From 7e75e7f881f44902345426ef0e23076b5e9d7ae38a075004f8f06bec2459bc28 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 11 Jan 2024 07:48:22 +0000 Subject: [PATCH] Accepting request 1138021 from home:michael-chang:grub:2.12 - Version bump to 2.12 (PED-5589) * Added: - grub-2.12.tar.xz - fix_no_extra_deps_in_release_tarball.patch * Removed: - grub-2.12~rc1.tar.xz * Patch dropped as it merged into new version: - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch - 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch - 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch - 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch - 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch - 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch - 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch - 0006-fs-ntfs-Make-code-more-readable.patch - 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch - 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch - 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch - 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch - 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch - 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch * Patch adjusted for the updated base version: - use-grub2-as-a-package-name.patch - grub2-s390x-04-grub2-install.patch - grub2-btrfs-04-grub2-install.patch - grub2-ppc64le-disable-video.patch - 0002-AUDIT-0-http-boot-tracker-bug.patch - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch OBS-URL: https://build.opensuse.org/request/show/1138021 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=480 --- ...-check-to-enable-btrfs-relative-path.patch | 8 +- ...Fix-missing-change-when-updating-to-.patch | 35 --- ...Zero-file-data-not-backed-by-extents.patch | 33 --- ...OB-write-when-parsing-the-ATTRIBUTE_.patch | 93 ------- ...-short-form-directory-data-boundary-.patch | 51 ---- ...it-Restrict-high-memory-in-presence-.patch | 229 ------------------ ...ure-stable-timestamps-for-generated-.patch | 76 ------ 0002-AUDIT-0-http-boot-tracker-bug.patch | 16 +- ...OB-read-when-reading-data-from-the-r.patch | 58 ----- ...xfs-Fix-XFS-directory-extent-parsing.patch | 171 ------------- ...ure-deterministic-tar-file-creation-.patch | 75 ------ ...rch-64-on-32-boot-in-linuxefi-loader.patch | 6 +- ...OB-read-when-parsing-directory-entri.patch | 73 ------ ...-extent-counters-incompat-feature-su.patch | 115 --------- ...igning-grub-with-an-appended-signatu.patch | 27 +-- ...OB-read-when-parsing-bitmaps-for-ind.patch | 51 ---- ...OOB-read-when-parsing-a-volume-label.patch | 61 ----- 0006-fs-ntfs-Make-code-more-readable.patch | 159 ------------ ...-support-embedding-x509-certificates.patch | 16 +- 0021-appended-signatures-documentation.patch | 34 +-- ...er-lockdown-based-on-ibm-secure-boot.patch | 12 +- fix_no_extra_deps_in_release_tarball.patch | 4 + grub-2.12.tar.xz | 3 + grub-2.12~rc1.tar.xz | 3 - grub2-btrfs-04-grub2-install.patch | 13 +- grub2-ppc64le-disable-video.patch | 8 +- grub2-s390x-04-grub2-install.patch | 32 +-- grub2.changes | 38 +++ grub2.spec | 46 ++-- safe_tpm_pcr_snapshot.patch | 6 +- use-grub2-as-a-package-name.patch | 4 +- 31 files changed, 150 insertions(+), 1406 deletions(-) delete mode 100644 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch delete mode 100644 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch delete mode 100644 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch delete mode 100644 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch delete mode 100644 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch delete mode 100644 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch delete mode 100644 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch delete mode 100644 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch delete mode 100644 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch delete mode 100644 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch delete mode 100644 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch delete mode 100644 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch delete mode 100644 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch delete mode 100644 0006-fs-ntfs-Make-code-more-readable.patch create mode 100644 fix_no_extra_deps_in_release_tarball.patch create mode 100644 grub-2.12.tar.xz delete mode 100644 grub-2.12~rc1.tar.xz diff --git a/0001-Unify-the-check-to-enable-btrfs-relative-path.patch b/0001-Unify-the-check-to-enable-btrfs-relative-path.patch index 3f9d79e..a201875 100644 --- a/0001-Unify-the-check-to-enable-btrfs-relative-path.patch +++ b/0001-Unify-the-check-to-enable-btrfs-relative-path.patch @@ -88,8 +88,8 @@ Signed-off-by: Michael Chang switch (platform) { case GRUB_INSTALL_PLATFORM_I386_EFI: -@@ -1454,8 +1493,7 @@ - debug_image); +@@ -1478,8 +1517,7 @@ + debug_image); } - if (config.is_suse_btrfs_snapshot_enabled @@ -98,7 +98,7 @@ Signed-off-by: Michael Chang { if (!load_cfg_f) load_cfg_f = grub_util_fopen (load_cfg, "wb"); -@@ -1669,21 +1707,13 @@ +@@ -1670,21 +1708,13 @@ #ifdef __linux__ @@ -124,7 +124,7 @@ Signed-off-by: Michael Chang if (subvol && mount_path) { -@@ -1708,11 +1738,6 @@ +@@ -1709,11 +1739,6 @@ } } diff --git a/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch b/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch deleted file mode 100644 index d7493bf..0000000 --- a/0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 652b221a5eacb1421891c1469608028e2c2f0615 Mon Sep 17 00:00:00 2001 -From: Glenn Washburn -Date: Fri, 18 Aug 2023 12:27:22 -0500 -Subject: [PATCH] disk/cryptodisk: Fix missing change when updating to use - grub_uuidcasecmp - -This was causing the cryptomount command to return failure even though -the crypto device was successfully added. Of course, this meant that any -script using the return code would behave unexpectedly. - -Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner) - -Suggested-by: Olaf Hering -Signed-off-by: Glenn Washburn ---- - grub-core/disk/cryptodisk.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 802b191b2..c79d4125a 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -1323,7 +1323,8 @@ grub_cryptodisk_scan_device (const char *name, - dev = grub_cryptodisk_scan_device_real (name, source, cargs); - if (dev) - { -- ret = (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, dev->uuid) == 0); -+ ret = (cargs->search_uuid != NULL -+ && grub_uuidcasecmp (cargs->search_uuid, dev->uuid, sizeof (dev->uuid)) == 0); - goto cleanup; - } - --- -2.41.0 - diff --git a/0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch b/0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch deleted file mode 100644 index bde2dec..0000000 --- a/0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f903b9a9adb64e733e581771d2a24efae7fbe529 Mon Sep 17 00:00:00 2001 -From: Fabian Vogt -Date: Thu, 5 Oct 2023 11:02:25 +0200 -Subject: [PATCH] fs/btrfs: Zero file data not backed by extents - -Implicit holes in file data need to be zeroed explicitly, instead of -just leaving the data in the buffer uninitialized. - -This led to kernels randomly failing to boot in "fun" ways when loaded -from btrfs with the no_holes feature enabled, because large blocks of -zeros in the kernel file contained random data instead. - -Signed-off-by: Fabian Vogt ---- - grub-core/fs/btrfs.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 19bff4610..ba0c58352 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -1603,6 +1603,8 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data, - csize = grub_le_to_cpu64 (key_out.offset) - pos; - if (csize > len) - csize = len; -+ -+ grub_memset (buf, 0, csize); - buf += csize; - pos += csize; - len -= csize; --- -2.42.0 - diff --git a/0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch b/0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch deleted file mode 100644 index 55a48d4..0000000 --- a/0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:31:57 +0300 -Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the - $ATTRIBUTE_LIST attribute for the $MFT file - -When parsing an extremely fragmented $MFT file, i.e., the file described -using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer -containing bytes read from the underlying drive to store sector numbers, -which are consumed later to read data from these sectors into another buffer. - -These sectors numbers, two 32-bit integers, are always stored at predefined -offsets, 0x10 and 0x14, relative to first byte of the selected entry within -the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. - -However, when parsing a specially-crafted file system image, this may cause -the NTFS code to write these integers beyond the buffer boundary, likely -causing the GRUB memory allocator to misbehave or fail. These integers contain -values which are controlled by on-disk structures of the NTFS file system. - -Such modification and resulting misbehavior may touch a memory range not -assigned to the GRUB and owned by firmware or another EFI application/driver. - -This fix introduces checks to ensure that these sector numbers are never -written beyond the boundary. - -Fixes: CVE-2023-4692 - -Reported-by: Maxim Suhanov -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index bbdbe24ad..c3c4db117 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - } - if (at->attr_end) - { -- grub_uint8_t *pa; -+ grub_uint8_t *pa, *pa_end; - - at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); - if (at->emft_buf == NULL) -@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - } - at->attr_nxt = at->edat_buf; - at->attr_end = at->edat_buf + u32at (pa, 0x30); -+ pa_end = at->edat_buf + n; - } - else - { - at->attr_nxt = at->attr_end + u16at (pa, 0x14); - at->attr_end = at->attr_end + u32at (pa, 4); -+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); - } - at->flags |= GRUB_NTFS_AF_ALST; - while (at->attr_nxt < at->attr_end) -@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - at->flags |= GRUB_NTFS_AF_GPOS; - at->attr_cur = at->attr_nxt; - pa = at->attr_cur; -+ -+ if ((pa >= pa_end) || (pa_end - pa < 0x18)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); -+ return NULL; -+ } -+ - grub_set_unaligned32 ((char *) pa + 0x10, - grub_cpu_to_le32 (at->mft->data->mft_start)); - grub_set_unaligned32 ((char *) pa + 0x14, -@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - { - if (*pa != attr) - break; -+ -+ if ((pa >= pa_end) || (pa_end - pa < 0x18)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); -+ return NULL; -+ } -+ - if (read_attr - (at, pa + 0x10, - u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), --- -2.42.0 - diff --git a/0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch b/0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch deleted file mode 100644 index 7fc6d53..0000000 --- a/0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch +++ /dev/null @@ -1,51 +0,0 @@ -From b541e93b4dab6f652941d086af4fe2da676d0ee3 Mon Sep 17 00:00:00 2001 -From: Lidong Chen -Date: Thu, 28 Sep 2023 22:33:44 +0000 -Subject: [PATCH 1/3] fs/xfs: Incorrect short form directory data boundary - check - -After parsing of the current entry, the entry pointer is advanced -to the next entry at the end of the "for" loop. In case where the -last entry is at the end of the data boundary, the advanced entry -pointer can point off the data boundary. The subsequent boundary -check for the advanced entry pointer can cause a failure. - -The fix is to include the boundary check into the "for" loop -condition. - -Signed-off-by: Lidong Chen -Reviewed-by: Daniel Kiper -Tested-by: Sebastian Andrzej Siewior -Tested-by: Marta Lewandowska ---- - grub-core/fs/xfs.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index b91cd32b4..ebf962793 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - if (iterate_dir_call_hook (parent, "..", &ctx)) - return 1; - -- for (i = 0; i < head->count; i++) -+ for (i = 0; i < head->count && -+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++) - { - grub_uint64_t ino; - grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de); -@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - de->name[de->len] = c; - - de = grub_xfs_inline_next_de(dir->data, head, de); -- -- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)) -- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry"); -- - } - break; - } --- -2.42.1 - diff --git a/0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch b/0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch deleted file mode 100644 index 0a7a61a..0000000 --- a/0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch +++ /dev/null @@ -1,229 +0,0 @@ -From 4bcf6f747c3ab0b998c6f5a361804e38bc9c4334 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Wed, 4 Oct 2023 11:32:35 -0400 -Subject: [PATCH] kern/ieee1275/init: Restrict high memory in presence of - fadump on ppc64 - -When a kernel dump is present then restrict the high memory regions to -avoid allocating memory where the kernel dump resides. Use the -ibm,kernel-dump node under /rtas to determine whether a kernel dump -exists and up to which limit GRUB can use available memory. Set the -upper_mem_limit to the size of the kernel dump section of type -REAL_MODE_REGION and therefore only allow GRUB's memory usage for high -addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can -use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit -and the kernel-dump memory regions above upper_mem_limit remain -untouched. This change has no effect on memory allocations below -linux_rmo_save (typically at 640MB). - -Also, fall back to allocating below rmo_linux_save in case the chunk of -memory there would be larger than the chunk of memory above RMO_ADDR_MAX. -This can for example occur if a free memory area is found starting at 300MB -extending up to 1GB but a kernel dump is located at 768MB and therefore -does not allow the allocation of the high memory area but requiring to use -the chunk starting at 300MB to avoid an unnecessary out-of-memory condition. - -Signed-off-by: Stefan Berger -Reviewed-by: Hari Bathini -Cc: Pavithra Prakash -Cc: Michael Ellerman -Cc: Carolyn Scherrer -Cc: Mahesh Salgaonkar -Cc: Sourabh Jain -Reviewed-by: Daniel Kiper ---- - grub-core/kern/ieee1275/init.c | 144 ++++++++++++++++++++++++++++++++- - 1 file changed, 142 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index bd9a4804b..d6c9c9049 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -17,6 +17,8 @@ - * along with GRUB. If not, see . - */ - -+#include /* offsetof() */ -+ - #include - #include - #include -@@ -196,6 +198,96 @@ grub_claim_heap (void) - #else - /* Helpers for mm on powerpc. */ - -+/* ibm,kernel-dump data structures */ -+struct kd_section -+{ -+ grub_uint32_t flags; -+ grub_uint16_t src_datatype; -+#define KD_SRC_DATATYPE_REAL_MODE_REGION 0x0011 -+ grub_uint16_t error_flags; -+ grub_uint64_t src_address; -+ grub_uint64_t num_bytes; -+ grub_uint64_t act_bytes; -+ grub_uint64_t dst_address; -+} GRUB_PACKED; -+ -+#define MAX_KD_SECTIONS 10 -+ -+struct kernel_dump -+{ -+ grub_uint32_t format; -+ grub_uint16_t num_sections; -+ grub_uint16_t status_flags; -+ grub_uint32_t offset_1st_section; -+ grub_uint32_t num_blocks; -+ grub_uint64_t start_block; -+ grub_uint64_t num_blocks_avail; -+ grub_uint32_t offet_path_string; -+ grub_uint32_t max_time_allowed; -+ struct kd_section kds[MAX_KD_SECTIONS]; /* offset_1st_section should point to kds[0] */ -+} GRUB_PACKED; -+ -+/* -+ * Determine if a kernel dump exists and if it does, then determine the highest -+ * address that grub can use for memory allocations. -+ * The caller must have initialized *highest to rmo_top. *highest will not -+ * be modified if no kernel dump is found. -+ */ -+static void -+check_kernel_dump (grub_uint64_t *highest) -+{ -+ struct kernel_dump kernel_dump; -+ grub_ssize_t kernel_dump_size; -+ grub_ieee1275_phandle_t rtas; -+ struct kd_section *kds; -+ grub_size_t i; -+ -+ /* If there's a kernel-dump it must have at least one section */ -+ if (grub_ieee1275_finddevice ("/rtas", &rtas) || -+ grub_ieee1275_get_property (rtas, "ibm,kernel-dump", &kernel_dump, -+ sizeof (kernel_dump), &kernel_dump_size) || -+ kernel_dump_size <= (grub_ssize_t) offsetof (struct kernel_dump, kds[1])) -+ return; -+ -+ kernel_dump_size = grub_min (kernel_dump_size, (grub_ssize_t) sizeof (kernel_dump)); -+ -+ if (grub_be_to_cpu32 (kernel_dump.format) != 1) -+ { -+ grub_printf (_("Error: ibm,kernel-dump has an unexpected format version '%u'\n"), -+ grub_be_to_cpu32 (kernel_dump.format)); -+ return; -+ } -+ -+ if (grub_be_to_cpu16 (kernel_dump.num_sections) > MAX_KD_SECTIONS) -+ { -+ grub_printf (_("Error: Too many kernel dump sections: %d\n"), -+ grub_be_to_cpu32 (kernel_dump.num_sections)); -+ return; -+ } -+ -+ for (i = 0; i < grub_be_to_cpu16 (kernel_dump.num_sections); i++) -+ { -+ kds = (struct kd_section *) ((grub_addr_t) &kernel_dump + -+ grub_be_to_cpu32 (kernel_dump.offset_1st_section) + -+ i * sizeof (struct kd_section)); -+ /* sanity check the address is within the 'kernel_dump' struct */ -+ if ((grub_addr_t) kds > (grub_addr_t) &kernel_dump + kernel_dump_size + sizeof (*kds)) -+ { -+ grub_printf (_("Error: 'kds' address beyond last available section\n")); -+ return; -+ } -+ -+ if ((grub_be_to_cpu16 (kds->src_datatype) == KD_SRC_DATATYPE_REAL_MODE_REGION) && -+ (grub_be_to_cpu64 (kds->src_address) == 0)) -+ { -+ *highest = grub_min (*highest, grub_be_to_cpu64 (kds->num_bytes)); -+ break; -+ } -+ } -+ -+ return; -+} -+ - /* - * How much memory does OF believe exists in total? - * -@@ -275,10 +367,31 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - * - * Finally, we also want to make sure that when grub loads the kernel, - * it isn't going to use up all the memory we're trying to reserve! So -- * enforce our entire RUNTIME_MIN_SPACE here: -+ * enforce our entire RUNTIME_MIN_SPACE here (no fadump): -+ * -+ * | Top of memory == upper_mem_limit -| -+ * | | -+ * | available | -+ * | | -+ * |---------- 768 MB ----------| -+ * | | -+ * | reserved | -+ * | | -+ * |--- 768 MB - runtime min space ---| -+ * | | -+ * | available | -+ * | | -+ * |---------- 0 MB ----------| -+ * -+ * In case fadump is used, we allow the following: - * - * |---------- Top of memory ----------| - * | | -+ * | unavailable | -+ * | (kernel dump area) | -+ * | | -+ * |--------- upper_mem_limit ---------| -+ * | | - * | available | - * | | - * |---------- 768 MB ----------| -@@ -333,17 +446,44 @@ regions_claim (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, - } - else - { -+ grub_uint64_t upper_mem_limit = rmo_top; -+ grub_uint64_t orig_addr = addr; -+ -+ check_kernel_dump (&upper_mem_limit); -+ - /* - * we order these cases to prefer higher addresses and avoid some - * splitting issues -+ * The following shows the order of variables: -+ * no kernel dump: linux_rmo_save < RMO_ADDR_MAX <= upper_mem_limit == rmo_top -+ * with kernel dump: liuxx_rmo_save < RMO_ADDR_MAX <= upper_mem_limit <= rmo_top - */ -- if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX) -+ if (addr < RMO_ADDR_MAX && (addr + len) > RMO_ADDR_MAX && upper_mem_limit >= RMO_ADDR_MAX) - { - grub_dprintf ("ieee1275", - "adjusting region for RUNTIME_MIN_SPACE: (%llx -> %llx) -> (%llx -> %llx)\n", - addr, addr + len, RMO_ADDR_MAX, addr + len); - len = (addr + len) - RMO_ADDR_MAX; - addr = RMO_ADDR_MAX; -+ -+ /* We must not exceed the upper_mem_limit (assuming it's >= RMO_ADDR_MAX) */ -+ if (addr + len > upper_mem_limit) -+ { -+ /* take the bigger chunk from either below linux_rmo_save or above upper_mem_limit */ -+ len = upper_mem_limit - addr; -+ if (orig_addr < linux_rmo_save && linux_rmo_save - orig_addr > len) -+ { -+ /* lower part is bigger */ -+ addr = orig_addr; -+ len = linux_rmo_save - addr; -+ } -+ -+ grub_dprintf ("ieee1275", "re-adjusted region to: (%llx -> %llx)\n", -+ addr, addr + len); -+ -+ if (len == 0) -+ return 0; -+ } - } - else if ((addr < linux_rmo_save) && ((addr + len) > linux_rmo_save)) - { --- -2.42.0 - diff --git a/0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch b/0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch deleted file mode 100644 index a2b5a56..0000000 --- a/0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 1fdc9daf97a1518960e5603dd43a5f353cb3ca89 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 30 Nov 2023 13:45:13 +0800 -Subject: [PATCH 1/2] mkstandalone: ensure stable timestamps for generated - images - -This change mirrors a previous fix [1] but is specific to images -generated by grub-mkstandalone. - -The former fix (85a7be241) focused on utilizing a stable timestamp -during binary generation in the util/mkimage context. This commit -extends that approach to the images produced by grub-mkstandalone, -ensuring consistency and stability in timestamps across all generated -binaries. - -[1] 85a7be241 util/mkimage: Use stable timestamp when generating -binaries. - -Signed-off-by: Michael Chang -Signed-off-by: Bernhard Wiedemann ---- - util/grub-mkstandalone.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index bdbeea6a6..8e1229925 100644 ---- a/util/grub-mkstandalone.c -+++ b/util/grub-mkstandalone.c -@@ -30,6 +30,9 @@ - #pragma GCC diagnostic error "-Wmissing-prototypes" - #pragma GCC diagnostic error "-Wmissing-declarations" - -+/* use 2015-01-01T00:00:00+0000 as a stock timestamp */ -+#define STABLE_EMBEDDING_TIMESTAMP 1420070400 -+ - static char *output_image; - static char **files; - static int nfiles; -@@ -184,7 +187,6 @@ add_tar_file (const char *from, - struct head hd; - grub_util_fd_t in; - ssize_t r; -- grub_uint32_t mtime = 0; - grub_uint32_t size; - - COMPILE_TIME_ASSERT (sizeof (hd) == 512); -@@ -192,8 +194,6 @@ add_tar_file (const char *from, - if (grub_util_is_special_file (from)) - return; - -- mtime = grub_util_get_mtime (from); -- - optr = tcn = xmalloc (strlen (to) + 1); - for (iptr = to; *iptr == '/'; iptr++); - for (; *iptr; iptr++) -@@ -234,7 +234,7 @@ add_tar_file (const char *from, - memcpy (hd.gid, "0001750", 7); - - set_tar_value (hd.size, optr - tcn, 12); -- set_tar_value (hd.mtime, mtime, 12); -+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12); - hd.typeflag = 'L'; - memcpy (hd.magic, MAGIC, sizeof (hd.magic)); - memcpy (hd.uname, "grub", 4); -@@ -264,7 +264,7 @@ add_tar_file (const char *from, - memcpy (hd.gid, "0001750", 7); - - set_tar_value (hd.size, size, 12); -- set_tar_value (hd.mtime, mtime, 12); -+ set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12); - hd.typeflag = '0'; - memcpy (hd.magic, MAGIC, sizeof (hd.magic)); - memcpy (hd.uname, "grub", 4); --- -2.43.0 - diff --git a/0002-AUDIT-0-http-boot-tracker-bug.patch b/0002-AUDIT-0-http-boot-tracker-bug.patch index 7b1a798..ee76d82 100644 --- a/0002-AUDIT-0-http-boot-tracker-bug.patch +++ b/0002-AUDIT-0-http-boot-tracker-bug.patch @@ -39,17 +39,15 @@ Signed-off-by: Michael Chang { --- a/grub-core/net/http.c +++ b/grub-core/net/http.c -@@ -31,7 +31,8 @@ +@@ -30,6 +30,7 @@ + GRUB_MOD_LICENSE ("GPLv3+"); - enum - { -- HTTP_PORT = 80 -+ HTTP_PORT = 80, -+ HTTP_MAX_CHUNK_SIZE = GRUB_INT_MAX - }; + #define HTTP_PORT ((grub_uint16_t) 80) ++#define HTTP_MAX_CHUNK_SIZE GRUB_INT_MAX - -@@ -86,6 +87,8 @@ + typedef struct http_data + { +@@ -82,6 +83,8 @@ if (data->in_chunk_len == 2) { data->chunk_rem = grub_strtoul (ptr, 0, 16); diff --git a/0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch b/0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch deleted file mode 100644 index d1bd61b..0000000 --- a/0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:32:33 +0300 -Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the - resident $DATA attribute - -When reading a file containing resident data, i.e., the file data is stored in -the $DATA attribute within the NTFS file record, not in external clusters, -there are no checks that this resident data actually fits the corresponding -file record segment. - -When parsing a specially-crafted file system image, the current NTFS code will -read the file data from an arbitrary, attacker-chosen memory offset and of -arbitrary, attacker-chosen length. - -This allows an attacker to display arbitrary chunks of memory, which could -contain sensitive information like password hashes or even plain-text, -obfuscated passwords from BS EFI variables. - -This fix implements a check to ensure that resident data is read from the -corresponding file record segment only. - -Fixes: CVE-2023-4693 - -Reported-by: Maxim Suhanov -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index c3c4db117..a68e173d8 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, - { - if (ofs + len > u32at (pa, 0x10)) - return grub_error (GRUB_ERR_BAD_FS, "read out of range"); -- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); -+ -+ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); -+ -+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); -+ -+ if (u16at (pa, 0x14) + u32at (pa, 0x10) > -+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) -+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); -+ -+ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); - return 0; - } - --- -2.42.0 - diff --git a/0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch b/0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch deleted file mode 100644 index 02fca17..0000000 --- a/0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 4a6a5c4a6bb2426235364be9f3698763ddcf4775 Mon Sep 17 00:00:00 2001 -From: Jon DeVree -Date: Tue, 17 Oct 2023 23:03:47 -0400 -Subject: [PATCH 2/3] fs/xfs: Fix XFS directory extent parsing - -The XFS directory entry parsing code has never been completely correct -for extent based directories. The parser correctly handles the case -where the directory is contained in a single extent, but then mistakenly -assumes the data blocks for the multiple extent case are each identical -to the single extent case. The difference in the format of the data -blocks between the two cases is tiny enough that its gone unnoticed for -a very long time. - -A recent change introduced some additional bounds checking into the XFS -parser. Like GRUB's existing parser, it is correct for the single extent -case but incorrect for the multiple extent case. When parsing a directory -with multiple extents, this new bounds checking is sometimes (but not -always) tripped and triggers an "invalid XFS directory entry" error. This -probably would have continued to go unnoticed but the /boot/grub/ -directory is large enough that it often has multiple extents. - -The difference between the two cases is that when there are multiple -extents, the data blocks do not contain a trailer nor do they contain -any leaf information. That information is stored in a separate set of -extents dedicated to just the leaf information. These extents come after -the directory entry extents and are not included in the inode size. So -the existing parser already ignores the leaf extents. - -The only reason to read the trailer/leaf information at all is so that -the parser can avoid misinterpreting that data as directory entries. So -this updates the parser as follows: - -For the single extent case the parser doesn't change much: -1. Read the size of the leaf information from the trailer -2. Set the end pointer for the parser to the start of the leaf - information. (The previous bounds checking set the end pointer to the - start of the trailer, so this is actually a small improvement.) -3. Set the entries variable to the expected number of directory entries. - -For the multiple extent case: -1. Set the end pointer to the end of the block. -2. Do not set up the entries variable. Figuring out how many entries are - in each individual block is complex and does not seem worth it when - it appears to be safe to just iterate over the entire block. - -The bounds check itself was also dependent upon the faulty XFS parser -because it accidentally used "filename + length - 1". Presumably this -was able to pass the fuzzer because in the old parser there was always -8 bytes of slack space between the tail pointer and the actual end of -the block. Since this is no longer the case the bounds check needs to be -updated to "filename + length + 1" in order to prevent a regression in -the handling of corrupt fliesystems. - -Notes: -* When there is only one extent there will only ever be one block. If - more than one block is required then XFS will always switch to holding - leaf information in a separate extent. -* B-tree based directories seems to be parsed properly by the same code - that handles multiple extents. This is unlikely to ever occur within - /boot though because its only used when there are an extremely large - number of directory entries. - -Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem) -Fixes: b2499b29c (Adds support for the XFS filesystem.) -Fixes: https://savannah.gnu.org/bugs/?64376 - -Signed-off-by: Jon DeVree -Reviewed-by: Daniel Kiper -Tested-by: Sebastian Andrzej Siewior -Tested-by: Marta Lewandowska ---- - grub-core/fs/xfs.c | 52 +++++++++++++++++++++++++++++++++------------- - 1 file changed, 38 insertions(+), 14 deletions(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index ebf962793..18edfcff4 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -223,6 +223,12 @@ struct grub_xfs_inode - /* Size of struct grub_xfs_inode v2, up to unused4 member included. */ - #define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76) - -+struct grub_xfs_dir_leaf_entry -+{ -+ grub_uint32_t hashval; -+ grub_uint32_t address; -+} GRUB_PACKED; -+ - struct grub_xfs_dirblock_tail - { - grub_uint32_t leaf_count; -@@ -874,9 +880,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - { - struct grub_xfs_dir2_entry *direntry = - grub_xfs_first_de(dir->data, dirblock); -- int entries; -- struct grub_xfs_dirblock_tail *tail = -- grub_xfs_dir_tail(dir->data, dirblock); -+ int entries = -1; -+ char *end = dirblock + dirblk_size; - - numread = grub_xfs_read_file (dir, 0, 0, - blk << dirblk_log2, -@@ -887,14 +892,27 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - return 0; - } - -- entries = (grub_be_to_cpu32 (tail->leaf_count) -- - grub_be_to_cpu32 (tail->leaf_stale)); -+ /* -+ * Leaf and tail information are only in the data block if the number -+ * of extents is 1. -+ */ -+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1)) -+ { -+ struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail (dir->data, dirblock); -+ -+ end = (char *) tail; -+ -+ /* Subtract the space used by leaf nodes. */ -+ end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct grub_xfs_dir_leaf_entry); - -- if (!entries) -- continue; -+ entries = grub_be_to_cpu32 (tail->leaf_count) - grub_be_to_cpu32 (tail->leaf_stale); -+ -+ if (!entries) -+ continue; -+ } - - /* Iterate over all entries within this block. */ -- while ((char *)direntry < (char *)tail) -+ while ((char *) direntry < (char *) end) - { - grub_uint8_t *freetag; - char *filename; -@@ -914,7 +932,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - } - - filename = (char *)(direntry + 1); -- if (filename + direntry->len - 1 > (char *) tail) -+ if (filename + direntry->len + 1 > (char *) end) - return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry"); - - /* The byte after the filename is for the filetype, padding, or -@@ -928,11 +946,17 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - return 1; - } - -- /* Check if last direntry in this block is -- reached. */ -- entries--; -- if (!entries) -- break; -+ /* -+ * The expected number of directory entries is only tracked for the -+ * single extent case. -+ */ -+ if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1)) -+ { -+ /* Check if last direntry in this block is reached. */ -+ entries--; -+ if (!entries) -+ break; -+ } - - /* Select the next directory entry. */ - direntry = grub_xfs_next_de(dir->data, direntry); --- -2.42.1 - diff --git a/0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch b/0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch deleted file mode 100644 index 991dc3f..0000000 --- a/0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch +++ /dev/null @@ -1,75 +0,0 @@ -From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 30 Nov 2023 16:30:45 +0800 -Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by - sorting contents - -The add_tar_files() function currently iterates through a directory's -content using readdir(), which doesn't guarantee a specific order. This -lack of deterministic behavior impacts reproducibility in the build -process. - -This commit resolves the issue by introducing sorting functionality. The -list retrieved by readdir() is now sorted alphabetically before -incorporation into the tar archive, ensuring consistent and predictable -file ordering within the archive. - -Signed-off-by: Michael Chang -Signed-off-by: Bernhard Wiedemann ---- - util/grub-mkstandalone.c | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index 8e1229925..e4b5bcab4 100644 ---- a/util/grub-mkstandalone.c -+++ b/util/grub-mkstandalone.c -@@ -205,22 +205,42 @@ add_tar_file (const char *from, - { - grub_util_fd_dir_t d; - grub_util_fd_dirent_t de; -+ char **from_files; -+ grub_size_t alloc = 8, used = 0; -+ grub_size_t i; - - d = grub_util_fd_opendir (from); - -+ from_files = xmalloc (alloc * sizeof (*from_files)); - while ((de = grub_util_fd_readdir (d))) - { -- char *fp, *tfp; - if (strcmp (de->d_name, ".") == 0) - continue; - if (strcmp (de->d_name, "..") == 0) - continue; -- fp = grub_util_path_concat (2, from, de->d_name); -- tfp = xasprintf ("%s/%s", to, de->d_name); -+ if (alloc <= used) -+ { -+ alloc <<= 1; -+ from_files = xrealloc (from_files, alloc * sizeof (*from_files)); -+ } -+ from_files[used++] = xstrdup(de->d_name); -+ } -+ qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp); -+ -+ for (i = 0; i < used; i++) -+ { -+ char *fp, *tfp; -+ -+ fp = grub_util_path_concat (2, from, from_files[i]); -+ tfp = xasprintf ("%s/%s", to, from_files[i]); - add_tar_file (fp, tfp); -+ free (tfp); - free (fp); -+ free (from_files[i]); - } -+ - grub_util_fd_closedir (d); -+ free (from_files); - free (tcn); - return; - } --- -2.43.0 - diff --git a/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch b/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch index 26912f2..b6b72a2 100644 --- a/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch +++ b/0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch @@ -232,20 +232,18 @@ Signed-off-by: Peter Jones grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h -@@ -138,7 +138,12 @@ +@@ -148,6 +148,11 @@ grub_uint32_t kernel_alignment; grub_uint8_t relocatable; grub_uint8_t min_alignment; -- grub_uint8_t pad[2]; +#define LINUX_XLF_KERNEL_64 (1<<0) +#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) +#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) +#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) +#define LINUX_XLF_EFI_KEXEC (1<<4) -+ grub_uint16_t xloadflags; + grub_uint16_t xloadflags; grub_uint32_t cmdline_size; grub_uint32_t hardware_subarch; - grub_uint64_t hardware_subarch_data; --- a/grub-core/loader/efi/linux_boot.c +++ b/grub-core/loader/efi/linux_boot.c @@ -30,11 +30,16 @@ diff --git a/0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch b/0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch deleted file mode 100644 index 3b7c3a1..0000000 --- a/0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:33:17 +0300 -Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries - from resident and non-resident index attributes - -This fix introduces checks to ensure that index entries are never read -beyond the corresponding directory index. - -The lack of this check is a minor issue, likely not exploitable in any way. - -Reported-by: Maxim Suhanov -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index a68e173d8..2d78b96e1 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) - } - - static int --list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, -+list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, grub_uint8_t *end_pos, - grub_fshelp_iterate_dir_hook_t hook, void *hook_data) - { - grub_uint8_t *np; -@@ -610,6 +610,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, - grub_uint8_t namespace; - char *ustr; - -+ if ((pos >= end_pos) || (end_pos - pos < 0x52)) -+ break; -+ - if (pos[0xC] & 2) /* end signature */ - break; - -@@ -617,6 +620,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, - ns = *(np++); - namespace = *(np++); - -+ if (2 * ns > end_pos - pos - 0x52) -+ break; -+ - /* - * Ignore files in DOS namespace, as they will reappear as Win32 - * names. -@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - } - - cur_pos += 0x10; /* Skip index root */ -- ret = list_file (mft, cur_pos + u16at (cur_pos, 0), hook, hook_data); -+ ret = list_file (mft, cur_pos + u16at (cur_pos, 0), -+ at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), -+ hook, hook_data); - if (ret) - goto done; - -@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - (const grub_uint8_t *) "INDX"))) - goto done; - ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)], -+ indx + (mft->data->idx_size << GRUB_NTFS_BLK_SHR), - hook, hook_data); - if (ret) - goto done; --- -2.42.0 - diff --git a/0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch b/0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch deleted file mode 100644 index 2edee66..0000000 --- a/0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e7b1a524d5f86dcfddfbb069577e3b148dbb19cd Mon Sep 17 00:00:00 2001 -From: Anthony Iliopoulos via Grub-devel -Date: Thu, 26 Oct 2023 11:53:39 +0200 -Subject: [PATCH 3/3] fs/xfs: add large extent counters incompat feature - support - -XFS introduced 64-bit extent counters for inodes via a series of -upstream commits, and the feature was marked as stable in v6.5 via -commit 61d7e8274cd8 ("xfs: drop EXPERIMENTAL tag for large extent -counts"). - -Further, xfsprogs release v6.5.0 switched this feature on by default in -mkfs.xfs via commit e5b18d7d1d96 ("mkfs: enable large extent counts by -default"). - -Filesystems formatted with large extent count support (nrext64=1) are -thus currently not recognizable by grub, since this is an incompat -feature. Add the required support so that those filesystems and inodes -with large extent counters can be read by grub. - -Signed-off-by: Anthony Iliopoulos ---- - grub-core/fs/xfs.c | 30 +++++++++++++++++++++++++----- - 1 file changed, 25 insertions(+), 5 deletions(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 18edfcff4..bc2224dbb 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -79,6 +79,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - /* Inode flags2 flags */ - #define XFS_DIFLAG2_BIGTIME_BIT 3 - #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) -+#define XFS_DIFLAG2_NREXT64_BIT 4 -+#define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) - - /* incompat feature flags */ - #define XFS_SB_FEAT_INCOMPAT_FTYPE (1 << 0) /* filetype in dirent */ -@@ -86,6 +88,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */ - #define XFS_SB_FEAT_INCOMPAT_BIGTIME (1 << 3) /* large timestamps */ - #define XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR (1 << 4) /* needs xfs_repair */ -+#define XFS_SB_FEAT_INCOMPAT_NREXT64 (1 << 5) /* large extent counters */ - - /* - * Directory entries with ftype are explicitly handled by GRUB code. -@@ -101,7 +104,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - XFS_SB_FEAT_INCOMPAT_SPINODES | \ - XFS_SB_FEAT_INCOMPAT_META_UUID | \ - XFS_SB_FEAT_INCOMPAT_BIGTIME | \ -- XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR) -+ XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR | \ -+ XFS_SB_FEAT_INCOMPAT_NREXT64) - - struct grub_xfs_sblock - { -@@ -203,7 +207,8 @@ struct grub_xfs_inode - grub_uint16_t mode; - grub_uint8_t version; - grub_uint8_t format; -- grub_uint8_t unused2[26]; -+ grub_uint8_t unused2[18]; -+ grub_uint64_t nextents_big; - grub_uint64_t atime; - grub_uint64_t mtime; - grub_uint64_t ctime; -@@ -545,11 +550,26 @@ get_fsb (const void *keys, int idx) - return grub_be_to_cpu64 (grub_get_unaligned64 (p)); - } - -+static int -+grub_xfs_inode_has_large_extent_counts (const struct grub_xfs_inode *inode) -+{ -+ return inode->version >= 3 && -+ (inode->flags2 & grub_cpu_to_be64_compile_time (XFS_DIFLAG2_NREXT64)); -+} -+ -+static grub_uint64_t -+grub_xfs_get_inode_nextents (struct grub_xfs_inode *inode) -+{ -+ return (grub_xfs_inode_has_large_extent_counts (inode)) ? -+ grub_be_to_cpu64 (inode->nextents_big) : -+ grub_be_to_cpu32 (inode->nextents); -+} -+ - static grub_disk_addr_t - grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - { - struct grub_xfs_btree_node *leaf = 0; -- int ex, nrec; -+ grub_uint64_t ex, nrec; - struct grub_xfs_extent *exts; - grub_uint64_t ret = 0; - -@@ -574,7 +594,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - / (2 * sizeof (grub_uint64_t)); - do - { -- int i; -+ grub_uint64_t i; - - for (i = 0; i < nrec; i++) - { -@@ -621,7 +641,7 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - grub_addr_t exts_end = 0; - grub_addr_t data_end = 0; - -- nrec = grub_be_to_cpu32 (node->inode.nextents); -+ nrec = grub_xfs_get_inode_nextents (&node->inode); - exts = (struct grub_xfs_extent *) grub_xfs_inode_data(&node->inode); - - if (grub_mul (sizeof (struct grub_xfs_extent), nrec, &exts_end) || --- -2.42.1 - diff --git a/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch b/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch index 876be56..566c38b 100644 --- a/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch +++ b/0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch @@ -127,21 +127,20 @@ Platform Reference (PAPR). default: return 0; } -@@ -666,10 +674,11 @@ - " --output '%s' " - " --dtb '%s' " - "--sbat '%s' " -- "--format '%s' --compression '%s' %s %s %s\n", -+ "--format '%s' --compression '%s' " -+ "--appended-signature-size %zu %s %s %s\n", - dir, prefix, - outname, dtb ? : "", sbat ? : "", mkimage_target, -- compnames[compression], note ? "--note" : "", -+ compnames[compression], appsig_size, note ? "--note" : "", - disable_shim_lock ? "--disable-shim-lock" : "", s); - free (s); +@@ -679,9 +687,11 @@ + *p = '\0'; -@@ -680,7 +689,7 @@ + grub_util_info ("grub-mkimage --directory '%s' --prefix '%s' --output '%s'" +- " --format '%s' --compression '%s'%s%s%s\n", ++ " --format '%s' --compression '%s'" ++ " --appended-signature-size %zu%s%s%s\n", + dir, prefix, outname, + mkimage_target, compnames[compression], ++ appsig_size, + note ? " --note" : "", + disable_shim_lock ? " --disable-shim-lock" : "", s); + free (s); +@@ -693,7 +703,7 @@ grub_install_generate_image (dir, prefix, fp, outname, modules.entries, memdisk_path, pubkeys, npubkeys, config_path, tgt, diff --git a/0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch b/0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch deleted file mode 100644 index 0c9fa91..0000000 --- a/0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:33:44 +0300 -Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index - attributes - -This fix introduces checks to ensure that bitmaps for directory indices -are never read beyond their actual sizes. - -The lack of this check is a minor issue, likely not exploitable in any way. - -Reported-by: Maxim Suhanov -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index 2d78b96e1..bb70c89fb 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - - if (is_resident) - { -+ if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large"); -+ goto done; -+ } -+ -+ if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); -+ goto done; -+ } -+ -+ if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) > -+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); -+ goto done; -+ } -+ - grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14), - bitmap_len); - } --- -2.42.0 - diff --git a/0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch b/0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch deleted file mode 100644 index c24570a..0000000 --- a/0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:38:19 +0300 -Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label - -This fix introduces checks to ensure that an NTFS volume label is always -read from the corresponding file record segment. - -The current NTFS code allows the volume label string to be read from an -arbitrary, attacker-chosen memory location. However, the bytes read are -always treated as UTF-16LE. So, the final string displayed is mostly -unreadable and it can't be easily converted back to raw bytes. - -The lack of this check is a minor issue, likely not causing a significant -data leak. - -Reported-by: Maxim Suhanov -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index bb70c89fb..ff5e3740f 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label) - - init_attr (&mft->attr, mft); - pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME); -+ -+ if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); -+ goto fail; -+ } -+ -+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa < 0x16) -+ { -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); -+ goto fail; -+ } -+ - if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10))) - { - int len; - - len = u32at (pa, 0x10) / 2; - pa += u16at (pa, 0x14); -- *label = get_utf8 (pa, len); -+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len) -+ *label = get_utf8 (pa, len); -+ else -+ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); - } - - fail: --- -2.42.0 - diff --git a/0006-fs-ntfs-Make-code-more-readable.patch b/0006-fs-ntfs-Make-code-more-readable.patch deleted file mode 100644 index 717776d..0000000 --- a/0006-fs-ntfs-Make-code-more-readable.patch +++ /dev/null @@ -1,159 +0,0 @@ -From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001 -From: Maxim Suhanov -Date: Mon, 28 Aug 2023 16:40:07 +0300 -Subject: [PATCH 6/6] fs/ntfs: Make code more readable - -Move some calls used to access NTFS attribute header fields into -functions with human-readable names. - -Suggested-by: Daniel Kiper -Signed-off-by: Maxim Suhanov -Reviewed-by: Daniel Kiper ---- - grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++-------------- - 1 file changed, 33 insertions(+), 15 deletions(-) - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index ff5e3740f..de435aa14 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs) - return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs)); - } - -+static grub_uint16_t -+first_attr_off (void *mft_buf_ptr) -+{ -+ return u16at (mft_buf_ptr, 0x14); -+} -+ -+static grub_uint16_t -+res_attr_data_off (void *res_attr_ptr) -+{ -+ return u16at (res_attr_ptr, 0x14); -+} -+ -+static grub_uint32_t -+res_attr_data_len (void *res_attr_ptr) -+{ -+ return u32at (res_attr_ptr, 0x10); -+} -+ - grub_ntfscomp_func_t grub_ntfscomp_func; - - static grub_err_t -@@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft) - { - at->mft = mft; - at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0; -- at->attr_nxt = mft->buf + u16at (mft->buf, 0x14); -+ at->attr_nxt = mft->buf + first_attr_off (mft->buf); - at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL; - } - -@@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - return NULL; - } - -- new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)]; -+ new_pos = &at->emft_buf[first_attr_off (at->emft_buf)]; - while (*new_pos != 0xFF) - { - if ((*new_pos == *at->attr_cur) -@@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) - } - else - { -- at->attr_nxt = at->attr_end + u16at (pa, 0x14); -+ at->attr_nxt = at->attr_end + res_attr_data_off (pa); - at->attr_end = at->attr_end + u32at (pa, 4); - pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); - } -@@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, - - if (pa[8] == 0) - { -- if (ofs + len > u32at (pa, 0x10)) -+ if (ofs + len > res_attr_data_len (pa)) - return grub_error (GRUB_ERR_BAD_FS, "read out of range"); - -- if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) -+ if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) - return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); - - if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) - return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); - -- if (u16at (pa, 0x14) + u32at (pa, 0x10) > -+ if (res_attr_data_off (pa) + res_attr_data_len (pa) > - (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) - return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); - -- grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); -+ grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len); - return 0; - } - -@@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno) - (unsigned long long) mftno); - - if (!pa[8]) -- mft->size = u32at (pa, 0x10); -+ mft->size = res_attr_data_len (pa); - else - mft->size = u64at (pa, 0x30); - -@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - (u32at (cur_pos, 0x18) != 0x490024) || - (u32at (cur_pos, 0x1C) != 0x300033)) - continue; -- cur_pos += u16at (cur_pos, 0x14); -+ cur_pos += res_attr_data_off (cur_pos); - if (*cur_pos != 0x30) /* Not filename index */ - continue; - break; -@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - { - int is_resident = (cur_pos[8] == 0); - -- bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) : -+ bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) : - u32at (cur_pos, 0x28)); - - bmp = grub_malloc (bitmap_len); -@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, - goto done; - } - -- if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) > -+ if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) > - (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos) - { - grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); - goto done; - } - -- grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14), -+ grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos), - bitmap_len); - } - else -@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label) - goto fail; - } - -- if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10))) -+ if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa))) - { - int len; - -- len = u32at (pa, 0x10) / 2; -- pa += u16at (pa, 0x14); -+ len = res_attr_data_len (pa) / 2; -+ pa += res_attr_data_off (pa); - if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len) - *label = get_utf8 (pa, len); - else --- -2.42.0 - diff --git a/0016-grub-install-support-embedding-x509-certificates.patch b/0016-grub-install-support-embedding-x509-certificates.patch index b15c6fa..1c99dfc 100644 --- a/0016-grub-install-support-embedding-x509-certificates.patch +++ b/0016-grub-install-support-embedding-x509-certificates.patch @@ -89,18 +89,18 @@ Signed-off-by: Daniel Axtens case GRUB_INSTALL_OPTIONS_VERBOSITY: verbosity++; -@@ -632,6 +640,9 @@ +@@ -636,6 +644,9 @@ for (pk = pubkeys; pk < pubkeys + npubkeys; pk++) - slen += 20 + grub_strlen (*pk); + slen += sizeof (" --pubkey ''") + grub_strlen (*pk); + for (pk = x509keys; pk < x509keys + nx509keys; pk++) + slen += 10 + grub_strlen (*pk); + for (md = modules.entries; *md; md++) - { - slen += 10 + grub_strlen (*md); -@@ -660,6 +671,14 @@ - *p++ = ' '; + slen += sizeof (" ''") + grub_strlen (*md); + +@@ -676,6 +687,14 @@ + *p++ = '\''; } + for (pk = x509keys; pk < x509keys + nx509keys; pk++) @@ -113,8 +113,8 @@ Signed-off-by: Daniel Axtens + for (md = modules.entries; *md; md++) { - *p++ = '\''; -@@ -688,7 +707,8 @@ + *p++ = ' '; +@@ -702,7 +721,8 @@ grub_install_generate_image (dir, prefix, fp, outname, modules.entries, memdisk_path, diff --git a/0021-appended-signatures-documentation.patch b/0021-appended-signatures-documentation.patch index ac571ee..9628cee 100644 --- a/0021-appended-signatures-documentation.patch +++ b/0021-appended-signatures-documentation.patch @@ -18,7 +18,7 @@ v2: fix a grammar issue, thanks Stefan Berger. --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -3278,6 +3278,7 @@ +@@ -3270,6 +3270,7 @@ @menu * biosnum:: @@ -26,7 +26,7 @@ v2: fix a grammar issue, thanks Stefan Berger. * check_signatures:: * chosen:: * cmdpath:: -@@ -3342,11 +3343,18 @@ +@@ -3334,11 +3335,18 @@ chain-loaded system, @pxref{drivemap}. @@ -47,7 +47,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @node chosen @subsection chosen -@@ -4322,6 +4330,7 @@ +@@ -4357,6 +4365,7 @@ * date:: Display or set current date and time * devicetree:: Load a device tree blob * distrust:: Remove a pubkey from trusted keys @@ -55,15 +55,15 @@ v2: fix a grammar issue, thanks Stefan Berger. * drivemap:: Map a drive to another * echo:: Display a line of text * efitextmode:: Set/Get text output mode resolution -@@ -4337,6 +4346,7 @@ - * help:: Show help messages +@@ -4373,6 +4382,7 @@ + * hexdump:: Show raw contents of a file or memory * insmod:: Insert a module * keystatus:: Check key modifier status +* list_certificates:: List trusted certificates * list_env:: List variables in environment block * list_trusted:: List trusted public keys * load_env:: Load variables from environment block -@@ -4375,8 +4385,10 @@ +@@ -4411,8 +4421,10 @@ * test:: Check file types and compare values * true:: Do nothing, successfully * trust:: Add public key to list of trusted keys @@ -74,7 +74,7 @@ v2: fix a grammar issue, thanks Stefan Berger. * verify_detached:: Verify detached digital signature * videoinfo:: List available video modes * wrmsr:: Write values to model-specific registers -@@ -4710,9 +4722,28 @@ +@@ -4752,9 +4764,28 @@ @code{check_signatures} is set to @code{enforce} (@pxref{check_signatures}), and by some invocations of @command{verify_detached} (@pxref{verify_detached}). @xref{Using @@ -104,7 +104,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @node drivemap @subsection drivemap -@@ -4975,6 +5006,21 @@ +@@ -5031,6 +5062,21 @@ @end deffn @@ -126,7 +126,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @node list_env @subsection list_env -@@ -4994,7 +5040,7 @@ +@@ -5050,7 +5096,7 @@ @code{gpg --fingerprint}). The least significant four bytes (last eight hexadecimal digits) can be used as an argument to @command{distrust} (@pxref{distrust}). @@ -135,7 +135,7 @@ v2: fix a grammar issue, thanks Stefan Berger. these keys. @end deffn -@@ -5029,8 +5075,12 @@ +@@ -5085,8 +5131,12 @@ administrator to configure a system to boot only signed configurations, but to allow the user to select from among multiple configurations, and to enable ``one-shot'' boot attempts and @@ -149,7 +149,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @end deffn -@@ -5401,7 +5451,7 @@ +@@ -5457,7 +5507,7 @@ file from within GRUB using this command, such that its signature will no longer be valid on subsequent boots. Care should be taken in such advanced configurations to avoid rendering the system @@ -158,7 +158,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @end deffn -@@ -5817,11 +5867,31 @@ +@@ -5873,11 +5923,31 @@ must itself be properly signed. The @option{--skip-sig} option can be used to disable signature-checking when reading @var{pubkey_file} itself. It is expected that @option{--skip-sig} is useful for testing @@ -191,7 +191,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @node unset @subsection unset -@@ -5840,6 +5910,18 @@ +@@ -5896,6 +5966,18 @@ @end deffn @end ignore @@ -210,7 +210,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @node verify_detached @subsection verify_detached -@@ -5858,7 +5940,7 @@ +@@ -5914,7 +5996,7 @@ Exit code @code{$?} is set to 0 if the signature validates successfully. If validation fails, it is set to a non-zero value. @@ -219,7 +219,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @end deffn @node videoinfo -@@ -6339,13 +6421,14 @@ +@@ -6394,13 +6476,14 @@ @chapter Security @menu @@ -241,7 +241,7 @@ v2: fix a grammar issue, thanks Stefan Berger. @end menu @node Authentication and authorisation -@@ -6419,8 +6502,8 @@ +@@ -6474,8 +6557,8 @@ adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} commands. @@ -252,7 +252,7 @@ v2: fix a grammar issue, thanks Stefan Berger. GRUB's @file{core.img} can optionally provide enforcement that all files subsequently read from disk are covered by a valid digital signature. -@@ -6503,6 +6586,82 @@ +@@ -6558,6 +6641,82 @@ (attacker-controlled) device. GRUB is at best only one link in a secure boot chain. diff --git a/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch b/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch index 03fede7..c3a41c0 100644 --- a/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch +++ b/0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch @@ -16,7 +16,7 @@ Signed-off-by: Daniel Axtens --- a/docs/grub.texi +++ b/docs/grub.texi -@@ -6740,8 +6740,8 @@ +@@ -6795,8 +6795,8 @@ @section Lockdown when booting on a secure setup The GRUB can be locked down when booted on a secure boot environment, for example @@ -39,15 +39,15 @@ Signed-off-by: Daniel Axtens sparc64_ieee1275 = kern/sparc64/dl.c; --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c -@@ -44,6 +44,7 @@ - #ifdef __sparc__ - #include +@@ -49,6 +49,7 @@ + #if defined(__powerpc__) || defined(__i386__) + #include #endif +#include /* The maximum heap size we're going to claim at boot. Not used by sparc. */ #ifdef __i386__ -@@ -708,6 +709,30 @@ +@@ -893,6 +894,30 @@ } } @@ -78,7 +78,7 @@ Signed-off-by: Daniel Axtens grub_addr_t grub_modbase; void -@@ -733,6 +758,8 @@ +@@ -918,6 +943,8 @@ #else grub_install_get_time_ms (grub_rtc_get_time_ms); #endif diff --git a/fix_no_extra_deps_in_release_tarball.patch b/fix_no_extra_deps_in_release_tarball.patch new file mode 100644 index 0000000..3771f38 --- /dev/null +++ b/fix_no_extra_deps_in_release_tarball.patch @@ -0,0 +1,4 @@ +--- /dev/null ++++ b/grub-core/extra_deps.lst +@@ -0,0 +1 @@ ++depends bli part_gpt diff --git a/grub-2.12.tar.xz b/grub-2.12.tar.xz new file mode 100644 index 0000000..7f63a3a --- /dev/null +++ b/grub-2.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3c97391f7c4eaa677a78e090c7e97e6dc47b16f655f04683ebd37bef7fe0faa +size 6675608 diff --git a/grub-2.12~rc1.tar.xz b/grub-2.12~rc1.tar.xz deleted file mode 100644 index 367ca07..0000000 --- a/grub-2.12~rc1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7a60c08b0ff1bac630cae6293b73871a541610a7fb1a7337aeb5e96f359cd650 -size 6589460 diff --git a/grub2-btrfs-04-grub2-install.patch b/grub2-btrfs-04-grub2-install.patch index 5bdce56..fd45084 100644 --- a/grub2-btrfs-04-grub2-install.patch +++ b/grub2-btrfs-04-grub2-install.patch @@ -81,11 +81,10 @@ if (!bootloader_id && config.grub_distributor) { char *ptr; -@@ -1426,6 +1431,16 @@ - fprintf (load_cfg_f, "set debug='%s'\n", - debug_image); +@@ -1451,6 +1456,15 @@ + debug_image); } -+ + + if (config.is_suse_btrfs_snapshot_enabled + && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) + { @@ -95,9 +94,9 @@ + fprintf (load_cfg_f, "set btrfs_relative_path='y'\n"); + } + - char *prefix_drive = NULL; - char *install_drive = NULL; - + if (!have_abstractions) + { + if ((disk_module && grub_strcmp (disk_module, "biosdisk") != 0) --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -373,6 +373,7 @@ diff --git a/grub2-ppc64le-disable-video.patch b/grub2-ppc64le-disable-video.patch index 1934de3..b9cc30e 100644 --- a/grub2-ppc64le-disable-video.patch +++ b/grub2-ppc64le-disable-video.patch @@ -32,10 +32,10 @@ GRUB_MOD_FINI(ieee1275_fb) --- a/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h -@@ -141,6 +141,8 @@ - */ - GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY, - #endif +@@ -145,6 +145,8 @@ + GRUB_IEEE1275_FLAG_POWER_VM, + + GRUB_IEEE1275_FLAG_POWER_KVM, + + GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT }; diff --git a/grub2-s390x-04-grub2-install.patch b/grub2-s390x-04-grub2-install.patch index dab949e..36c3327 100644 --- a/grub2-s390x-04-grub2-install.patch +++ b/grub2-s390x-04-grub2-install.patch @@ -163,7 +163,7 @@ V20: name = grub-mkconfig_lib; common = util/grub-mkconfig_lib.in; installdir = noinst; -@@ -1375,6 +1420,7 @@ +@@ -1381,6 +1426,7 @@ ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -186,7 +186,7 @@ V20: case "$target_os" in windows* | mingw32*) target_os=cygwin ;; -@@ -2093,6 +2093,9 @@ +@@ -2158,6 +2158,9 @@ AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu]) AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi]) AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a x$platform = xxen]) @@ -198,7 +198,7 @@ V20: AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux]) --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1183,6 +1183,7 @@ +@@ -1186,6 +1186,7 @@ module = { name = videotest; common = commands/videotest.c; @@ -206,7 +206,7 @@ V20: }; module = { -@@ -1637,6 +1638,7 @@ +@@ -1640,6 +1641,7 @@ common = gfxmenu/gui_progress_bar.c; common = gfxmenu/gui_util.c; common = gfxmenu/gui_string_util.c; @@ -214,7 +214,7 @@ V20: }; module = { -@@ -2075,11 +2077,13 @@ +@@ -2078,11 +2080,13 @@ name = gfxterm; common = term/gfxterm.c; enable = videomodules; @@ -228,7 +228,7 @@ V20: }; module = { -@@ -2202,6 +2206,7 @@ +@@ -2205,6 +2209,7 @@ enable = x86_64_efi; enable = emu; enable = xen; @@ -236,7 +236,7 @@ V20: }; module = { -@@ -2248,6 +2253,7 @@ +@@ -2251,6 +2256,7 @@ module = { name = gfxterm_menu; common = tests/gfxterm_menu.c; @@ -244,7 +244,7 @@ V20: }; module = { -@@ -2409,6 +2415,7 @@ +@@ -2412,6 +2418,7 @@ enable = x86_64_efi; enable = emu; enable = xen; @@ -316,7 +316,7 @@ V20: int --- a/util/grub-install-common.c +++ b/util/grub-install-common.c -@@ -911,6 +911,7 @@ +@@ -924,6 +924,7 @@ [GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64", "efi" }, [GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" }, [GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" }, @@ -415,10 +415,10 @@ V20: + } + } + - grub_install_copy_files (grub_install_source_directory, - grubdir, platform); + size_t ndev = 0; -@@ -1541,6 +1570,7 @@ + /* Write device to a variable so we don't have to traverse /dev every time. */ +@@ -1543,6 +1572,7 @@ case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -426,7 +426,7 @@ V20: grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance")); break; /* pacify warning. */ -@@ -1659,6 +1689,10 @@ +@@ -1661,6 +1691,10 @@ strcpy (mkimage_target, "sparc64-ieee1275-raw"); core_name = "core.img"; break; @@ -437,7 +437,7 @@ V20: /* pacify warning. */ case GRUB_INSTALL_PLATFORM_MAX: break; -@@ -1674,6 +1708,7 @@ +@@ -1676,6 +1710,7 @@ core_name); char *prefix = xasprintf ("%s%s", prefix_drive ? : "", relative_grubdir); @@ -445,7 +445,7 @@ V20: grub_install_make_image_wrap (/* source dir */ grub_install_source_directory, /*prefix */ prefix, /* output */ imgfile, -@@ -1712,6 +1747,10 @@ +@@ -1714,6 +1749,10 @@ /* image target */ mkimage_target, 0); } break; @@ -456,7 +456,7 @@ V20: case GRUB_INSTALL_PLATFORM_ARM_EFI: case GRUB_INSTALL_PLATFORM_ARM64_EFI: case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI: -@@ -2011,6 +2050,10 @@ +@@ -2013,6 +2052,10 @@ } break; diff --git a/grub2.changes b/grub2.changes index 15c6525..4a2fbb8 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Wed Jan 10 08:13:00 UTC 2024 - Michael Chang + +- Version bump to 2.12 (PED-5589) + * Added: + - grub-2.12.tar.xz + - fix_no_extra_deps_in_release_tarball.patch + * Removed: + - grub-2.12~rc1.tar.xz + * Patch dropped as it merged into new version: + - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch + - 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch + - 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch + - 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch + - 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch + - 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch + - 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch + - 0006-fs-ntfs-Make-code-more-readable.patch + - 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch + - 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch + - 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch + - 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch + - 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch + - 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch + * Patch adjusted for the updated base version: + - use-grub2-as-a-package-name.patch + - grub2-s390x-04-grub2-install.patch + - grub2-btrfs-04-grub2-install.patch + - grub2-ppc64le-disable-video.patch + - 0002-AUDIT-0-http-boot-tracker-bug.patch + - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch + - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch + - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch + - 0016-grub-install-support-embedding-x509-certificates.patch + - 0021-appended-signatures-documentation.patch + - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch + - safe_tpm_pcr_snapshot.patch + ------------------------------------------------------------------- Wed Jan 3 10:05:50 UTC 2024 - Michael Chang diff --git a/grub2.spec b/grub2.spec index d2a22c4..7b02ec9 100644 --- a/grub2.spec +++ b/grub2.spec @@ -166,13 +166,13 @@ BuildRequires: fde-tpm-helper-rpm-macros %endif %endif -Version: 2.12~rc1 +Version: 2.12 Release: 0 Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later Group: System/Boot URL: http://www.gnu.org/software/grub/ -Source0: https://alpha.gnu.org/gnu/grub/grub-%{version}.tar.xz +Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz Source1: 90_persistent Source2: grub.default Source4: grub2.rpmlintrc @@ -372,33 +372,21 @@ Patch179: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch Patch180: 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch Patch181: 0001-font-Try-memdisk-fonts-with-the-same-name.patch Patch182: 0001-Make-grub.cfg-compatible-to-old-binaries.patch -Patch183: 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch -Patch184: grub2-change-bash-completion-dir.patch -Patch185: 0001-protectors-Implement-NV-index.patch -Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch -Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch -Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch -Patch189: grub2-mkconfig-riscv64.patch -Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch -Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch -Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch -Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch -Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch -Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch -Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch -Patch197: 0006-fs-ntfs-Make-code-more-readable.patch -Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch -Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch -Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch -Patch201: 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch -Patch202: 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch -Patch203: 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch -Patch204: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch -Patch205: 0002-Restrict-file-access-on-cryptodisk-print.patch -Patch206: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch -Patch207: 0004-Key-revocation-on-out-of-bound-file-access.patch -Patch208: 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch -Patch209: 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch +Patch183: grub2-change-bash-completion-dir.patch +Patch184: 0001-protectors-Implement-NV-index.patch +Patch185: 0002-cryptodisk-Fallback-to-passphrase.patch +Patch186: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch +Patch187: 0004-diskfilter-look-up-cryptodisk-devices-first.patch +Patch188: grub2-mkconfig-riscv64.patch +Patch189: arm64-Use-proper-memory-type-for-kernel-allocation.patch +Patch190: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch +Patch191: Fix-the-size-calculation-for-the-synthesized-initrd.patch +Patch192: 0001-Improve-TPM-key-protection-on-boot-interruptions.patch +Patch193: 0002-Restrict-file-access-on-cryptodisk-print.patch +Patch194: 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch +Patch195: 0004-Key-revocation-on-out-of-bound-file-access.patch +# Workaround for 2.12 tarball +Patch196: fix_no_extra_deps_in_release_tarball.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140 diff --git a/safe_tpm_pcr_snapshot.patch b/safe_tpm_pcr_snapshot.patch index b57523f..f571aaa 100644 --- a/safe_tpm_pcr_snapshot.patch +++ b/safe_tpm_pcr_snapshot.patch @@ -76,7 +76,7 @@ GRUB_MOD_INIT (tpm) --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1501,8 +1501,9 @@ +@@ -1560,8 +1560,9 @@ grub_util_unlink (load_cfg); @@ -87,7 +87,7 @@ load_cfg_f = grub_util_fopen (load_cfg, "wb"); have_load_cfg = 1; fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n"); -@@ -1510,7 +1511,8 @@ +@@ -1569,7 +1570,8 @@ if (debug_image && debug_image[0]) { @@ -96,4 +96,4 @@ + load_cfg_f = grub_util_fopen (load_cfg, "wb"); have_load_cfg = 1; fprintf (load_cfg_f, "set debug='%s'\n", - debug_image); + debug_image); diff --git a/use-grub2-as-a-package-name.patch b/use-grub2-as-a-package-name.patch index 25e2237..2fdd508 100644 --- a/use-grub2-as-a-package-name.patch +++ b/use-grub2-as-a-package-name.patch @@ -18,8 +18,8 @@ Signed-off-by: Jiri Slaby dnl the target type. See INSTALL for full list of variables and dnl description of the relationships between them. --AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org]) -+AC_INIT([GRUB2],[2.12~rc1],[bug-grub@gnu.org]) +-AC_INIT([GRUB],[2.12],[bug-grub@gnu.org]) ++AC_INIT([GRUB2],[2.12],[bug-grub@gnu.org]) AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"], [n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],