diff -Nru grub2-2.04/debian/changelog grub2-2.04/debian/changelog --- grub2-2.04/debian/changelog 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/changelog 2020-09-08 10:24:35.000000000 +0000 @@ -1,3 +1,140 @@ +grub2 (2.04-1ubuntu26.4) focal; urgency=medium + + * grub-install: cherry-pick patch from grub-devel to make grub-install + fault tolerant. Create backup of files in /boot/grub, and restore them + on failure to complete grub-install. LP: #1891680 + * postinst.in: do not exit successfully when failing to show critical + grub-pc/install_devices_failed and grub-pc/install_devices_empty + prompts in non-interactive mode. This enables surfacing upgrade errors + to the users and/or automation. LP: #1891680 + * postinst.in: do not attempt to call grub-install upon fresh install of + grub-pc because it it a job of installers to do that after fresh + install. Fixup for the issue unmasked by above. LP: #1891680 + * grub-multi-install: fix non-interactive failures for grub-efi like it + was fixed in postinst for grub-pc. LP: #1891680 + * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit + dpkg-reconfigure grub-pc. LP: #1892526 + + -- Dimitri John Ledkov Tue, 08 Sep 2020 11:24:35 +0100 + +grub2 (2.04-1ubuntu26.3) focal; urgency=medium + + * 2.04-1ubuntu27 and 2.04-1ubuntu28 folded together for focal + * debian/patches/ubuntu-flavour-order.patch: + - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel + flavours as preferred, and specify an order between those preferred + flavours (LP: #1882663) + * debian/patches/ubuntu-zfs-enhance-support.patch: + - Use version_find_latest for ordering kernels, so it also supports + the GRUB_FLAVOUR_ORDER setting. + * debian/patches/ubuntu-dont-verify-loopback-images.patch: + - disk/loopback: Don't verify loopback images (LP: #1878541), + Thanks to Chris Coulson for the patch + * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch + - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: + - Merge changes from xnox to fix multiple initrds support (LP: #1878705) + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: + - Remove, no longer needed thanks to xnox's patch + * Ensure that grub-multi-install can always find templates (LP: #1879948) + + -- Julian Andres Klode Mon, 17 Aug 2020 16:04:31 +0200 + +grub2 (2.04-1ubuntu26.2) focal; urgency=medium + + * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc + package, since we cannot be certain that it will install to the correct + disk and a grub-install failure will render the system unbootable. + LP: #1889556. + + -- Steve Langasek Thu, 30 Jul 2020 17:34:25 -0700 + +grub2 (2.04-1ubuntu26.1) focal; urgency=medium + + [ Julian Andres Klode ] + * Move gettext patches out of git-dpm's way, so it does not delete them + + [ Chris Coulson ] + * SECURITY UPDATE: Heap buffer overflow when encountering commands that + cannot be tokenized to less than 8192 characters. + - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make + fatal lexer errors actually be fatal + - CVE-2020-10713 + * SECURITY UPDATE: Multiple integer overflow bugs that could result in + heap buffer allocations that were too small and subsequent heap buffer + overflows when handling certain filesystems, font files or PNG images. + - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add + arithmetic primitives that allow for overflows to be detected + - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: + Make sure that there is always an overflow checking implementation + of calloc() available + - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where + appropriate + - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use + overflow-safe arithmetic primitives when performing allocations + based on the results of operations that might overflow + - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in + hfsplus + - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix + more potential integer overflows in lvm + - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + * SECURITY UPDATE: Use-after-free when executing a command that causes + a currently executing function to be redefined. + - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: + Remove unused fields from grub_script_function + - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: + Avoid a use-after-free when redefining a function during execution + - CVE-2020-15706 + * SECURITY UPDATE: Integer overflows that could result in heap buffer + allocations that were too small and subsequent heap buffer overflows + during initrd loading. + - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix + integer overflows in initrd size handling + - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix + integer overflows in linuxefi grub_cmd_initrd + - CVE-2020-15707 + * Various fixes as a result of code review and static analysis: + - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a + memory leak on realloc failures when processing symbolic links + - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a + memory leak when processing font files with more than one NAME + section + - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap + after it is freed in order to avoid a potential double free later on + - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an + out-of-bounds read in LzmaEncode + - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use + priority queues and fix a double free + - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix + various arithmetic errors with malformed device paths + - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix + a NULL deref in the chainloader command introduced by a previous + patch + - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a + use-after-free in the halt and reboot commands by not freeing + allocated memory in these paths + - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: + Avoid a double free in the chainloader command when validation fails + - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: + Protect grub_relocator_alloc_chunk_addr input arguments against + integer overflow / underflow + - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: + Protect grub_relocator_alloc_chunk_align max_addr argument against + integer underflow + - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix + grub_relocator_alloc_chunk_align top memory allocation + - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: + Avoid overflow on initrd size calculation + + [ Dimitri John Ledkov ] + * SECURITY UPDATE: Grub does not enforce kernel signature validation + when the shim protocol isn't present. + - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: + Fail kernel validation if the shim protocol isn't available + - CVE-2020-15705 + + -- Chris Coulson Mon, 20 Jul 2020 19:19:08 +0100 + grub2 (2.04-1ubuntu26) focal; urgency=medium [ Julian Andres Klode ] diff -Nru grub2-2.04/debian/gettext-patches/0001-Support-POTFILES-shell.patch grub2-2.04/debian/gettext-patches/0001-Support-POTFILES-shell.patch --- grub2-2.04/debian/gettext-patches/0001-Support-POTFILES-shell.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/gettext-patches/0001-Support-POTFILES-shell.patch 2020-09-08 10:22:59.000000000 +0000 @@ -0,0 +1,54 @@ +From d5bbd8f60aacb0f73ea5a0bde999152c467d0e78 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 11:57:58 +0000 +Subject: [PATCH 1/4] Support POTFILES-shell + +--- + gettext-runtime/po/Makefile.in.in | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index fabdc76c9..32e9323d3 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -142,7 +142,7 @@ stamp-po: $(srcdir)/$(DOMAIN).pot + # The determination of whether the package xyz is a GNU one is based on the + # heuristic whether some file in the top level directory mentions "GNU xyz". + # If GNU 'find' is available, we avoid grepping through monster files. +-$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed ++$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell.in remove-potcdate.sed + if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \ + LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \ + else \ +@@ -175,7 +175,27 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed + --package-version='@VERSION@' \ + --msgid-bugs-address="$$msgid_bugs_address" \ + ;; \ +- esac ++ esac; \ ++ case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ ++ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \ ++ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ ++ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ ++ --files-from=$(srcdir)/POTFILES-shell.in \ ++ --copyright-holder='$(COPYRIGHT_HOLDER)' \ ++ --msgid-bugs-address="$$msgid_bugs_address" \ ++ --join-existing --language=Shell --keyword=gettext_quoted \ ++ ;; \ ++ *) \ ++ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ ++ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ ++ --files-from=$(srcdir)/POTFILES-shell.in \ ++ --copyright-holder='$(COPYRIGHT_HOLDER)' \ ++ --package-name="$${package_gnu}@PACKAGE@" \ ++ --package-version='@VERSION@' \ ++ --msgid-bugs-address="$$msgid_bugs_address" \ ++ --join-existing --language=Shell --keyword=gettext_quoted \ ++ ;; \ ++ esac; \ + test ! -f $(DOMAIN).po || { \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ +-- +2.17.1 + diff -Nru grub2-2.04/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch grub2-2.04/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch --- grub2-2.04/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch 2020-09-08 10:22:59.000000000 +0000 @@ -0,0 +1,46 @@ +From fd17c51f2e6c87427679fbdfb5f6224ff48795db Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 12:00:41 +0000 +Subject: [PATCH 2/4] Handle gettext_printf shell function + +Extract gettext_printf arguments. + +Run grub.d.sed over strings extracted from util/grub.d/, in order to set +c-format flags (xgettext refuses to include these itself for strings it +extracted from a shell file, but these really are c-format). +--- + gettext-runtime/po/Makefile.in.in | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index 32e9323d3..32e0c99a2 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -183,7 +183,8 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell + --files-from=$(srcdir)/POTFILES-shell.in \ + --copyright-holder='$(COPYRIGHT_HOLDER)' \ + --msgid-bugs-address="$$msgid_bugs_address" \ +- --join-existing --language=Shell --keyword=gettext_quoted \ ++ --join-existing --language=Shell \ ++ --keyword=gettext_quoted --keyword=gettext_printf \ + ;; \ + *) \ + $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ +@@ -193,10 +194,13 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell + --package-name="$${package_gnu}@PACKAGE@" \ + --package-version='@VERSION@' \ + --msgid-bugs-address="$$msgid_bugs_address" \ +- --join-existing --language=Shell --keyword=gettext_quoted \ ++ --join-existing --language=Shell \ ++ --keyword=gettext_quoted --keyword=gettext_printf \ + ;; \ + esac; \ + test ! -f $(DOMAIN).po || { \ ++ sed -f grub.d.sed < $(DOMAIN).po > $(DOMAIN).1po && \ ++ mv $(DOMAIN).1po $(DOMAIN).po; \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ + sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ +-- +2.17.1 + diff -Nru grub2-2.04/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch grub2-2.04/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch --- grub2-2.04/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch 2020-09-08 10:22:59.000000000 +0000 @@ -0,0 +1,34 @@ +From 156c523e2945c9b43c5500fb93988b0dd2f08d75 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Sun, 1 Mar 2020 12:09:25 +0000 +Subject: [PATCH 3/4] Make msgfmt output in little-endian + +GRUB expects this. +--- + gettext-runtime/po/Makefile.in.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index 32e0c99a2..f3ef54c39 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -84,13 +84,13 @@ CATALOGS = @CATALOGS@ + + .po.mo: + @echo "$(MSGFMT) -c -o $@ $<"; \ +- $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@ ++ $(MSGFMT) --endianness=little -c -o t-$@ $< && mv t-$@ $@ + + .po.gmo: + @lang=`echo $* | sed -e 's,.*/,,'`; \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ +- echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ +- cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo ++ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ ++ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo + + .sin.sed: + sed -e '/^#/d' $< > t-$@ +-- +2.17.1 + diff -Nru grub2-2.04/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch grub2-2.04/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch --- grub2-2.04/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch 2020-09-08 10:22:59.000000000 +0000 @@ -0,0 +1,26 @@ +From f36f12e77798223ee7ee882c0d09e0e63db11454 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 12:14:07 +0000 +Subject: [PATCH 4/4] Use @SHELL rather than /bin/sh + +/bin/sh might not exist. +--- + gettext-runtime/po/Makefile.in.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index f3ef54c39..285a55a9d 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -16,7 +16,7 @@ VERSION = @VERSION@ + PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ + + SED = @SED@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + @SET_MAKE@ + + srcdir = @srcdir@ +-- +2.17.1 + diff -Nru grub2-2.04/debian/.git-dpm grub2-2.04/debian/.git-dpm --- grub2-2.04/debian/.git-dpm 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/.git-dpm 2020-09-08 10:23:01.000000000 +0000 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -4c7457bc4f7cd1a516a7e255476a086270a4dbe4 -4c7457bc4f7cd1a516a7e255476a086270a4dbe4 +229c7f88463e2ae9fbb891a286cba50b580f7bad +229c7f88463e2ae9fbb891a286cba50b580f7bad 578bb115fbd47e1c464696f1f8d6183e5443975d 578bb115fbd47e1c464696f1f8d6183e5443975d grub2_2.04.orig.tar.xz diff -Nru grub2-2.04/debian/grub-common.templates grub2-2.04/debian/grub-common.templates --- grub2-2.04/debian/grub-common.templates 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/grub-common.templates 2020-09-08 10:22:59.000000000 +0000 @@ -0,0 +1,53 @@ +Template: grub-efi/install_devices +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB EFI system partitions: + The grub-efi package is being upgraded. This menu allows you to select which + EFI system partions you'd like grub-install to be automatically run for, if any. + . + Running grub-install automatically is recommended in most situations, to + prevent the installed GRUB core image from getting out of sync with GRUB + modules or grub.cfg. + +Template: grub-efi/install_devices_disks_changed +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB install devices: + The GRUB boot loader was previously installed to a disk that is no longer + present, or whose unique identifier has changed for some reason. It is + important to make sure that the installed GRUB core image stays in sync + with GRUB modules and grub.cfg. Please check again to make sure that GRUB + is written to the appropriate boot devices. + +Template: grub-efi/partition_description +Type: text +_Description: ${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL} + +Template: grub-efi/install_devices_failed +Type: boolean +Default: false +#flag:translate!:3 +_Description: Writing GRUB to boot device failed - continue? + GRUB failed to install to the following devices: + . + ${FAILED_DEVICES} + . + Do you want to continue anyway? If you do, your computer may not start up + properly. + +Template: grub-efi/install_devices_empty +Type: boolean +Default: false +_Description: Continue without installing GRUB? + You chose not to install GRUB to any devices. If you continue, the boot + loader may not be properly configured, and when this computer next starts + up it will use whatever was previously configured. If there is an + earlier version of GRUB 2 in the EFI system partition, it may be unable to load + modules or handle the current configuration file. + . + If you are already using a different boot loader and want to carry on + doing so, or if this is a special environment where you do not need a boot + loader, then you should continue anyway. Otherwise, you should install + GRUB somewhere. diff -Nru grub2-2.04/debian/grub-multi-install grub2-2.04/debian/grub-multi-install --- grub2-2.04/debian/grub-multi-install 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/grub-multi-install 2020-09-08 10:23:00.000000000 +0000 @@ -8,6 +8,13 @@ . /usr/share/debconf/confmodule +# shamelessly stolen from ucf: +# +# Load our templates, just in case our template has +# not been loaded or the Debconf DB lost or corrupted +# since then. +db_x_loadtemplatefile "$(dpkg-query --control-path grub-common templates)" grub-common + ############################################################################### # COPY FROM POSTINST ############################################################################### @@ -373,7 +380,7 @@ continue fi else - break # noninteractive + exit 1 # noninteractive fi fi @@ -395,7 +402,7 @@ db_fset grub-efi/install_devices_empty seen false fi else - break # noninteractive + exit 1 # noninteractive fi else break diff -Nru grub2-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch grub2-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch --- grub2-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,26 @@ +From 7bae32b384bf0129a980b77447e21abb4024f693 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Mon, 24 Feb 2020 20:29:53 +0000 +Subject: uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings + +LP: #1864547 +--- + util/grub.d/30_uefi-firmware.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index 3c9f533d8c..b072d219f6 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" + + if [ -e "$OsIndications" ] && \ + [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then +- LABEL="System setup" ++ LABEL="UEFI Firmware Settings" + +- gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 ++ gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2 + + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + diff -Nru grub2-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch grub2-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch --- grub2-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,86 @@ +From 484c805e1361fd010e0c3e2c44585f5f7e3899c1 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 3 Mar 2020 16:06:34 +0100 +Subject: smbios: Add a --linux argument to apply linux modalias-like filtering + +Linux creates modalias strings by filtering out non-ASCII, space, +and colon characters. Provide an option that does the same filtering +so people can create a modalias string in GRUB, and then match their +modalias patterns against it. + +Signed-off-by: Julian Andres Klode +Reviewed-by: Daniel Kiper +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=87049f9716fb095aecb595fb8f45497bbbb1b4a2 +--- + grub-core/commands/smbios.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c +index 7a6a391fc1..1a9086ddd4 100644 +--- a/grub-core/commands/smbios.c ++++ b/grub-core/commands/smbios.c +@@ -64,6 +64,21 @@ grub_smbios_get_eps3 (void) + return eps; + } + ++static char * ++linux_string (const char *value) ++{ ++ char *out = grub_malloc( grub_strlen (value) + 1); ++ const char *src = value; ++ char *dst = out; ++ ++ for (; *src; src++) ++ if (*src > ' ' && *src < 127 && *src != ':') ++ *dst++ = *src; ++ ++ *dst = 0; ++ return out; ++} ++ + /* + * These functions convert values from the various SMBIOS structure field types + * into a string formatted to be returned to the user. They expect that the +@@ -176,6 +191,7 @@ static const struct { + /* List command options, with structure field getters ordered as above. */ + #define FIRST_GETTER_OPT (3) + #define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors)) ++#define LINUX_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors) + 1) + + static const struct grub_arg_option options[] = { + {"type", 't', 0, N_("Match structures with the given type."), +@@ -198,6 +214,8 @@ static const struct grub_arg_option options[] = { + N_("offset"), ARG_TYPE_INT}, + {"set", '\0', 0, N_("Store the value in the given variable name."), + N_("variable"), ARG_TYPE_STRING}, ++ {"linux", '\0', 0, N_("Filter the result like linux does."), ++ N_("variable"), ARG_TYPE_NONE}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -261,6 +279,7 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, + + const grub_uint8_t *structure; + const char *value; ++ char *modified_value = NULL; + grub_int32_t option; + grub_int8_t field_type = -1; + grub_uint8_t i; +@@ -334,12 +353,17 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, + return grub_error (GRUB_ERR_IO, + N_("failed to retrieve the structure field")); + ++ if (state[LINUX_OPT].set) ++ value = modified_value = linux_string (value); ++ + /* Store or print the formatted value. */ + if (state[SETTER_OPT].set) + grub_env_set (state[SETTER_OPT].arg, value); + else + grub_printf ("%s\n", value); + ++ grub_free(modified_value); ++ + return GRUB_ERR_NONE; + } + diff -Nru grub2-2.04/debian/patches/0075-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch grub2-2.04/debian/patches/0075-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch --- grub2-2.04/debian/patches/0075-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/0075-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From 4d3c59dd378362f4e0e30aaaf77068bea97ebd24 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Mon, 24 Feb 2020 20:29:53 +0000 -Subject: uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings - -LP: #1864547 ---- - util/grub.d/30_uefi-firmware.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in -index 3c9f533d8..b072d219f 100644 ---- a/util/grub.d/30_uefi-firmware.in -+++ b/util/grub.d/30_uefi-firmware.in -@@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" - - if [ -e "$OsIndications" ] && \ - [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then -- LABEL="System setup" -+ LABEL="UEFI Firmware Settings" - -- gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 -+ gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2 - - onstr="$(gettext_printf "(on %s)" "${DEVICE}")" - diff -Nru grub2-2.04/debian/patches/0076-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch grub2-2.04/debian/patches/0076-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch --- grub2-2.04/debian/patches/0076-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/0076-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,86 +0,0 @@ -From b7ae50d78035e0e73f5ea212fab7b728353c988b Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode -Date: Tue, 3 Mar 2020 16:06:34 +0100 -Subject: smbios: Add a --linux argument to apply linux modalias-like filtering - -Linux creates modalias strings by filtering out non-ASCII, space, -and colon characters. Provide an option that does the same filtering -so people can create a modalias string in GRUB, and then match their -modalias patterns against it. - -Signed-off-by: Julian Andres Klode -Reviewed-by: Daniel Kiper -Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=87049f9716fb095aecb595fb8f45497bbbb1b4a2 ---- - grub-core/commands/smbios.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c -index 7a6a391fc..1a9086ddd 100644 ---- a/grub-core/commands/smbios.c -+++ b/grub-core/commands/smbios.c -@@ -64,6 +64,21 @@ grub_smbios_get_eps3 (void) - return eps; - } - -+static char * -+linux_string (const char *value) -+{ -+ char *out = grub_malloc( grub_strlen (value) + 1); -+ const char *src = value; -+ char *dst = out; -+ -+ for (; *src; src++) -+ if (*src > ' ' && *src < 127 && *src != ':') -+ *dst++ = *src; -+ -+ *dst = 0; -+ return out; -+} -+ - /* - * These functions convert values from the various SMBIOS structure field types - * into a string formatted to be returned to the user. They expect that the -@@ -176,6 +191,7 @@ static const struct { - /* List command options, with structure field getters ordered as above. */ - #define FIRST_GETTER_OPT (3) - #define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors)) -+#define LINUX_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors) + 1) - - static const struct grub_arg_option options[] = { - {"type", 't', 0, N_("Match structures with the given type."), -@@ -198,6 +214,8 @@ static const struct grub_arg_option options[] = { - N_("offset"), ARG_TYPE_INT}, - {"set", '\0', 0, N_("Store the value in the given variable name."), - N_("variable"), ARG_TYPE_STRING}, -+ {"linux", '\0', 0, N_("Filter the result like linux does."), -+ N_("variable"), ARG_TYPE_NONE}, - {0, 0, 0, 0, 0, 0} - }; - -@@ -261,6 +279,7 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, - - const grub_uint8_t *structure; - const char *value; -+ char *modified_value = NULL; - grub_int32_t option; - grub_int8_t field_type = -1; - grub_uint8_t i; -@@ -334,12 +353,17 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, - return grub_error (GRUB_ERR_IO, - N_("failed to retrieve the structure field")); - -+ if (state[LINUX_OPT].set) -+ value = modified_value = linux_string (value); -+ - /* Store or print the formatted value. */ - if (state[SETTER_OPT].set) - grub_env_set (state[SETTER_OPT].arg, value); - else - grub_printf ("%s\n", value); - -+ grub_free(modified_value); -+ - return GRUB_ERR_NONE; - } - diff -Nru grub2-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch grub2-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch --- grub2-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,118 @@ +From 80b0e6a9375628f209b96173ce0a3af70060131c Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:00 +0100 +Subject: ubuntu: Make the linux command in EFI grub always try EFI handover + +The previous implementation only boots via the EFI handover protocol when +secure boot is enabled. This means that disabling secure boot breaks some +features that depend on the kernel being booted via the EFI handover entry +point, such as retrieval of the TCG event log. + +Update the linux command to always attempt to defer to linuxefi in EFI grub +builds, regardless of whether secure boot is enabled or not. This also allows +a fallback to the non-EFI handover path on kernels that don't support it, but +only if secure boot is disabled. +--- + grub-core/loader/i386/efi/linux.c | 14 +++++---- + grub-core/loader/i386/linux.c | 47 +++++++++++++++++-------------- + 2 files changed, 35 insertions(+), 26 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 6b6aef87f7..fe3ca2c596 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -195,12 +196,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), +- argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), ++ argv[0]); ++ goto fail; ++ } + } + + params = grub_efi_allocate_pages_max (0x3fffffff, +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 4328bcbdb0..991eb29db9 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -658,35 +658,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + #ifdef GRUB_MACHINE_EFI + using_linuxefi = 0; +- if (grub_efi_secure_boot ()) +- { +- /* linuxefi requires a successful signature check and then hand over +- to the kernel without calling ExitBootServices. */ +- grub_dl_t mod; +- grub_command_t linuxefi_cmd; + +- grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); ++ grub_dl_t mod; ++ grub_command_t linuxefi_cmd; ++ ++ grub_dprintf ("linux", "Trying linuxefi\n"); + +- mod = grub_dl_load ("linuxefi"); +- if (mod) ++ mod = grub_dl_load ("linuxefi"); ++ if (mod) ++ { ++ grub_dl_ref (mod); ++ linuxefi_cmd = grub_command_find ("linuxefi"); ++ initrdefi_cmd = grub_command_find ("initrdefi"); ++ if (linuxefi_cmd && initrdefi_cmd) + { +- grub_dl_ref (mod); +- linuxefi_cmd = grub_command_find ("linuxefi"); +- initrdefi_cmd = grub_command_find ("initrdefi"); +- if (linuxefi_cmd && initrdefi_cmd) ++ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("linux", "Handing off to linuxefi\n"); ++ using_linuxefi = 1; ++ return GRUB_ERR_NONE; ++ } ++ else if (grub_efi_secure_boot ()) + { +- (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); +- if (grub_errno == GRUB_ERR_NONE) +- { +- grub_dprintf ("linux", "Handing off to linuxefi\n"); +- using_linuxefi = 1; +- return GRUB_ERR_NONE; +- } +- grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); ++ grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); + goto fail; + } + } + } ++ ++ if (grub_efi_secure_boot ()) ++ { ++ grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); ++ goto fail; ++ } + #endif + + if (argc == 0) diff -Nru grub2-2.04/debian/patches/0077-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch grub2-2.04/debian/patches/0077-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch --- grub2-2.04/debian/patches/0077-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/0077-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,118 +0,0 @@ -From 3004e78bbfe6acb5e38290b2e5c7fff277ea1628 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Wed, 11 Mar 2020 16:46:00 +0100 -Subject: ubuntu: Make the linux command in EFI grub always try EFI handover - -The previous implementation only boots via the EFI handover protocol when -secure boot is enabled. This means that disabling secure boot breaks some -features that depend on the kernel being booted via the EFI handover entry -point, such as retrieval of the TCG event log. - -Update the linux command to always attempt to defer to linuxefi in EFI grub -builds, regardless of whether secure boot is enabled or not. This also allows -a fallback to the non-EFI handover path on kernels that don't support it, but -only if secure boot is disabled. ---- - grub-core/loader/i386/efi/linux.c | 14 +++++---- - grub-core/loader/i386/linux.c | 47 +++++++++++++++++-------------- - 2 files changed, 35 insertions(+), 26 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6b6aef87f..fe3ca2c59 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -195,12 +196,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- rc = grub_linuxefi_secure_validate (kernel, filelen); -- if (rc < 0) -+ if (grub_efi_secure_boot ()) - { -- grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), -- argv[0]); -- goto fail; -+ rc = grub_linuxefi_secure_validate (kernel, filelen); -+ if (rc < 0) -+ { -+ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), -+ argv[0]); -+ goto fail; -+ } - } - - params = grub_efi_allocate_pages_max (0x3fffffff, -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 4328bcbdb..991eb29db 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -658,35 +658,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - #ifdef GRUB_MACHINE_EFI - using_linuxefi = 0; -- if (grub_efi_secure_boot ()) -- { -- /* linuxefi requires a successful signature check and then hand over -- to the kernel without calling ExitBootServices. */ -- grub_dl_t mod; -- grub_command_t linuxefi_cmd; - -- grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); -+ grub_dl_t mod; -+ grub_command_t linuxefi_cmd; -+ -+ grub_dprintf ("linux", "Trying linuxefi\n"); - -- mod = grub_dl_load ("linuxefi"); -- if (mod) -+ mod = grub_dl_load ("linuxefi"); -+ if (mod) -+ { -+ grub_dl_ref (mod); -+ linuxefi_cmd = grub_command_find ("linuxefi"); -+ initrdefi_cmd = grub_command_find ("initrdefi"); -+ if (linuxefi_cmd && initrdefi_cmd) - { -- grub_dl_ref (mod); -- linuxefi_cmd = grub_command_find ("linuxefi"); -- initrdefi_cmd = grub_command_find ("initrdefi"); -- if (linuxefi_cmd && initrdefi_cmd) -+ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); -+ if (grub_errno == GRUB_ERR_NONE) -+ { -+ grub_dprintf ("linux", "Handing off to linuxefi\n"); -+ using_linuxefi = 1; -+ return GRUB_ERR_NONE; -+ } -+ else if (grub_efi_secure_boot ()) - { -- (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); -- if (grub_errno == GRUB_ERR_NONE) -- { -- grub_dprintf ("linux", "Handing off to linuxefi\n"); -- using_linuxefi = 1; -- return GRUB_ERR_NONE; -- } -- grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); -+ grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); - goto fail; - } - } - } -+ -+ if (grub_efi_secure_boot ()) -+ { -+ grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); -+ goto fail; -+ } - #endif - - if (argc == 0) diff -Nru grub2-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch grub2-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch --- grub2-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,25 @@ +From f59fbf2d6ae70d8872d8b680cfccb6e139410944 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:41 +0100 +Subject: ubuntu: Update the linux boot protocol version check. + +The EFI implementation of grub_cmd_linux makes use of xloadflags which was +introduced in to version 2.12 of the kernel's boot protocol, so update the +check accordingly. +--- + grub-core/loader/i386/efi/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index fe3ca2c596..2929da7a29 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -245,7 +245,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + grub_dprintf ("linuxefi", "checking lh->version\n"); +- if (lh->version < grub_cpu_to_le16 (0x020b)) ++ if (lh->version < grub_cpu_to_le16 (0x020c)) + { + grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); + goto fail; diff -Nru grub2-2.04/debian/patches/0078-ubuntu-Update-the-linux-boot-protocol-version-check.patch grub2-2.04/debian/patches/0078-ubuntu-Update-the-linux-boot-protocol-version-check.patch --- grub2-2.04/debian/patches/0078-ubuntu-Update-the-linux-boot-protocol-version-check.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/0078-ubuntu-Update-the-linux-boot-protocol-version-check.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From 05c83490bed811e5dd5cde7c59bb56cc2db751d6 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Wed, 11 Mar 2020 16:46:41 +0100 -Subject: ubuntu: Update the linux boot protocol version check. - -The EFI implementation of grub_cmd_linux makes use of xloadflags which was -introduced in to version 2.12 of the kernel's boot protocol, so update the -check accordingly. ---- - grub-core/loader/i386/efi/linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index fe3ca2c59..2929da7a2 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -245,7 +245,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - - grub_dprintf ("linuxefi", "checking lh->version\n"); -- if (lh->version < grub_cpu_to_le16 (0x020b)) -+ if (lh->version < grub_cpu_to_le16 (0x020c)) - { - grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); - goto fail; diff -Nru grub2-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch grub2-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch --- grub2-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,66 @@ +From e25ff4f02fae2c006408a8fa1283320cd81ff87d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37b76..b7203c8230 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ diff -Nru grub2-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch grub2-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch --- grub2-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,120 @@ +From daa399d191529cbbe465cfe3ecf5e90cada76786 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 10:58:42 -0400 +Subject: safemath: Add some arithmetic primitives that check for overflow + +This adds a new header, include/grub/safemath.h, that includes easy to +use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + +where OP is grub_add, grub_sub or grub_mul. OP() returns true in the +case where the operation would overflow and res is not modified. +Otherwise, false is returned and the operation is executed. + +These arithmetic primitives require newer compiler versions. So, bump +these requirements in the INSTALL file too. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + INSTALL | 22 ++-------------------- + include/grub/compiler.h | 8 ++++++++ + include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 47 insertions(+), 20 deletions(-) + create mode 100644 include/grub/safemath.h + +diff --git a/INSTALL b/INSTALL +index 342c158e91..991479b521 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If + you don't have any of them, please obtain and install them before + configuring the GRUB. + +-* GCC 4.1.3 or later +- Note: older versions may work but support is limited +- +- Experimental support for clang 3.3 or later (results in much bigger binaries) ++* GCC 5.1.0 or later ++ Experimental support for clang 3.8.0 or later (results in much bigger binaries) + for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 +- Note: clang 3.2 or later works for i386 and x86_64 targets but results in +- much bigger binaries. +- earlier versions not tested +- Note: clang 3.2 or later works for arm +- earlier versions not tested +- Note: clang on arm64 is not supported due to +- https://llvm.org/bugs/show_bug.cgi?id=26030 +- Note: clang 3.3 or later works for mips(el) +- earlier versions fail to generate .reginfo and hence gprel relocations +- fail. +- Note: clang 3.2 or later works for powerpc +- earlier versions not tested +- Note: clang 3.5 or later works for sparc64 +- earlier versions return "error: unable to interface with target machine" +- Note: clang has no support for ia64 and hence you can't compile GRUB +- for ia64 with clang + * GNU Make + * GNU Bison 2.3 or later + * GNU gettext 0.17 or later +diff --git a/include/grub/compiler.h b/include/grub/compiler.h +index c9e1d7a73d..8f3be3ae70 100644 +--- a/include/grub/compiler.h ++++ b/include/grub/compiler.h +@@ -48,4 +48,12 @@ + # define WARN_UNUSED_RESULT + #endif + ++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) ++# define CLANG_PREREQ(maj,min) \ ++ ((__clang_major__ > (maj)) || \ ++ (__clang_major__ == (maj) && __clang_minor__ >= (min))) ++#else ++# define CLANG_PREREQ(maj,min) 0 ++#endif ++ + #endif /* ! GRUB_COMPILER_HEADER */ +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +new file mode 100644 +index 0000000000..c17b89bba1 +--- /dev/null ++++ b/include/grub/safemath.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Arithmetic operations that protect against overflow. ++ */ ++ ++#ifndef GRUB_SAFEMATH_H ++#define GRUB_SAFEMATH_H 1 ++ ++#include ++ ++/* These appear in gcc 5.1 and clang 3.8. */ ++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) ++ ++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) ++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) ++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) ++ ++#else ++#error gcc 5.1 or newer or clang 3.8 or newer is required ++#endif ++ ++#endif /* GRUB_SAFEMATH_H */ diff -Nru grub2-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch grub2-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch --- grub2-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,239 @@ +From 5cffb625b814199eff98b73c34a92879b17fd5ac Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:15:29 -0400 +Subject: calloc: Make sure we always have an overflow-checking calloc() + available + +This tries to make sure that everywhere in this source tree, we always have +an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) +available, and that they all safely check for overflow and return NULL when +it would occur. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/kern/emu/misc.c | 12 +++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++- + include/grub/emu/misc.h | 1 + + include/grub/mm.h | 6 +++++ + 7 files changed, 85 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 65db79baa1..dfd8a8ec48 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) + exit (1); + } + ++void * ++xcalloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *p; ++ ++ p = calloc (nmemb, size); ++ if (!p) ++ grub_util_error ("%s", _("out of memory")); ++ ++ return p; ++} ++ + void * + xmalloc (grub_size_t size) + { +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index f262e95e38..145b01d371 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -25,6 +25,16 @@ + #include + #include + ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ ret = calloc (nmemb, size); ++ if (!ret) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return ret; ++} ++ + void * + grub_malloc (grub_size_t size) + { +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index ee88ff6118..f2822a8364 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -67,8 +67,10 @@ + #include + #include + #include ++#include + + #ifdef MM_DEBUG ++# undef grub_calloc + # undef grub_malloc + # undef grub_zalloc + # undef grub_realloc +@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) + return 0; + } + ++/* ++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on ++ * integer overflow. ++ */ ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ grub_size_t sz = 0; ++ ++ if (grub_mul (nmemb, size, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_memalign (0, sz); ++ if (!ret) ++ return NULL; ++ ++ grub_memset (ret, 0, sz); ++ return ret; ++} ++ + /* Allocate SIZE bytes and return the pointer. */ + void * + grub_malloc (grub_size_t size) +@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) + grub_printf ("\n"); + } + ++void * ++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) ++{ ++ void *ptr; ++ ++ if (grub_mm_debug) ++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", ++ file, line, size); ++ ptr = grub_calloc (nmemb, size); ++ if (grub_mm_debug) ++ grub_printf ("%p\n", ptr); ++ return ptr; ++} ++ + void * + grub_debug_malloc (const char *file, int line, grub_size_t size) + { +diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c +index beeb661a3c..74c6eafe52 100644 +--- a/grub-core/lib/libgcrypt_wrap/mem.c ++++ b/grub-core/lib/libgcrypt_wrap/mem.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -36,7 +37,10 @@ void * + gcry_xcalloc (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +@@ -56,7 +60,10 @@ void * + gcry_xcalloc_secure (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 3b46f47ff5..7a8d385e97 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + static inline void + free (void *ptr) +@@ -37,7 +38,12 @@ malloc (grub_size_t size) + static inline void * + calloc (grub_size_t size, grub_size_t nelem) + { +- return grub_zalloc (size * nelem); ++ grub_size_t sz; ++ ++ if (grub_mul (size, nelem, &sz)) ++ return NULL; ++ ++ return grub_zalloc (sz); + } + + static inline void * +diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h +index ce464cfd00..ff9c48a649 100644 +--- a/include/grub/emu/misc.h ++++ b/include/grub/emu/misc.h +@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); + #define GRUB_HOST_PRIuLONG_LONG "llu" + #define GRUB_HOST_PRIxLONG_LONG "llx" + ++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; + char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 28e2e53eb3..9c38dd3ca5 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -29,6 +29,7 @@ + #endif + + void grub_mm_init_region (void *addr, grub_size_t size); ++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_malloc) (grub_size_t size); + void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); + void EXPORT_FUNC(grub_free) (void *ptr); +@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); + void grub_mm_dump_free (void); + void grub_mm_dump (unsigned lineno); + ++#define grub_calloc(nmemb, size) \ ++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) ++ + #define grub_malloc(size) \ + grub_debug_malloc (GRUB_FILE, __LINE__, size) + +@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); + #define grub_free(ptr) \ + grub_debug_free (GRUB_FILE, __LINE__, ptr) + ++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, ++ grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, + grub_size_t size); + void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff -Nru grub2-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch grub2-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch --- grub2-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0084-calloc-Use-calloc-at-most-places.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,1833 @@ +From 855173c18eab34ad93f21f5c509fe0e91bfd1c44 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:26:01 -0400 +Subject: calloc: Use calloc() at most places + +This modifies most of the places we do some form of: + + X = malloc(Y * Z); + +to use calloc(Y, Z) instead. + +Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + +Fixes: CVE-2020-14308 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/bus/usb/usbhub.c | 8 ++++---- + grub-core/commands/efi/lsefisystab.c | 3 ++- + grub-core/commands/legacycfg.c | 6 +++--- + grub-core/commands/menuentry.c | 2 +- + grub-core/commands/nativedisk.c | 2 +- + grub-core/commands/parttool.c | 12 +++++++++--- + grub-core/commands/regexp.c | 2 +- + grub-core/commands/search_wrap.c | 2 +- + grub-core/disk/diskfilter.c | 4 ++-- + grub-core/disk/ieee1275/ofdisk.c | 2 +- + grub-core/disk/ldm.c | 14 +++++++------- + grub-core/disk/luks.c | 2 +- + grub-core/disk/lvm.c | 8 ++++---- + grub-core/disk/xen/xendisk.c | 2 +- + grub-core/efiemu/loadcore.c | 2 +- + grub-core/efiemu/mm.c | 6 +++--- + grub-core/font/font.c | 3 +-- + grub-core/fs/affs.c | 6 +++--- + grub-core/fs/btrfs.c | 6 +++--- + grub-core/fs/hfs.c | 2 +- + grub-core/fs/hfsplus.c | 6 +++--- + grub-core/fs/iso9660.c | 2 +- + grub-core/fs/ntfs.c | 4 ++-- + grub-core/fs/sfs.c | 2 +- + grub-core/fs/tar.c | 2 +- + grub-core/fs/udf.c | 4 ++-- + grub-core/fs/zfs/zfs.c | 4 ++-- + grub-core/gfxmenu/gui_string_util.c | 2 +- + grub-core/gfxmenu/widget-box.c | 4 ++-- + grub-core/io/gzio.c | 2 +- + grub-core/kern/efi/efi.c | 6 +++--- + grub-core/kern/emu/hostdisk.c | 2 +- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/parser.c | 2 +- + grub-core/kern/uboot/uboot.c | 2 +- + grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- + grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- + grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 7 +++---- + grub-core/lib/relocator.c | 10 +++++----- + grub-core/lib/zstd/fse_decompress.c | 2 +- + grub-core/loader/arm/linux.c | 2 +- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/loader/i386/bsdXX.c | 2 +- + grub-core/loader/i386/xnu.c | 4 ++-- + grub-core/loader/macho.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 2 +- + grub-core/loader/xnu.c | 2 +- + grub-core/mmap/mmap.c | 4 ++-- + grub-core/net/bootp.c | 2 +- + grub-core/net/dns.c | 10 +++++----- + grub-core/net/net.c | 4 ++-- + grub-core/normal/charset.c | 10 +++++----- + grub-core/normal/cmdline.c | 14 +++++++------- + grub-core/normal/menu_entry.c | 14 +++++++------- + grub-core/normal/menu_text.c | 4 ++-- + grub-core/normal/term.c | 4 ++-- + grub-core/osdep/linux/getroot.c | 6 +++--- + grub-core/osdep/unix/config.c | 2 +- + grub-core/osdep/windows/getroot.c | 2 +- + grub-core/osdep/windows/hostdisk.c | 4 ++-- + grub-core/osdep/windows/init.c | 2 +- + grub-core/osdep/windows/platform.c | 4 ++-- + grub-core/osdep/windows/relpath.c | 2 +- + grub-core/partmap/gpt.c | 2 +- + grub-core/partmap/msdos.c | 2 +- + grub-core/script/execute.c | 2 +- + grub-core/tests/fake_input.c | 2 +- + grub-core/tests/video_checksum.c | 6 +++--- + grub-core/video/capture.c | 2 +- + grub-core/video/emu/sdl.c | 2 +- + grub-core/video/i386/pc/vga.c | 2 +- + grub-core/video/readers/png.c | 2 +- + include/grub/unicode.h | 4 ++-- + util/getroot.c | 2 +- + util/grub-file.c | 2 +- + util/grub-fstest.c | 4 ++-- + util/grub-install-common.c | 2 +- + util/grub-install.c | 4 ++-- + util/grub-mkimagexx.c | 6 ++---- + util/grub-mkrescue.c | 4 ++-- + util/grub-mkstandalone.c | 2 +- + util/grub-pe2elf.c | 12 +++++------- + util/grub-probe.c | 4 ++-- + 86 files changed, 176 insertions(+), 175 deletions(-) + +diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c +index 34a7ff1b5f..a06cce302d 100644 +--- a/grub-core/bus/usb/usbhub.c ++++ b/grub-core/bus/usb/usbhub.c +@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) + grub_usb_set_configuration (dev, 1); + + dev->nports = hubdesc.portcnt; +- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); +- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); ++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); ++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); + if (!dev->children || !dev->ports) + { + grub_free (dev->children); +@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d + + /* Query the number of ports the root Hub has. */ + hub->nports = controller->dev->hubports (controller); +- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); +- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); ++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); ++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); + if (!hub->devices || !hub->ports) + { + grub_free (hub->devices); +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index 902788250e..d29188efaf 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -73,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), + grub_printf ("Vendor: "); + + for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); +- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); ++ /* Allocate extra 3 bytes to simplify math. */ ++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); + if (!vendor) + return grub_errno; + *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index db7a8f0027..5e3ec0d5e4 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); ++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); + if (!cutargs) + return grub_errno; + cutargc = argc - 1; +@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + { + char rbuf[3] = "-r"; + bsdargc = cutargc + 2; +- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); ++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); + if (!bsdargs) + { + err = grub_errno; +@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), + "module"); + +- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); ++ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); + if (!newargs) + return grub_errno; + grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 2c5363da7f..9164df744a 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + goto fail; + + /* Save argc, args to pass as parameters to block arg later. */ +- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); ++ menu_args = grub_calloc (argc + 1, sizeof (char *)); + if (! menu_args) + goto fail; + +diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c +index 699447d11e..7c8f97f6ad 100644 +--- a/grub-core/commands/nativedisk.c ++++ b/grub-core/commands/nativedisk.c +@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), + else + path_prefix = prefix; + +- mods = grub_malloc (argc * sizeof (mods[0])); ++ mods = grub_calloc (argc, sizeof (mods[0])); + if (!mods) + return grub_errno; + +diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c +index 22b46b1874..051e31320e 100644 +--- a/grub-core/commands/parttool.c ++++ b/grub-core/commands/parttool.c +@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, + for (nargs = 0; args[nargs].name != 0; nargs++); + cur->nargs = nargs; + cur->args = (struct grub_parttool_argdesc *) +- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); ++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); ++ if (!cur->args) ++ { ++ grub_free (cur); ++ curhandle--; ++ return -1; ++ } + grub_memcpy (cur->args, args, + (nargs + 1) * sizeof (struct grub_parttool_argdesc)); + +@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + return err; + } + +- parsed = (int *) grub_zalloc (argc * sizeof (int)); ++ parsed = (int *) grub_calloc (argc, sizeof (int)); + + for (i = 1; i < argc; i++) + if (! parsed[i]) +@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + } + ptool = cur; + pargs = (struct grub_parttool_args *) +- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); ++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); + for (j = i; j < argc; j++) + if (! parsed[j]) + { +diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c +index f00b184c81..4019164f36 100644 +--- a/grub-core/commands/regexp.c ++++ b/grub-core/commands/regexp.c +@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) + if (ret) + goto fail; + +- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); ++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); + if (! matches) + goto fail; + +diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c +index d7fd26b940..47fc8eb996 100644 +--- a/grub-core/commands/search_wrap.c ++++ b/grub-core/commands/search_wrap.c +@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) + nhints++; + +- hints = grub_malloc (sizeof (hints[0]) * nhints); ++ hints = grub_calloc (nhints, sizeof (hints[0])); + if (!hints) + return grub_errno; + j = 0; +diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c +index c3b578acf2..68ca9e0be9 100644 +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c +@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, + array->lvs->segments->node_count = nmemb; + array->lvs->segments->raid_member_size = disk_size; + array->lvs->segments->nodes +- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); ++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); + array->lvs->segments->stripe_size = stripe_size; + for (i = 0; i < nmemb; i++) + { +@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, + grub_partition_t p; + for (p = disk->partition; p; p = p->parent) + s++; +- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); ++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); + s = 0; + for (p = disk->partition; p; p = p->parent) + pv->partmaps[s++] = xstrdup (p->partmap->name); +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index f73257e66d..03674cb477 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + /* Power machines documentation specify 672 as maximum SAS disks in + one system. Using a slightly larger value to be safe. */ + table_size = 768; +- table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ table = grub_calloc (table_size, sizeof (grub_uint64_t)); + + if (!table) + { +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 2a22d2d6c1..e6323701ab 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; + lv->segments->node_alloc = 8; +- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, ++ sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + ptr = vblk[i].dynamic; +@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, + { + comp->segment_alloc = 8; + comp->segment_count = 0; +- comp->segments = grub_malloc (sizeof (*comp->segments) +- * comp->segment_alloc); ++ comp->segments = grub_calloc (comp->segment_alloc, ++ sizeof (*comp->segments)); + if (!comp->segments) + goto fail2; + } +@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, + } + comp->segments->node_count = read_int (ptr + 1, *ptr); + comp->segments->node_alloc = comp->segments->node_count; +- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) +- * comp->segments->node_alloc); ++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, ++ sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + } +@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = lv->size; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 86c50c6121..18b3a8bb1d 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, + && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); + +- split_key = grub_malloc (keysize * max_stripes); ++ split_key = grub_calloc (keysize, max_stripes); + if (!split_key) + return grub_errno; + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 7b265c780c..d1df640b31 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, + first one. */ + + /* Allocate buffer space for the circular worst-case scenario. */ +- metadatabuf = grub_malloc (2 * mda_size); ++ metadatabuf = grub_calloc (2, mda_size); + if (! metadatabuf) + goto fail; + +@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk, + #endif + goto lvs_fail; + } +- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); ++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + seg = lv->segments; + + for (i = 0; i < lv->segment_count; i++) +@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk, + if (seg->node_count != 1) + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + +- seg->nodes = grub_zalloc (sizeof (*stripe) +- * seg->node_count); ++ seg->nodes = grub_calloc (seg->node_count, ++ sizeof (*stripe)); + stripe = seg->nodes; + + p = grub_strstr (p, "stripes = ["); +diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c +index 48476cbbf9..d6612eebd7 100644 +--- a/grub-core/disk/xen/xendisk.c ++++ b/grub-core/disk/xen/xendisk.c +@@ -426,7 +426,7 @@ grub_xendisk_init (void) + if (!ctr) + return; + +- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); ++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); + if (!virtdisks) + return; + if (grub_xenstore_dir ("device/vbd", fill, &ctr)) +diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c +index 44085ef818..2b924623f5 100644 +--- a/grub-core/efiemu/loadcore.c ++++ b/grub-core/efiemu/loadcore.c +@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) + + grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; + grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) +- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); ++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); + + /* Relocators */ + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 52a032f7b2..9b8e0d0ad1 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) + /* Initialize variables*/ + grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); + scanline_events = (struct grub_efiemu_mmap_scan *) +- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); + + /* Number of chunks can't increase more than by factor of 2 */ + result = (grub_efi_memory_descriptor_t *) +- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); + if (!result || !scanline_events) + { + grub_free (result); +@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) + + /* Preallocate mmap */ + efiemu_mmap = (grub_efi_memory_descriptor_t *) +- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); ++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); + if (!efiemu_mmap) + { + grub_efiemu_unload (); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 85a292557a..8e118b315c 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; + + /* Allocate the character index array. */ +- font->char_index = grub_malloc (font->num_chars +- * sizeof (struct char_index_entry)); ++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); + if (!font->char_index) + return 1; + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index 6b6a2bc913..220b3712f2 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) + return 0; + } + latin1[symlink_size] = 0; +- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); + if (!utf8) + { + grub_free (latin1); +@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + } + +- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); ++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); + if (!hashtable) + return 1; + +@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) + len = file.namelen; + if (len > sizeof (file.name)) + len = sizeof (file.name); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; + } +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 48bd3d04a5..11272efc1a 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data, + { + desc->allocated = 16; + desc->depth = 0; +- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); ++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); + if (!desc->data) + return grub_errno; + } +@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data, + grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; + grub_uint64_t i, failed_devices; + +- buffers = grub_zalloc (sizeof(*buffers) * nstripes); ++ buffers = grub_calloc (nstripes, sizeof (*buffers)); + if (!buffers) + goto cleanup; + +@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = 64 * 2 - 1; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index ac0a40990e..3fe842b4d8 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) + grub_size_t len = data->sblock.volname[0]; + if (len > sizeof (data->sblock.volname) - 1) + len = sizeof (data->sblock.volname) - 1; +- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); ++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); + if (*label) + macroman_to_utf8 (*label, data->sblock.volname + 1, + len + 1, 0); +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 54786bb1c6..dae43becc9 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg) + if (! filename) + return 0; + +- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); ++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); + if (!keyname) + { + grub_free (filename); +@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); +- label_name = grub_malloc (label_len * sizeof (*label_name)); ++ label_name = grub_calloc (label_len, sizeof (*label_name)); + if (!label_name) + { + grub_free (node); +@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + } + } + +- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! *label) + { + grub_free (label_name); +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 49c0c632bf..4f1b52a552 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) + int i; + grub_uint16_t t[MAX_NAMELEN / 2 + 1]; + +- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! p) + return NULL; + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index fc4e1f678d..2f34f76da8 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) + grub_uint16_t *tmp; + grub_size_t i; + +- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); +- tmp = grub_malloc (len * sizeof (tmp[0])); ++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); ++ tmp = grub_calloc (len, sizeof (tmp[0])); + if (!buf || !tmp) + { + grub_free (buf); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 50c1fe72f4..90f7fb3791 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + node->next_extent = node->block; + node->cache_size = 0; + +- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); ++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); + if (!node->cache) + { + grub_errno = 0; +diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c +index 7d63e0c99c..c551ed6b52 100644 +--- a/grub-core/fs/tar.c ++++ b/grub-core/fs/tar.c +@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, + if (data->linkname_alloc < linksize + 1) + { + char *n; +- n = grub_malloc (2 * (linksize + 1)); ++ n = grub_calloc (2, linksize + 1); + if (!n) + return grub_errno; + grub_free (data->linkname); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index dc8b6e2d1c..a83761674a 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = sz - 1; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = (sz - 1) / 2; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 2f72e42bf8..381dde556d 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, + } + subvol->nkeys = 0; + zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); +- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); ++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); + if (!subvol->keyring) + { + grub_free (fsname); +@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c +index a9a415e312..ba1e1eab31 100644 +--- a/grub-core/gfxmenu/gui_string_util.c ++++ b/grub-core/gfxmenu/gui_string_util.c +@@ -55,7 +55,7 @@ canonicalize_path (const char *path) + if (*p == '/') + components++; + +- char **path_array = grub_malloc (components * sizeof (*path_array)); ++ char **path_array = grub_calloc (components, sizeof (*path_array)); + if (! path_array) + return 0; + +diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c +index b606028891..470597ded2 100644 +--- a/grub-core/gfxmenu/widget-box.c ++++ b/grub-core/gfxmenu/widget-box.c +@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, + box->content_height = 0; + box->raw_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + box->scaled_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + + /* Initialize all pixmap pointers to NULL so that proper destruction can + be performed if an error is encountered partway through construction. */ +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 6208a97636..43d98a7bdf 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ +- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); ++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); + if (! q) + { + if (h) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 6e1ceb9051..dc31caa213 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return grub_errno; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return NULL; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + while (len > 0 && fp->path_name[len - 1] == 0) + len--; + +- dup_name = grub_malloc (len * sizeof (*dup_name)); ++ dup_name = grub_calloc (len, sizeof (*dup_name)); + if (!dup_name) + { + grub_free (name); +diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c +index 8ac5239538..f90b6c9ce4 100644 +--- a/grub-core/kern/emu/hostdisk.c ++++ b/grub-core/kern/emu/hostdisk.c +@@ -627,7 +627,7 @@ static char * + grub_util_path_concat_real (size_t n, int ext, va_list ap) + { + size_t totlen = 0; +- char **l = xmalloc ((n + ext) * sizeof (l[0])); ++ char **l = xcalloc (n + ext, sizeof (l[0])); + char *r, *p, *pi; + size_t i; + int first = 1; +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 2b85f4950b..f90be6566b 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) + while (p); + + /* Allocate a block list. */ +- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); ++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); + if (! blocks) + return 0; + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 18cad5803b..83c068d61b 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + args->ptr = args->prealloc; + else + { +- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); ++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 78175aac2d..619db3122a 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, + return grub_errno; + grub_memcpy (args, buffer, bp - buffer); + +- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); ++ *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + { + grub_free (args); +diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c +index be4816fe6f..aac8f9ae1f 100644 +--- a/grub-core/kern/uboot/uboot.c ++++ b/grub-core/kern/uboot/uboot.c +@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) + return num_devices; + + max_devices = 2; +- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); ++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); + if (!enum_devices) + return 0; + +diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c +index f5e946a2d8..63f6fcd11e 100644 +--- a/grub-core/lib/libgcrypt/cipher/ac.c ++++ b/grub-core/lib/libgcrypt/cipher/ac.c +@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, + gcry_mpi_t mpi; + char *label; + +- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); ++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); +@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + } + + /* Add MPI list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); ++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); ++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, + arg_list_n += 2; + + /* Allocate list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); ++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c +index 2788e349fa..b12e79b192 100644 +--- a/grub-core/lib/libgcrypt/cipher/primegen.c ++++ b/grub-core/lib/libgcrypt/cipher/primegen.c +@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, + } + + /* Allocate an array to track pool usage. */ +- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); ++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); + if (!pool_in_use) + { + err = gpg_err_code_from_errno (errno); +@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, + if (nbits < 16) + log_fatal ("can't generate a prime with less than %d bits\n", 16); + +- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); ++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); + /* Make nbits fit into gcry_mpi_t implementation. */ + val_2 = mpi_alloc_set_ui( 2 ); + val_3 = mpi_alloc_set_ui( 3); +diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c +index 910982141e..ca087ad75b 100644 +--- a/grub-core/lib/libgcrypt/cipher/pubkey.c ++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c +@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) + * array to a format string, so we have to do it this way :-(. */ + /* FIXME: There is now such a format specifier, so we can + change the code to be more clear. */ +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) + } + strcpy (p, "))"); + +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c +index 659be0b7f4..7d5e7c05aa 100644 +--- a/grub-core/lib/priority_queue.c ++++ b/grub-core/lib/priority_queue.c +@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, + { + struct grub_priority_queue *ret; + void *els; +- els = grub_malloc (elsize * 8); ++ els = grub_calloc (8, elsize); + if (!els) + return 0; + ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); +diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c +index ee9fa7b4fe..467305b46a 100644 +--- a/grub-core/lib/reed_solomon.c ++++ b/grub-core/lib/reed_solomon.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#define xcalloc calloc + #define xmalloc malloc + #define grub_memset memset + #define grub_memcpy memcpy +@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) + gf_single_t *rs_polynomial; + int i, j; + gf_single_t *m; +- m = xmalloc ((s + rs) * sizeof (gf_single_t)); ++ m = xcalloc (s + rs, sizeof (gf_single_t)); + grub_memcpy (m, data, s * sizeof (gf_single_t)); +- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); +- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); +- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); ++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); + rs_polynomial[rs] = 1; + /* Multiply with X - a^r */ + for (j = 0; j < rs; j++) +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index ea3ebc719b..5847aac364 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, + } + #endif + +- eventt = grub_malloc (maxevents * sizeof (events[0])); ++ eventt = grub_calloc (maxevents, sizeof (events[0])); + counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); +- events = grub_malloc (maxevents * sizeof (events[0])); ++ events = grub_calloc (maxevents, sizeof (events[0])); + if (!events || !eventt || !counter) + { + grub_dprintf ("relocator", "events or counter allocation failed %d\n", +@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, + #endif + unsigned cural = 0; + int oom = 0; +- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); ++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); + if (!res->subchunks) + oom = 1; + res->nsubchunks = nallocs; +@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + count[(chunk->src & 0xff) + 1]++; + } + } +- from = grub_malloc (nchunks * sizeof (sorted[0])); +- to = grub_malloc (nchunks * sizeof (sorted[0])); ++ from = grub_calloc (nchunks, sizeof (sorted[0])); ++ to = grub_calloc (nchunks, sizeof (sorted[0])); + if (!from || !to) + { + grub_free (from); +diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c +index 72bbead5be..2227b84bc7 100644 +--- a/grub-core/lib/zstd/fse_decompress.c ++++ b/grub-core/lib/zstd/fse_decompress.c +@@ -82,7 +82,7 @@ + FSE_DTable* FSE_createDTable (unsigned tableLog) + { + if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; +- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); ++ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); + } + + void FSE_freeDTable (FSE_DTable* dt) +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index 092e8e3077..979d425dfb 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -82,7 +82,7 @@ linux_prepare_atag (void *target_atag) + + /* some place for cmdline, initrd and terminator. */ + tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; +- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); ++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); + if (!tmp_atag) + return grub_errno; + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 04e815c052..b9a2df34b1 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -126,7 +126,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); ++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; + +diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c +index af6741d157..a8d8bf7dae 100644 +--- a/grub-core/loader/i386/bsdXX.c ++++ b/grub-core/loader/i386/bsdXX.c +@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) + if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) + return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); + +- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); ++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); + if (! *shdr) + return grub_errno; + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index e64ed08f58..b7d176b5d3 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d + return grub_errno; + + len = grub_strlen (name); +- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); ++ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); + if (!utf16) + { + grub_free (utf8); +@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * + grub_uint16_t *utf16; + grub_err_t err; + +- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); ++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); + if (!utf16) + return grub_errno; + grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); +diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c +index 085f9c6890..05710c48e0 100644 +--- a/grub-core/loader/macho.c ++++ b/grub-core/loader/macho.c +@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) + if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) + == (grub_off_t) -1) + goto fail; +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (!archs) + goto fail; + if (grub_file_read (macho->file, archs, +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index 70cd1db513..cc6853692a 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + { + grub_uint8_t *shdr, *shdrptr; + +- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); ++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); + if (!shdr) + return grub_errno; + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index e0f47e72b0..2f0ebd0b8b 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -801,7 +801,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), + if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) + { + narchs = grub_be_to_cpu32 (head.nfat_arch); +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (! archs) + { + grub_file_close (file); +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 6a31cbae32..57b4e9a72a 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + + /* Initialize variables. */ + ctx.scanline_events = (struct grub_mmap_scan *) +- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); + +- present = grub_zalloc (sizeof (present[0]) * current_priority); ++ present = grub_calloc (current_priority, sizeof (present[0])); + + if (! ctx.scanline_events || !present) + { +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 558d97ba1e..dd0ffcdaea 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -1559,7 +1559,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + if (ncards == 0) + return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + if (!ifaces) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 5d9afe093c..e332d5eb4a 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + ptr++; + ptr += 4; + } +- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) +- * grub_be_to_cpu16 (head->ancount)); ++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), ++ sizeof ((*data->addresses)[0])); + if (!*data->addresses) + { + grub_errno = GRUB_ERR_NONE; +@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + dns_cache[h].addresses = 0; + dns_cache[h].name = grub_strdup (data->oname); + dns_cache[h].naddresses = *data->naddresses; +- dns_cache[h].addresses = grub_malloc (*data->naddresses +- * sizeof (dns_cache[h].addresses[0])); ++ dns_cache[h].addresses = grub_calloc (*data->naddresses, ++ sizeof (dns_cache[h].addresses[0])); + dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; + if (!dns_cache[h].addresses || !dns_cache[h].name) + { +@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, + } + } + +- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); ++ sockets = grub_calloc (n_servers, sizeof (sockets[0])); + if (!sockets) + return grub_errno; + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index b917a75d54..fed7bc57cb 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), + ncards++; + } + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); +- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); ++ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); + if (!ifaces || !slaacs) + { + grub_free (ifaces); +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index b0ab47d73f..d57fb72faa 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, + { + grub_size_t msg_len = grub_strlen (msg); + +- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!*unicode_msg) + return -1; +@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + } + else + { +- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); ++ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); + if (!n) + { + grub_errno = GRUB_ERR_NONE; +@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, + } \ + } + +- visual = grub_malloc (sizeof (visual[0]) * logical_len); ++ visual = grub_calloc (logical_len, sizeof (visual[0])); + if (!visual) + return -1; + +@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, + { + const grub_uint32_t *line_start = logical, *ptr; + struct grub_unicode_glyph *visual_ptr; +- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) +- * (logical_len + 2)); ++ *visual_out = visual_ptr = grub_calloc (logical_len + 2, ++ 3 * sizeof (visual_ptr[0])); + if (!visual_ptr) + return -1; + for (ptr = logical; ptr <= logical + logical_len; ptr++) +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c037d5050e..c57242e2ea 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -41,7 +41,7 @@ grub_err_t + grub_set_history (int newsize) + { + grub_uint32_t **old_hist_lines = hist_lines; +- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); ++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); + + /* Copy the old lines into the new buffer. */ + if (old_hist_lines) +@@ -114,7 +114,7 @@ static void + grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) + { + grub_free (hist_lines[pos]); +- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); ++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); + if (!hist_lines[pos]) + { + grub_print_error (); +@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) + char *ret; + unsigned nterms; + +- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); ++ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); + if (!buf) + return 0; + +@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) + FOR_ACTIVE_TERM_OUTPUTS(cur) + nterms++; + +- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); ++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); + if (!cl_terms) + { + grub_free (buf); +@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) + } + cl_term_cur = cl_terms; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + if (!unicode_msg) + { + grub_free (buf); +@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) + grub_uint32_t *insert; + + insertlen = grub_strlen (insertu8); +- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); ++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); + if (!insert) + { + grub_free (insertu8); +@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) + + grub_free (kill_buf); + +- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); ++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); + if (grub_errno) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index cdf3590a36..1993995be6 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) + { + linep->len = 0; + linep->max_len = 80; +- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); +- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); ++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); ++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); + if (! linep->buf || !linep->pos) + { + grub_free (linep->buf); +@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, + pos = linep->pos + (term_screen - screen->terms); + + if (!*pos) +- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); ++ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); + + if (i == region_start || linep == screen->lines + screen->line + || (i > region_start && mode == ALL_LINES)) +@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) + + /* Insert the string. */ + current_linep = screen->lines + screen->line; +- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) + if (completion_buffer.buf) + { + buflen = grub_strlen (completion_buffer.buf); +- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); ++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); + + if (!ucs4) + { +@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + for (i = 0; i < (unsigned) screen->num_lines; i++) + { + grub_free (screen->lines[i].pos); +- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); ++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); + if (! screen->lines[i].pos) + { + grub_print_error (); +@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + } + } + +- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); ++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); + if (!screen->terms) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index e22bb91f6e..18240e76ce 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, + grub_size_t msg_len = grub_strlen (msg) + 2; + int ret = 0; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + + title = entry ? entry->title : ""; + title_len = grub_strlen (title); +- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); ++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); + if (! unicode_title) + /* XXX How to show this error? */ + return; +diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c +index a1e5c5a0da..cc8c173b6e 100644 +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -264,7 +264,7 @@ grub_term_save_pos (void) + FOR_ACTIVE_TERM_OUTPUTS(cur) + cnt++; + +- ret = grub_malloc (cnt * sizeof (ret[0])); ++ ret = grub_calloc (cnt, sizeof (ret[0])); + if (!ret) + return NULL; + +@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) + + grub_error_push (); + +- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + grub_error_pop (); + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 7adc0f30ee..a5bd0752fb 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) + if (ret != 0) + grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); + +- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); ++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); + + for (i = 0, j = 0; j < info.nr_disks; i++) + { +@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir) + return NULL; + } + +- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); ++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); + + for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) + { +@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) + if (relroot) + *relroot = NULL; + +- entries = xmalloc (entry_max * sizeof (*entries)); ++ entries = xcalloc (entry_max, sizeof (*entries)); + + again: + fp = grub_util_fopen ("/proc/self/mountinfo", "r"); +diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c +index 5478030fde..89dc70d93c 100644 +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_config *cfg) + if (num_cfgpaths == 0) + goto out; + +- sorted_cfgpaths = xmalloc (num_cfgpaths * sizeof (*sorted_cfgpaths)); ++ sorted_cfgpaths = xcalloc (num_cfgpaths, sizeof (*sorted_cfgpaths)); + i = 0; + if (grub_util_is_regular (cfgfile)) + sorted_cfgpaths[i++] = xstrdup (cfgfile); +diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c +index 661d954619..eada663b26 100644 +--- a/grub-core/osdep/windows/getroot.c ++++ b/grub-core/osdep/windows/getroot.c +@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) + + for (ptr = path; *ptr; ptr++); + allocsize = (ptr - path + 10) * 2; +- out = xmalloc (allocsize * sizeof (out[0])); ++ out = xcalloc (allocsize, sizeof (out[0])); + + /* When pointing to EFI system partition GetVolumePathName fails + for ESP root and returns abberant information for everything +diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c +index 355100789a..0be3273949 100644 +--- a/grub-core/osdep/windows/hostdisk.c ++++ b/grub-core/osdep/windows/hostdisk.c +@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) + + while (1) + { +- fpa = xmalloc (alloc * sizeof (fpa[0])); ++ fpa = xcalloc (alloc, sizeof (fpa[0])); + + len = GetFullPathName (tpath, alloc, fpa, NULL); + if (len >= alloc) +@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) + for (l = 0; name_windows[l]; l++); + for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); + l++; +- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); ++ pattern = xcalloc (l + 3, sizeof (pattern[0])); + memcpy (pattern, name_windows, l * sizeof (pattern[0])); + pattern[l] = '\\'; + pattern[l + 1] = '*'; +diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c +index e8ffd62c6a..6297de6326 100644 +--- a/grub-core/osdep/windows/init.c ++++ b/grub-core/osdep/windows/init.c +@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), + LPWSTR *targv; + + targv = CommandLineToArgvW (tcmdline, argc); +- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); ++ *argv = xcalloc (*argc + 1, sizeof (argv[0])); + + for (i = 0; i < *argc; i++) + (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); +diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c +index a3f738fb9b..b160949d8e 100644 +--- a/grub-core/osdep/windows/platform.c ++++ b/grub-core/osdep/windows/platform.c +@@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, + grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); + + distrib8_len = grub_strlen (efi_distributor); +- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 +- * sizeof (grub_uint16_t)); ++ distributor16 = xcalloc (distrib8_len + 1, ++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); + distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) efi_distributor, + distrib8_len, 0); +diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c +index cb0861744a..478e8ef14d 100644 +--- a/grub-core/osdep/windows/relpath.c ++++ b/grub-core/osdep/windows/relpath.c +@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) + if (dirwindows[0] && dirwindows[1] == ':') + offset = 2; + } +- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); ++ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); + if (dirwindows[offset] != '\\' + && dirwindows[offset] != '/' + && dirwindows[offset]) +diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c +index 103f6796f3..72a2e37cd4 100644 +--- a/grub-core/partmap/gpt.c ++++ b/grub-core/partmap/gpt.c +@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = ctx.len; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c +index 7b8e450762..ee3f24982b 100644 +--- a/grub-core/partmap/msdos.c ++++ b/grub-core/partmap/msdos.c +@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + avail_nsectors = *nsectors; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index ee299fd0ea..c8d6806fe0 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) + for (iptr = orig_str; *iptr; iptr++) + if (*iptr == '$') + dollar_cnt++; +- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); ++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); + + if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) + goto fail; +diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c +index 2d60852989..b5eb516be2 100644 +--- a/grub-core/tests/fake_input.c ++++ b/grub-core/tests/fake_input.c +@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) + saved = grub_term_inputs; + if (seq) + grub_free (seq); +- seq = grub_malloc (nseq_in * sizeof (seq[0])); ++ seq = grub_calloc (nseq_in, sizeof (seq[0])); + if (!seq) + return; + +diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c +index 74d5b65e5c..44d0810698 100644 +--- a/grub-core/tests/video_checksum.c ++++ b/grub-core/tests/video_checksum.c +@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, + { + case 4: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 3: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 2: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4f83c74411..4d3195e017 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.mode_info = *mode_info; + framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); + +- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); ++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; + +diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c +index a2f639f66d..0ebab6f57d 100644 +--- a/grub-core/video/emu/sdl.c ++++ b/grub-core/video/emu/sdl.c +@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, + if (start + count > mode_info.number_of_colors) + count = mode_info.number_of_colors - start; + +- tmp = grub_malloc (count * sizeof (tmp[0])); ++ tmp = grub_calloc (count, sizeof (tmp[0])); + for (i = 0; i < count; i++) + { + tmp[i].r = palette_data[i].r; +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index 01f47112d3..b2f776c997 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + vga_height = height ? : 480; + +- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); ++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); + framebuffer.front_page = 0; + framebuffer.back_page = 0; + if (!framebuffer.temporary_buffer) +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 777e71334c..61bd645379 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (data->is_16bit || data->is_gray || data->is_palette) + #endif + { +- data->image_data = grub_malloc (data->image_height * data->row_bytes); ++ data->image_data = grub_calloc (data->image_height, data->row_bytes); + if (grub_errno) + return grub_errno; + +diff --git a/include/grub/unicode.h b/include/grub/unicode.h +index a0403e91f9..4de986a857 100644 +--- a/include/grub/unicode.h ++++ b/include/grub/unicode.h +@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + { + grub_free (out); +@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + return; + grub_memcpy (out->combining_ptr, in->combining_ptr, +diff --git a/util/getroot.c b/util/getroot.c +index cdd41153c5..6ae35ecaa6 100644 +--- a/util/getroot.c ++++ b/util/getroot.c +@@ -200,7 +200,7 @@ make_device_name (const char *drive) + char *ret, *ptr; + const char *iptr; + +- ret = xmalloc (strlen (drive) * 2); ++ ret = xcalloc (2, strlen (drive)); + ptr = ret; + for (iptr = drive; *iptr; iptr++) + { +diff --git a/util/grub-file.c b/util/grub-file.c +index 50c18b6835..b2e7dd69f4 100644 +--- a/util/grub-file.c ++++ b/util/grub-file.c +@@ -54,7 +54,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- argv2 = xmalloc (argc * sizeof (argv2[0])); ++ argv2 = xcalloc (argc, sizeof (argv2[0])); + + if (argc == 2 && strcmp (argv[1], "--version") == 0) + { +diff --git a/util/grub-fstest.c b/util/grub-fstest.c +index f14e02d972..57246af7c6 100644 +--- a/util/grub-fstest.c ++++ b/util/grub-fstest.c +@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + if (args_count < num_disks) + { + if (args_count == 0) +- images = xmalloc (num_disks * sizeof (images[0])); ++ images = xcalloc (num_disks, sizeof (images[0])); + images[args_count] = grub_canonicalize_file_name (arg); + args_count++; + return 0; +@@ -734,7 +734,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- args = xmalloc (argc * sizeof (args[0])); ++ args = xcalloc (argc, sizeof (args[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index fdfe2c7ead..447504d3f4 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val, + il->n_entries++; + } + il->n_alloc = il->n_entries + 1; +- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); ++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); + ptr = val; + for (ce = il->entries; ; ce++) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index f408b19860..843dfc7c80 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -658,7 +658,7 @@ device_map_check_duplicates (const char *dev_map) + if (! fp) + return; + +- d = xmalloc (alloced * sizeof (d[0])); ++ d = xcalloc (alloced, sizeof (d[0])); + + while (fgets (buf, sizeof (buf), fp)) + { +@@ -1405,7 +1405,7 @@ main (int argc, char *argv[]) + ndev++; + } + +- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); ++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); + + for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, + curdrive++) +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index bc087c2b57..d97d0e7bef 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); + smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); + +- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); +- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); +- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); +- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); ++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); ++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); + + SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 45d6140d3e..cb972f120b 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -441,8 +441,8 @@ main (int argc, char *argv[]) + xorriso = xstrdup ("xorriso"); + label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); + +- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); +- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); ++ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); ++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); + + xorriso_tail_argc = 0; + /* Program name */ +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44c0b..edf309717c 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -296,7 +296,7 @@ main (int argc, char *argv[]) + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +- files = xmalloc ((argc + 1) * sizeof (files[0])); ++ files = xcalloc (argc + 1, sizeof (files[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c +index 0d4084a108..11331294f1 100644 +--- a/util/grub-pe2elf.c ++++ b/util/grub-pe2elf.c +@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, + char *pe_strtab = (image + pe_chdr->symtab_offset + + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); + +- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); ++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); + section_map[0] = 0; +- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); ++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); + idx = 1; + idx_reloc = pe_chdr->num_sections + 1; + +@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, + + pe_sec = pe_shdr + shdr[i].sh_link; + pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); +- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); ++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); + num_rels = 0; + modified = 0; + +@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, + pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); + pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); + +- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * +- sizeof (Elf_Sym)); +- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); ++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); + num_syms = 1; + +- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); ++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); + + for (i = 0; i < (int) pe_chdr->num_symbols; + i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) +diff --git a/util/grub-probe.c b/util/grub-probe.c +index 81d27eead5..cbe6ed94ca 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) + grub_util_pull_device (*curdev); + ndev++; + } +- +- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); ++ ++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); + + for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, + curdrive++) diff -Nru grub2-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch grub2-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch --- grub2-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,1319 @@ +From 83e59f56362e11618083f376cbf700861d6b8f2a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:28:27 -0400 +Subject: malloc: Use overflow checking primitives where we do complex + allocations + +This attempts to fix the places where we do the following where +arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + +It accomplishes this by doing the arithmetic ahead of time using grub_add(), +grub_sub(), grub_mul() and testing for overflow before proceeding. + +Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + +Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/commands/legacycfg.c | 29 +++++++++++++++---- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++---- + grub-core/disk/ldm.c | 32 +++++++++++++++------ + grub-core/font/font.c | 7 ++++- + grub-core/fs/btrfs.c | 28 +++++++++++++------ + grub-core/fs/ext2.c | 10 ++++++- + grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++---------- + grub-core/fs/sfs.c | 27 ++++++++++++++---- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++-------- + grub-core/fs/udf.c | 41 +++++++++++++++++---------- + grub-core/fs/xfs.c | 11 +++++--- + grub-core/fs/zfs/zfs.c | 22 ++++++++++----- + grub-core/fs/zfs/zfscrypt.c | 7 ++++- + grub-core/lib/arg.c | 20 +++++++++++-- + grub-core/loader/i386/bsd.c | 8 +++++- + grub-core/net/dns.c | 9 +++++- + grub-core/normal/charset.c | 10 +++++-- + grub-core/normal/cmdline.c | 14 ++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++-- + grub-core/script/argv.c | 16 +++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++-- + grub-core/video/bitmap.c | 25 +++++++++++------ + grub-core/video/readers/png.c | 13 +++++++-- + 23 files changed, 382 insertions(+), 113 deletions(-) + +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index 5e3ec0d5e4..cc5971f4db 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -104,13 +105,22 @@ legacy_file (const char *filename) + if (newsuffix) + { + char *t; +- ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_0; ++ } ++ + t = suffix; +- suffix = grub_realloc (suffix, grub_strlen (suffix) +- + grub_strlen (newsuffix) + 1); ++ suffix = grub_realloc (suffix, sz); + if (!suffix) + { + grub_free (t); ++ ++ fail_0: + grub_free (entrysrc); + grub_free (parsed); + grub_free (newsuffix); +@@ -154,13 +164,22 @@ legacy_file (const char *filename) + else + { + char *t; ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_1; ++ } + + t = entrysrc; +- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) +- + grub_strlen (parsed) + 1); ++ entrysrc = grub_realloc (entrysrc, sz); + if (!entrysrc) + { + grub_free (t); ++ ++ fail_1: + grub_free (parsed); + grub_free (suffix); + return grub_errno; +diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c +index 4a106ca040..cc3290311f 100644 +--- a/grub-core/commands/wildcard.c ++++ b/grub-core/commands/wildcard.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -48,6 +49,7 @@ merge (char **dest, char **ps) + int i; + int j; + char **p; ++ grub_size_t sz; + + if (! dest) + return ps; +@@ -60,7 +62,12 @@ merge (char **dest, char **ps) + for (j = 0; ps[j]; j++) + ; + +- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); ++ if (grub_add (i, j, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return dest; ++ ++ p = grub_realloc (dest, sz); + if (! p) + { + grub_free (dest); +@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) + char ch; + int i = 0; + unsigned len = end - start; +- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ ++ char *buffer; ++ grub_size_t sz; + ++ /* Worst case size is (len * 2 + 2 + 1). */ ++ if (grub_mul (len, 2, &sz) || ++ grub_add (sz, 3, &sz)) ++ return 1; ++ ++ buffer = grub_malloc (sz); + if (! buffer) + return 1; + +@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) + struct match_devices_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip partitions if asked to. */ + if (ctx->noparts && grub_strchr (name, ',')) +@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) + if (regexec (ctx->regexp, buffer, 0, 0, 0)) + { + grub_dprintf ("expand", "not matched\n"); ++ fail: + grub_free (buffer); + return 0; + } + +- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); ++ if (grub_add (ctx->ndev, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->devs, sz); + if (! t) + { + grub_free (buffer); +@@ -300,6 +320,7 @@ match_files_iter (const char *name, + struct match_files_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip . and .. names */ + if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) +@@ -315,9 +336,14 @@ match_files_iter (const char *name, + if (! buffer) + return 1; + +- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); +- if (! t) ++ if (grub_add (ctx->nfile, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->files, sz); ++ if (!t) + { ++ fail: + grub_free (buffer); + return 1; + } +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index e6323701ab..58f8a53e1a 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, + struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE + / sizeof (struct grub_ldm_vblk)]; + unsigned i; ++ grub_size_t sz; + err = grub_disk_read (disk, cursec, 0, + sizeof(vblk), &vblk); + if (err) +@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, + grub_free (lv); + goto fail2; + } +- lv->name = grub_malloc (*ptr + 1); ++ if (grub_add (*ptr, 1, &sz)) ++ { ++ grub_free (lv->internal_id); ++ grub_free (lv); ++ goto fail2; ++ } ++ lv->name = grub_malloc (sz); + if (!lv->name) + { + grub_free (lv->internal_id); +@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, + if (lv->segments->node_alloc == lv->segments->node_count) + { + void *t; +- lv->segments->node_alloc *= 2; +- t = grub_realloc (lv->segments->nodes, +- sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ grub_size_t sz; ++ ++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || ++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (lv->segments->nodes, sz); + if (!t) + goto fail2; + lv->segments->nodes = t; +@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, + if (comp->segment_alloc == comp->segment_count) + { + void *t; +- comp->segment_alloc *= 2; +- t = grub_realloc (comp->segments, +- comp->segment_alloc +- * sizeof (*comp->segments)); ++ grub_size_t sz; ++ ++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || ++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (comp->segments, sz); + if (!t) + goto fail2; + comp->segments = t; +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 8e118b315c..5edb477ac2 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -360,9 +361,13 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; ++ grub_size_t sz; + grub_ssize_t ret; + +- str = grub_malloc (section->length + 1); ++ if (grub_add (section->length, 1, &sz)) ++ return NULL; ++ ++ str = grub_malloc (sz); + if (!str) + return 0; + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 11272efc1a..2b65bd56a0 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + if (desc->allocated < desc->depth) + { + void *newdata; +- desc->allocated *= 2; +- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) +- * desc->allocated); ++ grub_size_t sz; ++ ++ if (grub_mul (desc->allocated, 2, &desc->allocated) || ++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ newdata = grub_realloc (desc->data, sz); + if (!newdata) + return grub_errno; + desc->data = newdata; +@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id) + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ goto fail; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { ++ data->devices_attached = tmp; ++ ++ fail: + if (ctx.dev_found) + grub_device_close (ctx.dev_found); +- data->devices_attached = tmp; + return NULL; + } + } +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index 9b389802a3..ac33bcd68c 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + struct grub_fshelp_node *diro = node; ++ grub_size_t sz; + + if (! diro->inode_read) + { +@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); ++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ symlink = grub_malloc (sz); + if (! symlink) + return 0; + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 4f1b52a552..7ba5b300bc 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, + int len2) + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; ++ grub_size_t sz; + +- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); ++ if (grub_add (size, len2, &sz) || ++ grub_add (sz, 1, &sz)) ++ return; ++ ++ ctx->symlink = grub_realloc (ctx->symlink, sz); + if (! ctx->symlink) + return; + +@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + grub_size_t off = 0, csize = 1; + char *old; ++ grub_size_t sz; ++ + csize = entry->len - 5; + old = ctx->filename; + if (ctx->filename_alloc) + { + off = grub_strlen (ctx->filename); +- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); ++ if (grub_add (csize, off, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- ctx->filename = grub_zalloc (csize + 1); ++ if (grub_add (csize, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_zalloc (sz); + } + if (!ctx->filename) + { +@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + if (node->have_dirents >= node->alloc_dirents) + { + struct grub_fshelp_node *new_node; +- node->alloc_dirents *= 2; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0]))); ++ grub_size_t sz; ++ ++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) ++ goto fail_0; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_0: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) + { + struct grub_fshelp_node *new_node; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0])) +- + grub_strlen (ctx.symlink) + 1); ++ grub_size_t sz; ++ ++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || ++ grub_add (sz, grub_strlen (ctx.symlink), &sz)) ++ goto fail_1; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_1: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 90f7fb3791..de2b107a4a 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + if (node->cache && node->cache_size >= node->cache_allocated) + { + struct cache_entry *e = node->cache; +- e = grub_realloc (node->cache,node->cache_allocated * 2 +- * sizeof (e[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) ++ goto fail; ++ ++ e = grub_realloc (node->cache, sz); + if (!e) + { ++ fail: + grub_errno = 0; + grub_free (node->cache); + node->cache = 0; +@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, + grub_size_t len = grub_strlen (name); + grub_uint8_t *name_u8; + int ret; ++ grub_size_t sz; ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return 1; ++ + *node = grub_malloc (sizeof (**node)); + if (!*node) + return 1; +- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ name_u8 = grub_malloc (sz); + if (!name_u8) + { + grub_free (*node); +@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) + data = grub_sfs_mount (disk); + if (data) + { +- grub_size_t len = grub_strlen (data->label); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ grub_size_t sz, len = grub_strlen (data->label); ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ *label = grub_malloc (sz); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, + (const grub_uint8_t *) data->label, +diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c +index 95d5c1e1ff..785123894e 100644 +--- a/grub-core/fs/squash4.c ++++ b/grub-core/fs/squash4.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "xz.h" +@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) + { + char *ret; + grub_err_t err; +- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); ++ grub_size_t sz; ++ ++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_malloc (sz); ++ if (!ret) ++ return NULL; + + err = read_chunk (node->data, ret, + grub_le_to_cpu32 (node->ino.symlink.namelen), +@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + + { + grub_fshelp_node_t node; +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) + return 1; + +@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + { + grub_err_t err; + +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + + node->stsize--; + err = read_chunk (dir->data, &node->ino, sizeof (node->ino), +@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; + struct grub_squash_dirent di; + struct grub_squash_inode ino; ++ grub_size_t sz; + + err = read_chunk (dir->data, &di, sizeof (di), + grub_le_to_cpu64 (dir->data->sb.diroffset) +@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) + filetype = GRUB_FSHELP_SYMLINK; + +- node = grub_malloc (sizeof (*node) +- + (dir->stsize + 1) * sizeof (dir->stack[0])); ++ if (grub_add (dir->stsize, 1, &sz) || ++ grub_mul (sz, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (! node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); + + node->ino = ino; + node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index a83761674a..21ac7f4460 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; + } + if (!outbuf) +- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ { ++ grub_size_t size; ++ ++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || ++ grub_add (size, 1, &size)) ++ goto fail; ++ ++ outbuf = grub_malloc (size); ++ } + if (outbuf) + *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; ++ ++ fail: + grub_free (utf16); + return outbuf; + } +@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_size_t sz = U64 (node->block.fe.file_size); + grub_uint8_t *raw; + const grub_uint8_t *ptr; +- char *out, *optr; ++ char *out = NULL, *optr; + + if (sz < 4) + return NULL; +@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (!raw) + return NULL; + if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) +- { +- grub_free (raw); +- return NULL; +- } ++ goto fail_1; + +- out = grub_malloc (sz * 2 + 1); ++ if (grub_mul (sz, 2, &sz) || ++ grub_add (sz, 1, &sz)) ++ goto fail_0; ++ ++ out = grub_malloc (sz); + if (!out) + { ++ fail_0: + grub_free (raw); + return NULL; + } +@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + { + grub_size_t s; + if ((grub_size_t) (ptr - raw + 4) > sz) +- goto fail; ++ goto fail_1; + if (!(ptr[2] == 0 && ptr[3] == 0)) +- goto fail; ++ goto fail_1; + s = 4 + ptr[1]; + if ((grub_size_t) (ptr - raw + s) > sz) +- goto fail; ++ goto fail_1; + switch (*ptr) + { + case 1: + if (ptr[1]) +- goto fail; ++ goto fail_1; + /* Fallthrough. */ + case 2: + /* in 4 bytes. out: 1 byte. */ +@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (optr != out) + *optr++ = '/'; + if (!read_string (ptr + 4, s - 4, optr)) +- goto fail; ++ goto fail_1; + optr += grub_strlen (optr); + break; + default: +- goto fail; ++ goto fail_1; + } + ptr += s; + } +@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_free (raw); + return out; + +- fail: ++ fail_1: + grub_free (raw); + grub_free (out); + grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 96ffecbfc9..ea6590290b 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -899,6 +900,7 @@ static struct grub_xfs_data * + grub_xfs_mount (grub_disk_t disk) + { + struct grub_xfs_data *data = 0; ++ grub_size_t sz; + + data = grub_zalloc (sizeof (struct grub_xfs_data)); + if (!data) +@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) + if (!grub_xfs_sb_valid(data)) + goto fail; + +- data = grub_realloc (data, +- sizeof (struct grub_xfs_data) +- - sizeof (struct grub_xfs_inode) +- + grub_xfs_inode_size(data) + 1); ++ if (grub_add (grub_xfs_inode_size (data), ++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) ++ goto fail; ++ ++ data = grub_realloc (data, sz); + + if (! data) + goto fail; +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 381dde556d..36d0373a6a 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { + data->devices_attached = tmp; +@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) + { + char *nvpair; + char *ret; +- grub_size_t size; ++ grub_size_t size, sz; + int found; + + found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, + &size, 0); + if (!found) + return 0; +- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); ++ ++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) ++ return 0; ++ ++ ret = grub_zalloc (sz); + if (!ret) + return 0; + grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); +diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c +index 1402e0bc29..de3b015f58 100644 +--- a/grub-core/fs/zfs/zfscrypt.c ++++ b/grub-core/fs/zfs/zfscrypt.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, + int passphrase) + { + struct grub_zfs_wrap_key *key; ++ grub_size_t sz; ++ + if (!passphrase && keylen > 32) + keylen = 32; +- key = grub_malloc (sizeof (*key) + keylen); ++ if (grub_add (sizeof (*key), keylen, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ key = grub_malloc (sz); + if (!key) + return grub_errno; + key->is_passphrase = passphrase; +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index fd7744a6ff..3288609a5e 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + /* Built-in parser for default options. */ + static const struct grub_arg_option help_options[] = +@@ -216,7 +217,13 @@ static inline grub_err_t + add_arg (char ***argl, int *num, char *s) + { + char **p = *argl; +- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); ++ grub_size_t sz; ++ ++ if (grub_add (++(*num), 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ *argl = grub_realloc (*argl, sz); + if (! *argl) + { + grub_free (p); +@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + grub_size_t argcnt; + struct grub_arg_list *list; + const struct grub_arg_option *options; ++ grub_size_t sz0, sz1; + + options = extcmd->options; + if (! options) +@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ + } + +- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); ++ if (grub_mul (sizeof (*list), i, &sz0) || ++ grub_mul (sizeof (char *), argcnt, &sz1) || ++ grub_add (sz0, sz1, &sz0)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return 0; ++ } ++ ++ list = grub_zalloc (sz0); + if (! list) + return 0; + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 5b9b92d6ba..ef0d63afc8 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #include + #ifdef GRUB_MACHINE_PCBIOS + #include +@@ -1013,11 +1014,16 @@ grub_netbsd_add_modules (void) + struct grub_netbsd_btinfo_modules *mods; + unsigned i; + grub_err_t err; ++ grub_size_t sz; + + for (mod = netbsd_mods; mod; mod = mod->next) + modcnt++; + +- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); ++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || ++ grub_add (sz, sizeof (*mods), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ mods = grub_malloc (sz); + if (!mods) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index e332d5eb4a..906ec7d678 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + struct dns_cache_element + { +@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) + { + int na = dns_servers_alloc * 2; + struct grub_net_network_level_address *ns; ++ grub_size_t sz; ++ + if (na < 8) + na = 8; +- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); ++ ++ if (grub_mul (na, sizeof (ns[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ ns = grub_realloc (dns_servers, sz); + if (!ns) + return grub_errno; + dns_servers_alloc = na; +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index d57fb72faa..4dfcc31078 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #if HAVE_FONT_SOURCE + #include "widthspec.h" +@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + { + struct grub_unicode_combining *n; + unsigned j; ++ grub_size_t sz; + + if (!haveout) + continue; +@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- n = grub_realloc (out->combining_ptr, +- sizeof (n[0]) * (out->ncomb + 1)); ++ if (grub_add (out->ncomb, 1, &sz) || ++ grub_mul (sz, sizeof (n[0]), &sz)) ++ goto fail; ++ ++ n = grub_realloc (out->combining_ptr, sz); + if (!n) + { ++ fail: + grub_errno = GRUB_ERR_NONE; + continue; + } +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c57242e2ea..de03fe63b3 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + static grub_uint32_t *kill_buf; + +@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, + if (len + (*llen) >= (*max_len)) + { + grub_uint32_t *nbuf; +- (*max_len) *= 2; +- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); ++ grub_size_t sz; ++ ++ if (grub_mul (*max_len, 2, max_len) || ++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ nbuf = grub_realloc ((*buf), sz); + if (nbuf) + (*buf) = nbuf; + else + { ++ fail: + grub_print_error (); + grub_errno = GRUB_ERR_NONE; + (*max_len) /= 2; +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index 1993995be6..50eef918cf 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + enum update_mode + { +@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) + { + if (linep->max_len < linep->len + extra) + { +- linep->max_len = 2 * (linep->len + extra); +- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); ++ grub_size_t sz0, sz1; ++ ++ if (grub_add (linep->len, extra, &sz0) || ++ grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz1) || ++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) ++ return 0; ++ ++ linep->buf = grub_realloc (linep->buf, sz1); + if (! linep->buf) + return 0; ++ linep->max_len = sz0; + } + + return 1; +diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c +index 217ec5d1e1..5751fdd570 100644 +--- a/grub-core/script/argv.c ++++ b/grub-core/script/argv.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* Return nearest power of two that is >= v. */ + static unsigned +@@ -81,11 +82,16 @@ int + grub_script_argv_next (struct grub_script_argv *argv) + { + char **p = argv->args; ++ grub_size_t sz; + + if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) + return 0; + +- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); ++ if (grub_add (argv->argc, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, + { + grub_size_t a; + char *p = argv->args[argv->argc - 1]; ++ grub_size_t sz; + + if (! s) + return 0; + + a = p ? grub_strlen (p) : 0; + +- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); ++ if (grub_add (a, slen, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index c6bd3172fa..5fb0cbd0bc 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #define yytext_ptr char * + #include "grub_script.tab.h" +@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) + old = lexer->recording; + if (lexer->recordlen < len) + lexer->recordlen = len; +- lexer->recordlen *= 2; ++ ++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) ++ goto fail; ++ + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); + if (!lexer->recording) + { ++ fail: + grub_free (old); + lexer->recordpos = 0; + lexer->recordlen = 0; +@@ -130,7 +135,7 @@ int + grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + const char *input) + { +- grub_size_t len = 0; ++ grub_size_t len = 0, sz; + char *p = 0; + char *line = 0; + YY_BUFFER_STATE buffer; +@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + } + else if (len && line[len - 1] != '\n') + { +- p = grub_realloc (line, len + 2); ++ if (grub_add (len, 2, &sz)) ++ { ++ grub_free (line); ++ grub_script_yyerror (parserstate, N_("overflow is detected")); ++ return 1; ++ } ++ ++ p = grub_realloc (line, sz); + if (p) + { + p[len++] = '\n'; + p[len] = '\0'; + } ++ else ++ grub_free (line); ++ + line = p; + } + +diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c +index b2e0315665..6256e209a6 100644 +--- a/grub-core/video/bitmap.c ++++ b/grub-core/video/bitmap.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + enum grub_video_blit_format blit_format) + { + struct grub_video_mode_info *mode_info; +- unsigned int size; ++ grub_size_t size; + + if (!bitmap) + return grub_error (GRUB_ERR_BUG, "invalid argument"); +@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + + mode_info->pitch = width * mode_info->bytes_per_pixel; + +- /* Calculate size needed for the data. */ +- size = (width * mode_info->bytes_per_pixel) * height; ++ /* Calculate size needed for the data. */ ++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || ++ grub_mul (size, height, &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + (*bitmap)->data = grub_zalloc (size); + if (! (*bitmap)->data) +- { +- grub_free (*bitmap); +- *bitmap = 0; +- +- return grub_errno; +- } ++ goto fail; + + return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (*bitmap); ++ *bitmap = NULL; ++ ++ return grub_errno; + } + + /* Frees all resources allocated by bitmap. */ +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 61bd645379..0157ff7420 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp <<= 1; + + data->color_bits = color_bits; +- data->row_bytes = data->image_width * data->bpp; ++ ++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ + if (data->color_bits <= 4) +- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; ++ { ++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ data->row_bytes >>= 3; ++ } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN + if (data->is_16bit || data->is_gray || data->is_palette) diff -Nru grub2-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch grub2-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch --- grub2-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,65 @@ +From 3daaf33550e0fc35de5a51de337e7d5e4bd1bbfd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 4 Jul 2020 12:25:09 -0400 +Subject: iso9660: Don't leak memory on realloc() failures + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 7ba5b300bc..5ec4433b8f 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; ++ char *new; + + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) + return; + +- ctx->symlink = grub_realloc (ctx->symlink, sz); +- if (! ctx->symlink) +- return; ++ new = grub_realloc (ctx->symlink, sz); ++ if (!new) ++ { ++ grub_free (ctx->symlink); ++ ctx->symlink = NULL; ++ return; ++ } ++ ctx->symlink = new; + + grub_memcpy (ctx->symlink + size, part, len2); + ctx->symlink[size + len2] = 0; +@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + is the length. Both are part of the `Component + Record'. */ + if (ctx->symlink && !ctx->was_continue) +- add_part (ctx, "/", 1); ++ { ++ add_part (ctx, "/", 1); ++ if (grub_errno) ++ return grub_errno; ++ } ++ + add_part (ctx, (char *) &entry->data[pos + 2], + entry->data[pos + 1]); + ctx->was_continue = (entry->data[pos] & 1); +@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + add_part (ctx, "/", 1); + break; + } ++ ++ /* Check if grub_realloc() failed in add_part(). */ ++ if (grub_errno) ++ return grub_errno; ++ + /* In pos + 1 the length of the `Component Record' is + stored. */ + pos += entry->data[pos + 1] + 2; diff -Nru grub2-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch grub2-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch --- grub2-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,34 @@ +From b762411ec388017c77379629298e90f93dec75d7 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 7 Jul 2020 15:36:26 +0200 +Subject: font: Do not load more than one NAME section + +The GRUB font file can have one NAME section only. Though if somebody +crafts a broken font file with many NAME sections and loads it then the +GRUB leaks memory. So, prevent against that by loading first NAME +section and failing in controlled way on following one. + +Reported-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +--- + grub-core/font/font.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 5edb477ac2..d09bb38d89 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -532,6 +532,12 @@ grub_font_load (const char *filename) + if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, + sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) + { ++ if (font->name != NULL) ++ { ++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); ++ goto fail; ++ } ++ + font->name = read_section_as_string (§ion); + if (!font->name) + goto fail; diff -Nru grub2-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch grub2-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch --- grub2-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,32 @@ +From 58e72a15fa61adffe8015da0eb093d2e93380ee0 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 20:41:56 +0000 +Subject: gfxmenu: Fix double free in load_image() + +self->bitmap should be zeroed after free. Otherwise, there is a chance +to double free (USE_AFTER_FREE) it later in rescale_image(). + +Fixes: CID 292472 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/gfxmenu/gui_image.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c +index 29784ed2d9..6b2e976f16 100644 +--- a/grub-core/gfxmenu/gui_image.c ++++ b/grub-core/gfxmenu/gui_image.c +@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) + return grub_errno; + + if (self->bitmap && (self->bitmap != self->raw_bitmap)) +- grub_video_bitmap_destroy (self->bitmap); ++ { ++ grub_video_bitmap_destroy (self->bitmap); ++ self->bitmap = 0; ++ } + if (self->raw_bitmap) + grub_video_bitmap_destroy (self->raw_bitmap); + diff -Nru grub2-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch grub2-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch --- grub2-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,48 @@ +From d6f176758a8d2ab9cd81646e7e2e825682a0fdfe Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Thu, 9 Jul 2020 03:05:23 +0000 +Subject: lzma: Make sure we don't dereference past array + +The two dimensional array p->posSlotEncoder[4][64] is being dereferenced +using the GetLenToPosState() macro which checks if len is less than 5, +and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. +Obviously we don't want to dereference that far out so we check if the +position found is greater or equal kNumLenToPosStates (4) and bail out. + +N.B.: Upstream LZMA 18.05 and later has this function completely rewritten +without any history. + +Fixes: CID 51526 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +--- + grub-core/lib/LzmaEnc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c +index f2ec04a8c2..753e56a95e 100644 +--- a/grub-core/lib/LzmaEnc.c ++++ b/grub-core/lib/LzmaEnc.c +@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize + } + else + { +- UInt32 posSlot; ++ UInt32 posSlot, lenToPosState; + RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); + p->state = kMatchNextStates[p->state]; + LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); + pos -= LZMA_NUM_REPS; + GetPosSlot(pos, posSlot); +- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); ++ lenToPosState = GetLenToPosState(len); ++ if (lenToPosState >= kNumLenToPosStates) ++ { ++ p->result = SZ_ERROR_DATA; ++ return CheckErrors(p); ++ } ++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); + + if (posSlot >= kStartPosModelIndex) + { diff -Nru grub2-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch grub2-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch --- grub2-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0090-tftp-Do-not-use-priority-queue.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,279 @@ +From c68bccd83bec72174cfbfb258e7329adb309879d Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Thu, 9 Jul 2020 08:10:40 +0000 +Subject: tftp: Do not use priority queue + +There is not need to reassemble the order of blocks. Per RFC 1350, +server must wait for the ACK, before sending next block. Data packets +can be served immediately without putting them to priority queue. + +Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + +It makes the tftp receive path code simpler, smaller and faster. +As a benefit, this change fixes CID# 73624 and CID# 96690, caused +by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + +where tftph pointer is not moving from one iteration to another, causing +to serve same packet again. Luckily, double serving didn't happen due to +data->block++ during the first iteration. + +Fixes: CID 73624, CID 96690 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/net/tftp.c | 171 ++++++++++++++----------------------------- + 1 file changed, 53 insertions(+), 118 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index a0817a075d..e6566fa176 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -25,7 +25,6 @@ + #include + #include + #include +-#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -106,31 +105,8 @@ typedef struct tftp_data + int have_oack; + struct grub_error_saved save_err; + grub_net_udp_socket_t sock; +- grub_priority_queue_t pq; + } *tftp_data_t; + +-static int +-cmp_block (grub_uint16_t a, grub_uint16_t b) +-{ +- grub_int16_t i = (grub_int16_t) (a - b); +- if (i > 0) +- return +1; +- if (i < 0) +- return -1; +- return 0; +-} +- +-static int +-cmp (const void *a__, const void *b__) +-{ +- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; +- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; +- struct tftphdr *a = (struct tftphdr *) a_->data; +- struct tftphdr *b = (struct tftphdr *) b_->data; +- /* We want the first elements to be on top. */ +- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); +-} +- + static grub_err_t + ack (tftp_data_t data, grub_uint64_t block) + { +@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- err = grub_priority_queue_push (data->pq, &nb); +- if (err) +- return err; +- +- { +- struct grub_net_buff **nb_top_p, *nb_top; +- while (1) +- { +- nb_top_p = grub_priority_queue_top (data->pq); +- if (!nb_top_p) +- return GRUB_ERR_NONE; +- nb_top = *nb_top_p; +- tftph = (struct tftphdr *) nb_top->data; +- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) +- break; +- ack (data, grub_be_to_cpu16 (tftph->u.data.block)); +- grub_netbuff_free (nb_top); +- grub_priority_queue_pop (data->pq); +- } +- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) +- { +- unsigned size; +- +- grub_priority_queue_pop (data->pq); +- +- if (file->device->net->packs.count < 50) ++ /* Ack old/retransmitted block. */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ ack (data, grub_be_to_cpu16 (tftph->u.data.block)); ++ /* Ignore unexpected block. */ ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); ++ else ++ { ++ unsigned size; ++ ++ if (file->device->net->packs.count < 50) ++ { + err = ack (data, data->block + 1); +- else +- { +- file->device->net->stall = 1; +- err = 0; +- } +- if (err) +- return err; +- +- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + +- sizeof (tftph->u.data.block)); +- if (err) +- return err; +- size = nb_top->tail - nb_top->data; +- +- data->block++; +- if (size < data->block_size) +- { +- if (data->ack_sent < data->block) +- ack (data, data->block); +- file->device->net->eof = 1; +- file->device->net->stall = 1; +- grub_net_udp_close (data->sock); +- data->sock = NULL; +- } +- /* Prevent garbage in broken cards. Is it still necessary +- given that IP implementation has been fixed? +- */ +- if (size > data->block_size) +- { +- err = grub_netbuff_unput (nb_top, size - data->block_size); +- if (err) +- return err; +- } +- /* If there is data, puts packet in socket list. */ +- if ((nb_top->tail - nb_top->data) > 0) +- grub_net_put_packet (&file->device->net->packs, nb_top); +- else +- grub_netbuff_free (nb_top); +- } +- } ++ if (err) ++ return err; ++ } ++ else ++ file->device->net->stall = 1; ++ ++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + ++ sizeof (tftph->u.data.block)); ++ if (err) ++ return err; ++ size = nb->tail - nb->data; ++ ++ data->block++; ++ if (size < data->block_size) ++ { ++ if (data->ack_sent < data->block) ++ ack (data, data->block); ++ file->device->net->eof = 1; ++ file->device->net->stall = 1; ++ grub_net_udp_close (data->sock); ++ data->sock = NULL; ++ } ++ /* ++ * Prevent garbage in broken cards. Is it still necessary ++ * given that IP implementation has been fixed? ++ */ ++ if (size > data->block_size) ++ { ++ err = grub_netbuff_unput (nb, size - data->block_size); ++ if (err) ++ return err; ++ } ++ /* If there is data, puts packet in socket list. */ ++ if ((nb->tail - nb->data) > 0) ++ { ++ grub_net_put_packet (&file->device->net->packs, nb); ++ /* Do not free nb. */ ++ return GRUB_ERR_NONE; ++ } ++ } ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + } + } + +-static void +-destroy_pq (tftp_data_t data) +-{ +- struct grub_net_buff **nb_p; +- while ((nb_p = grub_priority_queue_top (data->pq))) +- { +- grub_netbuff_free (*nb_p); +- grub_priority_queue_pop (data->pq); +- } +- +- grub_priority_queue_destroy (data->pq); +-} +- + static grub_err_t + tftp_open (struct grub_file *file, const char *filename) + { +@@ -373,20 +323,9 @@ tftp_open (struct grub_file *file, const char *filename) + file->not_easily_seekable = 1; + file->data = data; + +- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); +- if (!data->pq) +- { +- grub_free (data); +- return grub_errno; +- } +- + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { +- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", +- (unsigned long long)data->file_size, +- (unsigned long long)data->block_size); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -396,7 +335,6 @@ tftp_open (struct grub_file *file, const char *filename) + file); + if (!data->sock) + { +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -410,7 +348,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (err) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -427,7 +364,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (grub_errno) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -470,7 +406,6 @@ tftp_close (struct grub_file *file) + grub_print_error (); + grub_net_udp_close (data->sock); + } +- destroy_pq (data); + grub_free (data); + return GRUB_ERR_NONE; + } diff -Nru grub2-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch grub2-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch --- grub2-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,29 @@ +From fd60c9a66288bf80f4da18e9832436bf2e6c1e65 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 11:21:14 +0100 +Subject: script: Remove unused fields from grub_script_function struct + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + include/grub/script_sh.h | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index 360c2be1f0..b382bcf09b 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -359,13 +359,8 @@ struct grub_script_function + /* The script function. */ + struct grub_script *func; + +- /* The flags. */ +- unsigned flags; +- + /* The next element. */ + struct grub_script_function *next; +- +- int references; + }; + typedef struct grub_script_function *grub_script_function_t; + diff -Nru grub2-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch grub2-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch --- grub2-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,104 @@ +From ce9f66f0a86e6cbfd866e431df87f205537380f5 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 14:41:45 +0100 +Subject: script: Avoid a use-after-free when redefining a function during + execution + +Defining a new function with the same name as a previously defined +function causes the grub_script and associated resources for the +previous function to be freed. If the previous function is currently +executing when a function with the same name is defined, this results +in use-after-frees when processing subsequent commands in the original +function. + +Instead, reject a new function definition if it has the same name as +a previously defined function, and that function is currently being +executed. Although a behavioural change, this should be backwards +compatible with existing configurations because they can't be +dependent on the current behaviour without being broken. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 2 ++ + grub-core/script/function.c | 16 +++++++++++++--- + grub-core/script/parser.y | 3 ++- + include/grub/script_sh.h | 2 ++ + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index c8d6806fe0..7e028e1355 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) + old_scope = scope; + scope = &new_scope; + ++ func->executing++; + ret = grub_script_execute (func->func); ++ func->executing--; + + function_return = 0; + active_loops = loops; +diff --git a/grub-core/script/function.c b/grub-core/script/function.c +index d36655e510..3aad04bf9d 100644 +--- a/grub-core/script/function.c ++++ b/grub-core/script/function.c +@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + func = (grub_script_function_t) grub_malloc (sizeof (*func)); + if (! func) + return 0; ++ func->executing = 0; + + func->name = grub_strdup (functionname_arg->str); + if (! func->name) +@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + grub_script_function_t q; + + q = *p; +- grub_script_free (q->func); +- q->func = cmd; + grub_free (func); +- func = q; ++ if (q->executing > 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("attempt to redefine a function being executed")); ++ func = NULL; ++ } ++ else ++ { ++ grub_script_free (q->func); ++ q->func = cmd; ++ func = q; ++ } + } + else + { +diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y +index 4f0ab8319e..f80b86b6f1 100644 +--- a/grub-core/script/parser.y ++++ b/grub-core/script/parser.y +@@ -289,7 +289,8 @@ function: "function" "name" + grub_script_mem_free (state->func_mem); + else { + script->children = state->scripts; +- grub_script_function_create ($2, script); ++ if (!grub_script_function_create ($2, script)) ++ grub_script_free (script); + } + + state->scripts = $3; +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index b382bcf09b..6c48e07512 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -361,6 +361,8 @@ struct grub_script_function + + /* The next element. */ + struct grub_script_function *next; ++ ++ unsigned executing; + }; + typedef struct grub_script_function *grub_script_function_t; + diff -Nru grub2-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch grub2-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch --- grub2-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0093-hfsplus-fix-two-more-overflows.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,53 @@ +From 4be2c61fdd94238b4e529f018eddea12f6ba5361 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 14:43:31 -0400 +Subject: hfsplus: fix two more overflows + +Both node->size and node->namelen come from the supplied filesystem, +which may be user-supplied. We can't trust them for the math unless we +know they don't overflow; making sure they go through calloc() first +will give us that. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +--- + grub-core/fs/hfsplus.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index dae43becc9..9c4e4c88c9 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + grub_ssize_t numread; ++ grub_size_t sz = node->size; + +- symlink = grub_malloc (node->size + 1); ++ if (grub_add (sz, 1, &sz)) ++ return NULL; ++ ++ symlink = grub_malloc (sz); + if (!symlink) + return 0; + +@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg) + if (type == GRUB_FSHELP_UNKNOWN) + return 0; + +- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) +- * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), ++ GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! filename) + return 0; + diff -Nru grub2-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch grub2-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch --- grub2-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,98 @@ +From 9082c7d5ed8d9ffb15a12d6bcb10a86ca9c8a860 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 15:48:20 -0400 +Subject: lvm: fix two more potential data-dependent alloc overflows + +It appears to be possible to make a (possibly invalid) lvm PV with a +metadata size field that overflows our type when adding it to the +address we've allocated. Even if it doesn't, it may be possible to do +so with the math using the outcome of that as an operand. Check them +both. + +Signed-off-by: Peter Jones +--- + grub-core/disk/lvm.c | 39 +++++++++++++++++++++++++++++++-------- + 1 file changed, 31 insertions(+), 8 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index d1df640b31..d154f7c01b 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; ++ grub_size_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +- char *metadatabuf, *p, *q, *vgname; ++ char *metadatabuf, *mda_end, *p, *q, *vgname; + struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; + struct grub_lvm_pv_header *pvh; + struct grub_lvm_disk_locn *dlocn; +@@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (rlocn->size) - + grub_le_to_cpu64 (mdah->size)); + } +- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); + +- while (*q != ' ' && q < metadatabuf + mda_size) +- q++; +- +- if (q == metadatabuf + mda_size) ++ if (grub_add ((grub_size_t)metadatabuf, ++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset), ++ &ptr)) + { ++error_parsing_metadata: + #ifdef GRUB_UTIL + grub_util_info ("error parsing metadata"); + #endif + goto fail2; + } + ++ p = q = (char *)ptr; ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ goto error_parsing_metadata; ++ ++ mda_end = (char *)ptr; ++ ++ while (*q != ' ' && q < mda_end) ++ q++; ++ ++ if (q == mda_end) ++ goto error_parsing_metadata; ++ + vgname_len = q - p; + vgname = grub_malloc (vgname_len + 1); + if (!vgname) +@@ -367,8 +381,17 @@ grub_lvm_detect (grub_disk_t disk, + { + const char *iptr; + char *optr; +- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len +- + 1 + 2 * s + 1); ++ grub_size_t sz0 = vgname_len, sz1 = s; ++ ++ if (grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz0) || ++ grub_mul (sz1, 2, &sz1) || ++ grub_add (sz1, 1, &sz1) || ++ grub_add (sz0, sz1, &sz0) || ++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ goto lvs_fail; ++ ++ lv->fullname = grub_malloc (sz0); + if (!lv->fullname) + goto lvs_fail; + diff -Nru grub2-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch grub2-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch --- grub2-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,247 @@ +From c9148b4f42091e840b2659504401dab230f7d817 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: efi: fix some malformed device path arithmetic errors. + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/efi.c | 67 +++++++++++++++++++++++++----- + grub-core/loader/efi/chainloader.c | 19 ++++++++- + grub-core/loader/i386/xnu.c | 9 ++-- + include/grub/efi/api.h | 14 ++++--- + 4 files changed, 88 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index dc31caa213..b1a8b39b49 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -342,9 +342,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -360,7 +366,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -376,8 +382,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -452,7 +465,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -497,7 +529,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -909,7 +941,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) ++ && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -945,5 +981,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index b9a2df34b1..f8a34cd491 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -126,6 +126,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + ++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); ++ return; ++ } ++ + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; +@@ -166,9 +172,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index b7d176b5d3..c50cb54109 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 9824fbcd0d..08bff60b51 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -640,6 +640,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -648,13 +649,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff -Nru grub2-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch grub2-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch --- grub2-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,90 @@ +From a37688a7dd2a14b66aa88005a9473f017aa84d17 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 22 Jul 2020 11:31:43 +0100 +Subject: linuxefi: fail kernel validation without shim protocol. + +If certificates that signed grub are installed into db, grub can be +booted directly. It will then boot any kernel without signature +validation. The booted kernel will think it was booted in secureboot +mode and will implement lockdown, yet it could have been tampered. + +CVE-2020-15705 + +Reported-by: Mathieu Trudel-Lapierre +Signed-off-by: Dimitri John Ledkov +--- + grub-core/loader/arm64/linux.c | 13 +++++++++---- + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/efi/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 2 +- + 4 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 1a5296a60c..3f5496fc55 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -342,11 +343,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index f8a34cd491..cf89cedf8d 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1096,6 +1096,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + return 0; + } ++ // -1 fall-through to fail + + grub_file_close (file); + grub_device_close (dev); +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index e372b26a1b..f6d30bcf7c 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -34,6 +34,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 2929da7a29..e357bf67c6 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -199,7 +199,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (grub_efi_secure_boot ()) + { + rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (rc <= 0) + { + grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), + argv[0]); diff -Nru grub2-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch grub2-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch --- grub2-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,84 @@ +From 77a41770dfb138bc68c43f86a6e9d05188a0da4f Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 22 Jul 2020 17:06:04 +0100 +Subject: Fix a regression caused by "efi: fix some malformed device path + arithmetic errors" + +This commit introduced a bogus check inside copy_file_path to +determine whether the destination grub_efi_file_path_device_path_t +was valid before anything was copied to it. Depending on the +contents of the heap buffer, this check could fail which would +result in copy_file_path returning early. + +Without any error propagated to the caller, make_file_path would +then try to advance the invalid device path node with +GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL +pointer that would subsequently be dereferenced. + +Remove the bogus check, and also propagate errors from copy_file_path. +--- + grub-core/loader/efi/chainloader.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index cf89cedf8d..d0c53077e8 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -116,7 +116,7 @@ grub_chainloader_boot (void) + return grub_errno; + } + +-static void ++static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +@@ -126,15 +126,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); +- return; +- } +- + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) +- return; ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer"); + + size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +@@ -147,6 +141,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); + grub_free (path_name); ++ return GRUB_ERR_NONE; + } + + static grub_efi_device_path_t * +@@ -204,13 +199,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_start, dir_end - dir_start); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE) ++ { ++ fail: ++ grub_free (file_path); ++ return 0; ++ } + + /* Fill the file path for the file. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_end + 1, grub_strlen (dir_end + 1)); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) ++ goto fail; + + /* Fill the end of device path nodes. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); diff -Nru grub2-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch grub2-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch --- grub2-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,175 @@ +From 1e7e07cfd5c1caa76479b10e85e6a703d64e0fea Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Mon, 20 Jul 2020 23:03:05 +0000 +Subject: efi: Fix use-after-free in halt/reboot path + +commit 92bfc33db984 ("efi: Free malloc regions on exit") +introduced memory freeing in grub_efi_fini(), which is +used not only by exit path but by halt/reboot one as well. +As result of memory freeing, code and data regions used by +modules, such as halt, reboot, acpi (used by halt) also got +freed. After return to module code, CPU executes, filled +by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as +a code. Which leads to #UD exception later. + +grub> halt +!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! +RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246 +RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41 +RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000 +RSI - 00000000064DB768, RDI - 000000000832C5C3 +R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52 +R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4 +R14 - 0000000003E10D80, R15 - 00000000061E2F60 +DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 +GS - 0000000000000030, SS - 0000000000000030 +CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000 +CR4 - 0000000000000668, CR8 - 0000000000000000 +DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 +DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 +GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000 +IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000 +FXSAVE_STATE - 0000000007F0F4C0 + +Proposal here is to continue to free allocated memory for +exit boot services path but keep it for halt/reboot path +as it won't be much security concern here. +Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY +loader flag to be used by efi halt/reboot path. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Darren Kenny +--- + grub-core/kern/arm/efi/init.c | 3 +++ + grub-core/kern/arm64/efi/init.c | 3 +++ + grub-core/kern/efi/efi.c | 3 ++- + grub-core/kern/efi/init.c | 1 - + grub-core/kern/i386/efi/init.c | 9 +++++++-- + grub-core/kern/ia64/efi/init.c | 9 +++++++-- + grub-core/kern/riscv/efi/init.c | 3 +++ + grub-core/lib/efi/halt.c | 3 ++- + include/grub/loader.h | 1 + + 9 files changed, 28 insertions(+), 7 deletions(-) + +diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c +index 06df60e2f0..40c3b467fc 100644 +--- a/grub-core/kern/arm/efi/init.c ++++ b/grub-core/kern/arm/efi/init.c +@@ -71,4 +71,7 @@ grub_machine_fini (int flags) + efi_call_1 (b->close_event, tmr_evt); + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c +index 6224999ec9..5010caefd6 100644 +--- a/grub-core/kern/arm64/efi/init.c ++++ b/grub-core/kern/arm64/efi/init.c +@@ -57,4 +57,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index b1a8b39b49..88bbd34eac 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + void + grub_reboot (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + efi_call_4 (grub_efi_system_table->runtime_services->reset_system, + GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); + for (;;) ; +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 3dfdf2d22b..2c31847bf6 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -80,5 +80,4 @@ grub_efi_fini (void) + { + grub_efidisk_fini (); + grub_console_fini (); +- grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c +index da499aba04..deb2eacd8d 100644 +--- a/grub-core/kern/i386/efi/init.c ++++ b/grub-core/kern/i386/efi/init.c +@@ -39,6 +39,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c +index b5ecbd0912..f1965571b1 100644 +--- a/grub-core/kern/ia64/efi/init.c ++++ b/grub-core/kern/ia64/efi/init.c +@@ -70,6 +70,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c +index 7eb1969d0b..38795fe674 100644 +--- a/grub-core/kern/riscv/efi/init.c ++++ b/grub-core/kern/riscv/efi/init.c +@@ -73,4 +73,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c +index 5859f0498a..29d4136416 100644 +--- a/grub-core/lib/efi/halt.c ++++ b/grub-core/lib/efi/halt.c +@@ -28,7 +28,8 @@ + void + grub_halt (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \ + !defined(__riscv) + grub_acpi_halt (); +diff --git a/include/grub/loader.h b/include/grub/loader.h +index 7f82a499fd..b208642821 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -33,6 +33,7 @@ enum + { + GRUB_LOADER_FLAG_NORETURN = 1, + GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2, ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4, + }; + + void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), diff -Nru grub2-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch grub2-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch --- grub2-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,42 @@ +From 06a88955852ba3c301f3a37c99faa813bd7262c8 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 23 Jul 2020 14:02:17 +0100 +Subject: chainloader: Avoid a double free when validation fails + +--- + grub-core/loader/efi/chainloader.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d0c53077e8..144a6549df 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1085,6 +1085,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (rc > 0) + { + grub_file_close (file); ++ if (orig_dev) ++ dev = orig_dev; ++ grub_device_close (dev); + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; +@@ -1093,15 +1096,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + { + grub_load_and_start_image(boot_image); + grub_file_close (file); ++ if (orig_dev) ++ dev = orig_dev; ++ grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; + } + // -1 fall-through to fail + +- grub_file_close (file); +- grub_device_close (dev); +- + fail: + if (orig_dev) + { diff -Nru grub2-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch grub2-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch --- grub2-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,146 @@ +From d1e511e940a1f2577f568e11076df02c7a221042 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 15 Jul 2020 06:42:37 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_addr() input args + against integer underflow/overflow + +Use arithmetic macros from safemath.h to accomplish it. In this commit, +I didn't want to be too paranoid to check every possible math equation +for overflow/underflow. Only obvious places (with non zero chance of +overflow/underflow) were refactored. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/loader/i386/linux.c | 9 +++++++-- + grub-core/loader/i386/pc/linux.c | 9 +++++++-- + grub-core/loader/i386/xen.c | 12 ++++++++++-- + grub-core/loader/xnu.c | 11 +++++++---- + 4 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 991eb29db9..4e14eb1887 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -550,9 +551,13 @@ grub_linux_boot (void) + + { + grub_relocator_chunk_t ch; ++ grub_size_t sz; ++ ++ if (grub_add (ctx.real_size, efi_mmap_size, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ + err = grub_relocator_alloc_chunk_addr (relocator, &ch, +- ctx.real_mode_target, +- (ctx.real_size + efi_mmap_size)); ++ ctx.real_mode_target, sz); + if (err) + return err; + real_mode_mem = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 3866f048bb..81ab3c0c15 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -231,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; + + real_size = setup_sects << GRUB_DISK_SECTOR_BITS; +- grub_linux16_prot_size = grub_file_size (file) +- - real_size - GRUB_DISK_SECTOR_SIZE; ++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || ++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + if (! grub_linux_is_bzimage + && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 8f662c8ac8..cd24874ca3 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + grub_relocator_chunk_t ch; + grub_addr_t kern_start; + grub_addr_t kern_end; ++ grub_size_t sz; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + + xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE); + +- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, +- kern_end - kern_start); ++ ++ if (grub_sub (kern_end, kern_start, &sz)) ++ { ++ err = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz); + if (err) + goto fail; + kern_chunk_src = get_virtual_current_address (ch); +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 2f0ebd0b8b..3fd653993f 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -60,15 +61,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target) + { + grub_err_t err; + grub_relocator_chunk_t ch; ++ grub_addr_t tgt; ++ ++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) ++ return GRUB_ERR_OUT_OF_RANGE; + +- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, +- grub_xnu_heap_target_start +- + grub_xnu_heap_size, size); ++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); + if (err) + return err; + + *src = get_virtual_current_address (ch); +- *target = grub_xnu_heap_target_start + grub_xnu_heap_size; ++ *target = tgt; + grub_xnu_heap_size += size; + grub_dprintf ("xnu", "val=%p\n", *src); + return GRUB_ERR_NONE; diff -Nru grub2-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch grub2-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch --- grub2-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,334 @@ +From 91276109ad6be0700b9fee507063f01df0692070 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 01:44:38 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_align() max_addr + against integer underflow + +This commit introduces integer underflow mitigation in max_addr calculation +in grub_relocator_alloc_chunk_align() invocation. + +It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/i386/relocator.c | 28 ++++++++++---------------- + grub-core/lib/mips/relocator.c | 6 ++---- + grub-core/lib/powerpc/relocator.c | 6 ++---- + grub-core/lib/x86_64/efi/relocator.c | 7 +++---- + grub-core/loader/i386/linux.c | 5 ++--- + grub-core/loader/i386/multiboot_mbi.c | 7 +++---- + grub-core/loader/i386/pc/linux.c | 6 ++---- + grub-core/loader/mips/linux.c | 9 +++------ + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 10 ++++----- + grub-core/loader/multiboot_mbi2.c | 10 ++++----- + grub-core/loader/xnu_resume.c | 2 +- + include/grub/relocator.h | 29 +++++++++++++++++++++++++++ + 13 files changed, 69 insertions(+), 58 deletions(-) + +diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c +index 71dd4f0ab0..34cbe834fa 100644 +--- a/grub-core/lib/i386/relocator.c ++++ b/grub-core/lib/i386/relocator.c +@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, + /* Specific memory range due to Global Descriptor Table for use by payload + that we will store in returned chunk. The address range and preference + are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000, +- 0x9a000 - RELOCATOR_SIZEOF (32), +- RELOCATOR_SIZEOF (32), 16, +- GRUB_RELOCATOR_PREFERENCE_LOW, +- avoid_efi_bootservices); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000, ++ RELOCATOR_SIZEOF (32), 16, ++ GRUB_RELOCATOR_PREFERENCE_LOW, ++ avoid_efi_bootservices); + if (err) + return err; + +@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel, + grub_relocator_chunk_t ch; + + /* Put it higher than the byte it checks for A20 check. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, +- 0xa0000 - RELOCATOR_SIZEOF (16) +- - GRUB_RELOCATOR16_STACK_SIZE, +- RELOCATOR_SIZEOF (16) +- + GRUB_RELOCATOR16_STACK_SIZE, 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, ++ RELOCATOR_SIZEOF (16) + ++ GRUB_RELOCATOR16_STACK_SIZE, 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel, + void *relst; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, +- max_addr - RELOCATOR_SIZEOF (64), +- RELOCATOR_SIZEOF (64), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, ++ RELOCATOR_SIZEOF (64), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c +index 9d5f49cb93..743b213e69 100644 +--- a/grub-core/lib/mips/relocator.c ++++ b/grub-core/lib/mips/relocator.c +@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_addr_t vtarget; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c +index bdf2b111be..8ffb8b6868 100644 +--- a/grub-core/lib/powerpc/relocator.c ++++ b/grub-core/lib/powerpc/relocator.c +@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c +index 3caef7a402..7d200a125e 100644 +--- a/grub-core/lib/x86_64/efi/relocator.c ++++ b/grub-core/lib/x86_64/efi/relocator.c +@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, + * 64-bit relocator code may live above 4 GiB quite well. + * However, I do not want ask for problems. Just in case. + */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- 0x100000000 - RELOCATOR_SIZEOF (64_efi), +- RELOCATOR_SIZEOF (64_efi), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, 1); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000, ++ RELOCATOR_SIZEOF (64_efi), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) + return err; + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 4e14eb1887..04bd78a1fa 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -184,9 +184,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, + for (; err && *align + 1 > min_align; (*align)--) + { + grub_errno = GRUB_ERR_NONE; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- 0x1000000, +- 0xffffffff & ~prot_size, ++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, ++ UP_TO_TOP32 (prot_size), + prot_size, 1 << *align, + GRUB_RELOCATOR_PREFERENCE_LOW, + 1); +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index ad3cc292fd..a67d9d0a80 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + + bufsize = grub_multiboot_get_mbi_size (); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0x10000, 0xa0000 - bufsize, +- bufsize, 4, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, ++ 0x10000, 0xa0000, bufsize, 4, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + ptrorig = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 81ab3c0c15..6400a5b91d 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -463,10 +463,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- addr_min, addr_max - size, +- size, 0x1000, +- GRUB_RELOCATOR_PREFERENCE_HIGH, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, ++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + if (err) + return err; + initrd_chunk = get_virtual_current_address (ch); +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 7b723bf189..e4ed95921d 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- (target_addr & 0x1fffffff) +- + linux_size + 0x10000, +- (0x10000000 - size), +- size, 0x10000, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + ++ linux_size + 0x10000, 0x10000000, size, ++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); + + if (err) + goto fail; +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 3e6ad166dc..3e286908dd 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -404,7 +404,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- lowest_addr, (0xffffffff - size) + 1, ++ lowest_addr, UP_TO_TOP32 (size), + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index cc6853692a..f2318e0d16 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + +- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- mld->min_addr, mld->max_addr - load_size, +- load_size, mld->align ? mld->align : 1, +- mld->preference, mld->avoid_efi_boot_services); ++ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch, ++ mld->min_addr, mld->max_addr, ++ load_size, mld->align ? mld->align : 1, ++ mld->preference, mld->avoid_efi_boot_services); + + if (err) + { +@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + continue; + + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, +- (0xffffffff - sh->sh_size) + 1, ++ UP_TO_TOP32 (sh->sh_size), + sh->sh_size, sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, + mld->avoid_efi_boot_services); +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 53da786151..3ec2092839 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + } + +- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- mld.min_addr, mld.max_addr - code_size, +- code_size, mld.align ? mld.align : 1, +- mld.preference, keep_bs); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch, ++ mld.min_addr, mld.max_addr, ++ code_size, mld.align ? mld.align : 1, ++ mld.preference, keep_bs); + } + else + err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, +@@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target) + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + + err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- 0, 0xffffffff - bufsize, ++ 0, UP_TO_TOP32 (bufsize), + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c +index 8089804d48..d648ef0cd3 100644 +--- a/grub-core/loader/xnu_resume.c ++++ b/grub-core/loader/xnu_resume.c +@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, +- (0xffffffff - hibhead.image_size) + 1, ++ UP_TO_TOP32 (hibhead.image_size), + hibhead.image_size, + GRUB_XNU_PAGESIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); +diff --git a/include/grub/relocator.h b/include/grub/relocator.h +index 24d8672d22..1b3bdd92ac 100644 +--- a/include/grub/relocator.h ++++ b/include/grub/relocator.h +@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + int preference, + int avoid_efi_boot_services); + ++/* ++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of ++ * protecting against integer underflow. ++ * ++ * Compare to its callee, max_addr has different meaning here. ++ * It covers entire chunk and not just start address of the chunk. ++ */ ++static inline grub_err_t ++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, ++ grub_relocator_chunk_t *out, ++ grub_phys_addr_t min_addr, ++ grub_phys_addr_t max_addr, ++ grub_size_t size, grub_size_t align, ++ int preference, ++ int avoid_efi_boot_services) ++{ ++ /* Sanity check and ensure following equation (max_addr - size) is safe. */ ++ if (max_addr < size || (max_addr - size) < min_addr) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ return grub_relocator_alloc_chunk_align (rel, out, min_addr, ++ max_addr - size, ++ size, align, preference, ++ avoid_efi_boot_services); ++} ++ ++/* Top 32-bit address minus s bytes and plus 1 byte. */ ++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) ++ + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 + #define GRUB_RELOCATOR_PREFERENCE_LOW 1 + #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 diff -Nru grub2-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch grub2-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch --- grub2-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,42 @@ +From f5102243ac5d0cc9a319b2f5c4cbc2c518d0d137 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Fri, 17 Jul 2020 05:17:26 +0000 +Subject: relocator: Fix grub_relocator_alloc_chunk_align() top memory + allocation + +Current implementation of grub_relocator_alloc_chunk_align() +does not allow allocation of the top byte. + +Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + +And this is valid. But following overflow protection will +unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + +~size + 1 will fix the situation. In addition, check size +for non zero to do not zero max_addr. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/relocator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index 5847aac364..f2c1944c28 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + }; + grub_addr_t min_addr2 = 0, max_addr2; + +- if (max_addr > ~size) +- max_addr = ~size; ++ if (size && (max_addr > ~size)) ++ max_addr = ~size + 1; + + #ifdef GRUB_MACHINE_PCBIOS + if (min_addr < 0x1000) diff -Nru grub2-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch grub2-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch --- grub2-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,25 @@ +From 3390bca8bde1f29b8d449f28d5a1fa4f08598af8 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Jul 2020 13:57:27 -0400 +Subject: linux loader: avoid overflow on initrd size calculation + +Signed-off-by: Peter Jones +--- + grub-core/loader/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 471b214d6c..25624ebc11 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -151,8 +151,8 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles = 0; + initrd_ctx->components = 0; + +- initrd_ctx->components = grub_zalloc (argc +- * sizeof (initrd_ctx->components[0])); ++ initrd_ctx->components = grub_calloc (argc, ++ sizeof (initrd_ctx->components[0])); + if (!initrd_ctx->components) + return grub_errno; + diff -Nru grub2-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch grub2-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch --- grub2-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,165 @@ +From 5ae3595759c09e23b48fa2bb35abbe1f66c529bc Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sat, 25 Jul 2020 12:15:37 +0100 +Subject: linux: Fix integer overflows in initrd size handling + +These could be triggered by a crafted filesystem with very large files. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +Reviewed-by: Jan Setje-Eilers +--- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++----------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 25624ebc11..e9f819ee95 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -98,13 +99,13 @@ free_dir (struct dir *root) + grub_free (root); + } + +-static grub_size_t ++static grub_err_t + insert_dir (const char *name, struct dir **root, +- grub_uint8_t *ptr) ++ grub_uint8_t *ptr, grub_size_t *size) + { + struct dir *cur, **head = root; + const char *cb, *ce = name; +- grub_size_t size = 0; ++ *size = 0; + while (1) + { + for (cb = ce; *cb == '/'; cb++); +@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, + ptr = make_header (ptr, name, ce - name, + 040777, 0); + } +- size += ALIGN_UP ((ce - (char *) name) +- + sizeof (struct newc_head), 4); ++ if (grub_add (*size, ++ ALIGN_UP ((ce - (char *) name) ++ + sizeof (struct newc_head), 4), ++ size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ grub_free (n->name); ++ grub_free (n); ++ return grub_errno; ++ } + *head = n; + cur = n; + } + root = &cur->next; + } +- return size; ++ return GRUB_ERR_NONE; + } + + grub_err_t +@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], + eptr = grub_strchr (ptr, ':'); + if (eptr) + { ++ grub_size_t dir_size, name_len; ++ + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +- if (!initrd_ctx->components[i].newc_name) ++ if (!initrd_ctx->components[i].newc_name || ++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, ++ &dir_size)) + { + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- initrd_ctx->size +- += ALIGN_UP (sizeof (struct newc_head) +- + grub_strlen (initrd_ctx->components[i].newc_name), +- 4); +- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, +- &root, 0); ++ name_len = grub_strlen (initrd_ctx->components[i].newc_name); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), ++ &initrd_ctx->size) || ++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) ++ goto overflow; + newc = 1; + fname = eptr + 1; + } + } + else if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + newc = 0; +@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles++; + initrd_ctx->components[i].size + = grub_file_size (initrd_ctx->components[i].file); +- initrd_ctx->size += initrd_ctx->components[i].size; ++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, ++ &initrd_ctx->size)) ++ goto overflow; + } + + if (newc) + { + initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + } + + return GRUB_ERR_NONE; ++ ++overflow: ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + } + + grub_size_t +@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + + if (initrd_ctx->components[i].newc_name) + { +- ptr += insert_dir (initrd_ctx->components[i].newc_name, +- &root, ptr); ++ grub_size_t dir_size; ++ ++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, ++ &dir_size)) ++ { ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_errno; ++ } ++ ptr += dir_size; + ptr = make_header (ptr, initrd_ctx->components[i].newc_name, + grub_strlen (initrd_ctx->components[i].newc_name), + 0100777, diff -Nru grub2-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch grub2-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch --- grub2-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,50 @@ +From c15dfc896951a0d1fa03576a3354c59a873cb019 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Mon, 27 Jul 2020 14:22:12 +0100 +Subject: efilinux: Fix integer overflows in grub_cmd_initrd + +These could be triggered by an extremely large number of arguments to +the initrd command on 32-bit architectures, or a crafted filesystem with +very large files on any architecture. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +--- + grub-core/loader/i386/efi/linux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index e357bf67c6..381459ce08 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- files = grub_zalloc (argc * sizeof (files[0])); ++ files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; + +@@ -104,7 +105,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (! files[i]) + goto fail; + nfiles++; +- size += ALIGN_UP (grub_file_size (files[i]), 4); ++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + } + + initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); diff -Nru grub2-2.04/debian/patches/at_keyboard-module-init.patch grub2-2.04/debian/patches/at_keyboard-module-init.patch --- grub2-2.04/debian/patches/at_keyboard-module-init.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/at_keyboard-module-init.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 2fa183df8ec4037976444a92810672b0fa3f75b4 Mon Sep 17 00:00:00 2001 +From 5365f46e0c28babd3ec09fa2c665b946ac9b3d0f Mon Sep 17 00:00:00 2001 From: Jeroen Dekkers Date: Sat, 12 Jan 2019 21:02:18 +0100 Subject: at_keyboard: initialize keyboard in module init if keyboard is ready @@ -16,7 +16,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index f0a986eb1..d4395c201 100644 +index f0a986eb17..d4395c2019 100644 --- a/grub-core/term/at_keyboard.c +++ b/grub-core/term/at_keyboard.c @@ -244,6 +244,14 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) diff -Nru grub2-2.04/debian/patches/bash-completion-drop-have-checks.patch grub2-2.04/debian/patches/bash-completion-drop-have-checks.patch --- grub2-2.04/debian/patches/bash-completion-drop-have-checks.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/bash-completion-drop-have-checks.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 1eee32e5a695ce788c97203f0fba724bf5dc3a19 Mon Sep 17 00:00:00 2001 +From c3bac3061438a6308dc0191e72e295957270c755 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 16 Nov 2018 16:37:02 +0000 Subject: bash-completion: Drop "have" checks @@ -16,7 +16,7 @@ 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in -index 44bf135b9..d4235e7ef 100644 +index 44bf135b9f..d4235e7ef8 100644 --- a/util/bash-completion.d/grub-completion.bash.in +++ b/util/bash-completion.d/grub-completion.bash.in @@ -166,13 +166,11 @@ _grub_set_entry () { diff -Nru grub2-2.04/debian/patches/blacklist-1440x900x32.patch grub2-2.04/debian/patches/blacklist-1440x900x32.patch --- grub2-2.04/debian/patches/blacklist-1440x900x32.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/blacklist-1440x900x32.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From a7d121953a5158ccd4e8789a475cd43b83c2b779 Mon Sep 17 00:00:00 2001 +From a48eec06d4c5c5d1e808b52c1193044c09d638c2 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:11 +0000 Subject: Blacklist 1440x900x32 from VBE preferred mode handling @@ -13,7 +13,7 @@ 1 file changed, 9 insertions(+) diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index b7f911926..4b1bd7d5e 100644 +index b7f911926d..4b1bd7d5ea 100644 --- a/grub-core/video/i386/pc/vbe.c +++ b/grub-core/video/i386/pc/vbe.c @@ -1054,6 +1054,15 @@ grub_video_vbe_setup (unsigned int width, unsigned int height, diff -Nru grub2-2.04/debian/patches/bootp-new-net_bootp6-command.patch grub2-2.04/debian/patches/bootp-new-net_bootp6-command.patch --- grub2-2.04/debian/patches/bootp-new-net_bootp6-command.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/bootp-new-net_bootp6-command.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 8624974d81aaa8eabd6328c99ec5c7d204c80638 Mon Sep 17 00:00:00 2001 +From c5375c14deee6e8fd23a018d583495e5c4f95930 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:04 -0400 Subject: bootp: New net_bootp6 command @@ -17,7 +17,7 @@ 3 files changed, 1018 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 04cfbb045..21c1824ef 100644 +index 04cfbb0450..21c1824efb 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -24,6 +24,98 @@ @@ -969,7 +969,7 @@ + grub_unregister_command (cmd_bootp6); } diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ea5edf8f1..01410798b 100644 +index ea5edf8f1f..01410798b3 100644 --- a/grub-core/net/ip.c +++ b/grub-core/net/ip.c @@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, @@ -1019,7 +1019,7 @@ { const struct grub_net_bootp_packet *bootp; diff --git a/include/grub/net.h b/include/grub/net.h -index cc114286e..58cff96d2 100644 +index cc114286ea..58cff96d2a 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -448,6 +448,66 @@ struct grub_net_bootp_packet diff -Nru grub2-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch grub2-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch --- grub2-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/bootp-process-dhcpack-http-boot.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 3de9845e404a99dc3122efbf7c2570482097c412 Mon Sep 17 00:00:00 2001 +From 6e1e440798cf53f89f0e5a177d781f0b3d4bc1ca Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:42:19 -0400 Subject: bootp: Add processing DHCPACK packet from HTTP Boot @@ -24,7 +24,7 @@ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 21c1824ef..558d97ba1 100644 +index 21c1824efb..558d97ba1e 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -154,7 +154,7 @@ struct grub_dhcp_request_options @@ -109,7 +109,7 @@ }, GRUB_NET_BOOTP_END, diff --git a/include/grub/net.h b/include/grub/net.h -index 58cff96d2..b5f9e617e 100644 +index 58cff96d2a..b5f9e617e5 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -523,6 +523,7 @@ enum diff -Nru grub2-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch grub2-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch --- grub2-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/cherrypick-lsefisystab-define-smbios3.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 0bc1e64554d9dfbcfaf5e384fcb772f861a548d8 Mon Sep 17 00:00:00 2001 +From 7a7aa7f7da952420277726d4e2279716d1738aa6 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 5 Jul 2019 08:47:02 -0400 Subject: lsefisystab: Define SMBIOS3 entry point structures for EFI @@ -16,7 +16,7 @@ 2 files changed, 6 insertions(+) diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index df1030221..7c039c509 100644 +index df10302218..7c039c5097 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -48,6 +48,7 @@ static const struct guid_mapping guid_mappings[] = @@ -28,7 +28,7 @@ { GRUB_EFI_TIANO_CUSTOM_DECOMPRESS_GUID, "TIANO CUSTOM DECOMPRESS"}, { GRUB_EFI_TSC_FREQUENCY_GUID, "TSC FREQUENCY"}, diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 75befd10e..9824fbcd0 100644 +index 75befd10e5..9824fbcd0d 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -314,6 +314,11 @@ diff -Nru grub2-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch grub2-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch --- grub2-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/cherrypick-lsefisystab-show-dtb.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From b5a07214b83812f0b8b42dc576021e98237498e6 Mon Sep 17 00:00:00 2001 +From b67cba441eece77123d08105d447128e09593194 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 6 Jul 2019 11:11:02 +0200 Subject: lsefisystab: Add support for device tree table @@ -27,7 +27,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index 7c039c509..902788250 100644 +index 7c039c5097..902788250e 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -40,6 +40,7 @@ static const struct guid_mapping guid_mappings[] = diff -Nru grub2-2.04/debian/patches/cherrypick-smbios-module.patch grub2-2.04/debian/patches/cherrypick-smbios-module.patch --- grub2-2.04/debian/patches/cherrypick-smbios-module.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/cherrypick-smbios-module.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 982cd5b597e964da666ebdab41c727823a50c776 Mon Sep 17 00:00:00 2001 +From 1eea32e0f58e90b1a7682f01b06c68f56349fb3d Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 5 Jul 2019 08:47:09 -0400 Subject: smbios: Add a module for retrieving SMBIOS information @@ -33,7 +33,7 @@ create mode 100644 include/grub/smbios.h diff --git a/docs/grub.texi b/docs/grub.texi -index 1baa0fa20..d573f32cb 100644 +index 1baa0fa20f..d573f32cbb 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -3976,6 +3976,7 @@ you forget a command, you can run the command @command{help} @@ -126,7 +126,7 @@ @subsection source diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 33e75021d..9b20f3335 100644 +index 33e75021da..9b20f33355 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1106,6 +1106,21 @@ module = { @@ -153,7 +153,7 @@ ieee1275 = commands/ieee1275/suspend.c; diff --git a/grub-core/commands/efi/smbios.c b/grub-core/commands/efi/smbios.c new file mode 100644 -index 000000000..75202d5aa +index 0000000000..75202d5aad --- /dev/null +++ b/grub-core/commands/efi/smbios.c @@ -0,0 +1,61 @@ @@ -220,7 +220,7 @@ +} diff --git a/grub-core/commands/i386/pc/smbios.c b/grub-core/commands/i386/pc/smbios.c new file mode 100644 -index 000000000..069d66367 +index 0000000000..069d663673 --- /dev/null +++ b/grub-core/commands/i386/pc/smbios.c @@ -0,0 +1,52 @@ @@ -278,7 +278,7 @@ +} diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c new file mode 100644 -index 000000000..7a6a391fc +index 0000000000..7a6a391fc1 --- /dev/null +++ b/grub-core/commands/smbios.c @@ -0,0 +1,374 @@ @@ -657,7 +657,7 @@ + grub_unregister_extcmd (cmd); +} diff --git a/grub-core/efiemu/i386/pc/cfgtables.c b/grub-core/efiemu/i386/pc/cfgtables.c -index 492c07c46..e5fffb7d4 100644 +index 492c07c468..e5fffb7d4a 100644 --- a/grub-core/efiemu/i386/pc/cfgtables.c +++ b/grub-core/efiemu/i386/pc/cfgtables.c @@ -22,11 +22,11 @@ @@ -696,7 +696,7 @@ } diff --git a/include/grub/smbios.h b/include/grub/smbios.h new file mode 100644 -index 000000000..15ec260b3 +index 0000000000..15ec260b32 --- /dev/null +++ b/include/grub/smbios.h @@ -0,0 +1,69 @@ diff -Nru grub2-2.04/debian/patches/core-in-fs.patch grub2-2.04/debian/patches/core-in-fs.patch --- grub2-2.04/debian/patches/core-in-fs.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/core-in-fs.patch 2020-09-08 10:23:00.000000000 +0000 @@ -11,7 +11,7 @@ 1 file changed, 8 insertions(+) diff --git a/util/setup.c b/util/setup.c -index 6f88f3cc4..fbdf2fcc5 100644 +index 6f88f3cc43..fbdf2fcc59 100644 --- a/util/setup.c +++ b/util/setup.c @@ -58,6 +58,8 @@ diff -Nru grub2-2.04/debian/patches/default-grub-d.patch grub2-2.04/debian/patches/default-grub-d.patch --- grub2-2.04/debian/patches/default-grub-d.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/default-grub-d.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From e1e966557a634500e95e2ec691a0cb8fca144aae Mon Sep 17 00:00:00 2001 +From c3ad86f659b0a1af2033086101936f3a17e67a0a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:10 +0000 Subject: Read /etc/default/grub.d/*.cfg after /etc/default/grub @@ -14,7 +14,7 @@ 2 files changed, 98 insertions(+), 21 deletions(-) diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 65effa9f3..5478030fd 100644 +index 65effa9f3a..5478030fde 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -24,6 +24,8 @@ @@ -178,7 +178,7 @@ + free (cfgdir); } diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index b506d63bf..d18bf972f 100644 +index b506d63bf9..d18bf972f7 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -164,6 +164,11 @@ fi diff -Nru grub2-2.04/debian/patches/disable-floppies.patch grub2-2.04/debian/patches/disable-floppies.patch --- grub2-2.04/debian/patches/disable-floppies.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/disable-floppies.patch 2020-09-08 10:23:00.000000000 +0000 @@ -13,7 +13,7 @@ 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index e9ec680cd..8ac523953 100644 +index e9ec680cdb..8ac5239538 100644 --- a/grub-core/kern/emu/hostdisk.c +++ b/grub-core/kern/emu/hostdisk.c @@ -532,6 +532,18 @@ read_device_map (const char *dev_map) diff -Nru grub2-2.04/debian/patches/dpkg-version-comparison.patch grub2-2.04/debian/patches/dpkg-version-comparison.patch --- grub2-2.04/debian/patches/dpkg-version-comparison.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/dpkg-version-comparison.patch 2020-09-08 10:23:00.000000000 +0000 @@ -12,7 +12,7 @@ 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 0f801cab3..b6606c16e 100644 +index 0f801cab3e..b6606c16e0 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -239,8 +239,9 @@ version_test_numeric () diff -Nru grub2-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch grub2-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch --- grub2-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/efinet-set-dns-from-uefi-proto.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 6a014b8846142de23cb5254f653facc8f3456a8c Mon Sep 17 00:00:00 2001 +From 5e2600c379b6ef398a18081b65367f0674c935dc Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:21 -0400 Subject: efinet: Setting DNS server from UEFI protocol @@ -35,7 +35,7 @@ 2 files changed, 239 insertions(+) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 2d3b00f0e..82a28fb6e 100644 +index 2d3b00f0e1..82a28fb6e9 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -244,7 +244,7 @@ } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 664cea37b..75befd10e 100644 +index 664cea37b5..75befd10e5 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -334,6 +334,16 @@ diff -Nru grub2-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch grub2-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch --- grub2-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/efinet-set-network-from-uefi-devpath.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 1bacee679cef6c6f56af81108288c6468d8f6295 Mon Sep 17 00:00:00 2001 +From 521dfb27bc786d0567c97b704381677f57c4cfe4 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:05 -0400 Subject: efinet: Setting network from UEFI device path @@ -34,7 +34,7 @@ 2 files changed, 270 insertions(+), 9 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index fc90415f2..2d3b00f0e 100644 +index fc90415f29..2d3b00f0e1 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -23,6 +23,7 @@ @@ -358,7 +358,7 @@ } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index ca6cdc159..664cea37b 100644 +index ca6cdc1596..664cea37b5 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -825,6 +825,8 @@ struct grub_efi_ipv4_device_path diff -Nru grub2-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch grub2-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch --- grub2-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/efinet-uefi-ipv6-pxe-support.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 9afb0c174814d7235fc18623725cd037a76ff541 Mon Sep 17 00:00:00 2001 +From efa94cf400cddc721b15210e46471c867cf727e1 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:21 -0400 Subject: efinet: UEFI IPv6 PXE support @@ -17,7 +17,7 @@ 2 files changed, 73 insertions(+), 6 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f952b..fc90415f2 100644 +index 5388f952ba..fc90415f29 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -378,11 +378,25 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, @@ -52,7 +52,7 @@ } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index addcbfa8f..ca6cdc159 100644 +index addcbfa8fb..ca6cdc1596 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -1452,14 +1452,67 @@ typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output diff -Nru grub2-2.04/debian/patches/efi-variable-storage-minimise-writes.patch grub2-2.04/debian/patches/efi-variable-storage-minimise-writes.patch --- grub2-2.04/debian/patches/efi-variable-storage-minimise-writes.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/efi-variable-storage-minimise-writes.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 20dd578ec8d17d92790121ce010de0e49eaf9cef Mon Sep 17 00:00:00 2001 +From b18e6318f49373c1018be8b6d34266a009f10ae8 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:17:43 +0000 Subject: Minimise writes to EFI variable storage @@ -60,7 +60,7 @@ create mode 100644 grub-core/osdep/unix/efivar.c diff --git a/INSTALL b/INSTALL -index 8acb40902..342c158e9 100644 +index 8acb409023..342c158e91 100644 --- a/INSTALL +++ b/INSTALL @@ -41,6 +41,11 @@ configuring the GRUB. @@ -76,7 +76,7 @@ * libdevmapper 1.02.34 or later (recommended) diff --git a/Makefile.util.def b/Makefile.util.def -index ce133e694..504d1c058 100644 +index ce133e694e..504d1c0581 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -565,6 +565,8 @@ program = { @@ -180,7 +180,7 @@ script = { diff --git a/configure.ac b/configure.ac -index e382c7480..883245553 100644 +index e382c7480d..883245553d 100644 --- a/configure.ac +++ b/configure.ac @@ -443,6 +443,18 @@ AC_CHECK_HEADER([util.h], [ @@ -204,7 +204,7 @@ CFLAGS="$HOST_CFLAGS -Wtrampolines -Werror" diff --git a/grub-core/osdep/efivar.c b/grub-core/osdep/efivar.c new file mode 100644 -index 000000000..d2750e252 +index 0000000000..d2750e2524 --- /dev/null +++ b/grub-core/osdep/efivar.c @@ -0,0 +1,3 @@ @@ -213,7 +213,7 @@ +#endif diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c new file mode 100644 -index 000000000..4a58328b4 +index 0000000000..4a58328b42 --- /dev/null +++ b/grub-core/osdep/unix/efivar.c @@ -0,0 +1,508 @@ @@ -726,7 +726,7 @@ + +#endif /* HAVE_EFIVAR */ diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 9c439326a..b561174ea 100644 +index 9c439326a0..b561174ea9 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -19,15 +19,12 @@ @@ -856,7 +856,7 @@ void diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 8aeb5c4f2..a521f1663 100644 +index 8aeb5c4f20..a521f1663f 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,6 +219,11 @@ grub_install_get_default_x86_platform (void); @@ -872,7 +872,7 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index 4bad8de61..63462e4e0 100644 +index 4bad8de612..63462e4e09 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2084,7 +2084,7 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/gettext/0001-Support-POTFILES-shell.patch grub2-2.04/debian/patches/gettext/0001-Support-POTFILES-shell.patch --- grub2-2.04/debian/patches/gettext/0001-Support-POTFILES-shell.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gettext/0001-Support-POTFILES-shell.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -From d5bbd8f60aacb0f73ea5a0bde999152c467d0e78 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Sun, 1 Mar 2020 11:57:58 +0000 -Subject: [PATCH 1/4] Support POTFILES-shell - ---- - gettext-runtime/po/Makefile.in.in | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in -index fabdc76c9..32e9323d3 100644 ---- a/gettext-runtime/po/Makefile.in.in -+++ b/gettext-runtime/po/Makefile.in.in -@@ -142,7 +142,7 @@ stamp-po: $(srcdir)/$(DOMAIN).pot - # The determination of whether the package xyz is a GNU one is based on the - # heuristic whether some file in the top level directory mentions "GNU xyz". - # If GNU 'find' is available, we avoid grepping through monster files. --$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed -+$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell.in remove-potcdate.sed - if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \ - LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \ - else \ -@@ -175,7 +175,27 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed - --package-version='@VERSION@' \ - --msgid-bugs-address="$$msgid_bugs_address" \ - ;; \ -- esac -+ esac; \ -+ case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ -+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \ -+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ -+ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ -+ --files-from=$(srcdir)/POTFILES-shell.in \ -+ --copyright-holder='$(COPYRIGHT_HOLDER)' \ -+ --msgid-bugs-address="$$msgid_bugs_address" \ -+ --join-existing --language=Shell --keyword=gettext_quoted \ -+ ;; \ -+ *) \ -+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ -+ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ -+ --files-from=$(srcdir)/POTFILES-shell.in \ -+ --copyright-holder='$(COPYRIGHT_HOLDER)' \ -+ --package-name="$${package_gnu}@PACKAGE@" \ -+ --package-version='@VERSION@' \ -+ --msgid-bugs-address="$$msgid_bugs_address" \ -+ --join-existing --language=Shell --keyword=gettext_quoted \ -+ ;; \ -+ esac; \ - test ! -f $(DOMAIN).po || { \ - if test -f $(srcdir)/$(DOMAIN).pot; then \ - sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ --- -2.17.1 - diff -Nru grub2-2.04/debian/patches/gettext/0002-Handle-gettext_printf-shell-function.patch grub2-2.04/debian/patches/gettext/0002-Handle-gettext_printf-shell-function.patch --- grub2-2.04/debian/patches/gettext/0002-Handle-gettext_printf-shell-function.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gettext/0002-Handle-gettext_printf-shell-function.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -From fd17c51f2e6c87427679fbdfb5f6224ff48795db Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Sun, 1 Mar 2020 12:00:41 +0000 -Subject: [PATCH 2/4] Handle gettext_printf shell function - -Extract gettext_printf arguments. - -Run grub.d.sed over strings extracted from util/grub.d/, in order to set -c-format flags (xgettext refuses to include these itself for strings it -extracted from a shell file, but these really are c-format). ---- - gettext-runtime/po/Makefile.in.in | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in -index 32e9323d3..32e0c99a2 100644 ---- a/gettext-runtime/po/Makefile.in.in -+++ b/gettext-runtime/po/Makefile.in.in -@@ -183,7 +183,8 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell - --files-from=$(srcdir)/POTFILES-shell.in \ - --copyright-holder='$(COPYRIGHT_HOLDER)' \ - --msgid-bugs-address="$$msgid_bugs_address" \ -- --join-existing --language=Shell --keyword=gettext_quoted \ -+ --join-existing --language=Shell \ -+ --keyword=gettext_quoted --keyword=gettext_printf \ - ;; \ - *) \ - $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ -@@ -193,10 +194,13 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell - --package-name="$${package_gnu}@PACKAGE@" \ - --package-version='@VERSION@' \ - --msgid-bugs-address="$$msgid_bugs_address" \ -- --join-existing --language=Shell --keyword=gettext_quoted \ -+ --join-existing --language=Shell \ -+ --keyword=gettext_quoted --keyword=gettext_printf \ - ;; \ - esac; \ - test ! -f $(DOMAIN).po || { \ -+ sed -f grub.d.sed < $(DOMAIN).po > $(DOMAIN).1po && \ -+ mv $(DOMAIN).1po $(DOMAIN).po; \ - if test -f $(srcdir)/$(DOMAIN).pot; then \ - sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ - sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ --- -2.17.1 - diff -Nru grub2-2.04/debian/patches/gettext/0003-Make-msgfmt-output-in-little-endian.patch grub2-2.04/debian/patches/gettext/0003-Make-msgfmt-output-in-little-endian.patch --- grub2-2.04/debian/patches/gettext/0003-Make-msgfmt-output-in-little-endian.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gettext/0003-Make-msgfmt-output-in-little-endian.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -From 156c523e2945c9b43c5500fb93988b0dd2f08d75 Mon Sep 17 00:00:00 2001 -From: Vladimir Serbinenko -Date: Sun, 1 Mar 2020 12:09:25 +0000 -Subject: [PATCH 3/4] Make msgfmt output in little-endian - -GRUB expects this. ---- - gettext-runtime/po/Makefile.in.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in -index 32e0c99a2..f3ef54c39 100644 ---- a/gettext-runtime/po/Makefile.in.in -+++ b/gettext-runtime/po/Makefile.in.in -@@ -84,13 +84,13 @@ CATALOGS = @CATALOGS@ - - .po.mo: - @echo "$(MSGFMT) -c -o $@ $<"; \ -- $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@ -+ $(MSGFMT) --endianness=little -c -o t-$@ $< && mv t-$@ $@ - - .po.gmo: - @lang=`echo $* | sed -e 's,.*/,,'`; \ - test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ -- echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ -- cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo -+ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ -+ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo - - .sin.sed: - sed -e '/^#/d' $< > t-$@ --- -2.17.1 - diff -Nru grub2-2.04/debian/patches/gettext/0004-Use-SHELL-rather-than-bin-sh.patch grub2-2.04/debian/patches/gettext/0004-Use-SHELL-rather-than-bin-sh.patch --- grub2-2.04/debian/patches/gettext/0004-Use-SHELL-rather-than-bin-sh.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gettext/0004-Use-SHELL-rather-than-bin-sh.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From f36f12e77798223ee7ee882c0d09e0e63db11454 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Sun, 1 Mar 2020 12:14:07 +0000 -Subject: [PATCH 4/4] Use @SHELL rather than /bin/sh - -/bin/sh might not exist. ---- - gettext-runtime/po/Makefile.in.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in -index f3ef54c39..285a55a9d 100644 ---- a/gettext-runtime/po/Makefile.in.in -+++ b/gettext-runtime/po/Makefile.in.in -@@ -16,7 +16,7 @@ VERSION = @VERSION@ - PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ - - SED = @SED@ --SHELL = /bin/sh -+SHELL = @SHELL@ - @SET_MAKE@ - - srcdir = @srcdir@ --- -2.17.1 - diff -Nru grub2-2.04/debian/patches/gettext-quiet.patch grub2-2.04/debian/patches/gettext-quiet.patch --- grub2-2.04/debian/patches/gettext-quiet.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gettext-quiet.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 259b7fa08b66717709735370d05fc9eb64682484 Mon Sep 17 00:00:00 2001 +From 02b91d62746f4bde8349bbd605b18fb354a85048 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:02 +0000 Subject: Silence error messages when translations are unavailable @@ -13,7 +13,7 @@ 1 file changed, 5 insertions(+) diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 4d02e62c1..2a19389f2 100644 +index 4d02e62c10..2a19389f2a 100644 --- a/grub-core/gettext/gettext.c +++ b/grub-core/gettext/gettext.c @@ -427,6 +427,11 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, diff -Nru grub2-2.04/debian/patches/gfxpayload-dynamic.patch grub2-2.04/debian/patches/gfxpayload-dynamic.patch --- grub2-2.04/debian/patches/gfxpayload-dynamic.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gfxpayload-dynamic.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 2e91d5ab9adfb6a86b82b89715d6d9a7b3b52005 Mon Sep 17 00:00:00 2001 +From 40e9945c86cb9ea3d2a23789e7cdbce9905387e1 Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Mon, 13 Jan 2014 12:13:29 +0000 Subject: Add configure option to enable gfxpayload=keep dynamically @@ -23,7 +23,7 @@ create mode 100644 grub-core/commands/i386/pc/hwmatch.c diff --git a/configure.ac b/configure.ac -index 7dda5bb32..dbc429ce0 100644 +index 7dda5bb32b..dbc429ce0a 100644 --- a/configure.ac +++ b/configure.ac @@ -1879,6 +1879,17 @@ else @@ -45,7 +45,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 474a63e68..aadb4cdff 100644 +index 474a63e68c..aadb4cdff8 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -971,6 +971,14 @@ module = { @@ -65,7 +65,7 @@ common = commands/keystatus.c; diff --git a/grub-core/commands/i386/pc/hwmatch.c b/grub-core/commands/i386/pc/hwmatch.c new file mode 100644 -index 000000000..6de07cecc +index 0000000000..6de07cecc8 --- /dev/null +++ b/grub-core/commands/i386/pc/hwmatch.c @@ -0,0 +1,146 @@ @@ -216,7 +216,7 @@ + grub_unregister_command (cmd); +} diff --git a/include/grub/file.h b/include/grub/file.h -index 31567483c..e3c4cae2b 100644 +index 31567483cc..e3c4cae2b5 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -122,6 +122,7 @@ enum grub_file_type @@ -228,7 +228,7 @@ GRUB_FILE_TYPE_LOADENV, GRUB_FILE_TYPE_SAVEENV, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2be66c702..09393c28e 100644 +index 2be66c7028..09393c28ee 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -23,6 +23,7 @@ datarootdir="@datarootdir@" @@ -290,7 +290,7 @@ # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). submenu_indentation="" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 548e14856..fc99f16e7 100755 +index ec4b49d9d7..8cd7d12851 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -22,6 +22,7 @@ datarootdir="@datarootdir@" @@ -301,7 +301,7 @@ . "${pkgdatadir}/grub-mkconfig_lib" -@@ -713,6 +714,41 @@ generate_grub_menu_metadata() { +@@ -716,6 +717,41 @@ generate_grub_menu_metadata() { done } @@ -343,7 +343,7 @@ # Cache for prepare_grub_to_access_device call # $1: boot_device # $2: submenu_level -@@ -773,9 +809,11 @@ zfs_linux_entry () { +@@ -776,9 +812,11 @@ zfs_linux_entry () { if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then echo "${submenu_indentation} load_video" fi @@ -358,7 +358,7 @@ fi echo "${submenu_indentation} insmod gzio" -@@ -838,6 +876,8 @@ generate_grub_menu() { +@@ -841,6 +879,8 @@ generate_grub_menu() { GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" fi diff -Nru grub2-2.04/debian/patches/gfxpayload-keep-default.patch grub2-2.04/debian/patches/gfxpayload-keep-default.patch --- grub2-2.04/debian/patches/gfxpayload-keep-default.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/gfxpayload-keep-default.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 6da735cfaac928da6dc1283a15a669b1ddd07979 Mon Sep 17 00:00:00 2001 +From 6b3668640698cff6e0f57bba665a594c11f02841 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:09:45 +0200 Subject: Disable gfxpayload=keep by default @@ -24,7 +24,7 @@ 2 files changed, 8 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index a75096609..f839b3b55 100644 +index a75096609a..f839b3b55f 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -118,10 +118,6 @@ linux_entry () @@ -39,10 +39,10 @@ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then echo " load_video" | sed "s/^/$submenu_indentation/" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index f50e1231a..d27634738 100755 +index 5ec65fa941..b24587f0a5 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in -@@ -741,10 +741,6 @@ zfs_linux_entry () { +@@ -744,10 +744,6 @@ zfs_linux_entry () { # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then echo "${submenu_indentation} load_video" diff -Nru grub2-2.04/debian/patches/grub.cfg-400.patch grub2-2.04/debian/patches/grub.cfg-400.patch --- grub2-2.04/debian/patches/grub.cfg-400.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/grub.cfg-400.patch 2020-09-08 10:23:00.000000000 +0000 @@ -9,7 +9,7 @@ 1 file changed, 4 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 9f477ff05..45cd4cc54 100644 +index 9f477ff054..45cd4cc541 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do diff -Nru grub2-2.04/debian/patches/grub-install-backup-and-restore.patch grub2-2.04/debian/patches/grub-install-backup-and-restore.patch --- grub2-2.04/debian/patches/grub-install-backup-and-restore.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/grub-install-backup-and-restore.patch 2020-09-08 10:23:01.000000000 +0000 @@ -0,0 +1,175 @@ +From 229c7f88463e2ae9fbb891a286cba50b580f7bad Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 19 Aug 2020 01:49:09 +0100 +Subject: grub-install: Add backup and restore + +Refactor clean_grub_dir to create a backup of all the files, instead +of just irrevocably removing them as the first action. If available, +register on_exit handle to restore the backup if any errors occur, or +remove the backup if everything was successful. If on_exit is not +available, the backup remains on disk for manual recovery. + +This allows safer upgrades of MBR & modules, such that +modules/images/fonts/translations are consistent with MBR in case of +errors. For example accidental grub-install /dev/non-existent-disk +currently clobbers and upgrades modules in /boot/grub, despite not +actually updating any MBR. This increases peak disk-usage slightly, by +requiring temporarily twice the disk space to complete grub-install. + +Also add modinfo.sh to the cleanup/backup/restore codepath, to ensure +it is also cleaned / backed up / restored. + +Signed-off-by: Dimitri John Ledkov + +Patch-Name: grub-install-backup-and-restore.patch +--- + configure.ac | 2 +- + util/grub-install-common.c | 105 +++++++++++++++++++++++++++++++------ + 2 files changed, 91 insertions(+), 16 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 1819188f9f..6a88b9b0c0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -420,7 +420,7 @@ else + fi + + # Check for functions and headers. +-AC_CHECK_FUNCS(posix_memalign memalign getextmntent) ++AC_CHECK_FUNCS(posix_memalign memalign getextmntent on_exit) + AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h) + + # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 447504d3f4..a883b6daef 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -185,38 +185,113 @@ grub_install_mkdir_p (const char *dst) + free (t); + } + ++static int ++strcmp_ext (const char *a, const char *b, const char *ext) ++{ ++ char *bsuffix = grub_util_path_concat_ext (1, b, ext); ++ int r = strcmp (a, bsuffix); ++ free (bsuffix); ++ return r; ++} ++ ++enum clean_grub_dir_mode ++{ ++ CLEAN = 0, ++ CLEAN_BACKUP = 1, ++ CREATE_BACKUP = 2, ++ RESTORE_BACKUP = 3, ++}; ++ + static void +-clean_grub_dir (const char *di) ++clean_grub_dir_real (const char *di, enum clean_grub_dir_mode mode) + { + grub_util_fd_dir_t d; + grub_util_fd_dirent_t de; ++ char suffix[2] = ""; ++ ++ if ((mode == CLEAN_BACKUP) || (mode == RESTORE_BACKUP)) ++ { ++ strcpy (suffix, "-"); ++ } + + d = grub_util_fd_opendir (di); + if (!d) +- grub_util_error (_("cannot open directory `%s': %s"), +- di, grub_util_fd_strerror ()); ++ { ++ if (mode == CLEAN_BACKUP) ++ return; ++ grub_util_error (_("cannot open directory `%s': %s"), ++ di, grub_util_fd_strerror ()); ++ } + + while ((de = grub_util_fd_readdir (d))) + { + const char *ext = strrchr (de->d_name, '.'); +- if ((ext && (strcmp (ext, ".mod") == 0 +- || strcmp (ext, ".lst") == 0 +- || strcmp (ext, ".img") == 0 +- || strcmp (ext, ".mo") == 0) +- && strcmp (de->d_name, "menu.lst") != 0) +- || strcmp (de->d_name, "efiemu32.o") == 0 +- || strcmp (de->d_name, "efiemu64.o") == 0) ++ if ((ext && (strcmp_ext (ext, ".mod", suffix) == 0 ++ || strcmp_ext (ext, ".lst", suffix) == 0 ++ || strcmp_ext (ext, ".img", suffix) == 0 ++ || strcmp_ext (ext, ".mo", suffix) == 0) ++ && strcmp_ext (de->d_name, "menu.lst", suffix) != 0) ++ || strcmp_ext (de->d_name, "modinfo.sh", suffix) == 0 ++ || strcmp_ext (de->d_name, "efiemu32.o", suffix) == 0 ++ || strcmp_ext (de->d_name, "efiemu64.o", suffix) == 0) + { +- char *x = grub_util_path_concat (2, di, de->d_name); +- if (grub_util_unlink (x) < 0) +- grub_util_error (_("cannot delete `%s': %s"), x, +- grub_util_fd_strerror ()); +- free (x); ++ char *srcf = grub_util_path_concat (2, di, de->d_name); ++ ++ if (mode == CREATE_BACKUP) ++ { ++ char *dstf = grub_util_path_concat_ext (2, di, de->d_name, "-"); ++ if (grub_util_rename (srcf, dstf) < 0) ++ grub_util_error (_("cannot backup `%s': %s"), srcf, ++ grub_util_fd_strerror ()); ++ free (dstf); ++ } ++ else if (mode == RESTORE_BACKUP) ++ { ++ char *dstf = grub_util_path_concat_ext (2, di, de->d_name); ++ dstf[strlen (dstf) - 1] = 0; ++ if (grub_util_rename (srcf, dstf) < 0) ++ grub_util_error (_("cannot restore `%s': %s"), dstf, ++ grub_util_fd_strerror ()); ++ free (dstf); ++ } ++ else ++ { ++ if (grub_util_unlink (srcf) < 0) ++ grub_util_error (_("cannot delete `%s': %s"), srcf, ++ grub_util_fd_strerror ()); ++ } ++ free (srcf); + } + } + grub_util_fd_closedir (d); + } + ++static void ++restore_backup_on_exit (int status, void *arg) ++{ ++ if (status == 0) ++ { ++ clean_grub_dir_real ((char *) arg, CLEAN_BACKUP); ++ } ++ else ++ { ++ clean_grub_dir_real ((char *) arg, CLEAN); ++ clean_grub_dir_real ((char *) arg, RESTORE_BACKUP); ++ } ++ free (arg); ++ arg = NULL; ++} ++ ++static void ++clean_grub_dir (const char *di) ++{ ++ clean_grub_dir_real (di, CLEAN_BACKUP); ++ clean_grub_dir_real (di, CREATE_BACKUP); ++#if defined(HAVE_ON_EXIT) ++ on_exit (restore_backup_on_exit, strdup (di)); ++#endif ++} ++ + struct install_list + { + int is_default; diff -Nru grub2-2.04/debian/patches/grub-install-pvxen-paths.patch grub2-2.04/debian/patches/grub-install-pvxen-paths.patch --- grub2-2.04/debian/patches/grub-install-pvxen-paths.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/grub-install-pvxen-paths.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 4e813c89c93bba7da480824d617e87659295841b Mon Sep 17 00:00:00 2001 +From 66bbce074947abe680475dacfb1cde35b7c17ef3 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sat, 6 Sep 2014 12:20:12 +0100 Subject: grub-install: Install PV Xen binaries into the upstream specified @@ -28,7 +28,7 @@ 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 70d6700de..64c292383 100644 +index 70d6700de8..64c292383f 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2058,6 +2058,28 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/grub-legacy-0-based-partitions.patch grub2-2.04/debian/patches/grub-legacy-0-based-partitions.patch --- grub2-2.04/debian/patches/grub-legacy-0-based-partitions.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/grub-legacy-0-based-partitions.patch 2020-09-08 10:23:00.000000000 +0000 @@ -13,7 +13,7 @@ 1 file changed, 14 insertions(+) diff --git a/util/getroot.c b/util/getroot.c -index 847406fba..cdd41153c 100644 +index 847406fbab..cdd41153c5 100644 --- a/util/getroot.c +++ b/util/getroot.c @@ -245,6 +245,20 @@ find_partition (grub_disk_t dsk __attribute__ ((unused)), diff -Nru grub2-2.04/debian/patches/ieee1275-clear-reset.patch grub2-2.04/debian/patches/ieee1275-clear-reset.patch --- grub2-2.04/debian/patches/ieee1275-clear-reset.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ieee1275-clear-reset.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 07e29f9e7e317d74d41fed30c6a8ade4f301652c Mon Sep 17 00:00:00 2001 +From 8bec2a413fc7fe8f2a48d37d8127322ebc96971d Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 18:41:29 -0300 Subject: Include a text attribute reset in the clear command for ppc @@ -18,7 +18,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c -index d317efa36..63892ad42 100644 +index d317efa368..63892ad427 100644 --- a/grub-core/term/terminfo.c +++ b/grub-core/term/terminfo.c @@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_term_output *term, diff -Nru grub2-2.04/debian/patches/ignore-grub_func_test-failures.patch grub2-2.04/debian/patches/ignore-grub_func_test-failures.patch --- grub2-2.04/debian/patches/ignore-grub_func_test-failures.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ignore-grub_func_test-failures.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 11457a76c942775508953575e1b284f4c03ee192 Mon Sep 17 00:00:00 2001 +From a4eaed2b739501db9b1009cd778fc72e9670f9ce Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:32 +0000 Subject: Ignore functional test failures for now as they are broken @@ -14,7 +14,7 @@ 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/grub_func_test.in b/tests/grub_func_test.in -index c67f9e422..728cd6e06 100644 +index c67f9e4225..728cd6e066 100644 --- a/tests/grub_func_test.in +++ b/tests/grub_func_test.in @@ -16,6 +16,8 @@ out=`echo all_functional_test | @builddir@/grub-shell --timeout=3600 --files="/b diff -Nru grub2-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch grub2-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch --- grub2-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/insmod-xzio-and-lzopio-on-xen.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 125b4317bafb66a6e9381041102c7d789c296ea4 Mon Sep 17 00:00:00 2001 +From c58c9d77ccd16511db098247b5cbba5abcaac99f Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sun, 30 Nov 2014 12:12:52 +0000 Subject: Arrange to insmod xzio and lzopio when booting a kernel as a Xen @@ -21,7 +21,7 @@ 2 files changed, 2 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2c418c5ec..85b30084a 100644 +index 2c418c5ec8..85b30084ad 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -166,6 +166,7 @@ linux_entry () @@ -33,10 +33,10 @@ if [ x$dirname = x/ ]; then if [ -z "${prepare_root_cache}" ]; then diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index b068f0e96..efdb8afae 100755 +index 4477fa6061..4c48abef01 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in -@@ -835,6 +835,7 @@ zfs_linux_entry () { +@@ -838,6 +838,7 @@ zfs_linux_entry () { fi echo "${submenu_indentation} insmod gzio" diff -Nru grub2-2.04/debian/patches/install-efi-fallback.patch grub2-2.04/debian/patches/install-efi-fallback.patch --- grub2-2.04/debian/patches/install-efi-fallback.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/install-efi-fallback.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 342cbb4b33a6d47e7c1b645ace365203f31165e2 Mon Sep 17 00:00:00 2001 +From 8a5b764a450f0d67f940c2ffbe80eae053753c19 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:05 +0000 Subject: Fall back to non-EFI if booted using EFI but -efi is missing @@ -19,7 +19,7 @@ 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index e28a79dab..2e7f72086 100644 +index e28a79dab3..2e7f720869 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -19,10 +19,12 @@ diff -Nru grub2-2.04/debian/patches/install-efi-ubuntu-flavours.patch grub2-2.04/debian/patches/install-efi-ubuntu-flavours.patch --- grub2-2.04/debian/patches/install-efi-ubuntu-flavours.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/install-efi-ubuntu-flavours.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 6def03933e04c3f0d3bbcb37b96dc08d1ba67d74 Mon Sep 17 00:00:00 2001 +From 73faf5c430fe03ec081a838af0e96ad4c42ab26f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:27 +0000 Subject: Cope with Kubuntu setting GRUB_DISTRIBUTOR @@ -17,7 +17,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index e1e40cf2b..f0d59c180 100644 +index e1e40cf2b5..f0d59c1809 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1115,6 +1115,8 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/install-locale-langpack.patch grub2-2.04/debian/patches/install-locale-langpack.patch --- grub2-2.04/debian/patches/install-locale-langpack.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/install-locale-langpack.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 4f4b15148b61872395936b083eae7b843ac7d373 Mon Sep 17 00:00:00 2001 +From 50921522fab0f4ce529b6c7acd6354b1b3cff2b1 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:07 +0000 Subject: Prefer translations from Ubuntu language packs if available @@ -13,7 +13,7 @@ 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index ca0ac612a..fdfe2c7ea 100644 +index ca0ac612ac..fdfe2c7ead 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -609,17 +609,25 @@ get_localedir (void) diff -Nru grub2-2.04/debian/patches/install-powerpc-machtypes.patch grub2-2.04/debian/patches/install-powerpc-machtypes.patch --- grub2-2.04/debian/patches/install-powerpc-machtypes.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/install-powerpc-machtypes.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 6468fe3eb25e597acd0c80e3f7b5930472328d89 Mon Sep 17 00:00:00 2001 +From 2b3e762ebb12ce0d5a562dd36d23bca5d78aa61c Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 28 Jan 2014 14:40:02 +0000 Subject: Port yaboot logic for various powerpc machine types @@ -25,7 +25,7 @@ 6 files changed, 119 insertions(+), 6 deletions(-) diff --git a/grub-core/osdep/basic/platform.c b/grub-core/osdep/basic/platform.c -index a7dafd85a..6c293ed2d 100644 +index a7dafd85a9..6c293ed2d0 100644 --- a/grub-core/osdep/basic/platform.c +++ b/grub-core/osdep/basic/platform.c @@ -30,3 +30,8 @@ grub_install_get_default_x86_platform (void) @@ -38,7 +38,7 @@ + return "generic"; +} diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index 2e7f72086..5b37366d4 100644 +index 2e7f720869..5b37366d4d 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -24,6 +24,7 @@ @@ -125,7 +125,7 @@ + return machtype; +} diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 55b8f4016..9c439326a 100644 +index 55b8f40162..9c439326a0 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -218,13 +218,29 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, @@ -165,7 +165,7 @@ free (boot_device); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 7eb53fe01..e19a3d9a8 100644 +index 7eb53fe01b..e19a3d9a8a 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -128,6 +128,12 @@ grub_install_get_default_x86_platform (void) @@ -182,7 +182,7 @@ get_efi_variable (const wchar_t *varname, ssize_t *len) { diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 2631b1074..8aeb5c4f2 100644 +index 2631b10745..8aeb5c4f20 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -216,6 +216,9 @@ grub_install_get_default_arm_platform (void); @@ -196,7 +196,7 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index f0d59c180..70d6700de 100644 +index f0d59c1809..70d6700de8 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1177,7 +1177,18 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/install-stage2-confusion.patch grub2-2.04/debian/patches/install-stage2-confusion.patch --- grub2-2.04/debian/patches/install-stage2-confusion.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/install-stage2-confusion.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From d9969cb0267a40684bf7a60d70bfc3fc8a962a90 Mon Sep 17 00:00:00 2001 +From bd93043d187b87d8faa11135f3414d67da95a167 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:58 +0000 Subject: If GRUB Legacy is still around, tell packaging to ignore it @@ -13,7 +13,7 @@ 1 file changed, 14 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4b8..3b4606eef 100644 +index 8a55ad4b8d..3b4606eef1 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -42,6 +42,7 @@ diff -Nru grub2-2.04/debian/patches/maybe-quiet.patch grub2-2.04/debian/patches/maybe-quiet.patch --- grub2-2.04/debian/patches/maybe-quiet.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/maybe-quiet.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From f93cd4fda2916af2b70228878f97cb7bbdeb234d Mon Sep 17 00:00:00 2001 +From 139c9faecee68370e4b46d50ca51d0524029212c Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:20:15 +0200 Subject: Add configure option to reduce visual clutter at boot time @@ -47,7 +47,7 @@ 10 files changed, 118 insertions(+), 8 deletions(-) diff --git a/config.h.in b/config.h.in -index 9e8f9911b..d2c4ce8e5 100644 +index 9e8f9911b1..d2c4ce8e51 100644 --- a/config.h.in +++ b/config.h.in @@ -12,6 +12,8 @@ @@ -60,7 +60,7 @@ /* We don't need those. */ #define MINILZO_CFG_SKIP_LZO_PTR 1 diff --git a/configure.ac b/configure.ac -index 1e5abc67d..ea00ccd69 100644 +index 1e5abc67d9..ea00ccd691 100644 --- a/configure.ac +++ b/configure.ac @@ -1857,6 +1857,17 @@ else @@ -93,7 +93,7 @@ echo "*******************************************************" ] diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S -index 2bd0b2d28..b0c0f2225 100644 +index 2bd0b2d286..b0c0f2225e 100644 --- a/grub-core/boot/i386/pc/boot.S +++ b/grub-core/boot/i386/pc/boot.S @@ -19,6 +19,9 @@ @@ -125,7 +125,7 @@ movw $disk_address_packet, %si diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S -index c1addc0df..9b6d7a7ed 100644 +index c1addc0df2..9b6d7a7edc 100644 --- a/grub-core/boot/i386/pc/diskboot.S +++ b/grub-core/boot/i386/pc/diskboot.S @@ -18,6 +18,9 @@ @@ -205,7 +205,7 @@ notification_step: .asciz "." diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 9cad0c448..714b63d67 100644 +index 9cad0c4485..714b63d674 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -264,15 +264,25 @@ reclaim_module_space (void) @@ -248,7 +248,7 @@ grub_rescue_run (); } diff --git a/grub-core/kern/rescue_reader.c b/grub-core/kern/rescue_reader.c -index dcd7d4439..a93524eab 100644 +index dcd7d44397..a93524eabb 100644 --- a/grub-core/kern/rescue_reader.c +++ b/grub-core/kern/rescue_reader.c @@ -78,7 +78,9 @@ grub_rescue_read_line (char **line, int cont, @@ -262,7 +262,7 @@ while (1) { diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 1b03dfd57..0aa389fa1 100644 +index 1b03dfd57b..0aa389fa16 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -389,6 +389,15 @@ static grub_err_t @@ -292,7 +292,7 @@ while (1) { diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 3611ee9ea..ebf5a0f10 100644 +index 3611ee9ea7..ebf5a0f109 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -827,12 +827,18 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -339,7 +339,7 @@ if (auto_boot) grub_menu_execute_with_fallback (menu, e, autobooted, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index cb1cc200e..479a8bf4e 100644 +index cb1cc200e4..479a8bf4e5 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -21,6 +21,7 @@ prefix="@prefix@" @@ -386,7 +386,7 @@ EOF fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index c1dfe8ae8..1a656b2dd 100755 +index bd4f1a2123..3a0e6d1035 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -20,6 +20,7 @@ set -e @@ -397,7 +397,7 @@ . "${pkgdatadir}/grub-mkconfig_lib" -@@ -776,7 +777,9 @@ zfs_linux_entry () { +@@ -779,7 +780,9 @@ zfs_linux_entry () { echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" @@ -408,7 +408,7 @@ linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" if [ ${type} = "recovery" ]; then -@@ -785,7 +788,9 @@ zfs_linux_entry () { +@@ -788,7 +791,9 @@ zfs_linux_entry () { echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" diff -Nru grub2-2.04/debian/patches/mkconfig-loopback.patch grub2-2.04/debian/patches/mkconfig-loopback.patch --- grub2-2.04/debian/patches/mkconfig-loopback.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-loopback.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 4750b94c28b61e29d3f1bfce6bc7fa8f48c45526 Mon Sep 17 00:00:00 2001 +From 3883a00c8f4a4f59b6a677622776d5bf51337b65 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:00 +0000 Subject: Handle filesystems loop-mounted on file images @@ -21,7 +21,7 @@ 3 files changed, 34 insertions(+) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b6606c16e..b05df554d 100644 +index b6606c16e0..b05df554da 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -133,6 +133,22 @@ prepare_grub_to_access_device () @@ -63,7 +63,7 @@ grub_get_device_id () diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index f839b3b55..d927b60ae 100644 +index f839b3b55f..d927b60ae2 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -40,6 +40,11 @@ fi @@ -79,7 +79,7 @@ esac diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 96179ea61..9a8d42fb5 100644 +index 96179ea613..9a8d42fb57 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -40,6 +40,11 @@ fi diff -Nru grub2-2.04/debian/patches/mkconfig-mid-upgrade.patch grub2-2.04/debian/patches/mkconfig-mid-upgrade.patch --- grub2-2.04/debian/patches/mkconfig-mid-upgrade.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-mid-upgrade.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 8ce50d6419c04a49070868a4245664419e0901fa Mon Sep 17 00:00:00 2001 +From 16f168810740a2fd3defa4856ead7b8ded2d1fb5 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:03 +0000 Subject: Bail out if trying to run grub-mkconfig during upgrade to 2.00 @@ -20,7 +20,7 @@ 1 file changed, 7 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 45cd4cc54..b506d63bf 100644 +index 45cd4cc541..b506d63bf9 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -102,6 +102,13 @@ do diff -Nru grub2-2.04/debian/patches/mkconfig-nonexistent-loopback.patch grub2-2.04/debian/patches/mkconfig-nonexistent-loopback.patch --- grub2-2.04/debian/patches/mkconfig-nonexistent-loopback.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-nonexistent-loopback.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From c754f6529f31d14b1110f457e9244f6454a2ed4e Mon Sep 17 00:00:00 2001 +From 0a12aab871f0e938738305d89fc1e32915ea7fda Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:08 +0000 Subject: Avoid getting confused by inaccessible loop device backing paths @@ -14,7 +14,7 @@ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b05df554d..fe6319abe 100644 +index b05df554da..fe6319abe0 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -143,7 +143,7 @@ prepare_grub_to_access_device () @@ -27,7 +27,7 @@ esac ;; diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 775ceb2e0..b7e1147c4 100644 +index 775ceb2e04..b7e1147c41 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -219,6 +219,11 @@ EOF diff -Nru grub2-2.04/debian/patches/mkconfig-other-inits.patch grub2-2.04/debian/patches/mkconfig-other-inits.patch --- grub2-2.04/debian/patches/mkconfig-other-inits.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-other-inits.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 0564e92b1f182280d433e829406bdf91dd19a357 Mon Sep 17 00:00:00 2001 +From 22359dec23434867f467cb704aa771fd63e5ecd9 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 3 Jan 2015 12:04:59 +0000 Subject: Generate alternative init entries in advanced menu @@ -18,7 +18,7 @@ 2 files changed, 21 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 85b30084a..dff84edea 100644 +index 85b30084ad..dff84edea5 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,6 +32,7 @@ export TEXTDOMAIN=@PACKAGE@ @@ -53,7 +53,7 @@ linux_entry "${OS}" "${version}" recovery \ "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index f2ee0532b..81e5f0d7e 100644 +index f2ee0532bd..81e5f0d7e4 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -27,6 +27,7 @@ export TEXTDOMAIN=@PACKAGE@ diff -Nru grub2-2.04/debian/patches/mkconfig-recovery-title.patch grub2-2.04/debian/patches/mkconfig-recovery-title.patch --- grub2-2.04/debian/patches/mkconfig-recovery-title.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-recovery-title.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 0636b004bd56946dd24ce0afff820f9ed76da34b Mon Sep 17 00:00:00 2001 +From cc1216264113d2471a5ee5d472358e265fde1ab5 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:33 +0000 Subject: Add GRUB_RECOVERY_TITLE option @@ -22,7 +22,7 @@ 8 files changed, 21 insertions(+), 11 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index a835d0ae4..3ec35d315 100644 +index a835d0ae42..3ec35d315a 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1536,6 +1536,11 @@ a console is restricted or limited. @@ -38,7 +38,7 @@ The following options are still accepted for compatibility with existing diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 307214310..9c1da6477 100644 +index 3072143105..9c1da64771 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -196,6 +196,10 @@ GRUB_ACTUAL_DEFAULT="$GRUB_DEFAULT" @@ -63,7 +63,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_hurd.in b/util/grub.d/10_hurd.in -index 59a9a48a2..7fa3a3fbd 100644 +index 59a9a48a2f..7fa3a3fbd8 100644 --- a/util/grub.d/10_hurd.in +++ b/util/grub.d/10_hurd.in @@ -88,8 +88,8 @@ hurd_entry () { @@ -78,7 +78,7 @@ title="$(gettext_printf "%s, with Hurd %s" "${OS}" "${kernel_base}")" oldtitle="$OS using $kernel_base" diff --git a/util/grub.d/10_kfreebsd.in b/util/grub.d/10_kfreebsd.in -index 9d8e8fd85..8301d361a 100644 +index 9d8e8fd852..8301d361a1 100644 --- a/util/grub.d/10_kfreebsd.in +++ b/util/grub.d/10_kfreebsd.in @@ -76,7 +76,7 @@ kfreebsd_entry () @@ -91,7 +91,7 @@ title="$(gettext_printf "%s, with kFreeBSD %s" "${os}" "${version}")" fi diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index cc2dd855a..2c418c5ec 100644 +index cc2dd855ab..2c418c5ec8 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -130,7 +130,7 @@ linux_entry () @@ -104,10 +104,10 @@ title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; esac diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index b636dc7bb..b068f0e96 100755 +index 48a4e68976..4477fa6061 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in -@@ -954,7 +954,7 @@ generate_grub_menu() { +@@ -957,7 +957,7 @@ generate_grub_menu() { GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then @@ -116,7 +116,7 @@ zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" fi at_least_one_entry=1 -@@ -982,9 +982,9 @@ generate_grub_menu() { +@@ -985,9 +985,9 @@ generate_grub_menu() { GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then @@ -128,7 +128,7 @@ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" fi # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) -@@ -994,7 +994,7 @@ generate_grub_menu() { +@@ -997,7 +997,7 @@ generate_grub_menu() { GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then @@ -138,7 +138,7 @@ fi diff --git a/util/grub.d/10_netbsd.in b/util/grub.d/10_netbsd.in -index 874f59969..bb29cc046 100644 +index 874f59969e..bb29cc0468 100644 --- a/util/grub.d/10_netbsd.in +++ b/util/grub.d/10_netbsd.in @@ -102,7 +102,7 @@ netbsd_entry () @@ -151,7 +151,7 @@ title="$(gettext_printf "%s, with kernel %s (via %s)" "${OS}" "$(echo ${kernel} | sed -e 's,^.*/,,')" "${loader}")" fi diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 9a8d42fb5..f2ee0532b 100644 +index 9a8d42fb57..f2ee0532bd 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -105,7 +105,7 @@ linux_entry () diff -Nru grub2-2.04/debian/patches/mkconfig-signed-kernel.patch grub2-2.04/debian/patches/mkconfig-signed-kernel.patch --- grub2-2.04/debian/patches/mkconfig-signed-kernel.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-signed-kernel.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 956c3d193e7c756f52fc0cfda463eb17ed58b4ce Mon Sep 17 00:00:00 2001 +From 16c328eee53e3fe8c24db8c2438a7410755c58db Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:17:45 +0200 Subject: Generate configuration for signed UEFI kernels if available @@ -13,7 +13,7 @@ 2 files changed, 36 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 19e4df4ad..cb1cc200e 100644 +index 19e4df4ad8..cb1cc200e4 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -165,8 +165,16 @@ linux_entry () @@ -48,7 +48,7 @@ basename=`basename $linux` dirname=`dirname $linux` diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index bd5b963b6..c1dfe8ae8 100755 +index 7f88e771e0..bd4f1a2123 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -339,6 +339,16 @@ try_default_layout_bpool() { @@ -68,7 +68,7 @@ # Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used # $1 is dataset we want information from # $2 is the temporary mount directory to use -@@ -409,6 +419,17 @@ get_dataset_info() { +@@ -412,6 +422,17 @@ get_dataset_info() { continue fi diff -Nru grub2-2.04/debian/patches/mkconfig-ubuntu-distributor.patch grub2-2.04/debian/patches/mkconfig-ubuntu-distributor.patch --- grub2-2.04/debian/patches/mkconfig-ubuntu-distributor.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-ubuntu-distributor.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 5cddc9390afad242b31604806e8fb46ca92bf891 Mon Sep 17 00:00:00 2001 +From 77ada294ae9feca7e4202f454ddf56245eee16bf Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:13:14 +0000 Subject: Remove GNU/Linux from default distributor string for Ubuntu @@ -17,7 +17,7 @@ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index fcd303387..19e4df4ad 100644 +index fcd3033872..19e4df4ad8 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,7 +32,14 @@ CLASS="--class gnu-linux --class gnu --class os" @@ -37,10 +37,10 @@ fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 5db1f6682..bd5b963b6 100755 +index de4d215900..7f88e771e0 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in -@@ -787,7 +787,14 @@ generate_grub_menu() { +@@ -790,7 +790,14 @@ generate_grub_menu() { if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then OS=GNU/Linux else diff -Nru grub2-2.04/debian/patches/mkconfig-ubuntu-recovery.patch grub2-2.04/debian/patches/mkconfig-ubuntu-recovery.patch --- grub2-2.04/debian/patches/mkconfig-ubuntu-recovery.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkconfig-ubuntu-recovery.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From fb4d204572ca4dec63b3d3f25a3b69da97815726 Mon Sep 17 00:00:00 2001 +From 51814873e68db3d990a080f705e6562ef140b416 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Tue, 31 Mar 2020 15:16:36 +0200 Subject: "single" -> "recovery" when friendly-recovery is installed @@ -24,7 +24,7 @@ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac -index 7656f2434..1e5abc67d 100644 +index 7656f2434e..1e5abc67d9 100644 --- a/configure.ac +++ b/configure.ac @@ -1846,6 +1846,17 @@ fi @@ -46,7 +46,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index d927b60ae..fcd303387 100644 +index d927b60ae2..fcd3033872 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -20,6 +20,7 @@ set -e @@ -94,7 +94,7 @@ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index d27634738..5db1f6682 100755 +index b24587f0a5..de4d215900 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -19,6 +19,7 @@ set -e @@ -105,7 +105,7 @@ . "${pkgdatadir}/grub-mkconfig_lib" -@@ -745,7 +746,9 @@ zfs_linux_entry () { +@@ -748,7 +749,9 @@ zfs_linux_entry () { if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then echo "${submenu_indentation} load_video" fi @@ -116,7 +116,7 @@ fi echo "${submenu_indentation} insmod gzio" -@@ -756,7 +759,7 @@ zfs_linux_entry () { +@@ -759,7 +762,7 @@ zfs_linux_entry () { linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" if [ ${type} = "recovery" ]; then @@ -125,7 +125,7 @@ fi echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" -@@ -788,6 +791,14 @@ generate_grub_menu() { +@@ -791,6 +794,14 @@ generate_grub_menu() { CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" fi @@ -141,7 +141,7 @@ # IFS is set to TAB (ASCII 0x09) echo "${menu_metadata}" | diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 515a68c7a..775ceb2e0 100644 +index 515a68c7aa..775ceb2e04 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -220,7 +220,7 @@ EOF diff -Nru grub2-2.04/debian/patches/mkrescue-efi-modules.patch grub2-2.04/debian/patches/mkrescue-efi-modules.patch --- grub2-2.04/debian/patches/mkrescue-efi-modules.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/mkrescue-efi-modules.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 40df0707380bf528d9f849b065c3a5e4e96113ac Mon Sep 17 00:00:00 2001 +From 20edd1abb590756c35b886849a15d17d80f82170 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:12:59 +0000 Subject: Build vfat into EFI boot images @@ -14,7 +14,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index ce2cbc4f1..45d6140d3 100644 +index ce2cbc4f10..45d6140d3e 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -750,6 +750,7 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch grub2-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch --- grub2-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/net-read-bracketed-ipv6-addr.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 5b535ee06d2b6e98a6b9c7d1a79ff611e10e1b0a Mon Sep 17 00:00:00 2001 +From 370386aaaed787b4b9082cd75f155f1b21350878 Mon Sep 17 00:00:00 2001 From: Aaron Miller Date: Thu, 27 Oct 2016 17:39:49 -0400 Subject: net: read bracketed ipv6 addrs and port numbers @@ -16,7 +16,7 @@ 4 files changed, 110 insertions(+), 11 deletions(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 5aa4ad3be..f182d7b87 100644 +index 5aa4ad3bef..f182d7b871 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -312,12 +312,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) @@ -74,7 +74,7 @@ file); if (!data->sock) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d5d726a31..b917a75d5 100644 +index d5d726a315..b917a75d54 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -437,6 +437,12 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) @@ -211,7 +211,7 @@ } } diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7d90bf66e..a0817a075 100644 +index 7d90bf66e7..a0817a075d 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -314,6 +314,7 @@ tftp_open (struct grub_file *file, const char *filename) @@ -241,7 +241,7 @@ if (!data->sock) { diff --git a/include/grub/net.h b/include/grub/net.h -index 4a9069a14..cc114286e 100644 +index 4a9069a147..cc114286ea 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -270,6 +270,7 @@ typedef struct grub_net diff -Nru grub2-2.04/debian/patches/no-devicetree-if-secure-boot.patch grub2-2.04/debian/patches/no-devicetree-if-secure-boot.patch --- grub2-2.04/debian/patches/no-devicetree-if-secure-boot.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/no-devicetree-if-secure-boot.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From e7c4e6c655bc9eebdd22fb6f3d9b2aafabffa1b4 Mon Sep 17 00:00:00 2001 +From 7419d200192a1214872a70852200922529baa7b8 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 24 Apr 2019 10:03:04 -0400 Subject: Forbid the "devicetree" command when Secure Boot is enabled. @@ -17,7 +17,7 @@ 2 files changed, 20 insertions(+) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 51684914c..092e8e307 100644 +index 51684914cf..092e8e3077 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -30,6 +30,10 @@ @@ -47,7 +47,7 @@ if (!dtb) return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index ee9c5592c..f0c2d91be 100644 +index ee9c5592c7..f0c2d91be2 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -123,6 +123,14 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), diff -Nru grub2-2.04/debian/patches/no-insmod-on-sb.patch grub2-2.04/debian/patches/no-insmod-on-sb.patch --- grub2-2.04/debian/patches/no-insmod-on-sb.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/no-insmod-on-sb.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 98ac694bdd7938cdfcd5615cc78e3211a0bcba93 Mon Sep 17 00:00:00 2001 +From df8702b930179447a7ecaf8bb0f9842522967a41 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 13 Jan 2014 12:13:09 +0000 Subject: Don't permit loading modules on UEFI secure boot @@ -16,7 +16,7 @@ 3 files changed, 42 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 48eb5e7b6..074dfc3c6 100644 +index 48eb5e7b62..074dfc3c6f 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -38,6 +38,10 @@ @@ -47,7 +47,7 @@ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb905..96204e39b 100644 +index 6e1ceb9051..96204e39b9 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -86,7 +86,7 @@ /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index e90e00dc4..a237952b3 100644 +index e90e00dc43..a237952b37 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -82,6 +82,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, diff -Nru grub2-2.04/debian/patches/olpc-prefix-hack.patch grub2-2.04/debian/patches/olpc-prefix-hack.patch --- grub2-2.04/debian/patches/olpc-prefix-hack.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/olpc-prefix-hack.patch 2020-09-08 10:23:00.000000000 +0000 @@ -11,7 +11,7 @@ 1 file changed, 11 insertions(+) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d483e35ee..8b089b48d 100644 +index d483e35eed..8b089b48d0 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -76,6 +76,7 @@ grub_exit (void) diff -Nru grub2-2.04/debian/patches/ppc64el-disable-vsx.patch grub2-2.04/debian/patches/ppc64el-disable-vsx.patch --- grub2-2.04/debian/patches/ppc64el-disable-vsx.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ppc64el-disable-vsx.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 0bdaf481feca277ee87f42052fad4a59ede0c8e4 Mon Sep 17 00:00:00 2001 +From 7736a6a5e58402b8f88d053ce2409b2d16262be5 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 19:33:39 -0300 Subject: Disable VSX instruction @@ -21,7 +21,7 @@ 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/powerpc/ieee1275/startup.S b/grub-core/kern/powerpc/ieee1275/startup.S -index 21c884b43..de9a9601a 100644 +index 21c884b433..de9a9601a9 100644 --- a/grub-core/kern/powerpc/ieee1275/startup.S +++ b/grub-core/kern/powerpc/ieee1275/startup.S @@ -20,6 +20,8 @@ diff -Nru grub2-2.04/debian/patches/probe-fusionio.patch grub2-2.04/debian/patches/probe-fusionio.patch --- grub2-2.04/debian/patches/probe-fusionio.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/probe-fusionio.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 738369f06f930cedd51f22f9d519a09aa7e73176 Mon Sep 17 00:00:00 2001 +From c89a80f695775566c7f184ec19b4ad34f58906bb Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:31 +0000 Subject: Probe FusionIO devices @@ -14,7 +14,7 @@ 2 files changed, 32 insertions(+) diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 90d92d3ad..7adc0f30e 100644 +index 90d92d3ad5..7adc0f30ee 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -950,6 +950,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, @@ -38,7 +38,7 @@ return path; diff --git a/util/deviceiter.c b/util/deviceiter.c -index a4971ef42..dddc50da7 100644 +index a4971ef429..dddc50da7a 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -383,6 +383,12 @@ get_nvme_disk_name (char *name, int controller, int namespace) diff -Nru grub2-2.04/debian/patches/quick-boot-lvm.patch grub2-2.04/debian/patches/quick-boot-lvm.patch --- grub2-2.04/debian/patches/quick-boot-lvm.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/quick-boot-lvm.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From ff47caaf5a89c61bb85e7ed22570b24481b9ff15 Mon Sep 17 00:00:00 2001 +From 193f060dd7c98d850e81a0b73383ff19c4374d64 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 30 Oct 2018 15:04:16 -0700 Subject: If we don't have writable grubenv and we're on EFI, always show the @@ -26,7 +26,7 @@ 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 674a76140..b7135b655 100644 +index 674a761402..b7135b655f 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -115,7 +115,7 @@ EOF diff -Nru grub2-2.04/debian/patches/quick-boot.patch grub2-2.04/debian/patches/quick-boot.patch --- grub2-2.04/debian/patches/quick-boot.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/quick-boot.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From a62555d9b0bc27ecf2c018018d61589ebdf15321 Mon Sep 17 00:00:00 2001 +From a34a2ebb74968f6a460fd0f90c545f3e847a3411 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:28 +0000 Subject: Add configure option to bypass boot menu if possible @@ -34,7 +34,7 @@ 8 files changed, 146 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac -index ea00ccd69..7dda5bb32 100644 +index ea00ccd691..7dda5bb32b 100644 --- a/configure.ac +++ b/configure.ac @@ -1868,6 +1868,17 @@ else @@ -56,7 +56,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/docs/grub.texi b/docs/grub.texi -index 87795075a..a835d0ae4 100644 +index 87795075a8..a835d0ae42 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1522,6 +1522,20 @@ This option may be set to a list of GRUB module names separated by spaces. @@ -81,7 +81,7 @@ The following options are still accepted for compatibility with existing diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index ebf5a0f10..42c82290d 100644 +index ebf5a0f109..42c82290de 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -604,6 +604,30 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -116,7 +116,7 @@ { pos = grub_term_save_pos (); diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index d18bf972f..307214310 100644 +index d18bf972f7..3072143105 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -250,7 +250,8 @@ export GRUB_DEFAULT \ @@ -130,7 +130,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 93a90233e..674a76140 100644 +index 93a90233ea..674a761402 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -21,6 +21,8 @@ prefix="@prefix@" @@ -259,7 +259,7 @@ EOF } diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 479a8bf4e..2be66c702 100644 +index 479a8bf4e5..2be66c7028 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -22,6 +22,7 @@ exec_prefix="@exec_prefix@" @@ -281,7 +281,7 @@ save_default_entry | grub_add_tab fi diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index 1a656b2dd..548e14856 100755 +index 3a0e6d1035..ec4b49d9d7 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -21,6 +21,7 @@ prefix="@prefix@" @@ -292,7 +292,7 @@ . "${pkgdatadir}/grub-mkconfig_lib" -@@ -752,6 +753,10 @@ zfs_linux_entry () { +@@ -755,6 +756,10 @@ zfs_linux_entry () { echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" @@ -304,7 +304,7 @@ GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} default_entry="$(save_default_entry)" diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 271044f59..da5f28876 100644 +index 271044f592..da5f28876d 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -20,12 +20,26 @@ set -e diff -Nru grub2-2.04/debian/patches/restore-mkdevicemap.patch grub2-2.04/debian/patches/restore-mkdevicemap.patch --- grub2-2.04/debian/patches/restore-mkdevicemap.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/restore-mkdevicemap.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 6db8234a46f194578fb414730dd3ea80a60b13d4 Mon Sep 17 00:00:00 2001 +From 9e77654bae1ee822ee7ae4e90e5f043105388ee4 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:01 +0000 Subject: Restore grub-mkdevicemap @@ -28,7 +28,7 @@ create mode 100644 util/grub-mkdevicemap.c diff --git a/Makefile.util.def b/Makefile.util.def -index bac85e284..eec1924b0 100644 +index bac85e2840..eec1924b0e 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -324,6 +324,23 @@ program = { @@ -57,7 +57,7 @@ installdir = sbin; diff --git a/docs/man/grub-mkdevicemap.h2m b/docs/man/grub-mkdevicemap.h2m new file mode 100644 -index 000000000..96cd6ee72 +index 0000000000..96cd6ee723 --- /dev/null +++ b/docs/man/grub-mkdevicemap.h2m @@ -0,0 +1,4 @@ @@ -67,7 +67,7 @@ +.BR grub-probe (8) diff --git a/include/grub/util/deviceiter.h b/include/grub/util/deviceiter.h new file mode 100644 -index 000000000..85374978c +index 0000000000..85374978c5 --- /dev/null +++ b/include/grub/util/deviceiter.h @@ -0,0 +1,14 @@ @@ -87,7 +87,7 @@ +#endif /* ! GRUB_DEVICEITER_MACHINE_UTIL_HEADER */ diff --git a/util/deviceiter.c b/util/deviceiter.c new file mode 100644 -index 000000000..a4971ef42 +index 0000000000..a4971ef429 --- /dev/null +++ b/util/deviceiter.c @@ -0,0 +1,1021 @@ @@ -1114,7 +1114,7 @@ +} diff --git a/util/devicemap.c b/util/devicemap.c new file mode 100644 -index 000000000..c61864420 +index 0000000000..c61864420a --- /dev/null +++ b/util/devicemap.c @@ -0,0 +1,13 @@ @@ -1133,7 +1133,7 @@ +} diff --git a/util/grub-mkdevicemap.c b/util/grub-mkdevicemap.c new file mode 100644 -index 000000000..c4bbdbf69 +index 0000000000..c4bbdbf69c --- /dev/null +++ b/util/grub-mkdevicemap.c @@ -0,0 +1,181 @@ diff -Nru grub2-2.04/debian/patches/series grub2-2.04/debian/patches/series --- grub2-2.04/debian/patches/series 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/series 2020-09-08 10:23:01.000000000 +0000 @@ -62,7 +62,6 @@ ubuntu-add-initrd-less-boot-fallback.patch ubuntu-mkconfig-leave-breadcrumbs.patch ubuntu-fix-lzma-decompressor-objcopy.patch -ubuntu-clear-invalid-initrd-spacing.patch ubuntu-temp-keep-auto-nvram.patch ubuntu-add-devicetree-command-support.patch ubuntu-boot-from-multipath-dependent-symlink.patch @@ -72,10 +71,39 @@ cherrypick-lsefisystab-define-smbios3.patch cherrypick-smbios-module.patch cherrypick-lsefisystab-show-dtb.patch -0075-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch -0076-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch -0077-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch -0078-ubuntu-Update-the-linux-boot-protocol-version-check.patch +0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch +0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch +0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch +0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch ubuntu-resilient-boot-ignore-alternative-esps.patch ubuntu-resilient-boot-boot-order.patch ubuntu-speed-zsys-history.patch +0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch +0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch +0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch +0084-calloc-Use-calloc-at-most-places.patch +0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch +0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch +0087-font-Do-not-load-more-than-one-NAME-section.patch +0088-gfxmenu-Fix-double-free-in-load_image.patch +0089-lzma-Make-sure-we-don-t-dereference-past-array.patch +0090-tftp-Do-not-use-priority-queue.patch +0091-script-Remove-unused-fields-from-grub_script_functio.patch +0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch +0093-hfsplus-fix-two-more-overflows.patch +0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch +0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch +0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch +0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch +0098-efi-Fix-use-after-free-in-halt-reboot-path.patch +0099-chainloader-Avoid-a-double-free-when-validation-fail.patch +0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch +0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch +0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch +0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch +0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch +0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +ubuntu-flavour-order.patch +ubuntu-dont-verify-loopback-images.patch +ubuntu-recovery-dis_ucode_ldr.patch +grub-install-backup-and-restore.patch diff -Nru grub2-2.04/debian/patches/skip-grub_cmd_set_date.patch grub2-2.04/debian/patches/skip-grub_cmd_set_date.patch --- grub2-2.04/debian/patches/skip-grub_cmd_set_date.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/skip-grub_cmd_set_date.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From e37f5abdb9057be5d79ec34bab535ff059fa6b7f Mon Sep 17 00:00:00 2001 +From 0bd95cc9927bd92aa12a5fa9ba6ffd11ffc8b910 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 28 Oct 2018 19:45:56 +0000 Subject: Skip flaky grub_cmd_set_date test @@ -12,7 +12,7 @@ 1 file changed, 3 insertions(+) diff --git a/tests/grub_cmd_set_date.in b/tests/grub_cmd_set_date.in -index aac120a6c..1bb5be4ca 100644 +index aac120a6c5..1bb5be4ca7 100644 --- a/tests/grub_cmd_set_date.in +++ b/tests/grub_cmd_set_date.in @@ -1,6 +1,9 @@ diff -Nru grub2-2.04/debian/patches/sleep-shift.patch grub2-2.04/debian/patches/sleep-shift.patch --- grub2-2.04/debian/patches/sleep-shift.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/sleep-shift.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 8ff02f24d30da862a7ffe530aa2ff692ad8f1b06 Mon Sep 17 00:00:00 2001 +From e731dba24511ce3c9a06923db223ddd337798719 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:23 +0000 Subject: Allow Shift to interrupt 'sleep --interruptible' @@ -17,7 +17,7 @@ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/grub-core/commands/sleep.c b/grub-core/commands/sleep.c -index e77e7900f..3906b1410 100644 +index e77e7900fa..3906b14103 100644 --- a/grub-core/commands/sleep.c +++ b/grub-core/commands/sleep.c @@ -46,6 +46,31 @@ do_print (int n) @@ -62,7 +62,7 @@ return 0; diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d5e0c79a7..3611ee9ea 100644 +index d5e0c79a70..3611ee9ea7 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -615,8 +615,27 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) diff -Nru grub2-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch grub2-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch --- grub2-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-add-devicetree-command-support.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From a30c330fb776934ef1dbaa9784960172650ecdfa Mon Sep 17 00:00:00 2001 +From 56ec016fe65a634c583cd347fc4e90992cb0c111 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 22 May 2019 19:57:29 +0100 Subject: Add devicetree command, if a dtb is present. @@ -14,10 +14,10 @@ 1 file changed, 19 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index a95992a77..d6937cfef 100644 +index af1e096bd6..bbf5d73e39 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -240,6 +240,17 @@ EOF +@@ -254,6 +254,17 @@ EOF EOF fi fi @@ -35,7 +35,7 @@ fi sed "s/^/$submenu_indentation/" << EOF } -@@ -378,6 +389,14 @@ while [ "x$list" != "x" ] ; do +@@ -389,6 +400,14 @@ while [ "x$list" != "x" ] ; do gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 fi diff -Nru grub2-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch grub2-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch --- grub2-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From f44b20b94883a77b5f8ef8370bedb8457456907d Mon Sep 17 00:00:00 2001 +From 978947c3f5d769ee423c73418783ec4ef8f7ab3b Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Fri, 9 Mar 2018 13:47:07 +0100 Subject: UBUNTU: Added initrd-less boot capabilities. @@ -11,15 +11,15 @@ Patch-Name: ubuntu-add-initrd-less-boot-fallback.patch --- Makefile.am | 3 ++ - configure.ac | 10 +++++++ - grub-initrd-fallback.service | 12 ++++++++ - util/grub.d/00_header.in | 27 +++++++++++++++++ - util/grub.d/10_linux.in | 56 +++++++++++++++++++++++++----------- - 5 files changed, 91 insertions(+), 17 deletions(-) + configure.ac | 10 ++++++ + grub-initrd-fallback.service | 12 +++++++ + util/grub.d/00_header.in | 27 ++++++++++++++ + util/grub.d/10_linux.in | 68 +++++++++++++++++++++++++++--------- + 5 files changed, 104 insertions(+), 16 deletions(-) create mode 100644 grub-initrd-fallback.service diff --git a/Makefile.am b/Makefile.am -index 1f4bb9b8c..e6a220711 100644 +index 1f4bb9b8c5..e6a220711e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -473,6 +473,9 @@ ChangeLog: FORCE @@ -33,7 +33,7 @@ syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg diff --git a/configure.ac b/configure.ac -index 883245553..1819188f9 100644 +index 883245553d..1819188f9f 100644 --- a/configure.ac +++ b/configure.ac @@ -305,6 +305,16 @@ AC_SUBST(grubdirname) @@ -55,7 +55,7 @@ # diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service new file mode 100644 -index 000000000..48778c9f7 +index 0000000000..48778c9f76 --- /dev/null +++ b/grub-initrd-fallback.service @@ -0,0 +1,12 @@ @@ -72,7 +72,7 @@ +[Install] +WantedBy=multi-user.target rescue.target emergency.target diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index b7135b655..2642f66c5 100644 +index b7135b655f..2642f66c59 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -50,6 +50,18 @@ if [ -s \$prefix/grubenv ]; then @@ -117,7 +117,7 @@ cat < Date: Tue, 6 Aug 2019 12:31:47 +1200 Subject: UBUNTU: Boot from multipath-dependent symlink when / is multipathed. @@ -16,7 +16,7 @@ 1 file changed, 41 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index d6937cfef..3eb0e6936 100644 +index bbf5d73e39..14a89ba13d 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -65,6 +65,47 @@ esac diff -Nru grub2-2.04/debian/patches/ubuntu-clear-invalid-initrd-spacing.patch grub2-2.04/debian/patches/ubuntu-clear-invalid-initrd-spacing.patch --- grub2-2.04/debian/patches/ubuntu-clear-invalid-initrd-spacing.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-clear-invalid-initrd-spacing.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -From a5307d00cee7f22074b89f393cb99c968f657ddb Mon Sep 17 00:00:00 2001 -From: Mathieu Trudel-Lapierre -Date: Thu, 11 Jul 2019 09:07:47 -0400 -Subject: UBUNTU: Clear up incorrect spacing when not using early initrds - -Signed-off-by: Mathieu Trudel-Lapierre -Patch-Name: ubuntu-clear-invalid-initrd-spacing.patch ---- - util/grub.d/10_linux.in | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 13f39b9f6..a95992a77 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -366,7 +366,10 @@ while [ "x$list" != "x" ] ; do - - initrd= - if test -n "${initrd_early}" || test -n "${initrd_real}"; then -- initrd="${initrd_early} ${initrd_real}" -+ initrd="${initrd_real}" -+ if test -n "${initrd_early}"; then -+ initrd="${initrd_early} ${initrd}" -+ fi - - initrd_display= - for i in ${initrd}; do diff -Nru grub2-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch grub2-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch --- grub2-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-dont-verify-loopback-images.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,37 @@ +From 7cb405298d3729d88b4e4ebc46ca1fc9b644bd6b Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Mon, 1 Jun 2020 14:03:37 +0100 +Subject: UBUNTU: disk/loopback: Don't verify loopback images + +When a file is verified, the entire contents of the verified file are +loaded in to memory and retained until the file handle is closed. A +consequence of this is that opening a loopback image can incur a +significant memory cost. + +As loopback devices are just another disk implementation, don't treat +loopback images any differently to physical disk images, and skip +verification of them. Files opened from the filesystem within a loopback +image will still be passed to verifier modules where required. + +Signed-off-by: Chris Coulson +LP: #1878541 +Forwarded: yes, https://lists.gnu.org/archive/html/grub-devel/2020-06/msg00002.html +Patch-Name: ubuntu-dont-verify-loopback-images.patch +--- + grub-core/disk/loopback.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c +index ccb4b167cc..210201d22d 100644 +--- a/grub-core/disk/loopback.c ++++ b/grub-core/disk/loopback.c +@@ -86,7 +86,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + + file = grub_file_open (args[1], GRUB_FILE_TYPE_LOOPBACK +- | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ | GRUB_FILE_TYPE_NO_DECOMPRESS | ++ GRUB_FILE_TYPE_SKIP_SIGNATURE); + if (! file) + return grub_errno; + diff -Nru grub2-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch grub2-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch --- grub2-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From fdcce3de9327b0c8009054baa1ed13fb8572e1ac Mon Sep 17 00:00:00 2001 +From aa08be99df3978b44838e60f571fc965d9d963c4 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 27 Nov 2019 23:12:35 +0000 Subject: UBUNTU: Allow chainloading EFI apps from loop mounts. @@ -15,7 +15,7 @@ create mode 100644 include/grub/loopback.h diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c -index cdf9123fa..ccb4b167c 100644 +index cdf9123fa5..ccb4b167cc 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -21,20 +21,13 @@ @@ -41,7 +41,7 @@ static unsigned long last_id = 0; diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index ec80f415b..04e815c05 100644 +index ec80f415b8..04e815c052 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -24,6 +24,7 @@ @@ -91,7 +91,7 @@ diff --git a/include/grub/loopback.h b/include/grub/loopback.h new file mode 100644 -index 000000000..3b9a9e32e +index 0000000000..3b9a9e32e8 --- /dev/null +++ b/include/grub/loopback.h @@ -0,0 +1,30 @@ diff -Nru grub2-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch grub2-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch --- grub2-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From ab83d387cda5158fd4a3940dc067c55a6ee7f9f4 Mon Sep 17 00:00:00 2001 +From a097dd966d2a0073a3f2f30f868fae351b74fda4 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Tue, 6 Mar 2018 17:11:15 +0100 Subject: UBUNTU: EFI: Do not set text-mode until we actually need it @@ -15,7 +15,7 @@ 1 file changed, 45 insertions(+), 23 deletions(-) diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index 4840cc59d..b61da7d0d 100644 +index 4840cc59d3..b61da7d0d0 100644 --- a/grub-core/term/efi/console.c +++ b/grub-core/term/efi/console.c @@ -24,6 +24,11 @@ diff -Nru grub2-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch grub2-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch --- grub2-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 56715cae7b821ff8395078ff79a4a2ee937cb4db Mon Sep 17 00:00:00 2001 +From a0fdddf679ce3ac17b6de7a5c01c99ab598056ce Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Wed, 3 Jul 2019 15:21:16 -0400 Subject: UBUNTU: Have the lzma decompressor image only contain the .text @@ -16,7 +16,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1731c53f0..33e75021d 100644 +index 1731c53f08..33e75021da 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -547,7 +547,7 @@ image = { diff -Nru grub2-2.04/debian/patches/ubuntu-flavour-order.patch grub2-2.04/debian/patches/ubuntu-flavour-order.patch --- grub2-2.04/debian/patches/ubuntu-flavour-order.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-flavour-order.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,61 @@ +From 8f4642af583c253259e8ca40d8aff776976d8d5d Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 9 Jun 2020 11:50:23 +0200 +Subject: UBUNTU: Add GRUB_FLAVOUR_ORDER configuration item + +This allows you to specify flavours that will be preferred +over other ones, and the order in which they are preferred +- items in the list win over items not in the list, and items +earlier in the list win over later ones. + +We still have to sort out storage of this, as we need to +inject that from packages or the UA client and similar, +and we can't just modify /etc/default/grub for that. + +LP: #1882663 +Patch-Name: ubuntu-flavour-order.patch +--- + util/grub-mkconfig.in | 3 ++- + util/grub-mkconfig_lib.in | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 72f1e25a03..6c8988fd60 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -260,7 +260,8 @@ export GRUB_DEFAULT \ + GRUB_RECORDFAIL_TIMEOUT \ + GRUB_RECOVERY_TITLE \ + GRUB_FORCE_PARTUUID \ +- GRUB_DISABLE_INITRD ++ GRUB_DISABLE_INITRD \ ++ GRUB_FLAVOUR_ORDER + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index fe6319abe0..7e2d1bc214 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -270,6 +270,21 @@ version_test_gt () + if [ "x$version_test_gt_b" = "x" ] ; then + return 0 + fi ++ ++ # GRUB_FLAVOUR_ORDER is an ordered list of kernels, in decreasing ++ # priority. Any items in the list take precedence over other kernels, ++ # and earlier flavours are preferred over later ones. ++ for flavour in ${GRUB_FLAVOUR_ORDER:-}; do ++ version_test_gt_a_preferred=$(echo "$version_test_gt_a" | grep -- "-[0-9]*-$flavour\$") ++ version_test_gt_b_preferred=$(echo "$version_test_gt_b" | grep -- "-[0-9]*-$flavour\$") ++ ++ if [ -n "$version_test_gt_a_preferred" -a -z "$version_test_gt_b_preferred" ] ; then ++ return 0 ++ elif [ -z "$version_test_gt_a_preferred" -a -n "$version_test_gt_b_preferred" ] ; then ++ return 1 ++ fi ++ done ++ + case "$version_test_gt_a:$version_test_gt_b" in + *.old:*.old) ;; + *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; diff -Nru grub2-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch grub2-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch --- grub2-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-grub-install-extra-removable.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From a2c29740e83520a037e3aa6e88c874ca0b5b991a Mon Sep 17 00:00:00 2001 +From 42b10df3ba7aff3f58b32cd43a0075a677fa8143 Mon Sep 17 00:00:00 2001 From: Steve McIntyre <93sam@debian.org> Date: Wed, 3 Dec 2014 01:25:12 +0000 Subject: UBUNTU: Add support for forcing EFI installation to the removable @@ -23,7 +23,7 @@ 1 file changed, 133 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 64c292383..030464645 100644 +index 64c292383f..0304646453 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -56,6 +56,7 @@ diff -Nru grub2-2.04/debian/patches/ubuntu-install-signed.patch grub2-2.04/debian/patches/ubuntu-install-signed.patch --- grub2-2.04/debian/patches/ubuntu-install-signed.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-install-signed.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From e66b6951c463ed36d7c3a8cff50c5dbdfa29e99a Mon Sep 17 00:00:00 2001 +From e1cc8a0711a700332db770c6e741d60ca2f9cce8 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:22 +0000 Subject: UBUNTU: Install signed images if UEFI Secure Boot is enabled @@ -19,7 +19,7 @@ 1 file changed, 156 insertions(+), 59 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 3b4606eef..e1e40cf2b 100644 +index 3b4606eef1..e1e40cf2b5 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -80,6 +80,7 @@ static char *label_color; diff -Nru grub2-2.04/debian/patches/ubuntu-linuxefi.patch grub2-2.04/debian/patches/ubuntu-linuxefi.patch --- grub2-2.04/debian/patches/ubuntu-linuxefi.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-linuxefi.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 3451d405d55fd342aa581ecc23ee535ad533c61d Mon Sep 17 00:00:00 2001 +From 5d037853169fac31b3c0cfe7a6b6c4eb267879d3 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Wed, 27 Feb 2019 12:20:48 -0500 Subject: UBUNTU: Add support for linuxefi @@ -358,7 +358,7 @@ create mode 100644 include/grub/sparc64/linux.h diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 3ea8e7ff4..c6ba5b2d7 100644 +index 3ea8e7ff45..c6ba5b2d76 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h @@ -370,7 +370,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index aadb4cdff..1731c53f0 100644 +index aadb4cdff8..1731c53f08 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -207,6 +207,7 @@ kernel = { @@ -428,7 +428,7 @@ enable = i386_coreboot; enable = efi; diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index a0c164e54..41a7f3f04 100644 +index a0c164e54f..41a7f3f046 100644 --- a/grub-core/commands/iorw.c +++ b/grub-core/commands/iorw.c @@ -23,6 +23,7 @@ @@ -460,7 +460,7 @@ grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index 98769eadb..088cbe9e2 100644 +index 98769eadb3..088cbe9e2b 100644 --- a/grub-core/commands/memrw.c +++ b/grub-core/commands/memrw.c @@ -22,6 +22,7 @@ @@ -492,7 +492,7 @@ grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/kern/arm/coreboot/coreboot.S b/grub-core/kern/arm/coreboot/coreboot.S -index a1104526c..70998c066 100644 +index a1104526c1..70998c066a 100644 --- a/grub-core/kern/arm/coreboot/coreboot.S +++ b/grub-core/kern/arm/coreboot/coreboot.S @@ -42,3 +42,9 @@ FUNCTION(grub_armv7_get_timer_frequency) @@ -506,7 +506,7 @@ + void *kernel_param); + diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 074dfc3c6..d665c10fc 100644 +index 074dfc3c6f..d665c10fcc 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -32,6 +32,7 @@ @@ -518,7 +518,7 @@ /* Platforms where modules are in a readonly area of memory. */ #if defined(GRUB_MACHINE_QEMU) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 96204e39b..6e1ceb905 100644 +index 96204e39b9..6e1ceb9051 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -273,34 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -557,7 +557,7 @@ /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index b02fab1b1..a9e37108c 100644 +index b02fab1b10..a9e37108c6 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, @@ -601,7 +601,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c new file mode 100644 -index 000000000..c14f401d7 +index 0000000000..c14f401d7e --- /dev/null +++ b/grub-core/kern/efi/sb.c @@ -0,0 +1,66 @@ @@ -672,7 +672,7 @@ +#endif +} diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index ef3e9f944..1a5296a60 100644 +index ef3e9f9444..1a5296a60c 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -27,6 +27,7 @@ @@ -720,7 +720,7 @@ linux_args = grub_malloc (cmdline_size); if (!linux_args) diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c -index 74888c463..69c2a10d3 100644 +index 74888c463b..69c2a10d35 100644 --- a/grub-core/loader/efi/appleloader.c +++ b/grub-core/loader/efi/appleloader.c @@ -24,6 +24,7 @@ @@ -751,7 +751,7 @@ grub_unregister_command (cmd); } diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index cd92ea3f2..ec80f415b 100644 +index cd92ea3f24..ec80f415b8 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -32,6 +32,9 @@ @@ -1701,7 +1701,7 @@ return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index f0c2d91be..5360e6c1f 100644 +index f0c2d91be2..5360e6c1f7 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -25,6 +25,7 @@ @@ -1714,7 +1714,7 @@ static void *fdt; diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c new file mode 100644 -index 000000000..e372b26a1 +index 0000000000..e372b26a1b --- /dev/null +++ b/grub-core/loader/efi/linux.c @@ -0,0 +1,86 @@ @@ -1805,7 +1805,7 @@ + return GRUB_ERR_BUG; +} diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 3730ed382..5b9b92d6b 100644 +index 3730ed3824..5b9b92d6ba 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -39,6 +39,7 @@ @@ -1838,7 +1838,7 @@ grub_unregister_extcmd (cmd_netbsd); diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c new file mode 100644 -index 000000000..6b6aef87f +index 0000000000..6b6aef87f7 --- /dev/null +++ b/grub-core/loader/i386/efi/linux.c @@ -0,0 +1,379 @@ @@ -2222,7 +2222,7 @@ + grub_unregister_command (cmd_initrd); +} diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index d0501e229..4328bcbdb 100644 +index d0501e2295..4328bcbdb0 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -45,6 +45,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -2390,7 +2390,7 @@ { grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 47ea2945e..3866f048b 100644 +index 47ea2945e4..3866f048bb 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -35,6 +35,7 @@ @@ -2503,7 +2503,7 @@ grub_unregister_command (cmd_initrd); } diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c -index 4a98d7082..3e6ad166d 100644 +index 4a98d70825..3e6ad166dc 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -50,6 +50,7 @@ @@ -2535,7 +2535,7 @@ grub_unregister_command (cmd_module); } diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 7f74d1d6f..e0f47e72b 100644 +index 7f74d1d6fc..e0f47e72b0 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -34,6 +34,7 @@ @@ -2567,7 +2567,7 @@ grub_unregister_command (cmd_resume); #endif diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index 4269adc6d..cc8174ccd 100644 +index 4269adc6da..cc8174ccdf 100644 --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h @@ -20,6 +20,8 @@ @@ -2580,7 +2580,7 @@ /* From linux/Documentation/arm64/booting.txt */ struct linux_arm64_kernel_header diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index a237952b3..5b6387581 100644 +index a237952b37..5b63875812 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, @@ -2603,7 +2603,7 @@ const grub_efi_device_path_t *dp2); diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h new file mode 100644 -index 000000000..0033d9305 +index 0000000000..0033d9305a --- /dev/null +++ b/include/grub/efi/linux.h @@ -0,0 +1,31 @@ @@ -2639,7 +2639,7 @@ + +#endif /* ! GRUB_EFI_LINUX_HEADER */ diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 0ed8781f0..a43adf274 100644 +index 0ed8781f03..a43adf2746 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -223,7 +223,11 @@ struct grub_pe64_optional_header @@ -2730,7 +2730,7 @@ grub_uint32_t page_rva; diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h new file mode 100644 -index 000000000..9629fbb0f +index 0000000000..9629fbb0f9 --- /dev/null +++ b/include/grub/efi/sb.h @@ -0,0 +1,29 @@ @@ -2764,7 +2764,7 @@ + +#endif /* ! GRUB_EFI_SB_HEADER */ diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index ce30e7fb0..a093679cb 100644 +index ce30e7fb01..a093679cb8 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -136,7 +136,12 @@ struct linux_i386_kernel_header @@ -2783,13 +2783,13 @@ grub_uint64_t hardware_subarch_data; diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h new file mode 100644 -index 000000000..e69de29bb +index 0000000000..e69de29bb2 diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h new file mode 100644 -index 000000000..e69de29bb +index 0000000000..e69de29bb2 diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h new file mode 100644 -index 000000000..e69de29bb +index 0000000000..e69de29bb2 diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h new file mode 100644 -index 000000000..e69de29bb +index 0000000000..e69de29bb2 diff -Nru grub2-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch grub2-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch --- grub2-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 7d3dea454253718d765c5dea62b893c5d5ef10ec Mon Sep 17 00:00:00 2001 +From 52a152744b026f62a412ae10d17f3756c44a687f Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Fri, 14 Dec 2018 13:46:14 -0500 Subject: UBUNTU: grub-mkconfig: leave a trace of what files were sourced to @@ -11,7 +11,7 @@ 1 file changed, 2 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 29bdad0c1..72f1e25a0 100644 +index 29bdad0c12..72f1e25a03 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -162,10 +162,12 @@ if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then diff -Nru grub2-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch grub2-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch --- grub2-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 2020-09-08 10:23:00.000000000 +0000 @@ -0,0 +1,84 @@ +From 398371c71cd52b6c48fa1d888903bd8a85682ec0 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Fri, 19 Jun 2020 12:57:19 +0200 +Subject: Pass dis_ucode_ldr to kernel for recovery mode + +In case of a botched microcode update, this allows people to +easily roll back. + +It will of course break in the more unlikely event that you are +missing a microcode update in your firmware that is needed to boot +the system, but editing the entry to remove an option is easier than +having to figure out the option and add it. + +LP: #1831789 +Patch-Name: ubuntu-recovery-dis_ucode_ldr.patch +--- + util/grub.d/10_linux.in | 4 ++++ + util/grub.d/10_linux_zfs.in | 24 +++++++++++++++--------- + 2 files changed, 19 insertions(+), 9 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 14a89ba13d..49e627228f 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -334,6 +334,10 @@ case "$machine" in + *) GENKERNEL_ARCH="$machine" ;; + esac + ++case "$GENKERNEL_ARCH" in ++ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; ++esac ++ + prepare_boot_cache= + prepare_root_cache= + boot_device_id= +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 712d832802..d9b79e29a7 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -41,6 +41,16 @@ imported_pools="" + MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)" + ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)" + ++ ++machine="$(uname -m)" ++case "${machine}" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="${machine}" ;; ++esac ++ + RC=0 + on_exit() { + # Restore initial zpool import state +@@ -407,15 +417,6 @@ get_dataset_info() { + return + fi + +- machine="$(uname -m)" +- case "${machine}" in +- i?86) GENKERNEL_ARCH="x86" ;; +- mips|mips64) GENKERNEL_ARCH="mips" ;; +- mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; +- arm*) GENKERNEL_ARCH="arm" ;; +- *) GENKERNEL_ARCH="${machine}" ;; +- esac +- + initrd_list="" + kernel_list="" + list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') +@@ -907,6 +908,11 @@ generate_grub_menu() { + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + ++ case "$GENKERNEL_ARCH" in ++ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; ++ esac ++ ++ + if [ "${vt_handoff}" = 1 ]; then + for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do + if [ "${word}" = splash ]; then diff -Nru grub2-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch grub2-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch --- grub2-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-resilient-boot-boot-order.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From dcd35364b7789ebb00a645b4fe35e0605ec141ef Mon Sep 17 00:00:00 2001 +From 7c39c2d340193862f27a1ef0af21653bc95b98b1 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 8 Apr 2020 11:05:25 +0200 Subject: UBUNTU: efivar: Correctly handle boot order of multiple ESPs @@ -30,7 +30,7 @@ 6 files changed, 59 insertions(+), 24 deletions(-) diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c -index d76c34c14..152a32873 100644 +index d76c34c148..152a328737 100644 --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c @@ -31,7 +31,7 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, @@ -43,7 +43,7 @@ const char *efi_distributor) { diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c -index 41d39c448..d34df0f70 100644 +index 41d39c4489..d34df0f70f 100644 --- a/grub-core/osdep/unix/efivar.c +++ b/grub-core/osdep/unix/efivar.c @@ -266,9 +266,10 @@ remove_from_boot_order (struct efi_variable *order, uint16_t num) @@ -142,7 +142,7 @@ grub_util_info ("setting EFI variable BootOrder"); rc = set_efi_variable ("BootOrder", order); diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index b561174ea..a5267db68 100644 +index b561174ea9..a5267db68d 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -76,13 +76,13 @@ get_ofpathname (const char *dev) @@ -163,7 +163,7 @@ grub_util_error ("%s", _("GRUB was not built with efivar support; " diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index e19a3d9a8..a3f738fb9 100644 +index e19a3d9a8a..a3f738fb9b 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -208,7 +208,7 @@ set_efi_variable_bootn (grub_uint16_t n, void *in, grub_size_t len) @@ -176,7 +176,7 @@ const char *efi_distributor) { diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index a521f1663..b2ed88e38 100644 +index a521f1663f..b2ed88e386 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,15 +219,14 @@ grub_install_get_default_x86_platform (void); @@ -204,7 +204,7 @@ void grub_install_register_ieee1275 (int is_prep, const char *install_device, diff --git a/util/grub-install.c b/util/grub-install.c -index bf8eb65b3..f408b1986 100644 +index bf8eb65b33..f408b19860 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -2083,9 +2083,9 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch grub2-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch --- grub2-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 94189259ac860128abfc465fb3a920d60c63a85a Mon Sep 17 00:00:00 2001 +From b203098a49ebf172699dbb05b0cf88b2496dbdf7 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 3 Apr 2020 13:43:49 +0200 Subject: UBUNTU: efivar: Ignore alternative ESPs @@ -13,7 +13,7 @@ 1 file changed, 125 insertions(+), 5 deletions(-) diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c -index 4a58328b4..41d39c448 100644 +index 4a58328b42..41d39c4489 100644 --- a/grub-core/osdep/unix/efivar.c +++ b/grub-core/osdep/unix/efivar.c @@ -37,9 +37,11 @@ diff -Nru grub2-2.04/debian/patches/ubuntu-shorter-version-info.patch grub2-2.04/debian/patches/ubuntu-shorter-version-info.patch --- grub2-2.04/debian/patches/ubuntu-shorter-version-info.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-shorter-version-info.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 5fab34cd20e9617b29ed9b632b30cbdedc287e77 Mon Sep 17 00:00:00 2001 +From 05aa4e9758b7afb0866081795e1d7c139861ac97 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 8 Feb 2018 10:48:37 +0100 Subject: UBUNTU: Show only upstream version, hide rest in package_version @@ -17,7 +17,7 @@ 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 0aa389fa1..d25a8212c 100644 +index 0aa389fa16..d25a8212c7 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term, diff -Nru grub2-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch grub2-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch --- grub2-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From c9bacc366d2c480e5185a2a71eff51d25b71e155 Mon Sep 17 00:00:00 2001 +From 48b735b222f112b8a9010ec2dbbf26818f8a1bf3 Mon Sep 17 00:00:00 2001 From: Rafael David Tinoco Date: Mon, 7 Oct 2019 22:53:32 -0300 Subject: Skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration @@ -44,7 +44,7 @@ 1 file changed, 3 insertions(+) diff --git a/util/deviceiter.c b/util/deviceiter.c -index dddc50da7..ec9a6d0ab 100644 +index dddc50da7a..ec9a6d0ab4 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -589,6 +589,9 @@ grub_util_iterate_devices (int (*hook) (const char *, int, void *), void *hook_d diff -Nru grub2-2.04/debian/patches/ubuntu-speed-zsys-history.patch grub2-2.04/debian/patches/ubuntu-speed-zsys-history.patch --- grub2-2.04/debian/patches/ubuntu-speed-zsys-history.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-speed-zsys-history.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 4c7457bc4f7cd1a516a7e255476a086270a4dbe4 Mon Sep 17 00:00:00 2001 +From 9b0c52034a7de1c8749706ceef878b72f04ed115 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Mon, 13 Apr 2020 15:12:21 +0200 Subject: UBUNTU: Improve performance in bootmenu for zsys @@ -17,10 +17,10 @@ 1 file changed, 56 insertions(+), 21 deletions(-) diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index efdb8afae..d748f6a20 100755 +index 4c48abef01..712d832802 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in -@@ -800,9 +800,10 @@ zfs_linux_entry () { +@@ -803,9 +803,10 @@ zfs_linux_entry () { boot_device="$5" initrd="$6" kernel="$7" @@ -33,7 +33,7 @@ submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")" echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" -@@ -837,7 +838,15 @@ zfs_linux_entry () { +@@ -840,7 +841,15 @@ zfs_linux_entry () { echo "${submenu_indentation} insmod gzio" echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi" @@ -50,7 +50,7 @@ if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" -@@ -905,6 +914,40 @@ generate_grub_menu() { +@@ -908,6 +917,40 @@ generate_grub_menu() { print_menu_prologue @@ -91,7 +91,7 @@ # IFS is set to TAB (ASCII 0x09) echo "${menu_metadata}" | { -@@ -935,7 +978,8 @@ generate_grub_menu() { +@@ -938,7 +981,8 @@ generate_grub_menu() { main_dataset_name="${name}" main_dataset="${dataset}" @@ -101,7 +101,7 @@ at_least_one_entry=1 ;; advanced) -@@ -951,12 +995,12 @@ generate_grub_menu() { +@@ -954,12 +998,12 @@ generate_grub_menu() { kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" @@ -116,7 +116,7 @@ fi at_least_one_entry=1 ;; -@@ -974,33 +1018,24 @@ generate_grub_menu() { +@@ -977,33 +1021,24 @@ generate_grub_menu() { fi echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {" diff -Nru grub2-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch grub2-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch --- grub2-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-support-initrd-less-boot.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From f4cacdb13661017c82bf3414833ad351146dded2 Mon Sep 17 00:00:00 2001 +From bb9446cdc0550348631a98c1e2dde61a4f84b624 Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 10 Nov 2016 13:44:25 -0500 Subject: UBUNTU: Added knobs to allow non-initrd boot config @@ -18,7 +18,7 @@ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/docs/grub.info b/docs/grub.info -index 7cc7d9212..f804b7800 100644 +index 7cc7d92128..f804b7800e 100644 --- a/docs/grub.info +++ b/docs/grub.info @@ -1436,6 +1436,19 @@ it must be quoted. For example: @@ -42,7 +42,7 @@ existing configurations, but have better replacements: diff --git a/docs/grub.texi b/docs/grub.texi -index 3ec35d315..1baa0fa20 100644 +index 3ec35d315a..1baa0fa20f 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1541,6 +1541,19 @@ This option sets the English text of the string that will be displayed in @@ -66,7 +66,7 @@ The following options are still accepted for compatibility with existing diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 9c1da6477..29bdad0c1 100644 +index 9c1da64771..29bdad0c12 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -256,7 +256,9 @@ export GRUB_DEFAULT \ @@ -81,7 +81,7 @@ if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index dff84edea..aa9666e5a 100644 +index dff84edea5..aa9666e5ad 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -193,11 +193,17 @@ EOF diff -Nru grub2-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch grub2-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch --- grub2-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-temp-keep-auto-nvram.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From b2c200320645a00cfcb98017c9564716429723bc Mon Sep 17 00:00:00 2001 +From 5117bda061113e9a009bc1bb7cadd2a0f22c5efd Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 16 Jul 2019 09:52:10 -0400 Subject: UBUNTU: Temporarily keep grub-install's --auto-nvram. @@ -10,7 +10,7 @@ 1 file changed, 3 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 63462e4e0..bf8eb65b3 100644 +index 63462e4e09..bf8eb65b33 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -98,6 +98,7 @@ enum diff -Nru grub2-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch grub2-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch --- grub2-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From ec6589e2746dd882cc10122bad74b0e41074e23b Mon Sep 17 00:00:00 2001 +From 737eccc3c87fffcdd951520d77178c851adb5402 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Fri, 25 Oct 2019 10:25:04 -0400 Subject: tpm: Pass unknown error as non-fatal, but debug print the error we @@ -11,7 +11,7 @@ 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index 32909c192..fdbaaee19 100644 +index 32909c192f..fdbaaee195 100644 --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c @@ -155,7 +155,8 @@ grub_tpm1_execute (grub_efi_handle_t tpm_handle, diff -Nru grub2-2.04/debian/patches/ubuntu-zfs-enhance-support.patch grub2-2.04/debian/patches/ubuntu-zfs-enhance-support.patch --- grub2-2.04/debian/patches/ubuntu-zfs-enhance-support.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/ubuntu-zfs-enhance-support.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From daa4db81742e0363c2b8c85b6a88ec3eca1efc19 Mon Sep 17 00:00:00 2001 +From bdc1aad90a89af51e043f5bf9dc84019ad2cb75b Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Fri, 12 Jul 2019 11:06:06 -0400 Subject: UBUNTU: Enhance ZFS grub support @@ -15,19 +15,19 @@ Author: Jean-Baptiste Lallement Author: Didier Roche -Last-Update: 2019-07-26 +Last-Update: 2020-08-06 Patch-Name: ubuntu-zfs-enhance-support.patch Signed-off-by: Didier Roche --- Makefile.util.def | 7 + util/grub.d/10_linux.in | 4 + - util/grub.d/10_linux_zfs.in | 961 ++++++++++++++++++++++++++++++++++++ - 3 files changed, 972 insertions(+) + util/grub.d/10_linux_zfs.in | 964 ++++++++++++++++++++++++++++++++++++ + 3 files changed, 975 insertions(+) create mode 100755 util/grub.d/10_linux_zfs.in diff --git a/Makefile.util.def b/Makefile.util.def -index 969d32f00..bac85e284 100644 +index 969d32f009..bac85e2840 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -482,6 +482,13 @@ script = { @@ -45,7 +45,7 @@ name = '10_xnu'; common = util/grub.d/10_xnu.in; diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4532266be..a75096609 100644 +index 4532266be6..a75096609a 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -71,6 +71,10 @@ case x"$GRUB_FS" in @@ -61,10 +61,10 @@ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in new file mode 100755 -index 000000000..f50e1231a +index 0000000000..5ec65fa941 --- /dev/null +++ b/util/grub.d/10_linux_zfs.in -@@ -0,0 +1,961 @@ +@@ -0,0 +1,964 @@ +#! /bin/sh +set -e + @@ -470,7 +470,10 @@ + + initrd_list="" + kernel_list="" -+ for linux in $(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*'|sort -V); do ++ list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') ++ while [ "x$list" != "x" ] ; do ++ linux=`version_find_latest $list` ++ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + if ! grub_file_is_not_garbage "${linux}" ; then + continue + fi @@ -506,12 +509,12 @@ + + rel_linux_dirname=$(make_system_path_relative_to_its_root "${linux_dirname}") + -+ initrd_list="${rel_linux_dirname}/${initrd}|${initrd_list}" -+ kernel_list="${rel_linux_dirname}/${linux_basename}|${kernel_list}" ++ initrd_list="${initrd_list}|${rel_linux_dirname}/${initrd}" ++ kernel_list="${kernel_list}|${rel_linux_dirname}/${linux_basename}" + done + -+ initrd_list="${initrd_list%|}" -+ kernel_list="${kernel_list%|}" ++ initrd_list="${initrd_list#|}" ++ kernel_list="${kernel_list#|}" + + initrd_device=$(${grub_probe} --target=device "${boot_dir}" | head -1) + diff -Nru grub2-2.04/debian/patches/uefi-firmware-setup.patch grub2-2.04/debian/patches/uefi-firmware-setup.patch --- grub2-2.04/debian/patches/uefi-firmware-setup.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/uefi-firmware-setup.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 460169bfbef18f982e6bc0ad586c33aa0e14a316 Mon Sep 17 00:00:00 2001 +From c52b294d6c9b8ddeaf83efc181d405ce9d9784dc Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 13 Jan 2014 12:13:12 +0000 Subject: Output a menu entry for firmware setup on UEFI FastBoot systems @@ -14,7 +14,7 @@ create mode 100644 util/grub.d/30_uefi-firmware.in diff --git a/Makefile.util.def b/Makefile.util.def -index eec1924b0..ce133e694 100644 +index eec1924b0e..ce133e694e 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -526,6 +526,12 @@ script = { @@ -32,7 +32,7 @@ common = util/grub.d/40_custom.in; diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in new file mode 100644 -index 000000000..3c9f533d8 +index 0000000000..3c9f533d8c --- /dev/null +++ b/util/grub.d/30_uefi-firmware.in @@ -0,0 +1,46 @@ diff -Nru grub2-2.04/debian/patches/uefi-secure-boot-cryptomount.patch grub2-2.04/debian/patches/uefi-secure-boot-cryptomount.patch --- grub2-2.04/debian/patches/uefi-secure-boot-cryptomount.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/uefi-secure-boot-cryptomount.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From ed1f06e92f0a40b338d11723e0f4008c544ef712 Mon Sep 17 00:00:00 2001 +From d930e63990e779ac731e350ce1e372738bb28e24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Werner?= Date: Mon, 28 Jan 2019 17:24:23 +0100 Subject: Fix setup on Secure Boot systems where cryptodisk is in use @@ -19,7 +19,7 @@ 1 file changed, 17 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 030464645..4bad8de61 100644 +index 0304646453..4bad8de612 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1546,6 +1546,23 @@ main (int argc, char *argv[]) diff -Nru grub2-2.04/debian/patches/vsnprintf-upper-case-hex.patch grub2-2.04/debian/patches/vsnprintf-upper-case-hex.patch --- grub2-2.04/debian/patches/vsnprintf-upper-case-hex.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/vsnprintf-upper-case-hex.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 9ec15b6602d6505bfc04dd1cd651a6c760ef4fe2 Mon Sep 17 00:00:00 2001 +From 7e2eb946ff17cf3b8850d317ce15997c2f70ca05 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:15:12 +0000 Subject: Add %X to grub_vsnprintf_real and friends @@ -18,7 +18,7 @@ 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3b633d51f..18cad5803 100644 +index 3b633d51f4..18cad5803b 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -588,7 +588,7 @@ grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r) diff -Nru grub2-2.04/debian/patches/vt-handoff.patch grub2-2.04/debian/patches/vt-handoff.patch --- grub2-2.04/debian/patches/vt-handoff.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/vt-handoff.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 378d93f9c2491ef7df49ed7ce3f413025998a0c0 Mon Sep 17 00:00:00 2001 +From abb985dff3ac53186817fd9c84d8addf20cd1613 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:30 +0000 Subject: Add configure option to use vt.handoff=7 @@ -19,7 +19,7 @@ 3 files changed, 65 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac -index dbc429ce0..e382c7480 100644 +index dbc429ce0a..e382c7480d 100644 --- a/configure.ac +++ b/configure.ac @@ -1890,6 +1890,17 @@ else @@ -41,7 +41,7 @@ AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 09393c28e..cc2dd855a 100644 +index 09393c28ee..cc2dd855ab 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -24,6 +24,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" @@ -101,7 +101,7 @@ # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in -index fc99f16e7..b636dc7bb 100755 +index 8cd7d12851..48a4e68976 100755 --- a/util/grub.d/10_linux_zfs.in +++ b/util/grub.d/10_linux_zfs.in @@ -23,6 +23,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" @@ -112,7 +112,7 @@ . "${pkgdatadir}/grub-mkconfig_lib" -@@ -718,6 +719,23 @@ generate_grub_menu_metadata() { +@@ -721,6 +722,23 @@ generate_grub_menu_metadata() { # Note: # If 10_linux runs these part will be defined twice in grub configuration print_menu_prologue() { @@ -136,7 +136,7 @@ # Use ELILO's generic "efifb" when it's known to be available. # FIXME: We need an interface to select vesafb in case efifb can't be used. GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}" -@@ -813,7 +831,7 @@ zfs_linux_entry () { +@@ -816,7 +834,7 @@ zfs_linux_entry () { if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \ ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then @@ -145,7 +145,7 @@ fi echo "${submenu_indentation} insmod gzio" -@@ -876,6 +894,14 @@ generate_grub_menu() { +@@ -879,6 +897,14 @@ generate_grub_menu() { GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" fi diff -Nru grub2-2.04/debian/patches/wubi-no-windows.patch grub2-2.04/debian/patches/wubi-no-windows.patch --- grub2-2.04/debian/patches/wubi-no-windows.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/wubi-no-windows.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From e683b76e9278216d50c327b71dfbb7b722385503 Mon Sep 17 00:00:00 2001 +From 1c9945b04f0f47e347710f3f1d12950cd4d2a48d Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:24 +0000 Subject: Skip Windows os-prober entries on Wubi systems @@ -19,7 +19,7 @@ 1 file changed, 19 insertions(+) diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index b7e1147c4..271044f59 100644 +index b7e1147c41..271044f592 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -110,6 +110,8 @@ EOF diff -Nru grub2-2.04/debian/patches/zpool-full-device-name.patch grub2-2.04/debian/patches/zpool-full-device-name.patch --- grub2-2.04/debian/patches/zpool-full-device-name.patch 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/patches/zpool-full-device-name.patch 2020-09-08 10:23:00.000000000 +0000 @@ -1,4 +1,4 @@ -From 5bea13466c5d9048cf20139498dcba94f5500477 Mon Sep 17 00:00:00 2001 +From da9b6788c5db3379adf19f0b43d99c49ba0b2650 Mon Sep 17 00:00:00 2001 From: Chad MILLER Date: Thu, 27 Oct 2016 17:15:07 -0400 Subject: Tell zpool to emit full device names @@ -20,7 +20,7 @@ 1 file changed, 1 insertion(+) diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c -index 46d7116c6..da102918d 100644 +index 46d7116c6e..da102918dc 100644 --- a/grub-core/osdep/unix/getroot.c +++ b/grub-core/osdep/unix/getroot.c @@ -243,6 +243,7 @@ grub_util_find_root_devices_from_poolname (char *poolname) diff -Nru grub2-2.04/debian/postinst.in grub2-2.04/debian/postinst.in --- grub2-2.04/debian/postinst.in 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/postinst.in 2020-09-08 10:23:00.000000000 +0000 @@ -538,7 +538,11 @@ elif running_in_container; then # Skip grub-install in containers. : - elif test -z "$2" || test -e /boot/grub/core.img || \ + elif dpkg --compare-versions "$2" ge 2.04-1ubuntu26 && [ -z "$DEBCONF_RECONFIGURE" ]; then + # Avoid the possibility of breaking grub on SRU update + # due to ABI change + : + elif test -e /boot/grub/core.img || \ test -e /boot/grub/@FIRST_CPU_PLATFORM@/core.img || \ test "$UPGRADE_FROM_GRUB_LEGACY" || test "$wubi_device"; then question=grub-pc/install_devices @@ -658,7 +662,7 @@ continue fi else - break # noninteractive + exit 1 # noninteractive fi fi fi @@ -681,7 +685,7 @@ db_fset grub-pc/install_devices_empty seen false fi else - break # noninteractive + exit 1 # noninteractive fi else break diff -Nru grub2-2.04/debian/rules grub2-2.04/debian/rules --- grub2-2.04/debian/rules 2020-04-15 11:31:27.000000000 +0000 +++ grub2-2.04/debian/rules 2020-09-08 10:23:00.000000000 +0000 @@ -173,7 +173,7 @@ 0003-Make-msgfmt-output-in-little-endian \ 0004-Use-SHELL-rather-than-bin-sh; do \ patch -d po -p3 \ - < "debian/patches/gettext/$$patchname.patch"; \ + < "debian/gettext-patches/$$patchname.patch"; \ done debian/stamps/configure-grub-common: debian/stamps/configure-grub-$(COMMON_PLATFORM)