Age | Commit message (Collapse) | Author |
|
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb554d14142f93c39fd1516a31757006531c348f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The CVE only applies to RHEL.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're using a pre-release version of 2.06 so these issues are fixed but
continue to show up in the checks since it is pre-2.06 and the CPE
entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It fails to boot grub after upgrade grub to 2.06. According to
description in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14367
it is introduced by a commit to fix CVE. So remove option '-O2' from
CFLAGS rather than revert the commit to avoid the failure.
[YOCTO #14367]
CC: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69805629b8f47fd46a37b7c5cc435982e2ac3d1d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Update the patch as submitted upstream to grub2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This cast was accidentally dropped in
https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2bf40e9e5be9808b17852e688eead87acff14420
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A full working port is not available yet, until such time disable it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
2.06 RC1 release have a number of CVEs fixed:
CVE-2020-15705
CVE-2021-3418
CVE-2020-27749
CVE-2021-20233
CVE-2021-20225
CVE-2020-25647
CVE-2020-25632
CVE-2020-27779
CVE-2020-14372
CVE-2020-15707
CVE-2020-15706
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14308
CVE-2020-10713
CVE-2014-4607
Dropped backported patches.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Even in grub-efi platforms we need to build grub for the the common
tools. On x86 this isn't a problem because grub builds legacy boot and
grub-efi builds EFI, but on aarch64 there is no legacy boot supported by
grub.
To ensure that the common tools are built the grub recipe also builds
EFI binaries, but this now means that grub and grub-efi ship the same
binaries.
oe-core 933286 fixed this conflict by deleting the binaries from
grub-efi and putting the aarch64 modules into grub-common (relying on
dependencies to pull grub-common in). This seems backwards: grub-efi no
longer contains the binaries and they're in different packages on arm or
x86. Also, SDK generation is broken as the grub package itself is now
empty as the binaries are in grub-common.
Resolve all of these issues by reversing the logic: grub-efi is the
package which holds the EFI binaries on all platforms. grub only builds
for EFI on aarch64 as a way to build the common binaries, so delete them
in that recipe to avoid conflicts. And finally as the grub recipe is
empty on aarch64 but needed by dependencies, set ALLOW_EMPTY.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
New versions of binutils caused object files to be 128MB in size,
backporting this fix reduced them back to a sensible size, e.g.
1024 bytes. This avoids initramfix size issues!
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the ordering in the generated unidata.c file to aid reproducibility.
[YOCTO #14167]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The "CVE:" line in the patch for CVEs 2020-14309, CVE-2020-14310, and
CVE-2020-14311 had commas between the CVE numbers, which resulted in
CVE-2020-14310 not being picked up as patched by cve-check.bbclass's
parsing. Remove the commas to match cve-check.bbclass's expectations.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a second list sorting problem in a generator script within grub,
add a sort() of a list to resolve this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're seeing reproducibility issue on the autobuilder due to changing
module dependency ordering. Add some sorting to an awk script to fix this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds RISC-V to the COMPATIBLE_HOST. Since GRUB 2.04,
the source code supports the RISC-V, thanks to Alexander Graf.
Adding the GRUBPLATFORM for RISC-V prevents autoconf problems.
Also, the patch appends the __anonymous method with RISC-V architecture.
Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nativesdk support to make grub-mkimage tool part of Host tools
in the generated SDK.
The conf file should have "TOOLCHAIN_HOST_TASK_append = " nativesdk-grub"
for the grub-mkimage to show up.
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.
CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch
CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
grub and grub-efi recipes' CVE_PRODUCT should be grub2.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The native version of grub-efi only installs the tools
/usr/bin/grub-editenv
/usr/bin/grub-mkimage
to sysroots-components/, but equivalent tools are already provided by
grub-native, the difference on x86_64 being 4 hardwired paths in grub-mkimage
(values taken from grub-native):
LOCALEDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share/locale
GRUB_DATADIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share
GRUB_LIBDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/lib
GRUB_SYSCONFDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/etc
If grub-native and grub-efi-native are built with the following patch
--- grub-2.04.orig/configure.ac
+++ grub-2.04/configure.ac
@@ -1980,10 +1980,10 @@ grub_libdir="$(eval echo "$libdir")"
grub_localedir="$(eval echo "$localedir")"
grub_datadir="$(eval echo "$datadir")"
grub_sysconfdir="$(eval echo "$sysconfdir")"
-AC_DEFINE_UNQUOTED(LOCALEDIR, "$grub_localedir", [Locale dir])
-AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "$grub_libdir", [Library dir])
-AC_DEFINE_UNQUOTED(GRUB_DATADIR, "$grub_datadir", [Data dir])
-AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "$grub_sysconfdir", [Configuration dir])
+AC_DEFINE_UNQUOTED(LOCALEDIR, "/non-existent", [Locale dir])
+AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "/non-existent", [Library dir])
+AC_DEFINE_UNQUOTED(GRUB_DATADIR, "/non-existent", [Data dir])
+AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "/non-existent", [Configuration dir])
the produced grub-editenv/grub-mkimage binaries become binary equivalent,
assuming reproducible builds is active. Since the unpatched values of
LOCALEDIR/GRUB_DATADIR/GRUB_LIBDIR/GRUB_SYSCONFDIR point to directories that
are not expected to exist at runtime, they can be ignored.
Therefore:
* remove grub-efi-native and instead rely on the same tools from
grub-native
* replace references to grub-efi-native with grub-native
* remove unused grub-efi-native security flags overrides
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_configure() essentially calls autogen.sh to generate some sources and then
autoreconf, but autogen.sh also calls autoreconf.
Pass a magic variable so that autogen.sh doesn't autoreconf for us.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Grub uses pkg-config but is only in the sysroot via dependencies. Be explicit
and inherit pkgconfig directly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use variables from image-uefi.conf instead of hardcoding them in the
recipe.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use variables from image-uefi.conf instead of hardcoding them in the
recipe.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The diffutils runtime dependency was introduced from legacy grub since
the script grub-install invokes cmp command which is from diffutils
package. But in Grub2 the grub-install has been rewritten with C
language. So this package isn't needed anymore.
The freetype runtime dependency is for grub-mkfont but we have
explicitly disabled grub-mkfont build. It is safe to remove it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
MACHINE = qemuarm64
IMAGE_INSTALL_append = ' grub grub-efi'
do_rootfs failed with error:
file /usr/lib64/grub/arm64-efi/acpi.module conflicts between attempted installs of grub-2.02-r0.aarch64 and grub-efi-2.02-r0.aarch64
file /usr/lib64/grub/arm64-efi/adler32.module conflicts between attempted installs of grub-2.02-r0.aarch64 and grub-efi-2.02-r0.aarch64
...
file /usr/lib64/grub/arm64-efi/zfsinfo.module conflicts between attempted installs of grub-2.02-r0.aarch64 and grub-efi-2.02-r0.aarch64
For arm64, grub and grub-efi both compiled GRUBD2 with platform
arm64-efi, arm64 only support platform efi. So both packages have
almost same folder and content /usr/lib64/grub/arm64-efi/*
if Machine set to qemux86_64, do_rootfs will not have this problem,
since for grub, it compiled with platform i386-pc, for grub-efi,
compiled with platform x86-64-efi.
>From commit:
commit 4e9bb03238af48c70075037a77094a8c1bddf284
Author: Hongxu Jia <hongxu.jia@windriver.com>
Date: Wed Jan 17 03:25:58 2018 -0500
grub/grub-efi: fix conflict
While installing grub and grub-efi, there are conflict files
in ${sysconfdir} ${datadir} ${bindir} ${sbindir}.
- Since all of the conflicted files are tools which is
common for grub and grub-efi, we split them (except
grub-editenv) to grub-common in grub.
common tools for grub and grub-efi are installed into grub-common,
for aarch64, also shipped libdir into this common packages.
in this way, for qemuarm64, package grub is empty, and package grub-efi
use lib in package grub-common
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Not only grub-efi-native, but also add grub-native to provide
grub utilities on host
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* For changes in this version, see:
http://git.savannah.gnu.org/cgit/grub.git/tree/NEWS?h=grub-2.04
* Remove backported patches and refresh others.
* Remove the musl patch as it's no longer needed.
* Use configure option --disable-werror instead of passing through CFLAGS.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As part of the mission to remove the use of Python 2, explicitly use Python 3
when building grub.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We no longer export these variables into the environment so we no longer
need this code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since commit [330fc83 grub: Use -Wno-error instead of doing this
on a per-warning basis] applied in oe-core, it missed a space
in append.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In practice the warnings were disabled individually instead of fixes added,
so just make all warnings non-fatal to achieve the same.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Having a native version of grub-editenv around can be useful for
setting the targets grub environment.
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was not compiled for x86_64 when previously testing aarch64
so some tests were missed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable -Waddress-of-packed-member being treated as error
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch that helps with this error which is found
by gcc9
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* grub-efi support on arm is enabled as below
commit:
commit 65f9fb788371a9a08e3b0e6febecb9cc2aaeefe7
Author: Kristian Amlie <kristian.amlie@northern.tech>
Date: Tue Jul 10 16:07:12 2018 +0200
grub-efi: Provide target architecture for 32-bit ARM.
* But it fails on arm as below:
| grub-mkimage: error: cannot open `./grub-core//serial.mod': No such file or directory.
Set GRUBPLATFORM_arm = "efi" to fix the above error
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add missing target and image for aarch64, as the current revision is
already fully compatible with ARMv8.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This way we could theoretically support multiple bootloaders, and we
keep the convention of boot(x64|ia32).
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since /boot/ will be recipe/package controlled now we can't just deploy.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This makes use of the grub-efi-cfg bbclass that was split out to create
a grub.cfg file just like the old one.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The module configfile allows loading a custom grub configuration file
from block devices, which can be used to customize the default grub
menu when creating images with wic (via configfile argument).
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|