Commit Graph

50 Commits

Author SHA1 Message Date
Thomas Petazzoni
259314f016 boot/grub2: ignore CVE-2021-46705
This CVE is specific to the SUSE distribution. See
https://security-tracker.debian.org/tracker/CVE-2021-46705.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-25 23:06:13 +02:00
Thomas Petazzoni
51b04fc02c boot/grub2: add patch to fix CVE-2021-3981
This commit backports an upstream commit that fixes CVE-2021-3981.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-25 23:06:09 +02:00
Stefan Agner
1e5338ed06 boot/grub2: fix build race condition
Sometimes buildroot fails with:
../grub-core/kern/emu/hostfs.c:20:10: fatal error: config-util.h: No such file or directory
   20 | #include <config-util.h>
      |          ^~~~~~~~~~~~~~~

Add a patch which fixes the Makefile to correctly generate config-util.h
first.

Note: This re-adds a workaround to avoid re-running autoconf. This has
previously been used to avoid having to run the rather complex build
file generation machinery of GRUB2. See 7e64a050fb ("boot/grub2: Fix
GRUB i386-pc build with Ubuntu gcc"), but now we just need to touch
Makefile.in.

Signed-off-by: Stefan Agner <stefan@agner.ch>
[yann.morin.1998@free.fr:
  - add comment with patch name before hook
  - slightly extend commit log that we only touch Makefile.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-08-06 11:05:12 +02:00
Yann E. MORIN
d9ff62c4cd pacakge: drop remnants of $(HOST_DIR)/usr
It's been ages (5 years at the next release) that we've not installed
host packages in $(HOST_DIR)/usr, but we still have a few packages that
reference it or install things in there.

Drop all of those in one fell swoop.

The run-time test still succeeds, and the following defconfig, which
should exercise all touched packages [*], does build:

    BR2_x86_i686=y
    BR2_TOOLCHAIN_EXTERNAL=y
    BR2_INIT_NONE=y
    BR2_SYSTEM_BIN_SH_NONE=y
    # BR2_PACKAGE_BUSYBOX is not set
    BR2_PACKAGE_GAWK=y
    BR2_PACKAGE_GETTEXT=y
    BR2_PACKAGE_ABOOTIMG=y
    BR2_PACKAGE_DBUS_PYTHON=y
    BR2_PACKAGE_OLA=y
    BR2_PACKAGE_JIMTCL=y
    BR2_PACKAGE_LUA=y
    # BR2_PACKAGE_LUA_32BITS is not set
    BR2_PACKAGE_ARGPARSE=y
    BR2_PACKAGE_PERL=y
    BR2_PACKAGE_PHP=y
    BR2_PACKAGE_PHP_APCU=y
    BR2_PACKAGE_PHP_LUA=y
    BR2_PACKAGE_PHP_PAM=y
    BR2_PACKAGE_PHP_PECL_DBUS=y
    BR2_PACKAGE_PYTHON3=y
    BR2_PACKAGE_PYTHON_CRYPTOGRAPHY=y
    BR2_PACKAGE_PYTHON_PLY=y
    BR2_PACKAGE_PYTHON_PYBIND=y
    BR2_PACKAGE_LIBVA=y
    BR2_PACKAGE_BIND=y
    BR2_PACKAGE_BIND_SERVER=y
    BR2_PACKAGE_BIND_TOOLS=y
    BR2_PACKAGE_APPARMOR=y
    BR2_PACKAGE_APPARMOR_BINUTILS=y
    BR2_PACKAGE_APPARMOR_UTILS=y
    BR2_PACKAGE_APPARMOR_UTILS_EXTRA=y
    BR2_PACKAGE_APPARMOR_PROFILES=y
    BR2_PACKAGE_REFPOLICY=y
    BR2_PACKAGE_URANDOM_SCRIPTS=y
    BR2_PACKAGE_BASH=y
    # embiggen-disk to exercise go
    BR2_PACKAGE_EMBIGGEN_DISK=y
    BR2_TARGET_GRUB2=y
    BR2_TARGET_GRUB2_I386_PC=y
    BR2_TARGET_GRUB2_I386_EFI=y

[*] exceptions:
  - zfs was not tested: it needs a kernel to be built;
  - compiler-rt was not tsted: it needs llvm to be built, that takes
    ages, and other packages already reference the correct location for
    llvm-config, so it was assumed that is OK.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Anisse Astier <anisse@astier.eu>
Cc: Antoine Tenart <atenart@kernel.org>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Christian Stewart <christian@paral.in>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Guillaume William Brs <guillaume.bressaix@gmail.com>
Cc: Hervé Codina <herve.codina@bootlin.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Cc: Julien Olivain <ju.o@free.fr>
Cc: Matt Weber <matthew.weber@collins.com>
Cc: Nicolas Carrier <nicolas.carrier@orolia.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>

---
Changes v1 -> v2:
  - fix new instance that have crept in  (Romain)
2022-07-24 11:30:40 +02:00
Thomas Petazzoni
9f1b4d24ce boot/grub2: update to 2.06
The update is very straightforward, as no changes in grub2.mk are
needed beyond the version bump.

Spacing in the hash file is adjusted to the new Buildroot standard.

All patches are dropped as they have all been upstreamed between 2.04
and 2.06. Here is the full list of patches and their corresponding
upstream commit:

 * 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
   6643507ce30f775008e093580f0c9499dfb2c485 build: Fix GRUB i386-pc build with Ubuntu gcc
 * 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
   a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e yylex: Make lexer fatal errors actually be fatal
 * 0003-safemath-Add-some-arithmetic-primitives-that-check-f.patch
   68708c4503018d61dbcce7ac11cbb511d6425f4d safemath: Add some arithmetic primitives that check for overflow
 * 0004-calloc-Make-sure-we-always-have-an-overflow-checking.patch
   64e26162ebfe68317c143ca5ec996c892019f8f8 calloc: Make sure we always have an overflow-checking calloc() available
 * 0005-calloc-Use-calloc-at-most-places.patch
   f725fa7cb2ece547c5af01eeeecfe8d95802ed41 calloc: Use calloc() at most places
 * 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
   3f05d693d1274965ffbe4ba99080dc2c570944c6 malloc: Use overflow checking primitives where we do complex allocations
 * 0007-iso9660-Don-t-leak-memory-on-realloc-failures.patch
   2a1edcf2ede865b60604815d3bc5c01029379ca4 iso9660: Don't leak memory on realloc() failures
 * 0008-font-Do-not-load-more-than-one-NAME-section.patch
   89f3da1a3d14023eda182e075919dd584031ecad font: Do not load more than one NAME section
 * 0009-gfxmenu-Fix-double-free-in-load_image.patch
   26a8c19307f998f67dbfb784068e394c8e9c8478 gfxmenu: Fix double free in load_image()
 * 0010-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
   6d7a59a2a184f7af8a90a4c90d7c7b6482acc656 xnu: Fix double free in grub_xnu_devprop_add_property()
 * 0011-lzma-Make-sure-we-don-t-dereference-past-array.patch
   16c0dbf4bc6a953c41bc7a031b36dfa8e906afea lzma: Make sure we don't dereference past array
 * 0012-term-Fix-overflow-on-user-inputs.patch
   61b7ca08d173adf62facdd6a266cbd2471165e67 term: Fix overflow on user inputs
 * 0013-udf-Fix-memory-leak.patch
   d17770857e1c901a8167f63d6558856cfaf313ff udf: Fix memory leak
 * 0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
   f8ad7a3dd8213f691b0f32d0e9eb656a70cefc13 multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
 * 0015-tftp-Do-not-use-priority-queue.patch
   781b3e5efc35c17cbce95393aafd63a5b429f9e6 tftp: Do not use priority queue
 * 0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
   caea56d1f8fa1ae298936f8d75b220e7f12b73d3 relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow
 * 0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
   61ff5602fe8f2a3446346795daebe4ec3b82c20f relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow
 * 0018-script-Remove-unused-fields-from-grub_script_functio.patch
   1a8d9c9b4ab6df7669b5aa36a56477f297825b96 script: Remove unused fields from grub_script_function struct
 * 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
   426f57383d647406ae9c628c472059c27cd6e040 script: Avoid a use-after-free when redefining a function during execution
 * 0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
   07e5b79e22fd58c5382323dd71d64aaa42f928ec relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation
 * 0021-hfsplus-Fix-two-more-overflows.patch
   f5703eb0625b786f141d09be19b7af40b572a446 hfsplus: Fix two more overflows
 * 0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch
   879c4a8342eacc0ba4b9dd11dc69d3ec3dbe73af lvm: Fix two more potential data-dependent alloc overflows
 * 0023-emu-Make-grub_free-NULL-safe.patch
   b73cee7f1f8287ed3af32fffe8aaf33cdff52f6b emu: Make grub_free(NULL) safe
 * 0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
   d2cf823d0e31818d1b7a223daff6d5e006596543 efi: Fix some malformed device path arithmetic errors
 * 0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch
   098058752e1cee7b457ff45562a81e756ab0b532 efi/chainloader: Propagate errors from copy_file_path()
 * 0026-efi-Fix-use-after-free-in-halt-reboot-path.patch
   f7bd9986f607a924bf23b813900a8595f2815f0c efi: Fix use-after-free in halt/reboot path
 * 0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch
   0dcbf3652b6738971407dacc03fb685dfafc5ec5 loader/linux: Avoid overflow on initrd size calculation
 * 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
   e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 linux: Fix integer overflows in initrd size handling
 * 0029-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
   f76a27996c34900f2c369a8a0d6ac72ae2faa988 efi: Make shim_lock GUID and protocol type public
 * 0030-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
   04ae030d0eea8668d4417702d88bf2cf04713d80 efi: Return grub_efi_status_t from grub_efi_get_variable()
 * 0031-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
   ac5c9367548750e75ed1e7fc4354a3d20186d733 efi: Add a function to read EFI variables with attributes
 * 0032-efi-Add-secure-boot-detection.patch
   d7e54b2e5feee95d2f83058ed30d883c450d1473 efi: Add secure boot detection
 * 0033-verifiers-Move-verifiers-API-to-kernel-image.patch
   9e95f45ceeef36fcf93cbfffcf004276883dbc99 verifiers: Move verifiers API to kernel image
 * 0034-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
   5e280caa6530ed160dcf2920c94f1605fb1f1f7c efi: Move the shim_lock verifier to the GRUB core
 * 0035-kern-Add-lockdown-support.patch
   578c95298bcc46e0296f4c786db64c2ff26ce2cc kern: Add lockdown support
 * 0036-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
   d90367471779c240e002e62edfb6b31fc85b4908 kern/lockdown: Set a variable if the GRUB is locked down
 * 0037-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
   98b00a403cbf2ba6833d1ac0499871b27a08eb77 efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
 * 0038-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
   8f73052885892bc0dbc01e297f79d7cf4925e491 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list
 * 0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
   3e8e4c0549240fa209acffceb473e1e509b50c95 acpi: Don't register the acpi command when locked down
 * 0040-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
   d298b41f90cbf1f2e5a10e29daa1fc92ddee52c9 mmap: Don't register cutmem and badram commands when lockdown is enforced
 * 0041-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
   468a5699b249fe6816b4e7e86c5dc9d325c9b09e commands: Restrict commands that can load BIOS or DT blobs when locked down
 * 0042-commands-setpci-Restrict-setpci-command-when-locked-.patch
   58b77d4069823b44c5fa916fa8ddfc9c4cd51e02 commands/setpci: Restrict setpci command when locked down
 * 0043-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
   5c97492a29c6063567b65ed1a069f5e6f4e211f0 commands/hdparm: Restrict hdparm command when locked down
 * 0044-gdb-Restrict-GDB-access-when-locked-down.patch
   508270838998f151a82e9c13e7cb8a470a2dc23d gdb: Restrict GDB access when locked down
 * 0045-loader-xnu-Don-t-allow-loading-extension-and-package.patch
   9c5565135f12400a925ee901b25984e7af4442f5 loader/xnu: Don't allow loading extension and packages when locked down
 * 0046-docs-Document-the-cutmem-command.patch
   f05e79a0143beb2d9a482a3ebf4fe0ce76778122 docs: Document the cutmem command
 * 0047-dl-Only-allow-unloading-modules-that-are-not-depende.patch
   7630ec5397fe418276b360f9011934b8c034936c dl: Only allow unloading modules that are not dependencies
 * 0048-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
   128c16a682034263eb519c89bc0934eeb6fa8cfa usb: Avoid possible out-of-bound accesses caused by malicious devices
 * 0049-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
   8cb2848f9699642a698af84b12ba187cab722031 mmap: Fix memory leak when iterating over mapped memory
 * 0050-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
   03f2515ae0c503406f1a99a2178405049c6555db net/net: Fix possible dereference to of a NULL pointer
 * 0051-net-tftp-Fix-dangling-memory-pointer.patch
   0cb838b281a68b536a09681f9557ea6a7ac5da7a net/tftp: Fix dangling memory pointer
 * 0052-kern-parser-Fix-resource-leak-if-argc-0.patch
   d06161b035dde4769199ad65aa0a587a5920012b kern/parser: Fix resource leak if argc == 0
 * 0053-kern-efi-Fix-memory-leak-on-failure.patch
   ed286ceba6015d37a9304f04602451c47bf195d7 kern/efi: Fix memory leak on failure
 * 0054-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
   6aee4bfd6973c714056fb7b56890b8d524e94ee1 kern/efi/mm: Fix possible NULL pointer dereference
 * 0055-gnulib-regexec-Resolve-unused-variable.patch
   a983d36bd9178d377d2072fd4b11c635fdc404b4 gnulib/regexec: Resolve unused variable
 * 0056-gnulib-regcomp-Fix-uninitialized-token-structure.patch
   75c3d3cec4f408848f575d6d5e30a95bd6313db0 gnulib/regcomp: Fix uninitialized token structure
 * 0057-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
   3a37bf120a9194c373257c70175cdb5b337bc107 gnulib/argp-help: Fix dereference of a possibly NULL state
 * 0058-gnulib-regexec-Fix-possible-null-dereference.patch
   0b7f347638153e403ee2dd518af3ce26f4f99647 gnulib/regexec: Fix possible null-dereference
 * 0059-gnulib-regcomp-Fix-uninitialized-re_token.patch
   03477085f9a33789ba6cca7cd49ab9326a1baa0e gnulib/regcomp: Fix uninitialized re_token
 * 0060-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
   59666e520f44177c97b82a44c169b3b315d63b42 io/lzopio: Resolve unnecessary self-assignment errors
 * 0061-zstd-Initialize-seq_t-structure-fully.patch
   2777cf4466719921dbe4b30af358a75e7d76f217 zstd: Initialize seq_t structure fully
 * 0062-kern-partition-Check-for-NULL-before-dereferencing-i.patch
   bc9c468a2ce84bc767234eec888b71f1bc744fff kern/partition: Check for NULL before dereferencing input string
 * 0063-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
   23e39f50ca7a107f6b66396ed4d177a914dee035 disk/ldm: Make sure comp data is freed before exiting from make_vg()
 * 0064-disk-ldm-If-failed-then-free-vg-variable-too.patch
   e0b83df5da538d2a38f770e60817b3a4b9d5b4d7 disk/ldm: If failed then free vg variable too
 * 0065-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
   156c281a1625dc73fd350530630c6f2d5673d4f6 disk/ldm: Fix memory leak on uninserted lv references
 * 0066-disk-cryptodisk-Fix-potential-integer-overflow.patch
   a201ad17caa430aa710654fdf2e6ab4c8166f031 disk/cryptodisk: Fix potential integer overflow
 * 0067-hfsplus-Check-that-the-volume-name-length-is-valid.patch
   2298f6e0d951251bb9ca97d891d1bc8b74515f8c hfsplus: Check that the volume name length is valid
 * 0068-zfs-Fix-possible-negative-shift-operation.patch
   a02091834d3e167320d8a262ff04b8e83c5e616d zfs: Fix possible negative shift operation
 * 0069-zfs-Fix-resource-leaks-while-constructing-path.patch
   89bdab965805e8d54d7f75349024e1a11cbe2eb8 zfs: Fix resource leaks while constructing path
 * 0070-zfs-Fix-possible-integer-overflows.patch
   302c12ff5714bc455949117c1c9548ccb324d55b zfs: Fix possible integer overflows
 * 0071-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
   7aab03418ec6a9b991aa44416cb2585aff4e7972 zfsinfo: Correct a check for error allocating memory
 * 0072-affs-Fix-memory-leaks.patch
   178ac5107389f8e5b32489d743d6824a5ebf342a affs: Fix memory leaks
 * 0073-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
   e8814c811132a70f9b55418f7567378a34ad3883 libgcrypt/mpi: Fix possible unintended sign extension
 * 0074-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
   ae0f3fabeba7b393113d5dc185b6aff9b728136d libgcrypt/mpi: Fix possible NULL dereference
 * 0075-syslinux-Fix-memory-leak-while-parsing.patch
   95bc016dba94cab3d398dd74160665915cd08ad6 syslinux: Fix memory leak while parsing
 * 0076-normal-completion-Fix-leaking-of-memory-when-process.patch
   9213575b7a95b514bce80be5964a28d407d7d56d normal/completion: Fix leaking of memory when processing a completion
 * 0077-commands-hashsum-Fix-a-memory-leak.patch
   8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3 commands/hashsum: Fix a memory leak
 * 0079-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
   fc5951d3b1616055ef81a019a5affc09d13344d0 video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info()
 * 0080-video-fb-fbfill-Fix-potential-integer-overflow.patch
   7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6 video/fb/fbfill: Fix potential integer overflow
 * 0081-video-fb-video_fb-Fix-multiple-integer-overflows.patch
   08e098b1dbf01e96376f594b337491bc4cfa48dd video/fb/video_fb: Fix multiple integer overflows
 * 0082-video-fb-video_fb-Fix-possible-integer-overflow.patch
   08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb video/fb/video_fb: Fix possible integer overflow
 * 0083-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
   5f5eb7ca8e971227e95745abe541df3e1509360e video/readers/jpeg: Test for an invalid next marker reference from a jpeg file
 * 0084-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
   4a1aa5917595650efbd46b581368c470ebee42ab gfxmenu/gui_list: Remove code that coverity is flagging as dead
 * 0085-loader-bsd-Check-for-NULL-arg-up-front.patch
   5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a loader/bsd: Check for NULL arg up-front
 * 0086-loader-xnu-Fix-memory-leak.patch
   bcb59ece3263d118510c4440c4da0950f224bb7f loader/xnu: Fix memory leak
 * 0087-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
   4b4027b6b1c877d7ab467896b04c7bd1aadcfa15 loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap()
 * 0088-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
   7c8a2b5d1421a0f2a33d33531f7561f3da93b844 loader/xnu: Check if pointer is NULL before using it
 * 0089-util-grub-install-Fix-NULL-pointer-dereferences.patch
   8b3a95655b4391122e7b0315d8cc6f876caf8183 util/grub-install: Fix NULL pointer dereferences
 * 0090-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
   5dc41edc4eba259c6043ae7698c245ec1baaacc6 util/grub-editenv: Fix incorrect casting of a signed value
 * 0091-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
   1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72 util/glue-efi: Fix incorrect use of a possibly negative value
 * 0092-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
   41ae93b2e6c75453514629bcfe684300e3aec0ce script/execute: Fix NULL dereference in grub_script_execute_cmdline()
 * 0093-commands-ls-Require-device_name-is-not-NULL-before-p.patch
   6afbe6063c95b827372f9ec310c9fc7461311eb1 commands/ls: Require device_name is not NULL before printing
 * 0094-script-execute-Avoid-crash-when-using-outside-a-func.patch
   fe0586347ee46f927ae27bb9673532da9f5dead5 script/execute: Avoid crash when using "$#" outside a function scope
 * 0095-lib-arg-Block-repeated-short-options-that-require-an.patch
   2a330dba93ff11bc00eda76e9419bc52b0c7ead6 lib/arg: Block repeated short options that require an argument
 * 0096-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch
   0a05f88e2bb33ed2a0cfd93f481f471efb7791aa script/execute: Don't crash on a "for" loop with no items
 * 0097-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
   2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 commands/menuentry: Fix quoting in setparams_prefix()
 * 0098-kern-misc-Always-set-end-in-grub_strtoull.patch
   f41f0af48ab7f7c135aac17ac862c30bde0bbab7 kern/misc: Always set *end in grub_strtoull()
 * 0099-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
   693989598fd38c3c0b2a928f4f64865b5681762f video/readers/jpeg: Catch files with unsupported quantization or Huffman tables
 * 0100-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
   34b85a6e07014383ddcad09f99ff239ad752dd1a video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du()
 * 0101-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
   8338a8238f08d9f3ae4c2ddfff0603eff80af9e2 video/readers/jpeg: Don't decode data before start of stream
 * 0102-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch
   829329bddb2c3e623270cc634cc9ab32e6455fe7 term/gfxterm: Don't set up a font with glyphs that are too big
 * 0103-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch
   b5bc456f664bc301ab4cd5a17d3d23c6661c259e fs/fshelp: Catch impermissibly large block sizes in read helper
 * 0104-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch
   58ea11d5b9ca0966bd9c68d8ba5240cf7dc3ba83 fs/hfsplus: Don't fetch a key beyond the end of the node
 * 0105-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch
   2ca0e5dbcdcb6fc93ccae39a0f39d0dba4a7ff20 fs/hfsplus: Don't use uninitialized data on corrupt filesystems
 * 0106-fs-hfs-Disable-under-lockdown.patch
   1c15848838d924552611247110723e2a1c17a5a1 fs/hfs: Disable under lockdown
 * 0107-fs-sfs-Fix-over-read-of-root-object-name.patch
   8d3ae59dee2930d640add3bba983006e1f5dd1b6 fs/sfs: Fix over-read of root object name
 * 0108-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch
   ffd5a46f68710e2781899d0be4d701429a5a817d fs/jfs: Do not move to leaf level if name length is negative
 * 0109-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch
   bd0cf8148ccf721f6e39ffbd70f8abad0c8897f0 fs/jfs: Limit the extents that getblk() can consider
 * 0110-fs-jfs-Catch-infinite-recursion.patch
   223120dd83745126cb232a0248c9a8901d7e350d fs/jfs: Catch infinite recursion
 * 0111-fs-nilfs2-Reject-too-large-keys.patch
   20ab8cb44bc140a1dedda82a3fccdd45e9bc6929 fs/nilfs2: Reject too-large keys
 * 0112-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch
   37c0eb05cdcc64c28d31c4ebd300f14d5239d05e fs/nilfs2: Don't search children if provided number is too large
 * 0113-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch
   ca5d9ac206043b1fb4cb06259272fb1c5946bb6d fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup()
 * 0114-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch
   3334a5e6c86f10e715cca3bf66ce0fc2f164b61b io/gzio: Bail if gzio->tl/td is NULL
 * 0115-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch
   18490336d91da2b532277cba56473bfed1376fc4 io/gzio: Add init_dynamic_block() clean up if unpacking codes fails
 * 0116-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch
   4e76b08f7171a8603d74fcafb27409a91f578647 io/gzio: Catch missing values in huft_build() and bail
 * 0117-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch
   b5a2b59cc5b8f5ee7ba3b951e7693e402d5b3a6f io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails
 * 0118-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch
   a8cc95de74ccc3ad090e8062ac335c844f13c9f4 disk/lvm: Don't go beyond the end of the data we read from disk
 * 0119-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch
   27a79bf38e6d050e497eb96a3fdddce43af25577 disk/lvm: Don't blast past the end of the circular metadata buffer
 * 0120-disk-lvm-Bail-on-missing-PV-list.patch
   2958695c4cdc785de6ed708709af071a2d20afef disk/lvm: Bail on missing PV list
 * 0121-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch
   db29073fc7aec71a40dabfc722a96ea9f3280907 disk/lvm: Do not crash if an expected string is not found
 * 0122-disk-lvm-Do-not-overread-metadata.patch
   1155d7dffd3337942cb7583706b429d567d4db86 disk/lvm: Do not overread metadata
 * 0123-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch
   701293684742d00133b39bf957d3642c81dc83f4 disk/lvm: Sanitize rlocn->offset to prevent wild read
 * 0124-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch
   e18a00073890021362b4a48097672f1d4b340d3c disk/lvm: Do not allow a LV to be it's own segment's node's LV
 * 0125-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch
   b88a82e78cdd0ab8e0339c1c3f9564c4d8c0c969 fs/btrfs: Validate the number of stripes/parities in RAID5/6
 * 0126-fs-btrfs-Squash-some-uninitialized-reads.patch
   b911884dd707ba1e6f641eb17857df3155013a45 fs/btrfs: Squash some uninitialized reads
 * 0127-kern-parser-Fix-a-memory-leak.patch
   c6c426e5ab6ea715153b72584de6bd8c82f698ec kern/parser: Fix a memory leak
 * 0128-kern-parser-Introduce-process_char-helper.patch
   b1c9e9e889e4273fb15712051c887e6078511448 kern/parser: Introduce process_char() helper
 * 0129-kern-parser-Introduce-terminate_arg-helper.patch
   3d157bbd06506b170fde5ec23980c4bf9f7660e2 kern/parser: Introduce terminate_arg() helper
 * 0130-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
   8bc817014ce3d7a498db44eae33c8b90e2430926 kern/parser: Refactor grub_parser_split_cmdline() cleanup
 * 0131-kern-buffer-Add-variable-sized-heap-buffer.patch
   030fb6c4fa354cdbd6a8d6903dfed5d36eaf3cb2 kern/buffer: Add variable sized heap buffer
 * 0132-kern-parser-Fix-a-stack-buffer-overflow.patch
   4ea7bae51f97e49c84dc67ea30b466ca8633b9f6 kern/parser: Fix a stack buffer overflow
 * 0133-kern-efi-Add-initial-stack-protector-implementation.patch
   133d73079c5771bbf3d8311281b6772846357ec1 kern/efi: Add initial stack protector implementation
 * 0134-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
   d52f78def1b9c4f435fdbf6b24fd899208580c76 util/mkimage: Remove unused code to add BSS section
 * 0135-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
   1710452aca05ccdd21e74390ec08c63fdf0ee10a util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32()
 * 0136-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
   ae8936f9c375e1a38129e85a1b5d573fb451f288 util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff
 * 0137-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
   a4e8936f010a8e928e973b80390c8f83ad6b8000 util/mkimage: Unify more of the PE32 and PE32+ header set-up
 * 0138-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
   ba44c87e56a8bccde235ebb7d41d5aa54604d241 util/mkimage: Reorder PE optional header fields set-up
 * 0139-util-mkimage-Improve-data_size-value-calculation.patch
   ff406eff25465932b97a2857ee5a75fd0957e9b9 util/mkimage: Improve data_size value calculation
 * 0140-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
   f60ba9e5945892e835e53f0619406d96002f7f70 util/mkimage: Refactor section setup to use a helper
 * 0141-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
   b11547137703bbc642114a816233a5b6fed61b06 util/mkimage: Add an option to import SBAT metadata into a .sbat section
 * 0142-grub-install-common-Add-sbat-option.patch
   bb51ee2b49fbda0f66c1fa580a33442ff578f110 grub-install-common: Add --sbat option
 * 0143-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
   968de8c23c1cba0f18230f778ebcf6c412ec8ec5 shim_lock: Only skip loading shim_lock verifier with explicit consent
 * 0144-kern-misc-Split-parse_printf_args-into-format-parsin.patch
   7f11bde3143b21b40d8225ea1d641e0f83b5a01e kern/misc: Split parse_printf_args() into format parsing and va_list handling
 * 0145-kern-misc-Add-STRING-type-for-internal-printf-format.patch
   1a2a5aff71e8edba436398492279de434abfe7a3 kern/misc: Add STRING type for internal printf() format handling
 * 0146-kern-misc-Add-function-to-check-printf-format-agains.patch
   83603bea6ce8fdff5ab3fbc4c9e592a8c71a8706 kern/misc: Add function to check printf() format against expected format
 * 0147-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch
   42facd577231cf5ffe4c7128fed15b7e7d99cbca gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label
 * 0148-templates-Disable-the-os-prober-by-default.patch
   e346414725a70e5c74ee87ca14e580c66f517666 templates: Disable the os-prober by default
 * 0149-kern-mm-Fix-grub_debug_calloc-compilation-error.patch
   a9d8de960834f376087856f9d60a214b47c76f61 kern/mm: Fix grub_debug_calloc() compilation error
 * 0150-Makefile-Make-libgrub.pp-depend-on-config-util.h.patch
   42f4054faf3c7f2cd2cab5b43e63f9d97d81f7a1 Makefile: Make libgrub.pp depend on config-util.h

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin@orange.com>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-23 16:06:41 +02:00
Kory Maincent
82d1e8c628 boot/grub2: use none platform when building for host
When creating the image we are using the target modules. Building
the modules for host is then unnecessary.

Lets configure host Grub2 for the 'none' platform.

Note that this still installs a platform-dependent file:
    .../host/lib/grub/i386-pc/config.h

This file does not seem to have much purpose, but it is harmless.
We did not care to provide a post-isntall hook to remove it.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:56 +02:00
Kory Maincent
1fc095ec75 boot/grub2: fix the cdboot.img source from host to target
This patch updates the location of cdboot.img used, to select the one
from the target directory and not from the host.
The host-grub2 is built only to have access to the Grub tools binaries.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:53 +02:00
Kory Maincent
60b798e000 boot/grub2: add more explicit build messages
This patch adds the calls to MESSAGE, to explicit the different step of
the per-platform builds, following the current tuple loop. Besides a
nicer output to the user, this can also help debug what step actualy
failed.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:49 +02:00
Kory Maincent
7edf28468d boot/grub2: remove the unnecessary \-continuations
This patch cleans the code by removing unnecessary \-continuations.
It replaces the semi-colons by either && or separate lines.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:44 +02:00
Kory Maincent
e077b3997c boot/grub2: fix the installation of target tools
The tools were not installed anymore since we move from autotools to
generic-package. This patch fixes their installation.

We have decided to implement the install tool process by running the "make
install" command for each tuple. This allows to have all different
platforms Grub modules installed in the target. The drawback is the
overwrite of Grub2 binaries tools during each "make install" command. This
drawback is absolutely not important as it happens in the same package. This is
the best option to avoid unnecessary and more complexity to this package.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-10-23 22:41:40 +02:00
Kory Maincent
b68810e70c boot/grub2: add support to build multiple Grub2 configurations in the same build
When Grub2 is build it is configured only for one boot set-up, BIOS Legacy,
EFI 32 bit or EFI 64 bit. It can not deal with several boot set-up on the
same image.

This patch allows to build Grub2 for different configurations simultaneously.
To cover Grub2 configuration of legacy BIOS platforms (32-bit), 32-bit EFI
BIOS and 64-bit EFI BIOS in the same build, multi-build system felt much more
reasonable to just extend the grub2 package into 3 packages.

We can no longer use autotools-package as a consequence of this multi-build, and
we have to resort to generic-package and a partial duplication of
the autotools-infra. Grub2 was already using custom option like --prefix or
--exec-prefix so this won't add much more weirdness.

We use a GRUB2_TUPLES list to describe all the configurations selected.
For each boot case described in the GRUB2_TUPLES list, it configures and
builds Grub2 in a separate folder named build-$(tuple).
We use a foreach loop to make actions on each tuple selected.

We have to separate the BR2_TARGET_GRUB2_BUILTIN_MODULES and the
BR2_TARGET_GRUB2_BUILTIN_CONFIG for each BIOS or EFI boot cases.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
  - keep sub-options properly indented
  - fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-27 21:36:06 +02:00
Kory Maincent
3efb5e31fc board, boot, package: remove usage of startup.nsh in EFI partition
The startup.nsh file is useless to boot EFI payloads. We just need to
follow the naming detection specified in the UEFI spec.
The EFI payload need to be placed in the boot/efi folder in the EFI partition
and follow the architecture naming as described below:
32bit : bootia32.efi
x64 : bootx64.efi
aarch32 : bootarm.efi
aarch64 : bootaa64.efi

This naming is already right in the packages involved (systemd, grub2,
gummiboot), therefore we just need to drop the generation of the
startup.nsh file.

The usage of the startup.nsh in genimage is also dropped to avoid errors in
the image generation.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Tested-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-27 21:27:02 +02:00
Andreas Hilse
7cb51d4843 boot/grub2: workaround breakage with -O2, -O3 build
When grub2 (i386-pc) is built with -O2 or -O3 it is unable to boot
and the system will reboot in a loop.

Tony Battersby has bisected [0] the error down to this security bugfix:
boot/grub2/0132-kern-parser-Fix-a-stack-buffer-overflow.patch
There is also a bug report by Peter Seiderer about this [1].

As discussed on the mailing list [2], this patch introduces a workaround
in the grub2.mk overriding the global optimization settings with -Os
which results in a booting system.

References:
[0] https://savannah.gnu.org/bugs/?60458
[1] https://bugs.busybox.net/show_bug.cgi?id=13586
[2] http://lists.busybox.net/pipermail/buildroot/2021-May/311524.html

Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-30 23:37:01 +02:00
Thomas Petazzoni
a490687571 boot/grub2: ignore the last 3 remaining CVEs
An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:

 * CVE-2020-14372 is already fixed by a patch we have in our patch
   stack for grub2

 * CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
   not affect grub2 upstream, nor grub2 with the stack of patches we
   have in Buildroot

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 09:36:48 +02:00
Stefan Sørensen
1bad507220 boot/grub2: Backport 2021/03/02 securify fixes
Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

As detailed in commit 7e64a050fb, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.

In addition to the security fixes, these required patches has been
backported:

  f76a27996 efi: Make shim_lock GUID and protocol type public
  04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
  ac5c93675 efi: Add a function to read EFI variables with attributes
  d7e54b2e5 efi: Add secure boot detection

The following security issues are fixed:

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri

*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)

*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed

*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)

*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-14 08:24:24 +01:00
Matt Weber
63332c33aa package: provide CPE ID details for numerous packages
This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-04 21:43:54 +01:00
Stefan Sørensen
2f7a8021b5 boot/grub2: Backport Boothole securify fixes
Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html

Fixes the following security issues:

 * CVE-2020-10713
   A flaw was found in grub2, prior to version 2.06. An attacker may
   use the GRUB 2 flaw to hijack and tamper the GRUB verification
   process. This flaw also allows the bypass of Secure Boot
   protections. In order to load an untrusted or modified kernel, an
   attacker would first need to establish access to the system such as
   gaining physical access, obtain the ability to alter a pxe-boot
   network, or have remote access to a networked system with root
   access. With this access, an attacker could then craft a string to
   cause a buffer overflow by injecting a malicious payload that leads
   to arbitrary code execution within GRUB. The highest threat from
   this vulnerability is to data confidentiality and integrity as well
   as system availability.

 * CVE-2020-14308
   In grub2 versions before 2.06 the grub memory allocator doesn't
   check for possible arithmetic overflows on the requested allocation
   size. This leads the function to return invalid memory allocations
   which can be further used to cause possible integrity,
   confidentiality and availability impacts during the boot process.

 * CVE-2020-14309
   There's an issue with grub2 in all versions before 2.06 when
   handling squashfs filesystems containing a symbolic link with name
   length of UINT32 bytes in size. The name size leads to an
   arithmetic overflow leading to a zero-size allocation further
   causing a heap-based buffer overflow with attacker controlled data.

 * CVE-2020-14310
   An integer overflow in read_section_from_string may lead to a heap
   based buffer overflow.

 * CVE-2020-14311
   An integer overflow in grub_ext2_read_link may lead to a heap-based
   buffer overflow.

 * CVE-2020-15706
   GRUB2 contains a race condition in grub_script_function_create()
   leading to a use-after-free vulnerability which can be triggered by
   redefining a function whilst the same function is already
   executing, leading to arbitrary code execution and secure boot
   restriction bypass

 * CVE-2020-15707
   Integer overflows were discovered in the functions grub_cmd_initrd
   and grub_initrd_init in the efilinux component of GRUB2, as shipped
   in Debian, Red Hat, and Ubuntu (the functionality is not included
   in GRUB2 upstream), leading to a heap-based buffer overflow. These
   could be triggered by an extremely large number of arguments to the
   initrd command on 32-bit architectures, or a crafted filesystem
   with very large files on any architecture. An attacker could use
   this to execute arbitrary code and bypass UEFI Secure Boot
   restrictions. This issue affects GRUB2 version 2.04 and prior
   versions.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-03 13:38:49 +02:00
Fabrice Fontaine
7e64a050fb boot/grub2: Fix GRUB i386-pc build with Ubuntu gcc
Backport a patch from upstream to fix the build on certain versions of
gsc, notably:

    Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0
    Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008

The upstream patch is simply a change in the gentpl.py script, which is
used to generate parts of the automake machinery, so if we just backport
the upstream patch, we need to call the script to regenerate those files.

However, the modified script is a python script, so we would need to add
a dependency on host-python (2 or 3), which is not so nice.

Furthermore, calling the script is not enough: it needs a specific set
of optionss for each file it is to generate. That set of options is not
static; it is constructed in the convoluted autogen.sh. Calling
autogen.sh is usally not so good an idea in the Buildroot context, and
indeed this fails becasue it calls to autoreconf, but without our
carefuly crafted options and environment variables.

There was a little light in the tunnel, in that autogen.sh can be told
not to run autoreconf, by setting the environemnt variable
FROM_BOOTSTRAP to an non-=empty string, but this is fraught with various
other side-effects, as in that cause, autogen.sh expects to be valled by
an upper sciopt, bootstrap, which is not provided in the tarball
distribution...

So, between all those issues, autogen, bootstrap, and a host-python (2
or 3) dependency, we choose another route: path the script *and* the one
generated file affected by the change. Since that patched file is a .am
file, we also patch the corresponding .in file

However, we're faced with another issue: the other generated file is
now older than the script, so the automake machinery will now want to
re-run autoconf et al during the build step, which is still not a good
idea for us. So we touch the other generated file so it is mopre recent
than the script.

This is still not sufficient, because the patched file also has a
dependency on the generated file, so we need to touch as well.

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=12946

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - keep the hunk about patching gentpl.py
  - make it a git-formatted patch
  - add the touch
  - drastically expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-06-05 00:03:30 +02:00
Fabrice Fontaine
ea7ec41cf6 boot/grub2: bump to verson 2.04
- Remove patch (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-21 23:15:27 +02:00
Erico Nunes
273a27804a boot/grub2: enable support for arm and aarch64 targets
This commit enables the arm-uboot, arm-efi and aarch64-efi grub2
platforms in Buildroot.

With the uboot platform, the grub2 image gets built as a u-boot image
and is loaded from u-boot through a regular "bootm". The only
requirement from the u-boot side in order to allow this is that u-boot
is built with CONFIG_API enabled. CONFIG_API seems to not be enabled
by default in most in-tree configurations, however, it seems to be
available for quite some time now. So it might be possible to use this
even on older u-boot versions. This is available only for arm
(32-bit).

With the efi platform, grub2 gets built as an EFI executable. This
allows EFI firmware to find and load it similarly as it can be done
for x86_64. Also, since u-boot v2016.05, u-boot is able to load and
boot an EFI executable, so the uboot efi platform can also be used
from u-boot in recent versions. This has been enabled (mostly) by
default for ARM u-boot. efi platform is available for both arm and
aarch64.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: move the BR2_USE_MMU dependency in
BR2_TARGET_GRUB2_ARCH_SUPPORTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-26 21:08:13 +01:00
Erico Nunes
2d9566b7b7 boot/grub2: add option to install tools
Add an option to install grub2 support tools to the target.

In the context of Buildroot, some useful target tools provided are
grub2-editenv, grub2-reboot, which provide means to manage the grub2,
environment, boot order, and others.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-26 20:59:33 +01:00
Erico Nunes
ac0719e086 boot/grub2: separate target and host builds
grub2 requires the host grub2-mkimage tool to build some of its target
images. The current way of building this tool in the grub2 package is
to perform a simultaneous host-tools/target-bootloader build during
the grub2 build step.

This method makes the recipe complex to understand, and proved to be a
complication during the work to enable grub2 support for architectures
other than x86.

This patch tries to do a better separation between the build of grub2
host tools and target boot loader image, as a partial step to enable
grub2 to build for other architectures.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-26 20:58:37 +01:00
Tarek El-Sherbiny
523b27afa9 grub2: force -fno-stack-protector in CPPFLAGS
In commit 2a27294e9a ("grub2: force
-fno-stack-protector in CFLAGS"), a fix was made to the grub2 package
to make it build properly even when SSP support is enabled.

However, commit 20a4583ebf ("security
hardening: add RELFO, FORTIFY options") reworked how SSP options are
passed, and they are now passed in CPPFLAGS instead of CFLAGS, making
the fix introduced by 2a27294e9a no
longer operating.

This commit will force no-stack-protector in CPPFLAGS instead of
CFLAGS.

Fixes bug #10961.

Signed-off-by: Tarek El-Sherbiny <tarek_el-sherbiny@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-19 23:26:06 +02:00
Erico Nunes
2a27294e9a grub2: force -fno-stack-protector in CFLAGS
grub2 fails to configure when BR2_SSP_ALL is enabled, with the following
configure error:

  checking whether -fno-asynchronous-unwind-tables works... yes
  checking whether -fno-unwind-tables works... yes
  checking for target linking format... unknown
  configure: error: no suitable link format found

This can be worked around by enforcing -fno-stack-protector in the
package CFLAGS in a way that overrides the SSP flag, as is already done
for the valgrind package.

Fixes bug #10261.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reported-by: Dr I J Ormshaw <ian_ormshaw@waters.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-08-30 22:09:21 +02:00
Erico Nunes
5ffafd2353 grub2: bump up version
After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.

Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.

Since we're adding a Config.in comment, we also introduce a
BR2_TARGET_GRUB2_ARCH_SUPPORTS hidden boolean, in order to avoid
repeating the architecture dependencies.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add BR2_TARGET_GRUB2_ARCH_SUPPORTS, remove bogus dependencies
on ARM and AArch64, since enabling Grub2 on those architectures is
done in another commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-16 14:55:33 +02:00
Arnout Vandecappelle
6895400fd2 grub2: install in $(HOST_DIR) instead of $(HOST_DIR)/usr
grub2 builds for the target but installs with DESTDIR=$(HOST_DIR). Since
we set prefix to /usr in TARGET_CONF_OPTS, this results in installing
things in $(HOST_DIR)/usr.

To make sure we don't install in $(HOST_DIR)/usr, override --prefix and
--exec-prefix.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 16:06:47 +02:00
Arnout Vandecappelle
19ba17ee3b Globally replace $(HOST_DIR)/usr/lib with $(HOST_DIR)/lib
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.

This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/lib' | xargs sed -i 's%$(HOST_DIR)/usr/lib%$(HOST_DIR)/lib%g'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 15:20:05 +02:00
Arnout Vandecappelle
0f9c0bf3d5 Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.

This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 15:19:29 +02:00
Yann E. MORIN
0d643fd3e8 core: change the strip command from a choice to a boolean
Curently, we have a choice to select between stripping and not
stripping. This is legacy code from back when we had a third option,
sstrip (super-strip).

Since we removed sstrip, stripping or not stripping is now just a
boolean rather than a choice.

Make it so.

We make BR2_STRIP_strip default to 'y' to keep the current behaviour of
defaulting to stripping.

Move BR2_STIP_none to legacy, and instruct the user to review the new
setting.

Drop any reference to BR2_STRIP_none in comments.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-01 15:07:25 +02:00
Rahul Bedarkar
337aa51f3f boot, package: use SPDX short identifier for GPLv3/GPLv3+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:17:59 +02:00
Charles Hardin
fc174b7057 grub2: fix build with BR2_STRIP_none
grub2 assumes the strip command will generate output and the output should
always be stripped - so, just use the $(TARGET_CROSS)strip to make sure that
the build succeeds regardless of the buildroot strip configuration.

Signed-off-by: Charles Hardin <ckhardin@exablox.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-07-31 20:19:40 +02:00
Gilles Chanteperdrix
b64f7b7eee grub2: really disable liblzma
There is no option --enable-liblzma=no in grub2's configure script, so
the only way to disable liblzma support is to pass
ac_cv_lib_lzma_lzma_code=no.

Signed-off-by: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: expand commit log, as suggested by Yann E. Morin.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-15 23:01:18 +02:00
Arnout Vandecappelle
890c9e761b grub2: pass target NM, OBJCOPY and STRIP
Fixes https://bugs.busybox.net/show_bug.cgi?id=8256

grub2's build system interprets CC, CFLAGS and CPPFLAGS as for the host
and uses TARGET_CC etc. for the target. However, NM, OBJCOPY and STRIP
are used for the target. We currently pass the host-versions of these
tools as part of $(HOST_CONFIGURE_OPTS).

While we're at it, also pass TARGET_LDFLAGS.

This problem had not been noticed up to now because usually we build on
an x86 machine for the x86 architecture, so the binutils are compatible.
However, this is not true on an i386 when building for x86_64.

Cc: Christophe Bricout <christophebricout@yahoo.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-20 14:52:19 +02:00
Kinsella, Ray
8f609ed603 grub2: build El Torito image only for i386 PC platform
Building Grub2 El Torito for i386 EFI errors complaining it cannot
find cdboot.img

        cdboot.img: No such file or directory

This commit builds El Torito for i386 PC only.

[Thomas: fix installation ordering.]

Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-29 17:03:15 +02:00
Thomas Petazzoni
8decd25477 grub2: prepare and install El Torito image
In order to support ISO9660 bootable images that rely on Grub 2, this
commit modifies thr Grub 2 makefile to generate and install an El
Torito image. Such an image is simply produced by concatenating the
cdboot.img provided by Grub 2, and the Grub 2 image generated by
Buildroot using grub-mkimage.

Since this action is so simple and cost-free, we don't bother adding a
Grub 2 sub-option for that, and simply generate the El Torito image
unconditionally.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2015-06-14 23:24:59 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Thomas De Schampheleire
57f2b8d255 packages: rename FOO_INSTALL_TARGET_OPT into FOO_INSTALL_TARGET_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_INSTALL_TARGET_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_INSTALL_TARGET_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:48:33 +02:00
Jerzy Grzegorek
c7f4b96471 package: remove the trailing slash sign from <PKG>_SITE variable
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:

$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))

so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 23:17:46 +02:00
Jérôme Pouiller
8a5a57de1c grub2: Specify boot partition
Since boot partition was not specified, grub tools try to detect it
automatically. This patch add an option to force it.

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-07-02 10:59:01 +02:00
Dima Zavin
1f9a0b3815 grub2: add a configuration option to embed a config file
Add an option for embedding a config file directly in grub.

Signed-off-by: Dima Zavin <dmitriyz@google.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-20 17:48:46 +02:00
Thomas Petazzoni
c24fdb3680 grub2: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-19 23:28:04 +01:00
Thomas Petazzoni
a5dc0cdced grub2: remove package
Grub 2 has been marked BROKEN in June 2010, and nobody cared to fix it
since then.

At that time, it was marked broken because the build process needed a
Ruby interpreter available on the host, and it's really a pain that
building a bootloader needs such a thing.

I've tried to upgrade the package to Grub2 1.99-rcX, and now it does
not need a Ruby interpreter anymore, but instead requires a tool
called "autogen", which itself needs the Guile Scheme interpreter.

Since we haven't heard any complaints about Grub2 being marked broken,
and since it's such a pain to package, let's get rid of it. Of course,
anybody interested in Grub2 is invited to contribute a working
package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-07-10 15:31:16 +02:00
Thomas Petazzoni
a1c8fa41f6 Update all packages to quote $(TARGET_CC)
Now that TARGET_CC contains several space-separated words, it must be
used quoted everywhere.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-07 08:20:21 +02:00
Thomas Petazzoni
1d73ef9449 grub2: remove non-existing options
Much of the grub2.mk seems to have been copy/pasted from
grub.mk. However, all the network/splashimage related ./configure
options do not exist in grub2.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:44 +02:00
Thomas Petazzoni
d36fbf1eda grub2: fix build
grub2 now builds fine, but some work remains to make it usable. What
should be installed exactly in the TARGET_DIR ? What is the
installation procedure and what should Buildroot do ?

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:43 +02:00
Thomas Petazzoni
7aaf4e8995 grub2: bump version
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:43 +02:00
Thomas Petazzoni
bff56ab548 grub/grub2: update splash image location
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:43 +02:00
Thomas Petazzoni
e6b73b6548 grub/grub2: drop unnecessary dependency on uclibc
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:43 +02:00
Thomas Petazzoni
399131e62b grub2: remove GRUB2_ARCH_SUPPORTED
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-12 13:38:42 +02:00
Thomas Petazzoni
649b5b9250 bootloaders: move bootloader build code to boot/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-10 21:05:12 +02:00