grub2: bump to 2.06-rc1

When building GRUB with binutils 2.35.2 or later, an error occurs due to
a section .note.gnu.property that is placed at an offset such that
objcopy needs to pad the img file with zeros. This in turn causes the
following error: "error: Decompressor is too big.".

The fix accepted by upstream patches a python script that isn't executed
at all when building GRUB with OpenWrt buildroot. There's another patch
that patches the files generated by that python script directly, but by
including it we would deviate further from upstream. Instead of doing
that, simply bump to the latest release candidate.

As one of the fixes for the CVEs causes grub to crash on some x86
hardware using legacy BIOS when compiled with -O2, filter -O2 and
-O3 out of TARGET_CFLAGS.

Fixes the following CVEs:
- CVE-2020-14372
- CVE-2020-25632
- CVE-2020-25647
- CVE-2020-27749
- CVE-2020-27779
- CVE-2021-3418
- CVE-2021-20225
- CVE-2021-20233

Runtime-tested on x86/64.

Fixes: FS#3790
Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile
index 46e3597cc242d4056f14466485251e3347f0f065..b3cb5e076f10a91a5f3f98a4a6d7431fb57bb04d 100644 (file)
--- a/package/boot/grub2/Makefile
+++ b/package/boot/grub2/Makefile
@@ -10,12 +10,12 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=grub
 PKG_CPE_ID:=cpe:/a:gnu:grub2
-PKG_VERSION:=2.04
-PKG_RELEASE:=3
+PKG_VERSION:=2.06~rc1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@GNU/grub
-PKG_HASH:=e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d
+PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub
+PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484
 
 HOST_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=grub2/host
@@ -84,7 +84,7 @@ HOST_MAKE_FLAGS += \
        TARGET_RANLIB=$(TARGET_RANLIB) \
        LIBLZMA=$(STAGING_DIR_HOST)/lib/liblzma.a
 
-TARGET_CFLAGS := $(filter-out -fno-plt,$(TARGET_CFLAGS))
+TARGET_CFLAGS := $(filter-out -O2 -O3 -fno-plt,$(TARGET_CFLAGS))
 
 define Host/Configure
        $(SED) 's,(RANLIB),(TARGET_RANLIB),' $(HOST_BUILD_DIR)/grub-core/Makefile.in

diff --git a/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch b/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
deleted file mode 100644 (file)
index 74d68a6..0000000
--- a/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: David Michael <fedora.dm0@gmail.com>
-Date: Fri, 5 Jul 2019 07:45:59 -0400
-Subject: [PATCH] verifiers: Blocklist fallout cleanup
-
-Blocklist fallout cleanup after commit 5c6f9bc15 (generic/blocklist: Fix
-implicit declaration of function grub_file_filter_disable_compression()).
-
-Signed-off-by: David Michael <fedora.dm0@gmail.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
----
-
---- a/grub-core/osdep/generic/blocklist.c
-+++ b/grub-core/osdep/generic/blocklist.c
-@@ -59,7 +59,7 @@ grub_install_get_blocklist (grub_device_
- 
-       grub_disk_cache_invalidate_all ();
- 
--      file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
-+      file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
-       if (file)
-       {
-         if (grub_file_size (file) != core_size)
-@@ -116,7 +116,7 @@ grub_install_get_blocklist (grub_device_
- 
-   grub_file_t file;
-   /* Now read the core image to determine where the sectors are.  */
--  file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
-+  file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
-   if (! file)
-     grub_util_error ("%s", grub_errmsg);
- 

diff --git a/package/boot/grub2/patches/100-grub_setup_root.patch b/package/boot/grub2/patches/100-grub_setup_root.patch
index df671bc9d24c245c2abd4dc1ffb1df5be694d0a6..e075d052cbc2f0cacf2d2df522d933dacec49ca0 100644 (file)
--- a/package/boot/grub2/patches/100-grub_setup_root.patch
+++ b/package/boot/grub2/patches/100-grub_setup_root.patch
@@ -1,3 +1,41 @@
+--- a/include/grub/util/install.h
++++ b/include/grub/util/install.h
+@@ -198,13 +198,13 @@ grub_install_get_image_target (const cha
+ void
+ grub_util_bios_setup (const char *dir,
+                     const char *boot_file, const char *core_file,
+-                    const char *dest, int force,
++                    const char *root, const char *dest, int force,
+                     int fs_probe, int allow_floppy,
+                     int add_rs_codes, int warn_short_mbr_gap);
+ void
+ grub_util_sparc_setup (const char *dir,
+                      const char *boot_file, const char *core_file,
+-                     const char *dest, int force,
++                     const char *root, const char *dest, int force,
+                      int fs_probe, int allow_floppy,
+                      int add_rs_codes, int warn_short_mbr_gap);
+ 
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -1720,7 +1720,7 @@ main (int argc, char *argv[])
+       /*  Now perform the installation.  */
+       if (install_bootsector)
+         grub_util_bios_setup (platdir, "boot.img", "core.img",
+-                              install_drive, force,
++                              NULL, install_drive, force,
+                               fs_probe, allow_floppy, add_rs_codes,
+                               !grub_install_is_short_mbrgap_supported ());
+       break;
+@@ -1747,7 +1747,7 @@ main (int argc, char *argv[])
+       /*  Now perform the installation.  */
+       if (install_bootsector)
+         grub_util_sparc_setup (platdir, "boot.img", "core.img",
+-                               install_drive, force,
++                               NULL, install_drive, force,
+                                fs_probe, allow_floppy,
+                                0 /* unused */, 0 /* unused */ );
+       break;
 --- a/util/grub-setup.c
 +++ b/util/grub-setup.c
 @@ -87,6 +87,8 @@ static struct argp_option options[] = {
@@ -38,18 +76,19 @@
 -                 dest_dev, arguments.force,
 +                 arguments.root_dev, dest_dev, arguments.force,
                   arguments.fs_probe, arguments.allow_floppy,
-                  arguments.add_rs_codes);
+                  arguments.add_rs_codes, 0);
  
 --- a/util/setup.c
 +++ b/util/setup.c
-@@ -252,13 +252,12 @@ identify_partmap (grub_disk_t disk __att
+@@ -252,14 +252,13 @@ identify_partmap (grub_disk_t disk __att
  void
  SETUP (const char *dir,
         const char *boot_file, const char *core_file,
 -       const char *dest, int force,
 +       const char *root, const char *dest, int force,
         int fs_probe, int allow_floppy,
-        int add_rs_codes __attribute__ ((unused))) /* unused on sparc64 */
+        int add_rs_codes __attribute__ ((unused)), /* unused on sparc64 */
+        int warn_small)
  {
    char *core_path;
    char *boot_img, *core_img, *boot_path;
@@ -57,7 +96,7 @@
    size_t boot_size, core_size;
    grub_uint16_t core_sectors;
    grub_device_t root_dev = 0, dest_dev, core_dev;
-@@ -307,7 +306,10 @@ SETUP (const char *dir,
+@@ -311,7 +310,10 @@ SETUP (const char *dir,
  
    core_dev = dest_dev;
  
@@ -69,7 +108,7 @@
      char **root_devices = grub_guess_root_devices (dir);
      char **cur;
      int found = 0;
-@@ -320,6 +322,8 @@ SETUP (const char *dir,
+@@ -324,6 +326,8 @@ SETUP (const char *dir,
        char *drive;
        grub_device_t try_dev;
  
@@ -78,41 +117,3 @@
        drive = grub_util_get_grub_dev (*cur);
        if (!drive)
          continue;
---- a/include/grub/util/install.h
-+++ b/include/grub/util/install.h
-@@ -191,13 +191,13 @@ grub_install_get_image_target (const cha
- void
- grub_util_bios_setup (const char *dir,
-                     const char *boot_file, const char *core_file,
--                    const char *dest, int force,
-+                    const char *root, const char *dest, int force,
-                     int fs_probe, int allow_floppy,
-                     int add_rs_codes);
- void
- grub_util_sparc_setup (const char *dir,
-                      const char *boot_file, const char *core_file,
--                     const char *dest, int force,
-+                     const char *root, const char *dest, int force,
-                      int fs_probe, int allow_floppy,
-                      int add_rs_codes);
- 
---- a/util/grub-install.c
-+++ b/util/grub-install.c
-@@ -1712,7 +1712,7 @@ main (int argc, char *argv[])
-       /*  Now perform the installation.  */
-       if (install_bootsector)
-         grub_util_bios_setup (platdir, "boot.img", "core.img",
--                              install_drive, force,
-+                              NULL, install_drive, force,
-                               fs_probe, allow_floppy, add_rs_codes);
-       break;
-       }
-@@ -1738,7 +1738,7 @@ main (int argc, char *argv[])
-       /*  Now perform the installation.  */
-       if (install_bootsector)
-         grub_util_sparc_setup (platdir, "boot.img", "core.img",
--                               install_drive, force,
-+                               NULL, install_drive, force,
-                                fs_probe, allow_floppy,
-                                0 /* unused */ );
-       break;