Compare commits

...

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

@ -10,7 +10,7 @@ This reverts commit 722737630889607c3b5761f1f5a48f1674cd2821.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 5984e92d291..94622481284 100644
index 5984e92d29..9462248128 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -36,7 +36,7 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n

@ -10,7 +10,7 @@ This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925.
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index f8cbb8d7a2b..d3e879b8e5c 100644
index f8cbb8d7a2..d3e879b8e5 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -140,9 +140,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2
@ -40,7 +40,7 @@ index f8cbb8d7a2b..d3e879b8e5c 100644
GRUB_SAVEDEFAULT \
GRUB_ENABLE_CRYPTODISK \
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 94622481284..80685b15f4d 100644
index 9462248128..80685b15f4 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@"

@ -10,7 +10,7 @@ This reverts commit e346414725a70e5c74ee87ca14e580c66f517666.
2 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index f8b4b3b21a7..69f08d289f9 100644
index f8b4b3b21a..69f08d289f 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1519,13 +1519,10 @@ boot sequence. If you have problems, set this option to @samp{text} and
@ -46,7 +46,7 @@ index f8b4b3b21a7..69f08d289f9 100644
First create a separate GRUB partition, big enough to hold GRUB. Some of the
following entries show how to load OS installer images from this same partition,
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 80685b15f4d..1b91c102f35 100644
index 80685b15f4..1b91c102f3 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@"

@ -44,7 +44,7 @@ moves the check into grub_dl_load_file.
create mode 100644 include/grub/efi/linux.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 8022e1c0a79..45d3edaa4dc 100644
index 8022e1c0a7..45d3edaa4d 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1734,13 +1734,6 @@ module = {
@ -88,7 +88,7 @@ index 8022e1c0a79..45d3edaa4dc 100644
module = {
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 48f8a79073d..b7149370950 100644
index 48f8a79073..b714937095 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -38,6 +38,14 @@
@ -127,7 +127,7 @@ index 48f8a79073d..b7149370950 100644
file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE);
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 8cff7be0289..35b8f670602 100644
index 8cff7be028..35b8f67060 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -286,6 +286,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
@ -166,7 +166,7 @@ index 8cff7be0289..35b8f670602 100644
/* Search the mods section from the PE32/PE32+ image. This code uses
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 9838fb2f50d..f6aef0ef649 100644
index 9838fb2f50..f6aef0ef64 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address,
@ -209,7 +209,7 @@ index 9838fb2f50d..f6aef0ef649 100644
void *
grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index ef3e9f9444c..a312c668685 100644
index ef3e9f9444..a312c66868 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -29,6 +29,7 @@
@ -390,7 +390,7 @@ index ef3e9f9444c..a312c668685 100644
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
index 22cc25eccd9..d9b7a9ba400 100644
index 22cc25eccd..d9b7a9ba40 100644
--- a/grub-core/loader/arm64/xen_boot.c
+++ b/grub-core/loader/arm64/xen_boot.c
@@ -266,7 +266,6 @@ xen_boot (void)
@ -403,7 +403,7 @@ index 22cc25eccd9..d9b7a9ba400 100644
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
new file mode 100644
index 00000000000..c24202a5dd1
index 0000000000..c24202a5dd
--- /dev/null
+++ b/grub-core/loader/efi/linux.c
@@ -0,0 +1,70 @@
@ -479,7 +479,7 @@ index 00000000000..c24202a5dd1
+#pragma GCC diagnostic pop
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
new file mode 100644
index 00000000000..bb2616a8092
index 0000000000..bb2616a809
--- /dev/null
+++ b/grub-core/loader/i386/efi/linux.c
@@ -0,0 +1,335 @@
@ -819,7 +819,7 @@ index 00000000000..bb2616a8092
+ grub_unregister_command (cmd_initrdefi);
+}
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 2a299520160..8be4c3b3f48 100644
index 2a29952016..8be4c3b3f4 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -474,14 +474,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
@ -853,7 +853,7 @@ index 2a299520160..8be4c3b3f48 100644
+ grub_unregister_command (cmd_initrd16);
}
diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h
index bcd5a7eb186..b582f67f661 100644
index bcd5a7eb18..b582f67f66 100644
--- a/include/grub/arm/linux.h
+++ b/include/grub/arm/linux.h
@@ -20,6 +20,7 @@
@ -883,7 +883,7 @@ index bcd5a7eb186..b582f67f661 100644
#if defined GRUB_MACHINE_UBOOT
diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h
index 7e22b4ab699..ea030312df3 100644
index 7e22b4ab69..ea030312df 100644
--- a/include/grub/arm64/linux.h
+++ b/include/grub/arm64/linux.h
@@ -19,6 +19,7 @@
@ -913,7 +913,7 @@ index 7e22b4ab699..ea030312df3 100644
#endif /* ! GRUB_ARM64_LINUX_HEADER */
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 83d958f9945..6295df85f3f 100644
index 83d958f994..6295df85f3 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address,
@ -946,7 +946,7 @@ index 83d958f9945..6295df85f3f 100644
grub_addr_t grub_efi_modules_addr (void);
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
new file mode 100644
index 00000000000..d9ede36773b
index 0000000000..d9ede36773
--- /dev/null
+++ b/include/grub/efi/linux.h
@@ -0,0 +1,31 @@

@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <mjg59@coreos.com>
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 9f74a96b19a..dccf3bb3005 100644
index 9f74a96b19..dccf3bb300 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -649,13 +649,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

@ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <mjg59@coreos.com>
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 8be4c3b3f48..4b1750e360e 100644
index 8be4c3b3f4..4b1750e360 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -124,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

@ -32,7 +32,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
create mode 100644 include/grub/sparc64/linux.h
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
index 584baec8f91..7b2999b14b5 100644
index 584baec8f9..7b2999b14b 100644
--- a/grub-core/commands/iorw.c
+++ b/grub-core/commands/iorw.c
@@ -24,6 +24,7 @@
@ -64,7 +64,7 @@ index 584baec8f91..7b2999b14b5 100644
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
index d401a6db0ef..39cf3a06dbd 100644
index d401a6db0e..39cf3a06db 100644
--- a/grub-core/commands/memrw.c
+++ b/grub-core/commands/memrw.c
@@ -23,6 +23,7 @@
@ -96,7 +96,7 @@ index d401a6db0ef..39cf3a06dbd 100644
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index b7149370950..7afb9e6f724 100644
index b714937095..7afb9e6f72 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -32,6 +32,7 @@
@ -117,7 +117,7 @@ index b7149370950..7afb9e6f724 100644
#if 0
/* This is an error, but grub2-mkconfig still generates a pile of
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 4a2259aa1c7..8cff7be0289 100644
index 4a2259aa1c..8cff7be028 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -286,40 +286,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
@ -162,7 +162,7 @@ index 4a2259aa1c7..8cff7be0289 100644
/* Search the mods section from the PE32/PE32+ image. This code uses
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
index 74888c463ba..585f2b57385 100644
index 74888c463b..585f2b5738 100644
--- a/grub-core/loader/efi/appleloader.c
+++ b/grub-core/loader/efi/appleloader.c
@@ -24,6 +24,7 @@
@ -193,7 +193,7 @@ index 74888c463ba..585f2b57385 100644
grub_unregister_command (cmd);
}
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index b54cf6986fc..3ff305b1d32 100644
index e6a8d4ad0e..07c4937898 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -34,6 +34,7 @@
@ -205,7 +205,7 @@ index b54cf6986fc..3ff305b1d32 100644
#include <grub/i18n.h>
#include <grub/net.h>
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
index 5f3290ce17b..54befc26626 100644
index 5f3290ce17..54befc2662 100644
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@@ -40,6 +40,7 @@
@ -237,7 +237,7 @@ index 5f3290ce17b..54befc26626 100644
grub_unregister_extcmd (cmd_openbsd);
grub_unregister_extcmd (cmd_netbsd);
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index dccf3bb3005..4aeb0e4b9a6 100644
index dccf3bb300..4aeb0e4b9a 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -37,6 +37,7 @@
@ -269,7 +269,7 @@ index dccf3bb3005..4aeb0e4b9a6 100644
grub_unregister_command (cmd_initrd);
}
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 4b1750e360e..e3fa1221e81 100644
index 4b1750e360..e3fa1221e8 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -36,6 +36,7 @@
@ -301,7 +301,7 @@ index 4b1750e360e..e3fa1221e81 100644
grub_unregister_command (cmd_linux16);
grub_unregister_command (cmd_initrd);
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index facb13f3d36..47e481f4576 100644
index facb13f3d3..47e481f457 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -50,6 +50,7 @@
@ -333,7 +333,7 @@ index facb13f3d36..47e481f4576 100644
grub_unregister_command (cmd_module);
}
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index 1c0cf6a430a..baa54e652ab 100644
index 1c0cf6a430..baa54e652a 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -35,6 +35,7 @@
@ -365,7 +365,7 @@ index 1c0cf6a430a..baa54e652ab 100644
grub_unregister_command (cmd_resume);
#endif
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 6295df85f3f..585fa6662b6 100644
index 6295df85f3..585fa6662b 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -91,7 +91,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
@ -378,13 +378,13 @@ index 6295df85f3f..585fa6662b6 100644
const grub_efi_device_path_t *dp2);
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
index 0000000000..e69de29bb2
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
index 0000000000..e69de29bb2
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
index 0000000000..e69de29bb2
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
index 0000000000..e69de29bb2

@ -13,7 +13,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
3 files changed, 89 insertions(+), 37 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index c8ecce6dfd0..0622dfa48d4 100644
index c8ecce6dfd..0622dfa48d 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -69,12 +69,17 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
@ -37,7 +37,7 @@ index c8ecce6dfd0..0622dfa48d4 100644
return GRUB_ERR_BUG;
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 6b24cbb9483..3017d0f3e52 100644
index 6b24cbb948..3017d0f3e5 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -44,14 +44,10 @@ static char *linux_cmdline;
@ -245,7 +245,7 @@ index 6b24cbb9483..3017d0f3e52 100644
if (kernel_mem && !loaded)
grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem,
diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
index eddf9251d9a..25ef52c04eb 100644
index eddf9251d9..25ef52c04e 100644
--- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h
@@ -138,7 +138,12 @@ struct linux_i386_kernel_header

@ -10,7 +10,7 @@ Apparently these go in a new place now.
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 7517fc49d98..8331f95b645 100644
index 7517fc49d9..8331f95b64 100644
--- a/configure.ac
+++ b/configure.ac
@@ -314,6 +314,14 @@ AC_SUBST(grubdirname)
@ -39,7 +39,7 @@ index 7517fc49d98..8331f95b645 100644
if test "x$target_alias" != x && test "x$host_alias" != "x$target_alias"; then
tmp_ac_tool_prefix="$ac_tool_prefix"
diff --git a/util/bash-completion.d/Makefile.am b/util/bash-completion.d/Makefile.am
index 136287cf1bf..61108f05429 100644
index 136287cf1b..61108f0542 100644
--- a/util/bash-completion.d/Makefile.am
+++ b/util/bash-completion.d/Makefile.am
@@ -6,7 +6,6 @@ EXTRA_DIST = $(bash_completion_source)

@ -12,7 +12,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
1 file changed, 58 insertions(+), 27 deletions(-)
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 8397886fa05..d7a222e681b 100644
index 8397886fa0..d7a222e681 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -163,15 +163,40 @@ grub_menu_set_timeout (int timeout)

@ -27,7 +27,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
14 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
index fa498931ed2..2bd3ac76f2d 100644
index fa498931ed..2bd3ac76f2 100644
--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
@@ -182,12 +182,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)),
@ -60,7 +60,7 @@ index fa498931ed2..2bd3ac76f2d 100644
}
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 8cff7be0289..05d8237a9b2 100644
index 8cff7be028..05d8237a9b 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -165,11 +165,16 @@ grub_reboot (void)
@ -83,7 +83,7 @@ index 8cff7be0289..05d8237a9b2 100644
}
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 425bb960347..55ea5a11ccd 100644
index 425bb96034..55ea5a11cc 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -67,7 +67,7 @@ grub_reboot (void)
@ -96,7 +96,7 @@ index 425bb960347..55ea5a11ccd 100644
grub_reboot ();
}
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index dfd8a8ec488..0ff13bcaf8c 100644
index dfd8a8ec48..0ff13bcaf8 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...)
@ -113,7 +113,7 @@ index dfd8a8ec488..0ff13bcaf8c 100644
#endif
diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c
index 3314f027fec..36f9134b7b7 100644
index 3314f027fe..36f9134b7b 100644
--- a/grub-core/kern/i386/coreboot/init.c
+++ b/grub-core/kern/i386/coreboot/init.c
@@ -41,7 +41,7 @@ extern grub_uint8_t _end[];
@ -126,7 +126,7 @@ index 3314f027fec..36f9134b7b7 100644
/* We can't use grub_fatal() in this function. This would create an infinite
loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */
diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c
index 271b6fbfabd..9fafe98f015 100644
index 271b6fbfab..9fafe98f01 100644
--- a/grub-core/kern/i386/qemu/init.c
+++ b/grub-core/kern/i386/qemu/init.c
@@ -42,7 +42,7 @@ extern grub_uint8_t _end[];
@ -139,7 +139,7 @@ index 271b6fbfabd..9fafe98f015 100644
/* We can't use grub_fatal() in this function. This would create an infinite
loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index d483e35eed2..e71d1584164 100644
index d483e35eed..e71d158416 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack;
@ -152,7 +152,7 @@ index d483e35eed2..e71d1584164 100644
grub_ieee1275_exit ();
}
diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c
index 2ed3ff3191e..5c40c34078d 100644
index 2ed3ff3191..5c40c34078 100644
--- a/grub-core/kern/mips/arc/init.c
+++ b/grub-core/kern/mips/arc/init.c
@@ -276,7 +276,7 @@ grub_halt (void)
@ -165,7 +165,7 @@ index 2ed3ff3191e..5c40c34078d 100644
GRUB_ARC_FIRMWARE_VECTOR->exit ();
diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c
index 7b96531b983..dff598ca7b0 100644
index 7b96531b98..dff598ca7b 100644
--- a/grub-core/kern/mips/loongson/init.c
+++ b/grub-core/kern/mips/loongson/init.c
@@ -304,7 +304,7 @@ grub_halt (void)
@ -178,7 +178,7 @@ index 7b96531b983..dff598ca7b0 100644
grub_halt ();
}
diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c
index be88b77d22d..8b6c55ffc01 100644
index be88b77d22..8b6c55ffc0 100644
--- a/grub-core/kern/mips/qemu_mips/init.c
+++ b/grub-core/kern/mips/qemu_mips/init.c
@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused)))
@ -191,7 +191,7 @@ index be88b77d22d..8b6c55ffc01 100644
grub_halt ();
}
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 3af336ee227..63b586d09cb 100644
index 3af336ee22..63b586d09c 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -1209,9 +1209,18 @@ grub_abort (void)
@ -215,7 +215,7 @@ index 3af336ee227..63b586d09cb 100644
grub_fatal (const char *fmt, ...)
{
diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c
index 3e338645c57..be2a5be1d07 100644
index 3e338645c5..be2a5be1d0 100644
--- a/grub-core/kern/uboot/init.c
+++ b/grub-core/kern/uboot/init.c
@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size;
@ -240,7 +240,7 @@ index 3e338645c57..be2a5be1d07 100644
else if (ver > API_SIG_VERSION)
{
diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c
index 782ca72952a..708b060f324 100644
index 782ca72952..708b060f32 100644
--- a/grub-core/kern/xen/init.c
+++ b/grub-core/kern/xen/init.c
@@ -584,7 +584,7 @@ grub_machine_init (void)
@ -253,7 +253,7 @@ index 782ca72952a..708b060f324 100644
struct sched_shutdown arg;
diff --git a/include/grub/misc.h b/include/grub/misc.h
index 7d2b5519690..fd18e6320b8 100644
index 7d2b551969..fd18e6320b 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -353,7 +353,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt,

@ -10,7 +10,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 45d3edaa4dc..c865a08b027 100644
index 45d3edaa4d..c865a08b02 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -207,6 +207,7 @@ kernel = {
@ -22,7 +22,7 @@ index 45d3edaa4dc..c865a08b027 100644
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index 7facacf09c7..6d39bd3ad29 100644
index 7facacf09c..6d39bd3ad2 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -27,8 +27,11 @@

@ -13,7 +13,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
3 files changed, 75 insertions(+), 9 deletions(-)
diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
index cc3290311f0..8f67a4be7f0 100644
index cc3290311f..8f67a4be7f 100644
--- a/grub-core/commands/wildcard.c
+++ b/grub-core/commands/wildcard.c
@@ -488,6 +488,12 @@ check_file (const char *dir, const char *basename)
@ -47,7 +47,7 @@ index cc3290311f0..8f67a4be7f0 100644
*optr++ = iptr[1];
iptr += 2;
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index ed0b149dca5..8e2294d8ff6 100644
index ed0b149dca..8e2294d8ff 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -20,6 +20,12 @@
@ -97,7 +97,7 @@ index ed0b149dca5..8e2294d8ff6 100644
*buf++ = *c;
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index ad80399246a..0c6dd9c5201 100644
index ad80399246..0c6dd9c520 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -56,6 +56,12 @@ static struct grub_script_scope *scope = 0;

@ -28,7 +28,7 @@ Signed-off-by: Will Thompson <wjt@endlessm.com>
create mode 100644 grub-core/commands/loadenv.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index c865a08b027..c15e91943b9 100644
index c865a08b02..c15e91943b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -814,6 +814,16 @@ module = {
@ -58,7 +58,7 @@ index c865a08b027..c15e91943b9 100644
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
new file mode 100644
index 00000000000..e907a6a5d28
index 0000000000..e907a6a5d2
--- /dev/null
+++ b/grub-core/commands/blscfg.c
@@ -0,0 +1,1177 @@
@ -1240,7 +1240,7 @@ index 00000000000..e907a6a5d28
+ grub_unregister_extcmd (oldcmd);
+}
diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
index cc5971f4dbd..782761c31aa 100644
index cc5971f4db..782761c31a 100644
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@@ -143,7 +143,7 @@ legacy_file (const char *filename)
@ -1263,7 +1263,7 @@ index cc5971f4dbd..782761c31aa 100644
}
diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c
index 3fd664aac33..163b9a09042 100644
index 3fd664aac3..163b9a0904 100644
--- a/grub-core/commands/loadenv.c
+++ b/grub-core/commands/loadenv.c
@@ -28,6 +28,8 @@
@ -1358,7 +1358,7 @@ index 3fd664aac33..163b9a09042 100644
grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args)
{
diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 720e6d8ea3b..b194123eb67 100644
index 720e6d8ea3..b194123eb6 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
@ -1430,7 +1430,7 @@ index 720e6d8ea3b..b194123eb67 100644
src[len - 1] = ch;
args[argc - 1] = src;
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 62571e6dfcc..7ca2e5400b1 100644
index 62571e6dfc..7ca2e5400b 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -21,6 +21,7 @@
@ -1455,7 +1455,7 @@ index 62571e6dfcc..7ca2e5400b1 100644
grub_free ((void *) entry->title);
diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h
new file mode 100644
index 00000000000..952f46121bd
index 0000000000..952f46121b
--- /dev/null
+++ b/grub-core/commands/loadenv.h
@@ -0,0 +1,93 @@
@ -1553,7 +1553,7 @@ index 00000000000..952f46121bd
+ return 0;
+}
diff --git a/include/grub/compiler.h b/include/grub/compiler.h
index 8f3be3ae706..ebafec68957 100644
index 8f3be3ae70..ebafec6895 100644
--- a/include/grub/compiler.h
+++ b/include/grub/compiler.h
@@ -56,4 +56,6 @@
@ -1564,7 +1564,7 @@ index 8f3be3ae706..ebafec68957 100644
+
#endif /* ! GRUB_COMPILER_HEADER */
diff --git a/include/grub/menu.h b/include/grub/menu.h
index ee2b5e91045..0acdc2aa6bf 100644
index ee2b5e9104..0acdc2aa6b 100644
--- a/include/grub/menu.h
+++ b/include/grub/menu.h
@@ -20,6 +20,16 @@
@ -1595,7 +1595,7 @@ index ee2b5e91045..0acdc2aa6bf 100644
typedef struct grub_menu_entry *grub_menu_entry_t;
diff --git a/include/grub/normal.h b/include/grub/normal.h
index 218cbabccaf..8839ad85a19 100644
index 218cbabcca..8839ad85a1 100644
--- a/include/grub/normal.h
+++ b/include/grub/normal.h
@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes,

@ -20,7 +20,7 @@ Signed-off-by: David A. Marlin <dmarlin@redhat.com>
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index d3e879b8e5c..8ea2315ebc2 100644
index d3e879b8e5..8ea2315ebc 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -248,7 +248,8 @@ export GRUB_DEFAULT \
@ -34,7 +34,7 @@ index d3e879b8e5c..8ea2315ebc2 100644
if test "x${grub_cfg}" != "x"; then
rm -f "${grub_cfg}.new"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index e8b01c0d0c7..dc75a1c30bf 100644
index e8b01c0d0c..dc75a1c30b 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -153,6 +153,13 @@ EOF

@ -0,0 +1,93 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 9 Mar 2023 11:18:19 -0500
Subject: [PATCH] hostdisk: work around /proc not reporting size
fstat(2) of files in /proc will yield st_size == 0 regardless of file
contents. Use a negative value in grub_file_t's size to denote "ignore"
and plumb through.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/kern/file.c | 28 ++++++++++++++++------------
grub-core/lib/progress.c | 2 +-
grub-core/osdep/unix/hostdisk.c | 6 ++++++
3 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 868ce3b63e..4ea6d1ce95 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -172,26 +172,30 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
grub_disk_read_hook_t read_hook;
void *read_hook_data;
- if (file->offset > file->size)
- {
- grub_error (GRUB_ERR_OUT_OF_RANGE,
- N_("attempt to read past the end of file"));
- return -1;
- }
-
if (len == 0)
return 0;
- if (len > file->size - file->offset)
- len = file->size - file->offset;
+#ifdef GRUB_MACHINE_EMU
+ if (file->size >= 0)
+ {
+#endif
+ if (file->offset > file->size)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ N_("attempt to read past the end of file"));
+ return -1;
+ }
+
+ if (len > file->size - file->offset)
+ len = file->size - file->offset;
+#ifdef GRUB_MACHINE_EMU
+ }
+#endif
/* Prevent an overflow. */
if ((grub_ssize_t) len < 0)
len >>= 1;
- if (len == 0)
- return 0;
-
read_hook = file->read_hook;
read_hook_data = file->read_hook_data;
if (!file->read_hook)
diff --git a/grub-core/lib/progress.c b/grub-core/lib/progress.c
index 4b7cbbca6d..f3226b6898 100644
--- a/grub-core/lib/progress.c
+++ b/grub-core/lib/progress.c
@@ -71,7 +71,7 @@ grub_file_progress_hook_real (grub_disk_addr_t sector __attribute__ ((unused)),
* 100ULL * 1000ULL,
now - file->last_progress_time, 0);
- if (file->size == 0)
+ if (file->size <= 0)
percent = 100;
else
percent = grub_divmod64 (100 * file->progress_offset,
diff --git a/grub-core/osdep/unix/hostdisk.c b/grub-core/osdep/unix/hostdisk.c
index 3a00d7451a..e5f4b4d5f9 100644
--- a/grub-core/osdep/unix/hostdisk.c
+++ b/grub-core/osdep/unix/hostdisk.c
@@ -71,6 +71,12 @@ grub_util_get_fd_size (grub_util_fd_t fd, const char *name, unsigned *log_secsiz
if (log_secsize)
*log_secsize = 9;
+#ifdef GRUB_MACHINE_EMU
+ /* /proc doesn't behave itself and gives 0 for file sizes to stat. */
+ if (st.st_size == 0 && !grub_strncmp ("/proc", name, 5))
+ return -1;
+#endif
+
return st.st_size;
}

@ -0,0 +1,118 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 7 Mar 2023 18:59:40 -0500
Subject: [PATCH] blscfg: check for mounted /boot in emu
Irritatingly, BLS defines paths relatives to the mountpoint of the
filesystem which contains its snippets, not / or any other fixed
location. So grub2-emu needs to know whether /boot is a separate
filesysem from / and conditionally prepend a path.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/commands/blscfg.c | 54 ++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index dbd0899acf..6e398fc175 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -40,8 +40,9 @@ GRUB_MOD_LICENSE ("GPLv3+");
#include "loadenv.h"
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+
#ifdef GRUB_MACHINE_EMU
-#define GRUB_BOOT_DEVICE ""
+#define GRUB_BOOT_DEVICE "/boot"
#else
#define GRUB_BOOT_DEVICE "($root)"
#endif
@@ -54,8 +55,50 @@ struct keyval
static struct bls_entry *entries = NULL;
+/* Cache probing in frob_boot_device(). Used for linux entry also.
+ * Always true in non-emu, meaning to prefix things with GRUB_BOOT_DEVICE. */
+static int separate_boot = -1;
+
#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries)
+/* BLS appears to make paths relative to the filesystem that snippets are
+ * on, not /. Attempt to cope. */
+static char *frob_boot_device(char *tmp)
+{
+#ifdef GRUB_MACHINE_EMU
+ grub_file_t f;
+ char *line = NULL;
+
+ if (separate_boot != -1)
+ goto probed;
+
+ separate_boot = 0;
+
+ f = grub_file_open ("/proc/mounts", GRUB_FILE_TYPE_CONFIG);
+ if (f == NULL)
+ goto probed;
+
+ while ((line = grub_file_getline (f)))
+ {
+ if (grub_strstr (line, " " GRUB_BOOT_DEVICE " "))
+ {
+ separate_boot = 1;
+ grub_free (line);
+ break;
+ }
+
+ grub_free(line);
+ }
+
+ grub_file_close (f);
+ probed:
+ if (!separate_boot)
+ return grub_stpcpy (tmp, " ");
+#endif
+
+ return grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+}
+
static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
{
char *k, *v;
@@ -842,7 +885,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrd_prefix);
tmp = grub_stpcpy (tmp, early_initrds[i]);
grub_free(early_initrds[i]);
@@ -851,7 +894,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrds[i]);
}
tmp = grub_stpcpy (tmp, "\n");
@@ -888,7 +931,7 @@ static void create_entry (struct bls_entry *entry)
}
char *tmp = dt;
tmp = grub_stpcpy (dt, "devicetree");
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
if (add_dt_prefix)
tmp = grub_stpcpy (tmp, prefix);
tmp = grub_stpcpy (tmp, devicetree);
@@ -907,7 +950,8 @@ static void create_entry (struct bls_entry *entry)
"linux %s%s%s%s\n"
"%s%s",
savedefault ? "savedefault\n" : "",
- GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
+ separate_boot ? GRUB_BOOT_DEVICE : "",
+ clinux, options ? " " : "", options ? options : "",
initrd ? initrd : "", dt ? dt : "");
grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index, entry);

@ -0,0 +1,41 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 22 Mar 2023 14:19:43 -0400
Subject: [PATCH] emu/linux: work around systemctl kexec returning
Per systemctl(1), it "is asynchronous; it will return after the reboot
operation is enqueued, without waiting for it to complete". This
differs from kexec(8), which calls reboot(2) and therefore does not
return.
When not using fallback, this results in the confusing-but-harmless:
error trying to perform 'systemctl kexec': 0
Aborted. Press any key to exit.
on screen for a bit, followed by successful kexec.
To reduce the liklihood of hitting this case, add a delay on succesful
return. Ultimately, the systemd interface is racy: we can't avoid it
entirely unless we never fallback on success.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/loader/emu/linux.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
index 0cf378a376..7de3f7f861 100644
--- a/grub-core/loader/emu/linux.c
+++ b/grub-core/loader/emu/linux.c
@@ -74,6 +74,10 @@ grub_linux_boot (void)
(kexecute==1) ? "do-or-die" : "just-in-case");
rc = grub_util_exec (systemctl);
+ /* `systemctl kexec` is "asynchronous" and will return even on success. */
+ if (rc == 0)
+ grub_sleep (10);
+
if (kexecute == 1)
grub_fatal (N_("error trying to perform 'systemctl kexec': %d"), rc);

@ -0,0 +1,156 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 22 Mar 2023 12:25:43 +0800
Subject: [PATCH] tpm: Disable the tpm verifier if the TPM device is not
present
When the tpm module is loaded, the verifier reads entire file into
memory, measures it and uses verified content as a backing buffer for
file accesses. However, this process may result in high memory
utilization for file operations, sometimes causing a system to run out
of memory which may finally lead to boot failure. To address this issue,
among others, the commit 887f98f0d (mm: Allow dynamically requesting
additional memory regions) have optimized memory management by
dynamically allocating heap space to maximize memory usage and reduce
threat of memory exhaustion. But in some cases problems may still arise,
e.g., when large ISO images are mounted using loopback or when dealing
with embedded systems with limited memory resources.
Unfortunately current implementation of the tpm module doesn't allow
elimination of the back buffer once it is loaded. Even if the TPM device
is not present or it has been explicitly disabled. This may unnecessary
allocate a lot memory. To solve this issue, a patch has been developed
to detect the TPM status at module load and skip verifier registration
if the device is missing or deactivated. This prevents allocation of
memory for the back buffer, avoiding wasting memory when no real measure
boot functionality is performed. Disabling the TPM device in the system
can reduce memory usage in the GRUB. It is useful in scenarios where
high memory utilization is a concern and measurements of loaded
artifacts are not necessary.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit 30708dfe3bebd62a5487437554da8a24253f519f)
---
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++
grub-core/commands/ieee1275/ibmvtpm.c | 20 +++++++++----------
grub-core/commands/tpm.c | 10 ++++++++++
include/grub/tpm.h | 1 +
4 files changed, 58 insertions(+), 10 deletions(-)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index ae09c1bf8b..e1f343fea3 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
else
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
}
+
+int
+grub_tpm_present (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1)
+ {
+ grub_efi_tpm_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm1_present (tpm);
+ }
+ else
+ {
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm2_present (tpm);
+ }
+}
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c
index 239942d27e..a6fee5c516 100644
--- a/grub-core/commands/ieee1275/ibmvtpm.c
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -135,16 +135,6 @@ grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
- /*
- * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
- * can be found.
- */
- grub_err_t err = tpm_init ();
-
- /* Absence of a TPM isn't a failure. */
- if (err != GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
pcr, size, description);
@@ -153,3 +143,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
return GRUB_ERR_NONE;
}
+
+int
+grub_tpm_present (void)
+{
+ /*
+ * Call tpm_init() "late" rather than from GRUB_MOD_INIT() so that device nodes
+ * can be found.
+ */
+ return tpm_init() == GRUB_ERR_NONE;
+}
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index e287d042e6..5839053d3d 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -86,10 +86,20 @@ struct grub_file_verifier grub_tpm_verifier = {
GRUB_MOD_INIT (tpm)
{
+ /*
+ * Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(),
+ * it does seem to call it late enough in the initialization sequence so
+ * that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
+ * called, enables the ibmvtpm driver to see the device nodes.
+ */
+ if (!grub_tpm_present())
+ return;
grub_verifier_register (&grub_tpm_verifier);
}
GRUB_MOD_FINI (tpm)
{
+ if (!grub_tpm_present())
+ return;
grub_verifier_unregister (&grub_tpm_verifier);
}
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 5c285cbc52..c19fcbd0a6 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -36,4 +36,5 @@
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
+int grub_tpm_present (void);
#endif

@ -23,7 +23,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index ab9101a5ad1a..a97f4a8b1355 100644
index ab9101a5ad..a97f4a8b13 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -733,7 +733,8 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)

@ -110,7 +110,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index a97f4a8b1355..3b66fa410e80 100644
index a97f4a8b13..3b66fa410e 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -682,7 +682,7 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)

@ -16,7 +16,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 3b66fa410e80..f3cdb9e0bacf 100644
index 3b66fa410e..f3cdb9e0ba 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -280,7 +280,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)

@ -0,0 +1,330 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Fri, 31 Mar 2023 20:47:58 +0200
Subject: [PATCH] emu: Add switch-root to grub-emu
If the kernel running grub emu is the same as the one we want to
boot, it makes sense that we just switch-root instead of kexec
the same kernel again by doing grub2-emu --switch-root
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
grub-core/kern/emu/main.c | 5 +-
grub-core/kern/emu/misc.c | 13 +++
grub-core/loader/emu/linux.c | 209 +++++++++++++++++++++++++++++++++++++++++--
include/grub/emu/exec.h | 2 +-
include/grub/emu/misc.h | 2 +
5 files changed, 223 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 68e2b283bb..ccb2863f5b 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -108,6 +108,7 @@ static struct argp_option options[] = {
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0},
{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
+ {"switch-root", 'W', 0, 0, N_("use switch-root to only switch root filesystem without restarting the kernel."), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -168,7 +169,9 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 'X':
grub_util_set_kexecute ();
break;
-
+ case 'W':
+ grub_util_set_switch_root ();
+ break;
case ARGP_KEY_ARG:
{
/* Too many arguments. */
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index 02d27c3440..4b5123ef96 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -40,6 +40,7 @@
int verbosity;
int kexecute;
+int switchroot = 0;
void
grub_util_warn (const char *fmt, ...)
@@ -231,3 +232,15 @@ grub_util_get_kexecute (void)
{
return kexecute;
}
+
+void
+grub_util_set_switch_root (void)
+{
+ switchroot = 1;
+}
+
+int
+grub_util_get_switch_root (void)
+{
+ return switchroot;
+}
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
index 7de3f7f861..6feb0412c5 100644
--- a/grub-core/loader/emu/linux.c
+++ b/grub-core/loader/emu/linux.c
@@ -15,7 +15,6 @@
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
-
#include <grub/loader.h>
#include <grub/dl.h>
#include <grub/command.h>
@@ -33,6 +32,196 @@ static char *kernel_path;
static char *initrd_path;
static char *boot_cmdline;
+static grub_err_t
+grub_switch_root (void)
+{
+ char *tmp = NULL;
+ char *options_cmd = NULL;
+ char *options = NULL;
+ char *subvol = NULL;
+ char *root_uuid = NULL;
+ char *kernel_release = NULL;
+ grub_err_t rc = GRUB_ERR_NONE;
+ const char *subvol_param = "subvol=";
+ const char *kernel_release_prefix = "/boot/vmlinuz-";
+ const char *root_prefix = "root=";
+ const char *systemctl[] = {"systemctl", "--force", "switch-root", "/sysroot", NULL};
+ const char *mountrootfs[] = {"mount", root_uuid, "/sysroot", options_cmd, options, NULL};
+ const char *unamer[] = {"uname", "-r", NULL};
+ char *uname_buf = NULL;
+ int i = 0;
+
+ /* Extract the kernel release tag from kernel_path */
+ if (!kernel_path)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: No kernel_path found\n");
+ goto out;
+ }
+
+ if ((kernel_release = grub_xasprintf ("%s", (kernel_path + grub_strlen (kernel_release_prefix)))) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+
+ /* Check for kernel mismatch */
+ /* Retrieve the current kernel relase tag */
+ grub_util_exec_redirect (unamer, NULL, "/tmp/version");
+
+ grub_file_t f = grub_file_open ("/tmp/version", GRUB_FILE_TYPE_FS_SEARCH);
+
+ if (f == NULL)
+ {
+ grub_dprintf ("linux", "failed opening file.\n");
+ rc = GRUB_ERR_FILE_NOT_FOUND;
+ goto out;
+ }
+
+ if ((uname_buf = grub_malloc (f->size)) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if (grub_file_read (f, uname_buf, f->size) < 0)
+ {
+ grub_dprintf ("linux", "switch_root: failed to read from file\n");
+ rc = GRUB_ERR_FILE_READ_ERROR;
+ goto out;
+ }
+
+ grub_file_close (f);
+
+ if (grub_strstr (uname_buf, kernel_release) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: kernel mismatch, not performing switch-root ...\n");
+ rc = GRUB_ERR_NO_KERNEL;
+ goto out;
+ }
+
+ /* Extract the root partition from boot_cmdline */
+ if (!boot_cmdline)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+ tmp = grub_strdup (boot_cmdline);
+
+ if (tmp == NULL)
+ {
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if ((root_uuid = grub_strstr (tmp, root_prefix)) == NULL)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: Can't find rootfs\n");
+ goto out;
+ }
+
+ root_uuid += grub_strlen (root_prefix);
+
+ while (root_uuid[i] != ' ' && root_uuid[i] != '\0')
+ i++;
+
+ root_uuid[i] = '\0';
+
+ /* Allocate a new buffer holding root_uuid */
+ root_uuid = grub_xasprintf ("%s", root_uuid);
+
+ if (root_uuid == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ /* Check for subvol parameter */
+ grub_strcpy (tmp, boot_cmdline);
+
+ if ((subvol = grub_strstr(tmp, subvol_param)) != NULL)
+ {
+ i = 0;
+
+ while (subvol[i] != ' ' && subvol[i] != '\0')
+ i++;
+
+ subvol[i] = '\0';
+
+ /* Allocate a new buffer holding subvol */
+ subvol = grub_xasprintf("%s", subvol);
+
+ if (subvol == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ options_cmd = grub_xasprintf("%s", "-o");
+ options = grub_xasprintf("%s", subvol);
+ }
+
+ if (options == NULL)
+ {
+ mountrootfs[3] = NULL;
+ }
+ else
+ {
+ mountrootfs[3] = options_cmd;
+ mountrootfs[4] = options;
+ }
+
+ mountrootfs[1] = root_uuid;
+
+ grub_dprintf ("linux", "Executing:\n");
+ grub_dprintf ("linux", "%s %s %s %s %s\n", mountrootfs[0], mountrootfs[1],
+ mountrootfs[2], mountrootfs[3], mountrootfs[4]);
+
+ /* Mount the rootfs */
+ rc = grub_util_exec (mountrootfs);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+ grub_dprintf ("linux", "%s %s %s %s\n", systemctl[0], systemctl[1],
+ systemctl[2], systemctl[3]);
+
+ /* Switch root */
+ rc = grub_util_exec (systemctl);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+out:
+ grub_free (tmp);
+ grub_free (options_cmd);
+ grub_free (options);
+ grub_free (subvol);
+ grub_free (root_uuid);
+ grub_free (uname_buf);
+ grub_free (kernel_release);
+ return rc;
+}
+
static grub_err_t
grub_linux_boot (void)
{
@@ -51,12 +240,20 @@ grub_linux_boot (void)
else
initrd_param = grub_xasprintf ("%s", "");
- grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
- (kexecute) ? "P" : "Not p",
- kernel_path, initrd_param, boot_cmdline);
+ if (grub_util_get_switch_root() == 1)
+ {
+ rc = grub_switch_root();
+ if (rc != GRUB_ERR_NONE)
+ grub_fatal (N_("Failed to execute switch_root\n"));
+ }
+ else if (kexecute)
+ {
+ grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
+ (kexecute) ? "P" : "Not p",
+ kernel_path, initrd_param, boot_cmdline);
- if (kexecute)
- rc = grub_util_exec (kexec);
+ rc = grub_util_exec (kexec);
+ }
grub_free (initrd_param);
diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h
index 1b61b4a2e5..e82f13215e 100644
--- a/include/grub/emu/exec.h
+++ b/include/grub/emu/exec.h
@@ -36,7 +36,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file,
int
EXPORT_FUNC(grub_util_exec) (const char *const *argv);
int
-grub_util_exec_redirect (const char *const *argv, const char *stdin_file,
+EXPORT_FUNC(grub_util_exec_redirect) (const char *const *argv, const char *stdin_file,
const char *stdout_file);
int
grub_util_exec_redirect_null (const char *const *argv);
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
index 01056954b9..f3a712a8b2 100644
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -59,6 +59,8 @@ void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format
void EXPORT_FUNC(grub_util_set_kexecute) (void);
int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT;
+void EXPORT_FUNC(grub_util_set_switch_root) (void);
+int EXPORT_FUNC(grub_util_get_switch_root) (void);
grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void);

@ -1,5 +1,5 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
From: Marta Lewandowska <mlewando@redhat.com>
Date: Wed, 24 May 2023 11:22:47 +0200
Subject: [PATCH] util: Enable default kernel for updates
@ -8,13 +8,13 @@ In order to allow the user to choose which kernel will be set to
default after an update, re-enable grub's usage of DEFAULTKERNEL as
set in /etc/sysconfig/kernel
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
util/grub-get-kernel-settings.in | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
index 7e87dfccc0..f71bc64360 100644
index 7e87dfccc0e4..f71bc64360b0 100644
--- a/util/grub-get-kernel-settings.in
+++ b/util/grub-get-kernel-settings.in
@@ -68,6 +68,14 @@ if test -f /etc/sysconfig/kernel ; then

@ -13,7 +13,7 @@ Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h
index c5e9a89f50..ad164ba191 100644
index c5e9a89f5050..ad164ba1913d 100644
--- a/include/grub/efi/http.h
+++ b/include/grub/efi/http.h
@@ -171,9 +171,9 @@ typedef struct {

@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <cglombek@redhat.com>
Date: Wed, 9 Aug 2023 18:11:25 +0200
Subject: [PATCH] Add [Install] section to aux systemd units
Currently in Fedora, these services are statically enabled by symlinks,
with no other way to disable them than to manually delete those symlinks.
This is problematic in Fedora IoT, where grub-boot-success.timer is
not supposed to be enabled.
This change adds `[Install]` sections to all systemd units that are
currently enabled statically, so that they can be enabled dynamically
via presets or manually instead.
---
docs/grub-boot-indeterminate.service | 3 +++
docs/grub-boot-success.timer | 3 +++
util/systemd/grub-systemd-integration.service.in | 3 +++
3 files changed, 9 insertions(+)
diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service
index 6c8dcb186b63..5bcb474a3d31 100644
--- a/docs/grub-boot-indeterminate.service
+++ b/docs/grub-boot-indeterminate.service
@@ -9,3 +9,6 @@ Before=system-update-pre.target
[Service]
Type=oneshot
ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate
+
+[Install]
+WantedBy=system-update.target
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
index 406f17200560..1d124cccc146 100644
--- a/docs/grub-boot-success.timer
+++ b/docs/grub-boot-success.timer
@@ -5,3 +5,6 @@ ConditionVirtualization=!container
[Timer]
OnActiveSec=2min
+
+[Install]
+WantedBy=timers.target
diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in
index c81fb594ce17..22ca1ca4885e 100644
--- a/util/systemd/grub-systemd-integration.service.in
+++ b/util/systemd/grub-systemd-integration.service.in
@@ -6,3 +6,6 @@ ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu
[Service]
ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh
+
+[Install]
+WantedBy=reboot.target

@ -0,0 +1,44 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maximilian Luz <luzmaximilian@gmail.com>
Date: Tue, 28 Jun 2022 23:06:46 +0200
Subject: [PATCH] arm64: Use proper memory type for kernel allocation
Currently, the kernel pages are allocated with type EFI_LOADER_DATA.
While the vast majority of systems will happily execute code from those
pages (i.e. don't care about memory protection), the Microsoft Surface
Pro X stalls, as this memory is not designated as "executable".
Therefore, allocate the kernel pages as EFI_LOADER_CODE to request
memory that is actually executable.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
---
grub-core/loader/arm64/linux.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index 419f2201df8b..a3a193c255e9 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -26,7 +26,9 @@
#include <grub/mm.h>
#include <grub/types.h>
#include <grub/cpu/linux.h>
+#include <grub/efi/api.h>
#include <grub/efi/efi.h>
+#include <grub/cpu/efi/memory.h>
#include <grub/efi/fdtload.h>
#include <grub/efi/memory.h>
#include <grub/efi/linux.h>
@@ -403,7 +405,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_loader_unset();
kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1);
- kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages);
+ kernel_alloc_addr = grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
+ kernel_alloc_pages,
+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+ GRUB_EFI_LOADER_CODE);
grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages);
if (!kernel_alloc_addr)
{

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 29 Sep 2023 10:56:11 -0400
Subject: [PATCH] Fix missing #include in ofdisk.c
Recently we started building with -Werror=implicit-function-declaration,
and discovered that ofdisk.c is missing an include to declare
grub_env_get().
This patch adds that #include.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/disk/ieee1275/ofdisk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 5534684..6e33d5d 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -24,6 +24,7 @@
#include <grub/ieee1275/ofdisk.h>
#include <grub/i18n.h>
#include <grub/time.h>
+#include <grub/env.h>
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;

@ -36,7 +36,7 @@ Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
1 file changed, 142 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 3d4ad9d..8e7f742 100644
index 3d4ad9d1f162..8e7f742fad46 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -17,6 +17,8 @@

@ -0,0 +1,33 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <cglombek@redhat.com>
Date: Tue, 14 Nov 2023 07:54:59 +0100
Subject: [PATCH] Remove [Install] section from aux systemd units
See https://bugzilla.redhat.com/show_bug.cgi?id=2247635#c7
---
docs/grub-boot-indeterminate.service | 3 ---
util/systemd/grub-systemd-integration.service.in | 3 ---
2 files changed, 6 deletions(-)
diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service
index 5bcb474a3d31..6c8dcb186b63 100644
--- a/docs/grub-boot-indeterminate.service
+++ b/docs/grub-boot-indeterminate.service
@@ -9,6 +9,3 @@ Before=system-update-pre.target
[Service]
Type=oneshot
ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate
-
-[Install]
-WantedBy=system-update.target
diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in
index 22ca1ca4885e..c81fb594ce17 100644
--- a/util/systemd/grub-systemd-integration.service.in
+++ b/util/systemd/grub-systemd-integration.service.in
@@ -6,6 +6,3 @@ ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu
[Service]
ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh
-
-[Install]
-WantedBy=reboot.target

File diff suppressed because it is too large Load Diff

@ -0,0 +1,47 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "t.feng" <fengtao40@huawei.com>
Date: Tue, 29 Nov 2022 17:14:15 +0800
Subject: [PATCH] fs/xfs: Fix memory leaks in XFS module
Signed-off-by: t.feng <fengtao40@huawei.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/xfs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index d6de7f1a2dd2..b67407690c1a 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -585,7 +585,10 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
if (grub_disk_read (node->data->disk,
GRUB_XFS_FSB_TO_BLOCK (node->data, get_fsb (keys, i - 1 + recoffset)) << (node->data->sblock.log2_bsize - GRUB_DISK_SECTOR_BITS),
0, node->data->bsize, leaf))
- return 0;
+ {
+ grub_free (leaf);
+ return 0;
+ }
if ((!node->data->hascrc &&
grub_strncmp ((char *) leaf->magic, "BMAP", 4)) ||
@@ -751,6 +754,7 @@ static int iterate_dir_call_hook (grub_uint64_t ino, const char *filename,
if (err)
{
grub_print_error ();
+ grub_free (fdiro);
return 0;
}
@@ -861,7 +865,10 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
blk << dirblk_log2,
dirblk_size, dirblock, 0);
if (numread != dirblk_size)
- return 0;
+ {
+ grub_free (dirblock);
+ return 0;
+ }
entries = (grub_be_to_cpu32 (tail->leaf_count)
- grub_be_to_cpu32 (tail->leaf_stale));

@ -0,0 +1,106 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Darren Kenny <darren.kenny@oracle.com>
Date: Fri, 2 Jun 2023 18:08:44 +0000
Subject: [PATCH] fs/xfs: Fix issues found while fuzzing the XFS filesystem
While performing fuzz testing with XFS filesystem images with ASAN
enabled, several issues were found where the memory accesses are made
beyond the data that is allocated into the struct grub_xfs_data
structure's data field.
The existing structure didn't store the size of the memory allocated into
the buffer in the data field and had no way to check it. To resolve these
issues, the data size is stored to enable checks into the data buffer.
With these checks in place, the fuzzing corpus no longer cause any crashes.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/xfs.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index b67407690c1a..b91cd32b49ab 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -239,6 +239,7 @@ struct grub_fshelp_node
struct grub_xfs_data
{
+ grub_size_t data_size;
struct grub_xfs_sblock sblock;
grub_disk_t disk;
int pos;
@@ -611,8 +612,20 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
}
else if (node->inode.format == XFS_INODE_FORMAT_EXT)
{
+ grub_addr_t exts_end = 0;
+ grub_addr_t data_end = 0;
+
nrec = grub_be_to_cpu32 (node->inode.nextents);
exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode);
+
+ if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) ||
+ grub_add ((grub_addr_t) node->data, exts_end, &exts_end) ||
+ grub_add ((grub_addr_t) node->data, node->data->data_size, &data_end) ||
+ exts_end > data_end)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "invalid number of XFS extents");
+ return 0;
+ }
}
else
{
@@ -803,6 +816,9 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
grub_uint8_t c;
+ if ((inopos + (smallino ? 4 : 8)) > (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
+ return grub_error (GRUB_ERR_BAD_FS, "not a correct XFS inode");
+
/* inopos might be unaligned. */
if (smallino)
ino = (((grub_uint32_t) inopos[0]) << 24)
@@ -829,6 +845,10 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
de->name[de->len] = c;
de = grub_xfs_inline_next_de(dir->data, head, de);
+
+ if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
+ return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
+
}
break;
}
@@ -897,6 +917,9 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
}
filename = (char *)(direntry + 1);
+ if (filename + direntry->len - 1 > (char *) tail)
+ return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
+
/* The byte after the filename is for the filetype, padding, or
tag, which is not used by GRUB. So it can be overwritten. */
filename[direntry->len] = '\0';
@@ -941,6 +964,8 @@ grub_xfs_mount (grub_disk_t disk)
if (!data)
return 0;
+ data->data_size = sizeof (struct grub_xfs_data);
+
grub_dprintf("xfs", "Reading sb\n");
/* Read the superblock. */
if (grub_disk_read (disk, 0, 0,
@@ -962,6 +987,7 @@ grub_xfs_mount (grub_disk_t disk)
if (! data)
goto fail;
+ data->data_size = sz;
data->diropen.data = data;
data->diropen.ino = grub_be_to_cpu64(data->sblock.rootino);
data->diropen.inode_read = 1;

@ -0,0 +1,47 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Thu, 28 Sep 2023 22:33:44 +0000
Subject: [PATCH] fs/xfs: Incorrect short form directory data boundary check
After parsing of the current entry, the entry pointer is advanced
to the next entry at the end of the "for" loop. In case where the
last entry is at the end of the data boundary, the advanced entry
pointer can point off the data boundary. The subsequent boundary
check for the advanced entry pointer can cause a failure.
The fix is to include the boundary check into the "for" loop
condition.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index b91cd32b49ab..ebf962793fa7 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
if (iterate_dir_call_hook (parent, "..", &ctx))
return 1;
- for (i = 0; i < head->count; i++)
+ for (i = 0; i < head->count &&
+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++)
{
grub_uint64_t ino;
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
de->name[de->len] = c;
de = grub_xfs_inline_next_de(dir->data, head, de);
-
- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
-
}
break;
}

@ -0,0 +1,115 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Anthony Iliopoulos <ailiop@suse.com>
Date: Thu, 26 Oct 2023 11:53:39 +0200
Subject: [PATCH] fs/xfs: Add large extent counters incompat feature support
XFS introduced 64-bit extent counters for inodes via a series of
upstream commits and the feature was marked as stable in v6.5 via
commit 61d7e8274cd8 (xfs: drop EXPERIMENTAL tag for large extent
counts).
Further, xfsprogs release v6.5.0 switched this feature on by default
in mkfs.xfs via commit e5b18d7d1d96 (mkfs: enable large extent counts
by default).
Filesystems formatted with large extent count support, nrext64=1, are
thus currently not recognizable by GRUB, since this is an incompat
feature. Add the required support so that those filesystems and inodes
with large extent counters can be read by GRUB.
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
Reviewed-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
grub-core/fs/xfs.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 18edfcff486c..bc2224dbb463 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -79,6 +79,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
/* Inode flags2 flags */
#define XFS_DIFLAG2_BIGTIME_BIT 3
#define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT)
+#define XFS_DIFLAG2_NREXT64_BIT 4
+#define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT)
/* incompat feature flags */
#define XFS_SB_FEAT_INCOMPAT_FTYPE (1 << 0) /* filetype in dirent */
@@ -86,6 +88,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */
#define XFS_SB_FEAT_INCOMPAT_BIGTIME (1 << 3) /* large timestamps */
#define XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR (1 << 4) /* needs xfs_repair */
+#define XFS_SB_FEAT_INCOMPAT_NREXT64 (1 << 5) /* large extent counters */
/*
* Directory entries with ftype are explicitly handled by GRUB code.
@@ -101,7 +104,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
XFS_SB_FEAT_INCOMPAT_SPINODES | \
XFS_SB_FEAT_INCOMPAT_META_UUID | \
XFS_SB_FEAT_INCOMPAT_BIGTIME | \
- XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
+ XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR | \
+ XFS_SB_FEAT_INCOMPAT_NREXT64)
struct grub_xfs_sblock
{
@@ -203,7 +207,8 @@ struct grub_xfs_inode
grub_uint16_t mode;
grub_uint8_t version;
grub_uint8_t format;
- grub_uint8_t unused2[26];
+ grub_uint8_t unused2[18];
+ grub_uint64_t nextents_big;
grub_uint64_t atime;
grub_uint64_t mtime;
grub_uint64_t ctime;
@@ -545,11 +550,26 @@ get_fsb (const void *keys, int idx)
return grub_be_to_cpu64 (grub_get_unaligned64 (p));
}
+static int
+grub_xfs_inode_has_large_extent_counts (const struct grub_xfs_inode *inode)
+{
+ return inode->version >= 3 &&
+ (inode->flags2 & grub_cpu_to_be64_compile_time (XFS_DIFLAG2_NREXT64));
+}
+
+static grub_uint64_t
+grub_xfs_get_inode_nextents (struct grub_xfs_inode *inode)
+{
+ return (grub_xfs_inode_has_large_extent_counts (inode)) ?
+ grub_be_to_cpu64 (inode->nextents_big) :
+ grub_be_to_cpu32 (inode->nextents);
+}
+
static grub_disk_addr_t
grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
{
struct grub_xfs_btree_node *leaf = 0;
- int ex, nrec;
+ grub_uint64_t ex, nrec;
struct grub_xfs_extent *exts;
grub_uint64_t ret = 0;
@@ -574,7 +594,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
/ (2 * sizeof (grub_uint64_t));
do
{
- int i;
+ grub_uint64_t i;
for (i = 0; i < nrec; i++)
{
@@ -621,7 +641,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
grub_addr_t exts_end = 0;
grub_addr_t data_end = 0;
- nrec = grub_be_to_cpu32 (node->inode.nextents);
+ nrec = grub_xfs_get_inode_nextents (&node->inode);
exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode);
if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) ||

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: raravind <raravind@redhat.com>
Date: Tue, 9 May 2023 11:29:35 +0200
Subject: [PATCH] chainloader: remove device path debug message
Remove the debug message "/EndEntire" while using GRUB chainloader command.
Signed-off-by: raravind <raravind@redhat.com>
(cherry picked from commit f75f5386b7a6a7cb2e10d30f817a3564c0a28dd7)
---
grub-core/loader/efi/chainloader.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index dd31ac9bb..b1c86dab2 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -210,7 +210,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
/* Fill the file path for the directory. */
d = (grub_efi_device_path_t *) ((char *) file_path
+ ((char *) d - (char *) dp));
- grub_efi_print_device_path (d);
if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
{
--
2.43.0

@ -1,9 +1,10 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Mon, 9 Oct 2023 08:53:18 +0200
Subject: [PATCH] search command: add flag to only search root dev
Subject: [PATCH] add flag to only search root dev
fixes bz#2223437
bz#2223437
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/commands/search.c | 36 ++++++++++++++++++++++++++++++++++++
@ -14,7 +15,7 @@ Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
5 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index 57d26ced8a8e..94fe8b2872a1 100644
index 57d26ced8a8e..819231751c38 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -85,6 +85,42 @@ iterate_device (const char *name, void *data)
@ -91,7 +92,7 @@ index 0b62acf85359..06b5f51eefb5 100644
grub_search_label (id, var, flags, hints, nhints);
else if (state[SEARCH_FS_UUID].set)
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index cb454614022f..50af9ee1bdd9 100644
index cb454614022f..c0ac7fee6cc2 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -619,6 +619,36 @@ grub_reverse (char *str)

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Wed, 17 Jan 2024 21:15:14 +0100
Subject: [PATCH] Ignore warnings for incompatible types
Add -Wno-incompatible-pointer-types to ignore warnings for incompatible
types
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 79f45ef1e14c..b66e07c67851 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2009,8 +2009,8 @@ if test x"$enable_wextra" != xno ; then
HOST_CFLAGS="$HOST_CFLAGS -Wextra"
fi
-TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines"
-HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines"
+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines -Wno-incompatible-pointer-types"
+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines -Wno-incompatible-pointer-types"
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC

@ -0,0 +1,168 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jon DeVree <nuxi@vault24.org>
Date: Tue, 17 Oct 2023 23:03:47 -0400
Subject: [PATCH] fs/xfs: Fix XFS directory extent parsing
The XFS directory entry parsing code has never been completely correct
for extent based directories. The parser correctly handles the case
where the directory is contained in a single extent, but then mistakenly
assumes the data blocks for the multiple extent case are each identical
to the single extent case. The difference in the format of the data
blocks between the two cases is tiny enough that its gone unnoticed for
a very long time.
A recent change introduced some additional bounds checking into the XFS
parser. Like GRUB's existing parser, it is correct for the single extent
case but incorrect for the multiple extent case. When parsing a directory
with multiple extents, this new bounds checking is sometimes (but not
always) tripped and triggers an "invalid XFS directory entry" error. This
probably would have continued to go unnoticed but the /boot/grub/<arch>
directory is large enough that it often has multiple extents.
The difference between the two cases is that when there are multiple
extents, the data blocks do not contain a trailer nor do they contain
any leaf information. That information is stored in a separate set of
extents dedicated to just the leaf information. These extents come after
the directory entry extents and are not included in the inode size. So
the existing parser already ignores the leaf extents.
The only reason to read the trailer/leaf information at all is so that
the parser can avoid misinterpreting that data as directory entries. So
this updates the parser as follows:
For the single extent case the parser doesn't change much:
1. Read the size of the leaf information from the trailer
2. Set the end pointer for the parser to the start of the leaf
information. (The previous bounds checking set the end pointer to the
start of the trailer, so this is actually a small improvement.)
3. Set the entries variable to the expected number of directory entries.
For the multiple extent case:
1. Set the end pointer to the end of the block.
2. Do not set up the entries variable. Figuring out how many entries are
in each individual block is complex and does not seem worth it when
it appears to be safe to just iterate over the entire block.
The bounds check itself was also dependent upon the faulty XFS parser
because it accidentally used "filename + length - 1". Presumably this
was able to pass the fuzzer because in the old parser there was always
8 bytes of slack space between the tail pointer and the actual end of
the block. Since this is no longer the case the bounds check needs to be
updated to "filename + length + 1" in order to prevent a regression in
the handling of corrupt fliesystems.
Notes:
* When there is only one extent there will only ever be one block. If
more than one block is required then XFS will always switch to holding
leaf information in a separate extent.
* B-tree based directories seems to be parsed properly by the same code
that handles multiple extents. This is unlikely to ever occur within
/boot though because its only used when there are an extremely large
number of directory entries.
Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem)
Fixes: b2499b29c (Adds support for the XFS filesystem.)
Fixes: https://savannah.gnu.org/bugs/?64376
Signed-off-by: Jon DeVree <nuxi@vault24.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 52 ++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 38 insertions(+), 14 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index ebf962793fa7..18edfcff486c 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -223,6 +223,12 @@ struct grub_xfs_inode
/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
+struct grub_xfs_dir_leaf_entry
+{
+ grub_uint32_t hashval;
+ grub_uint32_t address;
+} GRUB_PACKED;
+
struct grub_xfs_dirblock_tail
{
grub_uint32_t leaf_count;
@@ -874,9 +880,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
{
struct grub_xfs_dir2_entry *direntry =
grub_xfs_first_de(dir->data, dirblock);
- int entries;
- struct grub_xfs_dirblock_tail *tail =
- grub_xfs_dir_tail(dir->data, dirblock);
+ int entries = -1;
+ char *end = dirblock + dirblk_size;
numread = grub_xfs_read_file (dir, 0, 0,
blk << dirblk_log2,
@@ -887,14 +892,27 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 0;
}
- entries = (grub_be_to_cpu32 (tail->leaf_count)
- - grub_be_to_cpu32 (tail->leaf_stale));
+ /*
+ * Leaf and tail information are only in the data block if the number
+ * of extents is 1.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
- if (!entries)
- continue;
+ end = (char *) tail;
+
+ /* Subtract the space used by leaf nodes. */
+ end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry);
+
+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
+
+ if (!entries)
+ continue;
+ }
/* Iterate over all entries within this block. */
- while ((char *)direntry < (char *)tail)
+ while ((char *) direntry < (char *) end)
{
grub_uint8_t *freetag;
char *filename;
@@ -914,7 +932,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
}
filename = (char *)(direntry + 1);
- if (filename + direntry->len - 1 > (char *) tail)
+ if (filename + direntry->len + 1 > (char *) end)
return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
/* The byte after the filename is for the filetype, padding, or
@@ -928,11 +946,17 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 1;
}
- /* Check if last direntry in this block is
- reached. */
- entries--;
- if (!entries)
- break;
+ /*
+ * The expected number of directory entries is only tracked for the
+ * single extent case.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ /* Check if last direntry in this block is reached. */
+ entries--;
+ if (!entries)
+ break;
+ }
/* Select the next directory entry. */
direntry = grub_xfs_next_de(dir->data, direntry);

@ -0,0 +1,40 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Tue, 16 Jul 2024 11:11:43 +0200
Subject: [PATCH] grub2-mkconfig: Ensure grub cfg stub is not overwritten
/boot/efi/EFI/$os_name/grub.cfg contains a grub cfg stub
that should not be overwritten by grub2-mkconfig.
Ensure that we prevent this from happening.
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
util/grub-mkconfig.in | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 34f7c13fc521..34d0120d0ba2 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -114,6 +114,20 @@ do
esac
done
+os_name=$(grep '^ID=' /etc/os-release | sed 's/ID=//')
+if test "$os_name" = '"rhel"'; then
+ os_name=redhat
+elif test "$os_name" = '"centos"'; then
+ os_name=centos
+fi
+if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
+ mountpoint -q /boot/efi; then
+ gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
+ gettext_printf "Please run \`grub2-mkconfig -o /boot/grub2/grub.cfg' instead to update grub.cfg.\n" 1>&2
+ gettext_printf "GRUB configuration file was not updated.\n" 1>&2
+ exit 1
+fi
+
if [ "x$EUID" = "x" ] ; then
EUID=`id -u`
fi

@ -0,0 +1,30 @@
From ac5b2bc87a6c361fd504898a368f0867ef3e2679 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Wed, 31 Jul 2024 16:06:10 +0000
Subject: [PATCH] grub2-mkconfig: Simplify os_name detection
---
util/grub-mkconfig.in | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 7a0738b..ebf5150 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -114,12 +114,7 @@ do
esac
done
-os_name=$(grep '^ID=' /etc/os-release | sed 's/ID=//')
-if test "$os_name" = '"rhel"'; then
- os_name=redhat
-elif test "$os_name" = '"centos"'; then
- os_name=centos
-fi
+os_name=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
mountpoint -q /boot/efi; then
gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
--
2.43.5

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Thu, 1 Aug 2024 11:13:20 +0200
Subject: [PATCH] grub/mkconfig: Remove check for mount point for grub cfg stub
Remove mountpoint when checking whether or not the grub cfg stub
exists and add -s to the test. This should cover scenarios where
the ESP doesn't have a seperate partition but still uses a grub
cfg stub
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
util/grub-mkconfig.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index a4972039b751..3f131eea2b12 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -115,8 +115,7 @@ do
done
os_name=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
-if test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg" &&\
- mountpoint -q /boot/efi; then
+if test -s "${grub_cfg}" && test "x${grub_cfg}" = "x/boot/efi/EFI/$os_name/grub.cfg"; then
gettext_printf "Running \`grub2-mkconfig -o %s' will overwrite the GRUB wrapper.\n" "$grub_cfg" 1>&2
gettext_printf "Please run \`grub2-mkconfig -o /boot/grub2/grub.cfg' instead to update grub.cfg.\n" 1>&2
gettext_printf "GRUB configuration file was not updated.\n" 1>&2

@ -1,21 +1,23 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 8 Aug 2023 05:44:48 -0400
From: Marta Lewandowska <mlewando@redhat.com>
Date: Mon, 17 Jul 2023 16:03:39 -0400
Subject: [PATCH] grub-mkconfig dont overwrite BLS cmdline if BLSCFG
If GRUB_ENABLE_BLSCFG is true, running grub2-mkconfig will not
overwrite kernel cmdline in BLS snippets with what is in
GRUB_CMDLINE_LINUX in /etc/default/grub. Update can be forced by
sending new arg --update-bls-cmdline
sending new arg --update-bls-cmdline, thus decoupling cmdline
updates from updates of other parameters. GRUB_GRUBENV_UPDATE
remains 'yes' by default.
Signed-off-by: mkl <mlewando@redhat.com>
---
util/grub-mkconfig.in | 10 ++++++++++
util/grub.d/10_linux.in | 4 +++-
2 files changed, 13 insertions(+), 1 deletion(-)
util/grub-mkconfig.in | 9 +++++++++
util/grub.d/10_linux.in | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 520a672cd2c8..30a2d097823d 100644
index 520a672cd2c8..34f7c13fc521 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -51,6 +51,7 @@ export TEXTDOMAIN=@PACKAGE@
@ -44,12 +46,11 @@ index 520a672cd2c8..30a2d097823d 100644
-*)
gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
usage
@@ -167,6 +172,11 @@ fi
@@ -167,6 +172,10 @@ fi
eval "$("${grub_get_kernel_settings}")" || true
+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ] && \
+ [ "x${bls_cmdline_update}" != "xtrue" ]; then
+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ] && [ "x${bls_cmdline_update}" != "xtrue" ]; then
+ GRUB_UPDATE_BLS_CMDLINE="no"
+fi
+
@ -57,17 +58,15 @@ index 520a672cd2c8..30a2d097823d 100644
if [ -z "${GRUB_DISABLE_LINUX_UUID}" ]; then
GRUB_DISABLE_LINUX_UUID="true"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 4795a63b4ce6..76fc21fb6528 100644
index 4795a63b4ce6..72b75effe448 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -265,7 +265,9 @@ if [ -z "\${kernelopts}" ]; then
@@ -265,7 +265,7 @@ if [ -z "\${kernelopts}" ]; then
fi
EOF
- if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ if [ "x${GRUB_UPDATE_BLS_CMDLINE}" = "xyes" ] || \
+ ( [ -w /etc/kernel ] && [[ ! -f /etc/kernel/cmdline ]] && \
+ [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ] ); then
+ if [ "x${GRUB_UPDATE_BLS_CMDLINE}" = "xyes" ]; then
update_bls_cmdline
fi

@ -1,6 +1,6 @@
From f4f134582912851628e15df4963b3b8a6652aa26 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Tue, 29 Aug 2023 16:40:47 +0200
Date: Mon, 27 May 2024 13:03:32 -0600
Subject: [PATCH] grub2-mkconfig: Pass all boot params when used by anaconda
Previous patch makes it so that the machine can boot, but not all
@ -10,20 +10,18 @@ loader installation, long after grub rpms first got installed.
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
util/grub.d/10_linux.in | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
util/grub.d/10_linux.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 76fc21fb6528..041a11529588 100644
index 72b75effe448..041a11529588 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -265,9 +265,11 @@ if [ -z "\${kernelopts}" ]; then
@@ -265,7 +265,11 @@ if [ -z "\${kernelopts}" ]; then
fi
EOF
- if [ "x${GRUB_UPDATE_BLS_CMDLINE}" = "xyes" ] || \
- ( [ -w /etc/kernel ] && [[ ! -f /etc/kernel/cmdline ]] && \
- [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ] ); then
- if [ "x${GRUB_UPDATE_BLS_CMDLINE}" = "xyes" ]; then
+ if [ "x${GRUB_UPDATE_BLS_CMDLINE}" = "xyes" ] || [[ -d /run/install ]]; then
+ # only update the bls cmdline if the user specifically requests it or _anytime_
+ # in the installer environment: /run/install directory only exists during the
@ -32,6 +30,3 @@ index 76fc21fb6528..041a11529588 100644
update_bls_cmdline
fi
--
2.41.0

@ -1,8 +1,8 @@
From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:31:57 +0300
Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the
$ATTRIBUTE_LIST attribute for the $MFT file
Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST
attribute for the $MFT file
When parsing an extremely fragmented $MFT file, i.e., the file described
using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
@ -34,7 +34,7 @@ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bbdbe24ada83..c3c4db117bba 100644
index 3511e4e2cb6f..4681c7ac32a8 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
@ -88,6 +88,3 @@ index bbdbe24ada83..c3c4db117bba 100644
if (read_attr
(at, pa + 0x10,
u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
--
2.43.0

@ -1,8 +1,8 @@
From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:32:33 +0300
Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the
resident $DATA attribute
Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident
$DATA attribute
When reading a file containing resident data, i.e., the file data is stored in
the $DATA attribute within the NTFS file record, not in external clusters,
@ -30,7 +30,7 @@ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index c3c4db117bba..a68e173d8285 100644
index 4681c7ac32a8..1949d48a494f 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
@ -53,6 +53,3 @@ index c3c4db117bba..a68e173d8285 100644
return 0;
}
--
2.43.0

@ -1,8 +1,8 @@
From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:17 +0300
Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries
from resident and non-resident index attributes
Subject: [PATCH] fs/ntfs: Fix an OOB read when parsing directory entries from
resident and non-resident index attributes
This fix introduces checks to ensure that index entries are never read
beyond the corresponding directory index.
@ -17,7 +17,7 @@ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index a68e173d8285..2d78b96e19fb 100644
index 1949d48a494f..72302033281a 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
@ -49,7 +49,7 @@ index a68e173d8285..2d78b96e19fb 100644
/*
* Ignore files in DOS namespace, as they will reappear as Win32
* names.
@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -802,7 +808,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
}
cur_pos += 0x10; /* Skip index root */
@ -60,7 +60,7 @@ index a68e173d8285..2d78b96e19fb 100644
if (ret)
goto done;
@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -889,6 +897,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(const grub_uint8_t *) "INDX")))
goto done;
ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)],
@ -68,6 +68,3 @@ index a68e173d8285..2d78b96e19fb 100644
hook, hook_data);
if (ret)
goto done;
--
2.43.0

@ -1,7 +1,7 @@
From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:44 +0300
Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index
Subject: [PATCH] fs/ntfs: Fix an OOB read when parsing bitmaps for index
attributes
This fix introduces checks to ensure that bitmaps for directory indices
@ -17,10 +17,10 @@ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1 file changed, 19 insertions(+)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 2d78b96e19fb..bb70c89fb803 100644
index 72302033281a..74515114287f 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -839,6 +839,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
if (is_resident)
{
@ -46,6 +46,3 @@ index 2d78b96e19fb..bb70c89fb803 100644
grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
bitmap_len);
}
--
2.43.0

@ -1,7 +1,7 @@
From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:38:19 +0300
Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label
Subject: [PATCH] fs/ntfs: Fix an OOB read when parsing a volume label
This fix introduces checks to ensure that an NTFS volume label is always
read from the corresponding file record segment.
@ -22,10 +22,10 @@ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bb70c89fb803..ff5e3740f0dd 100644
index 74515114287f..32ba8276dd8d 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label)
@@ -1209,13 +1209,29 @@ grub_ntfs_label (grub_device_t device, char **label)
init_attr (&mft->attr, mft);
pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME);
@ -56,6 +56,3 @@ index bb70c89fb803..ff5e3740f0dd 100644
}
fail:
--
2.43.0

@ -1,7 +1,7 @@
From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:40:07 +0300
Subject: [PATCH 6/6] fs/ntfs: Make code more readable
Subject: [PATCH] fs/ntfs: Make code more readable
Move some calls used to access NTFS attribute header fields into
functions with human-readable names.
@ -10,11 +10,11 @@ Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++--------------
grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 15 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index ff5e3740f0dd..de435aa14d85 100644
index 32ba8276dd8d..991b1c2094f5 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs)
@ -103,7 +103,7 @@ index ff5e3740f0dd..de435aa14d85 100644
else
mft->size = u64at (pa, 0x30);
@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -801,7 +819,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(u32at (cur_pos, 0x18) != 0x490024) ||
(u32at (cur_pos, 0x1C) != 0x300033))
continue;
@ -112,7 +112,7 @@ index ff5e3740f0dd..de435aa14d85 100644
if (*cur_pos != 0x30) /* Not filename index */
continue;
break;
@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -830,7 +848,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
{
int is_resident = (cur_pos[8] == 0);
@ -121,7 +121,7 @@ index ff5e3740f0dd..de435aa14d85 100644
u32at (cur_pos, 0x28));
bmp = grub_malloc (bitmap_len);
@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
@@ -851,14 +869,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
goto done;
}
@ -138,7 +138,7 @@ index ff5e3740f0dd..de435aa14d85 100644
bitmap_len);
}
else
@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label)
@@ -1222,12 +1240,12 @@ grub_ntfs_label (grub_device_t device, char **label)
goto fail;
}
@ -154,6 +154,3 @@ index ff5e3740f0dd..de435aa14d85 100644
if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
*label = get_utf8 (pa, len);
else
--
2.43.0

@ -20,7 +20,7 @@ Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
1 file changed, 127 insertions(+), 9 deletions(-)
diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index 94fe8b2872a1..c052cb098c36 100644
index 819231751c38..1e61a5cf940f 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -30,6 +30,8 @@

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Mon, 1 Jul 2024 12:52:13 -0600
Subject: [PATCH] grub-mkconfig.in: turn off executable owner bit
Stricker permissions are required on the grub.cfg file, resulting in
at most 0600 owner's file permissions. This resolves conflicting
requirement permissions on grub2-pc package's grub2.cfg file.
Resolves: RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
util/grub-mkconfig.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 3f131eea2b12..8c2bb8259de1 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -328,7 +328,7 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
- oldumask=$(umask); umask 077
+ oldumask=$(umask); umask 177
cat ${grub_cfg}.new > ${grub_cfg}
umask $oldumask
rm -f ${grub_cfg}.new

@ -57,39 +57,52 @@ EOF
case "$COMMAND" in
add)
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
# rename to match the name used in the pseudo-BLS snippet above
cp --remove-destination --preserve=timestamps -T "${KERNEL_IMAGE}" "/boot/vmlinuz-${KERNEL_VERSION}"
command -v restorecon &>/dev/null && \
restorecon -R "/boot/vmlinuz-${KERNEL_VERSION}"
for i in \
"$KERNEL_IMAGE" \
"$KERNEL_DIR"/System.map \
"$KERNEL_DIR"/config \
"$KERNEL_DIR"/zImage.stub \
"$KERNEL_DIR"/dtb
do
[[ -e "$i" ]] || continue
rm -f "/boot/${i##*/}-${KERNEL_VERSION}"
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
cp --remove-destination --preserve=timestamps -rT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
command -v restorecon &>/dev/null && \
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
done
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
if [[ -e "$i" ]]; then
rm -f "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
cp --remove-destination --preserve=timestamps "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
command -v restorecon &>/dev/null && \
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
fi
# OLD method using gzip'd file (will be deprecated and removed in the future)
# symvers is symvers-<version>.gz symlink, needs a special treatment
i="$KERNEL_DIR/symvers.gz"
if [[ -e "$i" ]]; then
rm -f "/boot/symvers-${KERNEL_VERSION}.gz"
ln -s "$i" "/boot/symvers-${KERNEL_VERSION}.gz"
ln -fs "$i" "/boot/symvers-${KERNEL_VERSION}.gz"
command -v restorecon &>/dev/null && \
restorecon "/boot/symvers-${KERNEL_VERSION}.gz"
fi
# symvers is symvers-<version>.bz symlink, needs a special treatment
i="$KERNEL_DIR/symvers.bz"
if [[ -e "$i" ]]; then
ln -fs "$i" "/boot/symvers-${KERNEL_VERSION}.bz"
command -v restorecon &>/dev/null && \
restorecon "/boot/symvers-${KERNEL_VERSION}.bz"
fi
fi
if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then
if [[ -f /etc/kernel/cmdline ]]; then
if [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
# user modified /etc/default/grub manually; sync
grub2-mkconfig -o /etc/grub2.cfg
fi
read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
elif [[ -f /usr/lib/kernel/cmdline ]]; then
read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
@ -143,7 +156,7 @@ case "$COMMAND" in
if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
BLS_DEBUG="$(echo ${BLS_TARGET} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")"
cp -aT "${BLS_TARGET}" "${BLS_DEBUG}"
cp --preserve=timestamps -T "${BLS_TARGET}" "${BLS_DEBUG}"
TITLE="$(grep '^title[ \t]' "${BLS_DEBUG}" | sed -e 's/^title[ \t]*//')"
OPTIONS="$(echo "${BOOT_OPTIONS[*]} ${GRUB_CMDLINE_LINUX_DEBUG}" | sed -e 's/\//\\\//g')"
sed -i -e "s/^title.*/title ${TITLE}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${BLS_DEBUG}"

@ -40,17 +40,14 @@ if [[ $DISABLE_BLS = "true" ]]; then
fi
fi
[ -f /etc/default/grub ] && . /etc/default/grub
if [ x$GRUB_ENABLE_BLSCFG = xfalse ]; then
RUN_MKCONFIG=true
fi
# A traditional grub configuration file needs to be generated only in the case when
# the bootloaders are not capable of populating a menu entry from the BLS fragments.
if [[ $RUN_MKCONFIG != "true" ]]; then
exit 0
fi
[[ -f /etc/default/grub ]] && . /etc/default/grub
COMMAND="$1"
case "$COMMAND" in

@ -15,28 +15,32 @@
%endif
# gnulib actively ignores CFLAGS because it's terrible
%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack"
%global cc_equals "CC=%{ccpath} -fPIE -Wl,-z,noexecstack -Wl,--no-warn-rwx-segments"
%global cflags_sed \\\
sed \\\
-e 's/-O. //g' \\\
-e 's/-fplugin=annobin //g' \\\
-e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]* ,,g' \\\
-e 's/-fplugin=annobin//g' \\\
-e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]*,,g' \\\
-e 's/-fstack-protector[[:alpha:]-]\\+//g' \\\
-e 's/-Wp,-D_FORTIFY_SOURCE=[[:digit:]]\\+//g' \\\
-e 's/-[^ ]*D_FORTIFY_SOURCE=[[:digit:]][^ ]*\\+//g' \\\
-e 's/--param=ssp-buffer-size=4//g' \\\
-e 's/-mregparm=3/-mregparm=4/g' \\\
-e 's/-fexceptions//g' \\\
-e 's/-fcf-protection//g' \\\
-e 's/-fasynchronous-unwind-tables//g' \\\
-e 's/^/ -fno-strict-aliasing /' \\\
-e 's,-march=x86-64-v[[:alnum:]._-]*,-march=x86-64,g' \\\
%{nil}
%global host_cflags %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})}
%global host_cflags_ %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})} -fstack-protector-strong
%ifarch x86_64
%global host_cflags %{host_cflags_} -fcf-protection
%else
%global host_cflags %{host_cflags_}
%endif
%global legacy_host_cflags \\\
%{expand:%%(echo %{host_cflags} | \\\
%{cflags_sed} \\\
sed \\\
-e 's/-m64//g' \\\
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
)}
@ -53,7 +57,7 @@
%global ldflags_sed \\\
sed \\\
-e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]* ,,g' \\\
-e 's,-specs=[[:alnum:]/_-]*annobin[[:alnum:]_-]*,,g' \\\
-e 's/^$//' \\\
%{nil}
@ -64,7 +68,7 @@
)}
%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})}
%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})}
%global target_ldflags %{expand:%%(echo %{build_ldflags} -Wl,--no-warn-rwx-segments -static | %{ldflags_sed})}
%global legacy_target_ldflags \\\
%{expand:%%(echo %{target_ldflags} | \\\
%{ldflags_sed} \\\
@ -72,6 +76,7 @@
%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})}
%global with_efi_arch 0
%global with_alt_efi_arch 0
%global with_legacy_arch 0
%global with_emu_arch 1
%global emuarch %{_arch}
@ -126,7 +131,7 @@
%endif
%ifarch ppc64le
%global platform_modules " appendedsig ofnet tpm "
%global platform_modules " appendedsig tpm ofnet "
%endif
%ifarch aarch64 %{arm} riscv64
@ -157,6 +162,19 @@
%global legacy_target_cpu_name i386
%global legacy_package_arch pc
%global platform pc
%global alt_efi_arch ia32
%global alt_target_cpu_name i386
%global alt_grub_target_name i386-efi
%global alt_platform efi
%global alt_package_arch efi-ia32
%global alt_efi_host_cflags %{expand:%%(echo %{efi_host_cflags})}
%global alt_efi_target_cflags \\\
%{expand:%%(echo %{target_cflags} | \\\
%{cflags_sed} \\\
-e 's/-m64//g' \\\
)}
%endif
%ifarch aarch64
@ -190,6 +208,7 @@
%endif
%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu}
%global _alt_target_platform %{alt_target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu}
%ifarch %{efi_arch}
%global with_efi_arch 1
@ -205,6 +224,13 @@
%endif
%endif
%if 0%{?alt_efi_arch:1}
%global with_alt_efi_arch 1
%global grubaltefiname grub%{alt_efi_arch}.efi
%global grubalteficdname gcd%{alt_efi_arch}.efi
%global grubaltefiarch %{alt_target_cpu_name}-efi
%endif
%ifnarch %{efi_only}
%global with_legacy_arch 1
%global grublegacyarch %{legacy_target_cpu_name}-%{platform}
@ -216,8 +242,8 @@
%ifarch x86_64
%global with_efi_common 1
%global with_legacy_modules 0
%global with_legacy_common 0
%global with_legacy_modules 1
%global with_legacy_common 1
%else
%global with_efi_common 0
%global with_legacy_common 1
@ -227,13 +253,13 @@
%define define_legacy_variant() \
%{expand:%%package %%{1}} \
Summary: Bootloader with support for Linux, Multiboot, and more \
Provides: %{name} = %{evr} \
Obsoletes: %{name} < %{evr} \
Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal = %{evr} \
Requires: %{name}-%{1}-modules = %{evr} \
Requires: gettext which file \
Requires: %{name}-tools = %{evr} \
Provides: grub2 = %{evr} \
Obsoletes: grub2 < %{evr} \
Requires: grub2-common = %{evr} \
Requires: grub2-tools-minimal = %{evr} \
Requires: grub2-%{1}-modules = %{evr} \
Requires: gettext-runtime which file \
Requires: grub2-tools = %{evr} \
Requires(pre): dracut \
Requires(post): dracut \
%{expand:%%description %%{1}} \
@ -245,7 +271,7 @@ This subpackage provides support for %{1} systems. \
%%package %%{1}-modules \
Summary: Modules used to build custom grub images \
BuildArch: noarch \
Requires: %%{name}-common = %%{evr} \
Requires: grub2-common = %%{evr} \
%%description %%{1}-modules \
%%{desc} \
This subpackage provides support for rebuilding your own grub.efi. \
@ -255,11 +281,10 @@ This subpackage provides support for rebuilding your own grub.efi. \
%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%%{1}-%{tarversion}}}\
%{expand:%%package %%{1}-tools} \
Summary: Support tools for GRUB. \
Requires: gettext os-prober which file system-logos \
Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal = %{evr} \
Requires: gettext-runtime os-prober which file system-logos \
Requires: grub2-common = %{evr} \
Requires: grub2-tools-minimal = %{evr} \
Requires: os-prober >= 1.58-11 \
Requires: gettext which file \
\
%{expand:%%description %%{1}-tools} \
%{desc} \
@ -270,12 +295,12 @@ This subpackage provides tools for support of %%{1} platforms. \
%{expand:%%package %{1}} \
Summary: GRUB for EFI systems. \
Requires: efi-filesystem \
Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal >= %{evr} \
Requires: %{name}-tools = %{evr} \
Provides: %{name}-efi = %{evr} \
%{?legacy_provides:Provides: %{name} = %{evr}} \
%{-o:Obsoletes: %{name}-efi < %{evr}} \
Requires: grub2-common = %{evr} \
Requires: grub2-tools-minimal >= %{evr} \
Requires: grub2-tools = %{evr} \
Provides: grub2-efi = %{evr} \
%{?legacy_provides:Provides: grub2 = %{evr}} \
%{-o:Obsoletes: grub2-efi < %{evr}} \
\
%{expand:%%description %{1}} \
%{desc} \
@ -286,9 +311,9 @@ This subpackage provides support for %{1} systems. \
%{expand:%%package %{1}-modules} \
Summary: Modules used to build custom grub.efi images \
BuildArch: noarch \
Requires: %{name}-common = %{evr} \
Provides: %{name}-efi-modules = %{evr} \
Obsoletes: %{name}-efi-modules < %{evr} \
Requires: grub2-common = %{evr} \
Provides: grub2-efi-modules = %{evr} \
Obsoletes: grub2-efi-modules < %{evr} \
%{expand:%%description %{1}-modules} \
%{desc} \
This subpackage provides support for rebuilding your own grub.efi. \
@ -296,8 +321,8 @@ This subpackage provides support for rebuilding your own grub.efi. \
\
%{expand:%%package %{1}-cdboot} \
Summary: Files used to boot removeable media with EFI \
Requires: %{name}-common = %{evr} \
Provides: %{name}-efi-cdboot = %{evr} \
Requires: grub2-common = %{evr} \
Provides: grub2-efi-cdboot = %{evr} \
%{expand:%%description %{1}-cdboot} \
%{desc} \
This subpackage provides optional components of grub used with removeable media on %{1} systems.\
@ -317,14 +342,12 @@ git init \
echo '![[:digit:]][[:digit:]]_*.in' > util/grub.d/.gitignore \
echo '!*.[[:digit:]]' > util/.gitignore \
echo '!config.h' > include/grub/emu/.gitignore \
git config user.email "%{name}-owner@fedoraproject.org" \
git config user.email "grub2-owner@fedoraproject.org" \
git config user.name "Fedora Ninjas" \
git config gc.auto 0 \
rm -f configure \
git add . \
git commit -a -q -m "%{tarversion} baseline." \
#git apply --index --whitespace=nowarn %{SOURCE3} \
#git commit -a -q -m "%{tarversion} master." \
git am --whitespace=nowarn %%{patches} </dev/null \
rm -r build-aux m4 \
./bootstrap \
@ -339,11 +362,12 @@ rm -r build-aux m4 \
TARGET_CFLAGS="%{2}" \\\
TARGET_CPPFLAGS="-I$(pwd)" \\\
TARGET_LDFLAGS="%{efi_target_ldflags}" \\\
--with-rpm-version=%{version}-%{release} \\\
--with-platform=efi \\\
--with-utils=host \\\
--target=%{1} \\\
--with-grubdir=%{name} \\\
--program-transform-name=s,grub,%{name}, \\\
--with-grubdir=grub2 \\\
--program-transform-name=s,grub,grub2, \\\
--disable-werror || ( cat config.log ; exit 1 ) \
git add . \
git commit -m "After efi configure" \
@ -378,43 +402,57 @@ rm -f %{1}.conf \
gcry_rijndael gcry_rsa gcry_serpent \\\
gcry_sha256 gcry_twofish gcry_whirlpool \\\
gfxmenu gfxterm gzio \\\
halt http increment iso9660 \\\
halt hfsplus http increment iso9660 \\\
jpeg loadenv loopback linux lvm luks \\\
luks2 mdraid09 mdraid1x minicmd net \\\
luks2 \\\
memdisk \\\
mdraid09 mdraid1x minicmd net \\\
normal part_apple part_msdos part_gpt \\\
password_pbkdf2 pgp png reboot regexp \\\
search search_fs_uuid search_fs_file \\\
search_label serial sleep syslinuxcfg \\\
search_label serial sleep \\\
squash4 \\\
syslinuxcfg \\\
test tftp version video xfs zstd " \
%ifarch x86_64 aarch64 %{arm} riscv64
%ifarch %{efi_arch}
%define efi_mkimage() \
mkdir -p memdisk/fonts \
cp %{4}/unicode.pf2 memdisk/fonts \
mksquashfs memdisk memdisk.squashfs -comp lzo \
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
-p /EFI/%{efi_vendor} -d grub-core \\\
-d grub-core \\\
--sbat %{4}./sbat.csv \\\
-m memdisk.squashfs \\\
-p /EFI/%{efi_vendor} \\\
${GRUB_MODULES} \
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
-p /EFI/BOOT -d grub-core \\\
-d grub-core \\\
--sbat %{4}./sbat.csv \\\
-m memdisk.squashfs \\\
-p /EFI/BOOT \\\
${GRUB_MODULES} \
%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \
%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \
%{nil}
%else
%define efi_mkimage() \
%{4}./grub-mkimage -O %{1} -o %{2} \\\
-p /EFI/%{efi_vendor} -d grub-core \\\
${GRUB_MODULES} \
%{4}./grub-mkimage -O %{1} -o %{3} \\\
-p /EFI/BOOT -d grub-core \\\
${GRUB_MODULES} \
%{nil}
%endif
%ifarch ppc64le
# RHEL signs, Fedora + ELN don't (but ELN defines rhel)
%if 0%{?fedora} || 0%{?eln}
%define ieee1275_mkimage() \
mkdir -p memdisk/fonts \
cp %{5}/unicode.pf2 memdisk/fonts \
mksquashfs memdisk memdisk.squashfs -comp lzo \
./grub-mkimage -O %{1} -o %{2} -p '/grub2' -d grub-core ${GRUB_MODULES} \
%{nil}
%else
%define ieee1275_mkimage() \
mkdir -p memdisk/fonts \
cp %{5}/unicode.pf2 memdisk/fonts \
mksquashfs memdisk memdisk.squashfs -comp lzo \
APPENDED_SIG_SIZE=0 \
if [ -x /usr/bin/rpm-sign ]; then \
touch empty.unsigned \
@ -426,7 +464,9 @@ if [ -x /usr/bin/rpm-sign ]; then \
fi \
# FIXME: using this prefix is fragile, must be done properly \
./grub-mkimage -O %{1} -o %{2}.orig \\\
-p '/grub2' -d grub-core \\\
-d grub-core \\\
-m memdisk.squashfs \\\
-p '/grub2' \\\
-x %{3} \\\
--appended-signature-size ${APPENDED_SIG_SIZE} \\\
${GRUB_MODULES} \
@ -440,19 +480,20 @@ else \
fi \
%{nil}
%endif
%endif
%define do_efi_build_images() \
GRUB_MODULES+=%{grub_modules} \
GRUB_MODULES+=%{efi_modules} \
GRUB_MODULES+=%{platform_modules} \
%{expand:%%{efi_mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7} %{8} %{9} %{10}}} \
%{expand:%efi_mkimage %%{1} %%{2} %%{3} %%{4} %%{5} %%{6} %%{7}} \
%{nil}
%define do_ieee1275_build_images() \
GRUB_MODULES+=%{grub_modules} \
GRUB_MODULES+=%{platform_modules} \
cd grub-%{1}-%{tarversion} \
%{expand:%%ieee1275_mkimage %%{1} %%{2} %%{3} %%{4}} \
%{expand:%%ieee1275_mkimage %%{1} %%{2} %%{3} %%{4} ./ }\
cd .. \
%{nil}
@ -460,7 +501,16 @@ cd .. \
cd grub-%{1}-%{tarversion} \
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
%do_efi_build_all \
%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9} %{10} %{11} %{12}} \
%{expand:%%do_efi_build_images %{grub_target_name} %%{2} %%{3} ./ %%{7} %%{8} %%{9}} \
cd .. \
%{nil}
%define do_alt_efi_build() \
cd grub-%{1}-%{tarversion} \
%{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \
%do_efi_build_modules \
%{expand:%%do_efi_link_utils %{grubefiarch}} \
%{expand:%%do_efi_build_images %{alt_grub_target_name} %%{2} %%{3} ../grub-%{grubefiarch}-%{tarversion}/ %%{7} %%{8} %%{9}} \
cd .. \
%{nil}
@ -477,8 +527,8 @@ cd grub-%{1}-%{tarversion} \
--with-platform=%{platform} \\\
--with-utils=host \\\
--target=%{_target_platform} \\\
--with-grubdir=%{name} \\\
--program-transform-name=s,grub,%{name}, \\\
--with-grubdir=grub2 \\\
--program-transform-name=s,grub,grub2, \\\
--disable-werror || ( cat config.log ; exit 1 ) \
git add . \
git commit -m "After legacy configure" \
@ -494,8 +544,8 @@ cd grub-emu-%{tarversion} \
HOST_CPPFLAGS="-I$(pwd)" \\\
HOST_LDFLAGS="%{legacy_host_ldflags}" \\\
--with-platform=emu \\\
--with-grubdir=%{name} \\\
--program-transform-name=s,grub,%{name}, \\\
--with-grubdir=grub2 \\\
--program-transform-name=s,grub,grub2, \\\
--disable-werror || ( cat config.log ; exit 1 ) \
git add . \
git commit -m "After emu configure" \
@ -505,6 +555,26 @@ make %{?_smp_mflags} -C grub-core \
cd .. \
%{nil}
%define do_alt_efi_install() \
cd grub-%{1}-%{tarversion} \
install -d -m 755 $RPM_BUILD_ROOT/usr/lib/grub/%{grubaltefiarch}/ \
find . '(' -iname gdb_grub \\\
-o -iname kernel.exec \\\
-o -iname kernel.img \\\
-o -iname config.h \\\
-o -iname gmodule.pl \\\
-o -iname modinfo.sh \\\
-o -iname '*.lst' \\\
-o -iname '*.mod' \\\
')' \\\
-exec cp {} $RPM_BUILD_ROOT/usr/lib/grub/%{grubaltefiarch}/ \\\; \
find $RPM_BUILD_ROOT -type f -iname "*.mod*" -exec chmod a-x {} '\;' \
install -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_dir}/%{2} \
install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \
%{expand:%%do_install_protected_file grub2-%{alt_package_arch}} \
cd .. \
%{nil}
%define do_efi_install() \
cd grub-%{1}-%{tarversion} \
make DESTDIR=$RPM_BUILD_ROOT install \
@ -515,18 +585,18 @@ if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \
rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \
fi \
find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \
ln -s ../boot/%{name}/grub.cfg \\\
$RPM_BUILD_ROOT%{_sysconfdir}/%{name}-efi.cfg \
ln -s ../boot/grub2/grub.cfg \\\
$RPM_BUILD_ROOT%{_sysconfdir}/grub2-efi.cfg \
install -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_dir}/%{2} \
install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \
%ifarch %{arm} \
install -D -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_boot}/BOOTARM.EFI \
%endif \
install -D -m 700 unicode.pf2 \\\
${RPM_BUILD_ROOT}/boot/%{name}/fonts/unicode.pf2 \
${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}/boot/%{name}/grubenv create \
%{expand:%%do_install_protected_file %{name}-%{package_arch}} \
${RPM_BUILD_ROOT}/boot/grub2/fonts/unicode.pf2 \
${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\
${RPM_BUILD_ROOT}/boot/grub2/grubenv create \
%{expand:%%do_install_protected_file grub2-%{package_arch}} \
cd .. \
%{nil}
@ -542,15 +612,27 @@ fi \
%{expand:%ifarch ppc64le \
install -m 700 %{grubelfname} $RPM_BUILD_ROOT/%{_libdir}/grub/%{1} \
%endif} \
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp ]; then \
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp \\\
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp \
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \
fi \
if [ %{2} -eq 0 ]; then \
${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}/boot/%{name}/grubenv create \
if [ %{3} -eq 0 ]; then \
${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\
${RPM_BUILD_ROOT}/boot/grub2/grubenv create \
fi \
%{expand:%%do_install_protected_file %{name}-%{legacy_package_arch}} \
%{expand:%ifnarch ppc64le \
mkdir pxe \
./grub-mknetdir \\\
--directory ./grub-core \\\
--fonts="" \\\
--locales="" \\\
--themes="" \\\
--modules="configfile gzio linux reboot test" \\\
--net-directory=pxe \\\
--subdir . \
mv pxe/*/core.0 $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/ \
%endif} \
%{expand:%%do_install_protected_file grub2-%{legacy_package_arch}} \
cd .. \
%{nil}
@ -563,8 +645,8 @@ fi \
if [ -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info ]; then \
rm -f $RPM_BUILD_ROOT%{_infodir}/grub-dev.info \
fi \
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp ]; then \
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/%{name}.chrp \\\
if [ -f $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp ]; then \
mv $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub2.chrp \\\
$RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/grub.chrp \
fi \
cd .. \
@ -577,30 +659,30 @@ install -d -m 0755 \\\
$RPM_BUILD_ROOT%{_infodir}/ \
cp -a $RPM_BUILD_ROOT%{_datarootdir}/locale/en\@quot \\\
$RPM_BUILD_ROOT%{_datarootdir}/locale/en \
cp docs/grub.info $RPM_BUILD_ROOT%{_infodir}/%{name}.info \
cp docs/grub.info $RPM_BUILD_ROOT%{_infodir}/grub2.info \
cp docs/grub-dev.info \\\
$RPM_BUILD_ROOT%{_infodir}/%{name}-dev.info \
$RPM_BUILD_ROOT%{_infodir}/grub2-dev.info \
install -d -m 0700 ${RPM_BUILD_ROOT}%{efi_esp_dir}/ \
install -d -m 0700 ${RPM_BUILD_ROOT}/boot/%{name}/ \
install -d -m 0700 ${RPM_BUILD_ROOT}/boot/grub2/ \
install -d -m 0700 ${RPM_BUILD_ROOT}/boot/loader/entries \
install -d -m 0700 ${RPM_BUILD_ROOT}/boot/%{name}/themes/system \
install -d -m 0700 ${RPM_BUILD_ROOT}/boot/grub2/themes/system \
install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/default \
install -d -m 0700 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig \
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/default/grub \
ln -sf ../default/grub \\\
${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/grub \
touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \
ln -s ../boot/%{name}/grub.cfg \\\
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.cfg \
touch ${RPM_BUILD_ROOT}/boot/grub2/grub.cfg \
ln -s ../boot/grub2/grub.cfg \\\
${RPM_BUILD_ROOT}%{_sysconfdir}/grub2.cfg \
%{nil}
%define define_legacy_variant_files() \
%{expand:%%files %{1}} \
%defattr(-,root,root,-) \
%config(noreplace) %{_sysconfdir}/%{name}.cfg \
%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \
%config(noreplace) %{_sysconfdir}/grub2.cfg \
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
%dir %attr(0700,root,root)/boot/loader/entries \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
%ifarch ppc64le \
%dir %{_libdir}/grub/%{2}/ \
%{_libdir}/grub/%{2}/%{grubelfname} \
@ -625,18 +707,18 @@ ln -s ../boot/%{name}/grub.cfg \\\
%define define_efi_variant_files() \
%{expand:%%files %{1}} \
%defattr(-,root,root,-) \
%config(noreplace) %{_sysconfdir}/%{name}.cfg \
%config(noreplace) %{_sysconfdir}/%{name}-efi.cfg \
%config(noreplace) %{_sysconfdir}/grub2.cfg \
%config(noreplace) %{_sysconfdir}/grub2-efi.cfg \
%attr(0700,root,root) %verify(not mtime) %{efi_esp_dir}/%{2} \
%ifarch %{arm} \
%attr(0700,root,root) %verify(not mtime) %{efi_esp_boot}/BOOTARM.EFI \
%endif \
%attr(0700,root,root)/boot/%{name}/fonts \
%attr(0700,root,root)/boot/grub2/fonts \
%dir %attr(0700,root,root)/boot/loader/entries \
%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
%config(noreplace) %verify(not size mode md5 mtime) /boot/%{name}/grubenv \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/%{name}-%{1}.conf \
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
%{expand:%if 0%{?without_efi_modules} \
%exclude %{_libdir}/grub/%{6} \
%exclude %{_libdir}/grub/%{6}/* \
@ -653,5 +735,5 @@ ln -s ../boot/%{name}/grub.cfg \\\
%{expand:%%files %{1}-cdboot} \
%defattr(-,root,root,-) \
%attr(0700,root,root) %verify(not mtime) %{efi_esp_dir}/%{3} \
%attr(0700,root,root)/boot/%{name}/fonts \
%attr(0700,root,root)/boot/grub2/fonts \
%{nil}

@ -320,26 +320,47 @@ Patch0319: 0319-osdep-linux-hostdisk-Modify-sector-by-sysfs-as-disk-.patch
Patch0320: 0320-mm-Adjust-new-region-size-to-take-management-overhea.patch
Patch0321: 0321-mm-Preallocate-some-space-when-adding-new-regions.patch
Patch0322: 0322-mm-Avoid-complex-heap-growth-math-in-hot-path.patch
Patch0323: 0323-util-Enable-default-kernel-for-updates.patch
Patch0324: 0324-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
Patch0325: 0325-kern-ieee1275-init-Extended-support-in-Vec5.patch
Patch0326: 0326-efi-http-change-uint32_t-to-uintn_t.patch
Patch0327: 0327-grub-mkconfig-dont-overwrite-BLS-cmdline-if-BLSCFG.patch
Patch0328: 0328-grub2-mkconfig-Pass-all-boot-params-when-used-by-ana.patch
Patch0329: 0329-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch
Patch0330: 0330-normal-Remove-grub_env_set-prefix-in-grub_try_normal.patch
Patch0331: 0331-search-command-add-flag-to-only-search-root-dev.patch
Patch0332: 0332-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch
Patch0333: 0333-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch
Patch0334: 0334-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch
Patch0335: 0335-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch0336: 0336-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch0337: 0337-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch0338: 0338-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch0339: 0339-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch0340: 0340-fs-ntfs-Make-code-more-readable.patch
Patch0341: 0341-grub_dl_set_mem_attrs-fix-format-string.patch
Patch0342: 0342-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
Patch0343: 0343-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
Patch0344: 0344-grub-install-on-EFI-if-forced.patch
Patch0345: 0345-cmd-search-Rework-of-CVE-2023-4001-fix.patch
Patch0323: 0323-hostdisk-work-around-proc-not-reporting-size.patch
Patch0324: 0324-blscfg-check-for-mounted-boot-in-emu.patch
Patch0325: 0325-emu-linux-work-around-systemctl-kexec-returning.patch
Patch0326: 0326-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
Patch0327: 0327-kern-ieee1275-init-Extended-support-in-Vec5.patch
Patch0328: 0328-tpm-Disable-the-tpm-verifier-if-the-TPM-device-is-no.patch
Patch0329: 0329-grub_dl_set_mem_attrs-fix-format-string.patch
Patch0330: 0330-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
Patch0331: 0331-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
Patch0332: 0332-emu-Add-switch-root-to-grub-emu.patch
Patch0333: 0333-util-Enable-default-kernel-for-updates.patch
Patch0334: 0334-efi-http-change-uint32_t-to-uintn_t.patch
Patch0335: 0335-Add-Install-section-to-aux-systemd-units.patch
Patch0336: 0336-arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch0337: 0337-Fix-missing-include-in-ofdisk.c.patch
Patch0338: 0338-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch
Patch0339: 0339-grub-install-on-EFI-if-forced.patch
Patch0340: 0340-Remove-Install-section-from-aux-systemd-units.patch
Patch0341: 0341-fs-Remove-trailing-whitespaces.patch
Patch0342: 0342-fs-xfs-Fix-memory-leaks-in-XFS-module.patch
Patch0343: 0343-fs-xfs-Fix-issues-found-while-fuzzing-the-XFS-filesy.patch
Patch0344: 0344-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
Patch0345: 0345-fs-xfs-Add-large-extent-counters-incompat-feature-su.patch
Patch0346: 0346-chainloader-remove-device-path-debug-message.patch
Patch0347: 0347-normal-Remove-grub_env_set-prefix-in-grub_try_normal.patch
Patch0348: 0348-add-flag-to-only-search-root-dev.patch
Patch0349: 0349-Ignore-warnings-for-incompatible-types.patch
Patch0350: 0350-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Patch0351: 0351-grub2-mkconfig-Ensure-grub-cfg-stub-is-not-overwritt.patch
Patch0352: 0352-grub2-mkconfig-Simplify-os_name-detection.patch
Patch0353: 0353-grub-mkconfig-Remove-check-for-mount-point-for-grub-.patch
Patch0354: 0354-grub-mkconfig-dont-overwrite-BLS-cmdline-if-BLSCFG.patch
Patch0355: 0355-grub2-mkconfig-Pass-all-boot-params-when-used-by-ana.patch
Patch0356: 0356-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch
Patch0357: 0357-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch
Patch0358: 0358-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch
Patch0359: 0359-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
Patch0360: 0360-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
Patch0361: 0361-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
Patch0362: 0362-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch0363: 0363-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch0364: 0364-fs-ntfs-Make-code-more-readable.patch
Patch0365: 0365-cmd-search-Rework-of-CVE-2023-4001-fix.patch
Patch0366: 0366-grub-mkconfig.in-turn-off-executable-owner-bit.patch

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save