Accepting request 1138057 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1138057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=312
This commit is contained in:
Ana Guerrero 2024-01-11 20:04:46 +00:00 committed by Git OBS Bridge
commit acc5d24282
31 changed files with 150 additions and 1406 deletions

View File

@ -88,7 +88,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
switch (platform) switch (platform)
{ {
case GRUB_INSTALL_PLATFORM_I386_EFI: case GRUB_INSTALL_PLATFORM_I386_EFI:
@@ -1454,8 +1493,7 @@ @@ -1478,8 +1517,7 @@
debug_image); debug_image);
} }
@ -98,7 +98,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
{ {
if (!load_cfg_f) if (!load_cfg_f)
load_cfg_f = grub_util_fopen (load_cfg, "wb"); load_cfg_f = grub_util_fopen (load_cfg, "wb");
@@ -1669,21 +1707,13 @@ @@ -1670,21 +1708,13 @@
#ifdef __linux__ #ifdef __linux__
@ -124,7 +124,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
if (subvol && mount_path) if (subvol && mount_path)
{ {
@@ -1708,11 +1738,6 @@ @@ -1709,11 +1739,6 @@
} }
} }

View File

@ -1,35 +0,0 @@
From 652b221a5eacb1421891c1469608028e2c2f0615 Mon Sep 17 00:00:00 2001
From: Glenn Washburn <development@efficientek.com>
Date: Fri, 18 Aug 2023 12:27:22 -0500
Subject: [PATCH] disk/cryptodisk: Fix missing change when updating to use
grub_uuidcasecmp
This was causing the cryptomount command to return failure even though
the crypto device was successfully added. Of course, this meant that any
script using the return code would behave unexpectedly.
Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner)
Suggested-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/cryptodisk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 802b191b2..c79d4125a 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1323,7 +1323,8 @@ grub_cryptodisk_scan_device (const char *name,
dev = grub_cryptodisk_scan_device_real (name, source, cargs);
if (dev)
{
- ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0);
+ ret = (cargs->search_uuid != NULL
+ && grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0);
goto cleanup;
}
--
2.41.0

View File

@ -1,33 +0,0 @@
From f903b9a9adb64e733e581771d2a24efae7fbe529 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Thu, 5 Oct 2023 11:02:25 +0200
Subject: [PATCH] fs/btrfs: Zero file data not backed by extents
Implicit holes in file data need to be zeroed explicitly, instead of
just leaving the data in the buffer uninitialized.
This led to kernels randomly failing to boot in "fun" ways when loaded
from btrfs with the no_holes feature enabled, because large blocks of
zeros in the kernel file contained random data instead.
Signed-off-by: Fabian Vogt <fvogt@suse.de>
---
grub-core/fs/btrfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 19bff4610..ba0c58352 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1603,6 +1603,8 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
csize = grub_le_to_cpu64 (key_out.offset) - pos;
if (csize > len)
csize = len;
+
+ grub_memset (buf, 0, csize);
buf += csize;
pos += csize;
len -= csize;
--
2.42.0

View File

@ -1,93 +0,0 @@
From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:31:57 +0300
Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the
$ATTRIBUTE_LIST attribute for the $MFT file
When parsing an extremely fragmented $MFT file, i.e., the file described
using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
containing bytes read from the underlying drive to store sector numbers,
which are consumed later to read data from these sectors into another buffer.
These sectors numbers, two 32-bit integers, are always stored at predefined
offsets, 0x10 and 0x14, relative to first byte of the selected entry within
the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
However, when parsing a specially-crafted file system image, this may cause
the NTFS code to write these integers beyond the buffer boundary, likely
causing the GRUB memory allocator to misbehave or fail. These integers contain
values which are controlled by on-disk structures of the NTFS file system.
Such modification and resulting misbehavior may touch a memory range not
assigned to the GRUB and owned by firmware or another EFI application/driver.
This fix introduces checks to ensure that these sector numbers are never
written beyond the boundary.
Fixes: CVE-2023-4692
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bbdbe24ad..c3c4db117 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
if (at->attr_end)
{
- grub_uint8_t *pa;
+ grub_uint8_t *pa, *pa_end;
at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
if (at->emft_buf == NULL)
@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
at->attr_nxt = at->edat_buf;
at->attr_end = at->edat_buf + u32at (pa, 0x30);
+ pa_end = at->edat_buf + n;
}
else
{
at->attr_nxt = at->attr_end + u16at (pa, 0x14);
at->attr_end = at->attr_end + u32at (pa, 4);
+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
}
at->flags |= GRUB_NTFS_AF_ALST;
while (at->attr_nxt < at->attr_end)
@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
at->flags |= GRUB_NTFS_AF_GPOS;
at->attr_cur = at->attr_nxt;
pa = at->attr_cur;
+
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
+ return NULL;
+ }
+
grub_set_unaligned32 ((char *) pa + 0x10,
grub_cpu_to_le32 (at->mft->data->mft_start));
grub_set_unaligned32 ((char *) pa + 0x14,
@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
{
if (*pa != attr)
break;
+
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
+ return NULL;
+ }
+
if (read_attr
(at, pa + 0x10,
u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
--
2.42.0

View File

@ -1,51 +0,0 @@
From b541e93b4dab6f652941d086af4fe2da676d0ee3 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Thu, 28 Sep 2023 22:33:44 +0000
Subject: [PATCH 1/3] fs/xfs: Incorrect short form directory data boundary
check
After parsing of the current entry, the entry pointer is advanced
to the next entry at the end of the "for" loop. In case where the
last entry is at the end of the data boundary, the advanced entry
pointer can point off the data boundary. The subsequent boundary
check for the advanced entry pointer can cause a failure.
The fix is to include the boundary check into the "for" loop
condition.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index b91cd32b4..ebf962793 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
if (iterate_dir_call_hook (parent, "..", &ctx))
return 1;
- for (i = 0; i < head->count; i++)
+ for (i = 0; i < head->count &&
+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++)
{
grub_uint64_t ino;
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
de->name[de->len] = c;
de = grub_xfs_inline_next_de(dir->data, head, de);
-
- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
-
}
break;
}
--
2.42.1

View File

@ -1,229 +0,0 @@
From 4bcf6f747c3ab0b998c6f5a361804e38bc9c4334 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Wed, 4 Oct 2023 11:32:35 -0400
Subject: [PATCH] kern/ieee1275/init: Restrict high memory in presence of
fadump on ppc64
When a kernel dump is present then restrict the high memory regions to
avoid allocating memory where the kernel dump resides. Use the
ibm,kernel-dump node under /rtas to determine whether a kernel dump
exists and up to which limit GRUB can use available memory. Set the
upper_mem_limit to the size of the kernel dump section of type
REAL_MODE_REGION and therefore only allow GRUB's memory usage for high
addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can
use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit
and the kernel-dump memory regions above upper_mem_limit remain
untouched. This change has no effect on memory allocations below
linux_rmo_save (typically at 640MB).
Also, fall back to allocating below rmo_linux_save in case the chunk of
memory there would be larger than the chunk of memory above RMO_ADDR_MAX.
This can for example occur if a free memory area is found starting at 300MB
extending up to 1GB but a kernel dump is located at 768MB and therefore
does not allow the allocation of the high memory area but requiring to use
the chunk starting at 300MB to avoid an unnecessary out-of-memory condition.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Hari Bathini <hbathini@linux.ibm.com>
Cc: Pavithra Prakash <pavrampu@in.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Carolyn Scherrer <cpscherr@us.ibm.com>
Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/ieee1275/init.c | 144 ++++++++++++++++++++++++++++++++-
1 file changed, 142 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index bd9a4804b..d6c9c9049 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -17,6 +17,8 @@
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <stddef.h> /* offsetof() */
+
#include <grub/kernel.h>
#include <grub/dl.h>
#include <grub/disk.h>
@@ -196,6 +198,96 @@ grub_claim_heap (void)
#else
/* Helpers for mm on powerpc. */
+/* ibm,kernel-dump data structures */
+struct kd_section
+{
+ grub_uint32_t flags;
+ grub_uint16_t src_datatype;
+#define KD_SRC_DATATYPE_REAL_MODE_REGION 0x0011
+ grub_uint16_t error_flags;
+ grub_uint64_t src_address;
+ grub_uint64_t num_bytes;
+ grub_uint64_t act_bytes;
+ grub_uint64_t dst_address;
+} GRUB_PACKED;
+
+#define MAX_KD_SECTIONS 10
+
+struct kernel_dump
+{
+ grub_uint32_t format;
+ grub_uint16_t num_sections;
+ grub_uint16_t status_flags;
+ grub_uint32_t offset_1st_section;
+ grub_uint32_t num_blocks;
+ grub_uint64_t start_block;
+ grub_uint64_t num_blocks_avail;
+ grub_uint32_t offet_path_string;
+ grub_uint32_t max_time_allowed;
+ struct kd_section kds[MAX_KD_SECTIONS]; /* offset_1st_section should point to kds[0] */
+} GRUB_PACKED;
+
+/*
+ * Determine if a kernel dump exists and if it does, then determine the highest
+ * address that grub can use for memory allocations.
+ * The caller must have initialized *highest to rmo_top. *highest will not
+ * be modified if no kernel dump is found.
+ */
+static void
+check_kernel_dump (grub_uint64_t *highest)
+{
+ struct kernel_dump kernel_dump;
+ grub_ssize_t kernel_dump_size;
+ grub_ieee1275_phandle_t rtas;
+ struct kd_section *kds;
+ grub_size_t i;
+
+ /* If there's a kernel-dump it must have at least one section */
+ if (grub_ieee1275_finddevice ("/rtas", &rtas) ||
+ grub_ieee1275_get_property (rtas, "ibm,kernel-dump", &kernel_dump,
+ sizeof (kernel_dump), &kernel_dump_size) ||
+ kernel_dump_size <= (grub_ssize_t) offsetof (struct kernel_dump, kds[1]))
+ return;
+
+ kernel_dump_size = grub_min (kernel_dump_size, (grub_ssize_t) sizeof (kernel_dump));
+
+ if (grub_be_to_cpu32 (kernel_dump.format) != 1)
+ {
+ grub_printf (_("Error: ibm,kernel-dump has an unexpected format version '%u'\n"),
+ grub_be_to_cpu32 (kernel_dump.format));
+ return;
+ }
+
+ if (grub_be_to_cpu16 (kernel_dump.num_sections) > MAX_KD_SECTIONS)
+ {
+ grub_printf (_("Error: Too many kernel dump sections: %d\n"),
+ grub_be_to_cpu32 (kernel_dump.num_sections));
+ return;
+ }
+
+ for (i = 0; i < grub_be_to_cpu16 (kernel_dump.num_sections); i++)
+ {
+ kds = (struct kd_section *) ((grub_addr_t) &kernel_dump +
+ grub_be_to_cpu32 (kernel_dump.offset_1st_section) +
+ i * sizeof (struct kd_section));
+ /* sanity check the address is within the 'kernel_dump' struct */
+ if ((grub_addr_t) kds > (grub_addr_t) &kernel_dump + kernel_dump_size + sizeof (*kds))
+ {
+ grub_printf (_("Error: 'kds' address beyond last available section\n"));
+ return;
+ }
+
+ if ((grub_be_to_cpu16 (kds->src_datatype) == KD_SRC_DATATYPE_REAL_MODE_REGION) &&
+ (grub_be_to_cpu64 (kds->src_address) == 0))
+ {
+ *highest = grub_min (*highest, grub_be_to_cpu64 (kds->num_bytes));
+ break;
+ }
+ }
+
+ return;
+}
+
/*
* How much memory does OF believe exists in total?
*
@@ -275,10 +367,31 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
*
* Finally, we also want to make sure that when grub loads the kernel,
* it isn't going to use up all the memory we're trying to reserve! So
- * enforce our entire RUNTIME_MIN_SPACE here:
+ * enforce our entire RUNTIME_MIN_SPACE here (no fadump):
+ *
+ * | Top of memory == upper_mem_limit -|
+ * | |
+ * | available |
+ * | |
+ * |---------- 768 MB ----------|
+ * | |
+ * | reserved |
+ * | |
+ * |--- 768 MB - runtime min space ---|
+ * | |
+ * | available |
+ * | |
+ * |---------- 0 MB ----------|
+ *
+ * In case fadump is used, we allow the following:
*
* |---------- Top of memory ----------|
* | |
+ * | unavailable |
+ * | (kernel dump area) |
+ * | |
+ * |--------- upper_mem_limit ---------|
+ * | |
* | available |
* | |
* |---------- 768 MB ----------|
@@ -333,17 +446,44 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
}
else
{
+ grub_uint64_t upper_mem_limit = rmo_top;
+ grub_uint64_t orig_addr = addr;
+
+ check_kernel_dump (&upper_mem_limit);
+
/*
* we order these cases to prefer higher addresses and avoid some
* splitting issues
+ * The following shows the order of variables:
+ * no kernel dump: linux_rmo_save < RMO_ADDR_MAX <= upper_mem_limit == rmo_top
+ * with kernel dump: liuxx_rmo_save < RMO_ADDR_MAX <= upper_mem_limit <= rmo_top
*/
- if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX)
+ if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX && upper_mem_limit >= RMO_ADDR_MAX)
{
grub_dprintf ("ieee1275",
"adjusting region for RUNTIME_MIN_SPACE: (%llx -> %llx) -> (%llx -> %llx)\n",
addr, addr + len, RMO_ADDR_MAX, addr + len);
len = (addr + len) - RMO_ADDR_MAX;
addr = RMO_ADDR_MAX;
+
+ /* We must not exceed the upper_mem_limit (assuming it's >= RMO_ADDR_MAX) */
+ if (addr + len > upper_mem_limit)
+ {
+ /* take the bigger chunk from either below linux_rmo_save or above upper_mem_limit */
+ len = upper_mem_limit - addr;
+ if (orig_addr < linux_rmo_save && linux_rmo_save - orig_addr > len)
+ {
+ /* lower part is bigger */
+ addr = orig_addr;
+ len = linux_rmo_save - addr;
+ }
+
+ grub_dprintf ("ieee1275", "re-adjusted region to: (%llx -> %llx)\n",
+ addr, addr + len);
+
+ if (len == 0)
+ return 0;
+ }
}
else if ((addr < linux_rmo_save) && ((addr + len) > linux_rmo_save))
{
--
2.42.0

View File

@ -1,76 +0,0 @@
From 1fdc9daf97a1518960e5603dd43a5f353cb3ca89 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 30 Nov 2023 13:45:13 +0800
Subject: [PATCH 1/2] mkstandalone: ensure stable timestamps for generated
images
This change mirrors a previous fix [1] but is specific to images
generated by grub-mkstandalone.
The former fix (85a7be241) focused on utilizing a stable timestamp
during binary generation in the util/mkimage context. This commit
extends that approach to the images produced by grub-mkstandalone,
ensuring consistency and stability in timestamps across all generated
binaries.
[1] 85a7be241 util/mkimage: Use stable timestamp when generating
binaries.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
---
util/grub-mkstandalone.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
index bdbeea6a6..8e1229925 100644
--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
@@ -30,6 +30,9 @@
#pragma GCC diagnostic error "-Wmissing-prototypes"
#pragma GCC diagnostic error "-Wmissing-declarations"
+/* use 2015-01-01T00:00:00+0000 as a stock timestamp */
+#define STABLE_EMBEDDING_TIMESTAMP 1420070400
+
static char *output_image;
static char **files;
static int nfiles;
@@ -184,7 +187,6 @@ add_tar_file (const char *from,
struct head hd;
grub_util_fd_t in;
ssize_t r;
- grub_uint32_t mtime = 0;
grub_uint32_t size;
COMPILE_TIME_ASSERT (sizeof (hd) == 512);
@@ -192,8 +194,6 @@ add_tar_file (const char *from,
if (grub_util_is_special_file (from))
return;
- mtime = grub_util_get_mtime (from);
-
optr = tcn = xmalloc (strlen (to) + 1);
for (iptr = to; *iptr == '/'; iptr++);
for (; *iptr; iptr++)
@@ -234,7 +234,7 @@ add_tar_file (const char *from,
memcpy (hd.gid, "0001750", 7);
set_tar_value (hd.size, optr - tcn, 12);
- set_tar_value (hd.mtime, mtime, 12);
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
hd.typeflag = 'L';
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4);
@@ -264,7 +264,7 @@ add_tar_file (const char *from,
memcpy (hd.gid, "0001750", 7);
set_tar_value (hd.size, size, 12);
- set_tar_value (hd.mtime, mtime, 12);
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
hd.typeflag = '0';
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4);
--
2.43.0

View File

@ -39,17 +39,15 @@ Signed-off-by: Michael Chang <mchang@suse.com>
{ {
--- a/grub-core/net/http.c --- a/grub-core/net/http.c
+++ b/grub-core/net/http.c +++ b/grub-core/net/http.c
@@ -31,7 +31,8 @@ @@ -30,6 +30,7 @@
GRUB_MOD_LICENSE ("GPLv3+");
enum #define HTTP_PORT ((grub_uint16_t) 80)
+#define HTTP_MAX_CHUNK_SIZE GRUB_INT_MAX
typedef struct http_data
{ {
- HTTP_PORT = 80 @@ -82,6 +83,8 @@
+ HTTP_PORT = 80,
+ HTTP_MAX_CHUNK_SIZE = GRUB_INT_MAX
};
@@ -86,6 +87,8 @@
if (data->in_chunk_len == 2) if (data->in_chunk_len == 2)
{ {
data->chunk_rem = grub_strtoul (ptr, 0, 16); data->chunk_rem = grub_strtoul (ptr, 0, 16);

View File

@ -1,58 +0,0 @@
From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:32:33 +0300
Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the
resident $DATA attribute
When reading a file containing resident data, i.e., the file data is stored in
the $DATA attribute within the NTFS file record, not in external clusters,
there are no checks that this resident data actually fits the corresponding
file record segment.
When parsing a specially-crafted file system image, the current NTFS code will
read the file data from an arbitrary, attacker-chosen memory offset and of
arbitrary, attacker-chosen length.
This allows an attacker to display arbitrary chunks of memory, which could
contain sensitive information like password hashes or even plain-text,
obfuscated passwords from BS EFI variables.
This fix implements a check to ensure that resident data is read from the
corresponding file record segment only.
Fixes: CVE-2023-4693
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index c3c4db117..a68e173d8 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
{
if (ofs + len > u32at (pa, 0x10))
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
+
+ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
+
+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
+
+ if (u16at (pa, 0x14) + u32at (pa, 0x10) >
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
+
+ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
return 0;
}
--
2.42.0

View File

@ -1,171 +0,0 @@
From 4a6a5c4a6bb2426235364be9f3698763ddcf4775 Mon Sep 17 00:00:00 2001
From: Jon DeVree <nuxi@vault24.org>
Date: Tue, 17 Oct 2023 23:03:47 -0400
Subject: [PATCH 2/3] fs/xfs: Fix XFS directory extent parsing
The XFS directory entry parsing code has never been completely correct
for extent based directories. The parser correctly handles the case
where the directory is contained in a single extent, but then mistakenly
assumes the data blocks for the multiple extent case are each identical
to the single extent case. The difference in the format of the data
blocks between the two cases is tiny enough that its gone unnoticed for
a very long time.
A recent change introduced some additional bounds checking into the XFS
parser. Like GRUB's existing parser, it is correct for the single extent
case but incorrect for the multiple extent case. When parsing a directory
with multiple extents, this new bounds checking is sometimes (but not
always) tripped and triggers an "invalid XFS directory entry" error. This
probably would have continued to go unnoticed but the /boot/grub/<arch>
directory is large enough that it often has multiple extents.
The difference between the two cases is that when there are multiple
extents, the data blocks do not contain a trailer nor do they contain
any leaf information. That information is stored in a separate set of
extents dedicated to just the leaf information. These extents come after
the directory entry extents and are not included in the inode size. So
the existing parser already ignores the leaf extents.
The only reason to read the trailer/leaf information at all is so that
the parser can avoid misinterpreting that data as directory entries. So
this updates the parser as follows:
For the single extent case the parser doesn't change much:
1. Read the size of the leaf information from the trailer
2. Set the end pointer for the parser to the start of the leaf
information. (The previous bounds checking set the end pointer to the
start of the trailer, so this is actually a small improvement.)
3. Set the entries variable to the expected number of directory entries.
For the multiple extent case:
1. Set the end pointer to the end of the block.
2. Do not set up the entries variable. Figuring out how many entries are
in each individual block is complex and does not seem worth it when
it appears to be safe to just iterate over the entire block.
The bounds check itself was also dependent upon the faulty XFS parser
because it accidentally used "filename + length - 1". Presumably this
was able to pass the fuzzer because in the old parser there was always
8 bytes of slack space between the tail pointer and the actual end of
the block. Since this is no longer the case the bounds check needs to be
updated to "filename + length + 1" in order to prevent a regression in
the handling of corrupt fliesystems.
Notes:
* When there is only one extent there will only ever be one block. If
more than one block is required then XFS will always switch to holding
leaf information in a separate extent.
* B-tree based directories seems to be parsed properly by the same code
that handles multiple extents. This is unlikely to ever occur within
/boot though because its only used when there are an extremely large
number of directory entries.
Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem)
Fixes: b2499b29c (Adds support for the XFS filesystem.)
Fixes: https://savannah.gnu.org/bugs/?64376
Signed-off-by: Jon DeVree <nuxi@vault24.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Tested-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/fs/xfs.c | 52 +++++++++++++++++++++++++++++++++-------------
1 file changed, 38 insertions(+), 14 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index ebf962793..18edfcff4 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -223,6 +223,12 @@ struct grub_xfs_inode
/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
+struct grub_xfs_dir_leaf_entry
+{
+ grub_uint32_t hashval;
+ grub_uint32_t address;
+} GRUB_PACKED;
+
struct grub_xfs_dirblock_tail
{
grub_uint32_t leaf_count;
@@ -874,9 +880,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
{
struct grub_xfs_dir2_entry *direntry =
grub_xfs_first_de(dir->data, dirblock);
- int entries;
- struct grub_xfs_dirblock_tail *tail =
- grub_xfs_dir_tail(dir->data, dirblock);
+ int entries = -1;
+ char *end = dirblock + dirblk_size;
numread = grub_xfs_read_file (dir, 0, 0,
blk << dirblk_log2,
@@ -887,14 +892,27 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 0;
}
- entries = (grub_be_to_cpu32 (tail->leaf_count)
- - grub_be_to_cpu32 (tail->leaf_stale));
+ /*
+ * Leaf and tail information are only in the data block if the number
+ * of extents is 1.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
+
+ end = (char *) tail;
+
+ /* Subtract the space used by leaf nodes. */
+ end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry);
- if (!entries)
- continue;
+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
+
+ if (!entries)
+ continue;
+ }
/* Iterate over all entries within this block. */
- while ((char *)direntry < (char *)tail)
+ while ((char *) direntry < (char *) end)
{
grub_uint8_t *freetag;
char *filename;
@@ -914,7 +932,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
}
filename = (char *)(direntry + 1);
- if (filename + direntry->len - 1 > (char *) tail)
+ if (filename + direntry->len + 1 > (char *) end)
return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
/* The byte after the filename is for the filetype, padding, or
@@ -928,11 +946,17 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 1;
}
- /* Check if last direntry in this block is
- reached. */
- entries--;
- if (!entries)
- break;
+ /*
+ * The expected number of directory entries is only tracked for the
+ * single extent case.
+ */
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
+ {
+ /* Check if last direntry in this block is reached. */
+ entries--;
+ if (!entries)
+ break;
+ }
/* Select the next directory entry. */
direntry = grub_xfs_next_de(dir->data, direntry);
--
2.42.1

View File

@ -1,75 +0,0 @@
From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 30 Nov 2023 16:30:45 +0800
Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by
sorting contents
The add_tar_files() function currently iterates through a directory's
content using readdir(), which doesn't guarantee a specific order. This
lack of deterministic behavior impacts reproducibility in the build
process.
This commit resolves the issue by introducing sorting functionality. The
list retrieved by readdir() is now sorted alphabetically before
incorporation into the tar archive, ensuring consistent and predictable
file ordering within the archive.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
---
util/grub-mkstandalone.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
index 8e1229925..e4b5bcab4 100644
--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
@@ -205,22 +205,42 @@ add_tar_file (const char *from,
{
grub_util_fd_dir_t d;
grub_util_fd_dirent_t de;
+ char **from_files;
+ grub_size_t alloc = 8, used = 0;
+ grub_size_t i;
d = grub_util_fd_opendir (from);
+ from_files = xmalloc (alloc * sizeof (*from_files));
while ((de = grub_util_fd_readdir (d)))
{
- char *fp, *tfp;
if (strcmp (de->d_name, ".") == 0)
continue;
if (strcmp (de->d_name, "..") == 0)
continue;
- fp = grub_util_path_concat (2, from, de->d_name);
- tfp = xasprintf ("%s/%s", to, de->d_name);
+ if (alloc <= used)
+ {
+ alloc <<= 1;
+ from_files = xrealloc (from_files, alloc * sizeof (*from_files));
+ }
+ from_files[used++] = xstrdup(de->d_name);
+ }
+ qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp);
+
+ for (i = 0; i < used; i++)
+ {
+ char *fp, *tfp;
+
+ fp = grub_util_path_concat (2, from, from_files[i]);
+ tfp = xasprintf ("%s/%s", to, from_files[i]);
add_tar_file (fp, tfp);
+ free (tfp);
free (fp);
+ free (from_files[i]);
}
+
grub_util_fd_closedir (d);
+ free (from_files);
free (tcn);
return;
}
--
2.43.0

View File

@ -232,20 +232,18 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
--- a/include/grub/i386/linux.h --- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h
@@ -138,7 +138,12 @@ @@ -148,6 +148,11 @@
grub_uint32_t kernel_alignment; grub_uint32_t kernel_alignment;
grub_uint8_t relocatable; grub_uint8_t relocatable;
grub_uint8_t min_alignment; grub_uint8_t min_alignment;
- grub_uint8_t pad[2];
+#define LINUX_XLF_KERNEL_64 (1<<0) +#define LINUX_XLF_KERNEL_64 (1<<0)
+#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) +#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1)
+#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) +#define LINUX_XLF_EFI_HANDOVER_32 (1<<2)
+#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) +#define LINUX_XLF_EFI_HANDOVER_64 (1<<3)
+#define LINUX_XLF_EFI_KEXEC (1<<4) +#define LINUX_XLF_EFI_KEXEC (1<<4)
+ grub_uint16_t xloadflags; grub_uint16_t xloadflags;
grub_uint32_t cmdline_size; grub_uint32_t cmdline_size;
grub_uint32_t hardware_subarch; grub_uint32_t hardware_subarch;
grub_uint64_t hardware_subarch_data;
--- a/grub-core/loader/efi/linux_boot.c --- a/grub-core/loader/efi/linux_boot.c
+++ b/grub-core/loader/efi/linux_boot.c +++ b/grub-core/loader/efi/linux_boot.c
@@ -30,11 +30,16 @@ @@ -30,11 +30,16 @@

View File

@ -1,73 +0,0 @@
From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:17 +0300
Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries
from resident and non-resident index attributes
This fix introduces checks to ensure that index entries are never read
beyond the corresponding directory index.
The lack of this check is a minor issue, likely not exploitable in any way.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index a68e173d8..2d78b96e1 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
}
static int
-list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
+list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, grub_uint8_t *end_pos,
grub_fshelp_iterate_dir_hook_t hook, void *hook_data)
{
grub_uint8_t *np;
@@ -610,6 +610,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
grub_uint8_t namespace;
char *ustr;
+ if ((pos >= end_pos) || (end_pos - pos < 0x52))
+ break;
+
if (pos[0xC] & 2) /* end signature */
break;
@@ -617,6 +620,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
ns = *(np++);
namespace = *(np++);
+ if (2 * ns > end_pos - pos - 0x52)
+ break;
+
/*
* Ignore files in DOS namespace, as they will reappear as Win32
* names.
@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
}
cur_pos += 0x10; /* Skip index root */
- ret = list_file (mft, cur_pos + u16at (cur_pos, 0), hook, hook_data);
+ ret = list_file (mft, cur_pos + u16at (cur_pos, 0),
+ at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
+ hook, hook_data);
if (ret)
goto done;
@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(const grub_uint8_t *) "INDX")))
goto done;
ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)],
+ indx + (mft->data->idx_size << GRUB_NTFS_BLK_SHR),
hook, hook_data);
if (ret)
goto done;
--
2.42.0

View File

@ -1,115 +0,0 @@
From e7b1a524d5f86dcfddfbb069577e3b148dbb19cd Mon Sep 17 00:00:00 2001
From: Anthony Iliopoulos via Grub-devel <grub-devel@gnu.org>
Date: Thu, 26 Oct 2023 11:53:39 +0200
Subject: [PATCH 3/3] fs/xfs: add large extent counters incompat feature
support
XFS introduced 64-bit extent counters for inodes via a series of
upstream commits, and the feature was marked as stable in v6.5 via
commit 61d7e8274cd8 ("xfs: drop EXPERIMENTAL tag for large extent
counts").
Further, xfsprogs release v6.5.0 switched this feature on by default in
mkfs.xfs via commit e5b18d7d1d96 ("mkfs: enable large extent counts by
default").
Filesystems formatted with large extent count support (nrext64=1) are
thus currently not recognizable by grub, since this is an incompat
feature. Add the required support so that those filesystems and inodes
with large extent counters can be read by grub.
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
---
grub-core/fs/xfs.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 18edfcff4..bc2224dbb 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -79,6 +79,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
/* Inode flags2 flags */
#define XFS_DIFLAG2_BIGTIME_BIT 3
#define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT)
+#define XFS_DIFLAG2_NREXT64_BIT 4
+#define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT)
/* incompat feature flags */
#define XFS_SB_FEAT_INCOMPAT_FTYPE (1 << 0) /* filetype in dirent */
@@ -86,6 +88,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */
#define XFS_SB_FEAT_INCOMPAT_BIGTIME (1 << 3) /* large timestamps */
#define XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR (1 << 4) /* needs xfs_repair */
+#define XFS_SB_FEAT_INCOMPAT_NREXT64 (1 << 5) /* large extent counters */
/*
* Directory entries with ftype are explicitly handled by GRUB code.
@@ -101,7 +104,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
XFS_SB_FEAT_INCOMPAT_SPINODES | \
XFS_SB_FEAT_INCOMPAT_META_UUID | \
XFS_SB_FEAT_INCOMPAT_BIGTIME | \
- XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
+ XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR | \
+ XFS_SB_FEAT_INCOMPAT_NREXT64)
struct grub_xfs_sblock
{
@@ -203,7 +207,8 @@ struct grub_xfs_inode
grub_uint16_t mode;
grub_uint8_t version;
grub_uint8_t format;
- grub_uint8_t unused2[26];
+ grub_uint8_t unused2[18];
+ grub_uint64_t nextents_big;
grub_uint64_t atime;
grub_uint64_t mtime;
grub_uint64_t ctime;
@@ -545,11 +550,26 @@ get_fsb (const void *keys, int idx)
return grub_be_to_cpu64 (grub_get_unaligned64 (p));
}
+static int
+grub_xfs_inode_has_large_extent_counts (const struct grub_xfs_inode *inode)
+{
+ return inode->version >= 3 &&
+ (inode->flags2 & grub_cpu_to_be64_compile_time (XFS_DIFLAG2_NREXT64));
+}
+
+static grub_uint64_t
+grub_xfs_get_inode_nextents (struct grub_xfs_inode *inode)
+{
+ return (grub_xfs_inode_has_large_extent_counts (inode)) ?
+ grub_be_to_cpu64 (inode->nextents_big) :
+ grub_be_to_cpu32 (inode->nextents);
+}
+
static grub_disk_addr_t
grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
{
struct grub_xfs_btree_node *leaf = 0;
- int ex, nrec;
+ grub_uint64_t ex, nrec;
struct grub_xfs_extent *exts;
grub_uint64_t ret = 0;
@@ -574,7 +594,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
/ (2 * sizeof (grub_uint64_t));
do
{
- int i;
+ grub_uint64_t i;
for (i = 0; i < nrec; i++)
{
@@ -621,7 +641,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
grub_addr_t exts_end = 0;
grub_addr_t data_end = 0;
- nrec = grub_be_to_cpu32 (node->inode.nextents);
+ nrec = grub_xfs_get_inode_nextents (&node->inode);
exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode);
if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) ||
--
2.42.1

View File

@ -127,21 +127,20 @@ Platform Reference (PAPR).
default: default:
return 0; return 0;
} }
@@ -666,10 +674,11 @@ @@ -679,9 +687,11 @@
" --output '%s' " *p = '\0';
" --dtb '%s' "
"--sbat '%s' " grub_util_info ("grub-mkimage --directory '%s' --prefix '%s' --output '%s'"
- " --format '%s' --compression '%s'%s%s%s\n", - " --format '%s' --compression '%s'%s%s%s\n",
+ " --format '%s' --compression '%s'" + " --format '%s' --compression '%s'"
+ " --appended-signature-size %zu%s%s%s\n", + " --appended-signature-size %zu%s%s%s\n",
dir, prefix, dir, prefix, outname,
outname, dtb ? : "", sbat ? : "", mkimage_target, mkimage_target, compnames[compression],
- compnames[compression], note ? "--note" : "", + appsig_size,
+ compnames[compression], appsig_size, note ? "--note" : "", note ? " --note" : "",
disable_shim_lock ? " --disable-shim-lock" : "", s); disable_shim_lock ? " --disable-shim-lock" : "", s);
free (s); free (s);
@@ -693,7 +703,7 @@
@@ -680,7 +689,7 @@
grub_install_generate_image (dir, prefix, fp, outname, grub_install_generate_image (dir, prefix, fp, outname,
modules.entries, memdisk_path, modules.entries, memdisk_path,
pubkeys, npubkeys, config_path, tgt, pubkeys, npubkeys, config_path, tgt,

View File

@ -1,51 +0,0 @@
From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:33:44 +0300
Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index
attributes
This fix introduces checks to ensure that bitmaps for directory indices
are never read beyond their actual sizes.
The lack of this check is a minor issue, likely not exploitable in any way.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 2d78b96e1..bb70c89fb 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
if (is_resident)
{
+ if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large");
+ goto done;
+ }
+
+ if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
+ goto done;
+ }
+
+ if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
+ goto done;
+ }
+
grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
bitmap_len);
}
--
2.42.0

View File

@ -1,61 +0,0 @@
From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:38:19 +0300
Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label
This fix introduces checks to ensure that an NTFS volume label is always
read from the corresponding file record segment.
The current NTFS code allows the volume label string to be read from an
arbitrary, attacker-chosen memory location. However, the bytes read are
always treated as UTF-16LE. So, the final string displayed is mostly
unreadable and it can't be easily converted back to raw bytes.
The lack of this check is a minor issue, likely not causing a significant
data leak.
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bb70c89fb..ff5e3740f 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label)
init_attr (&mft->attr, mft);
pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME);
+
+ if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
+ goto fail;
+ }
+
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa < 0x16)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
+ goto fail;
+ }
+
if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
{
int len;
len = u32at (pa, 0x10) / 2;
pa += u16at (pa, 0x14);
- *label = get_utf8 (pa, len);
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
+ *label = get_utf8 (pa, len);
+ else
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
}
fail:
--
2.42.0

View File

@ -1,159 +0,0 @@
From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Mon, 28 Aug 2023 16:40:07 +0300
Subject: [PATCH 6/6] fs/ntfs: Make code more readable
Move some calls used to access NTFS attribute header fields into
functions with human-readable names.
Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++--------------
1 file changed, 33 insertions(+), 15 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index ff5e3740f..de435aa14 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs)
return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs));
}
+static grub_uint16_t
+first_attr_off (void *mft_buf_ptr)
+{
+ return u16at (mft_buf_ptr, 0x14);
+}
+
+static grub_uint16_t
+res_attr_data_off (void *res_attr_ptr)
+{
+ return u16at (res_attr_ptr, 0x14);
+}
+
+static grub_uint32_t
+res_attr_data_len (void *res_attr_ptr)
+{
+ return u32at (res_attr_ptr, 0x10);
+}
+
grub_ntfscomp_func_t grub_ntfscomp_func;
static grub_err_t
@@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft)
{
at->mft = mft;
at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0;
- at->attr_nxt = mft->buf + u16at (mft->buf, 0x14);
+ at->attr_nxt = mft->buf + first_attr_off (mft->buf);
at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL;
}
@@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
return NULL;
}
- new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)];
+ new_pos = &at->emft_buf[first_attr_off (at->emft_buf)];
while (*new_pos != 0xFF)
{
if ((*new_pos == *at->attr_cur)
@@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
else
{
- at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ at->attr_nxt = at->attr_end + res_attr_data_off (pa);
at->attr_end = at->attr_end + u32at (pa, 4);
pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
}
@@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
if (pa[8] == 0)
{
- if (ofs + len > u32at (pa, 0x10))
+ if (ofs + len > res_attr_data_len (pa))
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
- if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
+ if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
- if (u16at (pa, 0x14) + u32at (pa, 0x10) >
+ if (res_attr_data_off (pa) + res_attr_data_len (pa) >
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
- grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
+ grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len);
return 0;
}
@@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno)
(unsigned long long) mftno);
if (!pa[8])
- mft->size = u32at (pa, 0x10);
+ mft->size = res_attr_data_len (pa);
else
mft->size = u64at (pa, 0x30);
@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
(u32at (cur_pos, 0x18) != 0x490024) ||
(u32at (cur_pos, 0x1C) != 0x300033))
continue;
- cur_pos += u16at (cur_pos, 0x14);
+ cur_pos += res_attr_data_off (cur_pos);
if (*cur_pos != 0x30) /* Not filename index */
continue;
break;
@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
{
int is_resident = (cur_pos[8] == 0);
- bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) :
+ bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) :
u32at (cur_pos, 0x28));
bmp = grub_malloc (bitmap_len);
@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
goto done;
}
- if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
+ if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) >
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
{
grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
goto done;
}
- grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
+ grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos),
bitmap_len);
}
else
@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label)
goto fail;
}
- if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
+ if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa)))
{
int len;
- len = u32at (pa, 0x10) / 2;
- pa += u16at (pa, 0x14);
+ len = res_attr_data_len (pa) / 2;
+ pa += res_attr_data_off (pa);
if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
*label = get_utf8 (pa, len);
else
--
2.42.0

View File

@ -89,18 +89,18 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
case GRUB_INSTALL_OPTIONS_VERBOSITY: case GRUB_INSTALL_OPTIONS_VERBOSITY:
verbosity++; verbosity++;
@@ -632,6 +640,9 @@ @@ -636,6 +644,9 @@
for (pk = pubkeys; pk < pubkeys + npubkeys; pk++) for (pk = pubkeys; pk < pubkeys + npubkeys; pk++)
slen += 20 + grub_strlen (*pk); slen += sizeof (" --pubkey ''") + grub_strlen (*pk);
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++) + for (pk = x509keys; pk < x509keys + nx509keys; pk++)
+ slen += 10 + grub_strlen (*pk); + slen += 10 + grub_strlen (*pk);
+ +
for (md = modules.entries; *md; md++) for (md = modules.entries; *md; md++)
{ slen += sizeof (" ''") + grub_strlen (*md);
slen += 10 + grub_strlen (*md);
@@ -660,6 +671,14 @@ @@ -676,6 +687,14 @@
*p++ = ' '; *p++ = '\'';
} }
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++) + for (pk = x509keys; pk < x509keys + nx509keys; pk++)
@ -113,8 +113,8 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
+ +
for (md = modules.entries; *md; md++) for (md = modules.entries; *md; md++)
{ {
*p++ = '\''; *p++ = ' ';
@@ -688,7 +707,8 @@ @@ -702,7 +721,8 @@
grub_install_generate_image (dir, prefix, fp, outname, grub_install_generate_image (dir, prefix, fp, outname,
modules.entries, memdisk_path, modules.entries, memdisk_path,

View File

@ -18,7 +18,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
--- a/docs/grub.texi --- a/docs/grub.texi
+++ b/docs/grub.texi +++ b/docs/grub.texi
@@ -3278,6 +3278,7 @@ @@ -3270,6 +3270,7 @@
@menu @menu
* biosnum:: * biosnum::
@ -26,7 +26,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
* check_signatures:: * check_signatures::
* chosen:: * chosen::
* cmdpath:: * cmdpath::
@@ -3342,11 +3343,18 @@ @@ -3334,11 +3335,18 @@
chain-loaded system, @pxref{drivemap}. chain-loaded system, @pxref{drivemap}.
@ -47,7 +47,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node chosen @node chosen
@subsection chosen @subsection chosen
@@ -4322,6 +4330,7 @@ @@ -4357,6 +4365,7 @@
* date:: Display or set current date and time * date:: Display or set current date and time
* devicetree:: Load a device tree blob * devicetree:: Load a device tree blob
* distrust:: Remove a pubkey from trusted keys * distrust:: Remove a pubkey from trusted keys
@ -55,15 +55,15 @@ v2: fix a grammar issue, thanks Stefan Berger.
* drivemap:: Map a drive to another * drivemap:: Map a drive to another
* echo:: Display a line of text * echo:: Display a line of text
* efitextmode:: Set/Get text output mode resolution * efitextmode:: Set/Get text output mode resolution
@@ -4337,6 +4346,7 @@ @@ -4373,6 +4382,7 @@
* help:: Show help messages * hexdump:: Show raw contents of a file or memory
* insmod:: Insert a module * insmod:: Insert a module
* keystatus:: Check key modifier status * keystatus:: Check key modifier status
+* list_certificates:: List trusted certificates +* list_certificates:: List trusted certificates
* list_env:: List variables in environment block * list_env:: List variables in environment block
* list_trusted:: List trusted public keys * list_trusted:: List trusted public keys
* load_env:: Load variables from environment block * load_env:: Load variables from environment block
@@ -4375,8 +4385,10 @@ @@ -4411,8 +4421,10 @@
* test:: Check file types and compare values * test:: Check file types and compare values
* true:: Do nothing, successfully * true:: Do nothing, successfully
* trust:: Add public key to list of trusted keys * trust:: Add public key to list of trusted keys
@ -74,7 +74,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
* verify_detached:: Verify detached digital signature * verify_detached:: Verify detached digital signature
* videoinfo:: List available video modes * videoinfo:: List available video modes
* wrmsr:: Write values to model-specific registers * wrmsr:: Write values to model-specific registers
@@ -4710,9 +4722,28 @@ @@ -4752,9 +4764,28 @@
@code{check_signatures} is set to @code{enforce} @code{check_signatures} is set to @code{enforce}
(@pxref{check_signatures}), and by some invocations of (@pxref{check_signatures}), and by some invocations of
@command{verify_detached} (@pxref{verify_detached}). @xref{Using @command{verify_detached} (@pxref{verify_detached}). @xref{Using
@ -104,7 +104,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node drivemap @node drivemap
@subsection drivemap @subsection drivemap
@@ -4975,6 +5006,21 @@ @@ -5031,6 +5062,21 @@
@end deffn @end deffn
@ -126,7 +126,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node list_env @node list_env
@subsection list_env @subsection list_env
@@ -4994,7 +5040,7 @@ @@ -5050,7 +5096,7 @@
@code{gpg --fingerprint}). The least significant four bytes (last @code{gpg --fingerprint}). The least significant four bytes (last
eight hexadecimal digits) can be used as an argument to eight hexadecimal digits) can be used as an argument to
@command{distrust} (@pxref{distrust}). @command{distrust} (@pxref{distrust}).
@ -135,7 +135,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
these keys. these keys.
@end deffn @end deffn
@@ -5029,8 +5075,12 @@ @@ -5085,8 +5131,12 @@
administrator to configure a system to boot only signed administrator to configure a system to boot only signed
configurations, but to allow the user to select from among multiple configurations, but to allow the user to select from among multiple
configurations, and to enable ``one-shot'' boot attempts and configurations, and to enable ``one-shot'' boot attempts and
@ -149,7 +149,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn @end deffn
@@ -5401,7 +5451,7 @@ @@ -5457,7 +5507,7 @@
file from within GRUB using this command, such that its signature will file from within GRUB using this command, such that its signature will
no longer be valid on subsequent boots. Care should be taken in such no longer be valid on subsequent boots. Care should be taken in such
advanced configurations to avoid rendering the system advanced configurations to avoid rendering the system
@ -158,7 +158,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn @end deffn
@@ -5817,11 +5867,31 @@ @@ -5873,11 +5923,31 @@
must itself be properly signed. The @option{--skip-sig} option can be must itself be properly signed. The @option{--skip-sig} option can be
used to disable signature-checking when reading @var{pubkey_file} used to disable signature-checking when reading @var{pubkey_file}
itself. It is expected that @option{--skip-sig} is useful for testing itself. It is expected that @option{--skip-sig} is useful for testing
@ -191,7 +191,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node unset @node unset
@subsection unset @subsection unset
@@ -5840,6 +5910,18 @@ @@ -5896,6 +5966,18 @@
@end deffn @end deffn
@end ignore @end ignore
@ -210,7 +210,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@node verify_detached @node verify_detached
@subsection verify_detached @subsection verify_detached
@@ -5858,7 +5940,7 @@ @@ -5914,7 +5996,7 @@
Exit code @code{$?} is set to 0 if the signature validates Exit code @code{$?} is set to 0 if the signature validates
successfully. If validation fails, it is set to a non-zero value. successfully. If validation fails, it is set to a non-zero value.
@ -219,7 +219,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end deffn @end deffn
@node videoinfo @node videoinfo
@@ -6339,13 +6421,14 @@ @@ -6394,13 +6476,14 @@
@chapter Security @chapter Security
@menu @menu
@ -241,7 +241,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
@end menu @end menu
@node Authentication and authorisation @node Authentication and authorisation
@@ -6419,8 +6502,8 @@ @@ -6474,8 +6557,8 @@
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
commands. commands.
@ -252,7 +252,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
GRUB's @file{core.img} can optionally provide enforcement that all files GRUB's @file{core.img} can optionally provide enforcement that all files
subsequently read from disk are covered by a valid digital signature. subsequently read from disk are covered by a valid digital signature.
@@ -6503,6 +6586,82 @@ @@ -6558,6 +6641,82 @@
(attacker-controlled) device. GRUB is at best only one link in a (attacker-controlled) device. GRUB is at best only one link in a
secure boot chain. secure boot chain.

View File

@ -16,7 +16,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
--- a/docs/grub.texi --- a/docs/grub.texi
+++ b/docs/grub.texi +++ b/docs/grub.texi
@@ -6740,8 +6740,8 @@ @@ -6795,8 +6795,8 @@
@section Lockdown when booting on a secure setup @section Lockdown when booting on a secure setup
The GRUB can be locked down when booted on a secure boot environment, for example The GRUB can be locked down when booted on a secure boot environment, for example
@ -39,15 +39,15 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
sparc64_ieee1275 = kern/sparc64/dl.c; sparc64_ieee1275 = kern/sparc64/dl.c;
--- a/grub-core/kern/ieee1275/init.c --- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c
@@ -44,6 +44,7 @@ @@ -49,6 +49,7 @@
#ifdef __sparc__ #if defined(__powerpc__) || defined(__i386__)
#include <grub/machine/kernel.h> #include <grub/ieee1275/alloc.h>
#endif #endif
+#include <grub/lockdown.h> +#include <grub/lockdown.h>
/* The maximum heap size we're going to claim at boot. Not used by sparc. */ /* The maximum heap size we're going to claim at boot. Not used by sparc. */
#ifdef __i386__ #ifdef __i386__
@@ -708,6 +709,30 @@ @@ -893,6 +894,30 @@
} }
} }
@ -78,7 +78,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
grub_addr_t grub_modbase; grub_addr_t grub_modbase;
void void
@@ -733,6 +758,8 @@ @@ -918,6 +943,8 @@
#else #else
grub_install_get_time_ms (grub_rtc_get_time_ms); grub_install_get_time_ms (grub_rtc_get_time_ms);
#endif #endif

View File

@ -0,0 +1,4 @@
--- /dev/null
+++ b/grub-core/extra_deps.lst
@@ -0,0 +1 @@
+depends bli part_gpt

BIN
grub-2.12.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
grub-2.12~rc1.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -81,11 +81,10 @@
if (!bootloader_id && config.grub_distributor) if (!bootloader_id && config.grub_distributor)
{ {
char *ptr; char *ptr;
@@ -1426,6 +1431,16 @@ @@ -1451,6 +1456,15 @@
fprintf (load_cfg_f, "set debug='%s'\n",
debug_image); debug_image);
} }
+
+ if (config.is_suse_btrfs_snapshot_enabled + if (config.is_suse_btrfs_snapshot_enabled
+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) + && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0)
+ { + {
@ -95,9 +94,9 @@
+ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n"); + fprintf (load_cfg_f, "set btrfs_relative_path='y'\n");
+ } + }
+ +
char *prefix_drive = NULL; if (!have_abstractions)
char *install_drive = NULL; {
if ((disk_module && grub_strcmp (disk_module, "biosdisk") != 0)
--- a/grub-core/osdep/linux/getroot.c --- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c
@@ -373,6 +373,7 @@ @@ -373,6 +373,7 @@

View File

@ -32,10 +32,10 @@
GRUB_MOD_FINI(ieee1275_fb) GRUB_MOD_FINI(ieee1275_fb)
--- a/include/grub/ieee1275/ieee1275.h --- a/include/grub/ieee1275/ieee1275.h
+++ b/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h
@@ -141,6 +141,8 @@ @@ -145,6 +145,8 @@
*/ GRUB_IEEE1275_FLAG_POWER_VM,
GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY,
#endif GRUB_IEEE1275_FLAG_POWER_KVM,
+ +
+ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT + GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT
}; };

View File

@ -163,7 +163,7 @@ V20:
name = grub-mkconfig_lib; name = grub-mkconfig_lib;
common = util/grub-mkconfig_lib.in; common = util/grub-mkconfig_lib.in;
installdir = noinst; installdir = noinst;
@@ -1375,6 +1420,7 @@ @@ -1381,6 +1426,7 @@
ldadd = libgrubkern.a; ldadd = libgrubkern.a;
ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
@ -186,7 +186,7 @@ V20:
case "$target_os" in case "$target_os" in
windows* | mingw32*) target_os=cygwin ;; windows* | mingw32*) target_os=cygwin ;;
@@ -2093,6 +2093,9 @@ @@ -2158,6 +2158,9 @@
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu]) AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi]) AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen]) AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
@ -198,7 +198,7 @@ V20:
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux]) AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
--- a/grub-core/Makefile.core.def --- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def
@@ -1183,6 +1183,7 @@ @@ -1186,6 +1186,7 @@
module = { module = {
name = videotest; name = videotest;
common = commands/videotest.c; common = commands/videotest.c;
@ -206,7 +206,7 @@ V20:
}; };
module = { module = {
@@ -1637,6 +1638,7 @@ @@ -1640,6 +1641,7 @@
common = gfxmenu/gui_progress_bar.c; common = gfxmenu/gui_progress_bar.c;
common = gfxmenu/gui_util.c; common = gfxmenu/gui_util.c;
common = gfxmenu/gui_string_util.c; common = gfxmenu/gui_string_util.c;
@ -214,7 +214,7 @@ V20:
}; };
module = { module = {
@@ -2075,11 +2077,13 @@ @@ -2078,11 +2080,13 @@
name = gfxterm; name = gfxterm;
common = term/gfxterm.c; common = term/gfxterm.c;
enable = videomodules; enable = videomodules;
@ -228,7 +228,7 @@ V20:
}; };
module = { module = {
@@ -2202,6 +2206,7 @@ @@ -2205,6 +2209,7 @@
enable = x86_64_efi; enable = x86_64_efi;
enable = emu; enable = emu;
enable = xen; enable = xen;
@ -236,7 +236,7 @@ V20:
}; };
module = { module = {
@@ -2248,6 +2253,7 @@ @@ -2251,6 +2256,7 @@
module = { module = {
name = gfxterm_menu; name = gfxterm_menu;
common = tests/gfxterm_menu.c; common = tests/gfxterm_menu.c;
@ -244,7 +244,7 @@ V20:
}; };
module = { module = {
@@ -2409,6 +2415,7 @@ @@ -2412,6 +2418,7 @@
enable = x86_64_efi; enable = x86_64_efi;
enable = emu; enable = emu;
enable = xen; enable = xen;
@ -316,7 +316,7 @@ V20:
int int
--- a/util/grub-install-common.c --- a/util/grub-install-common.c
+++ b/util/grub-install-common.c +++ b/util/grub-install-common.c
@@ -911,6 +911,7 @@ @@ -924,6 +924,7 @@
[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" }, [GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" },
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" }, [GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" },
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" }, [GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" },
@ -415,10 +415,10 @@ V20:
+ } + }
+ } + }
+ +
grub_install_copy_files (grub_install_source_directory, size_t ndev = 0;
grubdir, platform);
@@ -1541,6 +1570,7 @@ /* Write device to a variable so we don't have to traverse /dev every time. */
@@ -1543,6 +1572,7 @@
case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN:
case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN:
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
@ -426,7 +426,7 @@ V20:
grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance")); grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance"));
break; break;
/* pacify warning. */ /* pacify warning. */
@@ -1659,6 +1689,10 @@ @@ -1661,6 +1691,10 @@
strcpy (mkimage_target, "sparc64-ieee1275-raw"); strcpy (mkimage_target, "sparc64-ieee1275-raw");
core_name = "core.img"; core_name = "core.img";
break; break;
@ -437,7 +437,7 @@ V20:
/* pacify warning. */ /* pacify warning. */
case GRUB_INSTALL_PLATFORM_MAX: case GRUB_INSTALL_PLATFORM_MAX:
break; break;
@@ -1674,6 +1708,7 @@ @@ -1676,6 +1710,7 @@
core_name); core_name);
char *prefix = xasprintf ("%s%s", prefix_drive ? : "", char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
relative_grubdir); relative_grubdir);
@ -445,7 +445,7 @@ V20:
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory, grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
/*prefix */ prefix, /*prefix */ prefix,
/* output */ imgfile, /* output */ imgfile,
@@ -1712,6 +1747,10 @@ @@ -1714,6 +1749,10 @@
/* image target */ mkimage_target, 0); /* image target */ mkimage_target, 0);
} }
break; break;
@ -456,7 +456,7 @@ V20:
case GRUB_INSTALL_PLATFORM_ARM_EFI: case GRUB_INSTALL_PLATFORM_ARM_EFI:
case GRUB_INSTALL_PLATFORM_ARM64_EFI: case GRUB_INSTALL_PLATFORM_ARM64_EFI:
case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI: case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
@@ -2011,6 +2050,10 @@ @@ -2013,6 +2052,10 @@
} }
break; break;

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Wed Jan 10 08:13:00 UTC 2024 - Michael Chang <mchang@suse.com>
- Version bump to 2.12 (PED-5589)
* Added:
- grub-2.12.tar.xz
- fix_no_extra_deps_in_release_tarball.patch
* Removed:
- grub-2.12~rc1.tar.xz
* Patch dropped as it merged into new version:
- 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
- 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
- 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
- 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
- 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
- 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
- 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
- 0006-fs-ntfs-Make-code-more-readable.patch
- 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
- 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
- 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
- 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
- 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
- 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
* Patch adjusted for the updated base version:
- use-grub2-as-a-package-name.patch
- grub2-s390x-04-grub2-install.patch
- grub2-btrfs-04-grub2-install.patch
- grub2-ppc64le-disable-video.patch
- 0002-AUDIT-0-http-boot-tracker-bug.patch
- 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
- 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
- 0016-grub-install-support-embedding-x509-certificates.patch
- 0021-appended-signatures-documentation.patch
- 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
- safe_tpm_pcr_snapshot.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 3 10:05:50 UTC 2024 - Michael Chang <mchang@suse.com> Wed Jan 3 10:05:50 UTC 2024 - Michael Chang <mchang@suse.com>

View File

@ -166,13 +166,13 @@ BuildRequires: fde-tpm-helper-rpm-macros
%endif %endif
%endif %endif
Version: 2.12~rc1 Version: 2.12
Release: 0 Release: 0
Summary: Bootloader with support for Linux, Multiboot and more Summary: Bootloader with support for Linux, Multiboot and more
License: GPL-3.0-or-later License: GPL-3.0-or-later
Group: System/Boot Group: System/Boot
URL: http://www.gnu.org/software/grub/ URL: http://www.gnu.org/software/grub/
Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz
Source1: 90_persistent Source1: 90_persistent
Source2: grub.default Source2: grub.default
Source4: grub2.rpmlintrc Source4: grub2.rpmlintrc
@ -372,33 +372,21 @@ Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch Patch183: grub2-change-bash-completion-dir.patch
Patch184: grub2-change-bash-completion-dir.patch Patch184: 0001-protectors-Implement-NV-index.patch
Patch185: 0001-protectors-Implement-NV-index.patch Patch185: 0002-cryptodisk-Fallback-to-passphrase.patch
Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch Patch186: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch Patch187: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch Patch188: grub2-mkconfig-riscv64.patch
Patch189: grub2-mkconfig-riscv64.patch Patch189: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch Patch190: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch Patch191: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch Patch192: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch Patch193: 0002-Restrict-file-access-on-cryptodisk-print.patch
Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch Patch194: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch Patch195: 0004-Key-revocation-on-out-of-bound-file-access.patch
Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch # Workaround for 2.12 tarball
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch Patch196: fix_no_extra_deps_in_release_tarball.patch
Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
Patch201: 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
Patch202: 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Patch203: 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
Patch204: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
Patch205: 0002-Restrict-file-access-on-cryptodisk-print.patch
Patch206: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
Patch207: 0004-Key-revocation-on-out-of-bound-file-access.patch
Patch208: 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
Patch209: 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
Requires: gettext-runtime Requires: gettext-runtime
%if 0%{?suse_version} >= 1140 %if 0%{?suse_version} >= 1140

View File

@ -76,7 +76,7 @@
GRUB_MOD_INIT (tpm) GRUB_MOD_INIT (tpm)
--- a/util/grub-install.c --- a/util/grub-install.c
+++ b/util/grub-install.c +++ b/util/grub-install.c
@@ -1501,8 +1501,9 @@ @@ -1560,8 +1560,9 @@
grub_util_unlink (load_cfg); grub_util_unlink (load_cfg);
@ -87,7 +87,7 @@
load_cfg_f = grub_util_fopen (load_cfg, "wb"); load_cfg_f = grub_util_fopen (load_cfg, "wb");
have_load_cfg = 1; have_load_cfg = 1;
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n"); fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
@@ -1510,7 +1511,8 @@ @@ -1569,7 +1570,8 @@
if (debug_image && debug_image[0]) if (debug_image && debug_image[0])
{ {

View File

@ -18,8 +18,8 @@ Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
dnl the target type. See INSTALL for full list of variables and dnl the target type. See INSTALL for full list of variables and
dnl description of the relationships between them. dnl description of the relationships between them.
-AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org]) -AC_INIT([GRUB],[2.12],[bug-grub@gnu.org])
+AC_INIT([GRUB2],[2.12~rc1],[bug-grub@gnu.org]) +AC_INIT([GRUB2],[2.12],[bug-grub@gnu.org])
AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"], AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
[n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no], [n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],