Accepting request 874453 from Base:System
OBS-URL: https://build.opensuse.org/request/show/874453 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=233
This commit is contained in:
parent
8742a56da9
commit
f2623d53c7
47
0001-Fix-build-error-in-binutils-2.36.patch
Normal file
47
0001-Fix-build-error-in-binutils-2.36.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 7801d671905329d28e789082225570fc54fe5784 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Chang <mchang@suse.com>
|
||||||
|
Date: Fri, 19 Feb 2021 17:40:43 +0800
|
||||||
|
Subject: [PATCH] Fix build error in binutils 2.36
|
||||||
|
|
||||||
|
The build fails in binutils 2.36
|
||||||
|
|
||||||
|
[ 520s] cat kernel_syms.lst > syminfo.lst.new
|
||||||
|
[ 520s] /usr/lib64/gcc/x86_64-suse-linux/10/../../../../x86_64-suse-linux/bin/ld: section .note.gnu.property VMA [0000000000400158,0000000000400187] overlaps section .bss VMA [000000000000f000,000000000041e1af]
|
||||||
|
|
||||||
|
It is caused by assembler now generates the GNU property notes section
|
||||||
|
by default. Use the assmbler option -mx86-used-note=no to disable the
|
||||||
|
section from being generated to workaround the ensuing linker issue.
|
||||||
|
|
||||||
|
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||||
|
---
|
||||||
|
configure.ac | 14 ++++++++++++++
|
||||||
|
1 file changed, 14 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index c39e8379f..a3fb713ad 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -827,6 +827,20 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p
|
||||||
|
TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
|
||||||
|
fi
|
||||||
|
|
||||||
|
+if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ); then
|
||||||
|
+ AC_CACHE_CHECK([whether -Wa,-mx86-used-note works], [grub_cv_cc_mx86_used_note], [
|
||||||
|
+ CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no -Werror"
|
||||||
|
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
|
||||||
|
+ [grub_cv_cc_mx86_used_note=yes],
|
||||||
|
+ [grub_cv_cc_mx86_used_note=no])
|
||||||
|
+ ])
|
||||||
|
+
|
||||||
|
+ if test "x$grub_cv_cc_mx86_used_note" = xyes; then
|
||||||
|
+ TARGET_CFLAGS="$TARGET_CFLAGS -Wa,-mx86-used-note=no"
|
||||||
|
+ TARGET_CCASFLAGS="$TARGET_CCASFLAGS -Wa,-mx86-used-note=no"
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
# GRUB doesn't use float or doubles at all. Yet some toolchains may decide
|
||||||
|
# that floats are a good fit to run instead of what's written in the code.
|
||||||
|
# Given that floating point unit is disabled (if present to begin with)
|
||||||
|
--
|
||||||
|
2.30.0
|
||||||
|
|
73
0001-emu-fix-executable-stack-marking.patch
Normal file
73
0001-emu-fix-executable-stack-marking.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From 4cc06bef26c3573309086bec4472cc9151b0379e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Chang <mchang@suse.com>
|
||||||
|
Date: Mon, 1 Feb 2021 20:14:12 +0800
|
||||||
|
Subject: [PATCH] emu: fix executable stack marking
|
||||||
|
|
||||||
|
The gcc by default assumes executable stack is required if the source
|
||||||
|
object file doesn't have .note.GNU-stack section in place. If any of the
|
||||||
|
source objects doesn't incorporate the GNU-stack note, the resulting
|
||||||
|
program will have executable stack flag set in PT_GNU_STACK program
|
||||||
|
header to instruct program loader or kernel to set up the exeutable
|
||||||
|
stack when program loads to memory.
|
||||||
|
|
||||||
|
Usually the .note.GNU-stack section will be generated by gcc
|
||||||
|
automatically if it finds that executable stack is not required. However
|
||||||
|
it doesn't take care of generating .note.GNU-stack section for those
|
||||||
|
object files built from assembler sources. This leads to unnecessary
|
||||||
|
risk of security of exploiting the executable stack because those
|
||||||
|
assembler sources don't actually require stack to be executable to work.
|
||||||
|
|
||||||
|
The grub-emu and grub-emu-lite are found to flag stack as executable
|
||||||
|
revealed by execstack tool.
|
||||||
|
|
||||||
|
$ mkdir -p build-emu && cd build-emu
|
||||||
|
$ ../configure --with-platform=emu && make
|
||||||
|
$ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
|
||||||
|
X grub-core/grub-emu
|
||||||
|
X grub-core/grub-emu-lite
|
||||||
|
|
||||||
|
This patch will add the missing GNU-stack note to the assembler source
|
||||||
|
used by both utilities, therefore the result doesn't count on gcc
|
||||||
|
default behavior and the executable stack is disabled.
|
||||||
|
|
||||||
|
$ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
|
||||||
|
- grub-core/grub-emu
|
||||||
|
- grub-core/grub-emu-lite
|
||||||
|
|
||||||
|
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||||
|
---
|
||||||
|
grub-core/kern/emu/cache_s.S | 5 +++++
|
||||||
|
grub-core/lib/setjmp.S | 4 ++++
|
||||||
|
2 files changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/grub-core/kern/emu/cache_s.S b/grub-core/kern/emu/cache_s.S
|
||||||
|
index 7bb1e1441..fca85c69e 100644
|
||||||
|
--- a/grub-core/kern/emu/cache_s.S
|
||||||
|
+++ b/grub-core/kern/emu/cache_s.S
|
||||||
|
@@ -2,6 +2,11 @@
|
||||||
|
#error "This source is only meant for grub-emu platform"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+/* An executable stack is not required for these functions */
|
||||||
|
+#if defined (__linux__) && defined (__ELF__)
|
||||||
|
+.section .note.GNU-stack,"",@progbits
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#if defined(__i386__) || defined(__x86_64__)
|
||||||
|
/* Nothing is necessary. */
|
||||||
|
#elif defined(__sparc__)
|
||||||
|
diff --git a/grub-core/lib/setjmp.S b/grub-core/lib/setjmp.S
|
||||||
|
index a37467760..16f676368 100644
|
||||||
|
--- a/grub-core/lib/setjmp.S
|
||||||
|
+++ b/grub-core/lib/setjmp.S
|
||||||
|
@@ -1,3 +1,7 @@
|
||||||
|
+/* An executable stack is not required for these functions */
|
||||||
|
+#if defined (__linux__) && defined (__ELF__)
|
||||||
|
+.section .note.GNU-stack,"",@progbits
|
||||||
|
+#endif
|
||||||
|
#if defined(__i386__)
|
||||||
|
#include "./i386/setjmp.S"
|
||||||
|
#elif defined(__x86_64__)
|
||||||
|
--
|
||||||
|
2.30.0
|
||||||
|
|
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 22 12:49:48 UTC 2021 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
- Fix build error in binutils 2.36 (bsc#1181741)
|
||||||
|
* 0001-Fix-build-error-in-binutils-2.36.patch
|
||||||
|
- Fix executable stack in grub-emu (bsc#1181696)
|
||||||
|
* 0001-emu-fix-executable-stack-marking.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 18 05:21:29 UTC 2021 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
- Restore compatibilty sym-links
|
||||||
|
* grub2.spec
|
||||||
|
- Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044)
|
||||||
|
* grub2.rpmlintrc
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 27 04:13:32 UTC 2021 - Michael Chang <mchang@suse.com>
|
Wed Jan 27 04:13:32 UTC 2021 - Michael Chang <mchang@suse.com>
|
||||||
|
|
||||||
|
@ -7,7 +7,8 @@ addFilter("statically-linked-binary .*/grub2/*/kernel.img")
|
|||||||
addFilter("unstripped-binary-or-object .*/grub2/*/.*.mod")
|
addFilter("unstripped-binary-or-object .*/grub2/*/.*.mod")
|
||||||
# TODO: s390 Experts: is this sensible?!
|
# TODO: s390 Experts: is this sensible?!
|
||||||
addFilter("s390x: W: executable-stack")
|
addFilter("s390x: W: executable-stack")
|
||||||
#
|
# We need to provide compatibility sym-links in noarch package
|
||||||
addFilter("suse-filelist-forbidden-noarch")
|
addFilter("suse-filelist-forbidden-noarch")
|
||||||
|
addFilter("filelist-forbidden-noarch")
|
||||||
#
|
#
|
||||||
addFilter('arch-independent-package-contains-binary-or-object')
|
addFilter('arch-independent-package-contains-binary-or-object')
|
||||||
|
36
grub2.spec
36
grub2.spec
@ -346,6 +346,8 @@ Patch735: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
|
|||||||
Patch736: 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
|
Patch736: 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
|
||||||
Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
|
Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
|
||||||
Patch738: 0009-squash-Add-support-for-linuxefi.patch
|
Patch738: 0009-squash-Add-support-for-linuxefi.patch
|
||||||
|
Patch739: 0001-Fix-build-error-in-binutils-2.36.patch
|
||||||
|
Patch740: 0001-emu-fix-executable-stack-marking.patch
|
||||||
|
|
||||||
Requires: gettext-runtime
|
Requires: gettext-runtime
|
||||||
%if 0%{?suse_version} >= 1140
|
%if 0%{?suse_version} >= 1140
|
||||||
@ -468,10 +470,6 @@ Requires(post): perl-Bootloader >= 0.706
|
|||||||
%endif
|
%endif
|
||||||
Provides: %{name}-efi = %{version}-%{release}
|
Provides: %{name}-efi = %{version}-%{release}
|
||||||
Obsoletes: %{name}-efi < %{version}-%{release}
|
Obsoletes: %{name}-efi < %{version}-%{release}
|
||||||
%ifarch x86_64
|
|
||||||
Conflicts: python2-kiwi < 9.17.12
|
|
||||||
Conflicts: python3-kiwi < 9.17.12
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description %{grubefiarch}
|
%description %{grubefiarch}
|
||||||
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
|
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
|
||||||
@ -504,7 +502,6 @@ Group: System/Boot
|
|||||||
Provides: %{name}-xen = %{version}-%{release}
|
Provides: %{name}-xen = %{version}-%{release}
|
||||||
Obsoletes: %{name}-xen < %{version}-%{release}
|
Obsoletes: %{name}-xen < %{version}-%{release}
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
Conflicts: xen < 4.12.0_03
|
|
||||||
|
|
||||||
%description %{grubxenarch}
|
%description %{grubxenarch}
|
||||||
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
|
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
|
||||||
@ -685,6 +682,8 @@ swap partition while in resuming
|
|||||||
%patch736 -p1
|
%patch736 -p1
|
||||||
%patch737 -p1
|
%patch737 -p1
|
||||||
%patch738 -p1
|
%patch738 -p1
|
||||||
|
%patch739 -p1
|
||||||
|
%patch740 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# collect evidence to debug spurious build failure on SLE15
|
# collect evidence to debug spurious build failure on SLE15
|
||||||
@ -866,6 +865,14 @@ cd ..
|
|||||||
cd build-xen
|
cd build-xen
|
||||||
%make_install
|
%make_install
|
||||||
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
|
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
|
||||||
|
# provide compatibility sym-link for VM definitions pointing to old location
|
||||||
|
install -d %{buildroot}%{_libdir}/%{name}/%{grubxenarch}
|
||||||
|
ln -srf %{buildroot}%{_datadir}/%{name}/%{grubxenarch}/grub.xen %{buildroot}%{_libdir}/%{name}/%{grubxenarch}/grub.xen
|
||||||
|
cat <<-EoM >%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/DEPRECATED
|
||||||
|
This directory and its contents was moved to %{_datadir}/%{name}/%{grubxenarch}.
|
||||||
|
Individual symbolic links are provided for a smooth transition.
|
||||||
|
Please update your VM definition files to use the new location!
|
||||||
|
EoM
|
||||||
cd ..
|
cd ..
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -883,6 +890,16 @@ install -m 644 grub-tpm.efi %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/.
|
|||||||
%define sysefidir %{sysefibasedir}/%{_target_cpu}
|
%define sysefidir %{sysefibasedir}/%{_target_cpu}
|
||||||
install -d %{buildroot}/%{sysefidir}
|
install -d %{buildroot}/%{sysefidir}
|
||||||
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}%{sysefidir}/grub.efi
|
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}%{sysefidir}/grub.efi
|
||||||
|
%ifarch x86_64
|
||||||
|
# provide compatibility sym-link for previous shim-install and the like
|
||||||
|
install -d %{buildroot}/usr/lib64/efi
|
||||||
|
ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi %{buildroot}/usr/lib64/efi/grub.efi
|
||||||
|
cat <<-EoM >%{buildroot}/usr/lib64/efi/DEPRECATED
|
||||||
|
This directory and its contents was moved to %{_datadir}/efi/x86_64.
|
||||||
|
Individual symbolic links are provided for a smooth transition and
|
||||||
|
may vanish at any point in time. Please use the new location!
|
||||||
|
EoM
|
||||||
|
%endif
|
||||||
|
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
|
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
|
||||||
@ -1310,6 +1327,12 @@ fi
|
|||||||
%dir %{sysefidir}
|
%dir %{sysefidir}
|
||||||
%{sysefidir}/grub.efi
|
%{sysefidir}/grub.efi
|
||||||
%if 0%{?suse_version} < 1600
|
%if 0%{?suse_version} < 1600
|
||||||
|
%ifarch x86_64
|
||||||
|
# provide compatibility sym-link for previous shim-install and kiwi
|
||||||
|
%dir /usr/lib64/efi
|
||||||
|
/usr/lib64/efi/DEPRECATED
|
||||||
|
/usr/lib64/efi/grub.efi
|
||||||
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
@ -1338,6 +1361,9 @@ fi
|
|||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%dir %{_datadir}/%{name}/%{grubxenarch}
|
%dir %{_datadir}/%{name}/%{grubxenarch}
|
||||||
%{_datadir}/%{name}/%{grubxenarch}/*
|
%{_datadir}/%{name}/%{grubxenarch}/*
|
||||||
|
# provide compatibility sym-link for VM definitions pointing to old location
|
||||||
|
%dir %{_libdir}/%{name}
|
||||||
|
%{_libdir}/%{name}/%{grubxenarch}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if 0%{?has_systemd:1}
|
%if 0%{?has_systemd:1}
|
||||||
|
Loading…
Reference in New Issue
Block a user