From 84c9965d53b6105c8b566c445535c7b50450aa7e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 8 Nov 2022 01:59:16 -0500 Subject: [PATCH] import grub2-2.02-142.el8 --- ...ort-for-trusted-boot-using-a-vTPM-2..patch | 221 ++++++++++++++++++ ...ackport-ibmvtpm-support-to-grub-2.02.patch | 94 ++++++++ ...erpc-do-CAS-in-a-more-compatible-way.patch | 112 +++++++++ ...etection-support-device-names-with-c.patch | 73 ++++++ .../0505-make-ofdisk_retries-optional.patch | 43 ++++ ...oader-grub_load_and_start_image-doe.patch} | 1 - ...ainloader-simplify-the-loader-state.patch} | 1 - ...t-Add-API-to-pass-context-to-loader.patch} | 1 - ...-chainloader-Use-grub_loader_set_ex.patch} | 1 - ...inux-Avoid-a-use-after-free-in-the-.patch} | 1 - ...86-efi-linux-Use-grub_loader_set_ex.patch} | 1 - ...inux-Fix-a-memory-leak-in-the-initr.patch} | 1 - ...leak-device_name-on-error-in-grub_f.patch} | 1 - ...-Abort-sooner-if-a-read-operation-f.patch} | 1 - ...-Refuse-to-handle-multiple-image-he.patch} | 1 - ...-Drop-greyscale-support-to-fix-heap.patch} | 1 - ...-Avoid-heap-OOB-R-W-inserting-huff-.patch} | 1 - ...png-Sanity-check-some-huffman-codes.patch} | 1 - ...g-Abort-sooner-if-a-read-operation-.patch} | 1 - ...g-Do-not-reallocate-a-given-huff-ta.patch} | 1 - ...g-Refuse-to-handle-multiple-start-o.patch} | 1 - ...g-Block-int-underflow-wild-pointer-.patch} | 1 - ...x-array-out-of-bounds-formatting-un.patch} | 1 - ...f-Block-overly-large-netbuff-allocs.patch} | 1 - ...-net-ip-Do-IP-fragment-maths-safely.patch} | 1 - ...e-free-addresses-on-corrupt-DNS-res.patch} | 1 - ...d-past-the-end-of-the-string-we-re-.patch} | 1 - ...a-UAF-and-double-free-from-a-failed.patch} | 1 - ...g-for-grub_error-should-be-a-litera.patch} | 1 - ...> 0530-net-tftp-Avoid-a-trivial-UAF.patch} | 1 - ...ear-down-socket-if-it-s-already-bee.patch} | 1 - ...ix-OOB-write-for-split-http-headers.patch} | 1 - ...r-out-on-headers-with-LF-without-CR.patch} | 1 - ...ad-past-the-end-of-nat-journal-entr.patch} | 1 - ...not-read-past-the-end-of-nat-bitmap.patch} | 1 - ...t-copy-file-names-that-are-too-long.patch} | 1 - ...ral-fuzz-issues-with-invalid-dir-it.patch} | 1 - ...fi_status_t-from-grub_efi_get_varia.patch} | 1 - ...n-to-read-EFI-variables-with-attrib.patch} | 1 - ...0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch} | 1 - ...rub_min-and-grub_max-more-resilient.patch} | 1 - ...S-switch-to-using-grub_min-grub_max.patch} | 1 - ...ot_time-also-call-grub_dprintf-boot.patch} | 1 - ...ules-make-.module_license-read-only.patch} | 1 - ...-.llvm_addrsig-sections-and-similar.patch} | 1 - ...ocate-space-for-non-allocable-secti.patch} | 1 - ...ader-struct-and-fix-some-bad-naming.patch} | 1 - ...el-in-EFI_RUNTIME_SERVICES_CODE-ins.patch} | 1 - ...le-sections-at-page-aligned-address.patch} | 1 - ...nx-add-memory-attribute-get-set-API.patch} | 1 - ...page-permissions-for-loaded-modules.patch} | 1 - ...-nx-set-attrs-in-our-kernel-loaders.patch} | 1 - ...-compatible-flag-in-EFI-grub-images.patch} | 3 +- ...fi_get_variable-type-in-our-loaders.patch} | 1 - ...file-show-which-file-filters-get-run.patch | 47 ++++ ...ed-array-positions-for-our-allocatio.patch | 83 +++++++ ...tion-policy-for-kernel-vs-initrd-mem.patch | 129 ++++++++++ ...ER_-CODE-DATA-for-kernel-and-initrd-.patch | 63 +++++ ...5-implement-vec5-for-cas-negotiation.patch | 72 ++++++ SOURCES/grub.macros | 6 +- SOURCES/grub.patches | 108 +++++---- SOURCES/redhatsecureboot303.cer | Bin 899 -> 0 bytes SOURCES/redhatsecureboot701.cer | Bin 0 -> 916 bytes SPECS/grub2.spec | 53 ++++- 64 files changed, 1045 insertions(+), 110 deletions(-) create mode 100644 SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch create mode 100644 SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch create mode 100644 SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch create mode 100644 SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch create mode 100644 SOURCES/0505-make-ofdisk_retries-optional.patch rename SOURCES/{0501-loader-efi-chainloader-grub_load_and_start_image-doe.patch => 0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch} (97%) rename SOURCES/{0502-loader-efi-chainloader-simplify-the-loader-state.patch => 0507-loader-efi-chainloader-simplify-the-loader-state.patch} (99%) rename SOURCES/{0503-commands-boot-Add-API-to-pass-context-to-loader.patch => 0508-commands-boot-Add-API-to-pass-context-to-loader.patch} (98%) rename SOURCES/{0504-loader-efi-chainloader-Use-grub_loader_set_ex.patch => 0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch} (98%) rename SOURCES/{0505-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch => 0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch} (95%) rename SOURCES/{0506-loader-i386-efi-linux-Use-grub_loader_set_ex.patch => 0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch} (99%) rename SOURCES/{0507-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch => 0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch} (97%) rename SOURCES/{0508-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch => 0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch} (95%) rename SOURCES/{0509-video-readers-png-Abort-sooner-if-a-read-operation-f.patch => 0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch} (98%) rename SOURCES/{0510-video-readers-png-Refuse-to-handle-multiple-image-he.patch => 0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch} (94%) rename SOURCES/{0511-video-readers-png-Drop-greyscale-support-to-fix-heap.patch => 0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch} (98%) rename SOURCES/{0512-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch => 0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch} (95%) rename SOURCES/{0513-video-readers-png-Sanity-check-some-huffman-codes.patch => 0518-video-readers-png-Sanity-check-some-huffman-codes.patch} (96%) rename SOURCES/{0514-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch => 0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch} (99%) rename SOURCES/{0515-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch => 0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch} (94%) rename SOURCES/{0516-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch => 0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch} (96%) rename SOURCES/{0517-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch => 0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch} (96%) rename SOURCES/{0518-normal-charset-Fix-array-out-of-bounds-formatting-un.patch => 0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch} (95%) rename SOURCES/{0519-net-netbuff-Block-overly-large-netbuff-allocs.patch => 0524-net-netbuff-Block-overly-large-netbuff-allocs.patch} (95%) rename SOURCES/{0520-net-ip-Do-IP-fragment-maths-safely.patch => 0525-net-ip-Do-IP-fragment-maths-safely.patch} (95%) rename SOURCES/{0521-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch => 0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch} (96%) rename SOURCES/{0522-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch => 0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch} (97%) rename SOURCES/{0523-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch => 0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch} (98%) rename SOURCES/{0524-misc-Format-string-for-grub_error-should-be-a-litera.patch => 0529-misc-Format-string-for-grub_error-should-be-a-litera.patch} (96%) rename SOURCES/{0525-net-tftp-Avoid-a-trivial-UAF.patch => 0530-net-tftp-Avoid-a-trivial-UAF.patch} (95%) rename SOURCES/{0526-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch => 0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch} (96%) rename SOURCES/{0527-net-http-Fix-OOB-write-for-split-http-headers.patch => 0532-net-http-Fix-OOB-write-for-split-http-headers.patch} (96%) rename SOURCES/{0528-net-http-Error-out-on-headers-with-LF-without-CR.patch => 0533-net-http-Error-out-on-headers-with-LF-without-CR.patch} (96%) rename SOURCES/{0529-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch => 0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch} (97%) rename SOURCES/{0530-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch => 0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch} (98%) rename SOURCES/{0531-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch => 0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch} (95%) rename SOURCES/{0532-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch => 0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch} (97%) rename SOURCES/{0533-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch => 0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch} (98%) rename SOURCES/{0534-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch => 0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch} (97%) rename SOURCES/{0535-Define-GRUB_EFI_SHIM_LOCK_GUID.patch => 0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch} (93%) rename SOURCES/{0536-misc-Make-grub_min-and-grub_max-more-resilient.patch => 0541-misc-Make-grub_min-and-grub_max-more-resilient.patch} (97%) rename SOURCES/{0537-ReiserFS-switch-to-using-grub_min-grub_max.patch => 0542-ReiserFS-switch-to-using-grub_min-grub_max.patch} (98%) rename SOURCES/{0538-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch => 0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch} (96%) rename SOURCES/{0539-modules-make-.module_license-read-only.patch => 0544-modules-make-.module_license-read-only.patch} (95%) rename SOURCES/{0540-modules-strip-.llvm_addrsig-sections-and-similar.patch => 0545-modules-strip-.llvm_addrsig-sections-and-similar.patch} (95%) rename SOURCES/{0541-modules-Don-t-allocate-space-for-non-allocable-secti.patch => 0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch} (95%) rename SOURCES/{0542-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch => 0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch} (97%) rename SOURCES/{0543-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch => 0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch} (98%) rename SOURCES/{0544-modules-load-module-sections-at-page-aligned-address.patch => 0549-modules-load-module-sections-at-page-aligned-address.patch} (99%) rename SOURCES/{0545-nx-add-memory-attribute-get-set-API.patch => 0550-nx-add-memory-attribute-get-set-API.patch} (99%) rename SOURCES/{0546-nx-set-page-permissions-for-loaded-modules.patch => 0551-nx-set-page-permissions-for-loaded-modules.patch} (99%) rename SOURCES/{0547-nx-set-attrs-in-our-kernel-loaders.patch => 0552-nx-set-attrs-in-our-kernel-loaders.patch} (99%) rename SOURCES/{0548-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch => 0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch} (93%) rename SOURCES/{0549-Fixup-grub_efi_get_variable-type-in-our-loaders.patch => 0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch} (96%) create mode 100644 SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch create mode 100644 SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch create mode 100644 SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch create mode 100644 SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch create mode 100644 SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch delete mode 100644 SOURCES/redhatsecureboot303.cer create mode 100644 SOURCES/redhatsecureboot701.cer diff --git a/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch b/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch new file mode 100644 index 0000000..a2d6ebc --- /dev/null +++ b/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch @@ -0,0 +1,221 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Sun, 15 Mar 2020 12:37:10 -0400 +Subject: [PATCH] ibmvtpm: Add support for trusted boot using a vTPM 2.0 + +Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 +PowerPC platform. With this patch grub now measures text and binary data +into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform +does. + +This patch requires Daniel Axtens's patches for claiming more memory. + +For vTPM support to work on PowerVM, system driver levels 1010.30 +or 1020.00 are required. + +Note: Previous versions of firmware levels with the 2hash-ext-log +API call have a bug that, once this API call is invoked, has the +effect of disabling the vTPM driver under Linux causing an error +message to be displayed in the Linux kernel log. Those users will +have to update their machines to the firmware levels mentioned +above. + +Cc: Eric Snowberg +Signed-off-by: Stefan Berger +--- + grub-core/Makefile.core.def | 7 ++ + grub-core/commands/ieee1275/ibmvtpm.c | 152 ++++++++++++++++++++++++++++++++++ + include/grub/ieee1275/ieee1275.h | 3 + + 3 files changed, 162 insertions(+) + create mode 100644 grub-core/commands/ieee1275/ibmvtpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index ef06f8c95a..b11f74e6b2 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1104,6 +1104,13 @@ module = { + enable = powerpc_ieee1275; + }; + ++module = { ++ name = tpm; ++ common = commands/tpm.c; ++ ieee1275 = commands/ieee1275/ibmvtpm.c; ++ enable = powerpc_ieee1275; ++}; ++ + module = { + name = terminal; + common = commands/terminal.c; +diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c +new file mode 100644 +index 0000000000..e68b8448bc +--- /dev/null ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -0,0 +1,152 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * Copyright (C) 2021 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * IBM vTPM support code. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static grub_ieee1275_ihandle_t tpm_ihandle; ++static grub_uint8_t tpm_version; ++ ++#define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_ihandle_t)0) ++ ++static void ++tpm_get_tpm_version (void) ++{ ++ grub_ieee1275_phandle_t vtpm; ++ char buffer[20]; ++ ++ if (!grub_ieee1275_finddevice ("/vdevice/vtpm", &vtpm) && ++ !grub_ieee1275_get_property (vtpm, "compatible", buffer, ++ sizeof (buffer), NULL) && ++ !grub_strcmp (buffer, "IBM,vtpm20")) ++ tpm_version = 2; ++} ++ ++static grub_err_t ++tpm_init (void) ++{ ++ static int init_success = 0; ++ ++ if (!init_success) ++ { ++ if (grub_ieee1275_open ("/vdevice/vtpm", &tpm_ihandle) < 0) { ++ tpm_ihandle = IEEE1275_IHANDLE_INVALID; ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++ ++ init_success = 1; ++ ++ tpm_get_tpm_version (); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static int ++ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex, ++ grub_uint32_t eventtype, ++ const char *description, ++ grub_size_t description_size, ++ void *buf, grub_size_t size) ++{ ++ struct tpm_2hash_ext_log ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t size; ++ grub_ieee1275_cell_t buf; ++ grub_ieee1275_cell_t description_size; ++ grub_ieee1275_cell_t description; ++ grub_ieee1275_cell_t eventtype; ++ grub_ieee1275_cell_t pcrindex; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t rc; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2); ++ args.method = (grub_ieee1275_cell_t) "2hash-ext-log"; ++ args.ihandle = tpm_ihandle; ++ args.pcrindex = pcrindex; ++ args.eventtype = eventtype; ++ args.description = (grub_ieee1275_cell_t) description; ++ args.description_size = description_size; ++ args.buf = (grub_ieee1275_cell_t) buf; ++ args.size = (grub_ieee1275_cell_t) size; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ return -1; ++ ++ /* ++ * catch_result is set if firmware does not support 2hash-ext-log ++ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure ++ */ ++ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE) ++ return -1; ++ ++ return 0; ++} ++ ++static grub_err_t ++tpm2_log_event (unsigned char *buf, ++ grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ static int error_displayed = 0; ++ int err; ++ ++ err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, ++ description, ++ grub_strlen(description) + 1, ++ buf, size); ++ if (err && !error_displayed) ++ { ++ error_displayed++; ++ return grub_error (GRUB_ERR_BAD_DEVICE, ++ "2HASH-EXT-LOG failed: Firmware is likely too old.\n"); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++grub_err_t ++grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ grub_err_t err = tpm_init(); ++ ++ /* Absence of a TPM isn't a failure. */ ++ if (err != GRUB_ERR_NONE) ++ return GRUB_ERR_NONE; ++ ++ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", ++ pcr, size, description); ++ ++ if (tpm_version == 2) ++ return tpm2_log_event (buf, size, pcr, description); ++ ++ return GRUB_ERR_NONE; ++} +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 131808d619..87b9f95d34 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -24,6 +24,9 @@ + #include + #include + ++#define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) ++#define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) ++ + struct grub_ieee1275_mem_region + { + unsigned int start; diff --git a/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch b/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch new file mode 100644 index 0000000..ba6a869 --- /dev/null +++ b/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch @@ -0,0 +1,94 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Fri, 11 Feb 2022 16:34:23 -0500 +Subject: [PATCH] ibmvtpm: Backport ibmvtpm support to grub 2.02 + +Backport ibmvtpm support to grub 2.02 by making as few changes to the +source as possible and building it into the core. + +Since ibmvtpm support is built into grub 2.02 do not print the error +message we would typically print if it was a module and the user had +a choice to not use vTPM support if there was no vTPM by avoiding +to use the module. + +Signed-off-by: Stefan Berger +--- + grub-core/Makefile.core.def | 8 +------- + grub-core/commands/ieee1275/ibmvtpm.c | 13 ++++++++++--- + include/grub/tpm.h | 2 +- + 3 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index b11f74e6b2..637d7203e3 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -298,6 +298,7 @@ kernel = { + powerpc_ieee1275 = kern/powerpc/cache.S; + powerpc_ieee1275 = kern/powerpc/dl.c; + powerpc_ieee1275 = kern/powerpc/compiler-rt.S; ++ powerpc_ieee1275 = commands/ieee1275/ibmvtpm.c; + + sparc64_ieee1275 = kern/sparc64/cache.S; + sparc64_ieee1275 = kern/sparc64/dl.c; +@@ -1104,13 +1105,6 @@ module = { + enable = powerpc_ieee1275; + }; + +-module = { +- name = tpm; +- common = commands/tpm.c; +- ieee1275 = commands/ieee1275/ibmvtpm.c; +- enable = powerpc_ieee1275; +-}; +- + module = { + name = terminal; + common = commands/terminal.c; +diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c +index e68b8448bc..728b2cbdcd 100644 +--- a/grub-core/commands/ieee1275/ibmvtpm.c ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -115,7 +115,8 @@ tpm2_log_event (unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, + const char *description) + { +- static int error_displayed = 0; ++ /* Do not print error since vTPM support is built-in */ ++ static int error_displayed = 1; + int err; + + err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, +@@ -132,8 +133,8 @@ tpm2_log_event (unsigned char *buf, + return GRUB_ERR_NONE; + } + +-grub_err_t +-grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++static grub_err_t ++_grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + const char *description) + { + grub_err_t err = tpm_init(); +@@ -150,3 +151,9 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + + return GRUB_ERR_NONE; + } ++ ++grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, ++ grub_uint8_t pcr, const char *description) ++{ ++ return _grub_tpm_measure(buf, size, pcr, description); ++} +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index ce52be4ff7..52af2b8448 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -69,7 +69,7 @@ typedef struct { + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *kind, + const char *description); +-#if defined (GRUB_MACHINE_EFI) ++#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_IEEE1275) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + PassThroughToTPM_OutputParamBlock *outbuf); + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, diff --git a/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch b/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch new file mode 100644 index 0000000..b33cab3 --- /dev/null +++ b/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch @@ -0,0 +1,112 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 8 Apr 2022 12:35:28 +1000 +Subject: [PATCH] powerpc: do CAS in a more compatible way + +I wrongly assumed that the most compatible way to perform CAS +negotiation was to only set the minimum number of vectors required +to ask for more memory. It turns out that this messes up booting +if the minimum VP capacity would be less than the default 10% in +vector 4. + +Linux configures the minimum capacity to be 1%, so copy it for that +and for vector 3 which we now need to specify as well. + +Signed-off-by: Daniel Axtens +(cherry picked from commit e6f02ad4e75cd995a8ee2954d28949c415b6cbfe) +(cherry picked from commit 9f825ebc319c56ca503741e6dc1a0f27ff36fe2d) +--- + grub-core/kern/ieee1275/init.c | 54 ++++++++++++++++++++++++------------------ + 1 file changed, 31 insertions(+), 23 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index adf4bd5a88..1414695cc6 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -294,33 +294,37 @@ grub_ieee1275_total_mem (grub_uint64_t *total) + + /* Based on linux - arch/powerpc/kernel/prom_init.c */ + struct option_vector2 { +- grub_uint8_t byte1; +- grub_uint16_t reserved; +- grub_uint32_t real_base; +- grub_uint32_t real_size; +- grub_uint32_t virt_base; +- grub_uint32_t virt_size; +- grub_uint32_t load_base; +- grub_uint32_t min_rma; +- grub_uint32_t min_load; +- grub_uint8_t min_rma_percent; +- grub_uint8_t max_pft_size; ++ grub_uint8_t byte1; ++ grub_uint16_t reserved; ++ grub_uint32_t real_base; ++ grub_uint32_t real_size; ++ grub_uint32_t virt_base; ++ grub_uint32_t virt_size; ++ grub_uint32_t load_base; ++ grub_uint32_t min_rma; ++ grub_uint32_t min_load; ++ grub_uint8_t min_rma_percent; ++ grub_uint8_t max_pft_size; + } __attribute__((packed)); + + struct pvr_entry { +- grub_uint32_t mask; +- grub_uint32_t entry; ++ grub_uint32_t mask; ++ grub_uint32_t entry; + }; + + struct cas_vector { +- struct { +- struct pvr_entry terminal; +- } pvr_list; +- grub_uint8_t num_vecs; +- grub_uint8_t vec1_size; +- grub_uint8_t vec1; +- grub_uint8_t vec2_size; +- struct option_vector2 vec2; ++ struct { ++ struct pvr_entry terminal; ++ } pvr_list; ++ grub_uint8_t num_vecs; ++ grub_uint8_t vec1_size; ++ grub_uint8_t vec1; ++ grub_uint8_t vec2_size; ++ struct option_vector2 vec2; ++ grub_uint8_t vec3_size; ++ grub_uint16_t vec3; ++ grub_uint8_t vec4_size; ++ grub_uint16_t vec4; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -341,13 +345,17 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 2 - 1, ++ .num_vecs = 4 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, + .vec2 = { + 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 + }, ++ .vec3_size = 2 - 1, ++ .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied ++ .vec4_size = 2 - 1, ++ .vec4 = 0x0001, // set required minimum capacity % to the lowest value + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); +@@ -360,7 +368,7 @@ grub_ieee1275_ibm_cas (void) + args.ihandle = root; + args.cas_addr = (grub_ieee1275_cell_t)&vector; + +- grub_printf("Calling ibm,client-architecture-support..."); ++ grub_printf("Calling ibm,client-architecture-support from grub..."); + IEEE1275_CALL_ENTRY_FN (&args); + grub_printf("done\n"); + diff --git a/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch b/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch new file mode 100644 index 0000000..50a5d64 --- /dev/null +++ b/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 24 Mar 2022 14:34:32 +1100 +Subject: [PATCH] powerpc: prefix detection: support device names with commas + +Frustratingly, the device name itself can contain an embedded comma: +e.g /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b + +So my previous approach was wrong: we cannot rely upon the presence +of a comma to say that a partition has been specified! + +It turns out for prefixes like (,gpt2)/grub2 we really want to make +up a full (device,partition)/patch prefix, because root discovery code +in 10_linux will reset the root variable and use search to fill it again. +If you have run grub-install, you probably don't have search built in, +and if you don't have prefix containing (device,partition), grub will +construct ($root)$prefix/powerpc-ieee1275/search.mod - but because $root +has just been changed, this will no longer work, and the boot will fail! + +Retain the gist of the logic, but instead of looking for a comma, look for +a leading '('. This matches the earlier code better anyway. + +There's certainly a better fix to be had. But any time you chose to build +with a bare prefix like '/grub2', you're almost certainly going to build in +search anyway, so this will do. + +Signed-off-by: Daniel Axtens +(cherry picked from commit 80b6eb5e55e6d1a4c9896361e61de31c29e6939d) +(cherry picked from commit f3df9f1c2335df22d020e80583d932e254594f0e) +--- + grub-core/kern/main.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 40a709117f..abbf8af9e6 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -241,14 +241,29 @@ grub_set_prefix_and_root (void) + what sorts of paths represent disks with partition tables and those + without partition tables. + +- So we act unless there is a comma in the device, which would indicate +- a partition has already been specified. ++ - Frustratingly, the device name itself can contain an embedded comma: ++ /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b ++ So we cannot even rely upon the presence of a comma to say that a ++ partition has been specified! + +- (If we only have a path, the code in normal to discover config files +- will try both without partitions and then with any partitions so we +- will cover both CDs and HDs.) ++ If we only have a path in $prefix, the code in normal to discover ++ config files will try all disks, both without partitions and then with ++ any partitions so we will cover both CDs and HDs. ++ ++ However, it doesn't then set the prefix to be something like ++ (discovered partition)/path, and so it is fragile against runtime ++ changes to $root. For example some of the stuff done in 10_linux to ++ reload $root sets root differently and then uses search to find it ++ again. If the search module is not built in, when we change root, grub ++ will look in (new root)/path/powerpc-ieee1275, that won't work, and we ++ will not be able to load the search module and the boot will fail. ++ ++ This is particularly likely to hit us in the grub-install ++ (,msdos2)/grub2 case, so we act unless the supplied prefix starts with ++ '(', which would likely indicate a partition has already been ++ specified. + */ +- if (grub_strchr (device, ',') == NULL) ++ if (prefix && prefix[0] != '(') + grub_env_set ("prefix", path); + else + #endif diff --git a/SOURCES/0505-make-ofdisk_retries-optional.patch b/SOURCES/0505-make-ofdisk_retries-optional.patch new file mode 100644 index 0000000..fce9702 --- /dev/null +++ b/SOURCES/0505-make-ofdisk_retries-optional.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 24 Mar 2022 13:14:42 -0400 +Subject: [PATCH] make ofdisk_retries optional + +The feature Retry on Fail added to GRUB can cause a LPM to take +longer if the SAN is slow. + +When a LPM to external site occur, the path of the disk can change +and thus the disk search function on grub can take some time since +it is used as a hint. This can cause the Retry on Fail feature to +try to access the disk 20x times (since this is hardcoded number) +and, if the SAN is slow, the boot time can increase a lot. +In some situations not acceptable. + +The following patch enables a configuration at user space of the +maximum number of retries we want for this feature. + +The variable ofdisk_retries should be set using grub2-editenv +and will be checked by retry function. If the variable is not set, +so the default number of retries will be used instead. +--- + include/grub/ieee1275/ofdisk.h | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/include/grub/ieee1275/ofdisk.h b/include/grub/ieee1275/ofdisk.h +index 7d2d540930..0074d55eee 100644 +--- a/include/grub/ieee1275/ofdisk.h ++++ b/include/grub/ieee1275/ofdisk.h +@@ -25,7 +25,12 @@ extern void grub_ofdisk_fini (void); + #define MAX_RETRIES 20 + + +-#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) unsigned retry_i=0;for(retry_i=0; retry_i < MAX_RETRIES; retry_i++){ \ ++#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) \ ++ unsigned max_retries = MAX_RETRIES; \ ++ if(grub_env_get("ofdisk_retries") != NULL) \ ++ max_retries = grub_strtoul(grub_env_get("ofdisk_retries"), 0, 10)+1; \ ++ grub_dprintf("ofdisk","MAX_RETRIES set to %u\n",max_retries); \ ++ unsigned retry_i=0;for(retry_i=0; retry_i < max_retries; retry_i++){ \ + if(!grub_ieee1275_open(device, last_ihandle)) \ + break; \ + grub_dprintf("ofdisk","Opening disk %s failed. Retrying...\n",device); } diff --git a/SOURCES/0501-loader-efi-chainloader-grub_load_and_start_image-doe.patch b/SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch similarity index 97% rename from SOURCES/0501-loader-efi-chainloader-grub_load_and_start_image-doe.patch rename to SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch index 1383d29..6472129 100644 --- a/SOURCES/0501-loader-efi-chainloader-grub_load_and_start_image-doe.patch +++ b/SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch @@ -18,7 +18,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) (cherry picked from commit 05b16a6be50b1910609740a66b561276fa490538) (cherry picked from commit 16486a34f3aa41a94e334e86db1a1e21e9b0a45f) -(cherry picked from commit 4a23f40cb6400d94621de688a7e79dfe124f5a63) --- grub-core/loader/efi/chainloader.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/SOURCES/0502-loader-efi-chainloader-simplify-the-loader-state.patch b/SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch similarity index 99% rename from SOURCES/0502-loader-efi-chainloader-simplify-the-loader-state.patch rename to SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch index 4eb34ff..83b8823 100644 --- a/SOURCES/0502-loader-efi-chainloader-simplify-the-loader-state.patch +++ b/SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch @@ -20,7 +20,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit 6080ad5d91d6a80d5f67c592dd33b6dd413e9453) [rharwood: double frees and unintialized, context fuzz - orig_dp] Signed-off-by: Robbie Harwood -(cherry picked from commit b44b88ae45008611ec0469fb47139f4c0d1ee233) --- grub-core/loader/efi/chainloader.c | 160 +++++++++++++++++++++++-------------- 1 file changed, 102 insertions(+), 58 deletions(-) diff --git a/SOURCES/0503-commands-boot-Add-API-to-pass-context-to-loader.patch b/SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch similarity index 98% rename from SOURCES/0503-commands-boot-Add-API-to-pass-context-to-loader.patch rename to SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch index 4270078..a036524 100644 --- a/SOURCES/0503-commands-boot-Add-API-to-pass-context-to-loader.patch +++ b/SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch @@ -20,7 +20,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) (cherry picked from commit 937ad0e2159b6b8cb0d2ce3515da3a8b797c7927) (cherry picked from commit 873038ae7048f6cae8a3ebb2f97a8d361a080e13) -(cherry picked from commit 7eefe9ba7e8f1557705f0f854ab7a3014d6cb5e2) --- grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ include/grub/loader.h | 5 ++++ diff --git a/SOURCES/0504-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch similarity index 98% rename from SOURCES/0504-loader-efi-chainloader-Use-grub_loader_set_ex.patch rename to SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch index 4ccc6df..d494a85 100644 --- a/SOURCES/0504-loader-efi-chainloader-Use-grub_loader_set_ex.patch +++ b/SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -11,7 +11,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) (cherry picked from commit fc1a79bf0e0bc019362ace46d908a92b48dcd55b) (cherry picked from commit f5b653dfe00271384ff7fbd82db926ab95dbd80e) -(cherry picked from commit 535a9d787f71ed6eb43e7c3a136a149684ec62ea) [rharwood: context sludge from previous commit] Signed-off-by: Robbie Harwood --- diff --git a/SOURCES/0505-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch b/SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch similarity index 95% rename from SOURCES/0505-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch rename to SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch index cdbd769..f8809e6 100644 --- a/SOURCES/0505-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch +++ b/SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch @@ -14,7 +14,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) (cherry picked from commit 4744b62e20d07674017213ac54d7442d679f9d1a) (cherry picked from commit 329633cb060957c3d2aca677ac733f07b213a63f) -(cherry picked from commit 47b839b0a801ee4852447a85fb5de91dc7d2c856) --- grub-core/loader/i386/efi/linux.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/SOURCES/0506-loader-i386-efi-linux-Use-grub_loader_set_ex.patch b/SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch similarity index 99% rename from SOURCES/0506-loader-i386-efi-linux-Use-grub_loader_set_ex.patch rename to SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch index a0f04a2..981ea45 100644 --- a/SOURCES/0506-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +++ b/SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch @@ -20,7 +20,6 @@ Signed-off-by: Chris Coulson [rharwood: verifying twice] Signed-off-by: Robbie Harwood (cherry picked from commit df804892f1a754d88a9779320f9429bf40d2a1b3) -(cherry picked from commit d1b506f6c910b96ad47a20247b438c6402a74948) --- grub-core/loader/i386/efi/linux.c | 146 +++++++++++++++++++++++--------------- 1 file changed, 87 insertions(+), 59 deletions(-) diff --git a/SOURCES/0507-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch b/SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch similarity index 97% rename from SOURCES/0507-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch rename to SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch index 6236395..1a8cae9 100644 --- a/SOURCES/0507-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +++ b/SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch @@ -11,7 +11,6 @@ Signed-off-by: Chris Coulson (cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) (cherry picked from commit 62234d6a00e6d1dd8e017ff161d359feb5234082) (cherry picked from commit bda5a10716dc9676400dce1374232452f46d0bc4) -(cherry picked from commit b862299a8502282a09af8e6c6189edd5b0a368b0) --- grub-core/loader/i386/efi/linux.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/SOURCES/0508-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch similarity index 95% rename from SOURCES/0508-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch rename to SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch index 3afccaf..aff3231 100644 --- a/SOURCES/0508-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +++ b/SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch @@ -15,7 +15,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea) (cherry picked from commit 2ec50b289d8b24922433439533113087f111f110) (cherry picked from commit 17c36ae88d7d6040cabc01cd4a21e71ff4731668) -(cherry picked from commit 723e7dbedb7669343e564d453d21b8ed2ab81216) --- grub-core/kern/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SOURCES/0509-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch similarity index 98% rename from SOURCES/0509-video-readers-png-Abort-sooner-if-a-read-operation-f.patch rename to SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch index db3764a..12dba4d 100644 --- a/SOURCES/0509-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +++ b/SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch @@ -13,7 +13,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 882be97d1df6449b9fd4d593f0cb70005fde3494) (cherry picked from commit 3f6fc3ebfd58fcdb3fe6c2f7a5a4fa05772ae786) (cherry picked from commit aac5b8257d4078c3f764216aeae3367bdc19043f) -(cherry picked from commit e9e58c9711de334fcf48a651ee20c21f2855a4bd) --- grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/SOURCES/0510-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch similarity index 94% rename from SOURCES/0510-video-readers-png-Refuse-to-handle-multiple-image-he.patch rename to SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch index f882341..e6bad78 100644 --- a/SOURCES/0510-video-readers-png-Refuse-to-handle-multiple-image-he.patch +++ b/SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch @@ -10,7 +10,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 8ce433557adeadbc46429aabb9f850b02ad2bdfb) (cherry picked from commit 6e10bba6a4cbfd6c7bf116f41fd4e037465e19d8) (cherry picked from commit 812272d919ecfd368c008f15b677d369616ada54) -(cherry picked from commit c04569b35600aa29d5b4cd8990a8ee1dd1162c72) --- grub-core/video/readers/png.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SOURCES/0511-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch similarity index 98% rename from SOURCES/0511-video-readers-png-Drop-greyscale-support-to-fix-heap.patch rename to SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch index ba88782..5233539 100644 --- a/SOURCES/0511-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +++ b/SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -37,7 +37,6 @@ Reviewed-by: Daniel Kiper Signed-off-by: Robbie Harwood (cherry picked from commit 4c631c8119206b3178912df2905434d967661c3d) (cherry picked from commit 6d5d5f51266b8113c6ba560835500e3c135f3722) -(cherry picked from commit b20fc5589561a8c57a2071b2ae93fcdcf51a10d4) --- grub-core/video/readers/png.c | 85 +++---------------------------------------- 1 file changed, 6 insertions(+), 79 deletions(-) diff --git a/SOURCES/0512-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch similarity index 95% rename from SOURCES/0512-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch rename to SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch index a25685c..8c59310 100644 --- a/SOURCES/0512-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +++ b/SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch @@ -18,7 +18,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 1ae9a91d42cb40da8a6f11fac65541858e340afa) (cherry picked from commit 132ccc681cf642ad748580f26b54c9259a7f43fd) (cherry picked from commit 3a70e1f6e69af6e0d3c3cf526faa44dc0c80ac19) -(cherry picked from commit 809d25ffa6b89d390a66d2f3cf3090196f07e2aa) --- grub-core/video/readers/png.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/SOURCES/0513-video-readers-png-Sanity-check-some-huffman-codes.patch b/SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch similarity index 96% rename from SOURCES/0513-video-readers-png-Sanity-check-some-huffman-codes.patch rename to SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch index 4ba2e4d..ca2e209 100644 --- a/SOURCES/0513-video-readers-png-Sanity-check-some-huffman-codes.patch +++ b/SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch @@ -12,7 +12,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit c3a8ab0cbd24153ec7b1f84a96ddfdd72ef8d117) (cherry picked from commit 5d09addf58086aa11d5f9a91af5632ff87c2d2ee) (cherry picked from commit ff12584f9376a472f37d4ec14213fd29bf3b233a) -(cherry picked from commit ac8b5464a076d2e38ecf7f761be9cd1f5bbeb784) --- grub-core/video/readers/png.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SOURCES/0514-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch similarity index 99% rename from SOURCES/0514-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch rename to SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch index b5c2ca9..5d71be6 100644 --- a/SOURCES/0514-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +++ b/SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -13,7 +13,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit ab2e5d2e4bff488bbb557ed435a61ae102ef9f0c) (cherry picked from commit 1ff8df0d2dea8ec7c8575241d5e7d6622c204ec3) (cherry picked from commit b07767383b74a0ce7135c09ba8701510d4ad32f0) -(cherry picked from commit 5f097165152d61d4aea02f26dc789d840147d50e) --- grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 70 insertions(+), 16 deletions(-) diff --git a/SOURCES/0515-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch similarity index 94% rename from SOURCES/0515-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch rename to SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch index 7677c8d..fb89198 100644 --- a/SOURCES/0515-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +++ b/SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch @@ -11,7 +11,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9) (cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b) (cherry picked from commit aae6bac7f26c6b848156ed7adcff83309b833664) -(cherry picked from commit bc58c0da3aed59486042759a03fe61a9782e36ce) --- grub-core/video/readers/jpeg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SOURCES/0516-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch similarity index 96% rename from SOURCES/0516-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch rename to SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch index bc4ef25..b484648 100644 --- a/SOURCES/0516-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +++ b/SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -15,7 +15,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f) (cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827) (cherry picked from commit 75afb375ef46bc99a7faf5879d0283934e34db97) -(cherry picked from commit 82f8de94e19be775cdabd05528dc7acf0cb485a7) --- grub-core/video/readers/jpeg.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/SOURCES/0517-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch similarity index 96% rename from SOURCES/0517-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch rename to SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch index 9434ba1..90decbc 100644 --- a/SOURCES/0517-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +++ b/SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch @@ -34,7 +34,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 41aeb2004db9924fecd9f2dd64bc2a5a5594a4b5) (cherry picked from commit 5f9582490792108306d047379fed2371bee286f8) (cherry picked from commit 7e4bf25d9bb5219fbf11c523296dc3bd78b80698) -(cherry picked from commit 397ecffe404b892470c41f4d24340526d3d33666) --- grub-core/video/readers/jpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SOURCES/0518-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch similarity index 95% rename from SOURCES/0518-normal-charset-Fix-array-out-of-bounds-formatting-un.patch rename to SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch index 2043b05..6cbd3a5 100644 --- a/SOURCES/0518-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +++ b/SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch @@ -17,7 +17,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d) (cherry picked from commit f2c10aaf335b88a69885375c4d68ffab2429df77) (cherry picked from commit 4c942e1ba8d1f1199a58d2eb139022ae22f75cb2) -(cherry picked from commit 83efea59ad671d043b3a48fe0581f11beb63303c) --- grub-core/normal/charset.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SOURCES/0519-net-netbuff-Block-overly-large-netbuff-allocs.patch b/SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch similarity index 95% rename from SOURCES/0519-net-netbuff-Block-overly-large-netbuff-allocs.patch rename to SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch index 6d590ee..5a59ff4 100644 --- a/SOURCES/0519-net-netbuff-Block-overly-large-netbuff-allocs.patch +++ b/SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch @@ -14,7 +14,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) (cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183) (cherry picked from commit e47ad2eb4fe38ef2bdcab52245286f31170e73e3) -(cherry picked from commit 3517b6baf69ee77065f0216ff29190ad392a2c84) --- grub-core/net/netbuff.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/SOURCES/0520-net-ip-Do-IP-fragment-maths-safely.patch b/SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch similarity index 95% rename from SOURCES/0520-net-ip-Do-IP-fragment-maths-safely.patch rename to SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch index 433d703..e4b8f45 100644 --- a/SOURCES/0520-net-ip-Do-IP-fragment-maths-safely.patch +++ b/SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch @@ -12,7 +12,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit eb74e5743ca7e18a5e75c392fe0b21d1549a1936) (cherry picked from commit 552ad34583e788542e9ca08524a0d4bc8f98c297) (cherry picked from commit 2c8cb7e3b8b48b136a950e5692fa6251b76df90e) -(cherry picked from commit 17bb2fe79e6b9688cf2008b840af9022804204ec) --- grub-core/net/ip.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/SOURCES/0521-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch similarity index 96% rename from SOURCES/0521-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch rename to SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch index 1fa2c3e..11f6cb6 100644 --- a/SOURCES/0521-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +++ b/SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch @@ -34,7 +34,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit eb2e69fcf51307757e43f55ee8c9354d1ee42dd1) (cherry picked from commit d801a27e7acec6c1a83067fab0bb975877eaf704) (cherry picked from commit 4d8b6e36ddfda4084e370b3b08c432e8a462e9be) -(cherry picked from commit ae133c18f304cb0a22c569c98abc62e15ccf56d0) --- grub-core/net/dns.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SOURCES/0522-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch similarity index 97% rename from SOURCES/0522-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch rename to SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch index bd7797a..d641a9e 100644 --- a/SOURCES/0522-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +++ b/SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch @@ -13,7 +13,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 6a97b3f4b1d5173aa516edc6dedbc63de7306d21) (cherry picked from commit e0589624e86bc96666cbdb62f6e55cafec2871b3) (cherry picked from commit 95ecbc0b9aacfd43ba96cccc50daaf39eccd9f7f) -(cherry picked from commit 110eee925ecd9efeebb8d018b042fcf067a443c2) --- grub-core/net/dns.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/SOURCES/0523-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch similarity index 98% rename from SOURCES/0523-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch rename to SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch index 6df1527..dc4aab2 100644 --- a/SOURCES/0523-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +++ b/SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch @@ -46,7 +46,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit dada1dda695439bb55b2848dddc2d89843552f81) (cherry picked from commit 352c5ae8a9fc715712e6ecbd7ccb6218122c748f) (cherry picked from commit 61a010085ab9f0ecf42677773a6fc212f1579b0a) -(cherry picked from commit 277d38531a47be78ac5062894e449726db2baf65) --- grub-core/net/net.c | 11 +++++++++-- grub-core/net/tftp.c | 1 + diff --git a/SOURCES/0524-misc-Format-string-for-grub_error-should-be-a-litera.patch b/SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch similarity index 96% rename from SOURCES/0524-misc-Format-string-for-grub_error-should-be-a-litera.patch rename to SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch index f4a4f32..ae0ec53 100644 --- a/SOURCES/0524-misc-Format-string-for-grub_error-should-be-a-litera.patch +++ b/SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch @@ -6,7 +6,6 @@ Subject: [PATCH] misc: Format string for grub_error() should be a literal Signed-off-by: Glenn Washburn Reviewed-by: Daniel Kiper (cherry-picked from commit 60875f4e15d704b875969b415501802b531c4db3) -(cherry-picked from commit 6353cbd63cb3615a2b7aece183e3b177250d9415) --- grub-core/loader/efi/chainloader.c | 2 +- grub-core/net/tftp.c | 2 +- diff --git a/SOURCES/0525-net-tftp-Avoid-a-trivial-UAF.patch b/SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch similarity index 95% rename from SOURCES/0525-net-tftp-Avoid-a-trivial-UAF.patch rename to SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch index 8c44b1f..f6f77f3 100644 --- a/SOURCES/0525-net-tftp-Avoid-a-trivial-UAF.patch +++ b/SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch @@ -16,7 +16,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 956f4329cec23e4375182030ca9b2be631a61ba5) (cherry picked from commit dbe9abcdee6ce796811111b67e3f24eefe2135d1) (cherry picked from commit 72ae9c5d389d2c0337c44edead6e00db0bb84039) -(cherry picked from commit 6a367d5b45cee3b452319cbaba1052f045c68081) --- grub-core/net/tftp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOURCES/0526-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch similarity index 96% rename from SOURCES/0526-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch rename to SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch index 75082a8..6fcb3c6 100644 --- a/SOURCES/0526-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +++ b/SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch @@ -15,7 +15,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85) (cherry picked from commit d39cf87ed701b9f0900daed7f672e07994d37ce8) (cherry picked from commit e0aa5c3acec70eac3489d6df1893a93726cbce3a) -(cherry picked from commit d29000397693cae279291b75ff89e5b9a5e2ed97) --- grub-core/net/http.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SOURCES/0527-net-http-Fix-OOB-write-for-split-http-headers.patch b/SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch similarity index 96% rename from SOURCES/0527-net-http-Fix-OOB-write-for-split-http-headers.patch rename to SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch index eea35d6..daabc9e 100644 --- a/SOURCES/0527-net-http-Fix-OOB-write-for-split-http-headers.patch +++ b/SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -27,7 +27,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit e9fb459638811c12b0989dbf64e3e124974ef617) (cherry picked from commit b604916beb6c39e8ed27f72851eb16f3eaa293c5) (cherry picked from commit c3c6b1167a43275991efd6847160a46ce3839fae) -(cherry picked from commit 9b4ef71ed4f6fce00e868e3223cdbfb734e840d6) --- grub-core/net/http.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SOURCES/0528-net-http-Error-out-on-headers-with-LF-without-CR.patch b/SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch similarity index 96% rename from SOURCES/0528-net-http-Error-out-on-headers-with-LF-without-CR.patch rename to SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch index a50904e..86a3b28 100644 --- a/SOURCES/0528-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ b/SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -24,7 +24,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit d232ad41ac4979a9de4d746e5fdff9caf0e303de) (cherry picked from commit 8960e6d6137090a7e8c6592077da6e387a4ef972) (cherry picked from commit 9b6b9398c90dd76ce0b935d21c4ecb8954c4b2b7) -(cherry picked from commit 3eef2cc845f7ed34a89d8d0a7042d7768e43eaad) --- grub-core/net/http.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/SOURCES/0529-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch similarity index 97% rename from SOURCES/0529-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch rename to SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch index 93637a4..684fc75 100644 --- a/SOURCES/0529-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +++ b/SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch @@ -15,7 +15,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit a3988cb3f0a108dd67ac127a79a4c8479d23334e) (cherry picked from commit 7125978aa7d6068812ef6da0ab38ce521ae7eba1) (cherry picked from commit e488538cbf9fc63796c7047550b0598e1ef95c03) -(cherry picked from commit a2e520d7ced2ded854fb24f3718530e1e6d7dd5e) --- grub-core/fs/f2fs.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/SOURCES/0530-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch similarity index 98% rename from SOURCES/0530-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch rename to SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch index 07de7cd..30ea7c6 100644 --- a/SOURCES/0530-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +++ b/SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch @@ -23,7 +23,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 62d63d5e38c67a6e349148bf7cb87c560e935a7e) (cherry picked from commit 92219e6d379b5b4d30b05361830b72ab1d95d281) (cherry picked from commit c23d97e3b56594bf0f802d94062e14b221143115) -(cherry picked from commit e9536dd7fbdc632efbe3506386dbfb3bfc0465c8) --- grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/SOURCES/0531-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch similarity index 95% rename from SOURCES/0531-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch rename to SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch index 3444e4f..5ab2414 100644 --- a/SOURCES/0531-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +++ b/SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch @@ -19,7 +19,6 @@ Reviewed-by: Daniel Kiper (cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a) (cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7) (cherry picked from commit a48ba4d48b3c66431e6bbeb386078efc6602110c) -(cherry picked from commit f0440b61cebbab807638b90eb2ae86265d6cf49f) --- grub-core/fs/f2fs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SOURCES/0532-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch similarity index 97% rename from SOURCES/0532-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch rename to SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch index 289f139..21e95cf 100644 --- a/SOURCES/0532-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +++ b/SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch @@ -24,7 +24,6 @@ Reviewed-by: Daniel Kiper Signed-off-by: Robbie Harwood (cherry picked from commit e3e21b9a81aea09dd43368cf097c1029a8380d82) (cherry picked from commit ab14a39777edb60c99751d4fdf1cc254a4faebf5) -(cherry picked from commit 90a9fbd5969325993e069ee5a04a802b59657920) --- grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/SOURCES/0533-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch b/SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch similarity index 98% rename from SOURCES/0533-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch rename to SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch index 0bc744f..184165b 100644 --- a/SOURCES/0533-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch +++ b/SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch @@ -12,7 +12,6 @@ Signed-off-by: Marco A Benatto Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper (cherry picked from commit 04ae030d0eea8668d4417702d88bf2cf04713d80) -(cherry picked from commit ed33b47f00bc0d728197357b8ae632028f91599b) --- grub-core/commands/efi/efifwsetup.c | 8 ++++---- grub-core/kern/efi/efi.c | 16 +++++++++------- diff --git a/SOURCES/0534-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch b/SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch similarity index 97% rename from SOURCES/0534-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch rename to SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch index 8bc2666..526a123 100644 --- a/SOURCES/0534-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch +++ b/SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch @@ -12,7 +12,6 @@ Signed-off-by: Marco A Benatto Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper (cherry picked from commit ac5c9367548750e75ed1e7fc4354a3d20186d733) -(cherry picked from commit 51b11f8b3ab96c38efb1636d9c53b5a86503f1f2) --- grub-core/kern/efi/efi.c | 16 +++++++++++++--- include/grub/efi/efi.h | 5 +++++ diff --git a/SOURCES/0535-Define-GRUB_EFI_SHIM_LOCK_GUID.patch b/SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch similarity index 93% rename from SOURCES/0535-Define-GRUB_EFI_SHIM_LOCK_GUID.patch rename to SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch index 6b00c5c..354ec29 100644 --- a/SOURCES/0535-Define-GRUB_EFI_SHIM_LOCK_GUID.patch +++ b/SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch @@ -9,7 +9,6 @@ lock protocol definition and some other guids we don't care about right now. Signed-off-by: Robbie Harwood -(cherry picked from commit e44d6f8e801fae4716dd2528d7194f759c52aa12) --- include/grub/efi/api.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SOURCES/0536-misc-Make-grub_min-and-grub_max-more-resilient.patch b/SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch similarity index 97% rename from SOURCES/0536-misc-Make-grub_min-and-grub_max-more-resilient.patch rename to SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch index 3cca336..bf1741b 100644 --- a/SOURCES/0536-misc-Make-grub_min-and-grub_max-more-resilient.patch +++ b/SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch @@ -20,7 +20,6 @@ create uniquely named internal variables. Signed-off-by: Peter Jones (cherry picked from commit 2d6800450fa731d7b3ef9893986806e88e819eb6) (cherry picked from commit adaf6a5ae66fb8a23274e3030e9df2714d0fc396) -(cherry picked from commit 5282d19d1942d9c3470337a84aa4a92562ba1575) --- grub-core/loader/multiboot_elfxx.c | 4 +--- include/grub/misc.h | 25 +++++++++++++++++++++++-- diff --git a/SOURCES/0537-ReiserFS-switch-to-using-grub_min-grub_max.patch b/SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch similarity index 98% rename from SOURCES/0537-ReiserFS-switch-to-using-grub_min-grub_max.patch rename to SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch index c3baecf..e8688dc 100644 --- a/SOURCES/0537-ReiserFS-switch-to-using-grub_min-grub_max.patch +++ b/SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch @@ -10,7 +10,6 @@ instead. Signed-off-by: Peter Jones (cherry picked from commit 5fc601574fce99b32fe4dfb55bd8f3ab0175fd6a) (cherry picked from commit 31e581893c564582c729fd0c033d3ce021854be8) -(cherry picked from commit 2c46aae48eabcf91d7ed34a7bed2b59aa80c2c03) --- grub-core/fs/reiserfs.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/SOURCES/0538-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch b/SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch similarity index 96% rename from SOURCES/0538-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch rename to SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch index 9455dd1..37cb0a8 100644 --- a/SOURCES/0538-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch +++ b/SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch @@ -14,7 +14,6 @@ in DEBUG, regardless of BOOT_TIME_STATS. Signed-off-by: Peter Jones (cherry picked from commit 4fd282de00df05ce289467861deb7a0e186cfbd7) (cherry picked from commit cc7e60a9f3ad1fa74b9cd48a7e66b1976f9a554a) -(cherry picked from commit 9e78e5749d5c99a01c96c9c0d9ec3e98633a4cbd) --- grub-core/kern/misc.c | 3 ++- include/grub/misc.h | 2 +- diff --git a/SOURCES/0539-modules-make-.module_license-read-only.patch b/SOURCES/0544-modules-make-.module_license-read-only.patch similarity index 95% rename from SOURCES/0539-modules-make-.module_license-read-only.patch rename to SOURCES/0544-modules-make-.module_license-read-only.patch index 94dc892..e5af3e9 100644 --- a/SOURCES/0539-modules-make-.module_license-read-only.patch +++ b/SOURCES/0544-modules-make-.module_license-read-only.patch @@ -13,7 +13,6 @@ set. Signed-off-by: Peter Jones (cherry picked from commit 2eff3e2c9d9e6b75daa81b840c96f112ef7d5de6) (cherry picked from commit 3c3c1858d1c056eee660d67888be80e7eae498ca) -(cherry picked from commit ebcce09e35ef6916a2d1ddbf0906e9f3f5c539ad) --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOURCES/0540-modules-strip-.llvm_addrsig-sections-and-similar.patch b/SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch similarity index 95% rename from SOURCES/0540-modules-strip-.llvm_addrsig-sections-and-similar.patch rename to SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch index 51aba29..c8a17de 100644 --- a/SOURCES/0540-modules-strip-.llvm_addrsig-sections-and-similar.patch +++ b/SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch @@ -18,7 +18,6 @@ failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones (cherry picked from commit e85d1c4d795f8135ad0acfa36d64760d12d6fed1) (cherry picked from commit d3024204b2e2c69ecb91392eeb87c1e6835c3743) -(cherry picked from commit f729241a34394b1019d83d75ffe6bfe0986ab274) --- grub-core/genmod.sh.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SOURCES/0541-modules-Don-t-allocate-space-for-non-allocable-secti.patch b/SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch similarity index 95% rename from SOURCES/0541-modules-Don-t-allocate-space-for-non-allocable-secti.patch rename to SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch index 12c1a59..2f3bc0c 100644 --- a/SOURCES/0541-modules-Don-t-allocate-space-for-non-allocable-secti.patch +++ b/SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch @@ -17,7 +17,6 @@ loop does. Signed-off-by: Peter Jones (cherry picked from commit 03215e342f552396ab08125ea769b1e166417ec1) (cherry picked from commit 91518751b9bcba078e3f4385f4b2f6c39cab49cd) -(cherry picked from commit ee945970425488bd5b72d837706764a6a0fde46c) --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SOURCES/0542-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch b/SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch similarity index 97% rename from SOURCES/0542-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch rename to SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch index 8cc3da5..f9c2234 100644 --- a/SOURCES/0542-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch +++ b/SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch @@ -17,7 +17,6 @@ define, and adds defines for the actual PE magic. Signed-off-by: Peter Jones (cherry picked from commit 955f47aa8300387eecf18b0866d21dde7720593d) (cherry picked from commit 662744c2e986cb770fe49e71e019aaf33a66272d) -(cherry picked from commit 4b541b7e76b77d131ff534e537a622551e774a2b) --- grub-core/loader/arm64/linux.c | 2 +- include/grub/efi/pe32.h | 28 ++++++++++++++++++++++++++-- diff --git a/SOURCES/0543-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch b/SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch similarity index 98% rename from SOURCES/0543-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch rename to SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch index 7d7a44a..8644e51 100644 --- a/SOURCES/0543-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch +++ b/SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch @@ -16,7 +16,6 @@ Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood (cherry picked from commit 8b31058a12d3e85f0f0180ac90b98d6465fccbb7) (cherry picked from commit 460df66aab9b3a57fc0d14a21a595cd467c4b13e) -(cherry picked from commit 2380ad45c78ed12710f1186eda9f2ba38c20f6ba) --- grub-core/loader/i386/efi/linux.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/SOURCES/0544-modules-load-module-sections-at-page-aligned-address.patch b/SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch similarity index 99% rename from SOURCES/0544-modules-load-module-sections-at-page-aligned-address.patch rename to SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch index 5cc42b1..44ecd2b 100644 --- a/SOURCES/0544-modules-load-module-sections-at-page-aligned-address.patch +++ b/SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch @@ -58,7 +58,6 @@ Signed-off-by: Peter Jones (cherry picked from commit 04f1df6b665493e38de66018aebe377fdac4ceec) [rharwood: not risc-v yet] Signed-off-by: Robbie Harwood -(cherry picked from commit 62c48da3ef51fc4f98746fbc35791ec2beab0426) --- grub-core/kern/arm/dl.c | 13 +++++++++++++ grub-core/kern/arm64/dl.c | 13 +++++++++++++ diff --git a/SOURCES/0545-nx-add-memory-attribute-get-set-API.patch b/SOURCES/0550-nx-add-memory-attribute-get-set-API.patch similarity index 99% rename from SOURCES/0545-nx-add-memory-attribute-get-set-API.patch rename to SOURCES/0550-nx-add-memory-attribute-get-set-API.patch index eec3160..41ae1d0 100644 --- a/SOURCES/0545-nx-add-memory-attribute-get-set-API.patch +++ b/SOURCES/0550-nx-add-memory-attribute-get-set-API.patch @@ -23,7 +23,6 @@ Signed-off-by: Peter Jones (cherry picked from commit 46cb4f9557bdba1db0a17d012df705d94d81a9f6) [rharwood: context fuzz, guids] Signed-off-by: Robbie Harwood -(cherry picked from commit 7d8eea48e82c4ef572cc0f9d3252487c1d7e5729) --- grub-core/kern/efi/efi.c | 36 +++++++++++++ grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/SOURCES/0546-nx-set-page-permissions-for-loaded-modules.patch b/SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch similarity index 99% rename from SOURCES/0546-nx-set-page-permissions-for-loaded-modules.patch rename to SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch index 0d40b91..1032ea6 100644 --- a/SOURCES/0546-nx-set-page-permissions-for-loaded-modules.patch +++ b/SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch @@ -17,7 +17,6 @@ Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood (cherry-picked from commit ca74904ede0406b594cbedc52ce8e38a6633d2ae) (cherry picked from commit 2e2e72026f41cf7cffeb46a6a47f3c67d0b3be45) -(cherry picked from commit 736e5ccd9175d31ebea848f3b627f3e99988bb0a) --- grub-core/kern/dl.c | 120 +++++++++++++++++++++++++++++++++++++++------------- include/grub/dl.h | 44 +++++++++++++++++++ diff --git a/SOURCES/0547-nx-set-attrs-in-our-kernel-loaders.patch b/SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch similarity index 99% rename from SOURCES/0547-nx-set-attrs-in-our-kernel-loaders.patch rename to SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch index 3fddaae..e4c4c3e 100644 --- a/SOURCES/0547-nx-set-attrs-in-our-kernel-loaders.patch +++ b/SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch @@ -15,7 +15,6 @@ Signed-off-by: Peter Jones (cherry picked from commit daba852bd3e4d7b7784b19cf7acf107dc3c0dce4) [rharwood: stack_attrs initialization, no risc-v, arm renames, arm age] Signed-off-by: Robbie Harwood -(cherry picked from commit 3a402a2e54b3468b20eae182d98913600a6b68dd) --- grub-core/kern/efi/mm.c | 78 ++++++++++++++++++ grub-core/loader/arm64/linux.c | 16 +++- diff --git a/SOURCES/0548-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch b/SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch similarity index 93% rename from SOURCES/0548-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch rename to SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch index 801efca..662de5d 100644 --- a/SOURCES/0548-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +++ b/SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch @@ -18,7 +18,8 @@ GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag. Signed-off-by: Peter Jones (cherry picked from commit 0c7f1aed5a87f75051b421903a900ccb4bbd795a) (cherry picked from commit 2f9446d488da96de963f4ffe03b0a1c60a4664f5) -(cherry picked from commit f56671343622b0e0216340cd07e77dfc4e88a97a) +[rharwood: fix uninitialized use of stack_attrs] +Signed-off-by: Robbie Harwood --- util/mkimage.c | 1 + 1 file changed, 1 insertion(+) diff --git a/SOURCES/0549-Fixup-grub_efi_get_variable-type-in-our-loaders.patch b/SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch similarity index 96% rename from SOURCES/0549-Fixup-grub_efi_get_variable-type-in-our-loaders.patch rename to SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch index 8ec08c8..7d0ca72 100644 --- a/SOURCES/0549-Fixup-grub_efi_get_variable-type-in-our-loaders.patch +++ b/SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch @@ -7,7 +7,6 @@ Has a new type now that we have 04ae030d0eea8668d4417702d88bf2cf04713d80 ("efi: Return grub_efi_status_t from grub_efi_get_variable()"). Signed-off-by: Robbie Harwood -(cherry picked from commit d27cee05d31a9612f0b877d2de727b22cc3ec51a) --- grub-core/kern/efi/init.c | 4 ++-- grub-core/kern/efi/sb.c | 4 ++-- diff --git a/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch b/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch new file mode 100644 index 0000000..b614ef3 --- /dev/null +++ b/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 29 Jul 2022 15:56:00 -0400 +Subject: [PATCH] Make debug=file show which file filters get run. + +If one of the file filters breaks things, it's hard to figure out where +it has happened. + +This makes grub log which filter is being run, which makes it easier to +figure out where you are in the sequence of events. + +Signed-off-by: Peter Jones +(cherry picked from commit d3d6518a13b5440a3be6c66b0ae47447182f2891) +(cherry picked from commit d197e70761b1383827e9008e21ee41c6c7015776) +--- + grub-core/kern/file.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index f062fc21e7..5e1f29d0dd 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -30,6 +30,14 @@ void (*EXPORT_VAR (grub_grubnet_fini)) (void); + + grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX]; + ++static char *filter_names[] = { ++ [GRUB_FILE_FILTER_VERIFY] = "GRUB_FILE_FILTER_VERIFY", ++ [GRUB_FILE_FILTER_GZIO] = "GRUB_FILE_FILTER_GZIO", ++ [GRUB_FILE_FILTER_XZIO] = "GRUB_FILE_FILTER_XZIO", ++ [GRUB_FILE_FILTER_LZOPIO] = "GRUB_FILE_FILTER_LZOPIO", ++ [GRUB_FILE_FILTER_MAX] = "GRUB_FILE_FILTER_MAX" ++}; ++ + /* Get the device part of the filename NAME. It is enclosed by parentheses. */ + char * + grub_file_get_device_name (const char *name) +@@ -121,6 +129,9 @@ grub_file_open (const char *name, enum grub_file_type type) + if (grub_file_filters[filter]) + { + last_file = file; ++ if (filter < GRUB_FILE_FILTER_MAX) ++ grub_dprintf ("file", "Running %s file filter\n", ++ filter_names[filter]); + file = grub_file_filters[filter] (file, type); + if (file && file != last_file) + { diff --git a/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch b/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch new file mode 100644 index 0000000..6f1bfc7 --- /dev/null +++ b/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:06:30 -0400 +Subject: [PATCH] efi: use enumerated array positions for our allocation + choices + +In our kernel allocator on EFI systems, we currently have a growing +amount of code that references the various allocation policies by +position in the array, and of course maintenance of this code scales +very poorly. + +This patch changes them to be enumerated, so they're easier to refer to +farther along in the code without confusion. + +Signed-off-by: Peter Jones +(cherry picked from commit 6768026270cca015d7fef0ecc8a4119e9b3d3923) +(cherry picked from commit 50b2ca3274b6950393a4ffc7edde04a1a3de594e) +--- + grub-core/loader/i386/efi/linux.c | 31 ++++++++++++++++++++----------- + 1 file changed, 20 insertions(+), 11 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index d80d6ec312..23b27f6507 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -60,17 +60,26 @@ struct allocation_choice { + grub_efi_allocate_type_t alloc_type; + }; + +-static struct allocation_choice max_addresses[4] = ++enum { ++ KERNEL_PREF_ADDRESS, ++ KERNEL_4G_LIMIT, ++ KERNEL_NO_LIMIT, ++}; ++ ++static struct allocation_choice max_addresses[] = + { + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ [KERNEL_PREF_ADDRESS] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* If the flag in params is set, this one gets changed to be above 4GB. */ ++ [KERNEL_4G_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- /* If the flag in params is set, this one gets changed to be above 4GB. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- { 0, 0 } ++ [KERNEL_NO_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; + +@@ -423,7 +432,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) + { + grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); +- max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; + } + else + { +@@ -495,11 +504,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); + if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) + { +- max_addresses[0].addr = lh->pref_address; +- max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; ++ max_addresses[KERNEL_PREF_ADDRESS].addr = lh->pref_address; ++ max_addresses[KERNEL_PREF_ADDRESS].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; + } +- max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; +- max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; + kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); diff --git a/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch b/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch new file mode 100644 index 0000000..08d2765 --- /dev/null +++ b/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch @@ -0,0 +1,129 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:24:39 -0400 +Subject: [PATCH] efi: split allocation policy for kernel vs initrd memories. + +Currently in our kernel allocator, we use the same set of choices for +all of our various kernel and initramfs allocations, though they do not +have exactly the same constraints. + +This patch adds the concept of an allocation purpose, which currently +can be KERNEL_MEM or INITRD_MEM, and updates kernel_alloc() calls +appropriately, but does not change any current policy decision. It +also adds a few debug prints. + +Signed-off-by: Peter Jones +(cherry picked from commit 36307bed28cd838116fc4af26a30719660d62d4c) +(cherry picked from commit dc1196350b0cbe89582832f44df0fce67e0c9fb2) +--- + grub-core/loader/i386/efi/linux.c | 35 +++++++++++++++++++++++++++-------- + 1 file changed, 27 insertions(+), 8 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 23b27f6507..09e7596064 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -55,7 +55,14 @@ struct grub_linuxefi_context { + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + ++typedef enum { ++ NO_MEM, ++ KERNEL_MEM, ++ INITRD_MEM, ++} kernel_alloc_purpose_t; ++ + struct allocation_choice { ++ kernel_alloc_purpose_t purpose; + grub_efi_physical_address_t addr; + grub_efi_allocate_type_t alloc_type; + }; +@@ -64,6 +71,7 @@ enum { + KERNEL_PREF_ADDRESS, + KERNEL_4G_LIMIT, + KERNEL_NO_LIMIT, ++ INITRD_MAX_ADDRESS, + }; + + static struct allocation_choice max_addresses[] = +@@ -71,14 +79,17 @@ static struct allocation_choice max_addresses[] = + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ + [KERNEL_PREF_ADDRESS] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* If the flag in params is set, this one gets changed to be above 4GB. */ + [KERNEL_4G_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ + [KERNEL_NO_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* this is for the initrd */ ++ [INITRD_MAX_ADDRESS] = ++ { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; +@@ -95,7 +106,8 @@ kernel_free(void *addr, grub_efi_uintn_t size) + } + + static void * +-kernel_alloc(grub_efi_uintn_t size, ++kernel_alloc(kernel_alloc_purpose_t purpose, ++ grub_efi_uintn_t size, + grub_efi_memory_type_t memtype, + const char * const errmsg) + { +@@ -108,6 +120,9 @@ kernel_alloc(grub_efi_uintn_t size, + grub_uint64_t max = max_addresses[i].addr; + grub_efi_uintn_t pages; + ++ if (purpose != max_addresses[i].purpose) ++ continue; ++ + /* + * When we're *not* loading the kernel, or >4GB allocations aren't + * supported, these entries are basically all the same, so don't re-try +@@ -262,7 +277,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ grub_dprintf ("linux", "Trying to allocate initrd mem\n"); ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -440,7 +456,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, ++ params = kernel_alloc (KERNEL_MEM, sizeof(*params), ++ GRUB_EFI_RUNTIME_SERVICES_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -462,7 +479,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- cmdline = kernel_alloc (lh->cmdline_size + 1, ++ cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, + GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate cmdline")); + if (!cmdline) +@@ -510,7 +527,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; +- kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, ++ grub_dprintf ("linux", "Trying to allocate kernel mem\n"); ++ kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, ++ GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch b/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch new file mode 100644 index 0000000..28f603e --- /dev/null +++ b/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 13:04:43 -0400 +Subject: [PATCH] efi: use EFI_LOADER_(CODE|DATA) for kernel and initrd + allocations + +At some point due to an erroneous kernel warning, we switched kernel and +initramfs to being loaded in EFI_RUNTIME_SERVICES_CODE and +EFI_RUNTIME_SERVICES_DATA memory pools. This doesn't appear to be +correct according to the spec, and that kernel warning has gone away. + +This patch puts them back in EFI_LOADER_CODE and EFI_LOADER_DATA +allocations, respectively. + +Resolves: rhbz#2108456 + +Signed-off-by: Peter Jones +(cherry picked from commit 35b5d5fa47bc394c76022e6595b173e68f53225e) +(cherry picked from commit 66e1c922b40957fca488435e06a2f875a219844b) +--- + grub-core/loader/i386/efi/linux.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 09e7596064..4d39023792 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -278,7 +278,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + + grub_dprintf ("linux", "Trying to allocate initrd mem\n"); +- initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_LOADER_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -457,7 +457,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + #endif + + params = kernel_alloc (KERNEL_MEM, sizeof(*params), +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -480,7 +480,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "setting up cmdline\n"); + cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + N_("can't allocate cmdline")); + if (!cmdline) + goto fail; +@@ -529,7 +529,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + kernel_size = lh->init_size; + grub_dprintf ("linux", "Trying to allocate kernel mem\n"); + kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, +- GRUB_EFI_RUNTIME_SERVICES_CODE, ++ GRUB_EFI_LOADER_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch b/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch new file mode 100644 index 0000000..ff614f8 --- /dev/null +++ b/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 25 Aug 2022 11:37:56 -0400 +Subject: [PATCH] ieee1275: implement vec5 for cas negotiation + +As a legacy support, if the vector 5 is not implemented, Power +Hypervisor will consider the max CPUs as 64 instead 256 currently +supported during client-architecture-support negotiation. + +This patch implements the vector 5 and set the MAX CPUs to 256 while +setting the others values to 0 (default). + +Signed-off-by: Diego Domingos +Signed-off-by: Robbie Harwood +(cherry picked from commit f735c65b6da8a9d4251242b37774e1a517511253) +(cherry picked from commit 1639f43b2db4ac405ac2a92e50ed4cff351c3baa) +--- + grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 1414695cc6..37f3098c39 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -307,6 +307,18 @@ struct option_vector2 { + grub_uint8_t max_pft_size; + } __attribute__((packed)); + ++struct option_vector5 { ++ grub_uint8_t byte1; ++ grub_uint8_t byte2; ++ grub_uint8_t byte3; ++ grub_uint8_t cmo; ++ grub_uint8_t associativity; ++ grub_uint8_t bin_opts; ++ grub_uint8_t micro_checkpoint; ++ grub_uint8_t reserved0; ++ grub_uint32_t max_cpus; ++} __attribute__((packed)); ++ + struct pvr_entry { + grub_uint32_t mask; + grub_uint32_t entry; +@@ -325,6 +337,8 @@ struct cas_vector { + grub_uint16_t vec3; + grub_uint8_t vec4_size; + grub_uint16_t vec4; ++ grub_uint8_t vec5_size; ++ struct option_vector5 vec5; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -345,7 +359,7 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 4 - 1, ++ .num_vecs = 5 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, +@@ -356,6 +370,10 @@ grub_ieee1275_ibm_cas (void) + .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied + .vec4_size = 2 - 1, + .vec4 = 0x0001, // set required minimum capacity % to the lowest value ++ .vec5_size = 1 + sizeof(struct option_vector5) - 2, ++ .vec5 = { ++ 0, 0, 0, 0, 0, 0, 0, 0, 256 ++ } + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 783cb57..c9ed442 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -379,11 +379,11 @@ for x in grub-mkimage ; do \\\ done \ %{nil} -%global grub_modules " all_video boot blscfg \\\ +%global grub_modules " all_video boot blscfg \\\ cat configfile cryptodisk echo ext2 \\\ fat font gcry_rijndael gcry_rsa gcry_serpent \\\ gcry_sha256 gcry_twofish gcry_whirlpool \\\ - gfxmenu gfxterm gzio halt http \\\ + gfxmenu gfxterm gzio halt http \\\ increment iso9660 jpeg loadenv loopback linux \\\ lvm luks mdraid09 mdraid1x minicmd net \\\ normal part_apple part_msdos part_gpt \\\ @@ -596,7 +596,7 @@ touch ${RPM_BUILD_ROOT}/boot/%{name}/grub.cfg \ %{expand:%%files %{1}} \ %defattr(-,root,root,-) \ %config(noreplace) %{_sysconfdir}/%{name}.cfg \ -%ghost %config(noreplace) /boot/%{name}/grub.cfg \ +%ghost %config(noreplace) %attr(0700,root,root)/boot/%{name}/grub.cfg \ %dir %attr(0700,root,root)/boot/loader/entries \ %ifarch ppc64le \ %dir %{_libdir}/grub/%{2}/ \ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 54b52a2..9cd36c8 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -498,52 +498,62 @@ Patch0497: 0497-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch Patch0498: 0498-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch Patch0499: 0499-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch Patch0500: 0500-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch -Patch0501: 0501-loader-efi-chainloader-grub_load_and_start_image-doe.patch -Patch0502: 0502-loader-efi-chainloader-simplify-the-loader-state.patch -Patch0503: 0503-commands-boot-Add-API-to-pass-context-to-loader.patch -Patch0504: 0504-loader-efi-chainloader-Use-grub_loader_set_ex.patch -Patch0505: 0505-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch -Patch0506: 0506-loader-i386-efi-linux-Use-grub_loader_set_ex.patch -Patch0507: 0507-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch -Patch0508: 0508-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch -Patch0509: 0509-video-readers-png-Abort-sooner-if-a-read-operation-f.patch -Patch0510: 0510-video-readers-png-Refuse-to-handle-multiple-image-he.patch -Patch0511: 0511-video-readers-png-Drop-greyscale-support-to-fix-heap.patch -Patch0512: 0512-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch -Patch0513: 0513-video-readers-png-Sanity-check-some-huffman-codes.patch -Patch0514: 0514-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch -Patch0515: 0515-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch -Patch0516: 0516-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch -Patch0517: 0517-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch -Patch0518: 0518-normal-charset-Fix-array-out-of-bounds-formatting-un.patch -Patch0519: 0519-net-netbuff-Block-overly-large-netbuff-allocs.patch -Patch0520: 0520-net-ip-Do-IP-fragment-maths-safely.patch -Patch0521: 0521-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch -Patch0522: 0522-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch -Patch0523: 0523-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch -Patch0524: 0524-misc-Format-string-for-grub_error-should-be-a-litera.patch -Patch0525: 0525-net-tftp-Avoid-a-trivial-UAF.patch -Patch0526: 0526-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch -Patch0527: 0527-net-http-Fix-OOB-write-for-split-http-headers.patch -Patch0528: 0528-net-http-Error-out-on-headers-with-LF-without-CR.patch -Patch0529: 0529-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch -Patch0530: 0530-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch -Patch0531: 0531-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch -Patch0532: 0532-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch -Patch0533: 0533-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch -Patch0534: 0534-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch -Patch0535: 0535-Define-GRUB_EFI_SHIM_LOCK_GUID.patch -Patch0536: 0536-misc-Make-grub_min-and-grub_max-more-resilient.patch -Patch0537: 0537-ReiserFS-switch-to-using-grub_min-grub_max.patch -Patch0538: 0538-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch -Patch0539: 0539-modules-make-.module_license-read-only.patch -Patch0540: 0540-modules-strip-.llvm_addrsig-sections-and-similar.patch -Patch0541: 0541-modules-Don-t-allocate-space-for-non-allocable-secti.patch -Patch0542: 0542-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch -Patch0543: 0543-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch -Patch0544: 0544-modules-load-module-sections-at-page-aligned-address.patch -Patch0545: 0545-nx-add-memory-attribute-get-set-API.patch -Patch0546: 0546-nx-set-page-permissions-for-loaded-modules.patch -Patch0547: 0547-nx-set-attrs-in-our-kernel-loaders.patch -Patch0548: 0548-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch -Patch0549: 0549-Fixup-grub_efi_get_variable-type-in-our-loaders.patch +Patch0501: 0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch +Patch0502: 0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch +Patch0503: 0503-powerpc-do-CAS-in-a-more-compatible-way.patch +Patch0504: 0504-powerpc-prefix-detection-support-device-names-with-c.patch +Patch0505: 0505-make-ofdisk_retries-optional.patch +Patch0506: 0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch +Patch0507: 0507-loader-efi-chainloader-simplify-the-loader-state.patch +Patch0508: 0508-commands-boot-Add-API-to-pass-context-to-loader.patch +Patch0509: 0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch +Patch0510: 0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch +Patch0511: 0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +Patch0512: 0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +Patch0513: 0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +Patch0514: 0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +Patch0515: 0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch +Patch0516: 0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +Patch0517: 0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +Patch0518: 0518-video-readers-png-Sanity-check-some-huffman-codes.patch +Patch0519: 0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +Patch0520: 0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +Patch0521: 0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +Patch0522: 0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +Patch0523: 0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +Patch0524: 0524-net-netbuff-Block-overly-large-netbuff-allocs.patch +Patch0525: 0525-net-ip-Do-IP-fragment-maths-safely.patch +Patch0526: 0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +Patch0527: 0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +Patch0528: 0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +Patch0529: 0529-misc-Format-string-for-grub_error-should-be-a-litera.patch +Patch0530: 0530-net-tftp-Avoid-a-trivial-UAF.patch +Patch0531: 0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +Patch0532: 0532-net-http-Fix-OOB-write-for-split-http-headers.patch +Patch0533: 0533-net-http-Error-out-on-headers-with-LF-without-CR.patch +Patch0534: 0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +Patch0535: 0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +Patch0536: 0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +Patch0537: 0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +Patch0538: 0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch +Patch0539: 0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch +Patch0540: 0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch +Patch0541: 0541-misc-Make-grub_min-and-grub_max-more-resilient.patch +Patch0542: 0542-ReiserFS-switch-to-using-grub_min-grub_max.patch +Patch0543: 0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch +Patch0544: 0544-modules-make-.module_license-read-only.patch +Patch0545: 0545-modules-strip-.llvm_addrsig-sections-and-similar.patch +Patch0546: 0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch +Patch0547: 0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch +Patch0548: 0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch +Patch0549: 0549-modules-load-module-sections-at-page-aligned-address.patch +Patch0550: 0550-nx-add-memory-attribute-get-set-API.patch +Patch0551: 0551-nx-set-page-permissions-for-loaded-modules.patch +Patch0552: 0552-nx-set-attrs-in-our-kernel-loaders.patch +Patch0553: 0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +Patch0554: 0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch +Patch0555: 0555-Make-debug-file-show-which-file-filters-get-run.patch +Patch0556: 0556-efi-use-enumerated-array-positions-for-our-allocatio.patch +Patch0557: 0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch +Patch0558: 0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch +Patch0559: 0559-ieee1275-implement-vec5-for-cas-negotiation.patch diff --git a/SOURCES/redhatsecureboot303.cer b/SOURCES/redhatsecureboot303.cer deleted file mode 100644 index 2c0087dbc5da376aef641bb23833401857c34940..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 899 zcmXqLVy-u6VoG1Y%*4pV#L4h}zvyHQr&GoTylk9WZ60mkc^MhGSs4s`4b=@)*_cCF zn1$tnQd1N>5=#_OQj1C) zic(WD5=-=w^K%X4#CZ)Z4a^Ko3@l8IOe~_rd5tX$3=NE+T!SD(9Rn?}bv(*gtt-w< z&&$k92is{(oSjXKO31!qWMyD(V&rEqXkz4IYGPz$II>2G|M$FqPFt5GY@Z}j_wdcG z>qlNkR*SLi2#vh>#O(I_Wno7c`4SC2=y=Zd`<9;a@{@2)?V*sz8{HTFd-E&#gtt#; zUgHuWz1pJ-y#K9{o_n?Q@4oA|9nu>-nGU?#lm1zM!m(4+W^!G6o63L4^zhgAs4rhs zUmj^WrxfJ3J}dJeuq`Lta*xk?}tZlL3PPH;Bj2!otkN-e4dL;_$JEv50IdKm9LW&^Yn$5_R6=HKv!R z$vZ?D$b+PnStJa^8bln#TEtw=Sv9h7u(GGU__1hC>W>)Y2mmH4U<5ES#PkO5sC<9x z!JKt`$32eKDcv>kntnv_@NIu_U*Q=Xk1EvP<=w1`yP>!G=8u`mTv|szZevQCch1^& z!q2ncK3iyARETApaF1br*%L8#fw_eaRczCW1C=8SIyp9OHWxSD>F|+J;%msh6TGS4 z7i9eW_V~}UtyNmb|NVAU_`StO+3?O0&CipWay2jh-RRBjrY}Bi{e-UnA#J9g_4+s? zD*o^EabCXQ^?4Wm+_igF-`xN2a7LS$!jkBBmcGB8+wcBUs^a;5FNJd^r+L3*+)39L zjQ8{>JTSZxpz7w(F!4!Co|pZnnG+e$u$S(t-F5BW&3P{?riLzZE|e}c7rGqT{#S2( H=YvQ9de&%$ diff --git a/SOURCES/redhatsecureboot701.cer b/SOURCES/redhatsecureboot701.cer new file mode 100644 index 0000000000000000000000000000000000000000..25e3743e47c3c1f06da0124a1d99e99e4920f6e7 GIT binary patch literal 916 zcmXqLVxC~o#8k0>nTe5!iId@pypfsK^#n41{+84Q{jxtN+585ynxiti9Hzr++{YFiX}{@nDZ%!WV8j3UD8 zZ+!lKjZO1y#-iirm+g-*`lJ<_aM|wiv%8TJnzQ!ssVaZm*kb4QPDg$M*B3_rD>p7% z?kp3_`l%Ar=Hn_UygBpZEbi)Ej8jc|c~`Do@=M>(-s$x6M`x*I82hq3^kj zzuK$&zt%X$xEUWcHLYq&I>7dM`!bUmYMbq*C9;>wz4$bJrJ2L!EH9x2*$dfwGPGu! z{Wi>7Cb@4_kMxc`jGwn$@9lan`0s9L(CJAVx;#y9x!n46o{5=}fpKw#L74#$Fw|v* z85#exFc~ly@PT;zARY@d6MKV!7>KV5;`11Av2kd#F|x9z^TJke=Yf+TuQImK*!64p6$GYbw=2q@m%cdpg{kMBT+r(Ch*_zS5 zA5Nx}NPA6rc(7rbaoFblPiE%v-1)WHp{F9M%kPns%89$*zq+znD|%ZCrmwr|cKX<| Tt1h>T)0Nk#SZ8pFAMXMHU|?Vk literal 0 HcmV?d00001 diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index d83fba2..a5c909f 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 123%{?dist}.8 +Release: 142%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -28,8 +28,8 @@ Source13: redhatsecurebootca3.cer Source14: redhatsecureboot301.cer Source15: redhatsecurebootca5.cer Source16: redhatsecureboot502.cer -Source17: redhatsecureboot303.cer -Source18: redhatsecureboot601.cer +Source17: redhatsecureboot601.cer +Source18: redhatsecureboot701.cer Source19: sbat.csv.in %include %{SOURCE1} @@ -46,7 +46,7 @@ Source19: sbat.csv.in %ifarch ppc64le %define old_sb_cer %{SOURCE17} %define sb_cer %{SOURCE18} -%define sb_key redhatsecureboot602 +%define sb_key redhatsecureboot702 %endif # generate with do-rebase @@ -510,23 +510,58 @@ fi %endif %changelog -* Fri Jun 03 2022 Robbie Harwood - 2.06-123.el8_6.8 +* Thu Sep 08 2022 Robbie Harwood - 2.06-142 +- Drop the arena size changes +- Resolves: #2118896 + +* Thu Aug 25 2022 Robbie Harwood - 2.06-141 +- Implement vec5 for cas negotiation +- Resolves: #2117914 + +* Wed Aug 24 2022 Robbie Harwood - 2.06-140 +- Or two, because I forgot the debug patch +- Resolves: #2118896 + +* Thu Aug 18 2022 Robbie Harwood - 2.06-139 +- Kernel allocator fixups (in one pass) +- Resolves: #2118896 + +* Wed Jul 20 2022 Robbie Harwood - 2.06-138 +- Rotate signing keys on ppc64le +- Resolves: #2074762 + +* Fri Jun 03 2022 Robbie Harwood - 2.06-137 - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 -- Resolves: #2031899 +- Resolves: #2070687 + +* Mon May 16 2022 Robbie Harwood - 2.06-129 +- ppc64le: Slow boot after LPM +- Resolves: #2070347 + +* Wed May 04 2022 Robbie Harwood - 2.06-127 +- ppc64le: CAS improvements, prefix detection, and vTPM support +- Resolves: #2076795 +- Resolves: #2026568 +- Resolves: #2051331 + +* Wed May 04 2022 Robbie Harwood - 2.06-126 +- Fix rpm verification error on grub.cfg permissions +- Resolves: #2071643 + +* Wed Apr 20 2022 Robbie Harwood - 2.06-125 +- RHEL 8.6.0 import; no code changes +- Resolves: #2062892 * Mon Mar 28 2022 Robbie Harwood - 2.06-123 - Bump for signing -- Resolves: #2061252 * Wed Mar 09 2022 Robbie Harwood - 2.06-122 - Fix initialization on efidisk patch -- Resolves: #2061252 * Tue Mar 08 2022 Robbie Harwood - 2.06-121 - Backport support for loading initrd above 4GB -- Resolves: #2048433 * Mon Feb 28 2022 Robbie Harwood - 2.06-120 - Bump signing