != 2 (%u)", ++ grub_le_to_cpu16 (chunk->nsubstripes)); ++ } ++ + break; + } + case GRUB_BTRFS_CHUNK_TYPE_RAID5: +@@ -1117,6 +1160,8 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + + for (j = 0; j < 2; j++) + { ++ grub_size_t est_chunk_alloc = 0; ++ + grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T + "+0x%" PRIxGRUB_UINT64_T + " (%d stripes (%d substripes) of %" +@@ -1129,6 +1174,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n", + addr); + ++ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe), ++ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) || ++ grub_add (est_chunk_alloc, ++ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) || ++ est_chunk_alloc > chunk->size) ++ { ++ err = GRUB_ERR_BAD_FS; ++ break; ++ } ++ + if (is_raid56) + { + err = btrfs_read_from_chunk (data, chunk, stripen, diff -Nru grub2-unsigned-2.04/debian/patches/0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch grub2-unsigned-2.04/debian/patches/0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch --- grub2-unsigned-2.04/debian/patches/0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch 2022-06-07 16:36:27.000000000 +0000 @@ -0,0 +1,74 @@ +From: Darren Kenny +Date: Thu, 7 Apr 2022 15:18:12 +0000 +Subject: fs/btrfs: Fix more fuzz issues related to chunks + +The corpus was generating issues in grub_btrfs_read_logical() when +attempting to iterate over stripe entries in the superblock's +bootmapping. + +In most cases the reason for the failure was that the number of stripes +in chunk->nstripes exceeded the possible space statically allocated in +superblock bootmapping space. Each stripe entry in the bootmapping block +consists of a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. + +Another issue that came up was that while calculating the chunk size, +in an earlier piece of code in that function, depending on the data +provided in the btrfs file system, it would end up calculating a size +that was too small to contain even 1 grub_btrfs_chunk_item, which is +obviously invalid too. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/btrfs.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index d79214c..cbd74be 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -916,6 +916,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + return grub_error (GRUB_ERR_BAD_FS, + "got an invalid zero-size chunk"); + } ++ ++ /* ++ * The space being allocated for a chunk should at least be able to ++ * contain one chunk item. ++ */ ++ if (chsize < sizeof (struct grub_btrfs_chunk_item)) ++ { ++ grub_dprintf ("btrfs", "chunk-size too small\n"); ++ return grub_error (GRUB_ERR_BAD_FS, ++ "got an invalid chunk size"); ++ } + chunk = grub_malloc (chsize); + if (!chunk) + return grub_errno; +@@ -1158,6 +1169,13 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + if (csize > (grub_uint64_t) size) + csize = size; + ++ /* ++ * The space for a chunk stripe is limited to the space provide in the super-block's ++ * bootstrap mapping with an initial btrfs key at the start of each chunk. ++ */ ++ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) / ++ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe)); ++ + for (j = 0; j < 2; j++) + { + grub_size_t est_chunk_alloc = 0; +@@ -1184,6 +1202,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + break; + } + ++ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes) ++ { ++ err = GRUB_ERR_BAD_FS; ++ break; ++ } ++ + if (is_raid56) + { + err = btrfs_read_from_chunk (data, chunk, stripen, diff -Nru grub2-unsigned-2.04/debian/patches/at_keyboard-module-init.patch grub2-unsigned-2.04/debian/patches/at_keyboard-module-init.patch --- grub2-unsigned-2.04/debian/patches/at_keyboard-module-init.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/at_keyboard-module-init.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f61a5f375ade9f3a39d3797626c9fb3741910e73 Mon Sep 17 00:00:00 2001 From: Jeroen Dekkers Date: Sat, 12 Jan 2019 21:02:18 +0100 Subject: at_keyboard: initialize keyboard in module init if keyboard is ready @@ -16,7 +15,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index f0a986eb17..d4395c2019 100644 +index f0a986e..d4395c2 100644 --- a/grub-core/term/at_keyboard.c +++ b/grub-core/term/at_keyboard.c @@ -244,6 +244,14 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) diff -Nru grub2-unsigned-2.04/debian/patches/bash-completion-drop-have-checks.patch grub2-unsigned-2.04/debian/patches/bash-completion-drop-have-checks.patch --- grub2-unsigned-2.04/debian/patches/bash-completion-drop-have-checks.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/bash-completion-drop-have-checks.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,4 +1,3 @@ -From ea4c85d4bdc6dda4a5786224455aa0e868e99250 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 16 Nov 2018 16:37:02 +0000 Subject: bash-completion: Drop "have" checks @@ -12,11 +11,11 @@ Patch-Name: bash-completion-drop-have-checks.patch --- - .../bash-completion.d/grub-completion.bash.in | 39 +++++++------------ + util/bash-completion.d/grub-completion.bash.in | 39 +++++++++----------------- 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in -index 44bf135b9f..d4235e7ef8 100644 +index 44bf135..d4235e7 100644 --- a/util/bash-completion.d/grub-completion.bash.in +++ b/util/bash-completion.d/grub-completion.bash.in @@ -166,13 +166,11 @@ _grub_set_entry () { diff -Nru grub2-unsigned-2.04/debian/patches/blacklist-1440x900x32.patch grub2-unsigned-2.04/debian/patches/blacklist-1440x900x32.patch --- grub2-unsigned-2.04/debian/patches/blacklist-1440x900x32.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/blacklist-1440x900x32.patch 2022-05-31 15:15:51.000000000 +0000 @@ -1,4 +1,3 @@ -From c4e1f78d093dcf870a792c843fb7e2bb25572fdc Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:11 +0000 Subject: Blacklist 1440x900x32 from VBE preferred mode handling @@ -13,7 +12,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index b7f911926d..4b1bd7d5ea 100644 +index b7f9119..4b1bd7d 100644 --- a/grub-core/video/i386/pc/vbe.c +++ b/grub-core/video/i386/pc/vbe.c @@ -1054,6 +1054,15 @@ grub_video_vbe_setup (unsigned int width, unsigned int height, diff -Nru grub2-unsigned-2.04/debian/patches/bootp-new-net_bootp6-command.patch grub2-unsigned-2.04/debian/patches/bootp-new-net_bootp6-command.patch --- grub2-unsigned-2.04/debian/patches/bootp-new-net_bootp6-command.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/bootp-new-net_bootp6-command.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4a7d6cd9eea972eec68cb256990879ea64883c4e Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:04 -0400 Subject: bootp: New net_bootp6 command @@ -11,13 +10,13 @@ Patch-Name: bootp-new-net_bootp6-command.patch --- - grub-core/net/bootp.c | 908 +++++++++++++++++++++++++++++++++++++++++- - grub-core/net/ip.c | 39 ++ + grub-core/net/bootp.c | 908 +++++++++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/ip.c | 39 +++ include/grub/net.h | 72 ++++ 3 files changed, 1018 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 04cfbb0450..21c1824efb 100644 +index 04cfbb0..21c1824 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -24,6 +24,98 @@ @@ -969,7 +968,7 @@ + grub_unregister_command (cmd_bootp6); } diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ea5edf8f1f..01410798b3 100644 +index ea5edf8..0141079 100644 --- a/grub-core/net/ip.c +++ b/grub-core/net/ip.c @@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, @@ -1019,7 +1018,7 @@ { const struct grub_net_bootp_packet *bootp; diff --git a/include/grub/net.h b/include/grub/net.h -index cc114286ea..58cff96d2a 100644 +index cc11428..58cff96 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -448,6 +448,66 @@ struct grub_net_bootp_packet diff -Nru grub2-unsigned-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch grub2-unsigned-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch --- grub2-unsigned-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d73452b035016da03ebc58a2059ad5f9588a272e Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:42:19 -0400 Subject: bootp: Add processing DHCPACK packet from HTTP Boot @@ -19,12 +18,12 @@ Patch-Name: bootp-process-dhcpack-http-boot.patch --- - grub-core/net/bootp.c | 60 ++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/bootp.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++- include/grub/net.h | 1 + 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 21c1824efb..558d97ba1e 100644 +index 21c1824..558d97b 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -154,7 +154,7 @@ struct grub_dhcp_request_options @@ -109,7 +108,7 @@ }, GRUB_NET_BOOTP_END, diff --git a/include/grub/net.h b/include/grub/net.h -index 58cff96d2a..b5f9e617e5 100644 +index 58cff96..b5f9e61 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -523,6 +523,7 @@ enum diff -Nru grub2-unsigned-2.04/debian/patches/cherry-enable-datetime-emu.patch grub2-unsigned-2.04/debian/patches/cherry-enable-datetime-emu.patch --- grub2-unsigned-2.04/debian/patches/cherry-enable-datetime-emu.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherry-enable-datetime-emu.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From bfa0b5ccc528e116d523384f877d1b61e9f33b0f Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Thu, 5 Mar 2020 16:52:18 -0500 Subject: datetime: Enable the datetime module for the emu platform @@ -21,7 +20,7 @@ 1 file changed, 1 deletion(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1c71233d06..01819d1044 100644 +index 1c71233..01819d1 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1692,7 +1692,6 @@ module = { diff -Nru grub2-unsigned-2.04/debian/patches/cherry-fix-crash-on-http.patch grub2-unsigned-2.04/debian/patches/cherry-fix-crash-on-http.patch --- grub2-unsigned-2.04/debian/patches/cherry-fix-crash-on-http.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherry-fix-crash-on-http.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 590404c9b3e52c6f7cb83ce0814a7937549b166c Mon Sep 17 00:00:00 2001 From: Gustavo Luiz Duarte Date: Tue, 17 Sep 2019 17:44:58 +0200 Subject: net: Fix crash on http @@ -19,7 +18,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 5004ecfee4..da70e16150 100644 +index 5004ecf..da70e16 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -408,7 +408,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) diff -Nru grub2-unsigned-2.04/debian/patches/cherry-move-common-datetime-functions.patch grub2-unsigned-2.04/debian/patches/cherry-move-common-datetime-functions.patch --- grub2-unsigned-2.04/debian/patches/cherry-move-common-datetime-functions.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherry-move-common-datetime-functions.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 3a136af48f2f05b7e21617076213008f48b32efe Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Fri, 14 Feb 2020 12:44:14 +0100 Subject: normal: Move common datetime functions out of the normal module @@ -43,14 +42,16 @@ Patch-Name: cherry-move-common-datetime-functions.patch --- - Makefile.util.def | 2 +- - grub-core/Makefile.core.def | 2 +- - grub-core/{normal => lib}/datetime.c | 0 - 3 files changed, 2 insertions(+), 2 deletions(-) - rename grub-core/{normal => lib}/datetime.c (100%) + Makefile.util.def | 2 +- + grub-core/Makefile.core.def | 2 +- + grub-core/lib/datetime.c | 109 ++++++++++++++++++++++++++++++++++++++++++++ + grub-core/normal/datetime.c | 109 -------------------------------------------- + 4 files changed, 111 insertions(+), 111 deletions(-) + create mode 100644 grub-core/lib/datetime.c + delete mode 100644 grub-core/normal/datetime.c diff --git a/Makefile.util.def b/Makefile.util.def -index 504d1c0581..fd5a9b87d7 100644 +index 504d1c0..fd5a9b8 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -139,7 +139,7 @@ library = { @@ -63,7 +64,7 @@ common = grub-core/partmap/acorn.c; common = grub-core/partmap/amiga.c; diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 20be18575f..1c71233d06 100644 +index 20be185..1c71233 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1679,6 +1679,7 @@ module = { @@ -82,7 +83,233 @@ common = normal/menu.c; common = normal/menu_entry.c; common = normal/menu_text.c; -diff --git a/grub-core/normal/datetime.c b/grub-core/lib/datetime.c -similarity index 100% -rename from grub-core/normal/datetime.c -rename to grub-core/lib/datetime.c +diff --git a/grub-core/lib/datetime.c b/grub-core/lib/datetime.c +new file mode 100644 +index 0000000..95b8c9f +--- /dev/null ++++ b/grub-core/lib/datetime.c +@@ -0,0 +1,109 @@ ++/* datetime.c - Module for common datetime function. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++ ++static const char *const grub_weekday_names[] = ++{ ++ N_("Sunday"), ++ N_("Monday"), ++ N_("Tuesday"), ++ N_("Wednesday"), ++ N_("Thursday"), ++ N_("Friday"), ++ N_("Saturday"), ++}; ++ ++int ++grub_get_weekday (struct grub_datetime *datetime) ++{ ++ unsigned a, y, m; ++ ++ if (datetime->month <= 2) ++ a = 1; ++ else ++ a = 0; ++ y = datetime->year - a; ++ m = datetime->month + 12 * a - 2; ++ ++ return (datetime->day + y + y / 4 - y / 100 + y / 400 + (31 * m / 12)) % 7; ++} ++ ++const char * ++grub_get_weekday_name (struct grub_datetime *datetime) ++{ ++ return _ (grub_weekday_names[grub_get_weekday (datetime)]); ++} ++ ++#define SECPERMIN 60 ++#define SECPERHOUR (60*SECPERMIN) ++#define SECPERDAY (24*SECPERHOUR) ++#define DAYSPERYEAR 365 ++#define DAYSPER4YEARS (4*DAYSPERYEAR+1) ++ ++ ++void ++grub_unixtime2datetime (grub_int32_t nix, struct grub_datetime *datetime) ++{ ++ int i; ++ grub_uint8_t months[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; ++ /* In the period of validity of unixtime all years divisible by 4 ++ are bissextile*/ ++ /* Convenience: let's have 3 consecutive non-bissextile years ++ at the beginning of the counting date. So count from 1901. */ ++ int days_epoch; ++ /* Number of days since 1st Januar, 1901. */ ++ unsigned days; ++ /* Seconds into current day. */ ++ unsigned secs_in_day; ++ /* Transform C divisions and modulos to mathematical ones */ ++ if (nix < 0) ++ days_epoch = -(((unsigned) (SECPERDAY-nix-1)) / SECPERDAY); ++ else ++ days_epoch = ((unsigned) nix) / SECPERDAY; ++ secs_in_day = nix - days_epoch * SECPERDAY; ++ days = days_epoch + 69 * DAYSPERYEAR + 17; ++ ++ datetime->year = 1901 + 4 * (days / DAYSPER4YEARS); ++ days %= DAYSPER4YEARS; ++ /* On 31st December of bissextile years 365 days from the beginning ++ of the year elapsed but year isn't finished yet */ ++ if (days / DAYSPERYEAR == 4) ++ { ++ datetime->year += 3; ++ days -= 3*DAYSPERYEAR; ++ } ++ else ++ { ++ datetime->year += days / DAYSPERYEAR; ++ days %= DAYSPERYEAR; ++ } ++ for (i = 0; i < 12 ++ && days >= (i==1 && datetime->year % 4 == 0 ++ ? 29 : months[i]); i++) ++ days -= (i==1 && datetime->year % 4 == 0 ++ ? 29 : months[i]); ++ datetime->month = i + 1; ++ datetime->day = 1 + days; ++ datetime->hour = (secs_in_day / SECPERHOUR); ++ secs_in_day %= SECPERHOUR; ++ datetime->minute = secs_in_day / SECPERMIN; ++ datetime->second = secs_in_day % SECPERMIN; ++} +diff --git a/grub-core/normal/datetime.c b/grub-core/normal/datetime.c +deleted file mode 100644 +index 95b8c9f..0000000 +--- a/grub-core/normal/datetime.c ++++ /dev/null +@@ -1,109 +0,0 @@ +-/* datetime.c - Module for common datetime function. */ +-/* +- * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2008 Free Software Foundation, Inc. +- * +- * GRUB is free software: you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or +- * (at your option) any later version. +- * +- * GRUB is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with GRUB. If not, see . +- */ +- +-#include +-#include +- +-static const char *const grub_weekday_names[] = +-{ +- N_("Sunday"), +- N_("Monday"), +- N_("Tuesday"), +- N_("Wednesday"), +- N_("Thursday"), +- N_("Friday"), +- N_("Saturday"), +-}; +- +-int +-grub_get_weekday (struct grub_datetime *datetime) +-{ +- unsigned a, y, m; +- +- if (datetime->month <= 2) +- a = 1; +- else +- a = 0; +- y = datetime->year - a; +- m = datetime->month + 12 * a - 2; +- +- return (datetime->day + y + y / 4 - y / 100 + y / 400 + (31 * m / 12)) % 7; +-} +- +-const char * +-grub_get_weekday_name (struct grub_datetime *datetime) +-{ +- return _ (grub_weekday_names[grub_get_weekday (datetime)]); +-} +- +-#define SECPERMIN 60 +-#define SECPERHOUR (60*SECPERMIN) +-#define SECPERDAY (24*SECPERHOUR) +-#define DAYSPERYEAR 365 +-#define DAYSPER4YEARS (4*DAYSPERYEAR+1) +- +- +-void +-grub_unixtime2datetime (grub_int32_t nix, struct grub_datetime *datetime) +-{ +- int i; +- grub_uint8_t months[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; +- /* In the period of validity of unixtime all years divisible by 4 +- are bissextile*/ +- /* Convenience: let's have 3 consecutive non-bissextile years +- at the beginning of the counting date. So count from 1901. */ +- int days_epoch; +- /* Number of days since 1st Januar, 1901. */ +- unsigned days; +- /* Seconds into current day. */ +- unsigned secs_in_day; +- /* Transform C divisions and modulos to mathematical ones */ +- if (nix < 0) +- days_epoch = -(((unsigned) (SECPERDAY-nix-1)) / SECPERDAY); +- else +- days_epoch = ((unsigned) nix) / SECPERDAY; +- secs_in_day = nix - days_epoch * SECPERDAY; +- days = days_epoch + 69 * DAYSPERYEAR + 17; +- +- datetime->year = 1901 + 4 * (days / DAYSPER4YEARS); +- days %= DAYSPER4YEARS; +- /* On 31st December of bissextile years 365 days from the beginning +- of the year elapsed but year isn't finished yet */ +- if (days / DAYSPERYEAR == 4) +- { +- datetime->year += 3; +- days -= 3*DAYSPERYEAR; +- } +- else +- { +- datetime->year += days / DAYSPERYEAR; +- days %= DAYSPERYEAR; +- } +- for (i = 0; i < 12 +- && days >= (i==1 && datetime->year % 4 == 0 +- ? 29 : months[i]); i++) +- days -= (i==1 && datetime->year % 4 == 0 +- ? 29 : months[i]); +- datetime->month = i + 1; +- datetime->day = 1 + days; +- datetime->hour = (secs_in_day / SECPERHOUR); +- secs_in_day %= SECPERHOUR; +- datetime->minute = secs_in_day / SECPERMIN; +- datetime->second = secs_in_day % SECPERMIN; +-} diff -Nru grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch --- grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8b92e090fe7957297ddbadbbd80bce2c9ca12ce9 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 5 Jul 2019 08:47:02 -0400 Subject: lsefisystab: Define SMBIOS3 entry point structures for EFI @@ -16,7 +15,7 @@ 2 files changed, 6 insertions(+) diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index df10302218..7c039c5097 100644 +index df10302..7c039c5 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -48,6 +48,7 @@ static const struct guid_mapping guid_mappings[] = @@ -28,7 +27,7 @@ { GRUB_EFI_TIANO_CUSTOM_DECOMPRESS_GUID, "TIANO CUSTOM DECOMPRESS"}, { GRUB_EFI_TSC_FREQUENCY_GUID, "TSC FREQUENCY"}, diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 75befd10e5..9824fbcd0d 100644 +index 75befd1..9824fbc 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -314,6 +314,11 @@ diff -Nru grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch --- grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4146bb57f883cb8e0dd7d9a92adb45017ec11b5b Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 6 Jul 2019 11:11:02 +0200 Subject: lsefisystab: Add support for device tree table @@ -27,7 +26,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index 7c039c5097..902788250e 100644 +index 7c039c5..9027882 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -40,6 +40,7 @@ static const struct guid_mapping guid_mappings[] = diff -Nru grub2-unsigned-2.04/debian/patches/cherrypick-smbios-module.patch grub2-unsigned-2.04/debian/patches/cherrypick-smbios-module.patch --- grub2-unsigned-2.04/debian/patches/cherrypick-smbios-module.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/cherrypick-smbios-module.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e14c0f0df2a9321ac7aa65b3fcbff76ca2397600 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 5 Jul 2019 08:47:09 -0400 Subject: smbios: Add a module for retrieving SMBIOS information @@ -19,13 +18,13 @@ (cherry picked from commit 688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c) Patch-Name: cherrypick-smbios-module.patch --- - docs/grub.texi | 75 ++++++ + docs/grub.texi | 75 +++++++ grub-core/Makefile.core.def | 15 ++ - grub-core/commands/efi/smbios.c | 61 +++++ - grub-core/commands/i386/pc/smbios.c | 52 ++++ - grub-core/commands/smbios.c | 374 +++++++++++++++++++++++++++ + grub-core/commands/efi/smbios.c | 61 ++++++ + grub-core/commands/i386/pc/smbios.c | 52 +++++ + grub-core/commands/smbios.c | 374 +++++++++++++++++++++++++++++++++++ grub-core/efiemu/i386/pc/cfgtables.c | 15 +- - include/grub/smbios.h | 69 +++++ + include/grub/smbios.h | 69 +++++++ 7 files changed, 650 insertions(+), 11 deletions(-) create mode 100644 grub-core/commands/efi/smbios.c create mode 100644 grub-core/commands/i386/pc/smbios.c @@ -33,7 +32,7 @@ create mode 100644 include/grub/smbios.h diff --git a/docs/grub.texi b/docs/grub.texi -index 1baa0fa20f..d573f32cbb 100644 +index 1baa0fa..d573f32 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -3976,6 +3976,7 @@ you forget a command, you can run the command @command{help} @@ -126,7 +125,7 @@ @subsection source diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 33e75021da..9b20f33355 100644 +index 33e7502..9b20f33 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1106,6 +1106,21 @@ module = { @@ -153,7 +152,7 @@ ieee1275 = commands/ieee1275/suspend.c; diff --git a/grub-core/commands/efi/smbios.c b/grub-core/commands/efi/smbios.c new file mode 100644 -index 0000000000..75202d5aad +index 0000000..75202d5 --- /dev/null +++ b/grub-core/commands/efi/smbios.c @@ -0,0 +1,61 @@ @@ -220,7 +219,7 @@ +} diff --git a/grub-core/commands/i386/pc/smbios.c b/grub-core/commands/i386/pc/smbios.c new file mode 100644 -index 0000000000..069d663673 +index 0000000..069d663 --- /dev/null +++ b/grub-core/commands/i386/pc/smbios.c @@ -0,0 +1,52 @@ @@ -278,7 +277,7 @@ +} diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c new file mode 100644 -index 0000000000..7a6a391fc1 +index 0000000..7a6a391 --- /dev/null +++ b/grub-core/commands/smbios.c @@ -0,0 +1,374 @@ @@ -657,7 +656,7 @@ + grub_unregister_extcmd (cmd); +} diff --git a/grub-core/efiemu/i386/pc/cfgtables.c b/grub-core/efiemu/i386/pc/cfgtables.c -index 492c07c468..e5fffb7d4a 100644 +index 492c07c..e5fffb7 100644 --- a/grub-core/efiemu/i386/pc/cfgtables.c +++ b/grub-core/efiemu/i386/pc/cfgtables.c @@ -22,11 +22,11 @@ @@ -696,7 +695,7 @@ } diff --git a/include/grub/smbios.h b/include/grub/smbios.h new file mode 100644 -index 0000000000..15ec260b32 +index 0000000..15ec260 --- /dev/null +++ b/include/grub/smbios.h @@ -0,0 +1,69 @@ diff -Nru grub2-unsigned-2.04/debian/patches/core-in-fs.patch grub2-unsigned-2.04/debian/patches/core-in-fs.patch --- grub2-unsigned-2.04/debian/patches/core-in-fs.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/core-in-fs.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d7e4bea95adfdbc80f574e154a62a383bbbeb5d6 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:51 +0000 Subject: Write marker if core.img was written to filesystem @@ -11,7 +10,7 @@ 1 file changed, 8 insertions(+) diff --git a/util/setup.c b/util/setup.c -index 6f88f3cc43..fbdf2fcc59 100644 +index 6f88f3c..fbdf2fc 100644 --- a/util/setup.c +++ b/util/setup.c @@ -58,6 +58,8 @@ diff -Nru grub2-unsigned-2.04/debian/patches/default-grub-d.patch grub2-unsigned-2.04/debian/patches/default-grub-d.patch --- grub2-unsigned-2.04/debian/patches/default-grub-d.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/default-grub-d.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f2ded0cae4b5cad58e2bdcaae2b3f02e9a74969b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:10 +0000 Subject: Read /etc/default/grub.d/*.cfg after /etc/default/grub @@ -9,12 +8,12 @@ Patch-Name: default-grub-d.patch --- - grub-core/osdep/unix/config.c | 114 +++++++++++++++++++++++++++------- + grub-core/osdep/unix/config.c | 114 ++++++++++++++++++++++++++++++++++-------- util/grub-mkconfig.in | 5 ++ 2 files changed, 98 insertions(+), 21 deletions(-) diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 65effa9f3a..5478030fde 100644 +index 65effa9..5478030 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -24,6 +24,8 @@ @@ -178,7 +177,7 @@ + free (cfgdir); } diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index b506d63bf9..d18bf972f7 100644 +index 5d29aa4..e7ef32e 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -164,6 +164,11 @@ fi diff -Nru grub2-unsigned-2.04/debian/patches/disable-floppies.patch grub2-unsigned-2.04/debian/patches/disable-floppies.patch --- grub2-unsigned-2.04/debian/patches/disable-floppies.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/disable-floppies.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 42e4cfb46a2a617eb7dc1526700ab6015710222e Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:54 +0000 Subject: Disable use of floppy devices @@ -13,7 +12,7 @@ 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index e9ec680cdb..8ac5239538 100644 +index e9ec680..8ac5239 100644 --- a/grub-core/kern/emu/hostdisk.c +++ b/grub-core/kern/emu/hostdisk.c @@ -532,6 +532,18 @@ read_device_map (const char *dev_map) diff -Nru grub2-unsigned-2.04/debian/patches/dpkg-version-comparison.patch grub2-unsigned-2.04/debian/patches/dpkg-version-comparison.patch --- grub2-unsigned-2.04/debian/patches/dpkg-version-comparison.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/dpkg-version-comparison.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 89a5bb08600e06c33e44a14b1997af3efc98782b Mon Sep 17 00:00:00 2001 From: Robert Millan Date: Mon, 13 Jan 2014 12:12:52 +0000 Subject: Improve handling of Debian kernel version numbers @@ -12,7 +11,7 @@ 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 0f801cab3e..b6606c16e0 100644 +index 0f801ca..b6606c1 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -239,8 +239,9 @@ version_test_numeric () diff -Nru grub2-unsigned-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch grub2-unsigned-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch --- grub2-unsigned-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b51e087e9dbe308b764f62799677db7515deb989 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:21 -0400 Subject: efinet: Setting DNS server from UEFI protocol @@ -30,12 +29,12 @@ Patch-Name: efinet-set-dns-from-uefi-proto.patch --- - grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++ - include/grub/efi/api.h | 76 ++++++++++++++ + grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 76 +++++++++++++++++ 2 files changed, 239 insertions(+) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 2d3b00f0e1..82a28fb6e9 100644 +index 2d3b00f..82a28fb 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -244,7 +243,7 @@ } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 664cea37b5..75befd10e5 100644 +index 664cea3..75befd1 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -334,6 +334,16 @@ diff -Nru grub2-unsigned-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch grub2-unsigned-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch --- grub2-unsigned-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From a136c5cea7ac45ed8afc92739fa642949ac47148 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:05 -0400 Subject: efinet: Setting network from UEFI device path @@ -29,12 +28,12 @@ Patch-Name: efinet-set-network-from-uefi-devpath.patch --- - grub-core/net/drivers/efi/efinet.c | 268 ++++++++++++++++++++++++++++- + grub-core/net/drivers/efi/efinet.c | 268 +++++++++++++++++++++++++++++++++++-- include/grub/efi/api.h | 11 ++ 2 files changed, 270 insertions(+), 9 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index fc90415f29..2d3b00f0e1 100644 +index fc90415..2d3b00f 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -23,6 +23,7 @@ @@ -358,7 +357,7 @@ } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index ca6cdc1596..664cea37b5 100644 +index ca6cdc1..664cea3 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -825,6 +825,8 @@ struct grub_efi_ipv4_device_path diff -Nru grub2-unsigned-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch grub2-unsigned-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch --- grub2-unsigned-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From dd26db90bdd5eb3245365767765ab8797ef3656b Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:21 -0400 Subject: efinet: UEFI IPv6 PXE support @@ -12,12 +11,12 @@ Patch-Name: efinet-uefi-ipv6-pxe-support.patch --- - grub-core/net/drivers/efi/efinet.c | 24 ++++++++++--- - include/grub/efi/api.h | 55 +++++++++++++++++++++++++++++- + grub-core/net/drivers/efi/efinet.c | 24 +++++++++++++---- + include/grub/efi/api.h | 55 +++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 6 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f952ba..fc90415f29 100644 +index 5388f95..fc90415 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -378,11 +378,25 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, @@ -52,7 +51,7 @@ } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index addcbfa8fb..ca6cdc1596 100644 +index addcbfa..ca6cdc1 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -1452,14 +1452,67 @@ typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output diff -Nru grub2-unsigned-2.04/debian/patches/efi-variable-storage-minimise-writes.patch grub2-unsigned-2.04/debian/patches/efi-variable-storage-minimise-writes.patch --- grub2-unsigned-2.04/debian/patches/efi-variable-storage-minimise-writes.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/efi-variable-storage-minimise-writes.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c4bb7e3976f1c6edb995e6f78f55f81d76e8d701 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:17:43 +0000 Subject: Minimise writes to EFI variable storage @@ -51,8 +50,8 @@ Makefile.util.def | 20 ++ configure.ac | 12 + grub-core/osdep/efivar.c | 3 + - grub-core/osdep/unix/efivar.c | 508 ++++++++++++++++++++++++++++++++ - grub-core/osdep/unix/platform.c | 100 +------ + grub-core/osdep/unix/efivar.c | 508 ++++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/unix/platform.c | 100 +------- include/grub/util/install.h | 5 + util/grub-install.c | 4 +- 8 files changed, 562 insertions(+), 95 deletions(-) @@ -60,7 +59,7 @@ create mode 100644 grub-core/osdep/unix/efivar.c diff --git a/INSTALL b/INSTALL -index 8acb409023..342c158e91 100644 +index 8acb409..342c158 100644 --- a/INSTALL +++ b/INSTALL @@ -41,6 +41,11 @@ configuring the GRUB. @@ -76,7 +75,7 @@ * libdevmapper 1.02.34 or later (recommended) diff --git a/Makefile.util.def b/Makefile.util.def -index ce133e694e..504d1c0581 100644 +index ce133e6..504d1c0 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -565,6 +565,8 @@ program = { @@ -180,7 +179,7 @@ script = { diff --git a/configure.ac b/configure.ac -index e382c7480d..883245553d 100644 +index e382c74..8832455 100644 --- a/configure.ac +++ b/configure.ac @@ -443,6 +443,18 @@ AC_CHECK_HEADER([util.h], [ @@ -204,7 +203,7 @@ CFLAGS="$HOST_CFLAGS -Wtrampolines -Werror" diff --git a/grub-core/osdep/efivar.c b/grub-core/osdep/efivar.c new file mode 100644 -index 0000000000..d2750e2524 +index 0000000..d2750e2 --- /dev/null +++ b/grub-core/osdep/efivar.c @@ -0,0 +1,3 @@ @@ -213,7 +212,7 @@ +#endif diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c new file mode 100644 -index 0000000000..4a58328b42 +index 0000000..4a58328 --- /dev/null +++ b/grub-core/osdep/unix/efivar.c @@ -0,0 +1,508 @@ @@ -726,7 +725,7 @@ + +#endif /* HAVE_EFIVAR */ diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 9c439326a0..b561174ea9 100644 +index 9c43932..b561174 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -19,15 +19,12 @@ @@ -856,7 +855,7 @@ void diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 8aeb5c4f20..a521f1663f 100644 +index 8aeb5c4..a521f16 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,6 +219,11 @@ grub_install_get_default_x86_platform (void); @@ -872,7 +871,7 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index 4bad8de612..63462e4e09 100644 +index 4bad8de..63462e4 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2084,7 +2084,7 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/gettext-quiet.patch grub2-unsigned-2.04/debian/patches/gettext-quiet.patch --- grub2-unsigned-2.04/debian/patches/gettext-quiet.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/gettext-quiet.patch 2022-05-31 15:15:51.000000000 +0000 @@ -1,4 +1,3 @@ -From 64b89f49fa9c0ac6f509a336461bb6873529b558 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:02 +0000 Subject: Silence error messages when translations are unavailable @@ -13,7 +12,7 @@ 1 file changed, 5 insertions(+) diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 4d02e62c10..2a19389f2a 100644 +index 4d02e62..2a19389 100644 --- a/grub-core/gettext/gettext.c +++ b/grub-core/gettext/gettext.c @@ -427,6 +427,11 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, diff -Nru grub2-unsigned-2.04/debian/patches/gfxpayload-dynamic.patch grub2-unsigned-2.04/debian/patches/gfxpayload-dynamic.patch --- grub2-unsigned-2.04/debian/patches/gfxpayload-dynamic.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/gfxpayload-dynamic.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e08a572868894f248eef9606234b3fca208cdf8d Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Mon, 13 Jan 2014 12:13:29 +0000 Subject: Add configure option to enable gfxpayload=keep dynamically @@ -13,17 +12,17 @@ Patch-Name: gfxpayload-dynamic.patch --- - configure.ac | 11 ++ + configure.ac | 11 +++ grub-core/Makefile.core.def | 8 ++ - grub-core/commands/i386/pc/hwmatch.c | 146 +++++++++++++++++++++++++++ + grub-core/commands/i386/pc/hwmatch.c | 146 +++++++++++++++++++++++++++++++++++ include/grub/file.h | 1 + - util/grub.d/10_linux.in | 37 ++++++- - util/grub.d/10_linux_zfs.in | 46 ++++++++- + util/grub.d/10_linux.in | 37 ++++++++- + util/grub.d/10_linux_zfs.in | 46 ++++++++++- 6 files changed, 243 insertions(+), 6 deletions(-) create mode 100644 grub-core/commands/i386/pc/hwmatch.c diff --git a/configure.ac b/configure.ac -index 7dda5bb32b..dbc429ce0a 100644 +index 7dda5bb..dbc429c 100644 --- a/configure.ac +++ b/configure.ac @@ -1879,6 +1879,17 @@ else @@ -45,7 +44,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 474a63e68c..aadb4cdff8 100644 +index 474a63e..aadb4cd 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -971,6 +971,14 @@ module = { @@ -65,7 +64,7 @@ common = commands/keystatus.c; diff --git a/grub-core/commands/i386/pc/hwmatch.c b/grub-core/commands/i386/pc/hwmatch.c new file mode 100644 -index 0000000000..6de07cecc8 +index 0000000..6de07ce --- /dev/null +++ b/grub-core/commands/i386/pc/hwmatch.c @@ -0,0 +1,146 @@ @@ -216,7 +215,7 @@ + grub_unregister_command (cmd); +} diff --git a/include/grub/file.h b/include/grub/file.h -index 31567483cc..e3c4cae2b5 100644 +index 3156748..e3c4cae 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -122,6 +122,7 @@ enum grub_file_type @@ -228,7 +227,7 @@ GRUB_FILE_TYPE_LOADENV, GRUB_FILE_TYPE_SAVEENV, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2be66c7028..09393c28ee 100644 +index 2be66c7..09393c2 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -23,6 +23,7 @@ datarootdir="@datarootdir@" @@ -290,7 +289,7 @@ # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). submenu_indentation="" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 5aedc6cd83..ee1d1d272d 100755 +index 5aedc6c..ee1d1d2 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -22,6 +22,7 @@ datarootdir="@datarootdir@" diff -Nru grub2-unsigned-2.04/debian/patches/gfxpayload-keep-default.patch grub2-unsigned-2.04/debian/patches/gfxpayload-keep-default.patch --- grub2-unsigned-2.04/debian/patches/gfxpayload-keep-default.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/gfxpayload-keep-default.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 56c2a16008199e011b86494490a70eda70227c7f Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:09:45 +0200 Subject: Disable gfxpayload=keep by default @@ -24,7 +23,7 @@ 2 files changed, 8 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index a75096609a..f839b3b55f 100644 +index a750966..f839b3b 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -118,10 +118,6 @@ linux_entry () @@ -39,7 +38,7 @@ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then echo " load_video" | sed "s/^/$submenu_indentation/" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index f321fe2149..d128b82323 100755 +index f321fe2..d128b82 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -760,10 +760,6 @@ zfs_linux_entry () { diff -Nru grub2-unsigned-2.04/debian/patches/grub.cfg-400.patch grub2-unsigned-2.04/debian/patches/grub.cfg-400.patch --- grub2-unsigned-2.04/debian/patches/grub.cfg-400.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/grub.cfg-400.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From e0ceb93ec1feab2b084f58d98f8c865847354254 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Mon, 13 Jan 2014 12:12:55 +0000 -Subject: Make grub.cfg world-readable if it contains no passwords - -Patch-Name: grub.cfg-400.patch ---- - util/grub-mkconfig.in | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 9f477ff054..45cd4cc541 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do - esac - done - -+if [ "x${grub_cfg}" != "x" ] && ! grep "^password" ${grub_cfg}.new >/dev/null; then -+ chmod 444 ${grub_cfg}.new || true -+fi -+ - if test "x${grub_cfg}" != "x" ; then - if ! ${grub_script_check} ${grub_cfg}.new; then - # TRANSLATORS: %s is replaced by filename diff -Nru grub2-unsigned-2.04/debian/patches/grub-install-backup-and-restore.patch grub2-unsigned-2.04/debian/patches/grub-install-backup-and-restore.patch --- grub2-unsigned-2.04/debian/patches/grub-install-backup-and-restore.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/grub-install-backup-and-restore.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0e69b48858ba0d94d854bcde740d64f700903d5c Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 19 Aug 2020 01:49:09 +0100 Subject: grub-install: Add backup and restore @@ -24,11 +23,11 @@ Patch-Name: grub-install-backup-and-restore.patch --- configure.ac | 2 +- - util/grub-install-common.c | 105 +++++++++++++++++++++++++++++++------ + util/grub-install-common.c | 105 ++++++++++++++++++++++++++++++++++++++------- 2 files changed, 91 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac -index 1819188f9f..6a88b9b0c0 100644 +index 1819188..6a88b9b 100644 --- a/configure.ac +++ b/configure.ac @@ -420,7 +420,7 @@ else @@ -41,7 +40,7 @@ # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 447504d3f4..61f9075bcc 100644 +index 447504d..61f9075 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -185,38 +185,113 @@ grub_install_mkdir_p (const char *dst) diff -Nru grub2-unsigned-2.04/debian/patches/grub-install-pvxen-paths.patch grub2-unsigned-2.04/debian/patches/grub-install-pvxen-paths.patch --- grub2-unsigned-2.04/debian/patches/grub-install-pvxen-paths.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/grub-install-pvxen-paths.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 56b487b186dbcddf31cbadcf91496ab729d55b81 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sat, 6 Sep 2014 12:20:12 +0100 Subject: grub-install: Install PV Xen binaries into the upstream specified @@ -20,15 +19,12 @@ Last-Update: 2014-10-24 Patch-Name: grub-install-pvxen-paths.patch - ---- -v2: Respect bootdir, create /boot/xen as needed. --- util/grub-install.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 70d6700de8..64c292383f 100644 +index 70d6700..64c2923 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2058,6 +2058,28 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/grub-legacy-0-based-partitions.patch grub2-unsigned-2.04/debian/patches/grub-legacy-0-based-partitions.patch --- grub2-unsigned-2.04/debian/patches/grub-legacy-0-based-partitions.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/grub-legacy-0-based-partitions.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From fbb34837e1b3185dd2a55d8aeb9b23a8fcc50d54 Mon Sep 17 00:00:00 2001 From: Robert Millan Date: Mon, 13 Jan 2014 12:12:53 +0000 Subject: Support running grub-probe in grub-legacy's update-grub @@ -13,7 +12,7 @@ 1 file changed, 14 insertions(+) diff --git a/util/getroot.c b/util/getroot.c -index 847406fbab..cdd41153c5 100644 +index 847406f..cdd4115 100644 --- a/util/getroot.c +++ b/util/getroot.c @@ -245,6 +245,20 @@ find_partition (grub_disk_t dsk __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/ieee1275-clear-reset.patch grub2-unsigned-2.04/debian/patches/ieee1275-clear-reset.patch --- grub2-unsigned-2.04/debian/patches/ieee1275-clear-reset.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ieee1275-clear-reset.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4ac72abaf4d300b357919e8a9eb47fb9575988cf Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 18:41:29 -0300 Subject: Include a text attribute reset in the clear command for ppc @@ -18,7 +17,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c -index d317efa368..63892ad427 100644 +index d317efa..63892ad 100644 --- a/grub-core/term/terminfo.c +++ b/grub-core/term/terminfo.c @@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_term_output *term, diff -Nru grub2-unsigned-2.04/debian/patches/ignore-grub_func_test-failures.patch grub2-unsigned-2.04/debian/patches/ignore-grub_func_test-failures.patch --- grub2-unsigned-2.04/debian/patches/ignore-grub_func_test-failures.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ignore-grub_func_test-failures.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,4 +1,3 @@ -From d0d80daa3c2a6620ef62d32ac3abac2d9e02c8ee Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:32 +0000 Subject: Ignore functional test failures for now as they are broken @@ -14,7 +13,7 @@ 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/grub_func_test.in b/tests/grub_func_test.in -index c67f9e4225..728cd6e066 100644 +index c67f9e4..728cd6e 100644 --- a/tests/grub_func_test.in +++ b/tests/grub_func_test.in @@ -16,6 +16,8 @@ out=`echo all_functional_test | @builddir@/grub-shell --timeout=3600 --files="/b diff -Nru grub2-unsigned-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch grub2-unsigned-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch --- grub2-unsigned-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From a45af0be1963f94dd9ea5a30796d2e371fc6cfd4 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sun, 30 Nov 2014 12:12:52 +0000 Subject: Arrange to insmod xzio and lzopio when booting a kernel as a Xen @@ -21,7 +20,7 @@ 2 files changed, 2 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2c418c5ec8..85b30084ad 100644 +index 2c418c5..85b3008 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -166,6 +166,7 @@ linux_entry () @@ -33,7 +32,7 @@ if [ x$dirname = x/ ]; then if [ -z "${prepare_root_cache}" ]; then diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 4bacf6e2c2..735b46af65 100755 +index 4bacf6e..735b46a 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -854,6 +854,7 @@ zfs_linux_entry () { diff -Nru grub2-unsigned-2.04/debian/patches/install-efi-fallback.patch grub2-unsigned-2.04/debian/patches/install-efi-fallback.patch --- grub2-unsigned-2.04/debian/patches/install-efi-fallback.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/install-efi-fallback.patch 2022-05-31 15:15:51.000000000 +0000 @@ -1,4 +1,3 @@ -From b58f3835ad1edaac665bcf8cf0ac73c0026be3ee Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:05 +0000 Subject: Fall back to non-EFI if booted using EFI but -efi is missing @@ -15,11 +14,11 @@ Patch-Name: install-efi-fallback.patch --- - grub-core/osdep/linux/platform.c | 40 ++++++++++++++++++++++++++++---- + grub-core/osdep/linux/platform.c | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index e28a79dab3..2e7f720869 100644 +index e28a79d..2e7f720 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -19,10 +19,12 @@ diff -Nru grub2-unsigned-2.04/debian/patches/install-efi-ubuntu-flavours.patch grub2-unsigned-2.04/debian/patches/install-efi-ubuntu-flavours.patch --- grub2-unsigned-2.04/debian/patches/install-efi-ubuntu-flavours.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/install-efi-ubuntu-flavours.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6640902c6ef375315f2e1a2d513bc3777fcba90e Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:27 +0000 Subject: Cope with Kubuntu setting GRUB_DISTRIBUTOR @@ -17,7 +16,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index e1e40cf2b5..f0d59c1809 100644 +index e1e40cf..f0d59c1 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1115,6 +1115,8 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/install-locale-langpack.patch grub2-unsigned-2.04/debian/patches/install-locale-langpack.patch --- grub2-unsigned-2.04/debian/patches/install-locale-langpack.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/install-locale-langpack.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2c06e4070f9cdfdf96cfac02ea7a3feb0111c448 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:07 +0000 Subject: Prefer translations from Ubuntu language packs if available @@ -13,7 +12,7 @@ 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index ca0ac612ac..fdfe2c7ead 100644 +index ca0ac61..fdfe2c7 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -609,17 +609,25 @@ get_localedir (void) diff -Nru grub2-unsigned-2.04/debian/patches/install-powerpc-machtypes.patch grub2-unsigned-2.04/debian/patches/install-powerpc-machtypes.patch --- grub2-unsigned-2.04/debian/patches/install-powerpc-machtypes.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/install-powerpc-machtypes.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0d9799ac663e048bb719a685fc9a4f717afa8084 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 28 Jan 2014 14:40:02 +0000 Subject: Port yaboot logic for various powerpc machine types @@ -17,15 +16,15 @@ Patch-Name: install-powerpc-machtypes.patch --- grub-core/osdep/basic/platform.c | 5 +++ - grub-core/osdep/linux/platform.c | 72 ++++++++++++++++++++++++++++++ - grub-core/osdep/unix/platform.c | 28 +++++++++--- - grub-core/osdep/windows/platform.c | 6 +++ + grub-core/osdep/linux/platform.c | 72 ++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/unix/platform.c | 28 +++++++++++---- + grub-core/osdep/windows/platform.c | 6 ++++ include/grub/util/install.h | 3 ++ - util/grub-install.c | 11 +++++ + util/grub-install.c | 11 ++++++ 6 files changed, 119 insertions(+), 6 deletions(-) diff --git a/grub-core/osdep/basic/platform.c b/grub-core/osdep/basic/platform.c -index a7dafd85a9..6c293ed2d0 100644 +index a7dafd8..6c293ed 100644 --- a/grub-core/osdep/basic/platform.c +++ b/grub-core/osdep/basic/platform.c @@ -30,3 +30,8 @@ grub_install_get_default_x86_platform (void) @@ -38,7 +37,7 @@ + return "generic"; +} diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index 2e7f720869..5b37366d4d 100644 +index 2e7f720..5b37366 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -24,6 +24,7 @@ @@ -125,7 +124,7 @@ + return machtype; +} diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 55b8f40162..9c439326a0 100644 +index 55b8f40..9c43932 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -218,13 +218,29 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, @@ -165,7 +164,7 @@ free (boot_device); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 7eb53fe01b..e19a3d9a8a 100644 +index 7eb53fe..e19a3d9 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -128,6 +128,12 @@ grub_install_get_default_x86_platform (void) @@ -182,7 +181,7 @@ get_efi_variable (const wchar_t *varname, ssize_t *len) { diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 2631b10745..8aeb5c4f20 100644 +index 2631b10..8aeb5c4 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -216,6 +216,9 @@ grub_install_get_default_arm_platform (void); @@ -196,7 +195,7 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index f0d59c1809..70d6700de8 100644 +index f0d59c1..70d6700 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1177,7 +1177,18 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/install-stage2-confusion.patch grub2-unsigned-2.04/debian/patches/install-stage2-confusion.patch --- grub2-unsigned-2.04/debian/patches/install-stage2-confusion.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/install-stage2-confusion.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 339a65e413f0e6e14c41548ebdd1ce6203c41651 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:58 +0000 Subject: If GRUB Legacy is still around, tell packaging to ignore it @@ -13,7 +12,7 @@ 1 file changed, 14 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4b8d..3b4606eef1 100644 +index 8a55ad4..3b4606e 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -42,6 +42,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/maybe-quiet.patch grub2-unsigned-2.04/debian/patches/maybe-quiet.patch --- grub2-unsigned-2.04/debian/patches/maybe-quiet.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/maybe-quiet.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 4eeef764f36e4aa0b98af635024b33abec76aa0f Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:20:15 +0200 Subject: Add configure option to reduce visual clutter at boot time @@ -47,7 +46,7 @@ 10 files changed, 118 insertions(+), 8 deletions(-) diff --git a/config.h.in b/config.h.in -index 9e8f9911b1..d2c4ce8e51 100644 +index 9e8f991..d2c4ce8 100644 --- a/config.h.in +++ b/config.h.in @@ -12,6 +12,8 @@ @@ -60,7 +59,7 @@ /* We don't need those. */ #define MINILZO_CFG_SKIP_LZO_PTR 1 diff --git a/configure.ac b/configure.ac -index 1e5abc67d9..ea00ccd691 100644 +index 1e5abc6..ea00ccd 100644 --- a/configure.ac +++ b/configure.ac @@ -1857,6 +1857,17 @@ else @@ -93,7 +92,7 @@ echo "*******************************************************" ] diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S -index 2bd0b2d286..b0c0f2225e 100644 +index 2bd0b2d..b0c0f22 100644 --- a/grub-core/boot/i386/pc/boot.S +++ b/grub-core/boot/i386/pc/boot.S @@ -19,6 +19,9 @@ @@ -125,7 +124,7 @@ movw $disk_address_packet, %si diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S -index c1addc0df2..9b6d7a7edc 100644 +index c1addc0..9b6d7a7 100644 --- a/grub-core/boot/i386/pc/diskboot.S +++ b/grub-core/boot/i386/pc/diskboot.S @@ -18,6 +18,9 @@ @@ -205,7 +204,7 @@ notification_step: .asciz "." diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 9cad0c4485..714b63d674 100644 +index 9cad0c4..714b63d 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -264,15 +264,25 @@ reclaim_module_space (void) @@ -248,7 +247,7 @@ grub_rescue_run (); } diff --git a/grub-core/kern/rescue_reader.c b/grub-core/kern/rescue_reader.c -index dcd7d44397..a93524eabb 100644 +index dcd7d44..a93524e 100644 --- a/grub-core/kern/rescue_reader.c +++ b/grub-core/kern/rescue_reader.c @@ -78,7 +78,9 @@ grub_rescue_read_line (char **line, int cont, @@ -262,7 +261,7 @@ while (1) { diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 1b03dfd57b..0aa389fa16 100644 +index 1b03dfd..0aa389f 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -389,6 +389,15 @@ static grub_err_t @@ -292,7 +291,7 @@ while (1) { diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 3611ee9ea7..ebf5a0f109 100644 +index 3611ee9..ebf5a0f 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -827,12 +827,18 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -339,7 +338,7 @@ if (auto_boot) grub_menu_execute_with_fallback (menu, e, autobooted, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index cb1cc200e4..479a8bf4e5 100644 +index cb1cc20..479a8bf 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -21,6 +21,7 @@ prefix="@prefix@" @@ -386,7 +385,7 @@ EOF fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 511c182944..caead8a0c2 100755 +index 511c182..caead8a 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -20,6 +20,7 @@ set -e diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-loopback.patch grub2-unsigned-2.04/debian/patches/mkconfig-loopback.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-loopback.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-loopback.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From ce20933b52d3dea2ea1ba3291a960246135ecf51 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:00 +0000 Subject: Handle filesystems loop-mounted on file images @@ -21,7 +20,7 @@ 3 files changed, 34 insertions(+) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b6606c16e0..b05df554da 100644 +index b6606c1..b05df55 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -133,6 +133,22 @@ prepare_grub_to_access_device () @@ -63,7 +62,7 @@ grub_get_device_id () diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index f839b3b55f..d927b60ae2 100644 +index f839b3b..d927b60 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -40,6 +40,11 @@ fi @@ -79,7 +78,7 @@ esac diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 96179ea613..9a8d42fb57 100644 +index 96179ea..9a8d42f 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -40,6 +40,11 @@ fi diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-mid-upgrade.patch grub2-unsigned-2.04/debian/patches/mkconfig-mid-upgrade.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-mid-upgrade.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-mid-upgrade.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 6239ec925ac05ee2841851bb7f863cfff9ffc8e9 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:03 +0000 Subject: Bail out if trying to run grub-mkconfig during upgrade to 2.00 @@ -20,7 +19,7 @@ 1 file changed, 7 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 45cd4cc541..b506d63bf9 100644 +index 9f477ff..5d29aa4 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -102,6 +102,13 @@ do diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-nonexistent-loopback.patch grub2-unsigned-2.04/debian/patches/mkconfig-nonexistent-loopback.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-nonexistent-loopback.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-nonexistent-loopback.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From ab207432e5c23421042d5f7b1216562ea176158a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:08 +0000 Subject: Avoid getting confused by inaccessible loop device backing paths @@ -14,7 +13,7 @@ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b05df554da..fe6319abe0 100644 +index b05df55..fe6319a 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -143,7 +143,7 @@ prepare_grub_to_access_device () @@ -27,7 +26,7 @@ esac ;; diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 775ceb2e04..b7e1147c41 100644 +index 775ceb2..b7e1147 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -219,6 +219,11 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-other-inits.patch grub2-unsigned-2.04/debian/patches/mkconfig-other-inits.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-other-inits.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-other-inits.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 89aa947724168bf12c4f08171973f970f99c9f23 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 3 Jan 2015 12:04:59 +0000 Subject: Generate alternative init entries in advanced menu @@ -18,7 +17,7 @@ 2 files changed, 21 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 85b30084ad..dff84edea5 100644 +index 85b3008..dff84ed 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,6 +32,7 @@ export TEXTDOMAIN=@PACKAGE@ @@ -53,7 +52,7 @@ linux_entry "${OS}" "${version}" recovery \ "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index f2ee0532bd..81e5f0d7e4 100644 +index f2ee053..81e5f0d 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -27,6 +27,7 @@ export TEXTDOMAIN=@PACKAGE@ diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-recovery-title.patch grub2-unsigned-2.04/debian/patches/mkconfig-recovery-title.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-recovery-title.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-recovery-title.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From bbdf64ee17c9ac16e3ba96e91e0bfa94b8618642 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:33 +0000 Subject: Add GRUB_RECOVERY_TITLE option @@ -22,7 +21,7 @@ 8 files changed, 21 insertions(+), 11 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index a835d0ae42..3ec35d315a 100644 +index a835d0a..3ec35d3 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1536,6 +1536,11 @@ a console is restricted or limited. @@ -38,7 +37,7 @@ The following options are still accepted for compatibility with existing diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 3072143105..9c1da64771 100644 +index f4ef79b..aaef3ab 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -196,6 +196,10 @@ GRUB_ACTUAL_DEFAULT="$GRUB_DEFAULT" @@ -63,7 +62,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_hurd.in b/util/grub.d/10_hurd.in -index 59a9a48a2f..7fa3a3fbd8 100644 +index 59a9a48..7fa3a3f 100644 --- a/util/grub.d/10_hurd.in +++ b/util/grub.d/10_hurd.in @@ -88,8 +88,8 @@ hurd_entry () { @@ -78,7 +77,7 @@ title="$(gettext_printf "%s, with Hurd %s" "${OS}" "${kernel_base}")" oldtitle="$OS using $kernel_base" diff --git a/util/grub.d/10_kfreebsd.in b/util/grub.d/10_kfreebsd.in -index 9d8e8fd852..8301d361a1 100644 +index 9d8e8fd..8301d36 100644 --- a/util/grub.d/10_kfreebsd.in +++ b/util/grub.d/10_kfreebsd.in @@ -76,7 +76,7 @@ kfreebsd_entry () @@ -91,7 +90,7 @@ title="$(gettext_printf "%s, with kFreeBSD %s" "${os}" "${version}")" fi diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index cc2dd855ab..2c418c5ec8 100644 +index cc2dd85..2c418c5 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -130,7 +130,7 @@ linux_entry () @@ -104,7 +103,7 @@ title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; esac diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 055a542346..4bacf6e2c2 100755 +index 055a542..4bacf6e 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -974,7 +974,7 @@ generate_grub_menu() { @@ -138,7 +137,7 @@ fi diff --git a/util/grub.d/10_netbsd.in b/util/grub.d/10_netbsd.in -index 874f59969e..bb29cc0468 100644 +index 874f599..bb29cc0 100644 --- a/util/grub.d/10_netbsd.in +++ b/util/grub.d/10_netbsd.in @@ -102,7 +102,7 @@ netbsd_entry () @@ -151,7 +150,7 @@ title="$(gettext_printf "%s, with kernel %s (via %s)" "${OS}" "$(echo ${kernel} | sed -e 's,^.*/,,')" "${loader}")" fi diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 9a8d42fb57..f2ee0532bd 100644 +index 9a8d42f..f2ee053 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -105,7 +105,7 @@ linux_entry () diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-signed-kernel.patch grub2-unsigned-2.04/debian/patches/mkconfig-signed-kernel.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-signed-kernel.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-signed-kernel.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 959cc3f8d5f0316fcf691d7933679f44deacea64 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:17:45 +0200 Subject: Generate configuration for signed UEFI kernels if available @@ -13,7 +12,7 @@ 2 files changed, 36 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 19e4df4ad8..cb1cc200e4 100644 +index 19e4df4..cb1cc20 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -165,8 +165,16 @@ linux_entry () @@ -48,7 +47,7 @@ basename=`basename $linux` dirname=`dirname $linux` diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 2149864f20..511c182944 100755 +index 2149864..511c182 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -339,6 +339,16 @@ try_default_layout_bpool() { diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-distributor.patch grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-distributor.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-distributor.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-distributor.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c6a65a35584bc92ce5dda728687a022b779cd4c6 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:13:14 +0000 Subject: Remove GNU/Linux from default distributor string for Ubuntu @@ -17,7 +16,7 @@ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index fcd3033872..19e4df4ad8 100644 +index fcd3033..19e4df4 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,7 +32,14 @@ CLASS="--class gnu-linux --class gnu --class os" @@ -37,7 +36,7 @@ fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 302df63551..2149864f20 100755 +index 302df63..2149864 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -807,7 +807,14 @@ generate_grub_menu() { diff -Nru grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-recovery.patch grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-recovery.patch --- grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-recovery.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkconfig-ubuntu-recovery.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,9 +1,8 @@ -From 793ba0852b516e13976f0344e8be0ac20e694b8e Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:16:36 +0200 Subject: "single" -> "recovery" when friendly-recovery is installed MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 +Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit If configured with --enable-ubuntu-recovery, also set nomodeset for @@ -24,7 +23,7 @@ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac -index 7656f2434e..1e5abc67d9 100644 +index 7656f24..1e5abc6 100644 --- a/configure.ac +++ b/configure.ac @@ -1846,6 +1846,17 @@ fi @@ -46,7 +45,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index d927b60ae2..fcd3033872 100644 +index d927b60..fcd3033 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -20,6 +20,7 @@ set -e @@ -94,7 +93,7 @@ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index d128b82323..302df63551 100755 +index d128b82..302df63 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -19,6 +19,7 @@ set -e @@ -141,7 +140,7 @@ # IFS is set to TAB (ASCII 0x09) echo "${menu_metadata}" | diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 515a68c7aa..775ceb2e04 100644 +index 515a68c..775ceb2 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -220,7 +220,7 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/mkrescue-efi-modules.patch grub2-unsigned-2.04/debian/patches/mkrescue-efi-modules.patch --- grub2-unsigned-2.04/debian/patches/mkrescue-efi-modules.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/mkrescue-efi-modules.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From cf8d1e376e2e5af6aa704cc113c9bbb7038e0253 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:12:59 +0000 Subject: Build vfat into EFI boot images @@ -14,7 +13,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index ce2cbc4f10..45d6140d3e 100644 +index ce2cbc4..45d6140 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -750,6 +750,7 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch grub2-unsigned-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch --- grub2-unsigned-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 8524df04e91b47acec4977616544ca30ed91ba64 Mon Sep 17 00:00:00 2001 From: Aaron Miller Date: Thu, 27 Oct 2016 17:39:49 -0400 Subject: net: read bracketed ipv6 addrs and port numbers @@ -9,14 +8,14 @@ Patch-Name: net-read-bracketed-ipv6-addr.patch --- - grub-core/net/http.c | 21 ++++++++-- - grub-core/net/net.c | 93 +++++++++++++++++++++++++++++++++++++++++--- - grub-core/net/tftp.c | 6 ++- + grub-core/net/http.c | 21 +++++++++--- + grub-core/net/net.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++---- + grub-core/net/tftp.c | 6 +++- include/grub/net.h | 1 + 4 files changed, 110 insertions(+), 11 deletions(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 5aa4ad3bef..f182d7b871 100644 +index 5aa4ad3..f182d7b 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -312,12 +312,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) @@ -74,7 +73,7 @@ file); if (!data->sock) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d5d726a315..b917a75d54 100644 +index d5d726a..b917a75 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -437,6 +437,12 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) @@ -211,7 +210,7 @@ } } diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7d90bf66e7..a0817a075d 100644 +index 7d90bf6..a0817a0 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -314,6 +314,7 @@ tftp_open (struct grub_file *file, const char *filename) @@ -241,7 +240,7 @@ if (!data->sock) { diff --git a/include/grub/net.h b/include/grub/net.h -index 4a9069a147..cc114286ea 100644 +index 4a9069a..cc11428 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -270,6 +270,7 @@ typedef struct grub_net diff -Nru grub2-unsigned-2.04/debian/patches/no-devicetree-if-secure-boot.patch grub2-unsigned-2.04/debian/patches/no-devicetree-if-secure-boot.patch --- grub2-unsigned-2.04/debian/patches/no-devicetree-if-secure-boot.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/no-devicetree-if-secure-boot.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 024e855c1bda3d95db303447da2682abbeea52d5 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 24 Apr 2019 10:03:04 -0400 Subject: Forbid the "devicetree" command when Secure Boot is enabled. @@ -17,7 +16,7 @@ 2 files changed, 20 insertions(+) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 51684914cf..092e8e3077 100644 +index 5168491..092e8e3 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -30,6 +30,10 @@ @@ -47,7 +46,7 @@ if (!dtb) return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index ee9c5592c7..f0c2d91be2 100644 +index ee9c559..f0c2d91 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -123,6 +123,14 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/no-insmod-on-sb.patch grub2-unsigned-2.04/debian/patches/no-insmod-on-sb.patch --- grub2-unsigned-2.04/debian/patches/no-insmod-on-sb.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/no-insmod-on-sb.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 397e930e2efd7b64a56cf8f6332ea024b33352e6 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 13 Jan 2014 12:13:09 +0000 Subject: Don't permit loading modules on UEFI secure boot @@ -16,7 +15,7 @@ 3 files changed, 42 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 48eb5e7b62..074dfc3c6f 100644 +index 48eb5e7..074dfc3 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -38,6 +38,10 @@ @@ -47,7 +46,7 @@ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb9051..96204e39b9 100644 +index 6e1ceb9..96204e3 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -86,7 +85,7 @@ /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index e90e00dc43..a237952b37 100644 +index e90e00d..a237952 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -82,6 +82,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, diff -Nru grub2-unsigned-2.04/debian/patches/olpc-prefix-hack.patch grub2-unsigned-2.04/debian/patches/olpc-prefix-hack.patch --- grub2-unsigned-2.04/debian/patches/olpc-prefix-hack.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/olpc-prefix-hack.patch 2022-05-31 15:15:51.000000000 +0000 @@ -1,4 +1,3 @@ -From f268916868b7b2a6b0012a23fb6f434eb208b834 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:50 +0000 Subject: Hack prefix for OLPC @@ -11,7 +10,7 @@ 1 file changed, 11 insertions(+) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d483e35eed..8b089b48d0 100644 +index d483e35..8b089b4 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -76,6 +76,7 @@ grub_exit (void) diff -Nru grub2-unsigned-2.04/debian/patches/ppc64el-disable-vsx.patch grub2-unsigned-2.04/debian/patches/ppc64el-disable-vsx.patch --- grub2-unsigned-2.04/debian/patches/ppc64el-disable-vsx.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ppc64el-disable-vsx.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,4 +1,3 @@ -From 0e3a6ed6535ffffaf73d856e0ad09fbf9e1c49c8 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 19:33:39 -0300 Subject: Disable VSX instruction @@ -21,7 +20,7 @@ 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/powerpc/ieee1275/startup.S b/grub-core/kern/powerpc/ieee1275/startup.S -index 21c884b433..de9a9601a9 100644 +index 21c884b..de9a960 100644 --- a/grub-core/kern/powerpc/ieee1275/startup.S +++ b/grub-core/kern/powerpc/ieee1275/startup.S @@ -20,6 +20,8 @@ diff -Nru grub2-unsigned-2.04/debian/patches/probe-fusionio.patch grub2-unsigned-2.04/debian/patches/probe-fusionio.patch --- grub2-unsigned-2.04/debian/patches/probe-fusionio.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/probe-fusionio.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From ee488b5b53a22883e0a8ec6b6805f6d059a2f56f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:31 +0000 Subject: Probe FusionIO devices @@ -14,7 +13,7 @@ 2 files changed, 32 insertions(+) diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 90d92d3ad5..7adc0f30ee 100644 +index 90d92d3..7adc0f3 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -950,6 +950,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, @@ -38,7 +37,7 @@ return path; diff --git a/util/deviceiter.c b/util/deviceiter.c -index a4971ef429..dddc50da7a 100644 +index a4971ef..dddc50d 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -383,6 +383,12 @@ get_nvme_disk_name (char *name, int controller, int namespace) diff -Nru grub2-unsigned-2.04/debian/patches/quick-boot-lvm.patch grub2-unsigned-2.04/debian/patches/quick-boot-lvm.patch --- grub2-unsigned-2.04/debian/patches/quick-boot-lvm.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/quick-boot-lvm.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,8 +1,7 @@ -From ff0377e2c0d02fc0751cf87c0e5ddb7046e44458 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 30 Oct 2018 15:04:16 -0700 -Subject: If we don't have writable grubenv and we're on EFI, always show the - menu +Subject: If we don't have writable grubenv and we're on EFI, + always show the menu If we don't have writable grubenv, recordfail doesn't work, which means our quickboot behavior - with a timeout of 0 - leaves the user without a @@ -26,7 +25,7 @@ 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 674a761402..b7135b655f 100644 +index 674a761..b7135b6 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -115,7 +115,7 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/quick-boot.patch grub2-unsigned-2.04/debian/patches/quick-boot.patch --- grub2-unsigned-2.04/debian/patches/quick-boot.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/quick-boot.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 98d8dd28e493b11d45f22b10de2568689c2b6c37 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:28 +0000 Subject: Add configure option to bypass boot menu if possible @@ -23,18 +22,18 @@ Patch-Name: quick-boot.patch --- - configure.ac | 11 ++++++ - docs/grub.texi | 14 +++++++ - grub-core/normal/menu.c | 24 ++++++++++++ + configure.ac | 11 +++++++ + docs/grub.texi | 14 +++++++++ + grub-core/normal/menu.c | 24 ++++++++++++++ util/grub-mkconfig.in | 3 +- - util/grub.d/00_header.in | 77 +++++++++++++++++++++++++++++++------ - util/grub.d/10_linux.in | 4 ++ + util/grub.d/00_header.in | 77 ++++++++++++++++++++++++++++++++++++++------- + util/grub.d/10_linux.in | 4 +++ util/grub.d/10_linux_zfs.in | 5 +++ - util/grub.d/30_os-prober.in | 21 ++++++++++ + util/grub.d/30_os-prober.in | 21 +++++++++++++ 8 files changed, 146 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac -index ea00ccd691..7dda5bb32b 100644 +index ea00ccd..7dda5bb 100644 --- a/configure.ac +++ b/configure.ac @@ -1868,6 +1868,17 @@ else @@ -56,7 +55,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/docs/grub.texi b/docs/grub.texi -index 87795075a8..a835d0ae42 100644 +index 8779507..a835d0a 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1522,6 +1522,20 @@ This option may be set to a list of GRUB module names separated by spaces. @@ -81,7 +80,7 @@ The following options are still accepted for compatibility with existing diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index ebf5a0f109..42c82290de 100644 +index ebf5a0f..42c8229 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -604,6 +604,30 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -116,7 +115,7 @@ { pos = grub_term_save_pos (); diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index d18bf972f7..3072143105 100644 +index e7ef32e..f4ef79b 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -250,7 +250,8 @@ export GRUB_DEFAULT \ @@ -130,7 +129,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 93a90233ea..674a761402 100644 +index 93a9023..674a761 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -21,6 +21,8 @@ prefix="@prefix@" @@ -259,7 +258,7 @@ EOF } diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 479a8bf4e5..2be66c7028 100644 +index 479a8bf..2be66c7 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -22,6 +22,7 @@ exec_prefix="@exec_prefix@" @@ -281,7 +280,7 @@ save_default_entry | grub_add_tab fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index caead8a0c2..5aedc6cd83 100755 +index caead8a..5aedc6c 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -21,6 +21,7 @@ prefix="@prefix@" @@ -304,7 +303,7 @@ GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} default_entry="$(save_default_entry)" diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 271044f592..da5f28876d 100644 +index 271044f..da5f288 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -20,12 +20,26 @@ set -e diff -Nru grub2-unsigned-2.04/debian/patches/restore-mkdevicemap.patch grub2-unsigned-2.04/debian/patches/restore-mkdevicemap.patch --- grub2-unsigned-2.04/debian/patches/restore-mkdevicemap.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/restore-mkdevicemap.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 36361f622c746acce148b9304e20c72a073fdaf0 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:01 +0000 Subject: Restore grub-mkdevicemap @@ -17,9 +16,9 @@ Makefile.util.def | 17 + docs/man/grub-mkdevicemap.h2m | 4 + include/grub/util/deviceiter.h | 14 + - util/deviceiter.c | 1021 ++++++++++++++++++++++++++++++++ + util/deviceiter.c | 1021 ++++++++++++++++++++++++++++++++++++++++ util/devicemap.c | 13 + - util/grub-mkdevicemap.c | 181 ++++++ + util/grub-mkdevicemap.c | 181 +++++++ 6 files changed, 1250 insertions(+) create mode 100644 docs/man/grub-mkdevicemap.h2m create mode 100644 include/grub/util/deviceiter.h @@ -28,7 +27,7 @@ create mode 100644 util/grub-mkdevicemap.c diff --git a/Makefile.util.def b/Makefile.util.def -index bac85e2840..eec1924b0e 100644 +index bac85e2..eec1924 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -324,6 +324,23 @@ program = { @@ -57,7 +56,7 @@ installdir = sbin; diff --git a/docs/man/grub-mkdevicemap.h2m b/docs/man/grub-mkdevicemap.h2m new file mode 100644 -index 0000000000..96cd6ee723 +index 0000000..96cd6ee --- /dev/null +++ b/docs/man/grub-mkdevicemap.h2m @@ -0,0 +1,4 @@ @@ -67,7 +66,7 @@ +.BR grub-probe (8) diff --git a/include/grub/util/deviceiter.h b/include/grub/util/deviceiter.h new file mode 100644 -index 0000000000..85374978c5 +index 0000000..8537497 --- /dev/null +++ b/include/grub/util/deviceiter.h @@ -0,0 +1,14 @@ @@ -87,7 +86,7 @@ +#endif /* ! GRUB_DEVICEITER_MACHINE_UTIL_HEADER */ diff --git a/util/deviceiter.c b/util/deviceiter.c new file mode 100644 -index 0000000000..a4971ef429 +index 0000000..a4971ef --- /dev/null +++ b/util/deviceiter.c @@ -0,0 +1,1021 @@ @@ -1114,7 +1113,7 @@ +} diff --git a/util/devicemap.c b/util/devicemap.c new file mode 100644 -index 0000000000..c61864420a +index 0000000..c618644 --- /dev/null +++ b/util/devicemap.c @@ -0,0 +1,13 @@ @@ -1133,7 +1132,7 @@ +} diff --git a/util/grub-mkdevicemap.c b/util/grub-mkdevicemap.c new file mode 100644 -index 0000000000..c4bbdbf69c +index 0000000..c4bbdbf --- /dev/null +++ b/util/grub-mkdevicemap.c @@ -0,0 +1,181 @@ diff -Nru grub2-unsigned-2.04/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch grub2-unsigned-2.04/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch --- grub2-unsigned-2.04/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b0ddb101577d1bd08311798587c4b678d82eaf3b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 26 Jun 2017 12:44:59 -0400 Subject: don't use int for efi status @@ -10,7 +9,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index d4a4be57cb..7cf003f713 100644 +index d4a4be5..7cf003f 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -167,7 +167,7 @@ grub_reboot (void) diff -Nru grub2-unsigned-2.04/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch grub2-unsigned-2.04/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch --- grub2-unsigned-2.04/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c0dfbc49747fa829f56e6b358bace9fe4873d6da Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 30 Jul 2018 14:06:42 -0400 Subject: efinet: also use the firmware acceleration for http @@ -11,7 +10,7 @@ 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 7aece1425b..c6e66596bf 100644 +index 7aece14..c6e6659 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -1336,7 +1336,9 @@ grub_efi_net_boot_from_https (void) diff -Nru grub2-unsigned-2.04/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch grub2-unsigned-2.04/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch --- grub2-unsigned-2.04/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From c953a05d3af4a53eb217939355ac455045f26628 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 26 Feb 2014 21:49:12 -0500 Subject: Make "exit" take a return code. @@ -29,7 +28,7 @@ 14 files changed, 48 insertions(+), 21 deletions(-) diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c -index 6bbce3128c..6d66b7c453 100644 +index 6bbce31..6d66b7c 100644 --- a/grub-core/commands/minicmd.c +++ b/grub-core/commands/minicmd.c @@ -179,12 +179,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), @@ -62,7 +61,7 @@ } diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 88bbd34eac..d4a4be57cb 100644 +index 88bbd34..d4a4be5 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -165,11 +165,16 @@ grub_reboot (void) @@ -85,7 +84,7 @@ } diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 425bb96034..55ea5a11cc 100644 +index 425bb96..55ea5a1 100644 --- a/grub-core/kern/emu/main.c +++ b/grub-core/kern/emu/main.c @@ -67,7 +67,7 @@ grub_reboot (void) @@ -98,7 +97,7 @@ grub_reboot (); } diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index dfd8a8ec48..0ff13bcaf8 100644 +index dfd8a8e..0ff13bc 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...) @@ -115,7 +114,7 @@ #endif diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c -index 3314f027fe..36f9134b7b 100644 +index 3314f02..36f9134 100644 --- a/grub-core/kern/i386/coreboot/init.c +++ b/grub-core/kern/i386/coreboot/init.c @@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; @@ -128,7 +127,7 @@ /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c -index 271b6fbfab..9fafe98f01 100644 +index 271b6fb..9fafe98 100644 --- a/grub-core/kern/i386/qemu/init.c +++ b/grub-core/kern/i386/qemu/init.c @@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; @@ -141,7 +140,7 @@ /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 8b089b48d0..085a6a33f8 100644 +index 8b089b4..085a6a3 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; @@ -154,7 +153,7 @@ grub_ieee1275_exit (); } diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c -index 3834a14909..86b3a25ec4 100644 +index 3834a14..86b3a25 100644 --- a/grub-core/kern/mips/arc/init.c +++ b/grub-core/kern/mips/arc/init.c @@ -276,7 +276,7 @@ grub_halt (void) @@ -167,7 +166,7 @@ GRUB_ARC_FIRMWARE_VECTOR->exit (); diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c -index 7b96531b98..dff598ca7b 100644 +index 7b96531..dff598c 100644 --- a/grub-core/kern/mips/loongson/init.c +++ b/grub-core/kern/mips/loongson/init.c @@ -304,7 +304,7 @@ grub_halt (void) @@ -180,7 +179,7 @@ grub_halt (); } diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c -index be88b77d22..8b6c55ffc0 100644 +index be88b77..8b6c55f 100644 --- a/grub-core/kern/mips/qemu_mips/init.c +++ b/grub-core/kern/mips/qemu_mips/init.c @@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) @@ -193,7 +192,7 @@ grub_halt (); } diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 83c068d61b..e742f56d20 100644 +index 83c068d..e742f56 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -1098,9 +1098,18 @@ grub_abort (void) @@ -217,7 +216,7 @@ grub_fatal (const char *fmt, ...) { diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c -index 3e338645c5..be2a5be1d0 100644 +index 3e33864..be2a5be 100644 --- a/grub-core/kern/uboot/init.c +++ b/grub-core/kern/uboot/init.c @@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; @@ -242,7 +241,7 @@ else if (ver > API_SIG_VERSION) { diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c -index 782ca72952..708b060f32 100644 +index 782ca72..708b060 100644 --- a/grub-core/kern/xen/init.c +++ b/grub-core/kern/xen/init.c @@ -584,7 +584,7 @@ grub_machine_init (void) @@ -255,7 +254,7 @@ struct sched_shutdown arg; diff --git a/include/grub/misc.h b/include/grub/misc.h -index ee48eb7a72..f9135b62e3 100644 +index ee48eb7..f9135b6 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -334,7 +334,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, diff -Nru grub2-unsigned-2.04/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch grub2-unsigned-2.04/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch --- grub2-unsigned-2.04/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch 2022-05-31 15:15:54.000000000 +0000 @@ -1,4 +1,3 @@ -From 6b6fec4b640a3ebea20ed727ca0cdb10358d58b6 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 7 Nov 2017 17:12:17 -0500 Subject: Make pmtimer tsc calibration not take 51 seconds to fail. @@ -62,11 +61,11 @@ Patch-Name: rhboot-f34-make-pmtimer-tsc-calibration-fast.patch --- - grub-core/kern/i386/tsc_pmtimer.c | 109 ++++++++++++++++++++++++------ + grub-core/kern/i386/tsc_pmtimer.c | 109 +++++++++++++++++++++++++++++++------- 1 file changed, 89 insertions(+), 20 deletions(-) diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c -index c9c3616997..ca15c3aacd 100644 +index c9c3616..ca15c3a 100644 --- a/grub-core/kern/i386/tsc_pmtimer.c +++ b/grub-core/kern/i386/tsc_pmtimer.c @@ -28,40 +28,101 @@ diff -Nru grub2-unsigned-2.04/debian/patches/rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch grub2-unsigned-2.04/debian/patches/rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch --- grub2-unsigned-2.04/debian/patches/rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2646b14f1081ad1eefa41b9ef98157cd7c428750 Mon Sep 17 00:00:00 2001 From: Robert Marshall Date: Mon, 16 Mar 2015 16:34:51 -0400 Subject: Update info with grub.cfg netboot selection order (#1148650) @@ -14,7 +13,7 @@ 1 file changed, 42 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi -index 1d60218bc4..d949edf88f 100644 +index 1d60218..d949edf 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -2518,6 +2518,48 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38 diff -Nru grub2-unsigned-2.04/debian/patches/series grub2-unsigned-2.04/debian/patches/series --- grub2-unsigned-2.04/debian/patches/series 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/series 2022-06-07 16:36:27.000000000 +0000 @@ -3,7 +3,6 @@ dpkg-version-comparison.patch grub-legacy-0-based-partitions.patch disable-floppies.patch -grub.cfg-400.patch ubuntu-zfs-enhance-support.patch gfxpayload-keep-default.patch install-stage2-confusion.patch @@ -236,3 +235,38 @@ 0236-gdb-Restrict-GDB-access-when-locked-down.patch 0237-loader-xnu-Don-t-allow-loading-extension-and-package.patch 0238-util-grub-install-Fix-NULL-pointer-dereferences.patch +0239-arm-linux-Fix-ARM-Linux-header-layout.patch +0240-tests-ahci_test.in-Replace-ide-drive-with-ide-hd.patch +0240-misc-Format-string-for-grub_error-should-be-a-litera.patch +0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch +0240-loader-efi-chainloader-simplify-the-loader-state.patch +0241-commands-boot-Add-API-to-pass-context-to-loader.patch +0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch +0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch +0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +0250-video-readers-png-Sanity-check-some-huffman-codes.patch +0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +0256-net-netbuff-Block-overly-large-netbuff-allocs.patch +0257-net-ip-Do-IP-fragment-maths-safely.patch +0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +0261-net-tftp-Avoid-a-trivial-UAF.patch +0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +0263-net-http-Fix-OOB-write-for-split-http-headers.patch +0264-net-http-Error-out-on-headers-with-LF-without-CR.patch +0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch +0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch diff -Nru grub2-unsigned-2.04/debian/patches/skip-grub_cmd_set_date.patch grub2-unsigned-2.04/debian/patches/skip-grub_cmd_set_date.patch --- grub2-unsigned-2.04/debian/patches/skip-grub_cmd_set_date.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/skip-grub_cmd_set_date.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,4 +1,3 @@ -From 1d6bd514733d871dbda295fa9eef90a85ad429c0 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 28 Oct 2018 19:45:56 +0000 Subject: Skip flaky grub_cmd_set_date test @@ -12,7 +11,7 @@ 1 file changed, 3 insertions(+) diff --git a/tests/grub_cmd_set_date.in b/tests/grub_cmd_set_date.in -index aac120a6c5..1bb5be4ca7 100644 +index aac120a..1bb5be4 100644 --- a/tests/grub_cmd_set_date.in +++ b/tests/grub_cmd_set_date.in @@ -1,6 +1,9 @@ diff -Nru grub2-unsigned-2.04/debian/patches/sleep-shift.patch grub2-unsigned-2.04/debian/patches/sleep-shift.patch --- grub2-unsigned-2.04/debian/patches/sleep-shift.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/sleep-shift.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0cfccb0f53056032a4730c0e39a246394bf22ad1 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:23 +0000 Subject: Allow Shift to interrupt 'sleep --interruptible' @@ -17,7 +16,7 @@ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/grub-core/commands/sleep.c b/grub-core/commands/sleep.c -index e77e7900fa..3906b14103 100644 +index e77e790..3906b14 100644 --- a/grub-core/commands/sleep.c +++ b/grub-core/commands/sleep.c @@ -46,6 +46,31 @@ do_print (int n) @@ -62,7 +61,7 @@ return 0; diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d5e0c79a70..3611ee9ea7 100644 +index d5e0c79..3611ee9 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -615,8 +615,27 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) diff -Nru grub2-unsigned-2.04/debian/patches/suse-add-support-for-UEFI-network-protocols.patch grub2-unsigned-2.04/debian/patches/suse-add-support-for-UEFI-network-protocols.patch --- grub2-unsigned-2.04/debian/patches/suse-add-support-for-UEFI-network-protocols.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/suse-add-support-for-UEFI-network-protocols.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 90d5226d9ebee1201531388589df4c17deb4c7e8 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Wed, 22 Feb 2017 14:27:50 +0800 Subject: Support UEFI networking protocols @@ -46,19 +45,19 @@ --- grub-core/Makefile.core.def | 6 + grub-core/io/bufio.c | 2 +- - grub-core/kern/efi/efi.c | 96 +- + grub-core/kern/efi/efi.c | 96 ++- grub-core/net/drivers/efi/efinet.c | 27 + - grub-core/net/efi/dhcp.c | 399 ++++++++ - grub-core/net/efi/http.c | 424 ++++++++ - grub-core/net/efi/ip4_config.c | 409 ++++++++ - grub-core/net/efi/ip6_config.c | 430 +++++++++ - grub-core/net/efi/net.c | 1440 ++++++++++++++++++++++++++++ - grub-core/net/efi/pxe.c | 424 ++++++++ + grub-core/net/efi/dhcp.c | 399 ++++++++++ + grub-core/net/efi/http.c | 424 +++++++++++ + grub-core/net/efi/ip4_config.c | 409 ++++++++++ + grub-core/net/efi/ip6_config.c | 430 +++++++++++ + grub-core/net/efi/net.c | 1440 ++++++++++++++++++++++++++++++++++++ + grub-core/net/efi/pxe.c | 424 +++++++++++ grub-core/net/net.c | 74 ++ - include/grub/efi/api.h | 181 +++- - include/grub/efi/dhcp.h | 343 +++++++ - include/grub/efi/http.h | 215 +++++ - include/grub/net/efi.h | 144 +++ + include/grub/efi/api.h | 181 ++++- + include/grub/efi/dhcp.h | 343 +++++++++ + include/grub/efi/http.h | 215 ++++++ + include/grub/net/efi.h | 144 ++++ 15 files changed, 4577 insertions(+), 37 deletions(-) create mode 100644 grub-core/net/efi/dhcp.c create mode 100644 grub-core/net/efi/http.c @@ -71,7 +70,7 @@ create mode 100644 include/grub/net/efi.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 9b20f33355..20be18575f 100644 +index 9b20f33..20be185 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2308,6 +2308,12 @@ module = { @@ -88,7 +87,7 @@ module = { diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c -index a458c3aca7..1637731535 100644 +index a458c3a..1637731 100644 --- a/grub-core/io/bufio.c +++ b/grub-core/io/bufio.c @@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len) @@ -101,7 +100,7 @@ if (file->offset + res < next_buf) { diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 7cf003f713..ff200a0457 100644 +index 7cf003f..ff200a0 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -732,7 +732,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) @@ -232,7 +231,7 @@ grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); break; diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 82a28fb6e9..f189209ba7 100644 +index 82a28fb..f189209 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -24,6 +24,7 @@ @@ -305,7 +304,7 @@ diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c new file mode 100644 -index 0000000000..4001c04a22 +index 0000000..4001c04 --- /dev/null +++ b/grub-core/net/efi/dhcp.c @@ -0,0 +1,399 @@ @@ -710,7 +709,7 @@ +grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c new file mode 100644 -index 0000000000..5fb472cb30 +index 0000000..5fb472c --- /dev/null +++ b/grub-core/net/efi/http.c @@ -0,0 +1,424 @@ @@ -1140,7 +1139,7 @@ + }; diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c new file mode 100644 -index 0000000000..cbed31a21e +index 0000000..cbed31a --- /dev/null +++ b/grub-core/net/efi/ip4_config.c @@ -0,0 +1,409 @@ @@ -1555,7 +1554,7 @@ + }; diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c new file mode 100644 -index 0000000000..df92b69d42 +index 0000000..df92b69 --- /dev/null +++ b/grub-core/net/efi/ip6_config.c @@ -0,0 +1,430 @@ @@ -1991,7 +1990,7 @@ + }; diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c new file mode 100644 -index 0000000000..2fe5fb63ca +index 0000000..2fe5fb6 --- /dev/null +++ b/grub-core/net/efi/net.c @@ -0,0 +1,1440 @@ @@ -3437,7 +3436,7 @@ +} diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c new file mode 100644 -index 0000000000..4b6b48cb12 +index 0000000..4b6b48c --- /dev/null +++ b/grub-core/net/efi/pxe.c @@ -0,0 +1,424 @@ @@ -3866,7 +3865,7 @@ + }; + diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index fed7bc57cb..2f869390ec 100644 +index fed7bc5..2f86939 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -32,6 +32,9 @@ @@ -3976,7 +3975,7 @@ +#endif } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 08bff60b51..49275e4117 100644 +index 08bff60..49275e4 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -593,6 +593,23 @@ typedef grub_uint16_t grub_efi_ipv6_address_t[8]; @@ -4228,7 +4227,7 @@ || defined(__riscv) diff --git a/include/grub/efi/dhcp.h b/include/grub/efi/dhcp.h new file mode 100644 -index 0000000000..fdb88eb810 +index 0000000..fdb88eb --- /dev/null +++ b/include/grub/efi/dhcp.h @@ -0,0 +1,343 @@ @@ -4577,7 +4576,7 @@ +#endif /* ! GRUB_EFI_DHCP_HEADER */ diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h new file mode 100644 -index 0000000000..c5e9a89f50 +index 0000000..c5e9a89 --- /dev/null +++ b/include/grub/efi/http.h @@ -0,0 +1,215 @@ @@ -4798,7 +4797,7 @@ +#endif /* !GRUB_EFI_HTTP_HEADER */ diff --git a/include/grub/net/efi.h b/include/grub/net/efi.h new file mode 100644 -index 0000000000..de90d223e8 +index 0000000..de90d22 --- /dev/null +++ b/include/grub/net/efi.h @@ -0,0 +1,144 @@ diff -Nru grub2-unsigned-2.04/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch grub2-unsigned-2.04/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch --- grub2-unsigned-2.04/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f4731462c8eff5c945f66e9c608904f5eb7ec8c2 Mon Sep 17 00:00:00 2001 From: Sebastian Krahmer Date: Tue, 28 Nov 2017 17:24:38 +0800 Subject: AUDIT-0: http boot tracker bug @@ -29,7 +28,7 @@ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 2fe5fb63ca..7aece1425b 100644 +index 2fe5fb6..7aece14 100644 --- a/grub-core/net/efi/net.c +++ b/grub-core/net/efi/net.c @@ -654,8 +654,10 @@ grub_efihttp_chunk_read (grub_file_t file, char *buf, @@ -45,7 +44,7 @@ if (buf) { diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index f182d7b871..5004ecfee4 100644 +index f182d7b..5004ecf 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -31,7 +31,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); diff -Nru grub2-unsigned-2.04/debian/patches/suse-grub.texi-add-net_bootp6-document.patch grub2-unsigned-2.04/debian/patches/suse-grub.texi-add-net_bootp6-document.patch --- grub2-unsigned-2.04/debian/patches/suse-grub.texi-add-net_bootp6-document.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/suse-grub.texi-add-net_bootp6-document.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From abdfa20f116af3cd589f2421ecf8e5dc4626511d Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Tue, 5 May 2015 14:19:24 +0800 Subject: grub.texi: Add net_bootp6 document @@ -14,7 +13,7 @@ 1 file changed, 17 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi -index d573f32cbb..1d60218bc4 100644 +index d573f32..1d60218 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5396,6 +5396,7 @@ This command is only available on AArch64 systems. diff -Nru grub2-unsigned-2.04/debian/patches/suse-search-for-specific-config-files-for-netboot.patch grub2-unsigned-2.04/debian/patches/suse-search-for-specific-config-files-for-netboot.patch --- grub2-unsigned-2.04/debian/patches/suse-search-for-specific-config-files-for-netboot.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/suse-search-for-specific-config-files-for-netboot.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From be1df389eddb18a458e2c66c18d29527c94c6028 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Wed, 22 Jan 2020 12:01:55 +0100 Subject: normal/main: Search for specific config files for netboot @@ -24,13 +23,13 @@ Patch-Name: suse-search-for-specific-config-files-for-netboot.patch --- - grub-core/net/net.c | 131 ++++++++++++++++++++++++++++++++++++++++ - grub-core/normal/main.c | 26 ++++++-- + grub-core/net/net.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++ + grub-core/normal/main.c | 26 ++++++++-- include/grub/net.h | 2 + 3 files changed, 155 insertions(+), 4 deletions(-) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 2f869390ec..ab506401bf 100644 +index 2f86939..ab50640 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -1819,6 +1819,137 @@ grub_net_restore_hw (void) @@ -172,7 +171,7 @@ static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index d25a8212c7..99faf41a8d 100644 +index d25a821..99faf41 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -18,6 +18,7 @@ @@ -216,7 +215,7 @@ grub_enter_normal_mode (config); grub_free (config); diff --git a/include/grub/net.h b/include/grub/net.h -index b5f9e617e5..b32d02e66c 100644 +index b5f9e61..b32d02e 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -641,6 +641,8 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s); diff -Nru grub2-unsigned-2.04/debian/patches/tftp-rollover-block-counter.patch grub2-unsigned-2.04/debian/patches/tftp-rollover-block-counter.patch --- grub2-unsigned-2.04/debian/patches/tftp-rollover-block-counter.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/tftp-rollover-block-counter.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From afe4989e469f56e64809716aaab3969374071ef8 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Thu, 10 Sep 2020 17:17:57 +0200 Subject: tftp: Roll-over block counter to prevent data packets timeouts @@ -49,7 +48,7 @@ 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index e6566fa176..33c0b8214e 100644 +index e6566fa..33c0b82 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -183,11 +183,22 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch grub2-unsigned-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From b99efd29e9b05fc4b2d7961186be315776d08342 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 22 May 2019 19:57:29 +0100 Subject: Add devicetree command, if a dtb is present. @@ -14,7 +13,7 @@ 1 file changed, 19 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index af1e096bd6..bbf5d73e39 100644 +index af1e096..bbf5d73 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -254,6 +254,17 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch grub2-unsigned-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f10e58a43fcbcd30760e811d2da0d14d751dbdb7 Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Fri, 9 Mar 2018 13:47:07 +0100 Subject: UBUNTU: Added initrd-less boot capabilities. @@ -11,15 +10,15 @@ Patch-Name: ubuntu-add-initrd-less-boot-fallback.patch --- Makefile.am | 3 ++ - configure.ac | 10 ++++++ - grub-initrd-fallback.service | 13 +++++++ - util/grub.d/00_header.in | 27 ++++++++++++++ - util/grub.d/10_linux.in | 68 +++++++++++++++++++++++++++--------- - 5 files changed, 105 insertions(+), 16 deletions(-) + configure.ac | 10 +++++++ + grub-initrd-fallback.service | 14 +++++++++ + util/grub.d/00_header.in | 27 ++++++++++++++++++ + util/grub.d/10_linux.in | 68 +++++++++++++++++++++++++++++++++----------- + 5 files changed, 106 insertions(+), 16 deletions(-) create mode 100644 grub-initrd-fallback.service diff --git a/Makefile.am b/Makefile.am -index 1f4bb9b8c5..e6a220711e 100644 +index 1f4bb9b..e6a2207 100644 --- a/Makefile.am +++ b/Makefile.am @@ -473,6 +473,9 @@ ChangeLog: FORCE @@ -33,7 +32,7 @@ syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg diff --git a/configure.ac b/configure.ac -index 883245553d..1819188f9f 100644 +index 8832455..1819188 100644 --- a/configure.ac +++ b/configure.ac @@ -305,6 +305,16 @@ AC_SUBST(grubdirname) @@ -55,14 +54,15 @@ # diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service new file mode 100644 -index 0000000000..fb0b76e193 +index 0000000..1a0a4e5 --- /dev/null +++ b/grub-initrd-fallback.service -@@ -0,0 +1,13 @@ +@@ -0,0 +1,14 @@ +[Unit] +Description=GRUB failed boot detection +After=local-fs.target +After=grub-common.service ++After=sleep.target + +[Service] +Type=oneshot @@ -71,9 +71,9 @@ +TimeoutSec=0 + +[Install] -+WantedBy=multi-user.target rescue.target emergency.target ++WantedBy=multi-user.target rescue.target emergency.target sleep.target diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index b7135b655f..2642f66c59 100644 +index b7135b6..2642f66 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -50,6 +50,18 @@ if [ -s \$prefix/grubenv ]; then @@ -118,7 +118,7 @@ cat < Date: Mon, 26 Oct 2020 11:38:34 +0000 Subject: Ubuntu: add initrd-less-boot informational messages @@ -9,11 +8,24 @@ Patch-Name: ubuntu-add-initrd-less-boot-messages.patch --- - util/grub.d/10_linux.in | 10 ++++++++++ - 1 file changed, 10 insertions(+) + grub-initrd-fallback.service | 1 + + util/grub.d/10_linux.in | 10 ++++++++++ + 2 files changed, 11 insertions(+) +diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service +index 1a0a4e5..59d1a62 100644 +--- a/grub-initrd-fallback.service ++++ b/grub-initrd-fallback.service +@@ -3,6 +3,7 @@ Description=GRUB failed boot detection + After=local-fs.target + After=grub-common.service + After=sleep.target ++ConditionPathExists=/boot/grub/grub.cfg + + [Service] + Type=oneshot diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 49e627228f..47daf51eed 100644 +index 49e6272..47daf51 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -160,6 +160,12 @@ if [ "$vt_handoff" = 1 ]; then diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch grub2-unsigned-2.04/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 66a9669965547561dc84be3887e84307333b5414 Mon Sep 17 00:00:00 2001 From: Michael Hudson-Doyle Date: Tue, 6 Aug 2019 12:31:47 +1200 Subject: UBUNTU: Boot from multipath-dependent symlink when / is multipathed. @@ -16,7 +15,7 @@ 1 file changed, 41 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index bbf5d73e39..14a89ba13d 100644 +index bbf5d73..14a89ba 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -65,6 +65,47 @@ esac diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-dejavu-font-path.patch grub2-unsigned-2.04/debian/patches/ubuntu-dejavu-font-path.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-dejavu-font-path.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-dejavu-font-path.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 687d60db13c0ada7390f762bf5b50f1028dd6ed4 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 14 Sep 2020 10:51:32 +0100 Subject: configure.ac: one more dejavu font search path @@ -11,7 +10,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 6a88b9b0c0..fae9171022 100644 +index 6a88b9b..fae9171 100644 --- a/configure.ac +++ b/configure.ac @@ -1671,7 +1671,7 @@ fi diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch grub2-unsigned-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 88154250a8b2be9cce677384e0ab71e6ae4284ff Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Mon, 1 Jun 2020 14:03:37 +0100 Subject: UBUNTU: disk/loopback: Don't verify loopback images @@ -22,7 +21,7 @@ 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c -index ccb4b167cc..210201d22d 100644 +index ccb4b16..210201d 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -86,7 +86,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args) diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch grub2-unsigned-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 966e6a4fc0e8958c35bb7e4d843a84f65765b1cc Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 27 Nov 2019 23:12:35 +0000 Subject: UBUNTU: Allow chainloading EFI apps from loop mounts. @@ -15,7 +14,7 @@ create mode 100644 include/grub/loopback.h diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c -index cdf9123fa5..ccb4b167cc 100644 +index cdf9123..ccb4b16 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -21,20 +21,13 @@ @@ -41,7 +40,7 @@ static unsigned long last_id = 0; diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index ec80f415b8..04e815c052 100644 +index ec80f41..04e815c 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -24,6 +24,7 @@ @@ -91,7 +90,7 @@ diff --git a/include/grub/loopback.h b/include/grub/loopback.h new file mode 100644 -index 0000000000..3b9a9e32e8 +index 0000000..3b9a9e3 --- /dev/null +++ b/include/grub/loopback.h @@ -0,0 +1,30 @@ diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch grub2-unsigned-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 58cecd68933e121f18ce237ac89b41d8e3d39107 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Tue, 6 Mar 2018 17:11:15 +0100 Subject: UBUNTU: EFI: Do not set text-mode until we actually need it @@ -11,11 +10,11 @@ Last-Update: 2019-03-06 Patch-Name: ubuntu-efi-console-set-text-mode-as-needed.patch --- - grub-core/term/efi/console.c | 68 ++++++++++++++++++++++++------------ + grub-core/term/efi/console.c | 68 +++++++++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 23 deletions(-) diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index 4840cc59d3..b61da7d0d0 100644 +index 4840cc5..b61da7d 100644 --- a/grub-core/term/efi/console.c +++ b/grub-core/term/efi/console.c @@ -24,6 +24,11 @@ diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch grub2-unsigned-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From d56617f92ad8f8c9a9620e7e3e67135268ef9fb8 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Wed, 3 Jul 2019 15:21:16 -0400 Subject: UBUNTU: Have the lzma decompressor image only contain the .text @@ -16,7 +15,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1731c53f08..33e75021da 100644 +index 1731c53..33e7502 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -547,7 +547,7 @@ image = { diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-fix-reproducible-squashfs-test.patch grub2-unsigned-2.04/debian/patches/ubuntu-fix-reproducible-squashfs-test.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-fix-reproducible-squashfs-test.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-fix-reproducible-squashfs-test.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 5d9bf25983978951c65a0866b1d82b5a3e8870da Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 9 Dec 2020 16:07:10 +0000 Subject: grub-fs-tester: Add compatibility with reproducible squashfs-tools @@ -15,7 +14,7 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in -index bc14a05ca3..26989d58c7 100644 +index bc14a05..26989d5 100644 --- a/tests/util/grub-fs-tester.in +++ b/tests/util/grub-fs-tester.in @@ -1048,8 +1048,8 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-flavour-order.patch grub2-unsigned-2.04/debian/patches/ubuntu-flavour-order.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-flavour-order.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-flavour-order.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 05a261de1cb80b281e28b396c878544318873fc9 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 9 Jun 2020 11:50:23 +0200 Subject: UBUNTU: Add GRUB_FLAVOUR_ORDER configuration item @@ -20,7 +19,7 @@ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 72f1e25a03..6c8988fd60 100644 +index 9942123..0f3da9d 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -260,7 +260,8 @@ export GRUB_DEFAULT \ @@ -34,7 +33,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index fe6319abe0..7e2d1bc214 100644 +index fe6319a..7e2d1bc 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -270,6 +270,21 @@ version_test_gt () diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch grub2-unsigned-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From dbba4f41f9174a940d244a05747ee9f7a763529f Mon Sep 17 00:00:00 2001 From: Steve McIntyre <93sam@debian.org> Date: Wed, 3 Dec 2014 01:25:12 +0000 Subject: UBUNTU: Add support for forcing EFI installation to the removable @@ -19,11 +18,11 @@ Patch-Name: ubuntu-grub-install-extra-removable.patch --- - util/grub-install.c | 135 +++++++++++++++++++++++++++++++++++++++++++- + util/grub-install.c | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 64c292383f..0304646453 100644 +index 64c2923..0304646 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -56,6 +56,7 @@ diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-install-signed.patch grub2-unsigned-2.04/debian/patches/ubuntu-install-signed.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-install-signed.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-install-signed.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,9 +1,8 @@ -From 41c4a8682102b8a85611fd83ac806fd79291cce2 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:22 +0000 Subject: UBUNTU: Install signed images if UEFI Secure Boot is enabled MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 +Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Author: Stéphane Graber @@ -15,11 +14,11 @@ Patch-Name: ubuntu-install-signed.patch --- - util/grub-install.c | 215 ++++++++++++++++++++++++++++++++------------ + util/grub-install.c | 215 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 156 insertions(+), 59 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 3b4606eef1..e1e40cf2b5 100644 +index 3b4606e..e1e40cf 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -80,6 +80,7 @@ static char *label_color; diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64.patch grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 15eace61a4052ef3b74be66f1233c8a59c1ea004 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 11 Sep 2020 11:28:08 +0200 Subject: Cherry-pick back parts of "Load arm with SB enabled." @@ -13,11 +12,11 @@ Origin: vendor, https://github.com/rhboot/grub2/commit/2786ab864cf00c15123320671f653e9a36ba12b4 Patch-Name: ubuntu-linuxefi-arm64.patch --- - grub-core/loader/arm64/linux.c | 106 +++++++++++++++++---------------- + grub-core/loader/arm64/linux.c | 106 ++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 50 deletions(-) diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 3f5496fc55..130e9c09b4 100644 +index 3f5496f..130e9c0 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -43,6 +43,8 @@ static int loaded; diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,7 +1,7 @@ -From cffdb0767a7b93177fc240c4ac6accf352e48a06 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Thu, 23 Apr 2020 15:06:46 +0200 -Subject: efi: Set image base address before jumping to the PE/COFF entry point +Subject: efi: Set image base address before jumping to the PE/COFF entry + point Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux kernel. But our custom EFI loader that supports Secure Boot instead uses @@ -34,7 +34,7 @@ 1 file changed, 15 insertions(+) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index f6d30bcf7c..a09479cd6d 100644 +index f6d30bc..a09479c 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -72,6 +72,7 @@ grub_err_t diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi.patch grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-linuxefi.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From e1dd0389486d0aaabd6b03c5bfa20da52c41158e Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Wed, 27 Feb 2019 12:20:48 -0500 Subject: UBUNTU: Add support for linuxefi @@ -322,25 +321,25 @@ grub-core/commands/memrw.c | 7 + grub-core/kern/arm/coreboot/coreboot.S | 6 + grub-core/kern/dl.c | 1 + - grub-core/kern/efi/efi.c | 28 - - grub-core/kern/efi/mm.c | 32 + - grub-core/kern/efi/sb.c | 66 ++ + grub-core/kern/efi/efi.c | 28 -- + grub-core/kern/efi/mm.c | 32 ++ + grub-core/kern/efi/sb.c | 66 +++ grub-core/loader/arm64/linux.c | 16 + grub-core/loader/efi/appleloader.c | 7 + - grub-core/loader/efi/chainloader.c | 817 +++++++++++++++++++++++-- + grub-core/loader/efi/chainloader.c | 817 ++++++++++++++++++++++++++++++--- grub-core/loader/efi/fdt.c | 1 + - grub-core/loader/efi/linux.c | 86 +++ + grub-core/loader/efi/linux.c | 86 ++++ grub-core/loader/i386/bsd.c | 7 + - grub-core/loader/i386/efi/linux.c | 379 ++++++++++++ - grub-core/loader/i386/linux.c | 78 ++- + grub-core/loader/i386/efi/linux.c | 379 +++++++++++++++ + grub-core/loader/i386/linux.c | 78 +++- grub-core/loader/i386/pc/linux.c | 40 +- grub-core/loader/multiboot.c | 7 + grub-core/loader/xnu.c | 7 + include/grub/arm64/linux.h | 2 + include/grub/efi/efi.h | 4 +- - include/grub/efi/linux.h | 31 + - include/grub/efi/pe32.h | 52 +- - include/grub/efi/sb.h | 29 + + include/grub/efi/linux.h | 31 ++ + include/grub/efi/pe32.h | 52 ++- + include/grub/efi/sb.h | 29 ++ include/grub/i386/linux.h | 7 +- include/grub/ia64/linux.h | 0 include/grub/mips/linux.h | 0 @@ -358,7 +357,7 @@ create mode 100644 include/grub/sparc64/linux.h diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 3ea8e7ff45..c6ba5b2d76 100644 +index 3ea8e7f..c6ba5b2 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h @@ -370,7 +369,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index aadb4cdff8..1731c53f08 100644 +index aadb4cd..1731c53 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -207,6 +207,7 @@ kernel = { @@ -428,7 +427,7 @@ enable = i386_coreboot; enable = efi; diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index a0c164e54f..41a7f3f046 100644 +index a0c164e..41a7f3f 100644 --- a/grub-core/commands/iorw.c +++ b/grub-core/commands/iorw.c @@ -23,6 +23,7 @@ @@ -460,7 +459,7 @@ grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index 98769eadb3..088cbe9e2b 100644 +index 98769ea..088cbe9 100644 --- a/grub-core/commands/memrw.c +++ b/grub-core/commands/memrw.c @@ -22,6 +22,7 @@ @@ -492,7 +491,7 @@ grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/kern/arm/coreboot/coreboot.S b/grub-core/kern/arm/coreboot/coreboot.S -index a1104526c1..70998c066a 100644 +index a110452..70998c0 100644 --- a/grub-core/kern/arm/coreboot/coreboot.S +++ b/grub-core/kern/arm/coreboot/coreboot.S @@ -42,3 +42,9 @@ FUNCTION(grub_armv7_get_timer_frequency) @@ -506,7 +505,7 @@ + void *kernel_param); + diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 074dfc3c6f..d665c10fcc 100644 +index 074dfc3..d665c10 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -32,6 +32,7 @@ @@ -518,7 +517,7 @@ /* Platforms where modules are in a readonly area of memory. */ #if defined(GRUB_MACHINE_QEMU) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 96204e39b9..6e1ceb9051 100644 +index 96204e3..6e1ceb9 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -273,34 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -557,7 +556,7 @@ /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index b02fab1b10..a9e37108c6 100644 +index b02fab1..a9e3710 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, @@ -601,7 +600,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c new file mode 100644 -index 0000000000..c14f401d7e +index 0000000..c14f401 --- /dev/null +++ b/grub-core/kern/efi/sb.c @@ -0,0 +1,66 @@ @@ -672,7 +671,7 @@ +#endif +} diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index ef3e9f9444..1a5296a60c 100644 +index ef3e9f9..1a5296a 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -27,6 +27,7 @@ @@ -720,7 +719,7 @@ linux_args = grub_malloc (cmdline_size); if (!linux_args) diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c -index 74888c463b..69c2a10d35 100644 +index 74888c4..69c2a10 100644 --- a/grub-core/loader/efi/appleloader.c +++ b/grub-core/loader/efi/appleloader.c @@ -24,6 +24,7 @@ @@ -751,7 +750,7 @@ grub_unregister_command (cmd); } diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index cd92ea3f24..ec80f415b8 100644 +index cd92ea3..ec80f41 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -32,6 +32,9 @@ @@ -1701,7 +1700,7 @@ return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index f0c2d91be2..5360e6c1f7 100644 +index f0c2d91..5360e6c 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -25,6 +25,7 @@ @@ -1714,7 +1713,7 @@ static void *fdt; diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c new file mode 100644 -index 0000000000..e372b26a1b +index 0000000..e372b26 --- /dev/null +++ b/grub-core/loader/efi/linux.c @@ -0,0 +1,86 @@ @@ -1805,7 +1804,7 @@ + return GRUB_ERR_BUG; +} diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 3730ed3824..5b9b92d6ba 100644 +index 3730ed3..5b9b92d 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -39,6 +39,7 @@ @@ -1838,7 +1837,7 @@ grub_unregister_extcmd (cmd_netbsd); diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c new file mode 100644 -index 0000000000..6b6aef87f7 +index 0000000..6b6aef8 --- /dev/null +++ b/grub-core/loader/i386/efi/linux.c @@ -0,0 +1,379 @@ @@ -2222,7 +2221,7 @@ + grub_unregister_command (cmd_initrd); +} diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index d0501e2295..4328bcbdb0 100644 +index d0501e2..4328bcb 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -45,6 +45,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -2390,7 +2389,7 @@ { grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 47ea2945e4..3866f048bb 100644 +index 47ea294..3866f04 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -35,6 +35,7 @@ @@ -2503,7 +2502,7 @@ grub_unregister_command (cmd_initrd); } diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c -index 4a98d70825..3e6ad166dc 100644 +index 4a98d70..3e6ad16 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -50,6 +50,7 @@ @@ -2535,7 +2534,7 @@ grub_unregister_command (cmd_module); } diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 7f74d1d6fc..e0f47e72b0 100644 +index 7f74d1d..e0f47e7 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -34,6 +34,7 @@ @@ -2567,7 +2566,7 @@ grub_unregister_command (cmd_resume); #endif diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index 4269adc6da..cc8174ccdf 100644 +index 4269adc..cc8174c 100644 --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h @@ -20,6 +20,8 @@ @@ -2580,7 +2579,7 @@ /* From linux/Documentation/arm64/booting.txt */ struct linux_arm64_kernel_header diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index a237952b37..5b63875812 100644 +index a237952..5b63875 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, @@ -2603,7 +2602,7 @@ const grub_efi_device_path_t *dp2); diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h new file mode 100644 -index 0000000000..0033d9305a +index 0000000..0033d93 --- /dev/null +++ b/include/grub/efi/linux.h @@ -0,0 +1,31 @@ @@ -2639,7 +2638,7 @@ + +#endif /* ! GRUB_EFI_LINUX_HEADER */ diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 0ed8781f03..a43adf2746 100644 +index 0ed8781..a43adf2 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -223,7 +223,11 @@ struct grub_pe64_optional_header @@ -2730,7 +2729,7 @@ grub_uint32_t page_rva; diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h new file mode 100644 -index 0000000000..9629fbb0f9 +index 0000000..9629fbb --- /dev/null +++ b/include/grub/efi/sb.h @@ -0,0 +1,29 @@ @@ -2764,7 +2763,7 @@ + +#endif /* ! GRUB_EFI_SB_HEADER */ diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index ce30e7fb01..a093679cb8 100644 +index ce30e7f..a093679 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -136,7 +136,12 @@ struct linux_i386_kernel_header @@ -2783,13 +2782,13 @@ grub_uint64_t hardware_subarch_data; diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 0000000..e69de29 diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 0000000..e69de29 diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 0000000..e69de29 diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h new file mode 100644 -index 0000000000..e69de29bb2 +index 0000000..e69de29 diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch grub2-unsigned-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9fae8339aedc5eaed8924eea0fa2154073078f43 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Fri, 14 Dec 2018 13:46:14 -0500 Subject: UBUNTU: grub-mkconfig: leave a trace of what files were sourced to @@ -11,7 +10,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 29bdad0c12..72f1e25a03 100644 +index 26c5c89..9942123 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -162,10 +162,12 @@ if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch grub2-unsigned-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 70ba6b38a813b78f81f9298f4fe9964b9c347909 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 19 Jun 2020 12:57:19 +0200 Subject: Pass dis_ucode_ldr to kernel for recovery mode @@ -19,7 +18,7 @@ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 14a89ba13d..49e627228f 100644 +index 14a89ba..49e6272 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -334,6 +334,10 @@ case "$machine" in @@ -34,7 +33,7 @@ prepare_root_cache= boot_device_id= diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 8c2e7e5c15..cc4f6bd777 100755 +index 8c2e7e5..cc4f6bd 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -41,6 +41,16 @@ imported_pools="" diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From dd8990b4b71cc9bf0200086fe8d1cfc9fa9553f0 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 8 Apr 2020 11:05:25 +0200 Subject: UBUNTU: efivar: Correctly handle boot order of multiple ESPs @@ -22,15 +21,15 @@ Patch-Name: ubuntu-resilient-boot-boot-order.patch --- grub-core/osdep/basic/no_platform.c | 2 +- - grub-core/osdep/unix/efivar.c | 48 +++++++++++++++++++++++++---- - grub-core/osdep/unix/platform.c | 6 ++-- + grub-core/osdep/unix/efivar.c | 48 ++++++++++++++++++++++++++++++++----- + grub-core/osdep/unix/platform.c | 6 ++--- grub-core/osdep/windows/platform.c | 2 +- - include/grub/util/install.h | 17 +++++----- - util/grub-install.c | 8 ++--- + include/grub/util/install.h | 17 +++++++------ + util/grub-install.c | 8 +++---- 6 files changed, 59 insertions(+), 24 deletions(-) diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c -index d76c34c148..152a328737 100644 +index d76c34c..152a328 100644 --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c @@ -31,7 +31,7 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, @@ -43,7 +42,7 @@ const char *efi_distributor) { diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c -index 41d39c4489..d34df0f70f 100644 +index 41d39c4..d34df0f 100644 --- a/grub-core/osdep/unix/efivar.c +++ b/grub-core/osdep/unix/efivar.c @@ -266,9 +266,10 @@ remove_from_boot_order (struct efi_variable *order, uint16_t num) @@ -142,7 +141,7 @@ grub_util_info ("setting EFI variable BootOrder"); rc = set_efi_variable ("BootOrder", order); diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index b561174ea9..a5267db68d 100644 +index b561174..a5267db 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -76,13 +76,13 @@ get_ofpathname (const char *dev) @@ -163,7 +162,7 @@ grub_util_error ("%s", _("GRUB was not built with efivar support; " diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index e19a3d9a8a..a3f738fb9b 100644 +index e19a3d9..a3f738f 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -208,7 +208,7 @@ set_efi_variable_bootn (grub_uint16_t n, void *in, grub_size_t len) @@ -176,7 +175,7 @@ const char *efi_distributor) { diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index a521f1663f..b2ed88e386 100644 +index a521f16..b2ed88e 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,15 +219,14 @@ grub_install_get_default_x86_platform (void); @@ -204,7 +203,7 @@ void grub_install_register_ieee1275 (int is_prep, const char *install_device, diff --git a/util/grub-install.c b/util/grub-install.c -index bf8eb65b33..f408b19860 100644 +index bf8eb65..f408b19 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2083,9 +2083,9 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch 2022-05-31 15:15:53.000000000 +0000 @@ -1,4 +1,3 @@ -From ec12df445038edc4057bad5f6e5a91720f37968c Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 3 Apr 2020 13:43:49 +0200 Subject: UBUNTU: efivar: Ignore alternative ESPs @@ -9,11 +8,11 @@ Patch-Name: ubuntu-resilient-boot-ignore-alternative-esps.patch --- - grub-core/osdep/unix/efivar.c | 130 ++++++++++++++++++++++++++++++++-- + grub-core/osdep/unix/efivar.c | 130 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 125 insertions(+), 5 deletions(-) diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c -index 4a58328b42..41d39c4489 100644 +index 4a58328..41d39c4 100644 --- a/grub-core/osdep/unix/efivar.c +++ b/grub-core/osdep/unix/efivar.c @@ -37,9 +37,11 @@ diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-shorter-version-info.patch grub2-unsigned-2.04/debian/patches/ubuntu-shorter-version-info.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-shorter-version-info.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-shorter-version-info.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,8 +1,7 @@ -From 82738b68e49fd5411310e9cea8386658582c9204 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 8 Feb 2018 10:48:37 +0100 -Subject: UBUNTU: Show only upstream version, hide rest in package_version - variable +Subject: UBUNTU: Show only upstream version, + hide rest in package_version variable The complete package version can get a bit long, so only show the upstream version in the menu and on the top of the console, and @@ -17,7 +16,7 @@ 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 0aa389fa16..d25a8212c7 100644 +index 0aa389f..d25a821 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term, diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch grub2-unsigned-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From a9b8086566d370f10a16cd24193abaf9ab7af175 Mon Sep 17 00:00:00 2001 From: Rafael David Tinoco Date: Mon, 7 Oct 2019 22:53:32 -0300 Subject: Skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration @@ -44,7 +43,7 @@ 1 file changed, 3 insertions(+) diff --git a/util/deviceiter.c b/util/deviceiter.c -index dddc50da7a..ec9a6d0ab4 100644 +index dddc50d..ec9a6d0 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -589,6 +589,9 @@ grub_util_iterate_devices (int (*hook) (const char *, int, void *), void *hook_d diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-speed-zsys-history.patch grub2-unsigned-2.04/debian/patches/ubuntu-speed-zsys-history.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-speed-zsys-history.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-speed-zsys-history.patch 2022-05-31 15:15:53.000000000 +0000 @@ -1,4 +1,3 @@ -From 55104d5764c31ec9b716dfbbae5dc10091e2ee60 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Mon, 13 Apr 2020 15:12:21 +0200 Subject: UBUNTU: Improve performance in bootmenu for zsys @@ -13,11 +12,11 @@ Patch-Name: ubuntu-speed-zsys-history.patch --- - util/grub.d/10_linux_zfs.in | 77 +++++++++++++++++++++++++++---------- + util/grub.d/10_linux_zfs.in | 77 ++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 21 deletions(-) diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 735b46af65..8c2e7e5c15 100755 +index 735b46a..8c2e7e5 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -819,9 +819,10 @@ zfs_linux_entry () { diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch grub2-unsigned-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 2816e37502bd6089455a44ee8f74215a596f79b6 Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 10 Nov 2016 13:44:25 -0500 Subject: UBUNTU: Added knobs to allow non-initrd boot config @@ -18,7 +17,7 @@ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/docs/grub.info b/docs/grub.info -index 7cc7d92128..f804b7800e 100644 +index 7cc7d92..f804b78 100644 --- a/docs/grub.info +++ b/docs/grub.info @@ -1436,6 +1436,19 @@ it must be quoted. For example: @@ -42,7 +41,7 @@ existing configurations, but have better replacements: diff --git a/docs/grub.texi b/docs/grub.texi -index 3ec35d315a..1baa0fa20f 100644 +index 3ec35d3..1baa0fa 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1541,6 +1541,19 @@ This option sets the English text of the string that will be displayed in @@ -66,7 +65,7 @@ The following options are still accepted for compatibility with existing diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 9c1da64771..29bdad0c12 100644 +index aaef3ab..26c5c89 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -256,7 +256,9 @@ export GRUB_DEFAULT \ @@ -81,7 +80,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index dff84edea5..aa9666e5ad 100644 +index dff84ed..aa9666e 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -193,11 +193,17 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch grub2-unsigned-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 9f6e3038ec2cdcc467da80f1f2c925693ca7478a Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 16 Jul 2019 09:52:10 -0400 Subject: UBUNTU: Temporarily keep grub-install's --auto-nvram. @@ -10,7 +9,7 @@ 1 file changed, 3 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 63462e4e09..bf8eb65b33 100644 +index 63462e4..bf8eb65 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -98,6 +98,7 @@ enum diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch grub2-unsigned-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,8 +1,7 @@ -From 4c71f1e9171558b72b78ed45d63a0d8a19b6e1fb Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Fri, 25 Oct 2019 10:25:04 -0400 -Subject: tpm: Pass unknown error as non-fatal, but debug print the error we - got +Subject: tpm: Pass unknown error as non-fatal, + but debug print the error we got Signed-off-by: Mathieu Trudel-Lapierre Patch-Name: ubuntu-tpm-unknown-error-non-fatal.patch @@ -11,7 +10,7 @@ 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index 32909c192f..fdbaaee195 100644 +index 32909c1..fdbaaee 100644 --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c @@ -155,7 +155,8 @@ grub_tpm1_execute (grub_efi_handle_t tpm_handle, diff -Nru grub2-unsigned-2.04/debian/patches/ubuntu-zfs-enhance-support.patch grub2-unsigned-2.04/debian/patches/ubuntu-zfs-enhance-support.patch --- grub2-unsigned-2.04/debian/patches/ubuntu-zfs-enhance-support.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/ubuntu-zfs-enhance-support.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 475bed83826673e9bcaf68de4e818b57bdd66959 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Fri, 12 Jul 2019 11:06:06 -0400 Subject: UBUNTU: Enhance ZFS grub support @@ -22,12 +21,12 @@ --- Makefile.util.def | 7 + util/grub.d/10_linux.in | 4 + - util/grub.d/10_linux_zfs.in | 981 ++++++++++++++++++++++++++++++++++++ + util/grub.d/10_linux_zfs.in | 981 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 992 insertions(+) create mode 100755 util/grub.d/10_linux_zfs.in diff --git a/Makefile.util.def b/Makefile.util.def -index 969d32f009..bac85e2840 100644 +index 969d32f..bac85e2 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -482,6 +482,13 @@ script = { @@ -45,7 +44,7 @@ name = '10_xnu'; common = util/grub.d/10_xnu.in; diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4532266be6..a75096609a 100644 +index 4532266..a750966 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -71,6 +71,10 @@ case x"$GRUB_FS" in @@ -61,7 +60,7 @@ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in new file mode 100755 -index 0000000000..f321fe2149 +index 0000000..f321fe2 --- /dev/null +++ b/util/grub.d/10_linux_zfs.in @@ -0,0 +1,981 @@ diff -Nru grub2-unsigned-2.04/debian/patches/uefi-firmware-setup.patch grub2-unsigned-2.04/debian/patches/uefi-firmware-setup.patch --- grub2-unsigned-2.04/debian/patches/uefi-firmware-setup.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/uefi-firmware-setup.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 0888b50b0d13170037e82429af4792d50959a477 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 13 Jan 2014 12:13:12 +0000 Subject: Output a menu entry for firmware setup on UEFI FastBoot systems @@ -8,13 +7,13 @@ Patch-Name: uefi-firmware-setup.patch --- - Makefile.util.def | 6 +++++ - util/grub.d/30_uefi-firmware.in | 46 +++++++++++++++++++++++++++++++++ + Makefile.util.def | 6 ++++++ + util/grub.d/30_uefi-firmware.in | 46 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 util/grub.d/30_uefi-firmware.in diff --git a/Makefile.util.def b/Makefile.util.def -index eec1924b0e..ce133e694e 100644 +index eec1924..ce133e6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -526,6 +526,12 @@ script = { @@ -32,7 +31,7 @@ common = util/grub.d/40_custom.in; diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in new file mode 100644 -index 0000000000..3c9f533d8c +index 0000000..3c9f533 --- /dev/null +++ b/util/grub.d/30_uefi-firmware.in @@ -0,0 +1,46 @@ diff -Nru grub2-unsigned-2.04/debian/patches/uefi-secure-boot-cryptomount.patch grub2-unsigned-2.04/debian/patches/uefi-secure-boot-cryptomount.patch --- grub2-unsigned-2.04/debian/patches/uefi-secure-boot-cryptomount.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/uefi-secure-boot-cryptomount.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,5 +1,4 @@ -From faf592ac005c370c8c7b7df2e62b8353c131b043 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Herv=C3=A9=20Werner?= +From: =?utf-8?q?Herv=C3=A9_Werner?= Date: Mon, 28 Jan 2019 17:24:23 +0100 Subject: Fix setup on Secure Boot systems where cryptodisk is in use @@ -19,7 +18,7 @@ 1 file changed, 17 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 0304646453..4bad8de612 100644 +index 0304646..4bad8de 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1546,6 +1546,23 @@ main (int argc, char *argv[]) diff -Nru grub2-unsigned-2.04/debian/patches/vsnprintf-upper-case-hex.patch grub2-unsigned-2.04/debian/patches/vsnprintf-upper-case-hex.patch --- grub2-unsigned-2.04/debian/patches/vsnprintf-upper-case-hex.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/vsnprintf-upper-case-hex.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From abc2e851414e3f30ea35c355e72cfbd2354d5e9f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:15:12 +0000 Subject: Add %X to grub_vsnprintf_real and friends @@ -18,7 +17,7 @@ 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3b633d51f4..18cad5803b 100644 +index 3b633d5..18cad58 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -588,7 +588,7 @@ grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r) diff -Nru grub2-unsigned-2.04/debian/patches/vt-handoff.patch grub2-unsigned-2.04/debian/patches/vt-handoff.patch --- grub2-unsigned-2.04/debian/patches/vt-handoff.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/vt-handoff.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From 86f800eb735957521c6ff0e5da256eb2ad500f4f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:30 +0000 Subject: Add configure option to use vt.handoff=7 @@ -19,7 +18,7 @@ 3 files changed, 65 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac -index dbc429ce0a..e382c7480d 100644 +index dbc429c..e382c74 100644 --- a/configure.ac +++ b/configure.ac @@ -1890,6 +1890,17 @@ else @@ -41,7 +40,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 09393c28ee..cc2dd855ab 100644 +index 09393c2..cc2dd85 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -24,6 +24,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" @@ -101,7 +100,7 @@ # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index ee1d1d272d..055a542346 100755 +index ee1d1d2..055a542 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -23,6 +23,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" diff -Nru grub2-unsigned-2.04/debian/patches/wubi-no-windows.patch grub2-unsigned-2.04/debian/patches/wubi-no-windows.patch --- grub2-unsigned-2.04/debian/patches/wubi-no-windows.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/wubi-no-windows.patch 2022-06-07 16:36:27.000000000 +0000 @@ -1,4 +1,3 @@ -From f9a0ab82b35abda880a445fd9376973ed0a50b0b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:24 +0000 Subject: Skip Windows os-prober entries on Wubi systems @@ -19,7 +18,7 @@ 1 file changed, 19 insertions(+) diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index b7e1147c41..271044f592 100644 +index b7e1147..271044f 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -110,6 +110,8 @@ EOF diff -Nru grub2-unsigned-2.04/debian/patches/zpool-full-device-name.patch grub2-unsigned-2.04/debian/patches/zpool-full-device-name.patch --- grub2-unsigned-2.04/debian/patches/zpool-full-device-name.patch 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/patches/zpool-full-device-name.patch 2022-05-31 15:15:52.000000000 +0000 @@ -1,4 +1,3 @@ -From 770c98ce2f72f6701c67fffa0bf7bfbce3457c74 Mon Sep 17 00:00:00 2001 From: Chad MILLER Date: Thu, 27 Oct 2016 17:15:07 -0400 Subject: Tell zpool to emit full device names @@ -20,7 +19,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c -index 46d7116c6e..da102918dc 100644 +index 46d7116..da10291 100644 --- a/grub-core/osdep/unix/getroot.c +++ b/grub-core/osdep/unix/getroot.c @@ -243,6 +243,7 @@ grub_util_find_root_devices_from_poolname (char *poolname) diff -Nru grub2-unsigned-2.04/debian/postinst.in grub2-unsigned-2.04/debian/postinst.in --- grub2-unsigned-2.04/debian/postinst.in 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/postinst.in 2022-06-07 16:36:27.000000000 +0000 @@ -345,11 +345,14 @@ removable="" no_removable="" fi + + # Ignore this setting in xenial and bionic, see https://launchpad.net/bugs/1930742 + local codename="$(cat /etc/os-release | sed -n 's/VERSION_CODENAME=//p')" db_get grub2/no_efi_extra_removable - if [ "$RET" = true ]; then - NO_EXTRA_REMOVABLE="$no_removable" + if [ "$RET" = true ] && [ "$codename" != xenial ] && [ "$codename" != bionic ]; then + echo "$no_removable" else - NO_EXTRA_REMOVABLE="$removable" + echo "$removable" fi } diff -Nru grub2-unsigned-2.04/debian/README.source grub2-unsigned-2.04/debian/README.source --- grub2-unsigned-2.04/debian/README.source 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/README.source 2022-05-31 13:52:31.000000000 +0000 @@ -39,3 +39,6 @@ - pristine-tar: pritine-tar metadata based on upstream (not upstream). + +Ubuntu unapplies git-dpm patches, and instead uses gbp pq +import|export --no-patch-numbers. diff -Nru grub2-unsigned-2.04/debian/rules grub2-unsigned-2.04/debian/rules --- grub2-unsigned-2.04/debian/rules 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/rules 2022-06-07 16:36:27.000000000 +0000 @@ -10,6 +10,8 @@ DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null) DEB_HOST_ARCH_CPU ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null) +export DEB_BUILD_MAINT_OPTIONS = optimize=-lto + HOST_CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) # -O3 (default on Ubuntu ppc64el) introduces various -Werror failures, and # isn't worth it here. @@ -152,8 +154,10 @@ # Submit this build of grub for raw-uefi signing? ifeq ($(DEB_SOURCE),grub2) SB_SUBMIT := no +COMPRESSION := else SB_SUBMIT := yes +COMPRESSION := -Zxz endif ifeq ($(DEB_HOST_ARCH),amd64) SB_PACKAGE := grub-efi-amd64 @@ -657,7 +661,7 @@ TARNAME := grub2_$(deb_version)_$(DEB_HOST_ARCH).tar.gz override_dh_builddeb: - dh_builddeb $(ONLY_BUILD) + dh_builddeb $(ONLY_BUILD) -- $(COMPRESSION) ifneq (,$(SB_PACKAGE)) echo $(deb_version) > obj/monolithic/$(SB_PACKAGE)/version ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) diff -Nru grub2-unsigned-2.04/debian/sbat.csv.in grub2-unsigned-2.04/debian/sbat.csv.in --- grub2-unsigned-2.04/debian/sbat.csv.in 2021-03-03 11:42:28.000000000 +0000 +++ grub2-unsigned-2.04/debian/sbat.csv.in 2022-06-07 16:36:27.000000000 +0000 @@ -1,3 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -grub,1,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/ +grub,2,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/ grub.ubuntu,1,Ubuntu,grub2,@DEB_VERSION@,https://www.ubuntu.com/