diff options
Diffstat (limited to 'sys-boot/grub/files')
| -rw-r--r-- | sys-boot/grub/files/2.02_beta3-10_linux-UUID.patch | 27 | ||||
| -rw-r--r-- | sys-boot/grub/files/CVE-2015-8370.patch | 54 | ||||
| -rw-r--r-- | sys-boot/grub/files/gfxpayload.patch | 29 | ||||
| -rw-r--r-- | sys-boot/grub/files/grub-2.00-freetype-2.5.1.patch | 24 | ||||
| -rw-r--r-- | sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch | 67 | ||||
| -rw-r--r-- | sys-boot/grub/files/grub-2.02_beta2-libzfs.patch | 19 | ||||
| -rw-r--r-- | sys-boot/grub/files/grub-2.02_beta2-lvm2-raid1.patch | 68 | ||||
| -rw-r--r-- | sys-boot/grub/files/grub.default-3 | 74 |
8 files changed, 362 insertions, 0 deletions
diff --git a/sys-boot/grub/files/2.02_beta3-10_linux-UUID.patch b/sys-boot/grub/files/2.02_beta3-10_linux-UUID.patch new file mode 100644 index 00000000..1dcf3b5b --- /dev/null +++ b/sys-boot/grub/files/2.02_beta3-10_linux-UUID.patch @@ -0,0 +1,27 @@ +From ea8de5d2ee58178381e5809e4d5fe79861e61b04 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Sat, 5 Mar 2016 17:21:15 -0500 +Subject: [PATCH] [2.02] 10_linux: Fix grouping of tests for GRUB_DEVICE + +Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to +mixing of || and && operators. Add some parens to help with that. +--- + util/grub.d/10_linux.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 5a78513..de9044c 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -47,7 +47,7 @@ esac + # and mounting btrfs requires user space scanning, so force UUID in this case. + if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ + || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ +- || test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm; then ++ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} + else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} +-- +2.7.2 + diff --git a/sys-boot/grub/files/CVE-2015-8370.patch b/sys-boot/grub/files/CVE-2015-8370.patch new file mode 100644 index 00000000..69e419ee --- /dev/null +++ b/sys-boot/grub/files/CVE-2015-8370.patch @@ -0,0 +1,54 @@ +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecmargi@upv.es> +Date: Wed, 16 Dec 2015 07:57:18 +0300 +Subject: [PATCH] Fix security issue when reading username and password + +This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> +Also-By: Andrey Borzenkov <arvidjaar@gmail.com> +--- + grub-core/lib/crypto.c | 3 ++- + grub-core/normal/auth.c | 7 +++++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..683a8aa 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; ++ if (cur_len) ++ cur_len--; + continue; + } + +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..8615c48 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; +- grub_printf ("\b"); ++ if (cur_len) ++ { ++ cur_len--; ++ grub_printf ("\b"); ++ } + continue; + } + +-- +2.6.4 + diff --git a/sys-boot/grub/files/gfxpayload.patch b/sys-boot/grub/files/gfxpayload.patch new file mode 100644 index 00000000..6c63ef88 --- /dev/null +++ b/sys-boot/grub/files/gfxpayload.patch @@ -0,0 +1,29 @@ +From e2d5bf1bc6aaaabeba538c1ca94ea8601e4e1474 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Thu, 16 Oct 2014 23:43:51 -0400 +Subject: [PATCH] 10_linux: Default gfxpayload=keep only when booting using efi + +vesafb seems to be unreliable when using BIOS compat mode. + +--- + util/grub.d/10_linux.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index d2e2a8f..a54b888 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -104,7 +104,9 @@ linux_entry () + echo " load_video" | sed "s/^/$submenu_indentation/" + if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ + && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then +- echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' if [ "x$grub_platform" = xefi ]; then' | sed "s/^/$submenu_indentation/" ++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' fi' | sed "s/^/$submenu_indentation/" + fi + else + if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then +-- +2.7.2 + diff --git a/sys-boot/grub/files/grub-2.00-freetype-2.5.1.patch b/sys-boot/grub/files/grub-2.00-freetype-2.5.1.patch new file mode 100644 index 00000000..286830cc --- /dev/null +++ b/sys-boot/grub/files/grub-2.00-freetype-2.5.1.patch @@ -0,0 +1,24 @@ +commit fd0df6d098b1e6a4f60275c48a3ec88d15ba1fbb +Author: Colin Watson <cjwatson@ubuntu.com> +Date: Fri Nov 29 12:19:36 2013 +0000 + + Fix build with FreeType 2.5.1 + + * util/grub-gen-asciih.c: Include FT_SYNTHESIS_H rather than + <freetype/ftsynth.h>, fixing build with FreeType 2.5.1. + * util/grub-gen-widthspec.c: Likewise. + * util/grub-mkfont.c: Likewise. + +diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c +index 0d8eb78..242dd01 100644 +--- a/util/grub-mkfont.c ++++ b/util/grub-mkfont.c +@@ -43,7 +43,7 @@ + #include FT_FREETYPE_H + #include FT_TRUETYPE_TAGS_H + #include FT_TRUETYPE_TABLES_H +-#include <freetype/ftsynth.h> ++#include FT_SYNTHESIS_H + + #undef __FTERRORS_H__ + #define FT_ERROR_START_LIST const char *ft_errmsgs[] = { diff --git a/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch b/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch new file mode 100644 index 00000000..c66ee68d --- /dev/null +++ b/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch @@ -0,0 +1,67 @@ +From 43e3295aaad5278a1e53c5282e2660b72cd76d28 Mon Sep 17 00:00:00 2001 +From: "Robin H. Johnson" <robbat2@gentoo.org> +Date: Tue, 29 Dec 2015 15:29:14 -0800 +Subject: [PATCH] GRUB_LINUX_KERNEL_GLOBS: configurable kernel selection + +* util/grub.d/10_linux.in: Implement GRUB_LINUX_KERNEL_GLOBS +* docs/grub.texi: Document GRUB_LINUX_KERNEL_GLOBS + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> +--- + docs/grub.texi | 5 +++++ + util/grub.d/10_linux.in | 21 +++++++++++---------- + 2 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 9a25a0b..d1129ec 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1490,6 +1490,11 @@ This option may be set to a list of GRUB module names separated by spaces. + Each module will be loaded as early as possible, at the start of + @file{grub.cfg}. + ++@item GRUB_LINUX_KERNEL_GLOBS ++This option may be set to override the list of path globs used to find Linux ++kernels. The defaults vary by architecture, and generally include both ++@file{/boot} and @file{/}. ++ + @end table + + The following options are still accepted for compatibility with existing +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 859b608..e5ac11d 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -145,18 +145,19 @@ EOF + } + + machine=`uname -m` +-case "x$machine" in ++globs="$GRUB_LINUX_KERNEL_GLOBS" ++[ -z "$globs" ] && case "x$machine" in + xi?86 | xx86_64) +- list= +- for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; +- *) +- list= +- for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; ++ globs="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ++ ;; ++ *) ++ globs="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-*" ++ ;; + esac ++list= ++for i in ${globs} ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++done + + case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; +-- +2.3.0 + diff --git a/sys-boot/grub/files/grub-2.02_beta2-libzfs.patch b/sys-boot/grub/files/grub-2.02_beta2-libzfs.patch new file mode 100644 index 00000000..d76a903c --- /dev/null +++ b/sys-boot/grub/files/grub-2.02_beta2-libzfs.patch @@ -0,0 +1,19 @@ +commit 6ba983559dcffa0fa69c7fc861b5a16b4877a92c +Author: Mike Gilbert <floppym@gentoo.org> +Date: Sat Jan 18 19:41:15 2014 +0100 + + * Makefile.util.def: Link grub-ofpathname with zfs libs. + +diff --git a/Makefile.util.def b/Makefile.util.def +index 83df212..a286a89 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -384,7 +384,7 @@ program = { + ldadd = libgrubgcry.a; + ldadd = libgrubkern.a; + ldadd = grub-core/gnulib/libgnu.a; +- ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBGEOM)'; ++ ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; + }; + + program = { diff --git a/sys-boot/grub/files/grub-2.02_beta2-lvm2-raid1.patch b/sys-boot/grub/files/grub-2.02_beta2-lvm2-raid1.patch new file mode 100644 index 00000000..76c72a62 --- /dev/null +++ b/sys-boot/grub/files/grub-2.02_beta2-lvm2-raid1.patch @@ -0,0 +1,68 @@ +From: Andrei Borzenkov <arvidjaar@gmail.com> +Date: Thu, 19 Mar 2015 18:30:27 +0000 (+0300) +Subject: core: add LVM RAID1 support +X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff_plain;h=527eeeeee6c8d3d8e3bb1fac408d47bb1dcbec95;hp=7c9309e50a124817e67de38b30c6291acecad560 + +core: add LVM RAID1 support + +Closes 44534. +--- + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 1e7f197..9b97004 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -577,13 +577,17 @@ grub_lvm_detect (grub_disk_t disk, + if (is_pvmove) + seg->node_count = 1; + } +- else if (grub_memcmp (p, "raid", sizeof ("raid") - 1) +- == 0 && (p[sizeof ("raid") - 1] >= '4' +- && p[sizeof ("raid") - 1] <= '6') ++ else if (grub_memcmp (p, "raid", sizeof ("raid") - 1) == 0 ++ && ((p[sizeof ("raid") - 1] >= '4' ++ && p[sizeof ("raid") - 1] <= '6') ++ || p[sizeof ("raid") - 1] == '1') + && p[sizeof ("raidX") - 1] == '"') + { + switch (p[sizeof ("raid") - 1]) + { ++ case '1': ++ seg->type = GRUB_DISKFILTER_MIRROR; ++ break; + case '4': + seg->type = GRUB_DISKFILTER_RAID4; + seg->layout = GRUB_RAID_LAYOUT_LEFT_ASYMMETRIC; +@@ -608,16 +612,18 @@ grub_lvm_detect (grub_disk_t disk, + goto lvs_segment_fail; + } + +- seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); +- if (p == NULL) ++ if (seg->type != GRUB_DISKFILTER_MIRROR) + { ++ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); ++ if (p == NULL) ++ { + #ifdef GRUB_UTIL +- grub_util_info ("unknown stripe_size\n"); ++ grub_util_info ("unknown stripe_size\n"); + #endif +- goto lvs_segment_fail; ++ goto lvs_segment_fail; ++ } + } + +- + seg->nodes = grub_zalloc (sizeof (seg->nodes[0]) + * seg->node_count); + +@@ -625,7 +631,7 @@ grub_lvm_detect (grub_disk_t disk, + if (p == NULL) + { + #ifdef GRUB_UTIL +- grub_util_info ("unknown mirrors\n"); ++ grub_util_info ("unknown raids\n"); + #endif + goto lvs_segment_fail2; + } diff --git a/sys-boot/grub/files/grub.default-3 b/sys-boot/grub/files/grub.default-3 new file mode 100644 index 00000000..35ab767b --- /dev/null +++ b/sys-boot/grub/files/grub.default-3 @@ -0,0 +1,74 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ +# +# To populate all changes in this file you need to regenerate your +# grub configuration file afterwards: +# 'grub2-mkconfig -o /boot/grub/grub.cfg' +# +# See the grub info page for documentation on possible variables and +# their associated values. + +GRUB_DISTRIBUTOR="Gentoo" + +# Default menu entry +#GRUB_DEFAULT=0 + +# Boot the default entry this many seconds after the menu is displayed +#GRUB_TIMEOUT=5 +#GRUB_TIMEOUT_STYLE=menu + +# Append parameters to the linux kernel command line +#GRUB_CMDLINE_LINUX="" +# +# Examples: +# +# Boot with network interface renaming disabled +# GRUB_CMDLINE_LINUX="net.ifnames=0" +# +# Boot with systemd instead of sysvinit (openrc) +# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd" + +# Append parameters to the linux kernel command line for non-recovery entries +#GRUB_CMDLINE_LINUX_DEFAULT="" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal. +# Note that you can use only modes which your graphic card supports via VBE. +# You can see them in real GRUB with the command `vbeinfo'. +#GRUB_GFXMODE=640x480 + +# Set to 'text' to force the Linux kernel to boot in normal text +# mode, 'keep' to preserve the graphics mode set using +# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular +# graphics mode, or a sequence of these separated by commas or +# semicolons to try several modes in sequence. +#GRUB_GFXPAYLOAD_LINUX= + +# Path to theme spec txt file. +# The starfield is by default provided with use truetype. +# NOTE: when enabling custom theme, ensure you have required font/etc. +#GRUB_THEME="/boot/grub/themes/starfield/theme.txt" + +# Background image used on graphical terminal. +# Can be in various bitmap formats. +#GRUB_BACKGROUND="/boot/grub/mybackground.png" + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY=true + +# Uncomment to disable generation of the submenu and put all choices on +# the top-level menu. +# Besides the visual affect of no sub menu, this makes navigation of the +# menu easier for a user who can't see the screen. +#GRUB_DISABLE_SUBMENU=y + +# Uncomment to play a tone when the main menu is displayed. +# This is useful, for example, to allow users who can't see the screen +# to know when they can make a choice on the menu. +#GRUB_INIT_TUNE="60 800 1" |