Hi,
Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes. However, the insmod command is not the only way that
modules can be loaded. In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory. This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.
I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It
moves the check into grub_dl_load_file.
This restrict ARP handling to MAC and IP addresses but in practice we need
only this case anyway and other cases are very rar if exist at all. It makes
code much simpler and less error-prone.
canonicalize_file_name clashed with gnulib function. Additionally
it was declared in 2 places: emu/misc.h and util/misc.h. Added
grub_ prefix and removed second declaration.
libgcc for boot environment isn't always present and compatible.
libgcc is often absent if endianness or bit-size at boot is different
from running OS.
libgcc may use optimised opcodes that aren't available on boot time.
So instead of relying on libgcc shipped with the compiler, supply
the functions in GRUB directly.
Tests are present to ensure that those replacement functions behave the
way compiler expects them to.
Add -msoft-float alongside clang arguments to specify ABI.
Specify ABI in asm files explicitly.
This trigers asm warning due to gcc failing to propagate -msoft-float
but it's tolerable.
Previously we supplied only unsigned divisions on platforms that need software
division.
Yet compiler may itself use a signed division. A typical example would be a
difference between 2 pointers which involves division by object size.
GCC 4.9 also generates R_ARM_THM_MOVW_ABS_NC and R_ARM_THM_MOVT_ABS,
as an alternative to ABS32.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Many routers have long router advertisment interval configured by
default. The Neighbor Discovery protocol (RFC4861) has defined default
MaxRtrAdvInterval value as 600 seconds and
MinRtrAdvInterval as 0.33*MaxRtrAdvInterval. This makes
net_ipv6_autoconf fails more often than not as currently it passively
listens the RA message to perfom address autoconfiguration.
This patch tries to send router solicitation to overcome the problem of
long RA interval.
v2:
use cpu_to_be macro for network byte order conversion
add missing error handling
Basic usage would look something like this:
gptprio.next -d usr_dev -u usr_uuid
linuxefi ($usr_dev)/boot/vmlinuz mount.usr=PARTUUID=$usr_uuid
After booting the system should set the 'successful' bit on the
partition that was used.
In order to do anything with partition GUIDs they need to be stored in a
proper structure like the partition type GUIDs. Additionally add an
initializer macro to simplify defining both GUID types.
The first hint of something practical, a command that can restore any of
the GPT structures from the alternate location. New test case must run
under QEMU because the loopback device used by the other unit tests does
not support writing.
The header location fields refer to 'this header' and 'alternate header'
respectively, not 'primary header' and 'backup header'. The previous
field names are backwards for the backup header.
This module is a new implementation for reading GUID Partition Tables
which is much stricter than the existing part_gpt module and exports GPT
data directly instead of the generic grub_partition structure. It will
be the basis for modules that need to read/write/update GPT data.
The current code does nothing more than read and verify the table.
This makes it possible to build generally-useful utilities such as
grub-mount even if the rest of GRUB has not been ported to the target
CPU.
* configure.ac: Add "none" platform. Default to it for unsupported
CPUs rather than stopping with a fatal error. Don't downgrade
x86_64-none to i386. Define COND_real_platform Automake conditional
if the platform is anything other than "none". Don't do any include
directory linking for "none".
* Makefile.am: Skip building grub-core and all bootcheck targets if
!COND_real_platform.
* include/grub/time.h: Don't include <grub/cpu/time.h> if GRUB_UTIL
is defined.
The AML parser implements only a small subset of possible AML
opcodes. On the Fujitsu Lifebook E744 this and another bug in
the parser (incorrect handling of TermArg data types) would lead
to the laptop not turning off (_S5 not found).
* grub-core/commands/acpihalt.c: Support OpAlias in the AML parser;
in skip_ext_op(), handle some Type2Opcodes more correctly (TermArgs
aren't always simply strings!); Add function to skip TermArgs
* include/grub/acpi.h: Add new opcodes
* configure.ac: Remove -m64 from checks for -mcmodel=large and
-mno-red-zone. These are always either unnecessary (x86_64-emu) or
already in TARGET_CFLAGS at this point, and they produce incorrect
results when building for x32.
* grub-core/kern/x86_64/dl.c (grub_arch_dl_relocate_symbols): Cast
pointers to Elf64_Xword via grub_addr_t, in order to work on x32.
* include/grub/x86_64/types.h (GRUB_TARGET_SIZEOF_VOID_P,
GRUB_TARGET_SIZEOF_LONG): Define to 4 on x32.
Commit 588744d0dc caused grub-mkconfig
no longer to be forgiving of trailing spaces on grub-probe output
lines, which among other things means that util/grub.d/10_linux.in
no longer detects LVM. To fix this, make grub-probe's output
delimiting more consistent. As a bonus, this improves the coverage
of the -0 option.
Fixes Debian bug #735935.
* grub-core/disk/cryptodisk.c
(grub_util_cryptodisk_get_abstraction): Add a user-data argument.
* grub-core/disk/diskfilter.c (grub_diskfilter_get_partmap):
Likewise.
* include/grub/cryptodisk.h (grub_util_cryptodisk_get_abstraction):
Update prototype.
* include/grub/diskfilter.h (grub_diskfilter_get_partmap): Likewise.
* util/grub-install.c (push_partmap_module, push_cryptodisk_module,
probe_mods): Adjust for extra user-data arguments.
* util/grub-probe.c (do_print, probe_partmap, probe_cryptodisk_uuid,
probe_abstraction): Use configured delimiter. Update callers.
It enables net boot even when there is no bootp/dhcp server.
* grub-core/net/drivers/ieee1275/ofnet.c: Add grub_ieee1275_parse_bootpath and
call it at grub_ieee1275_net_config_real.
* grub-core/kern/ieee1275/init.c: Add bootpath to grub_ieee1275_net_config.
* include/grub/ieee1275/ieee1275.h: Likewise.
In file included from util/misc.c:36:0:
./include/grub/emu/misc.h:56:1: error: 'libintl_printf' is an unrecognized format function type [-Werror=format=]
char * EXPORT_FUNC(xasprintf) (const char *fmt, ...) __attribute__ ((format (printf, 1, 2))) WARN_UNUSED_RESULT;
^
./include/grub/emu/misc.h:58:1: error: 'libintl_printf' is an unrecognized format function type [-Werror=format=]
The reason is libintl.h which redefines printf as libintl_printf. The problem
is not present in native MinGW build which avoids redefinition. Use
(format (__printf__) instead which is valid replacement in GCC.
v2: add grub-core/lib/libgcrypt/src/g10lib.h
v3: modify g10lib.h during import
In file included from ./include/grub/dl.h:23:0,
from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/list.h:34:18: warning: conflicting types for 'grub_list_push' [en
abled by default]
void EXPORT_FUNC(grub_list_push) (grub_list_t *head, grub_list_t item);
^
./include/grub/symbol.h:68:25: note: in definition of macro 'EXPORT_FUNC'
# define EXPORT_FUNC(x) x
^
In file included from ./include/grub/fs.h:30:0,
from ./include/grub/file.h:25,
from ./grub-core/lib/posix_wrap/stdio.h:23,
from c:\mingw\include\libintl.h:314,
from ./include/grub/i18n.h:33,
from ./include/grub/misc.h:27,
from ./include/grub/list.h:25,
from ./include/grub/dl.h:28,
from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/partition.h:106:3: note: previous implicit declaration of 'grub_l
ist_push' was here
grub_list_push (GRUB_AS_LIST_P (&grub_partition_map_list),
^
list.h needs just ATTRIBUTE_ERROR from misc.h; split compiler features
into separate file grub/compiler.h and include it instead.
Use _FILE_OFFSET_BITS macro to distinguish between native MinGW and
32 bit under MinGW-64. The latter does not require fseeko/ftello
redefinition which it already does in case of _FILE_OFFSET_BITS=64.
* grub-core/osdep/unix/getroot.c (strip_extra_slashes): Move inside
!defined (__GNU__).
(xgetcwd): Likewise.
* include/grub/emu/hostdisk.h (grub_util_hurd_get_disk_info)
[__GNU__]: Add prototype.
* util/getroot.c (grub_util_biosdisk_get_grub_dev) [__GNU__]: Format
long int using %ld rather than %d.
We need to hide "modprobe efivars" error output to avoid confusion. So
consolidate grub_util_exec_* into single function that can optionally redirect
all three standard descriptors and make all other functions compatibility
wrappers.
Also remove include/grub/osdep/exec_unix.h which does not appear to be used
anywhere.
Compare function used in qsort gets arguments by reference, so strcmp
cannot be used directly - it expects pointer to char, but gets pointer
to pointer to char.
Introduce new helper grub_qsort_strcmp and use it in grub-install.
This helper is going to be used in a couple more places as well so
add it to global file, not in grub-install.c.
Copying the themes directory in grub-shell isn't
parallel-test-friendly and breaks on the second test when the source
directory is read-only (as in "make distcheck"). Instead, add a
hidden --themes-directory option to grub-mkrescue et al, and use it
in grub-shell.
Add grub_util_disable_fd_syncs call to turn grub_util_fd_sync calls into
no-ops, and use it in programs that copy files but do not need to take
special care to sync writes (grub-mknetdir, grub-rescue,
grub-mkstandalone).
On my laptop, this reduces partmap_test's runtime from 1236 seconds to
204 seconds.
* include/grub/util/install.h (GRUB_INSTALL_OPTIONS): Add
--locale-directory option.
(enum grub_install_options): Add
GRUB_INSTALL_OPTIONS_LOCALE_DIRECTORY.
* util/grub-install-common.c (grub_install_help_filter): Handle
GRUB_INSTALL_OPTIONS_LOCALE_DIRECTORY.
(grub_install_parse): Likewise.
(get_localedir): New function to check for a user-provided option
before trying grub_util_get_localedir.
(copy_locales): Use get_localedir rather than
grub_util_get_localedir. Handle differing locale directory layouts.
(grub_install_copy_files): Likewise.
GRUB_MEMORY_MACHINE_SCRATCH_SIZE and increase
GRUB_MEMORY_MACHINE_PROT_STACK_SIZE.
The binary doesn't change (checked). It's more to better reflect actual
usage.
the function of these files exceeds what can be sanely handled in shell
in posix-comaptible way. Also writing it in C extends the functionality
to non-UNIX-like OS and minimal environments.
On upcoming arm64 port libgcc ctz* are not usable in standalone
environment. Since we need ctz* for this case and implementation is
in C we may as well use it on all concerned platforms.
Adding multiple questions on a single DNS query is not supportted by
most DNS servers. This patch issues two separate DNS queries
sequentially for ipv4 and then for ipv6.
Fixes: https://savannah.gnu.org/bugs/?39710
* grub-core/net/bootp.c (parse_dhcp_vendor): Add DNS option.
* grub-core/net/dns.c (grub_dns_qtype_id): New enum.
* (grub_net_dns_lookup): Now using separated dns packages.
* (grub_cmd_nslookup): Add error condition.
* (grub_cmd_list_dns): Print DNS option.
* (grub_cmd_add_dns): Add four parameters: --only-ipv4,
* --only-ipv6, --prefer-ipv4, and --prefer-ipv6.
* include/grub/net.h (grub_dns_option_t): New enum.
* (grub_net_network_level_address): option added.
Also-by: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
strncpy.
* grub-core/fs/jfs.c (grub_jfs_lookup_symlink): Likewise.
* grub-core/kern/misc.c (grub_strncpy): Move from here ...
* include/grub/misc.h (grub_strncpy): ... to here. Make inline.
* grub-core/net/net.c (grub_net_addr_to_str): Use COMPILE_TIME_ASSERT
+ strcpy rather than strncpy.