diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog --- grub2-2.02~beta2/debian/changelog 2014-04-10 16:34:46.000000000 +0000 +++ grub2-2.02~beta2/debian/changelog 2015-12-15 14:11:32.000000000 +0000 @@ -1,3 +1,71 @@ +grub2 (2.02~beta2-9ubuntu1.6) trusty-security; urgency=medium + + * SECURITY UPDATE: password bypass via backspace key buffer overflow + - debian/patches/CVE-2015-8370.patch: check length before accepting a + backspace character in grub-core/lib/crypto.c, + grub-core/normal/auth.c. + - CVE-2015-8370 + + -- Marc Deslauriers Tue, 15 Dec 2015 09:11:24 -0500 + +grub2 (2.02~beta2-9ubuntu1.5) trusty; urgency=medium + + * d/p/arm64-set-correct-length-of-device-path-end-entry.patch: Fixes + booting arm64 kernels on certain UEFI implementations. (LP: #1476882) + * progress: avoid NULL dereference for net files. (LP: #1459872) + * arm64/setjmp: Add missing license macro. (LP: #1459871) + * Cherry-pick patch to add SAS disks to the device list from the ofdisk + module. (LP: #1517586) + * Cherry-pick patch to open Simple Network Protocol exclusively. + (LP: #1508893) + + -- dann frazier Wed, 25 Nov 2015 13:13:35 -0700 + +grub2 (2.02~beta2-9ubuntu1.4) trusty; urgency=medium + + * Fix overlap check in check_blocklists for load_env (backported patch from + upstream commit 1f6af2a9). (LP: #1311247) + + -- Mathieu Trudel-Lapierre Wed, 23 Sep 2015 21:29:20 -0400 + +grub2 (2.02~beta2-9ubuntu1.3) trusty; urgency=medium + + * Do not hang headless servers indefinitely on boot after edge case power + failure timing (LP: #1443735). Instead, time out after 30 seconds and boot + anyway, including on non-headless systems. + + -- Robie Basak Tue, 19 May 2015 13:31:03 +0100 + +grub2 (2.02~beta2-9ubuntu1.2) trusty-proposed; urgency=medium + + * debian/patches/install_powerpc_machtypes.patch: updated: do a better job + at detecting machine types; so as to use the right utility when updating + nvram for the boot-device. This also fixes adding a CHRP note on the + chrp_ibm machines, which broke PowerVM mode. (LP: #1334793) + * debian/patches/ppc64el-disable-vsx.patch: disable the VSX instruction, + which is enabled by default on POWER7/8 cpu models, to avoid crashes due + to instruction exceptions. The kernel will re-enable it when necessary. + (LP: #1454743) + * debian/patches/ieee1275-clear-reset.patch: clear the text attribute in + the clear command. (LP: #1454764) + + -- Mathieu Trudel-Lapierre Wed, 13 May 2015 12:30:05 -0400 + +grub2 (2.02~beta2-9ubuntu1.1) trusty-proposed; urgency=medium + + * Add dependency on efibootmgr to grub-efi-arm64-bin (LP: #1435663). + + -- dann frazier Mon, 06 Apr 2015 22:31:19 -0600 + +grub2 (2.02~beta2-9ubuntu1) trusty; urgency=medium + + * Backport patches from upstream to make the network stack more responsive + on busy networks (LP: #1314134). + * Add support for nvme device in grub-mkdevicemap (thanks, Dimitri John + Ledkov; closes: #746396, LP: #1275162). + + -- Colin Watson Thu, 08 May 2014 13:09:46 +0100 + grub2 (2.02~beta2-9) unstable; urgency=medium * Backport from upstream: diff -Nru grub2-2.02~beta2/debian/control grub2-2.02~beta2/debian/control --- grub2-2.02~beta2/debian/control 2014-04-10 15:58:36.000000000 +0000 +++ grub2-2.02~beta2/debian/control 2015-05-13 14:51:57.000000000 +0000 @@ -1,7 +1,8 @@ Source: grub2 Section: admin Priority: extra -Maintainer: GRUB Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: GRUB Maintainers Uploaders: Robert Millan , Felix Zielcke , Jordi Mallach , Colin Watson Build-Depends: debhelper (>= 7.4.2~), dpkg-dev (>= 1.15.1~), @@ -430,7 +431,7 @@ Package: grub-efi-arm64-bin Architecture: any-arm64 -Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) +Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}), efibootmgr [linux-any] Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM64 UEFI binaries) GRUB is a portable, powerful bootloader. This version of GRUB is based on a diff -Nru grub2-2.02~beta2/debian/.git-dpm grub2-2.02~beta2/debian/.git-dpm --- grub2-2.02~beta2/debian/.git-dpm 2014-04-10 15:58:43.000000000 +0000 +++ grub2-2.02~beta2/debian/.git-dpm 2015-05-13 14:51:57.000000000 +0000 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -9ba6625cf42e26aa6541878df4ee7adb8537e61b -9ba6625cf42e26aa6541878df4ee7adb8537e61b +5439f9e3d0ad6929ff3cb2fbe3dc0fd9f2a326e1 +5439f9e3d0ad6929ff3cb2fbe3dc0fd9f2a326e1 e8f07821cce1bd0ab6d5622c2a42440f15f4fd71 e8f07821cce1bd0ab6d5622c2a42440f15f4fd71 grub2_2.02~beta2.orig.tar.xz diff -Nru grub2-2.02~beta2/debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch grub2-2.02~beta2/debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch --- grub2-2.02~beta2/debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch 2015-11-25 20:14:37.000000000 +0000 @@ -0,0 +1,33 @@ +From 07a105d450ee701b7a690a562b7efa0d827bdc65 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Tue, 7 Jan 2014 17:52:50 +0000 +Subject: arm64: set correct length of device path end entry + +The length of the Device Path End entry in the grub_linux_boot() +function was incorrectly set to 0. This triggers an assert failure +in debug builds of Tianocore. + +Set it to sizeof (grub_efi_device_path_t). + +Bug-Ubuntu: http://bugs.launchpad.net/bugs/1476882 +Origin: http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/loader/arm64/linux.c?id=4d21c1019904598a991e847eef049c65f9c49bd9 +Last-Update: 2015-07-22 + +Patch-Name: arm64-set-correct-length-of-device-path-end-entry.patch +--- + grub-core/loader/arm64/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 9d15aad..75ad871 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -268,7 +268,7 @@ grub_linux_boot (void) + + mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; + mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +- mempath[1].header.length = 0; ++ mempath[1].header.length = sizeof (grub_efi_device_path_t); + + b = grub_efi_system_table->boot_services; + status = b->load_image (0, grub_efi_image_handle, diff -Nru grub2-2.02~beta2/debian/patches/arm64-setjmp-Add-missing-license-macro.patch grub2-2.02~beta2/debian/patches/arm64-setjmp-Add-missing-license-macro.patch --- grub2-2.02~beta2/debian/patches/arm64-setjmp-Add-missing-license-macro.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/arm64-setjmp-Add-missing-license-macro.patch 2015-11-25 20:14:37.000000000 +0000 @@ -0,0 +1,35 @@ +From 2252bec27ecd3d0353d1868af5a5f325450cc1d2 Mon Sep 17 00:00:00 2001 +From: dann frazier +Date: Thu, 21 May 2015 10:28:48 -0600 +Subject: arm64/setjmp: Add missing license macro + +Including the setjmp module in an arm64-efi image will cause it to +immediately exit with an "incompatible license" error. + +The source file includes a GPLv3+ boilerplate, so fix this by declaring a +GPLv3+ license using the GRUB_MOD_LICENSE macro. + +Signed-off-by: dann frazier +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1459871 +Origin: upstream, http://git.savannah.gnu.org/cgit/grub.git/commit/?id=3ac342205dc81293bb8e2d91b8c5ebe124b4ad35 + +Patch-Name: arm64-setjmp-Add-missing-license-macro.patch +--- + grub-core/lib/arm64/setjmp.S | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/lib/arm64/setjmp.S b/grub-core/lib/arm64/setjmp.S +index adaafe4..eabfd99 100644 +--- a/grub-core/lib/arm64/setjmp.S ++++ b/grub-core/lib/arm64/setjmp.S +@@ -17,8 +17,10 @@ + */ + + #include ++#include + + .file "setjmp.S" ++GRUB_MOD_LICENSE "GPLv3+" + .text + + /* diff -Nru grub2-2.02~beta2/debian/patches/check_blocklists_overlap_fix.patch grub2-2.02~beta2/debian/patches/check_blocklists_overlap_fix.patch --- grub2-2.02~beta2/debian/patches/check_blocklists_overlap_fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/check_blocklists_overlap_fix.patch 2015-09-24 01:29:11.000000000 +0000 @@ -0,0 +1,47 @@ +From 2549deb51c3636669b42370c1b2a5c7091016420 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=A0=D0=BE=D0=BC=D0=B0=D0=BD=20=D0=9F=D0=B5=D1=85=D0=BE?= + =?UTF-8?q?=D0=B2?= +Date: Sun, 22 Jun 2014 03:51:50 +0400 +Subject: * grub-core/commands/loadenv.c (check_blocklists): Fix overlap check. + +Bug: http://savannah.gnu.org/bugs/?42134 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1311247 +Origin: upstream, http://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f6af2a9f8b02a71f213b4717d8e62c8a6b14fc5 +Last-Update: 2015-01-23 + +Patch-Name: check_blocklists_overlap_fix.patch +--- + grub-core/commands/loadenv.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c +index 6af8112..acd93d1 100644 +--- a/grub-core/commands/loadenv.c ++++ b/grub-core/commands/loadenv.c +@@ -263,7 +263,7 @@ check_blocklists (grub_envblk_t envblk, struct blocklist *blocklists, + for (q = p->next; q; q = q->next) + { + grub_disk_addr_t s1, s2; +- grub_disk_addr_t e1, e2, t; ++ grub_disk_addr_t e1, e2; + + s1 = p->sector; + e1 = s1 + ((p->length + GRUB_DISK_SECTOR_SIZE - 1) >> GRUB_DISK_SECTOR_BITS); +@@ -271,16 +271,7 @@ check_blocklists (grub_envblk_t envblk, struct blocklist *blocklists, + s2 = q->sector; + e2 = s2 + ((q->length + GRUB_DISK_SECTOR_SIZE - 1) >> GRUB_DISK_SECTOR_BITS); + +- if (s2 > s1) +- { +- t = s2; +- s2 = s1; +- s1 = t; +- t = e2; +- e2 = e1; +- e1 = t; +- } +- if (e1 > s2) ++ if (s1 < e2 && s2 < e1) + { + /* This might be actually valid, but it is unbelievable that + any filesystem makes such a silly allocation. */ diff -Nru grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch --- grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/CVE-2015-8370.patch 2015-12-15 14:11:20.000000000 +0000 @@ -0,0 +1,44 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +Index: grub2-2.02~beta2/grub-core/lib/crypto.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/crypto.c 2015-12-15 08:45:31.307836075 -0500 ++++ grub2-2.02~beta2/grub-core/lib/crypto.c 2015-12-15 08:45:31.303836031 -0500 +@@ -456,7 +456,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +Index: grub2-2.02~beta2/grub-core/normal/auth.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/auth.c 2015-12-15 08:45:31.307836075 -0500 ++++ grub2-2.02~beta2/grub-core/normal/auth.c 2015-12-15 08:45:31.303836031 -0500 +@@ -172,7 +172,7 @@ + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); diff -Nru grub2-2.02~beta2/debian/patches/efinet-open-Simple-Network-Protocol-exclusively.patch grub2-2.02~beta2/debian/patches/efinet-open-Simple-Network-Protocol-exclusively.patch --- grub2-2.02~beta2/debian/patches/efinet-open-Simple-Network-Protocol-exclusively.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet-open-Simple-Network-Protocol-exclusively.patch 2015-11-25 20:14:37.000000000 +0000 @@ -0,0 +1,73 @@ +From 99d5df36311e15d60a16f6cba6e3b4ca442b0472 Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Thu, 7 May 2015 20:37:17 +0300 +Subject: efinet: open Simple Network Protocol exclusively + +Patch-Name: efinet-open-Simple-Network-Protocol-exclusively.patch +Origin: upstream, http://git.savannah.gnu.org/cgit/grub.git/commit/?id=49426e9fd2e562c73a4f1206f32eff9e424a1a73 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1508893 +Last-Update: 2015-11-25 +--- + grub-core/net/drivers/efi/efinet.c | 46 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 2b344d6..658b3d1 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -130,9 +130,55 @@ get_card_packet (struct grub_net_card *dev) + return nb; + } + ++static grub_err_t ++open_card (struct grub_net_card *dev) ++{ ++ grub_efi_simple_network_t *net; ++ ++ /* Try to reopen SNP exlusively to close any active MNP protocol instance ++ that may compete for packet polling ++ */ ++ net = grub_efi_open_protocol (dev->efi_handle, &net_io_guid, ++ GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); ++ if (net) ++ { ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED ++ && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) ++ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: net start failed", ++ dev->name); ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED) ++ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: card stopped", ++ dev->name); ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STARTED ++ && efi_call_3 (net->initialize, net, 0, 0) != GRUB_EFI_SUCCESS) ++ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: net initialize failed", ++ dev->name); ++ ++ efi_call_4 (grub_efi_system_table->boot_services->close_protocol, ++ dev->efi_net, &net_io_guid, ++ grub_efi_image_handle, dev->efi_handle); ++ dev->efi_net = net; ++ } ++ ++ /* If it failed we just try to run as best as we can */ ++ return GRUB_ERR_NONE; ++} ++ ++static void ++close_card (struct grub_net_card *dev) ++{ ++ efi_call_4 (grub_efi_system_table->boot_services->close_protocol, ++ dev->efi_net, &net_io_guid, ++ grub_efi_image_handle, dev->efi_handle); ++} ++ + static struct grub_net_card_driver efidriver = + { + .name = "efinet", ++ .open = open_card, ++ .close = close_card, + .send = send_card_buffer, + .recv = get_card_packet + }; diff -Nru grub2-2.02~beta2/debian/patches/ieee1275-clear-reset.patch grub2-2.02~beta2/debian/patches/ieee1275-clear-reset.patch --- grub2-2.02~beta2/debian/patches/ieee1275-clear-reset.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ieee1275-clear-reset.patch 2015-05-13 16:28:48.000000000 +0000 @@ -0,0 +1,32 @@ +From 8500c4f400ae033c79f495bbb5a10079f633193c Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Thu, 25 Sep 2014 18:41:29 -0300 +Subject: Include a text attribute reset in the clear command for ppc + +Always clear text attribute for clear command in order to avoid problems +after it boots. + +* grub-core/term/terminfo.c: Add escape for text attribute reset + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1295255 +Origin: other, https://lists.gnu.org/archive/html/grub-devel/2014-09/msg00076.html +Last-Update: 2014-09-26 + +Patch-Name: ieee1275-clear-reset.patch +--- + grub-core/term/terminfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/grub-core/term/terminfo.c +=================================================================== +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_t + /* Clear the screen. Using serial console, screen(1) only recognizes the + * ANSI escape sequence. Using video console, Apple Open Firmware + * (version 3.1.1) only recognizes the literal ^L. So use both. */ +- data->cls = grub_strdup (" \e[2J"); ++ data->cls = grub_strdup (" \e[2J\e[m"); + data->reverse_video_on = grub_strdup ("\e[7m"); + data->reverse_video_off = grub_strdup ("\e[m"); + if (grub_strcmp ("ieee1275", str) == 0) diff -Nru grub2-2.02~beta2/debian/patches/install_powerpc_machtypes.patch grub2-2.02~beta2/debian/patches/install_powerpc_machtypes.patch --- grub2-2.02~beta2/debian/patches/install_powerpc_machtypes.patch 2014-04-10 15:58:36.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/install_powerpc_machtypes.patch 2015-05-13 16:19:13.000000000 +0000 @@ -1,23 +1,28 @@ -From 02439d727af555ba60aec5ea8e0aa4d3000286c6 Mon Sep 17 00:00:00 2001 +From 6b86ab9bd13c56b7cbf957e89a5e201ddc011979 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 28 Jan 2014 14:40:02 +0000 Subject: Port yaboot logic for various powerpc machine types -Some powerpc machines require not updating the NVRAM, and some require -adding a CHRP note. This can be handled by existing grub-install -command-line options, but it's friendlier to detect this automatically. +Some powerpc machines require not updating the NVRAM. This can be handled +by existing grub-install command-line options, but it's friendlier to detect +this automatically. + +On chrp_ibm machines, use the nvram utility rather than nvsetenv. (This +is possibly suitable for other machines too, but that needs to be +verified.) Forwarded: no -Last-Update: 2014-01-28 +Last-Update: 2014-10-15 Patch-Name: install_powerpc_machtypes.patch --- grub-core/osdep/basic/platform.c | 5 +++ - grub-core/osdep/linux/platform.c | 64 ++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/linux/platform.c | 72 ++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/unix/platform.c | 28 +++++++++++---- grub-core/osdep/windows/platform.c | 6 ++++ include/grub/util/install.h | 3 ++ - util/grub-install.c | 17 +++++++++- - 5 files changed, 94 insertions(+), 1 deletion(-) + util/grub-install.c | 11 ++++++ + 6 files changed, 119 insertions(+), 6 deletions(-) diff --git a/grub-core/osdep/basic/platform.c b/grub-core/osdep/basic/platform.c index 4b5502a..2ab9079 100644 @@ -33,7 +38,7 @@ + return "generic"; +} diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index 175da72..185f971 100644 +index 175da72..033afd8 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -24,6 +24,7 @@ @@ -44,7 +49,7 @@ #include #include -@@ -108,3 +109,66 @@ grub_install_get_default_x86_platform (void) +@@ -108,3 +109,74 @@ grub_install_get_default_x86_platform (void) grub_util_info ("... not found"); return "i386-pc"; } @@ -88,8 +93,16 @@ + if (strncmp (buf, "machine", sizeof ("machine") - 1) == 0 && + strstr (buf, "CHRP IBM")) + { -+ machtype = "chrp_ibm"; -+ break; ++ if (strstr (buf, "qemu")) ++ { ++ machtype = "chrp_ibm_qemu"; ++ break; ++ } ++ else ++ { ++ machtype = "chrp_ibm"; ++ break; ++ } + } + + if (strncmp (buf, "platform", sizeof ("platform") - 1) == 0) @@ -111,6 +124,46 @@ + fclose (fp); + return machtype; +} +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index a3fcfca..28cb37e 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -212,13 +212,29 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, + else + boot_device = get_ofpathname (install_device); + +- if (grub_util_exec ((const char * []){ "nvsetenv", "boot-device", +- boot_device, NULL })) ++ if (strcmp (grub_install_get_default_powerpc_machtype (), "chrp_ibm") == 0) + { +- char *cmd = xasprintf ("setenv boot-device %s", boot_device); +- grub_util_error (_("`nvsetenv' failed. \nYou will have to set `boot-device' variable manually. At the IEEE1275 prompt, type:\n %s\n"), +- cmd); +- free (cmd); ++ char *arg = xasprintf ("boot-device=%s", boot_device); ++ if (grub_util_exec ((const char * []){ "nvram", ++ "--update-config", arg, NULL })) ++ { ++ char *cmd = xasprintf ("setenv boot-device %s", boot_device); ++ grub_util_error (_("`nvram' failed. \nYou will have to set `boot-device' variable manually. At the IEEE1275 prompt, type:\n %s\n"), ++ cmd); ++ free (cmd); ++ } ++ free (arg); ++ } ++ else ++ { ++ if (grub_util_exec ((const char * []){ "nvsetenv", "boot-device", ++ boot_device, NULL })) ++ { ++ char *cmd = xasprintf ("setenv boot-device %s", boot_device); ++ grub_util_error (_("`nvsetenv' failed. \nYou will have to set `boot-device' variable manually. At the IEEE1275 prompt, type:\n %s\n"), ++ cmd); ++ free (cmd); ++ } + } + + free (boot_device); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c index f2b9d71..cf2e39c 100644 --- a/grub-core/osdep/windows/platform.c @@ -143,18 +196,10 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index 1f27b65..01170d3 100644 +index 1f27b65..98da118 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -58,6 +58,7 @@ static char *target; - static int removable = 0; - static int recheck = 0; - static int update_nvram = 1; -+static int chrp_note = 0; - static char *install_device = NULL; - static char *debug_image = NULL; - static char *rootdir = NULL; -@@ -1143,7 +1144,21 @@ main (int argc, char *argv[]) +@@ -1143,7 +1143,18 @@ main (int argc, char *argv[]) if (platform == GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275) { @@ -163,25 +208,13 @@ + + if (strcmp (machtype, "pmac_oldworld") == 0) + update_nvram = 0; -+ else if (strcmp (machtype, "chrp_ibm") == 0) -+ { -+ update_nvram = 0; -+ chrp_note = 1; -+ } + else if (strcmp (machtype, "cell") == 0) + update_nvram = 0; + else if (strcmp (machtype, "generic") == 0) + update_nvram = 0; ++ else if (strcmp (machtype, "chrp_ibm_qemu") == 0) ++ update_nvram = 0; + if (!macppcdir) { char *d; -@@ -1613,7 +1628,7 @@ main (int argc, char *argv[]) - /* output */ imgfile, - /* memdisk */ NULL, - have_load_cfg ? load_cfg : NULL, -- /* image target */ mkimage_target, 0); -+ /* image target */ mkimage_target, chrp_note); - /* Backward-compatibility kludges. */ - switch (platform) - { diff -Nru grub2-2.02~beta2/debian/patches/net-ramp-up-interval.patch grub2-2.02~beta2/debian/patches/net-ramp-up-interval.patch --- grub2-2.02~beta2/debian/patches/net-ramp-up-interval.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/net-ramp-up-interval.patch 2015-05-13 14:51:57.000000000 +0000 @@ -0,0 +1,94 @@ +From c7968962ae59204cb6ffb4b46b115db592cb578e Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 21 Jan 2014 11:03:51 -0200 +Subject: increase network try interval gradually + +* grub-core/net/arp.c (grub_net_arp_send_request): Increase network try +interval gradually. +* grub-core/net/icmp6.c (grub_net_icmp6_send_request): Likewise. +* grub-core/net/net.c (grub_net_fs_read_real): Likewise. +* grub-core/net/tftp.c (tftp_open): Likewise. +* include/grub/net.h (GRUB_NET_INTERVAL_ADDITION): New define. + +Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=6f65e36cc4f92fe40672181eccf12eac4afb6738 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1314134 +Last-Update: 2014-04-29 + +Patch-Name: net-ramp-up-interval.patch +--- + grub-core/net/arp.c | 3 ++- + grub-core/net/icmp6.c | 3 ++- + grub-core/net/net.c | 5 +++-- + grub-core/net/tftp.c | 3 ++- + include/grub/net.h | 1 + + 5 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c +index e92c7e7..d62d0cc 100644 +--- a/grub-core/net/arp.c ++++ b/grub-core/net/arp.c +@@ -110,7 +110,8 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, + return GRUB_ERR_NONE; + pending_req = proto_addr->ipv4; + have_pending = 0; +- grub_net_poll_cards (GRUB_NET_INTERVAL, &have_pending); ++ grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION), ++ &have_pending); + if (grub_net_link_layer_resolve_check (inf, proto_addr)) + return GRUB_ERR_NONE; + nb.data = nbd; +diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c +index 2741e6f..bbc9020 100644 +--- a/grub-core/net/icmp6.c ++++ b/grub-core/net/icmp6.c +@@ -518,7 +518,8 @@ grub_net_icmp6_send_request (struct grub_net_network_level_interface *inf, + { + if (grub_net_link_layer_resolve_check (inf, proto_addr)) + break; +- grub_net_poll_cards (GRUB_NET_INTERVAL, 0); ++ grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION), ++ 0); + if (grub_net_link_layer_resolve_check (inf, proto_addr)) + break; + nb->data = nbd; +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 56355f3..1521d8d 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1558,8 +1558,9 @@ grub_net_fs_read_real (grub_file_t file, char *buf, grub_size_t len) + if (!net->eof) + { + try++; +- grub_net_poll_cards (GRUB_NET_INTERVAL, &net->stall); +- } ++ grub_net_poll_cards (GRUB_NET_INTERVAL + ++ (try * GRUB_NET_INTERVAL_ADDITION), &net->stall); ++ } + else + return total; + } +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 9c489f1..5173614 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -398,7 +398,8 @@ tftp_open (struct grub_file *file, const char *filename) + destroy_pq (data); + return err; + } +- grub_net_poll_cards (GRUB_NET_INTERVAL, &data->have_oack); ++ grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION), ++ &data->have_oack); + if (data->have_oack) + break; + } +diff --git a/include/grub/net.h b/include/grub/net.h +index de6259e..0e0a605 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -532,5 +532,6 @@ extern char *grub_net_default_server; + + #define GRUB_NET_TRIES 40 + #define GRUB_NET_INTERVAL 400 ++#define GRUB_NET_INTERVAL_ADDITION 20 + + #endif /* ! GRUB_NET_HEADER */ diff -Nru grub2-2.02~beta2/debian/patches/net-receive-packets-yield.patch grub2-2.02~beta2/debian/patches/net-receive-packets-yield.patch --- grub2-2.02~beta2/debian/patches/net-receive-packets-yield.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/net-receive-packets-yield.patch 2015-05-13 14:51:57.000000000 +0000 @@ -0,0 +1,34 @@ +From 85c0479ed5f45e91929efdd829a2496e263c3cd4 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 21 Jan 2014 10:49:39 -0200 +Subject: change stop condition to avoid infinite loops + +In net/net.c there is a while (1) that only exits if there is a stop +condition and more then 10 packages or if there is no package received. + +If GRUB is idle and enter in this loop, the only condition to leave is +if it doesn't have incoming packages. In a network with heavy traffic +this never happens. + +Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=d99d2f84166b0f60673d5c0714605a153946c0fc +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1314134 +Last-Update: 2014-04-29 + +Patch-Name: net-receive-packets-yield.patch +--- + grub-core/net/net.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 0e57e93..56355f3 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1453,7 +1453,7 @@ receive_packets (struct grub_net_card *card, int *stop_condition) + } + card->opened = 1; + } +- while (1) ++ while (received < 100) + { + /* Maybe should be better have a fixed number of packets for each card + and just mark them as used and not used. */ diff -Nru grub2-2.02~beta2/debian/patches/ofdisk_add_sas_disks.patch grub2-2.02~beta2/debian/patches/ofdisk_add_sas_disks.patch --- grub2-2.02~beta2/debian/patches/ofdisk_add_sas_disks.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ofdisk_add_sas_disks.patch 2015-11-25 20:14:37.000000000 +0000 @@ -0,0 +1,100 @@ +From 4b75a4a0f2438e1afd6ff3cb15697dbc52dfbd74 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Sun, 8 Nov 2015 21:52:22 -0200 +Subject: ofdisk: add sas disks to the device list + +Patch-Name: ofdisk_add_sas_disks.patch +Origin: upstream, http://git.savannah.gnu.org/cgit/grub.git/commit/?id=c899d9f42c543939abc92d79c9729d429740492e +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1517586 +Last-Update: 2015-11-20 +--- + grub-core/disk/ieee1275/ofdisk.c | 76 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 76 insertions(+) + +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index 6870b39..6735a66 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -255,6 +255,82 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + grub_free (buf); + return; + } ++ else if (grub_strcmp (alias->type, "sas_ioa") == 0) ++ { ++ /* The method returns the number of disks and a table where ++ * each ID is 64-bit long. Example of sas paths: ++ * /pci@80000002000001f/pci1014,034A@0/sas/disk@c05db70800 ++ * /pci@80000002000001f/pci1014,034A@0/sas/disk@a05db70800 ++ * /pci@80000002000001f/pci1014,034A@0/sas/disk@805db70800 */ ++ ++ struct sas_children ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t max; ++ grub_ieee1275_cell_t table; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t nentries; ++ } ++ args; ++ char *buf, *bufptr; ++ unsigned i; ++ grub_uint64_t *table; ++ grub_uint16_t table_size; ++ grub_ieee1275_ihandle_t ihandle; ++ ++ buf = grub_malloc (grub_strlen (alias->path) + ++ sizeof ("/disk@7766554433221100")); ++ if (!buf) ++ return; ++ bufptr = grub_stpcpy (buf, alias->path); ++ ++ /* Power machines documentation specify 672 as maximum SAS disks in ++ one system. Using a slightly larger value to be safe. */ ++ table_size = 768; ++ table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ ++ if (!table) ++ { ++ grub_free (buf); ++ return; ++ } ++ ++ if (grub_ieee1275_open (alias->path, &ihandle)) ++ { ++ grub_free (buf); ++ grub_free (table); ++ return; ++ } ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 4, 2); ++ args.method = (grub_ieee1275_cell_t) "get-sas-children"; ++ args.ihandle = ihandle; ++ args.max = table_size; ++ args.table = (grub_ieee1275_cell_t) table; ++ args.catch_result = 0; ++ args.nentries = 0; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ { ++ grub_ieee1275_close (ihandle); ++ grub_free (table); ++ grub_free (buf); ++ return; ++ } ++ ++ for (i = 0; i < args.nentries; i++) ++ { ++ grub_snprintf (bufptr, sizeof ("/disk@7766554433221100"), ++ "/disk@%" PRIxGRUB_UINT64_T, table[i]); ++ dev_iterate_real (buf, buf); ++ } ++ ++ grub_ieee1275_close (ihandle); ++ grub_free (table); ++ grub_free (buf); ++ } + + if (!grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS) + && grub_strcmp (alias->type, "block") == 0) diff -Nru grub2-2.02~beta2/debian/patches/ppc64el-disable-vsx.patch grub2-2.02~beta2/debian/patches/ppc64el-disable-vsx.patch --- grub2-2.02~beta2/debian/patches/ppc64el-disable-vsx.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ppc64el-disable-vsx.patch 2015-05-13 16:23:05.000000000 +0000 @@ -0,0 +1,49 @@ +From 603e3eaf4807b988cb87e3dd8a00a0518dc237aa Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Thu, 25 Sep 2014 19:33:39 -0300 +Subject: Disable VSX instruction + +VSX bit is enabled by default for Power7 and Power8 CPU models, +so we need to disable them in order to avoid instruction exceptions. +Kernel will activate it when necessary. + +* grub-core/kern/powerpc/ieee1275/startup.S: Disable VSX. + +Also-By: Adhemerval Zanella + +Origin: other, https://lists.gnu.org/archive/html/grub-devel/2014-09/msg00078.html +Last-Update: 2014-09-26 + +Patch-Name: ppc64el-disable-vsx.patch +--- + grub-core/kern/powerpc/ieee1275/startup.S | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/grub-core/kern/powerpc/ieee1275/startup.S b/grub-core/kern/powerpc/ieee1275/startup.S +index 21c884b..b4d9c21 100644 +--- a/grub-core/kern/powerpc/ieee1275/startup.S ++++ b/grub-core/kern/powerpc/ieee1275/startup.S +@@ -20,6 +20,8 @@ + #include + #include + ++#define MSR_VSX 0x80 ++ + .extern __bss_start + .extern _end + +@@ -28,6 +30,14 @@ + .globl start, _start + start: + _start: ++ _start: ++ ++ /* Disable VSX instruction */ ++ mfmsr 0 ++ oris 0,0,MSR_VSX ++ mtmsrd 0 ++ isync ++ + li 2, 0 + li 13, 0 + diff -Nru grub2-2.02~beta2/debian/patches/probe_nvme.patch grub2-2.02~beta2/debian/patches/probe_nvme.patch --- grub2-2.02~beta2/debian/patches/probe_nvme.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/probe_nvme.patch 2015-05-13 14:51:57.000000000 +0000 @@ -0,0 +1,89 @@ +From 5439f9e3d0ad6929ff3cb2fbe3dc0fd9f2a326e1 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Tue, 29 Apr 2014 16:45:44 +0100 +Subject: Add support for nvme device in grub-mkdevicemap + +Author: Colin Watson +Bug-Debian: https://bugs.debian.org/746396 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1275162 +Forwarded: no +Last-Update: 2014-05-08 + +Patch-Name: probe_nvme.patch +--- + grub-core/osdep/linux/getroot.c | 14 ++++++++++++++ + util/deviceiter.c | 29 +++++++++++++++++++++++++++++ + 2 files changed, 43 insertions(+) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 6788e39..f97f3a6 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -896,6 +896,20 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, + *pp = '\0'; + return path; + } ++ ++ /* If this is an NVMe device. */ ++ if (strncmp ("nvme", p, sizeof ("nvme") - 1) == 0) ++ { ++ /* /dev/nvme[0-9]+n[0-9]+(p[0-9]+)? */ ++ p = strchr (p, 'p'); ++ if (p) ++ { ++ *is_part = 1; ++ *p = '\0'; ++ } ++ ++ return path; ++ } + } + + return path; +diff --git a/util/deviceiter.c b/util/deviceiter.c +index b61715d..28dcc25 100644 +--- a/util/deviceiter.c ++++ b/util/deviceiter.c +@@ -371,6 +371,12 @@ get_fio_disk_name (char *name, int unit) + { + sprintf (name, "/dev/fio%c", unit + 'a'); + } ++ ++static void ++get_nvme_disk_name (char *name, int controller, int namespace) ++{ ++ sprintf (name, "/dev/nvme%dn%d", controller, namespace); ++} + #endif + + static struct seen_device +@@ -875,6 +881,29 @@ grub_util_iterate_devices (int (*hook) (const char *, int, void *), void *hook_d + } + } + ++ /* This is for standard NVMe controllers ++ /dev/nvmenp. No idea about ++ actual limits of how many controllers a system can have and/or ++ how many namespace that would be, 10 for now. */ ++ { ++ int controller, namespace; ++ ++ for (controller = 0; controller < 10; controller++) ++ { ++ for (namespace = 0; namespace < 10; namespace++) ++ { ++ char name[16]; ++ ++ get_nvme_disk_name (name, controller, namespace); ++ if (check_device_readable_unique (name)) ++ { ++ if (hook (name, 0, hook_data)) ++ goto out; ++ } ++ } ++ } ++ } ++ + # ifdef HAVE_DEVICE_MAPPER + # define dmraid_check(cond, ...) \ + if (! (cond)) \ diff -Nru grub2-2.02~beta2/debian/patches/progress_avoid_null_deref.patch grub2-2.02~beta2/debian/patches/progress_avoid_null_deref.patch --- grub2-2.02~beta2/debian/patches/progress_avoid_null_deref.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/progress_avoid_null_deref.patch 2015-11-25 20:14:37.000000000 +0000 @@ -0,0 +1,57 @@ +From df958de5315158a421d3cf938ccbb5164096526a Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Sat, 10 Oct 2015 11:44:14 +0300 +Subject: progress: avoid NULL dereference for net files + +From original patch by dann frazier : + + grub_net_fs_open() saves off a copy of the file structure it gets passed and + uses it to create a bufio structure. It then overwrites the passed in file + structure with this new bufio structure. Since file->name doesn't get set + until we return back to grub_file_open(), it means that only the bufio + structure gets a valid file->name. The "real" file's name is left + uninitialized. This leads to a crash when the progress module hook is called + on it. + +grub_net_fs_open() already saved copy of file name as ->net->name, so change +progress module to use it. + +Also, grub_file_open may leave file->name as NULL if grub_strdup fails. Check +for it. + +Also-By: dann frazier +Patch-Name: progress_avoid_null_deref.patch +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1459872 +--- + grub-core/lib/progress.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/progress.c b/grub-core/lib/progress.c +index 63a0767..95a4a62 100644 +--- a/grub-core/lib/progress.c ++++ b/grub-core/lib/progress.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -70,7 +71,15 @@ grub_file_progress_hook_real (grub_disk_addr_t sector __attribute__ ((unused)), + percent = grub_divmod64 (100 * file->progress_offset, + file->size, 0); + +- partial_file_name = grub_strrchr (file->name, '/'); ++ /* grub_net_fs_open() saves off partial file structure before name is initialized. ++ It already saves passed file name in net structure so just use it in this case. ++ */ ++ if (file->device->net) ++ partial_file_name = grub_strrchr (file->device->net->name, '/'); ++ else if (file->name) /* grub_file_open() may leave it as NULL */ ++ partial_file_name = grub_strrchr (file->name, '/'); ++ else ++ partial_file_name = NULL; + if (partial_file_name) + partial_file_name++; + else diff -Nru grub2-2.02~beta2/debian/patches/quick_boot.patch grub2-2.02~beta2/debian/patches/quick_boot.patch --- grub2-2.02~beta2/debian/patches/quick_boot.patch 2014-04-10 15:58:36.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/quick_boot.patch 2015-05-19 12:35:15.000000000 +0000 @@ -1,4 +1,4 @@ -From 4b19cd9780edbca2148b88ceea1f72445ff64645 Mon Sep 17 00:00:00 2001 +From a6c14d009f574b026c8aebb977cd1e808827961b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:28 +0000 Subject: Add configure option to bypass boot menu if possible @@ -17,19 +17,20 @@ of the normal runlevels), then show the boot menu regardless. Author: Richard Laager +Author: Robie Basak Forwarded: no -Last-Update: 2014-01-17 +Last-Update: 2015-05-14 Patch-Name: quick_boot.patch --- configure.ac | 11 +++++++++ - docs/grub.texi | 9 +++++++ + docs/grub.texi | 14 +++++++++++ grub-core/normal/menu.c | 24 +++++++++++++++++++ util/grub-mkconfig.in | 3 ++- util/grub.d/00_header.in | 58 +++++++++++++++++++++++++++++++++++---------- util/grub.d/10_linux.in | 4 ++++ util/grub.d/30_os-prober.in | 21 ++++++++++++++++ - 7 files changed, 117 insertions(+), 13 deletions(-) + 7 files changed, 122 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac index 7c8d0af..2a7e410 100644 @@ -54,18 +55,23 @@ AC_SUBST([FONT_SOURCE]) diff --git a/docs/grub.texi b/docs/grub.texi -index 46b9e7f..28743d5 100644 +index 46b9e7f..a79256b 100644 --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -1490,6 +1490,15 @@ This option may be set to a list of GRUB module names separated by spaces. +@@ -1490,6 +1490,20 @@ This option may be set to a list of GRUB module names separated by spaces. Each module will be loaded as early as possible, at the start of @file{grub.cfg}. +@item GRUB_RECORDFAIL_TIMEOUT -+If this option is set, it overrides the default recordfail setting. The -+default setting is -1, which causes GRUB to wait for user input. This option -+should be set on headless and appliance systems where access to a console is -+restricted or limited. ++If this option is set, it overrides the default recordfail setting. A ++setting of -1 causes GRUB to wait for user input indefinitely. However, a ++false positive in the recordfail mechanism may occur if power is lost during ++boot before boot success is recorded in userspace. The default setting is ++30, which causes GRUB to wait for user input for thirty seconds before ++continuing. This default allows interactive users the opportunity to switch ++to a different, working kernel, while avoiding a false positive causing the ++boot to block indefinitely on headless and appliance systems where access to ++a console is restricted or limited. + +This option is only effective when GRUB was configured with the +@option{--enable-quick-boot} option. @@ -123,7 +129,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 0c82f23..8dc5592 100644 +index 0c82f23..2e6b5a4 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -21,6 +21,8 @@ prefix="@prefix@" @@ -181,7 +187,7 @@ { + cat << EOF +if [ "\${recordfail}" = 1 ] ; then -+ set timeout=${GRUB_RECORDFAIL_TIMEOUT:--1} ++ set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30} +else +EOF if [ "x${3}" != "x" ] ; then diff -Nru grub2-2.02~beta2/debian/patches/series grub2-2.02~beta2/debian/patches/series --- grub2-2.02~beta2/debian/patches/series 2014-04-10 15:58:43.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/series 2015-12-15 14:11:20.000000000 +0000 @@ -49,3 +49,15 @@ probe-delimiter.patch btrfs-endian.patch tolerate-lvm-snapshots.patch +net-receive-packets-yield.patch +net-ramp-up-interval.patch +probe_nvme.patch +ppc64el-disable-vsx.patch +ieee1275-clear-reset.patch +check_blocklists_overlap_fix.patch +arm64-set-correct-length-of-device-path-end-entry.patch +progress_avoid_null_deref.patch +arm64-setjmp-Add-missing-license-macro.patch +ofdisk_add_sas_disks.patch +efinet-open-Simple-Network-Protocol-exclusively.patch +CVE-2015-8370.patch