Accepting request 1138057 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1138057 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=312
This commit is contained in:
commit
acc5d24282
@ -88,8 +88,8 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
switch (platform)
|
switch (platform)
|
||||||
{
|
{
|
||||||
case GRUB_INSTALL_PLATFORM_I386_EFI:
|
case GRUB_INSTALL_PLATFORM_I386_EFI:
|
||||||
@@ -1454,8 +1493,7 @@
|
@@ -1478,8 +1517,7 @@
|
||||||
debug_image);
|
debug_image);
|
||||||
}
|
}
|
||||||
|
|
||||||
- if (config.is_suse_btrfs_snapshot_enabled
|
- if (config.is_suse_btrfs_snapshot_enabled
|
||||||
@ -98,7 +98,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
{
|
{
|
||||||
if (!load_cfg_f)
|
if (!load_cfg_f)
|
||||||
load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
||||||
@@ -1669,21 +1707,13 @@
|
@@ -1670,21 +1708,13 @@
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
|
|
||||||
@ -124,7 +124,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
|
|
||||||
if (subvol && mount_path)
|
if (subvol && mount_path)
|
||||||
{
|
{
|
||||||
@@ -1708,11 +1738,6 @@
|
@@ -1709,11 +1739,6 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
From 652b221a5eacb1421891c1469608028e2c2f0615 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Glenn Washburn <development@efficientek.com>
|
|
||||||
Date: Fri, 18 Aug 2023 12:27:22 -0500
|
|
||||||
Subject: [PATCH] disk/cryptodisk: Fix missing change when updating to use
|
|
||||||
grub_uuidcasecmp
|
|
||||||
|
|
||||||
This was causing the cryptomount command to return failure even though
|
|
||||||
the crypto device was successfully added. Of course, this meant that any
|
|
||||||
script using the return code would behave unexpectedly.
|
|
||||||
|
|
||||||
Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner)
|
|
||||||
|
|
||||||
Suggested-by: Olaf Hering <olaf@aepfle.de>
|
|
||||||
Signed-off-by: Glenn Washburn <development@efficientek.com>
|
|
||||||
---
|
|
||||||
grub-core/disk/cryptodisk.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
|
|
||||||
index 802b191b2..c79d4125a 100644
|
|
||||||
--- a/grub-core/disk/cryptodisk.c
|
|
||||||
+++ b/grub-core/disk/cryptodisk.c
|
|
||||||
@@ -1323,7 +1323,8 @@ grub_cryptodisk_scan_device (const char *name,
|
|
||||||
dev = grub_cryptodisk_scan_device_real (name, source, cargs);
|
|
||||||
if (dev)
|
|
||||||
{
|
|
||||||
- ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0);
|
|
||||||
+ ret = (cargs->search_uuid != NULL
|
|
||||||
+ && grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From f903b9a9adb64e733e581771d2a24efae7fbe529 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Fabian Vogt <fvogt@suse.de>
|
|
||||||
Date: Thu, 5 Oct 2023 11:02:25 +0200
|
|
||||||
Subject: [PATCH] fs/btrfs: Zero file data not backed by extents
|
|
||||||
|
|
||||||
Implicit holes in file data need to be zeroed explicitly, instead of
|
|
||||||
just leaving the data in the buffer uninitialized.
|
|
||||||
|
|
||||||
This led to kernels randomly failing to boot in "fun" ways when loaded
|
|
||||||
from btrfs with the no_holes feature enabled, because large blocks of
|
|
||||||
zeros in the kernel file contained random data instead.
|
|
||||||
|
|
||||||
Signed-off-by: Fabian Vogt <fvogt@suse.de>
|
|
||||||
---
|
|
||||||
grub-core/fs/btrfs.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
|
|
||||||
index 19bff4610..ba0c58352 100644
|
|
||||||
--- a/grub-core/fs/btrfs.c
|
|
||||||
+++ b/grub-core/fs/btrfs.c
|
|
||||||
@@ -1603,6 +1603,8 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
|
|
||||||
csize = grub_le_to_cpu64 (key_out.offset) - pos;
|
|
||||||
if (csize > len)
|
|
||||||
csize = len;
|
|
||||||
+
|
|
||||||
+ grub_memset (buf, 0, csize);
|
|
||||||
buf += csize;
|
|
||||||
pos += csize;
|
|
||||||
len -= csize;
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,93 +0,0 @@
|
|||||||
From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:31:57 +0300
|
|
||||||
Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the
|
|
||||||
$ATTRIBUTE_LIST attribute for the $MFT file
|
|
||||||
|
|
||||||
When parsing an extremely fragmented $MFT file, i.e., the file described
|
|
||||||
using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
|
|
||||||
containing bytes read from the underlying drive to store sector numbers,
|
|
||||||
which are consumed later to read data from these sectors into another buffer.
|
|
||||||
|
|
||||||
These sectors numbers, two 32-bit integers, are always stored at predefined
|
|
||||||
offsets, 0x10 and 0x14, relative to first byte of the selected entry within
|
|
||||||
the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
|
|
||||||
|
|
||||||
However, when parsing a specially-crafted file system image, this may cause
|
|
||||||
the NTFS code to write these integers beyond the buffer boundary, likely
|
|
||||||
causing the GRUB memory allocator to misbehave or fail. These integers contain
|
|
||||||
values which are controlled by on-disk structures of the NTFS file system.
|
|
||||||
|
|
||||||
Such modification and resulting misbehavior may touch a memory range not
|
|
||||||
assigned to the GRUB and owned by firmware or another EFI application/driver.
|
|
||||||
|
|
||||||
This fix introduces checks to ensure that these sector numbers are never
|
|
||||||
written beyond the boundary.
|
|
||||||
|
|
||||||
Fixes: CVE-2023-4692
|
|
||||||
|
|
||||||
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
|
|
||||||
1 file changed, 17 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index bbdbe24ad..c3c4db117 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
}
|
|
||||||
if (at->attr_end)
|
|
||||||
{
|
|
||||||
- grub_uint8_t *pa;
|
|
||||||
+ grub_uint8_t *pa, *pa_end;
|
|
||||||
|
|
||||||
at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
|
|
||||||
if (at->emft_buf == NULL)
|
|
||||||
@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
}
|
|
||||||
at->attr_nxt = at->edat_buf;
|
|
||||||
at->attr_end = at->edat_buf + u32at (pa, 0x30);
|
|
||||||
+ pa_end = at->edat_buf + n;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
at->attr_nxt = at->attr_end + u16at (pa, 0x14);
|
|
||||||
at->attr_end = at->attr_end + u32at (pa, 4);
|
|
||||||
+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
|
|
||||||
}
|
|
||||||
at->flags |= GRUB_NTFS_AF_ALST;
|
|
||||||
while (at->attr_nxt < at->attr_end)
|
|
||||||
@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
at->flags |= GRUB_NTFS_AF_GPOS;
|
|
||||||
at->attr_cur = at->attr_nxt;
|
|
||||||
pa = at->attr_cur;
|
|
||||||
+
|
|
||||||
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
grub_set_unaligned32 ((char *) pa + 0x10,
|
|
||||||
grub_cpu_to_le32 (at->mft->data->mft_start));
|
|
||||||
grub_set_unaligned32 ((char *) pa + 0x14,
|
|
||||||
@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
{
|
|
||||||
if (*pa != attr)
|
|
||||||
break;
|
|
||||||
+
|
|
||||||
+ if ((pa >= pa_end) || (pa_end - pa < 0x18))
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (read_attr
|
|
||||||
(at, pa + 0x10,
|
|
||||||
u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
|||||||
From b541e93b4dab6f652941d086af4fe2da676d0ee3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lidong Chen <lidong.chen@oracle.com>
|
|
||||||
Date: Thu, 28 Sep 2023 22:33:44 +0000
|
|
||||||
Subject: [PATCH 1/3] fs/xfs: Incorrect short form directory data boundary
|
|
||||||
check
|
|
||||||
|
|
||||||
After parsing of the current entry, the entry pointer is advanced
|
|
||||||
to the next entry at the end of the "for" loop. In case where the
|
|
||||||
last entry is at the end of the data boundary, the advanced entry
|
|
||||||
pointer can point off the data boundary. The subsequent boundary
|
|
||||||
check for the advanced entry pointer can cause a failure.
|
|
||||||
|
|
||||||
The fix is to include the boundary check into the "for" loop
|
|
||||||
condition.
|
|
||||||
|
|
||||||
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
||||||
Tested-by: Marta Lewandowska <mlewando@redhat.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/xfs.c | 7 ++-----
|
|
||||||
1 file changed, 2 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
|
|
||||||
index b91cd32b4..ebf962793 100644
|
|
||||||
--- a/grub-core/fs/xfs.c
|
|
||||||
+++ b/grub-core/fs/xfs.c
|
|
||||||
@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
if (iterate_dir_call_hook (parent, "..", &ctx))
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
- for (i = 0; i < head->count; i++)
|
|
||||||
+ for (i = 0; i < head->count &&
|
|
||||||
+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++)
|
|
||||||
{
|
|
||||||
grub_uint64_t ino;
|
|
||||||
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
|
|
||||||
@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
de->name[de->len] = c;
|
|
||||||
|
|
||||||
de = grub_xfs_inline_next_de(dir->data, head, de);
|
|
||||||
-
|
|
||||||
- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
|
|
||||||
- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
|
|
||||||
-
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.42.1
|
|
||||||
|
|
@ -1,229 +0,0 @@
|
|||||||
From 4bcf6f747c3ab0b998c6f5a361804e38bc9c4334 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
||||||
Date: Wed, 4 Oct 2023 11:32:35 -0400
|
|
||||||
Subject: [PATCH] kern/ieee1275/init: Restrict high memory in presence of
|
|
||||||
fadump on ppc64
|
|
||||||
|
|
||||||
When a kernel dump is present then restrict the high memory regions to
|
|
||||||
avoid allocating memory where the kernel dump resides. Use the
|
|
||||||
ibm,kernel-dump node under /rtas to determine whether a kernel dump
|
|
||||||
exists and up to which limit GRUB can use available memory. Set the
|
|
||||||
upper_mem_limit to the size of the kernel dump section of type
|
|
||||||
REAL_MODE_REGION and therefore only allow GRUB's memory usage for high
|
|
||||||
addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can
|
|
||||||
use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit
|
|
||||||
and the kernel-dump memory regions above upper_mem_limit remain
|
|
||||||
untouched. This change has no effect on memory allocations below
|
|
||||||
linux_rmo_save (typically at 640MB).
|
|
||||||
|
|
||||||
Also, fall back to allocating below rmo_linux_save in case the chunk of
|
|
||||||
memory there would be larger than the chunk of memory above RMO_ADDR_MAX.
|
|
||||||
This can for example occur if a free memory area is found starting at 300MB
|
|
||||||
extending up to 1GB but a kernel dump is located at 768MB and therefore
|
|
||||||
does not allow the allocation of the high memory area but requiring to use
|
|
||||||
the chunk starting at 300MB to avoid an unnecessary out-of-memory condition.
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
||||||
Reviewed-by: Hari Bathini <hbathini@linux.ibm.com>
|
|
||||||
Cc: Pavithra Prakash <pavrampu@in.ibm.com>
|
|
||||||
Cc: Michael Ellerman <mpe@ellerman.id.au>
|
|
||||||
Cc: Carolyn Scherrer <cpscherr@us.ibm.com>
|
|
||||||
Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com>
|
|
||||||
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/kern/ieee1275/init.c | 144 ++++++++++++++++++++++++++++++++-
|
|
||||||
1 file changed, 142 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
|
||||||
index bd9a4804b..d6c9c9049 100644
|
|
||||||
--- a/grub-core/kern/ieee1275/init.c
|
|
||||||
+++ b/grub-core/kern/ieee1275/init.c
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
+#include <stddef.h> /* offsetof() */
|
|
||||||
+
|
|
||||||
#include <grub/kernel.h>
|
|
||||||
#include <grub/dl.h>
|
|
||||||
#include <grub/disk.h>
|
|
||||||
@@ -196,6 +198,96 @@ grub_claim_heap (void)
|
|
||||||
#else
|
|
||||||
/* Helpers for mm on powerpc. */
|
|
||||||
|
|
||||||
+/* ibm,kernel-dump data structures */
|
|
||||||
+struct kd_section
|
|
||||||
+{
|
|
||||||
+ grub_uint32_t flags;
|
|
||||||
+ grub_uint16_t src_datatype;
|
|
||||||
+#define KD_SRC_DATATYPE_REAL_MODE_REGION 0x0011
|
|
||||||
+ grub_uint16_t error_flags;
|
|
||||||
+ grub_uint64_t src_address;
|
|
||||||
+ grub_uint64_t num_bytes;
|
|
||||||
+ grub_uint64_t act_bytes;
|
|
||||||
+ grub_uint64_t dst_address;
|
|
||||||
+} GRUB_PACKED;
|
|
||||||
+
|
|
||||||
+#define MAX_KD_SECTIONS 10
|
|
||||||
+
|
|
||||||
+struct kernel_dump
|
|
||||||
+{
|
|
||||||
+ grub_uint32_t format;
|
|
||||||
+ grub_uint16_t num_sections;
|
|
||||||
+ grub_uint16_t status_flags;
|
|
||||||
+ grub_uint32_t offset_1st_section;
|
|
||||||
+ grub_uint32_t num_blocks;
|
|
||||||
+ grub_uint64_t start_block;
|
|
||||||
+ grub_uint64_t num_blocks_avail;
|
|
||||||
+ grub_uint32_t offet_path_string;
|
|
||||||
+ grub_uint32_t max_time_allowed;
|
|
||||||
+ struct kd_section kds[MAX_KD_SECTIONS]; /* offset_1st_section should point to kds[0] */
|
|
||||||
+} GRUB_PACKED;
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Determine if a kernel dump exists and if it does, then determine the highest
|
|
||||||
+ * address that grub can use for memory allocations.
|
|
||||||
+ * The caller must have initialized *highest to rmo_top. *highest will not
|
|
||||||
+ * be modified if no kernel dump is found.
|
|
||||||
+ */
|
|
||||||
+static void
|
|
||||||
+check_kernel_dump (grub_uint64_t *highest)
|
|
||||||
+{
|
|
||||||
+ struct kernel_dump kernel_dump;
|
|
||||||
+ grub_ssize_t kernel_dump_size;
|
|
||||||
+ grub_ieee1275_phandle_t rtas;
|
|
||||||
+ struct kd_section *kds;
|
|
||||||
+ grub_size_t i;
|
|
||||||
+
|
|
||||||
+ /* If there's a kernel-dump it must have at least one section */
|
|
||||||
+ if (grub_ieee1275_finddevice ("/rtas", &rtas) ||
|
|
||||||
+ grub_ieee1275_get_property (rtas, "ibm,kernel-dump", &kernel_dump,
|
|
||||||
+ sizeof (kernel_dump), &kernel_dump_size) ||
|
|
||||||
+ kernel_dump_size <= (grub_ssize_t) offsetof (struct kernel_dump, kds[1]))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ kernel_dump_size = grub_min (kernel_dump_size, (grub_ssize_t) sizeof (kernel_dump));
|
|
||||||
+
|
|
||||||
+ if (grub_be_to_cpu32 (kernel_dump.format) != 1)
|
|
||||||
+ {
|
|
||||||
+ grub_printf (_("Error: ibm,kernel-dump has an unexpected format version '%u'\n"),
|
|
||||||
+ grub_be_to_cpu32 (kernel_dump.format));
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (grub_be_to_cpu16 (kernel_dump.num_sections) > MAX_KD_SECTIONS)
|
|
||||||
+ {
|
|
||||||
+ grub_printf (_("Error: Too many kernel dump sections: %d\n"),
|
|
||||||
+ grub_be_to_cpu32 (kernel_dump.num_sections));
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < grub_be_to_cpu16 (kernel_dump.num_sections); i++)
|
|
||||||
+ {
|
|
||||||
+ kds = (struct kd_section *) ((grub_addr_t) &kernel_dump +
|
|
||||||
+ grub_be_to_cpu32 (kernel_dump.offset_1st_section) +
|
|
||||||
+ i * sizeof (struct kd_section));
|
|
||||||
+ /* sanity check the address is within the 'kernel_dump' struct */
|
|
||||||
+ if ((grub_addr_t) kds > (grub_addr_t) &kernel_dump + kernel_dump_size + sizeof (*kds))
|
|
||||||
+ {
|
|
||||||
+ grub_printf (_("Error: 'kds' address beyond last available section\n"));
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((grub_be_to_cpu16 (kds->src_datatype) == KD_SRC_DATATYPE_REAL_MODE_REGION) &&
|
|
||||||
+ (grub_be_to_cpu64 (kds->src_address) == 0))
|
|
||||||
+ {
|
|
||||||
+ *highest = grub_min (*highest, grub_be_to_cpu64 (kds->num_bytes));
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* How much memory does OF believe exists in total?
|
|
||||||
*
|
|
||||||
@@ -275,10 +367,31 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
|
|
||||||
*
|
|
||||||
* Finally, we also want to make sure that when grub loads the kernel,
|
|
||||||
* it isn't going to use up all the memory we're trying to reserve! So
|
|
||||||
- * enforce our entire RUNTIME_MIN_SPACE here:
|
|
||||||
+ * enforce our entire RUNTIME_MIN_SPACE here (no fadump):
|
|
||||||
+ *
|
|
||||||
+ * | Top of memory == upper_mem_limit -|
|
|
||||||
+ * | |
|
|
||||||
+ * | available |
|
|
||||||
+ * | |
|
|
||||||
+ * |---------- 768 MB ----------|
|
|
||||||
+ * | |
|
|
||||||
+ * | reserved |
|
|
||||||
+ * | |
|
|
||||||
+ * |--- 768 MB - runtime min space ---|
|
|
||||||
+ * | |
|
|
||||||
+ * | available |
|
|
||||||
+ * | |
|
|
||||||
+ * |---------- 0 MB ----------|
|
|
||||||
+ *
|
|
||||||
+ * In case fadump is used, we allow the following:
|
|
||||||
*
|
|
||||||
* |---------- Top of memory ----------|
|
|
||||||
* | |
|
|
||||||
+ * | unavailable |
|
|
||||||
+ * | (kernel dump area) |
|
|
||||||
+ * | |
|
|
||||||
+ * |--------- upper_mem_limit ---------|
|
|
||||||
+ * | |
|
|
||||||
* | available |
|
|
||||||
* | |
|
|
||||||
* |---------- 768 MB ----------|
|
|
||||||
@@ -333,17 +446,44 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
+ grub_uint64_t upper_mem_limit = rmo_top;
|
|
||||||
+ grub_uint64_t orig_addr = addr;
|
|
||||||
+
|
|
||||||
+ check_kernel_dump (&upper_mem_limit);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* we order these cases to prefer higher addresses and avoid some
|
|
||||||
* splitting issues
|
|
||||||
+ * The following shows the order of variables:
|
|
||||||
+ * no kernel dump: linux_rmo_save < RMO_ADDR_MAX <= upper_mem_limit == rmo_top
|
|
||||||
+ * with kernel dump: liuxx_rmo_save < RMO_ADDR_MAX <= upper_mem_limit <= rmo_top
|
|
||||||
*/
|
|
||||||
- if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX)
|
|
||||||
+ if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX && upper_mem_limit >= RMO_ADDR_MAX)
|
|
||||||
{
|
|
||||||
grub_dprintf ("ieee1275",
|
|
||||||
"adjusting region for RUNTIME_MIN_SPACE: (%llx -> %llx) -> (%llx -> %llx)\n",
|
|
||||||
addr, addr + len, RMO_ADDR_MAX, addr + len);
|
|
||||||
len = (addr + len) - RMO_ADDR_MAX;
|
|
||||||
addr = RMO_ADDR_MAX;
|
|
||||||
+
|
|
||||||
+ /* We must not exceed the upper_mem_limit (assuming it's >= RMO_ADDR_MAX) */
|
|
||||||
+ if (addr + len > upper_mem_limit)
|
|
||||||
+ {
|
|
||||||
+ /* take the bigger chunk from either below linux_rmo_save or above upper_mem_limit */
|
|
||||||
+ len = upper_mem_limit - addr;
|
|
||||||
+ if (orig_addr < linux_rmo_save && linux_rmo_save - orig_addr > len)
|
|
||||||
+ {
|
|
||||||
+ /* lower part is bigger */
|
|
||||||
+ addr = orig_addr;
|
|
||||||
+ len = linux_rmo_save - addr;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ grub_dprintf ("ieee1275", "re-adjusted region to: (%llx -> %llx)\n",
|
|
||||||
+ addr, addr + len);
|
|
||||||
+
|
|
||||||
+ if (len == 0)
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
else if ((addr < linux_rmo_save) && ((addr + len) > linux_rmo_save))
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,76 +0,0 @@
|
|||||||
From 1fdc9daf97a1518960e5603dd43a5f353cb3ca89 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Chang <mchang@suse.com>
|
|
||||||
Date: Thu, 30 Nov 2023 13:45:13 +0800
|
|
||||||
Subject: [PATCH 1/2] mkstandalone: ensure stable timestamps for generated
|
|
||||||
images
|
|
||||||
|
|
||||||
This change mirrors a previous fix [1] but is specific to images
|
|
||||||
generated by grub-mkstandalone.
|
|
||||||
|
|
||||||
The former fix (85a7be241) focused on utilizing a stable timestamp
|
|
||||||
during binary generation in the util/mkimage context. This commit
|
|
||||||
extends that approach to the images produced by grub-mkstandalone,
|
|
||||||
ensuring consistency and stability in timestamps across all generated
|
|
||||||
binaries.
|
|
||||||
|
|
||||||
[1] 85a7be241 util/mkimage: Use stable timestamp when generating
|
|
||||||
binaries.
|
|
||||||
|
|
||||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
|
||||||
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
|
|
||||||
---
|
|
||||||
util/grub-mkstandalone.c | 10 +++++-----
|
|
||||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
|
|
||||||
index bdbeea6a6..8e1229925 100644
|
|
||||||
--- a/util/grub-mkstandalone.c
|
|
||||||
+++ b/util/grub-mkstandalone.c
|
|
||||||
@@ -30,6 +30,9 @@
|
|
||||||
#pragma GCC diagnostic error "-Wmissing-prototypes"
|
|
||||||
#pragma GCC diagnostic error "-Wmissing-declarations"
|
|
||||||
|
|
||||||
+/* use 2015-01-01T00:00:00+0000 as a stock timestamp */
|
|
||||||
+#define STABLE_EMBEDDING_TIMESTAMP 1420070400
|
|
||||||
+
|
|
||||||
static char *output_image;
|
|
||||||
static char **files;
|
|
||||||
static int nfiles;
|
|
||||||
@@ -184,7 +187,6 @@ add_tar_file (const char *from,
|
|
||||||
struct head hd;
|
|
||||||
grub_util_fd_t in;
|
|
||||||
ssize_t r;
|
|
||||||
- grub_uint32_t mtime = 0;
|
|
||||||
grub_uint32_t size;
|
|
||||||
|
|
||||||
COMPILE_TIME_ASSERT (sizeof (hd) == 512);
|
|
||||||
@@ -192,8 +194,6 @@ add_tar_file (const char *from,
|
|
||||||
if (grub_util_is_special_file (from))
|
|
||||||
return;
|
|
||||||
|
|
||||||
- mtime = grub_util_get_mtime (from);
|
|
||||||
-
|
|
||||||
optr = tcn = xmalloc (strlen (to) + 1);
|
|
||||||
for (iptr = to; *iptr == '/'; iptr++);
|
|
||||||
for (; *iptr; iptr++)
|
|
||||||
@@ -234,7 +234,7 @@ add_tar_file (const char *from,
|
|
||||||
memcpy (hd.gid, "0001750", 7);
|
|
||||||
|
|
||||||
set_tar_value (hd.size, optr - tcn, 12);
|
|
||||||
- set_tar_value (hd.mtime, mtime, 12);
|
|
||||||
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
|
|
||||||
hd.typeflag = 'L';
|
|
||||||
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
|
|
||||||
memcpy (hd.uname, "grub", 4);
|
|
||||||
@@ -264,7 +264,7 @@ add_tar_file (const char *from,
|
|
||||||
memcpy (hd.gid, "0001750", 7);
|
|
||||||
|
|
||||||
set_tar_value (hd.size, size, 12);
|
|
||||||
- set_tar_value (hd.mtime, mtime, 12);
|
|
||||||
+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
|
|
||||||
hd.typeflag = '0';
|
|
||||||
memcpy (hd.magic, MAGIC, sizeof (hd.magic));
|
|
||||||
memcpy (hd.uname, "grub", 4);
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -39,17 +39,15 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
|||||||
{
|
{
|
||||||
--- a/grub-core/net/http.c
|
--- a/grub-core/net/http.c
|
||||||
+++ b/grub-core/net/http.c
|
+++ b/grub-core/net/http.c
|
||||||
@@ -31,7 +31,8 @@
|
@@ -30,6 +30,7 @@
|
||||||
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
enum
|
#define HTTP_PORT ((grub_uint16_t) 80)
|
||||||
{
|
+#define HTTP_MAX_CHUNK_SIZE GRUB_INT_MAX
|
||||||
- HTTP_PORT = 80
|
|
||||||
+ HTTP_PORT = 80,
|
|
||||||
+ HTTP_MAX_CHUNK_SIZE = GRUB_INT_MAX
|
|
||||||
};
|
|
||||||
|
|
||||||
|
typedef struct http_data
|
||||||
@@ -86,6 +87,8 @@
|
{
|
||||||
|
@@ -82,6 +83,8 @@
|
||||||
if (data->in_chunk_len == 2)
|
if (data->in_chunk_len == 2)
|
||||||
{
|
{
|
||||||
data->chunk_rem = grub_strtoul (ptr, 0, 16);
|
data->chunk_rem = grub_strtoul (ptr, 0, 16);
|
||||||
|
@ -1,58 +0,0 @@
|
|||||||
From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:32:33 +0300
|
|
||||||
Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the
|
|
||||||
resident $DATA attribute
|
|
||||||
|
|
||||||
When reading a file containing resident data, i.e., the file data is stored in
|
|
||||||
the $DATA attribute within the NTFS file record, not in external clusters,
|
|
||||||
there are no checks that this resident data actually fits the corresponding
|
|
||||||
file record segment.
|
|
||||||
|
|
||||||
When parsing a specially-crafted file system image, the current NTFS code will
|
|
||||||
read the file data from an arbitrary, attacker-chosen memory offset and of
|
|
||||||
arbitrary, attacker-chosen length.
|
|
||||||
|
|
||||||
This allows an attacker to display arbitrary chunks of memory, which could
|
|
||||||
contain sensitive information like password hashes or even plain-text,
|
|
||||||
obfuscated passwords from BS EFI variables.
|
|
||||||
|
|
||||||
This fix implements a check to ensure that resident data is read from the
|
|
||||||
corresponding file record segment only.
|
|
||||||
|
|
||||||
Fixes: CVE-2023-4693
|
|
||||||
|
|
||||||
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 13 ++++++++++++-
|
|
||||||
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index c3c4db117..a68e173d8 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
|
|
||||||
{
|
|
||||||
if (ofs + len > u32at (pa, 0x10))
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
|
|
||||||
- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
|
|
||||||
+
|
|
||||||
+ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
|
|
||||||
+
|
|
||||||
+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
|
||||||
+
|
|
||||||
+ if (u16at (pa, 0x14) + u32at (pa, 0x10) >
|
|
||||||
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
|
|
||||||
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
|
||||||
+
|
|
||||||
+ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,171 +0,0 @@
|
|||||||
From 4a6a5c4a6bb2426235364be9f3698763ddcf4775 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jon DeVree <nuxi@vault24.org>
|
|
||||||
Date: Tue, 17 Oct 2023 23:03:47 -0400
|
|
||||||
Subject: [PATCH 2/3] fs/xfs: Fix XFS directory extent parsing
|
|
||||||
|
|
||||||
The XFS directory entry parsing code has never been completely correct
|
|
||||||
for extent based directories. The parser correctly handles the case
|
|
||||||
where the directory is contained in a single extent, but then mistakenly
|
|
||||||
assumes the data blocks for the multiple extent case are each identical
|
|
||||||
to the single extent case. The difference in the format of the data
|
|
||||||
blocks between the two cases is tiny enough that its gone unnoticed for
|
|
||||||
a very long time.
|
|
||||||
|
|
||||||
A recent change introduced some additional bounds checking into the XFS
|
|
||||||
parser. Like GRUB's existing parser, it is correct for the single extent
|
|
||||||
case but incorrect for the multiple extent case. When parsing a directory
|
|
||||||
with multiple extents, this new bounds checking is sometimes (but not
|
|
||||||
always) tripped and triggers an "invalid XFS directory entry" error. This
|
|
||||||
probably would have continued to go unnoticed but the /boot/grub/<arch>
|
|
||||||
directory is large enough that it often has multiple extents.
|
|
||||||
|
|
||||||
The difference between the two cases is that when there are multiple
|
|
||||||
extents, the data blocks do not contain a trailer nor do they contain
|
|
||||||
any leaf information. That information is stored in a separate set of
|
|
||||||
extents dedicated to just the leaf information. These extents come after
|
|
||||||
the directory entry extents and are not included in the inode size. So
|
|
||||||
the existing parser already ignores the leaf extents.
|
|
||||||
|
|
||||||
The only reason to read the trailer/leaf information at all is so that
|
|
||||||
the parser can avoid misinterpreting that data as directory entries. So
|
|
||||||
this updates the parser as follows:
|
|
||||||
|
|
||||||
For the single extent case the parser doesn't change much:
|
|
||||||
1. Read the size of the leaf information from the trailer
|
|
||||||
2. Set the end pointer for the parser to the start of the leaf
|
|
||||||
information. (The previous bounds checking set the end pointer to the
|
|
||||||
start of the trailer, so this is actually a small improvement.)
|
|
||||||
3. Set the entries variable to the expected number of directory entries.
|
|
||||||
|
|
||||||
For the multiple extent case:
|
|
||||||
1. Set the end pointer to the end of the block.
|
|
||||||
2. Do not set up the entries variable. Figuring out how many entries are
|
|
||||||
in each individual block is complex and does not seem worth it when
|
|
||||||
it appears to be safe to just iterate over the entire block.
|
|
||||||
|
|
||||||
The bounds check itself was also dependent upon the faulty XFS parser
|
|
||||||
because it accidentally used "filename + length - 1". Presumably this
|
|
||||||
was able to pass the fuzzer because in the old parser there was always
|
|
||||||
8 bytes of slack space between the tail pointer and the actual end of
|
|
||||||
the block. Since this is no longer the case the bounds check needs to be
|
|
||||||
updated to "filename + length + 1" in order to prevent a regression in
|
|
||||||
the handling of corrupt fliesystems.
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
* When there is only one extent there will only ever be one block. If
|
|
||||||
more than one block is required then XFS will always switch to holding
|
|
||||||
leaf information in a separate extent.
|
|
||||||
* B-tree based directories seems to be parsed properly by the same code
|
|
||||||
that handles multiple extents. This is unlikely to ever occur within
|
|
||||||
/boot though because its only used when there are an extremely large
|
|
||||||
number of directory entries.
|
|
||||||
|
|
||||||
Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem)
|
|
||||||
Fixes: b2499b29c (Adds support for the XFS filesystem.)
|
|
||||||
Fixes: https://savannah.gnu.org/bugs/?64376
|
|
||||||
|
|
||||||
Signed-off-by: Jon DeVree <nuxi@vault24.org>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
||||||
Tested-by: Marta Lewandowska <mlewando@redhat.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/xfs.c | 52 +++++++++++++++++++++++++++++++++-------------
|
|
||||||
1 file changed, 38 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
|
|
||||||
index ebf962793..18edfcff4 100644
|
|
||||||
--- a/grub-core/fs/xfs.c
|
|
||||||
+++ b/grub-core/fs/xfs.c
|
|
||||||
@@ -223,6 +223,12 @@ struct grub_xfs_inode
|
|
||||||
/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
|
|
||||||
#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
|
|
||||||
|
|
||||||
+struct grub_xfs_dir_leaf_entry
|
|
||||||
+{
|
|
||||||
+ grub_uint32_t hashval;
|
|
||||||
+ grub_uint32_t address;
|
|
||||||
+} GRUB_PACKED;
|
|
||||||
+
|
|
||||||
struct grub_xfs_dirblock_tail
|
|
||||||
{
|
|
||||||
grub_uint32_t leaf_count;
|
|
||||||
@@ -874,9 +880,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
{
|
|
||||||
struct grub_xfs_dir2_entry *direntry =
|
|
||||||
grub_xfs_first_de(dir->data, dirblock);
|
|
||||||
- int entries;
|
|
||||||
- struct grub_xfs_dirblock_tail *tail =
|
|
||||||
- grub_xfs_dir_tail(dir->data, dirblock);
|
|
||||||
+ int entries = -1;
|
|
||||||
+ char *end = dirblock + dirblk_size;
|
|
||||||
|
|
||||||
numread = grub_xfs_read_file (dir, 0, 0,
|
|
||||||
blk << dirblk_log2,
|
|
||||||
@@ -887,14 +892,27 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- entries = (grub_be_to_cpu32 (tail->leaf_count)
|
|
||||||
- - grub_be_to_cpu32 (tail->leaf_stale));
|
|
||||||
+ /*
|
|
||||||
+ * Leaf and tail information are only in the data block if the number
|
|
||||||
+ * of extents is 1.
|
|
||||||
+ */
|
|
||||||
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
|
|
||||||
+ {
|
|
||||||
+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock);
|
|
||||||
+
|
|
||||||
+ end = (char *) tail;
|
|
||||||
+
|
|
||||||
+ /* Subtract the space used by leaf nodes. */
|
|
||||||
+ end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry);
|
|
||||||
|
|
||||||
- if (!entries)
|
|
||||||
- continue;
|
|
||||||
+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale);
|
|
||||||
+
|
|
||||||
+ if (!entries)
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Iterate over all entries within this block. */
|
|
||||||
- while ((char *)direntry < (char *)tail)
|
|
||||||
+ while ((char *) direntry < (char *) end)
|
|
||||||
{
|
|
||||||
grub_uint8_t *freetag;
|
|
||||||
char *filename;
|
|
||||||
@@ -914,7 +932,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
}
|
|
||||||
|
|
||||||
filename = (char *)(direntry + 1);
|
|
||||||
- if (filename + direntry->len - 1 > (char *) tail)
|
|
||||||
+ if (filename + direntry->len + 1 > (char *) end)
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
|
|
||||||
|
|
||||||
/* The byte after the filename is for the filetype, padding, or
|
|
||||||
@@ -928,11 +946,17 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* Check if last direntry in this block is
|
|
||||||
- reached. */
|
|
||||||
- entries--;
|
|
||||||
- if (!entries)
|
|
||||||
- break;
|
|
||||||
+ /*
|
|
||||||
+ * The expected number of directory entries is only tracked for the
|
|
||||||
+ * single extent case.
|
|
||||||
+ */
|
|
||||||
+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
|
|
||||||
+ {
|
|
||||||
+ /* Check if last direntry in this block is reached. */
|
|
||||||
+ entries--;
|
|
||||||
+ if (!entries)
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Select the next directory entry. */
|
|
||||||
direntry = grub_xfs_next_de(dir->data, direntry);
|
|
||||||
--
|
|
||||||
2.42.1
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
|||||||
From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Chang <mchang@suse.com>
|
|
||||||
Date: Thu, 30 Nov 2023 16:30:45 +0800
|
|
||||||
Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by
|
|
||||||
sorting contents
|
|
||||||
|
|
||||||
The add_tar_files() function currently iterates through a directory's
|
|
||||||
content using readdir(), which doesn't guarantee a specific order. This
|
|
||||||
lack of deterministic behavior impacts reproducibility in the build
|
|
||||||
process.
|
|
||||||
|
|
||||||
This commit resolves the issue by introducing sorting functionality. The
|
|
||||||
list retrieved by readdir() is now sorted alphabetically before
|
|
||||||
incorporation into the tar archive, ensuring consistent and predictable
|
|
||||||
file ordering within the archive.
|
|
||||||
|
|
||||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
|
||||||
Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
|
|
||||||
---
|
|
||||||
util/grub-mkstandalone.c | 26 +++++++++++++++++++++++---
|
|
||||||
1 file changed, 23 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
|
|
||||||
index 8e1229925..e4b5bcab4 100644
|
|
||||||
--- a/util/grub-mkstandalone.c
|
|
||||||
+++ b/util/grub-mkstandalone.c
|
|
||||||
@@ -205,22 +205,42 @@ add_tar_file (const char *from,
|
|
||||||
{
|
|
||||||
grub_util_fd_dir_t d;
|
|
||||||
grub_util_fd_dirent_t de;
|
|
||||||
+ char **from_files;
|
|
||||||
+ grub_size_t alloc = 8, used = 0;
|
|
||||||
+ grub_size_t i;
|
|
||||||
|
|
||||||
d = grub_util_fd_opendir (from);
|
|
||||||
|
|
||||||
+ from_files = xmalloc (alloc * sizeof (*from_files));
|
|
||||||
while ((de = grub_util_fd_readdir (d)))
|
|
||||||
{
|
|
||||||
- char *fp, *tfp;
|
|
||||||
if (strcmp (de->d_name, ".") == 0)
|
|
||||||
continue;
|
|
||||||
if (strcmp (de->d_name, "..") == 0)
|
|
||||||
continue;
|
|
||||||
- fp = grub_util_path_concat (2, from, de->d_name);
|
|
||||||
- tfp = xasprintf ("%s/%s", to, de->d_name);
|
|
||||||
+ if (alloc <= used)
|
|
||||||
+ {
|
|
||||||
+ alloc <<= 1;
|
|
||||||
+ from_files = xrealloc (from_files, alloc * sizeof (*from_files));
|
|
||||||
+ }
|
|
||||||
+ from_files[used++] = xstrdup(de->d_name);
|
|
||||||
+ }
|
|
||||||
+ qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp);
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < used; i++)
|
|
||||||
+ {
|
|
||||||
+ char *fp, *tfp;
|
|
||||||
+
|
|
||||||
+ fp = grub_util_path_concat (2, from, from_files[i]);
|
|
||||||
+ tfp = xasprintf ("%s/%s", to, from_files[i]);
|
|
||||||
add_tar_file (fp, tfp);
|
|
||||||
+ free (tfp);
|
|
||||||
free (fp);
|
|
||||||
+ free (from_files[i]);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
grub_util_fd_closedir (d);
|
|
||||||
+ free (from_files);
|
|
||||||
free (tcn);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -232,20 +232,18 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
|
grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
|
||||||
--- a/include/grub/i386/linux.h
|
--- a/include/grub/i386/linux.h
|
||||||
+++ b/include/grub/i386/linux.h
|
+++ b/include/grub/i386/linux.h
|
||||||
@@ -138,7 +138,12 @@
|
@@ -148,6 +148,11 @@
|
||||||
grub_uint32_t kernel_alignment;
|
grub_uint32_t kernel_alignment;
|
||||||
grub_uint8_t relocatable;
|
grub_uint8_t relocatable;
|
||||||
grub_uint8_t min_alignment;
|
grub_uint8_t min_alignment;
|
||||||
- grub_uint8_t pad[2];
|
|
||||||
+#define LINUX_XLF_KERNEL_64 (1<<0)
|
+#define LINUX_XLF_KERNEL_64 (1<<0)
|
||||||
+#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1)
|
+#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1)
|
||||||
+#define LINUX_XLF_EFI_HANDOVER_32 (1<<2)
|
+#define LINUX_XLF_EFI_HANDOVER_32 (1<<2)
|
||||||
+#define LINUX_XLF_EFI_HANDOVER_64 (1<<3)
|
+#define LINUX_XLF_EFI_HANDOVER_64 (1<<3)
|
||||||
+#define LINUX_XLF_EFI_KEXEC (1<<4)
|
+#define LINUX_XLF_EFI_KEXEC (1<<4)
|
||||||
+ grub_uint16_t xloadflags;
|
grub_uint16_t xloadflags;
|
||||||
grub_uint32_t cmdline_size;
|
grub_uint32_t cmdline_size;
|
||||||
grub_uint32_t hardware_subarch;
|
grub_uint32_t hardware_subarch;
|
||||||
grub_uint64_t hardware_subarch_data;
|
|
||||||
--- a/grub-core/loader/efi/linux_boot.c
|
--- a/grub-core/loader/efi/linux_boot.c
|
||||||
+++ b/grub-core/loader/efi/linux_boot.c
|
+++ b/grub-core/loader/efi/linux_boot.c
|
||||||
@@ -30,11 +30,16 @@
|
@@ -30,11 +30,16 @@
|
||||||
|
@ -1,73 +0,0 @@
|
|||||||
From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:33:17 +0300
|
|
||||||
Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries
|
|
||||||
from resident and non-resident index attributes
|
|
||||||
|
|
||||||
This fix introduces checks to ensure that index entries are never read
|
|
||||||
beyond the corresponding directory index.
|
|
||||||
|
|
||||||
The lack of this check is a minor issue, likely not exploitable in any way.
|
|
||||||
|
|
||||||
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 13 +++++++++++--
|
|
||||||
1 file changed, 11 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index a68e173d8..2d78b96e1 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
-list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
|
|
||||||
+list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, grub_uint8_t *end_pos,
|
|
||||||
grub_fshelp_iterate_dir_hook_t hook, void *hook_data)
|
|
||||||
{
|
|
||||||
grub_uint8_t *np;
|
|
||||||
@@ -610,6 +610,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
|
|
||||||
grub_uint8_t namespace;
|
|
||||||
char *ustr;
|
|
||||||
|
|
||||||
+ if ((pos >= end_pos) || (end_pos - pos < 0x52))
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
if (pos[0xC] & 2) /* end signature */
|
|
||||||
break;
|
|
||||||
|
|
||||||
@@ -617,6 +620,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos,
|
|
||||||
ns = *(np++);
|
|
||||||
namespace = *(np++);
|
|
||||||
|
|
||||||
+ if (2 * ns > end_pos - pos - 0x52)
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Ignore files in DOS namespace, as they will reappear as Win32
|
|
||||||
* names.
|
|
||||||
@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
}
|
|
||||||
|
|
||||||
cur_pos += 0x10; /* Skip index root */
|
|
||||||
- ret = list_file (mft, cur_pos + u16at (cur_pos, 0), hook, hook_data);
|
|
||||||
+ ret = list_file (mft, cur_pos + u16at (cur_pos, 0),
|
|
||||||
+ at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
|
|
||||||
+ hook, hook_data);
|
|
||||||
if (ret)
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
(const grub_uint8_t *) "INDX")))
|
|
||||||
goto done;
|
|
||||||
ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)],
|
|
||||||
+ indx + (mft->data->idx_size << GRUB_NTFS_BLK_SHR),
|
|
||||||
hook, hook_data);
|
|
||||||
if (ret)
|
|
||||||
goto done;
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,115 +0,0 @@
|
|||||||
From e7b1a524d5f86dcfddfbb069577e3b148dbb19cd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Anthony Iliopoulos via Grub-devel <grub-devel@gnu.org>
|
|
||||||
Date: Thu, 26 Oct 2023 11:53:39 +0200
|
|
||||||
Subject: [PATCH 3/3] fs/xfs: add large extent counters incompat feature
|
|
||||||
support
|
|
||||||
|
|
||||||
XFS introduced 64-bit extent counters for inodes via a series of
|
|
||||||
upstream commits, and the feature was marked as stable in v6.5 via
|
|
||||||
commit 61d7e8274cd8 ("xfs: drop EXPERIMENTAL tag for large extent
|
|
||||||
counts").
|
|
||||||
|
|
||||||
Further, xfsprogs release v6.5.0 switched this feature on by default in
|
|
||||||
mkfs.xfs via commit e5b18d7d1d96 ("mkfs: enable large extent counts by
|
|
||||||
default").
|
|
||||||
|
|
||||||
Filesystems formatted with large extent count support (nrext64=1) are
|
|
||||||
thus currently not recognizable by grub, since this is an incompat
|
|
||||||
feature. Add the required support so that those filesystems and inodes
|
|
||||||
with large extent counters can be read by grub.
|
|
||||||
|
|
||||||
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/xfs.c | 30 +++++++++++++++++++++++++-----
|
|
||||||
1 file changed, 25 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
|
|
||||||
index 18edfcff4..bc2224dbb 100644
|
|
||||||
--- a/grub-core/fs/xfs.c
|
|
||||||
+++ b/grub-core/fs/xfs.c
|
|
||||||
@@ -79,6 +79,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
|
|
||||||
/* Inode flags2 flags */
|
|
||||||
#define XFS_DIFLAG2_BIGTIME_BIT 3
|
|
||||||
#define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT)
|
|
||||||
+#define XFS_DIFLAG2_NREXT64_BIT 4
|
|
||||||
+#define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT)
|
|
||||||
|
|
||||||
/* incompat feature flags */
|
|
||||||
#define XFS_SB_FEAT_INCOMPAT_FTYPE (1 << 0) /* filetype in dirent */
|
|
||||||
@@ -86,6 +88,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
|
|
||||||
#define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */
|
|
||||||
#define XFS_SB_FEAT_INCOMPAT_BIGTIME (1 << 3) /* large timestamps */
|
|
||||||
#define XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR (1 << 4) /* needs xfs_repair */
|
|
||||||
+#define XFS_SB_FEAT_INCOMPAT_NREXT64 (1 << 5) /* large extent counters */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Directory entries with ftype are explicitly handled by GRUB code.
|
|
||||||
@@ -101,7 +104,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
|
|
||||||
XFS_SB_FEAT_INCOMPAT_SPINODES | \
|
|
||||||
XFS_SB_FEAT_INCOMPAT_META_UUID | \
|
|
||||||
XFS_SB_FEAT_INCOMPAT_BIGTIME | \
|
|
||||||
- XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
|
|
||||||
+ XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR | \
|
|
||||||
+ XFS_SB_FEAT_INCOMPAT_NREXT64)
|
|
||||||
|
|
||||||
struct grub_xfs_sblock
|
|
||||||
{
|
|
||||||
@@ -203,7 +207,8 @@ struct grub_xfs_inode
|
|
||||||
grub_uint16_t mode;
|
|
||||||
grub_uint8_t version;
|
|
||||||
grub_uint8_t format;
|
|
||||||
- grub_uint8_t unused2[26];
|
|
||||||
+ grub_uint8_t unused2[18];
|
|
||||||
+ grub_uint64_t nextents_big;
|
|
||||||
grub_uint64_t atime;
|
|
||||||
grub_uint64_t mtime;
|
|
||||||
grub_uint64_t ctime;
|
|
||||||
@@ -545,11 +550,26 @@ get_fsb (const void *keys, int idx)
|
|
||||||
return grub_be_to_cpu64 (grub_get_unaligned64 (p));
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int
|
|
||||||
+grub_xfs_inode_has_large_extent_counts (const struct grub_xfs_inode *inode)
|
|
||||||
+{
|
|
||||||
+ return inode->version >= 3 &&
|
|
||||||
+ (inode->flags2 & grub_cpu_to_be64_compile_time (XFS_DIFLAG2_NREXT64));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static grub_uint64_t
|
|
||||||
+grub_xfs_get_inode_nextents (struct grub_xfs_inode *inode)
|
|
||||||
+{
|
|
||||||
+ return (grub_xfs_inode_has_large_extent_counts (inode)) ?
|
|
||||||
+ grub_be_to_cpu64 (inode->nextents_big) :
|
|
||||||
+ grub_be_to_cpu32 (inode->nextents);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static grub_disk_addr_t
|
|
||||||
grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
|
|
||||||
{
|
|
||||||
struct grub_xfs_btree_node *leaf = 0;
|
|
||||||
- int ex, nrec;
|
|
||||||
+ grub_uint64_t ex, nrec;
|
|
||||||
struct grub_xfs_extent *exts;
|
|
||||||
grub_uint64_t ret = 0;
|
|
||||||
|
|
||||||
@@ -574,7 +594,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
|
|
||||||
/ (2 * sizeof (grub_uint64_t));
|
|
||||||
do
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
+ grub_uint64_t i;
|
|
||||||
|
|
||||||
for (i = 0; i < nrec; i++)
|
|
||||||
{
|
|
||||||
@@ -621,7 +641,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
|
|
||||||
grub_addr_t exts_end = 0;
|
|
||||||
grub_addr_t data_end = 0;
|
|
||||||
|
|
||||||
- nrec = grub_be_to_cpu32 (node->inode.nextents);
|
|
||||||
+ nrec = grub_xfs_get_inode_nextents (&node->inode);
|
|
||||||
exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode);
|
|
||||||
|
|
||||||
if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) ||
|
|
||||||
--
|
|
||||||
2.42.1
|
|
||||||
|
|
@ -127,21 +127,20 @@ Platform Reference (PAPR).
|
|||||||
default:
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -666,10 +674,11 @@
|
@@ -679,9 +687,11 @@
|
||||||
" --output '%s' "
|
*p = '\0';
|
||||||
" --dtb '%s' "
|
|
||||||
"--sbat '%s' "
|
|
||||||
- "--format '%s' --compression '%s' %s %s %s\n",
|
|
||||||
+ "--format '%s' --compression '%s' "
|
|
||||||
+ "--appended-signature-size %zu %s %s %s\n",
|
|
||||||
dir, prefix,
|
|
||||||
outname, dtb ? : "", sbat ? : "", mkimage_target,
|
|
||||||
- compnames[compression], note ? "--note" : "",
|
|
||||||
+ compnames[compression], appsig_size, note ? "--note" : "",
|
|
||||||
disable_shim_lock ? "--disable-shim-lock" : "", s);
|
|
||||||
free (s);
|
|
||||||
|
|
||||||
@@ -680,7 +689,7 @@
|
grub_util_info ("grub-mkimage --directory '%s' --prefix '%s' --output '%s'"
|
||||||
|
- " --format '%s' --compression '%s'%s%s%s\n",
|
||||||
|
+ " --format '%s' --compression '%s'"
|
||||||
|
+ " --appended-signature-size %zu%s%s%s\n",
|
||||||
|
dir, prefix, outname,
|
||||||
|
mkimage_target, compnames[compression],
|
||||||
|
+ appsig_size,
|
||||||
|
note ? " --note" : "",
|
||||||
|
disable_shim_lock ? " --disable-shim-lock" : "", s);
|
||||||
|
free (s);
|
||||||
|
@@ -693,7 +703,7 @@
|
||||||
grub_install_generate_image (dir, prefix, fp, outname,
|
grub_install_generate_image (dir, prefix, fp, outname,
|
||||||
modules.entries, memdisk_path,
|
modules.entries, memdisk_path,
|
||||||
pubkeys, npubkeys, config_path, tgt,
|
pubkeys, npubkeys, config_path, tgt,
|
||||||
|
@ -1,51 +0,0 @@
|
|||||||
From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:33:44 +0300
|
|
||||||
Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index
|
|
||||||
attributes
|
|
||||||
|
|
||||||
This fix introduces checks to ensure that bitmaps for directory indices
|
|
||||||
are never read beyond their actual sizes.
|
|
||||||
|
|
||||||
The lack of this check is a minor issue, likely not exploitable in any way.
|
|
||||||
|
|
||||||
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 19 +++++++++++++++++++
|
|
||||||
1 file changed, 19 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index 2d78b96e1..bb70c89fb 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
|
|
||||||
if (is_resident)
|
|
||||||
{
|
|
||||||
+ if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
|
|
||||||
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
|
|
||||||
bitmap_len);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,61 +0,0 @@
|
|||||||
From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:38:19 +0300
|
|
||||||
Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label
|
|
||||||
|
|
||||||
This fix introduces checks to ensure that an NTFS volume label is always
|
|
||||||
read from the corresponding file record segment.
|
|
||||||
|
|
||||||
The current NTFS code allows the volume label string to be read from an
|
|
||||||
arbitrary, attacker-chosen memory location. However, the bytes read are
|
|
||||||
always treated as UTF-16LE. So, the final string displayed is mostly
|
|
||||||
unreadable and it can't be easily converted back to raw bytes.
|
|
||||||
|
|
||||||
The lack of this check is a minor issue, likely not causing a significant
|
|
||||||
data leak.
|
|
||||||
|
|
||||||
Reported-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 18 +++++++++++++++++-
|
|
||||||
1 file changed, 17 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index bb70c89fb..ff5e3740f 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label)
|
|
||||||
|
|
||||||
init_attr (&mft->attr, mft);
|
|
||||||
pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME);
|
|
||||||
+
|
|
||||||
+ if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa < 0x16)
|
|
||||||
+ {
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
|
|
||||||
{
|
|
||||||
int len;
|
|
||||||
|
|
||||||
len = u32at (pa, 0x10) / 2;
|
|
||||||
pa += u16at (pa, 0x14);
|
|
||||||
- *label = get_utf8 (pa, len);
|
|
||||||
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
|
|
||||||
+ *label = get_utf8 (pa, len);
|
|
||||||
+ else
|
|
||||||
+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label");
|
|
||||||
}
|
|
||||||
|
|
||||||
fail:
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -1,159 +0,0 @@
|
|||||||
From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Date: Mon, 28 Aug 2023 16:40:07 +0300
|
|
||||||
Subject: [PATCH 6/6] fs/ntfs: Make code more readable
|
|
||||||
|
|
||||||
Move some calls used to access NTFS attribute header fields into
|
|
||||||
functions with human-readable names.
|
|
||||||
|
|
||||||
Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
|
||||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
||||||
---
|
|
||||||
grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++--------------
|
|
||||||
1 file changed, 33 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
|
||||||
index ff5e3740f..de435aa14 100644
|
|
||||||
--- a/grub-core/fs/ntfs.c
|
|
||||||
+++ b/grub-core/fs/ntfs.c
|
|
||||||
@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs)
|
|
||||||
return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs));
|
|
||||||
}
|
|
||||||
|
|
||||||
+static grub_uint16_t
|
|
||||||
+first_attr_off (void *mft_buf_ptr)
|
|
||||||
+{
|
|
||||||
+ return u16at (mft_buf_ptr, 0x14);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static grub_uint16_t
|
|
||||||
+res_attr_data_off (void *res_attr_ptr)
|
|
||||||
+{
|
|
||||||
+ return u16at (res_attr_ptr, 0x14);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static grub_uint32_t
|
|
||||||
+res_attr_data_len (void *res_attr_ptr)
|
|
||||||
+{
|
|
||||||
+ return u32at (res_attr_ptr, 0x10);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
grub_ntfscomp_func_t grub_ntfscomp_func;
|
|
||||||
|
|
||||||
static grub_err_t
|
|
||||||
@@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft)
|
|
||||||
{
|
|
||||||
at->mft = mft;
|
|
||||||
at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0;
|
|
||||||
- at->attr_nxt = mft->buf + u16at (mft->buf, 0x14);
|
|
||||||
+ at->attr_nxt = mft->buf + first_attr_off (mft->buf);
|
|
||||||
at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)];
|
|
||||||
+ new_pos = &at->emft_buf[first_attr_off (at->emft_buf)];
|
|
||||||
while (*new_pos != 0xFF)
|
|
||||||
{
|
|
||||||
if ((*new_pos == *at->attr_cur)
|
|
||||||
@@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- at->attr_nxt = at->attr_end + u16at (pa, 0x14);
|
|
||||||
+ at->attr_nxt = at->attr_end + res_attr_data_off (pa);
|
|
||||||
at->attr_end = at->attr_end + u32at (pa, 4);
|
|
||||||
pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
|
|
||||||
}
|
|
||||||
@@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
|
|
||||||
|
|
||||||
if (pa[8] == 0)
|
|
||||||
{
|
|
||||||
- if (ofs + len > u32at (pa, 0x10))
|
|
||||||
+ if (ofs + len > res_attr_data_len (pa))
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "read out of range");
|
|
||||||
|
|
||||||
- if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
+ if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
|
|
||||||
|
|
||||||
if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
|
||||||
|
|
||||||
- if (u16at (pa, 0x14) + u32at (pa, 0x10) >
|
|
||||||
+ if (res_attr_data_off (pa) + res_attr_data_len (pa) >
|
|
||||||
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
|
||||||
|
|
||||||
- grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
|
|
||||||
+ grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno)
|
|
||||||
(unsigned long long) mftno);
|
|
||||||
|
|
||||||
if (!pa[8])
|
|
||||||
- mft->size = u32at (pa, 0x10);
|
|
||||||
+ mft->size = res_attr_data_len (pa);
|
|
||||||
else
|
|
||||||
mft->size = u64at (pa, 0x30);
|
|
||||||
|
|
||||||
@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
(u32at (cur_pos, 0x18) != 0x490024) ||
|
|
||||||
(u32at (cur_pos, 0x1C) != 0x300033))
|
|
||||||
continue;
|
|
||||||
- cur_pos += u16at (cur_pos, 0x14);
|
|
||||||
+ cur_pos += res_attr_data_off (cur_pos);
|
|
||||||
if (*cur_pos != 0x30) /* Not filename index */
|
|
||||||
continue;
|
|
||||||
break;
|
|
||||||
@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
{
|
|
||||||
int is_resident = (cur_pos[8] == 0);
|
|
||||||
|
|
||||||
- bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) :
|
|
||||||
+ bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) :
|
|
||||||
u32at (cur_pos, 0x28));
|
|
||||||
|
|
||||||
bmp = grub_malloc (bitmap_len);
|
|
||||||
@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
|
|
||||||
+ if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) >
|
|
||||||
(grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
|
|
||||||
{
|
|
||||||
grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
|
|
||||||
+ grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos),
|
|
||||||
bitmap_len);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label)
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
|
|
||||||
+ if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa)))
|
|
||||||
{
|
|
||||||
int len;
|
|
||||||
|
|
||||||
- len = u32at (pa, 0x10) / 2;
|
|
||||||
- pa += u16at (pa, 0x14);
|
|
||||||
+ len = res_attr_data_len (pa) / 2;
|
|
||||||
+ pa += res_attr_data_off (pa);
|
|
||||||
if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
|
|
||||||
*label = get_utf8 (pa, len);
|
|
||||||
else
|
|
||||||
--
|
|
||||||
2.42.0
|
|
||||||
|
|
@ -89,18 +89,18 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|||||||
|
|
||||||
case GRUB_INSTALL_OPTIONS_VERBOSITY:
|
case GRUB_INSTALL_OPTIONS_VERBOSITY:
|
||||||
verbosity++;
|
verbosity++;
|
||||||
@@ -632,6 +640,9 @@
|
@@ -636,6 +644,9 @@
|
||||||
for (pk = pubkeys; pk < pubkeys + npubkeys; pk++)
|
for (pk = pubkeys; pk < pubkeys + npubkeys; pk++)
|
||||||
slen += 20 + grub_strlen (*pk);
|
slen += sizeof (" --pubkey ''") + grub_strlen (*pk);
|
||||||
|
|
||||||
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
|
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
|
||||||
+ slen += 10 + grub_strlen (*pk);
|
+ slen += 10 + grub_strlen (*pk);
|
||||||
+
|
+
|
||||||
for (md = modules.entries; *md; md++)
|
for (md = modules.entries; *md; md++)
|
||||||
{
|
slen += sizeof (" ''") + grub_strlen (*md);
|
||||||
slen += 10 + grub_strlen (*md);
|
|
||||||
@@ -660,6 +671,14 @@
|
@@ -676,6 +687,14 @@
|
||||||
*p++ = ' ';
|
*p++ = '\'';
|
||||||
}
|
}
|
||||||
|
|
||||||
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
|
+ for (pk = x509keys; pk < x509keys + nx509keys; pk++)
|
||||||
@ -113,8 +113,8 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|||||||
+
|
+
|
||||||
for (md = modules.entries; *md; md++)
|
for (md = modules.entries; *md; md++)
|
||||||
{
|
{
|
||||||
*p++ = '\'';
|
*p++ = ' ';
|
||||||
@@ -688,7 +707,8 @@
|
@@ -702,7 +721,8 @@
|
||||||
|
|
||||||
grub_install_generate_image (dir, prefix, fp, outname,
|
grub_install_generate_image (dir, prefix, fp, outname,
|
||||||
modules.entries, memdisk_path,
|
modules.entries, memdisk_path,
|
||||||
|
@ -18,7 +18,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
|
|
||||||
--- a/docs/grub.texi
|
--- a/docs/grub.texi
|
||||||
+++ b/docs/grub.texi
|
+++ b/docs/grub.texi
|
||||||
@@ -3278,6 +3278,7 @@
|
@@ -3270,6 +3270,7 @@
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
* biosnum::
|
* biosnum::
|
||||||
@ -26,7 +26,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
* check_signatures::
|
* check_signatures::
|
||||||
* chosen::
|
* chosen::
|
||||||
* cmdpath::
|
* cmdpath::
|
||||||
@@ -3342,11 +3343,18 @@
|
@@ -3334,11 +3335,18 @@
|
||||||
chain-loaded system, @pxref{drivemap}.
|
chain-loaded system, @pxref{drivemap}.
|
||||||
|
|
||||||
|
|
||||||
@ -47,7 +47,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
|
|
||||||
@node chosen
|
@node chosen
|
||||||
@subsection chosen
|
@subsection chosen
|
||||||
@@ -4322,6 +4330,7 @@
|
@@ -4357,6 +4365,7 @@
|
||||||
* date:: Display or set current date and time
|
* date:: Display or set current date and time
|
||||||
* devicetree:: Load a device tree blob
|
* devicetree:: Load a device tree blob
|
||||||
* distrust:: Remove a pubkey from trusted keys
|
* distrust:: Remove a pubkey from trusted keys
|
||||||
@ -55,15 +55,15 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
* drivemap:: Map a drive to another
|
* drivemap:: Map a drive to another
|
||||||
* echo:: Display a line of text
|
* echo:: Display a line of text
|
||||||
* efitextmode:: Set/Get text output mode resolution
|
* efitextmode:: Set/Get text output mode resolution
|
||||||
@@ -4337,6 +4346,7 @@
|
@@ -4373,6 +4382,7 @@
|
||||||
* help:: Show help messages
|
* hexdump:: Show raw contents of a file or memory
|
||||||
* insmod:: Insert a module
|
* insmod:: Insert a module
|
||||||
* keystatus:: Check key modifier status
|
* keystatus:: Check key modifier status
|
||||||
+* list_certificates:: List trusted certificates
|
+* list_certificates:: List trusted certificates
|
||||||
* list_env:: List variables in environment block
|
* list_env:: List variables in environment block
|
||||||
* list_trusted:: List trusted public keys
|
* list_trusted:: List trusted public keys
|
||||||
* load_env:: Load variables from environment block
|
* load_env:: Load variables from environment block
|
||||||
@@ -4375,8 +4385,10 @@
|
@@ -4411,8 +4421,10 @@
|
||||||
* test:: Check file types and compare values
|
* test:: Check file types and compare values
|
||||||
* true:: Do nothing, successfully
|
* true:: Do nothing, successfully
|
||||||
* trust:: Add public key to list of trusted keys
|
* trust:: Add public key to list of trusted keys
|
||||||
@ -74,7 +74,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
* verify_detached:: Verify detached digital signature
|
* verify_detached:: Verify detached digital signature
|
||||||
* videoinfo:: List available video modes
|
* videoinfo:: List available video modes
|
||||||
* wrmsr:: Write values to model-specific registers
|
* wrmsr:: Write values to model-specific registers
|
||||||
@@ -4710,9 +4722,28 @@
|
@@ -4752,9 +4764,28 @@
|
||||||
@code{check_signatures} is set to @code{enforce}
|
@code{check_signatures} is set to @code{enforce}
|
||||||
(@pxref{check_signatures}), and by some invocations of
|
(@pxref{check_signatures}), and by some invocations of
|
||||||
@command{verify_detached} (@pxref{verify_detached}). @xref{Using
|
@command{verify_detached} (@pxref{verify_detached}). @xref{Using
|
||||||
@ -104,7 +104,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@node drivemap
|
@node drivemap
|
||||||
@subsection drivemap
|
@subsection drivemap
|
||||||
|
|
||||||
@@ -4975,6 +5006,21 @@
|
@@ -5031,6 +5062,21 @@
|
||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
|
|
||||||
@ -126,7 +126,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@node list_env
|
@node list_env
|
||||||
@subsection list_env
|
@subsection list_env
|
||||||
|
|
||||||
@@ -4994,7 +5040,7 @@
|
@@ -5050,7 +5096,7 @@
|
||||||
@code{gpg --fingerprint}). The least significant four bytes (last
|
@code{gpg --fingerprint}). The least significant four bytes (last
|
||||||
eight hexadecimal digits) can be used as an argument to
|
eight hexadecimal digits) can be used as an argument to
|
||||||
@command{distrust} (@pxref{distrust}).
|
@command{distrust} (@pxref{distrust}).
|
||||||
@ -135,7 +135,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
these keys.
|
these keys.
|
||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
@@ -5029,8 +5075,12 @@
|
@@ -5085,8 +5131,12 @@
|
||||||
administrator to configure a system to boot only signed
|
administrator to configure a system to boot only signed
|
||||||
configurations, but to allow the user to select from among multiple
|
configurations, but to allow the user to select from among multiple
|
||||||
configurations, and to enable ``one-shot'' boot attempts and
|
configurations, and to enable ``one-shot'' boot attempts and
|
||||||
@ -149,7 +149,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
|
|
||||||
@@ -5401,7 +5451,7 @@
|
@@ -5457,7 +5507,7 @@
|
||||||
file from within GRUB using this command, such that its signature will
|
file from within GRUB using this command, such that its signature will
|
||||||
no longer be valid on subsequent boots. Care should be taken in such
|
no longer be valid on subsequent boots. Care should be taken in such
|
||||||
advanced configurations to avoid rendering the system
|
advanced configurations to avoid rendering the system
|
||||||
@ -158,7 +158,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
|
|
||||||
@@ -5817,11 +5867,31 @@
|
@@ -5873,11 +5923,31 @@
|
||||||
must itself be properly signed. The @option{--skip-sig} option can be
|
must itself be properly signed. The @option{--skip-sig} option can be
|
||||||
used to disable signature-checking when reading @var{pubkey_file}
|
used to disable signature-checking when reading @var{pubkey_file}
|
||||||
itself. It is expected that @option{--skip-sig} is useful for testing
|
itself. It is expected that @option{--skip-sig} is useful for testing
|
||||||
@ -191,7 +191,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@node unset
|
@node unset
|
||||||
@subsection unset
|
@subsection unset
|
||||||
|
|
||||||
@@ -5840,6 +5910,18 @@
|
@@ -5896,6 +5966,18 @@
|
||||||
@end deffn
|
@end deffn
|
||||||
@end ignore
|
@end ignore
|
||||||
|
|
||||||
@ -210,7 +210,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
|
|
||||||
@node verify_detached
|
@node verify_detached
|
||||||
@subsection verify_detached
|
@subsection verify_detached
|
||||||
@@ -5858,7 +5940,7 @@
|
@@ -5914,7 +5996,7 @@
|
||||||
|
|
||||||
Exit code @code{$?} is set to 0 if the signature validates
|
Exit code @code{$?} is set to 0 if the signature validates
|
||||||
successfully. If validation fails, it is set to a non-zero value.
|
successfully. If validation fails, it is set to a non-zero value.
|
||||||
@ -219,7 +219,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
@node videoinfo
|
@node videoinfo
|
||||||
@@ -6339,13 +6421,14 @@
|
@@ -6394,13 +6476,14 @@
|
||||||
@chapter Security
|
@chapter Security
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
@ -241,7 +241,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
@end menu
|
@end menu
|
||||||
|
|
||||||
@node Authentication and authorisation
|
@node Authentication and authorisation
|
||||||
@@ -6419,8 +6502,8 @@
|
@@ -6474,8 +6557,8 @@
|
||||||
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
|
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
|
||||||
commands.
|
commands.
|
||||||
|
|
||||||
@ -252,7 +252,7 @@ v2: fix a grammar issue, thanks Stefan Berger.
|
|||||||
|
|
||||||
GRUB's @file{core.img} can optionally provide enforcement that all files
|
GRUB's @file{core.img} can optionally provide enforcement that all files
|
||||||
subsequently read from disk are covered by a valid digital signature.
|
subsequently read from disk are covered by a valid digital signature.
|
||||||
@@ -6503,6 +6586,82 @@
|
@@ -6558,6 +6641,82 @@
|
||||||
(attacker-controlled) device. GRUB is at best only one link in a
|
(attacker-controlled) device. GRUB is at best only one link in a
|
||||||
secure boot chain.
|
secure boot chain.
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|||||||
|
|
||||||
--- a/docs/grub.texi
|
--- a/docs/grub.texi
|
||||||
+++ b/docs/grub.texi
|
+++ b/docs/grub.texi
|
||||||
@@ -6740,8 +6740,8 @@
|
@@ -6795,8 +6795,8 @@
|
||||||
@section Lockdown when booting on a secure setup
|
@section Lockdown when booting on a secure setup
|
||||||
|
|
||||||
The GRUB can be locked down when booted on a secure boot environment, for example
|
The GRUB can be locked down when booted on a secure boot environment, for example
|
||||||
@ -39,15 +39,15 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|||||||
sparc64_ieee1275 = kern/sparc64/dl.c;
|
sparc64_ieee1275 = kern/sparc64/dl.c;
|
||||||
--- a/grub-core/kern/ieee1275/init.c
|
--- a/grub-core/kern/ieee1275/init.c
|
||||||
+++ b/grub-core/kern/ieee1275/init.c
|
+++ b/grub-core/kern/ieee1275/init.c
|
||||||
@@ -44,6 +44,7 @@
|
@@ -49,6 +49,7 @@
|
||||||
#ifdef __sparc__
|
#if defined(__powerpc__) || defined(__i386__)
|
||||||
#include <grub/machine/kernel.h>
|
#include <grub/ieee1275/alloc.h>
|
||||||
#endif
|
#endif
|
||||||
+#include <grub/lockdown.h>
|
+#include <grub/lockdown.h>
|
||||||
|
|
||||||
/* The maximum heap size we're going to claim at boot. Not used by sparc. */
|
/* The maximum heap size we're going to claim at boot. Not used by sparc. */
|
||||||
#ifdef __i386__
|
#ifdef __i386__
|
||||||
@@ -708,6 +709,30 @@
|
@@ -893,6 +894,30 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,7 +78,7 @@ Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|||||||
grub_addr_t grub_modbase;
|
grub_addr_t grub_modbase;
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -733,6 +758,8 @@
|
@@ -918,6 +943,8 @@
|
||||||
#else
|
#else
|
||||||
grub_install_get_time_ms (grub_rtc_get_time_ms);
|
grub_install_get_time_ms (grub_rtc_get_time_ms);
|
||||||
#endif
|
#endif
|
||||||
|
4
fix_no_extra_deps_in_release_tarball.patch
Normal file
4
fix_no_extra_deps_in_release_tarball.patch
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
--- /dev/null
|
||||||
|
+++ b/grub-core/extra_deps.lst
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+depends bli part_gpt
|
BIN
grub-2.12.tar.xz
(Stored with Git LFS)
Normal file
BIN
grub-2.12.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
grub-2.12~rc1.tar.xz
(Stored with Git LFS)
BIN
grub-2.12~rc1.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -81,11 +81,10 @@
|
|||||||
if (!bootloader_id && config.grub_distributor)
|
if (!bootloader_id && config.grub_distributor)
|
||||||
{
|
{
|
||||||
char *ptr;
|
char *ptr;
|
||||||
@@ -1426,6 +1431,16 @@
|
@@ -1451,6 +1456,15 @@
|
||||||
fprintf (load_cfg_f, "set debug='%s'\n",
|
debug_image);
|
||||||
debug_image);
|
|
||||||
}
|
}
|
||||||
+
|
|
||||||
+ if (config.is_suse_btrfs_snapshot_enabled
|
+ if (config.is_suse_btrfs_snapshot_enabled
|
||||||
+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0)
|
+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0)
|
||||||
+ {
|
+ {
|
||||||
@ -95,9 +94,9 @@
|
|||||||
+ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n");
|
+ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n");
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
char *prefix_drive = NULL;
|
if (!have_abstractions)
|
||||||
char *install_drive = NULL;
|
{
|
||||||
|
if ((disk_module && grub_strcmp (disk_module, "biosdisk") != 0)
|
||||||
--- a/grub-core/osdep/linux/getroot.c
|
--- a/grub-core/osdep/linux/getroot.c
|
||||||
+++ b/grub-core/osdep/linux/getroot.c
|
+++ b/grub-core/osdep/linux/getroot.c
|
||||||
@@ -373,6 +373,7 @@
|
@@ -373,6 +373,7 @@
|
||||||
|
@ -32,10 +32,10 @@
|
|||||||
GRUB_MOD_FINI(ieee1275_fb)
|
GRUB_MOD_FINI(ieee1275_fb)
|
||||||
--- a/include/grub/ieee1275/ieee1275.h
|
--- a/include/grub/ieee1275/ieee1275.h
|
||||||
+++ b/include/grub/ieee1275/ieee1275.h
|
+++ b/include/grub/ieee1275/ieee1275.h
|
||||||
@@ -141,6 +141,8 @@
|
@@ -145,6 +145,8 @@
|
||||||
*/
|
GRUB_IEEE1275_FLAG_POWER_VM,
|
||||||
GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY,
|
|
||||||
#endif
|
GRUB_IEEE1275_FLAG_POWER_KVM,
|
||||||
+
|
+
|
||||||
+ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT
|
+ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT
|
||||||
};
|
};
|
||||||
|
@ -163,7 +163,7 @@ V20:
|
|||||||
name = grub-mkconfig_lib;
|
name = grub-mkconfig_lib;
|
||||||
common = util/grub-mkconfig_lib.in;
|
common = util/grub-mkconfig_lib.in;
|
||||||
installdir = noinst;
|
installdir = noinst;
|
||||||
@@ -1375,6 +1420,7 @@
|
@@ -1381,6 +1426,7 @@
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/lib/gnulib/libgnu.a;
|
ldadd = grub-core/lib/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
@ -186,7 +186,7 @@ V20:
|
|||||||
|
|
||||||
case "$target_os" in
|
case "$target_os" in
|
||||||
windows* | mingw32*) target_os=cygwin ;;
|
windows* | mingw32*) target_os=cygwin ;;
|
||||||
@@ -2093,6 +2093,9 @@
|
@@ -2158,6 +2158,9 @@
|
||||||
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
|
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
|
||||||
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
|
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
|
||||||
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
|
AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen])
|
||||||
@ -198,7 +198,7 @@ V20:
|
|||||||
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
|
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
|
||||||
--- a/grub-core/Makefile.core.def
|
--- a/grub-core/Makefile.core.def
|
||||||
+++ b/grub-core/Makefile.core.def
|
+++ b/grub-core/Makefile.core.def
|
||||||
@@ -1183,6 +1183,7 @@
|
@@ -1186,6 +1186,7 @@
|
||||||
module = {
|
module = {
|
||||||
name = videotest;
|
name = videotest;
|
||||||
common = commands/videotest.c;
|
common = commands/videotest.c;
|
||||||
@ -206,7 +206,7 @@ V20:
|
|||||||
};
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
@@ -1637,6 +1638,7 @@
|
@@ -1640,6 +1641,7 @@
|
||||||
common = gfxmenu/gui_progress_bar.c;
|
common = gfxmenu/gui_progress_bar.c;
|
||||||
common = gfxmenu/gui_util.c;
|
common = gfxmenu/gui_util.c;
|
||||||
common = gfxmenu/gui_string_util.c;
|
common = gfxmenu/gui_string_util.c;
|
||||||
@ -214,7 +214,7 @@ V20:
|
|||||||
};
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
@@ -2075,11 +2077,13 @@
|
@@ -2078,11 +2080,13 @@
|
||||||
name = gfxterm;
|
name = gfxterm;
|
||||||
common = term/gfxterm.c;
|
common = term/gfxterm.c;
|
||||||
enable = videomodules;
|
enable = videomodules;
|
||||||
@ -228,7 +228,7 @@ V20:
|
|||||||
};
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
@@ -2202,6 +2206,7 @@
|
@@ -2205,6 +2209,7 @@
|
||||||
enable = x86_64_efi;
|
enable = x86_64_efi;
|
||||||
enable = emu;
|
enable = emu;
|
||||||
enable = xen;
|
enable = xen;
|
||||||
@ -236,7 +236,7 @@ V20:
|
|||||||
};
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
@@ -2248,6 +2253,7 @@
|
@@ -2251,6 +2256,7 @@
|
||||||
module = {
|
module = {
|
||||||
name = gfxterm_menu;
|
name = gfxterm_menu;
|
||||||
common = tests/gfxterm_menu.c;
|
common = tests/gfxterm_menu.c;
|
||||||
@ -244,7 +244,7 @@ V20:
|
|||||||
};
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
@@ -2409,6 +2415,7 @@
|
@@ -2412,6 +2418,7 @@
|
||||||
enable = x86_64_efi;
|
enable = x86_64_efi;
|
||||||
enable = emu;
|
enable = emu;
|
||||||
enable = xen;
|
enable = xen;
|
||||||
@ -316,7 +316,7 @@ V20:
|
|||||||
int
|
int
|
||||||
--- a/util/grub-install-common.c
|
--- a/util/grub-install-common.c
|
||||||
+++ b/util/grub-install-common.c
|
+++ b/util/grub-install-common.c
|
||||||
@@ -911,6 +911,7 @@
|
@@ -924,6 +924,7 @@
|
||||||
[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" },
|
[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" },
|
||||||
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" },
|
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" },
|
||||||
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" },
|
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" },
|
||||||
@ -415,10 +415,10 @@ V20:
|
|||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
grub_install_copy_files (grub_install_source_directory,
|
size_t ndev = 0;
|
||||||
grubdir, platform);
|
|
||||||
|
|
||||||
@@ -1541,6 +1570,7 @@
|
/* Write device to a variable so we don't have to traverse /dev every time. */
|
||||||
|
@@ -1543,6 +1572,7 @@
|
||||||
case GRUB_INSTALL_PLATFORM_I386_XEN:
|
case GRUB_INSTALL_PLATFORM_I386_XEN:
|
||||||
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
|
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
|
||||||
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
|
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
|
||||||
@ -426,7 +426,7 @@ V20:
|
|||||||
grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance"));
|
grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance"));
|
||||||
break;
|
break;
|
||||||
/* pacify warning. */
|
/* pacify warning. */
|
||||||
@@ -1659,6 +1689,10 @@
|
@@ -1661,6 +1691,10 @@
|
||||||
strcpy (mkimage_target, "sparc64-ieee1275-raw");
|
strcpy (mkimage_target, "sparc64-ieee1275-raw");
|
||||||
core_name = "core.img";
|
core_name = "core.img";
|
||||||
break;
|
break;
|
||||||
@ -437,7 +437,7 @@ V20:
|
|||||||
/* pacify warning. */
|
/* pacify warning. */
|
||||||
case GRUB_INSTALL_PLATFORM_MAX:
|
case GRUB_INSTALL_PLATFORM_MAX:
|
||||||
break;
|
break;
|
||||||
@@ -1674,6 +1708,7 @@
|
@@ -1676,6 +1710,7 @@
|
||||||
core_name);
|
core_name);
|
||||||
char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
|
char *prefix = xasprintf ("%s%s", prefix_drive ? : "",
|
||||||
relative_grubdir);
|
relative_grubdir);
|
||||||
@ -445,7 +445,7 @@ V20:
|
|||||||
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
|
grub_install_make_image_wrap (/* source dir */ grub_install_source_directory,
|
||||||
/*prefix */ prefix,
|
/*prefix */ prefix,
|
||||||
/* output */ imgfile,
|
/* output */ imgfile,
|
||||||
@@ -1712,6 +1747,10 @@
|
@@ -1714,6 +1749,10 @@
|
||||||
/* image target */ mkimage_target, 0);
|
/* image target */ mkimage_target, 0);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -456,7 +456,7 @@ V20:
|
|||||||
case GRUB_INSTALL_PLATFORM_ARM_EFI:
|
case GRUB_INSTALL_PLATFORM_ARM_EFI:
|
||||||
case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
||||||
case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
|
case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
|
||||||
@@ -2011,6 +2050,10 @@
|
@@ -2013,6 +2052,10 @@
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 10 08:13:00 UTC 2024 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
- Version bump to 2.12 (PED-5589)
|
||||||
|
* Added:
|
||||||
|
- grub-2.12.tar.xz
|
||||||
|
- fix_no_extra_deps_in_release_tarball.patch
|
||||||
|
* Removed:
|
||||||
|
- grub-2.12~rc1.tar.xz
|
||||||
|
* Patch dropped as it merged into new version:
|
||||||
|
- 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
|
||||||
|
- 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
|
||||||
|
- 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
|
||||||
|
- 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
|
||||||
|
- 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
|
||||||
|
- 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
|
||||||
|
- 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
|
||||||
|
- 0006-fs-ntfs-Make-code-more-readable.patch
|
||||||
|
- 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
|
||||||
|
- 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
|
||||||
|
- 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
|
||||||
|
- 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
|
||||||
|
- 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
|
||||||
|
- 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
|
||||||
|
* Patch adjusted for the updated base version:
|
||||||
|
- use-grub2-as-a-package-name.patch
|
||||||
|
- grub2-s390x-04-grub2-install.patch
|
||||||
|
- grub2-btrfs-04-grub2-install.patch
|
||||||
|
- grub2-ppc64le-disable-video.patch
|
||||||
|
- 0002-AUDIT-0-http-boot-tracker-bug.patch
|
||||||
|
- 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
|
||||||
|
- 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
|
||||||
|
- 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
|
||||||
|
- 0016-grub-install-support-embedding-x509-certificates.patch
|
||||||
|
- 0021-appended-signatures-documentation.patch
|
||||||
|
- 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
|
||||||
|
- safe_tpm_pcr_snapshot.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 3 10:05:50 UTC 2024 - Michael Chang <mchang@suse.com>
|
Wed Jan 3 10:05:50 UTC 2024 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
46
grub2.spec
46
grub2.spec
@ -166,13 +166,13 @@ BuildRequires: fde-tpm-helper-rpm-macros
|
|||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Version: 2.12~rc1
|
Version: 2.12
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
Group: System/Boot
|
Group: System/Boot
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz
|
Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz
|
||||||
Source1: 90_persistent
|
Source1: 90_persistent
|
||||||
Source2: grub.default
|
Source2: grub.default
|
||||||
Source4: grub2.rpmlintrc
|
Source4: grub2.rpmlintrc
|
||||||
@ -372,33 +372,21 @@ Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
|
|||||||
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
|
Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
|
||||||
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
|
Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch
|
||||||
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
|
Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch
|
||||||
Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
|
Patch183: grub2-change-bash-completion-dir.patch
|
||||||
Patch184: grub2-change-bash-completion-dir.patch
|
Patch184: 0001-protectors-Implement-NV-index.patch
|
||||||
Patch185: 0001-protectors-Implement-NV-index.patch
|
Patch185: 0002-cryptodisk-Fallback-to-passphrase.patch
|
||||||
Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch
|
Patch186: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
|
||||||
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
|
Patch187: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
|
||||||
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
|
Patch188: grub2-mkconfig-riscv64.patch
|
||||||
Patch189: grub2-mkconfig-riscv64.patch
|
Patch189: arm64-Use-proper-memory-type-for-kernel-allocation.patch
|
||||||
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
|
Patch190: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
|
||||||
Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
|
Patch191: Fix-the-size-calculation-for-the-synthesized-initrd.patch
|
||||||
Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
|
Patch192: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
|
||||||
Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
|
Patch193: 0002-Restrict-file-access-on-cryptodisk-print.patch
|
||||||
Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
|
Patch194: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
|
||||||
Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
|
Patch195: 0004-Key-revocation-on-out-of-bound-file-access.patch
|
||||||
Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
|
# Workaround for 2.12 tarball
|
||||||
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
|
Patch196: fix_no_extra_deps_in_release_tarball.patch
|
||||||
Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
|
|
||||||
Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
|
|
||||||
Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
|
|
||||||
Patch201: 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
|
|
||||||
Patch202: 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
|
|
||||||
Patch203: 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
|
|
||||||
Patch204: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
|
|
||||||
Patch205: 0002-Restrict-file-access-on-cryptodisk-print.patch
|
|
||||||
Patch206: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
|
|
||||||
Patch207: 0004-Key-revocation-on-out-of-bound-file-access.patch
|
|
||||||
Patch208: 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
|
|
||||||
Patch209: 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
|
|
||||||
|
|
||||||
Requires: gettext-runtime
|
Requires: gettext-runtime
|
||||||
%if 0%{?suse_version} >= 1140
|
%if 0%{?suse_version} >= 1140
|
||||||
|
@ -76,7 +76,7 @@
|
|||||||
GRUB_MOD_INIT (tpm)
|
GRUB_MOD_INIT (tpm)
|
||||||
--- a/util/grub-install.c
|
--- a/util/grub-install.c
|
||||||
+++ b/util/grub-install.c
|
+++ b/util/grub-install.c
|
||||||
@@ -1501,8 +1501,9 @@
|
@@ -1560,8 +1560,9 @@
|
||||||
|
|
||||||
grub_util_unlink (load_cfg);
|
grub_util_unlink (load_cfg);
|
||||||
|
|
||||||
@ -87,7 +87,7 @@
|
|||||||
load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
||||||
have_load_cfg = 1;
|
have_load_cfg = 1;
|
||||||
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
|
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
|
||||||
@@ -1510,7 +1511,8 @@
|
@@ -1569,7 +1570,8 @@
|
||||||
|
|
||||||
if (debug_image && debug_image[0])
|
if (debug_image && debug_image[0])
|
||||||
{
|
{
|
||||||
@ -96,4 +96,4 @@
|
|||||||
+ load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
+ load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
||||||
have_load_cfg = 1;
|
have_load_cfg = 1;
|
||||||
fprintf (load_cfg_f, "set debug='%s'\n",
|
fprintf (load_cfg_f, "set debug='%s'\n",
|
||||||
debug_image);
|
debug_image);
|
||||||
|
@ -18,8 +18,8 @@ Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
|
|||||||
dnl the target type. See INSTALL for full list of variables and
|
dnl the target type. See INSTALL for full list of variables and
|
||||||
dnl description of the relationships between them.
|
dnl description of the relationships between them.
|
||||||
|
|
||||||
-AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org])
|
-AC_INIT([GRUB],[2.12],[bug-grub@gnu.org])
|
||||||
+AC_INIT([GRUB2],[2.12~rc1],[bug-grub@gnu.org])
|
+AC_INIT([GRUB2],[2.12],[bug-grub@gnu.org])
|
||||||
|
|
||||||
AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
|
AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
|
||||||
[n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],
|
[n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],
|
||||||
|
Loading…
Reference in New Issue
Block a user