grub2: update to 2.06-rc1 (#6855)

* grub2: update to 2.06-rc1 When building GRUB with binutils 2.35.2 or later, an error occurs due to a section .note.gnu.property that is placed at an offset such that objcopy needs to pad the img file with zeros. This in turn causes the following error: "error: Decompressor is too big.". The fix accepted by upstream patches a python script that isn't executed at all when building GRUB with OpenWrt buildroot. There's another patch that patches the files generated by that python script directly, but by including it we would deviate further from upstream. Instead of doing that, simply bump to the latest release candidate. As one of the fixes for the CVEs causes grub to crash on some x86 hardware using legacy BIOS when compiled with -O2, filter -O2 and -O3 out of TARGET_CFLAGS. Fixes the following CVEs: - CVE-2020-14372 - CVE-2020-25632 - CVE-2020-25647 - CVE-2020-27749 - CVE-2020-27779 - CVE-2021-3418 - CVE-2021-20225 - CVE-2021-20233 Runtime-tested on x86/64. Fixes: FS#3790 Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> * grub2: disable liblzma dependency Florian Ekert reported: "I have build a fresh master branch recently, Since your last change [1] on grub2, I have now a new dependency on liblzma for the install package grub2-editenv. root@st-dev-07 /usr/lib # ldd /root/grub-editenv /lib/ld-musl-x86_64.so.1 (0x7f684b088000) liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f684b06d000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f684b059000) libc.so => /lib/ld-musl-x86_64.so.1 (0x7f684b088000) This was not the case before your update. root@st-dev-07 /usr/sbin # ldd /usr/sbin/grub-editenv /lib/ld-musl-x86_64.so.1 (0x7fd970176000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fd970162000) libc.so => /lib/ld-musl-x86_64.so.1 (0x7fd970176000) My build complains that it cannot satisfy the runtime package dependency for grub2-editenv. install -d -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin install -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/grub-editenv /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin/ find /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv -name 'CVS' -o -name '.svn' -o -name '.#*' -o -name '*~'| xargs -r rm -rf Package grub2-editenv is missing dependencies for the following libraries: liblzma.so.5 make[2]: *** [Makefile:166: /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/bin/APOS/feckert/master/master-Maggie-455-ga5edc0e8e/x86_64/targets/x86/64/packages/grub2-editenv_2.06~rc1-1_x86_64.ipk] Error 1 make[2]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/package/boot/grub2' time: package/boot/grub2/pc/compile#78.64#9.79#83.88 ERROR: package/boot/grub2 failed to build (build variant: pc). make[1]: *** [package/Makefile:116: package/boot/grub2/compile] Error 1 make[1]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt' make: *** [/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/include/toplevel.mk:230: package/boot/grub2/compile] Error 2 If I add the following changes to the package all works as expected. <snip> - DEPENDS:=@TARGET_x86 + DEPENDS:=@TARGET_x86 +liblzma VARIANT:=pc endef This is a hotfix but I dont´t think this is the final solution, because lzma is provided by the package xz. And This is maintained in the package feed [not the core]" Dirk stated & offered his patch to disable liblzma and thus resolve the 'out of core dependency' problem: "LZMA is used in mkimage.c disabling it prints Without liblzma (no support for XZ-compressed mips images) (explicitly disabled) (see configure.ac) liblzma is autodetected so this issue was present but hidden somehow [unsure: grep/image generation does not use grub with that option] OpenWrt does not use that feature currently [!] some scripts and examples use --compression=xz or -C xz and those will break grub has an internal xzlib for different "lzma" functionality (ext. LIBLZMA from XZ (GRUB_COMPRESSION_XZ) vs. GRUB_COMPRESSION_LZMA)" Hopefully fixes e74d81e and doesn't break anything else. Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name> [include Florian's description of how problem 1st encountered] [bump package release] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be> Co-authored-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
2025-04-16 04:13:31 +00:00 · 2021-05-22 12:07:40 +08:00 · 2021-05-22 12:07:40 +08:00 · 678606b603
commit 678606b603
parent 79b427589c
3 changed files with 50 additions and 79 deletions
--- a/package/boot/grub2/Makefile
+++ b/package/boot/grub2/Makefile
@ -10,12 +10,12 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=grub
 PKG_CPE_ID:=cpe:/a:gnu:grub2
-PKG_VERSION:=2.04
+PKG_VERSION:=2.06~rc1
-PKG_RELEASE:=3
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@GNU/grub
+PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub
-PKG_HASH:=e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d
+PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484
 HOST_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=grub2/host
@ -65,6 +65,7 @@ CONFIGURE_ARGS += \
 	--disable-nls \
 	--disable-device-mapper \
 	--disable-libzfs \
 	--disable-liblzma \
 	--disable-grub-mkfont \
 	--with-platform=$(BUILD_VARIANT)
@ -84,7 +85,7 @@ HOST_MAKE_FLAGS += \
 	TARGET_RANLIB=$(TARGET_RANLIB) \
 	LIBLZMA=$(STAGING_DIR_HOST)/lib/liblzma.a
-TARGET_CFLAGS := $(filter-out -fno-plt,$(TARGET_CFLAGS))
+TARGET_CFLAGS := $(filter-out -O2 -O3 -fno-plt,$(TARGET_CFLAGS))
 define Host/Configure
 	$(SED) 's,(RANLIB),(TARGET_RANLIB),' $(HOST_BUILD_DIR)/grub-core/Makefile.in
--- a/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
+++ b/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
@ -1,31 +0,0 @@
 From: David Michael <fedora.dm0@gmail.com>
 Date: Fri, 5 Jul 2019 07:45:59 -0400
 Subject: [PATCH] verifiers: Blocklist fallout cleanup
 Blocklist fallout cleanup after commit 5c6f9bc15 (generic/blocklist: Fix
 implicit declaration of function grub_file_filter_disable_compression()).
 Signed-off-by: David Michael <fedora.dm0@gmail.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 ---
 --- a/grub-core/osdep/generic/blocklist.c
 +++ b/grub-core/osdep/generic/blocklist.c
@@ -59,7 +59,7 @@ grub_install_get_blocklist (grub_device_
       grub_disk_cache_invalidate_all ();
 -      file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
 +      file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
       if (file)
 	{
 	  if (grub_file_size (file) != core_size)
@@ -116,7 +116,7 @@ grub_install_get_blocklist (grub_device_
   grub_file_t file;
   /* Now read the core image to determine where the sectors are.  */
 -  file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
 +  file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
   if (! file)
     grub_util_error ("%s", grub_errmsg);
--- a/package/boot/grub2/patches/100-grub_setup_root.patch
+++ b/package/boot/grub2/patches/100-grub_setup_root.patch
@ -1,3 +1,41 @@
 --- a/include/grub/util/install.h
 +++ b/include/grub/util/install.h
@@ -198,13 +198,13 @@ grub_install_get_image_target (const cha
 void
 grub_util_bios_setup (const char *dir,
 		      const char *boot_file, const char *core_file,
 -		      const char *dest, int force,
 +		      const char *root, const char *dest, int force,
 		      int fs_probe, int allow_floppy,
 		      int add_rs_codes, int warn_short_mbr_gap);
 void
 grub_util_sparc_setup (const char *dir,
 		       const char *boot_file, const char *core_file,
 -		       const char *dest, int force,
 +		       const char *root, const char *dest, int force,
 		       int fs_probe, int allow_floppy,
 		       int add_rs_codes, int warn_short_mbr_gap);
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
@@ -1720,7 +1720,7 @@ main (int argc, char *argv[])
 	/*  Now perform the installation.  */
 	if (install_bootsector)
 	  grub_util_bios_setup (platdir, "boot.img", "core.img",
 -				install_drive, force,
 +				NULL, install_drive, force,
 				fs_probe, allow_floppy, add_rs_codes,
 				!grub_install_is_short_mbrgap_supported ());
 	break;
@@ -1747,7 +1747,7 @@ main (int argc, char *argv[])
 	/*  Now perform the installation.  */
 	if (install_bootsector)
 	  grub_util_sparc_setup (platdir, "boot.img", "core.img",
 -				 install_drive, force,
 +				 NULL, install_drive, force,
 				 fs_probe, allow_floppy,
 				 0 /* unused */, 0 /* unused */ );
 	break;
 --- a/util/grub-setup.c
 +++ b/util/grub-setup.c
@@ -87,6 +87,8 @@ static struct argp_option options[] = {
@ -38,18 +76,19 @@
 -		   dest_dev, arguments.force,
 +		   arguments.root_dev, dest_dev, arguments.force,
 		   arguments.fs_probe, arguments.allow_floppy,
- 		   arguments.add_rs_codes);
+ 		   arguments.add_rs_codes, 0);
 --- a/util/setup.c
 +++ b/util/setup.c
-@@ -252,13 +252,12 @@ identify_partmap (grub_disk_t disk __att
+@@ -252,14 +252,13 @@ identify_partmap (grub_disk_t disk __att
 void
 SETUP (const char *dir,
        const char *boot_file, const char *core_file,
 -       const char *dest, int force,
 +       const char *root, const char *dest, int force,
        int fs_probe, int allow_floppy,
-        int add_rs_codes __attribute__ ((unused))) /* unused on sparc64 */
+        int add_rs_codes __attribute__ ((unused)), /* unused on sparc64 */
        int warn_small)
 {
   char *core_path;
   char *boot_img, *core_img, *boot_path;
@ -57,7 +96,7 @@
   size_t boot_size, core_size;
   grub_uint16_t core_sectors;
   grub_device_t root_dev = 0, dest_dev, core_dev;
-@@ -307,7 +306,10 @@ SETUP (const char *dir,
+@@ -311,7 +310,10 @@ SETUP (const char *dir,
   core_dev = dest_dev;
@ -69,7 +108,7 @@
     char **root_devices = grub_guess_root_devices (dir);
     char **cur;
     int found = 0;
-@@ -320,6 +322,8 @@ SETUP (const char *dir,
+@@ -324,6 +326,8 @@ SETUP (const char *dir,
 	char *drive;
 	grub_device_t try_dev;
@ -78,41 +117,3 @@
 	drive = grub_util_get_grub_dev (*cur);
 	if (!drive)
 	  continue;
 --- a/include/grub/util/install.h
 +++ b/include/grub/util/install.h
@@ -191,13 +191,13 @@ grub_install_get_image_target (const cha
 void
 grub_util_bios_setup (const char *dir,
 		      const char *boot_file, const char *core_file,
 -		      const char *dest, int force,
 +		      const char *root, const char *dest, int force,
 		      int fs_probe, int allow_floppy,
 		      int add_rs_codes);
 void
 grub_util_sparc_setup (const char *dir,
 		       const char *boot_file, const char *core_file,
 -		       const char *dest, int force,
 +		       const char *root, const char *dest, int force,
 		       int fs_probe, int allow_floppy,
 		       int add_rs_codes);
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
@@ -1712,7 +1712,7 @@ main (int argc, char *argv[])
 	/*  Now perform the installation.  */
 	if (install_bootsector)
 	  grub_util_bios_setup (platdir, "boot.img", "core.img",
 -				install_drive, force,
 +				NULL, install_drive, force,
 				fs_probe, allow_floppy, add_rs_codes);
 	break;
       }
@@ -1738,7 +1738,7 @@ main (int argc, char *argv[])
 	/*  Now perform the installation.  */
 	if (install_bootsector)
 	  grub_util_sparc_setup (platdir, "boot.img", "core.img",
 -				 install_drive, force,
 +				 NULL, install_drive, force,
 				 fs_probe, allow_floppy,
 				 0 /* unused */ );
 	break;