Commit Graph

40 Commits

Author SHA1 Message Date
Dirk Neukirchen
2c9537e274 grub2: update to 2.06
-300-CVE-2015-8370.patch is upstreamed with different code
(upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2)

- fixup OpenWrts setup_root patch

compile tested: x86_64,i386
runtime tested: VM x86_64,VM i386

- booted fine
- grub-editenv worked

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
2021-06-21 09:02:26 -10:00
李国
e4723755f2 grub2: pass compilation parameters more accurately
In order for the grub2 boot-related code to compile normally, we have
made many adjustments to the compilation parameters. These adjustments
are not necessary for tools-related code. We apply these parameter
adjustments only to the boot-related code.

Signed-off-by: 李国 <uxgood.org@gmail.com>
2021-06-20 13:34:27 -10:00
李国
ca94104136 grub2: make grub2 tools built in a separate variant
grub2 boot-related code and tools-related code may require different
compilation parameters. We split them into different variants for
compilation, so that we can accurately pass the required parameters and
avoid causing problems.

Signed-off-by: 李国 <uxgood.org@gmail.com>
2021-06-20 13:31:09 -10:00
李国
5876d6a62f grub2: make grub2-bios-setup as a separate package
The grub2 and grub2-efi packages should only contain boot-related code.
grub-bios-setup is the same as grub-editenv, they are both grub2 tools
and should be placed in a separate package.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[use AUTORELEASE and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-06-20 13:23:42 -10:00
Dirk Neukirchen
622f8ef577 grub2: disable liblzma dependency
Florian Ekert reported:

"I have build a fresh master branch recently, Since your last change [1]
on grub2, I have now a new dependency on liblzma for the install package
grub2-editenv.

root@st-dev-07 /usr/lib # ldd /root/grub-editenv
       /lib/ld-musl-x86_64.so.1 (0x7f684b088000)
       liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f684b06d000)
       libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f684b059000)
       libc.so => /lib/ld-musl-x86_64.so.1 (0x7f684b088000)

This was not the case before your update.

root@st-dev-07 /usr/sbin # ldd /usr/sbin/grub-editenv
       /lib/ld-musl-x86_64.so.1 (0x7fd970176000)
       libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fd970162000)
       libc.so => /lib/ld-musl-x86_64.so.1 (0x7fd970176000)

My build complains that it cannot satisfy the runtime package dependency
for grub2-editenv.

install -d -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin
install -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/grub-editenv /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin/
find /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv -name 'CVS' -o -name '.svn' -o -name '.#*' -o -name '*~'| xargs -r rm -rf
Package grub2-editenv is missing dependencies for the following libraries:
liblzma.so.5
make[2]: *** [Makefile:166: /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/bin/APOS/feckert/master/master-Maggie-455-ga5edc0e8e/x86_64/targets/x86/64/packages/grub2-editenv_2.06~rc1-1_x86_64.ipk] Error 1
make[2]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/package/boot/grub2'
time: package/boot/grub2/pc/compile#78.64#9.79#83.88
   ERROR: package/boot/grub2 failed to build (build variant: pc).
make[1]: *** [package/Makefile:116: package/boot/grub2/compile] Error 1
make[1]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt'
make: *** [/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/include/toplevel.mk:230: package/boot/grub2/compile] Error 2

If I add the following changes to the package all works as expected.

<snip>
-  DEPENDS:=@TARGET_x86
+  DEPENDS:=@TARGET_x86 +liblzma
  VARIANT:=pc
endef

This is a hotfix but I dont´t think this is the final solution, because lzma is provided by the package xz.
And This is maintained in the package feed [not the core]"

Dirk stated & offered his patch to disable liblzma and thus resolve the
'out of core dependency' problem:

"LZMA is used in mkimage.c
disabling it prints
Without liblzma (no support for XZ-compressed mips images) (explicitly disabled)
(see configure.ac)

liblzma is autodetected so this issue was present but hidden somehow

[unsure: grep/image generation does not use grub with that option]
OpenWrt does not use that feature currently

[!] some scripts and examples use --compression=xz or -C xz and those will break

grub has an internal xzlib for different "lzma" functionality
(ext. LIBLZMA from XZ (GRUB_COMPRESSION_XZ) vs. GRUB_COMPRESSION_LZMA)"

Hopefully fixes e74d81ece2 and doesn't
break anything else.

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
[include Florian's description of how problem 1st encountered]
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-05-21 09:17:59 +01:00
Stijn Tintel
e74d81ece2 grub2: bump to 2.06-rc1
When building GRUB with binutils 2.35.2 or later, an error occurs due to
a section .note.gnu.property that is placed at an offset such that
objcopy needs to pad the img file with zeros. This in turn causes the
following error: "error: Decompressor is too big.".

The fix accepted by upstream patches a python script that isn't executed
at all when building GRUB with OpenWrt buildroot. There's another patch
that patches the files generated by that python script directly, but by
including it we would deviate further from upstream. Instead of doing
that, simply bump to the latest release candidate.

As one of the fixes for the CVEs causes grub to crash on some x86
hardware using legacy BIOS when compiled with -O2, filter -O2 and
-O3 out of TARGET_CFLAGS.

Fixes the following CVEs:
- CVE-2020-14372
- CVE-2020-25632
- CVE-2020-25647
- CVE-2020-27749
- CVE-2020-27779
- CVE-2021-3418
- CVE-2021-20225
- CVE-2021-20233

Runtime-tested on x86/64.

Fixes: FS#3790

Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-05-16 04:00:29 +03:00
Kevin Darbyshire-Bryant
fcd1401700 grub2: fix build when ASLR enabled
Disable ASLR and filter '-fno-plt' from CFLAGS: solves building when
ASLR enabled by basically disabling ASLR.

Solves errors similar to:
relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
or
module missing GLOBAL_OFFSET_TABLE

Suggested-by: 李国 <uxgood.org@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-02 13:42:26 +01:00
李国
d9228514cc grub2: make some change to add efi platform support
1.generate boot image at Package/install section
2.move boot image to $(STAGING_DIR_IMAGE)/grub2/
3.add efi variant to support efi platform

Signed-off-by: 李国 <uxgood.org@gmail.com>
2020-03-31 16:20:47 +02:00
Paul Spooren
5a5df62d95 x86/grub2: move grub2 image creation to package
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Tomasz Maciej Nowak
b322243d2f x86: add bootloader upgrade on sysupgrade
Currently bootloader always stays on the same version as when first
written to boot medium (not true if partition layout changed, which will
trigger sysupgrade process to write full disk image). That creates
inconveniences as it always stays with same features or/and bugs. Users
wishing to add support to additional modules or new version, would need
to write the whole image, potentially destroying previous system
configuration. To fix these, this commit adds additional routine to
sysupgrade which upgrades unconditionally the bootloader to the latest
state provided by OpenWrt.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-01 21:36:00 +01:00
Tomasz Maciej Nowak
3fa0f32a68 grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-09-01 18:38:05 +02:00
Tomasz Maciej Nowak
bb0e4f9fb0 build: remove leftovers from previous x86 commits
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6  image: use internal qemu-img for vmdk and vdi images drop host
         dependencies on qemu-utils and VirtualBox

Unreachable config symbols:
9e0759e  x86: merge all geode based subtargets into one

No need to define those symbols since x86_64 is subtarget of x86:
196fb76  x86: make x86_64 a subtarget instead of a standalone target

Unreachable config symbols, so remove GRUB_ROOT:
371b382  x86: remove the xen_domu subtarget

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-02-17 18:22:40 +01:00
Philip Prindeville
a6d02a7572 grub2: fix regression caused by binutils-2.31.1
grub-efi no longer works:

grub-mkimage: error: relocation 0x4 is not implemented yet.

See:

http://git.savannah.gnu.org/cgit/grub.git/commit/util?id=842c390469e2c2e10b5aa36700324cd3bde25875

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>i [PKG_RELEASE increase]
2018-10-25 16:51:42 +02:00
Rosen Penev
7e73e9128f grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:53 +02:00
Felix Fietkau
1b13cbc15b grub2: disable building platform code for target utility
It is not used and it was causing a build error with GCC 7.3

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 09:30:22 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Alif M. Ahmad
415c47de79 package/grub2: update to 2.02
Update to version 2.02

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-06-07 18:31:10 +02:00
Alif M. Ahmad
ffd055d5bb grub2: update to 2.02~rc2
Update to version 2.02~rc2.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-04-12 11:24:57 +02:00
Alif M. Ahmad
399cbbd127 grub2: update to 2.02~rc1
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-02-26 13:31:32 +01:00
Mathias Kresin
dc5ba0a48a packages: mark packages depending on a target as nonshared
The packages can't be build as shared packages due to the unmet
dependencies.

Fixes FS#418.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-24 09:45:05 +01:00
Alexandru Ardelean
65c8f2890c grub2: upgrade to 2.02-beta3 (3 years newer than previous)
'100-musl-compat.patch' does not seem to be required anymore.
'210-fix_serial_rtscts.patchi' is superseeded by:
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=bac5d1a64ab4191058a8fd4c05f6b3b339e249e7

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-12-20 16:24:21 +01:00
Alexandru Ardelean
2b54fa4dff grub2: do not generate mkfonts at build time
Even though these fonts may not be installed, they seem to be
generated at build time.

Seems that the configure script re-generated from configure.ac
is a bit more annoying than it has to be.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-12-20 16:24:21 +01:00
Alexandru Ardelean
b33845b2da grub2: add PKG_FIXUP:=autoreconf
Reboot of: a0ea22ac43
Reverted: 3c52cbfa53

The host-side build of grub2 requires this sometimes.
This will re-generate the ./configure script from configure.ac.
I don't know the conditions of how this reproduces, it just
sometimes appears, and sometimes doesn't.

Build error
```
<lede-dir>/build_dir/target-x86_64_musl-1.1.15_yogi/host/grub-2.02~beta2/build-aux/missing: line 81: aclocal-1.14: command not found
WARNING: 'aclocal-1.14' is missing on your system.
         You should only need it if you modified 'acinclude.m4' or
         'configure.ac' or m4 files included by 'configure.ac'.
         The 'aclocal' program is part of the GNU Automake package:
         <http://www.gnu.org/software/automake>
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:
         <http://www.gnu.org/software/autoconf>
         <http://www.gnu.org/software/m4/>
         <http://www.perl.org/>
Makefile:3962: recipe for target 'aclocal.m4' failed
```

Adding PKG_FIXUP adds sanity (i.e. autoreconf is used for host & target
builds) over just using HOST_FIXUP.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-12-20 16:24:21 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
John Crispin
3c52cbfa53 Revert "grub2: add PKG_FIXUP:=autoreconf"
this caused build errors on x86

This reverts commit a0ea22ac43.

Signed-off-by: John Crispin <john@phrozen.org>
2016-11-21 16:49:54 +01:00
Alexandru Ardelean
a0ea22ac43 grub2: add PKG_FIXUP:=autoreconf
The host-side build of grub2 requires this sometimes.
This will re-generate the ./configure script from configure.ac.
I don't know the conditions of how this reproduces, it just
sometimes appears, and sometimes doesn't.

Build error
```
<lede-dir>/build_dir/target-x86_64_musl-1.1.15_yogi/host/grub-2.02~beta2/build-aux/missing: line 81: aclocal-1.14: command not found
WARNING: 'aclocal-1.14' is missing on your system.
         You should only need it if you modified 'acinclude.m4' or
         'configure.ac' or m4 files included by 'configure.ac'.
         The 'aclocal' program is part of the GNU Automake package:
         <http://www.gnu.org/software/automake>
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:
         <http://www.gnu.org/software/autoconf>
         <http://www.gnu.org/software/m4/>
         <http://www.perl.org/>
Makefile:3962: recipe for target 'aclocal.m4' failed
```

Adding PKG_FIXUP adds sanity (i.e. autoreconf is used for host & target
builds) over just using HOST_FIXUP.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-11-21 12:54:24 +01:00
Jo-Philipp Wich
f2752f4735 grub2: add missing SECTION variable and remove non breaking space
Fix metadata scan failure in the grub2 package by removing an unexpected
invisible space character and by adding back the missing SECTION variable
which was removed with d140648.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-26 17:53:53 +02:00
Alberto Bursi
d140648622 grub2: move to Boot Loaders category
because boot loaders are in Boot Loaders, not in Utilities -> Boot Loaders

Also moved brub2-editenv in Utilities -> Boot Loaders

Part of a wider housekeeping effort on the packages repository.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-10-26 12:37:45 +02:00
Felix Fietkau
59e3a4714a grub2: switch back to installing to STAGING_DIR_HOST
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48424
2016-01-21 11:46:18 +00:00
Jo-Philipp Wich
9b01282515 grub2: disable stack-protector
- enabling "-fstack-protector" results in build errors
- Upstream explicitly tests & disables it

v2:
- use override

reference: upstream commit baa2a121e004a95a12e2bb7f2419de6625a30c2d

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 46126
2015-06-25 11:20:39 +00:00
Hauke Mehrtens
fcc6f801ca grub: add download mirrors
Add three download mirrors for 'grub', as the Makefile currently defines only
one download location.

@GNU can not be used, as the most recent version of 'grub' is not available
at the general GNU mirrors, and can only be found at the "gnu-alpha" mirrors.

Signed-off-by: Hannu Nyman <hannu.nyman at iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 45909
2015-06-06 13:49:24 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
John Crispin
c890f71b95 package:grub2: fix build error on linux missing libzfs
configure enables libzfs support on default.
This will break the build, on systems without libzfs.

Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>

SVN-Revision: 41935
2014-08-01 11:19:46 +00:00
Felix Fietkau
a558ce7e21 grub2: disable mkfont - fix build on Archlinux
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

SVN-Revision: 40350
2014-03-30 19:55:43 +00:00
Felix Fietkau
fa4d4a62bf grub2: disable libdevmapper - fix build when it's available
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

SVN-Revision: 40349
2014-03-30 19:55:39 +00:00
Felix Fietkau
24095302aa grub2: update to 2.02-beta2, fixes mac os x 10.9 support (and many other things)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39889
2014-03-12 11:21:16 +00:00
Imre Kaloz
7aaa9bc91c add x86_64 target support
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39208
2014-01-07 12:23:35 +00:00
John Crispin
d48ad63b9d grub2: Add sub package grub-editenv for target installation
grub-editenv allows to modify grub2 environment files. Add a new package
that build grub2 for the target and packs up grub-editenv.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 36574
2013-05-07 12:35:07 +00:00
John Crispin
e75106aa0d move boot related packages to their own folder
SVN-Revision: 33781
2012-10-16 13:44:25 +00:00