summaryrefslogtreecommitdiffstats
path: root/resources/grub
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2016-02-20 23:23:55 (EST)
committer Francis Rowe <info@gluglug.org.uk>2016-02-20 23:23:55 (EST)
commitd4f967a1a5aecf96518e32987a2a3e9ae3795ded (patch)
tree99d18dd6970155227cf731e7a32e19edad8f45dd /resources/grub
parent1d4ecda3f59df844d28c93cc756a447adb65ce16 (diff)
downloadlibreboot-d4f967a1a5aecf96518e32987a2a3e9ae3795ded.zip
libreboot-d4f967a1a5aecf96518e32987a2a3e9ae3795ded.tar.gz
libreboot-d4f967a1a5aecf96518e32987a2a3e9ae3795ded.tar.bz2
Update to latest GRUB
secfix directory removed (patches merged upstream)
Diffstat (limited to 'resources/grub')
-rw-r--r--resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch8
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch4
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch4
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch4
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch4
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch4
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch4
-rw-r--r--resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch6
-rw-r--r--resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch8
-rw-r--r--resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch16
-rw-r--r--resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch45
11 files changed, 31 insertions, 76 deletions
diff --git a/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch b/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch
index a3b10d4..4523a12 100644
--- a/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch
+++ b/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch
@@ -1,15 +1,15 @@
-From f56cc3dc534db469905a4ff33a40e18b4481876e Mon Sep 17 00:00:00 2001
+From f93359e10e720673466fa52ac4814619b3bddc06 Mon Sep 17 00:00:00 2001
From: Francis Rowe <info@gluglug.org.uk>
Date: Sat, 14 Feb 2015 01:24:23 +0000
-Subject: [PATCH] grub-core/normal/main.c: Display "FREE AS IN FREEDOM", not
- version
+Subject: [PATCH 01/11] grub-core/normal/main.c: Display "FREE AS IN FREEDOM",
+ not version
---
grub-core/normal/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
-index 623b93b..659e241 100644
+index 78a70a8..982bde3 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term,
diff --git a/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch b/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch
index fa3c805..8fdb7b4 100644
--- a/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch
@@ -1,7 +1,7 @@
-From bc2a23386d123d37510c3cff1f7e607e7cf49cb1 Mon Sep 17 00:00:00 2001
+From f19bd8a206682a0d8c8c9650b2d4d171a67a9c1f Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Tue, 23 Jun 2015 11:16:30 +0100
-Subject: [PATCH 1/6] Cryptomount support LUKS detached header
+Subject: [PATCH 02/11] Cryptomount support LUKS detached header
---
grub-core/disk/cryptodisk.c | 22 ++++++++++++++++++----
diff --git a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
index 1fe6ef3..ef6f1e2 100644
--- a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
@@ -1,7 +1,7 @@
-From 2883046688f91bd86cfc2d2c38ca53b65e201795 Mon Sep 17 00:00:00 2001
+From 641ff2b2aa380c0b9adbc025eb4af3a0217b577b Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Fri, 26 Jun 2015 13:37:10 +0100
-Subject: [PATCH 2/6] Cryptomount support key files
+Subject: [PATCH 03/11] Cryptomount support key files
---
grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-
diff --git a/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch b/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
index e68e5c6..252f76f 100644
--- a/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch
@@ -1,7 +1,7 @@
-From f32a31fd6279114af604a1b4cc33af8d377d2e29 Mon Sep 17 00:00:00 2001
+From b761dd8c48075a285f89ed439a0870879fde6c6e Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Fri, 26 Jun 2015 13:49:58 +0100
-Subject: [PATCH 3/6] Cryptomount luks allow multiple passphrase attempts
+Subject: [PATCH 04/11] Cryptomount luks allow multiple passphrase attempts
---
grub-core/disk/luks.c | 278 ++++++++++++++++++++++++++------------------------
diff --git a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch b/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch
index f35a393..77722ba 100644
--- a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch
@@ -1,7 +1,7 @@
-From 590e1f484d0e9618882db07786251cdaf6669e9d Mon Sep 17 00:00:00 2001
+From a20258f8afbb3c9e1b3c6735126e7c720fa2459a Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Fri, 26 Jun 2015 22:09:52 +0100
-Subject: [PATCH 4/6] Cryptomount support plain dm-crypt
+Subject: [PATCH 05/11] Cryptomount support plain dm-crypt
---
grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++-
diff --git a/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch b/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch
index 8d49361..a6ccc07 100644
--- a/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch
@@ -1,7 +1,7 @@
-From ec936adca3370995a5ed5c6e5e99c6e8fa5c25ef Mon Sep 17 00:00:00 2001
+From 6d9ac49d116325c9d29633002ca204f56e8c57f5 Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Fri, 26 Jun 2015 22:48:03 +0100
-Subject: [PATCH 5/6] Cryptomount support for hyphens in UUID
+Subject: [PATCH 06/11] Cryptomount support for hyphens in UUID
---
grub-core/disk/cryptodisk.c | 20 +++++++++++++++++---
diff --git a/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch b/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch
index 8b94ba4..4ff958c 100644
--- a/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch
+++ b/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch
@@ -1,7 +1,7 @@
-From 10d0f5aebea928cc42f6b65598c70343bb6899ca Mon Sep 17 00:00:00 2001
+From 1d3e995f587369b8de6c4a10fe3a7bb0d6ec6ee1 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <contact@autoboot.org>
Date: Tue, 15 Sep 2015 16:00:03 +0200
-Subject: [PATCH 6/6] grub-core/disk/cryptodisk.c: Point to const char
+Subject: [PATCH 07/11] grub-core/disk/cryptodisk.c: Point to const char
---
grub-core/disk/cryptodisk.c | 2 +-
diff --git a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch
index c19dd06..939512a 100644
--- a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch
+++ b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch
@@ -1,8 +1,8 @@
-From bf482ae6b4ff54265294e138ac73e8a716023f79 Mon Sep 17 00:00:00 2001
+From 21ae195006adf67a6c6a0de007e7149e6d3dbcf3 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Fri, 4 Dec 2015 17:10:42 +0100
-Subject: [PATCH 1/3] mkstandalone: add argument --fixed-time to override mtime
- of files
+Subject: [PATCH 08/11] mkstandalone: add argument --fixed-time to override
+ mtime of files
mkstandalone adds several files to an archive. Doing this it uses the
mtime to give these files a timestamp.
diff --git a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch
index 24ac1d3..3d3ab6e 100644
--- a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch
+++ b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch
@@ -1,7 +1,7 @@
-From aeb2681fdf889be9725ab8d64896fade960f8bd1 Mon Sep 17 00:00:00 2001
+From 1ad8a4c5d0d6003954d37c4f7eeca0514971f8b4 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Fri, 4 Dec 2015 17:10:43 +0100
-Subject: [PATCH 2/3] mkrescue: add argument --fixed-time to get reproducible
+Subject: [PATCH 09/11] mkrescue: add argument --fixed-time to get reproducible
uuids
The uuid generation is based on the time.
@@ -10,7 +10,7 @@ The uuid generation is based on the time.
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
-index 4511826..164c4e1 100644
+index 238d484..a3e0155 100644
--- a/util/grub-mkrescue.c
+++ b/util/grub-mkrescue.c
@@ -52,6 +52,7 @@ static int xorriso_arg_alloc;
@@ -54,7 +54,7 @@ index 4511826..164c4e1 100644
default:
return ARGP_ERR_UNKNOWN;
}
-@@ -541,7 +554,7 @@ main (int argc, char *argv[])
+@@ -542,7 +555,7 @@ main (int argc, char *argv[])
{
time_t tim;
struct tm *tmm;
diff --git a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch
index c91dcdd..4386f0f 100644
--- a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch
+++ b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch
@@ -1,7 +1,7 @@
-From 0a19e32fbb62df69e0dfeb80f0a0672b09930f00 Mon Sep 17 00:00:00 2001
+From 58d54ff1514d83d9e4f77d4374635b1bf705ed81 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Fri, 4 Dec 2015 17:10:44 +0100
-Subject: [PATCH 3/3] Makefile: use FIXED_TIMESTAMP for mkstandalone if set
+Subject: [PATCH 10/11] Makefile: use FIXED_TIMESTAMP for mkstandalone if set
mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp.
This makes it possible to build reproducible builds for coreboot.
@@ -13,15 +13,15 @@ make default_payload.elf FIXED_TIMESTAMP=1134242
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
-index 994ebbd..37a7cc4 100644
+index 288e621..6c786b7 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -403,7 +403,7 @@ bootcheck: $(BOOTCHECKS)
-
+@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS)
if COND_i386_coreboot
- default_payload.elf: grub-mkstandalone grub-mkimage
-- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg
-+ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP))
+ default_payload.elf: grub-mkstandalone grub-mkimage FORCE
+ rm $@
+- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg
++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP))
endif
endif
diff --git a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
deleted file mode 100644
index 5701b54..0000000
--- a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
-From: Hector Marco-Gisbert <hecmargi@upv.es>
-Date: Fri, 13 Nov 2015 16:21:09 +0100
-Subject: [PATCH] Fix security issue when reading username and password
-
- This patch fixes two integer underflows at:
- * grub-core/lib/crypto.c
- * grub-core/normal/auth.c
-
-Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
-Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
----
- grub-core/lib/crypto.c | 2 +-
- grub-core/normal/auth.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
-index 010e550..524a3d8 100644
---- a/grub-core/lib/crypto.c
-+++ b/grub-core/lib/crypto.c
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
- break;
- }
-
-- if (key == '\b')
-+ if (key == '\b' && cur_len)
- {
- cur_len--;
- continue;
-diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
-index c6bd96e..5782ec5 100644
---- a/grub-core/normal/auth.c
-+++ b/grub-core/normal/auth.c
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
- break;
- }
-
-- if (key == '\b')
-+ if (key == '\b' && cur_len)
- {
- cur_len--;
- grub_printf ("\b");
---
-1.9.1
-
generated by cgit v0.9.1 at 2024-06-18 08:27:38 (EDT)