| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb554d14142f93c39fd1516a31757006531c348f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The CVE only applies to RHEL.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're using a pre-release version of 2.06 so these issues are fixed but
continue to show up in the checks since it is pre-2.06 and the CPE
entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It fails to boot grub after upgrade grub to 2.06. According to
description in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14367
it is introduced by a commit to fix CVE. So remove option '-O2' from
CFLAGS rather than revert the commit to avoid the failure.
[YOCTO #14367]
CC: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69805629b8f47fd46a37b7c5cc435982e2ac3d1d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Update the patch as submitted upstream to grub2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This cast was accidentally dropped in
https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2bf40e9e5be9808b17852e688eead87acff14420
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A full working port is not available yet, until such time disable it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
2.06 RC1 release have a number of CVEs fixed:
CVE-2020-15705
CVE-2021-3418
CVE-2020-27749
CVE-2021-20233
CVE-2021-20225
CVE-2020-25647
CVE-2020-25632
CVE-2020-27779
CVE-2020-14372
CVE-2020-15707
CVE-2020-15706
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14308
CVE-2020-10713
CVE-2014-4607
Dropped backported patches.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
New versions of binutils caused object files to be 128MB in size,
backporting this fix reduced them back to a sensible size, e.g.
1024 bytes. This avoids initramfix size issues!
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're seeing reproducibility issue on the autobuilder due to changing
module dependency ordering. Add some sorting to an awk script to fix this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds RISC-V to the COMPATIBLE_HOST. Since GRUB 2.04,
the source code supports the RISC-V, thanks to Alexander Graf.
Adding the GRUBPLATFORM for RISC-V prevents autoconf problems.
Also, the patch appends the __anonymous method with RISC-V architecture.
Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.
CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch
CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
grub and grub-efi recipes' CVE_PRODUCT should be grub2.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The native version of grub-efi only installs the tools
/usr/bin/grub-editenv
/usr/bin/grub-mkimage
to sysroots-components/, but equivalent tools are already provided by
grub-native, the difference on x86_64 being 4 hardwired paths in grub-mkimage
(values taken from grub-native):
LOCALEDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share/locale
GRUB_DATADIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share
GRUB_LIBDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/lib
GRUB_SYSCONFDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/etc
If grub-native and grub-efi-native are built with the following patch
--- grub-2.04.orig/configure.ac
+++ grub-2.04/configure.ac
@@ -1980,10 +1980,10 @@ grub_libdir="$(eval echo "$libdir")"
grub_localedir="$(eval echo "$localedir")"
grub_datadir="$(eval echo "$datadir")"
grub_sysconfdir="$(eval echo "$sysconfdir")"
-AC_DEFINE_UNQUOTED(LOCALEDIR, "$grub_localedir", [Locale dir])
-AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "$grub_libdir", [Library dir])
-AC_DEFINE_UNQUOTED(GRUB_DATADIR, "$grub_datadir", [Data dir])
-AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "$grub_sysconfdir", [Configuration dir])
+AC_DEFINE_UNQUOTED(LOCALEDIR, "/non-existent", [Locale dir])
+AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "/non-existent", [Library dir])
+AC_DEFINE_UNQUOTED(GRUB_DATADIR, "/non-existent", [Data dir])
+AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "/non-existent", [Configuration dir])
the produced grub-editenv/grub-mkimage binaries become binary equivalent,
assuming reproducible builds is active. Since the unpatched values of
LOCALEDIR/GRUB_DATADIR/GRUB_LIBDIR/GRUB_SYSCONFDIR point to directories that
are not expected to exist at runtime, they can be ignored.
Therefore:
* remove grub-efi-native and instead rely on the same tools from
grub-native
* replace references to grub-efi-native with grub-native
* remove unused grub-efi-native security flags overrides
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_configure() essentially calls autogen.sh to generate some sources and then
autoreconf, but autogen.sh also calls autoreconf.
Pass a magic variable so that autogen.sh doesn't autoreconf for us.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Grub uses pkg-config but is only in the sysroot via dependencies. Be explicit
and inherit pkgconfig directly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Not only grub-efi-native, but also add grub-native to provide
grub utilities on host
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* For changes in this version, see:
http://git.savannah.gnu.org/cgit/grub.git/tree/NEWS?h=grub-2.04
* Remove backported patches and refresh others.
* Remove the musl patch as it's no longer needed.
* Use configure option --disable-werror instead of passing through CFLAGS.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As part of the mission to remove the use of Python 2, explicitly use Python 3
when building grub.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We no longer export these variables into the environment so we no longer
need this code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since commit [330fc83 grub: Use -Wno-error instead of doing this
on a per-warning basis] applied in oe-core, it missed a space
in append.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In practice the warnings were disabled individually instead of fixes added,
so just make all warnings non-fatal to achieve the same.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable -Waddress-of-packed-member being treated as error
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch that helps with this error which is found
by gcc9
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* grub-efi support on arm is enabled as below
commit:
commit 65f9fb788371a9a08e3b0e6febecb9cc2aaeefe7
Author: Kristian Amlie <kristian.amlie@northern.tech>
Date: Tue Jul 10 16:07:12 2018 +0200
grub-efi: Provide target architecture for 32-bit ARM.
* But it fails on arm as below:
| grub-mkimage: error: cannot open `./grub-core//serial.mod': No such file or directory.
Set GRUBPLATFORM_arm = "efi" to fix the above error
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The lvm2 recipe in meta-oe was split, so the libdevmapper library is
provided by the libdevmapper recipe rather than lvm2.
Signed-off-by: Robert Joslyn <robert_joslyn@selinc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
While installing grub and grub-efi, there are conflict files
in ${sysconfdir} ${datadir} ${bindir} ${sbindir}.
- Since all of the conflicted files are tools which is
common for grub and grub-efi, we split them (except
grub-editenv) to grub-common in grub.
- The package grub-common runtime depends grub-editenv
- The package grub-editenv runtime provides grub-efi-editenv
- Remove SYSROOT_DIRS_BLACKLIST
- The recipe grub-efi does not generate the duplicated files
and use runtime depends grub-common to instead
Debian and Fedora do the similar thing.
Debian use a common package grub-common for both of pc bios and efi,
and use package grub-pc-bin for pc bios, grub-efi-amd64-bin for efi.
Both of grub-pc-bin and grub-efi-amd64-bin requires grub-common.
https://packages.debian.org/sid/grub-common
https://packages.debian.org/jessie/grub-pc-bin
https://packages.debian.org/jessie/grub-efi-amd64-bin
Fedora use a common package grub2-tools for both of pc bios and efi,
and use package grub2 for pc bios, grub2-efi-modules for efi.
Both of grub2 and grub2-efi-modules requires grub2-tools.
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-tools-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-efi-modules-2.02-0.34.fc24.x86_64.html
[YOCTO #11639]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The editenv utility must be available on grub and grub-efi so we
better have it inside the grub2.inc file to avoid the duplication of
metadata.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* e.g. with gentoo gcc-7.1 they define _FORTIFY_SOURCE by default with:
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/7.1.0/gentoo/10_all_default-fortify-source.patch?view=markup
which results in following error while building grub-efi-native:
./config-util.h:1504:48: error: this use of "defined" may not be portable [-Werror=expansion-to-defined]
|| (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \
^~~~~~~~~~~~~~~
this part comes from gnulib and it's used only for Apple and BSD,
so we can ignore it, but we cannot add -Wno-error=expansion-to-defined
because this warning was introduced only in gcc-7 and older gcc
will fail with:
cc1: error: -Werror=expansion-to-defined: no option -Wexpansion-to-defined
use #pragma to work around this
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since grub upgraded to 2.02, it forgot to aplly
0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch.
...
commit 4f27e4042dfb39caa71c7c6eb0a327de6af4d563
Author: Khem Raj <raj.khem@gmail.com>
Date: Fri Apr 21 20:36:06 2017 +0000
grub: Update to 2.02
...
The missing caused grub-mkconfig could not detect kernel bzImage.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Hasn't been required by grub for quite a while.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
For the same reasons as Debian:
https://www.debian.org/News/2017/20170425
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop git recipe, add arm bits to 2.02 itself
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport relevant patch from grub git
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Rather than erroring out on a single attempt while
terminating EFI services, make a few retries because
such quirks are found in a few implementations.
Also fix a div by zero issue in the same framework
which causes an infinite reboot on the target.
Both patches included here are backports.
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Recent distros are enabling -pie by default; in case of grub
we need to turn it off.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
While using oe-core toolchain to strip grub module 'all_video.mod',
it stripped symbol table:
--------------
root@localhost:~# objdump -t all_video.mod
all_video.mod: file format elf64-x86-64
SYMBOL TABLE:
no symbols
--------------
It caused grub to load module all_video failed.
(This module will be loaded by defalut which configed in grub.cfg)
--------------
grub> insmod all_video
error: no symbol table.
--------------
Tweak strip option to keep symbol .module_license could workaround
the issue.
--------------
root@localhost:~# objdump -t all_video.mod
all_video.mod: file format elf64-x86-64
SYMBOL TABLE:
0000000000000000 l d .text 0000000000000000 .text
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 l d .module_license 0000000000000000 .module_license
0000000000000000 l d .bss 0000000000000000 .bss
0000000000000000 l d .moddeps 0000000000000000 .moddeps
0000000000000000 l d .modname 0000000000000000 .modname
--------------
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* When adding new source files from upstream the autogen.sh
script needs to be run
* Rework grub2-remove-sparc64-setup-from-x86-builds.patch
to remove the grub-setup helper program grub-sparc64-setup
in Makefile.util.def instead of the previous Makefile.util.am
to avoid the update for Makefile.util.am in do_patch phase is
overwritten by the autogen.sh in do_configure phase
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch which silences following
'../../grub-2.00/grub-core/'`gfxmenu/model.c
../../grub-2.00/grub-core/gettext/gettext.c:37:36: error: storage size of 'main_context' isn't known
static struct grub_gettext_context main_context, secondary_context;
^~~~~~~~~~~~
make[3]: *** [gettext/gettext_module-gettext.o] Error 1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the documentation needs to rebuild then it will fail as the syntax isn't
valid with modern texinfo. Backport a patch from git to fix the syntax.
[ YOCTO #9306 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
grub contains it's own internal lzma library. Attempting to build grub against
the system liblzma shared library or header files is not likely to end well.
This change does not cause a floating dependency since all grub2.inc based
recipes pass "--enable-liblzma=no" to configure.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
grub2 creates its own set of -nostdinc / -isystem / -ffreestanding
CFLAGS and OE's default BUILD_CFLAGS (assigned to CFLAGS for native
builds) etc, conflict with that.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The grub2 configure script uses variables such as TARGET_CFLAGS etc
for its own purposes. Remove the OE versions from the configure
environment to avoid conflicts.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Yongxin Liu
Richard Purdie
Kai Kang
Khem Raj
Naveen Saini
Norbert Kaminski
Lee Chee Yang
Chen Qi
Jacob Kroon
Ross Burton
Hongxu Jia
Adrian Bunk
Anuj Mittal
Martin Jansa
Mingli Yu
Robert Joslyn
Otavio Salvador
Alexander Kanavin
Maxin B. John
Awais Belal
Peter Kjellerstedt
Andre McCurdy