ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile
new file mode 100644
index 0000000..46e3597
--- /dev/null
+++ b/package/boot/grub2/Makefile
@@ -0,0 +1,157 @@
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=grub
+PKG_CPE_ID:=cpe:/a:gnu:grub2
+PKG_VERSION:=2.04
+PKG_RELEASE:=3
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@GNU/grub
+PKG_HASH:=e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d
+
+HOST_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=grub2/host
+
+PKG_ASLR_PIE:=0
+PKG_SSP:=0
+
+PKG_FLAGS:=nonshared
+
+include $(INCLUDE_DIR)/host-build.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/grub2/Default
+ CATEGORY:=Boot Loaders
+ SECTION:=boot
+ TITLE:=GRand Unified Bootloader ($(1))
+ URL:=http://www.gnu.org/software/grub/
+ DEPENDS:=@TARGET_x86
+ VARIANT:=$(1)
+endef
+
+Package/grub2=$(call Package/grub2/Default,pc)
+Package/grub2-efi=$(call Package/grub2/Default,efi)
+
+define Package/grub2-editenv
+ CATEGORY:=Utilities
+ SECTION:=utils
+ SUBMENU:=Boot Loaders
+ TITLE:=Grub2 Environment editor
+ URL:=http://www.gnu.org/software/grub/
+ DEPENDS:=@TARGET_x86
+ VARIANT:=pc
+endef
+
+define Package/grub2-editenv/description
+ Edit grub2 environment files.
+endef
+
+HOST_BUILD_PREFIX := $(STAGING_DIR_HOST)
+
+CONFIGURE_VARS += \
+ grub_build_mkfont_excuse="don't want fonts"
+
+CONFIGURE_ARGS += \
+ --target=$(REAL_GNU_TARGET_NAME) \
+ --disable-werror \
+ --disable-nls \
+ --disable-device-mapper \
+ --disable-libzfs \
+ --disable-grub-mkfont \
+ --with-platform=$(BUILD_VARIANT)
+
+HOST_CONFIGURE_VARS += \
+ grub_build_mkfont_excuse="don't want fonts"
+
+HOST_CONFIGURE_ARGS += \
+ --disable-grub-mkfont \
+ --target=$(REAL_GNU_TARGET_NAME) \
+ --sbindir="$(STAGING_DIR_HOST)/bin" \
+ --disable-werror \
+ --disable-libzfs \
+ --disable-nls \
+ --with-platform=none
+
+HOST_MAKE_FLAGS += \
+ TARGET_RANLIB=$(TARGET_RANLIB) \
+ LIBLZMA=$(STAGING_DIR_HOST)/lib/liblzma.a
+
+TARGET_CFLAGS := $(filter-out -fno-plt,$(TARGET_CFLAGS))
+
+define Host/Configure
+ $(SED) 's,(RANLIB),(TARGET_RANLIB),' $(HOST_BUILD_DIR)/grub-core/Makefile.in
+ $(Host/Configure/Default)
+endef
+
+define Package/grub2/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-bios-setup $(1)/usr/sbin/
+ $(INSTALL_DIR) $(STAGING_DIR_IMAGE)/grub2
+ $(CP) $(PKG_BUILD_DIR)/grub-core/boot.img $(STAGING_DIR_IMAGE)/grub2/
+ $(CP) $(PKG_BUILD_DIR)/grub-core/cdboot.img $(STAGING_DIR_IMAGE)/grub2/
+ sed 's#msdos1#gpt1#g' ./files/grub-early.cfg >$(PKG_BUILD_DIR)/grub-early.cfg
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O i386-pc \
+ -c $(PKG_BUILD_DIR)/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/gpt-core.img \
+ at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot serial vga
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O i386-pc \
+ -c ./files/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/generic-core.img \
+ at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O i386-pc \
+ -c ./files/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/eltorito.img \
+ at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O i386-pc \
+ -c ./files/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/legacy-core.img \
+ biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+endef
+
+define Package/grub2-efi/install
+ sed 's#msdos1#gpt1#g' ./files/grub-early.cfg >$(PKG_BUILD_DIR)/grub-early.cfg
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O $(CONFIG_ARCH)-efi \
+ -c $(PKG_BUILD_DIR)/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/boot$(if $(CONFIG_x86_64),x64,ia32).efi \
+ at_keyboard boot chain configfile fat linux ls part_gpt reboot serial efi_gop efi_uga
+ $(STAGING_DIR_HOST)/bin/grub-mkimage \
+ -d $(PKG_BUILD_DIR)/grub-core \
+ -p /boot/grub \
+ -O $(CONFIG_ARCH)-efi \
+ -c ./files/grub-early.cfg \
+ -o $(STAGING_DIR_IMAGE)/grub2/iso-boot$(if $(CONFIG_x86_64),x64,ia32).efi \
+ at_keyboard boot chain configfile fat iso9660 linux ls part_msdos part_gpt reboot serial test efi_gop efi_uga
+endef
+
+define Package/grub2-editenv/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-editenv $(1)/usr/sbin/
+endef
+
+$(eval $(call HostBuild))
+$(eval $(call BuildPackage,grub2))
+$(eval $(call BuildPackage,grub2-efi))
+$(eval $(call BuildPackage,grub2-editenv))
diff --git a/package/boot/grub2/files/grub-early.cfg b/package/boot/grub2/files/grub-early.cfg
new file mode 100644
index 0000000..4a5b5a6
--- /dev/null
+++ b/package/boot/grub2/files/grub-early.cfg
@@ -0,0 +1 @@
+configfile (hd0,msdos1)/boot/grub/grub.cfg
diff --git a/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch b/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
new file mode 100644
index 0000000..74d68a6
--- /dev/null
+++ b/package/boot/grub2/patches/001-verifiers-Blocklist-fallout-cleanup.patch
@@ -0,0 +1,31 @@
+From: David Michael <fedora.dm0@gmail.com>
+Date: Fri, 5 Jul 2019 07:45:59 -0400
+Subject: [PATCH] verifiers: Blocklist fallout cleanup
+
+Blocklist fallout cleanup after commit 5c6f9bc15 (generic/blocklist: Fix
+implicit declaration of function grub_file_filter_disable_compression()).
+
+Signed-off-by: David Michael <fedora.dm0@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+
+--- a/grub-core/osdep/generic/blocklist.c
++++ b/grub-core/osdep/generic/blocklist.c
+@@ -59,7 +59,7 @@ grub_install_get_blocklist (grub_device_
+
+ grub_disk_cache_invalidate_all ();
+
+- file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
++ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
+ if (file)
+ {
+ if (grub_file_size (file) != core_size)
+@@ -116,7 +116,7 @@ grub_install_get_blocklist (grub_device_
+
+ grub_file_t file;
+ /* Now read the core image to determine where the sectors are. */
+- file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS);
++ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS);
+ if (! file)
+ grub_util_error ("%s", grub_errmsg);
+
diff --git a/package/boot/grub2/patches/100-grub_setup_root.patch b/package/boot/grub2/patches/100-grub_setup_root.patch
new file mode 100644
index 0000000..df671bc
--- /dev/null
+++ b/package/boot/grub2/patches/100-grub_setup_root.patch
@@ -0,0 +1,118 @@
+--- a/util/grub-setup.c
++++ b/util/grub-setup.c
+@@ -87,6 +87,8 @@ static struct argp_option options[] = {
+ N_("install even if problems are detected"), 0},
+ {"skip-fs-probe",'s',0, 0,
+ N_("do not probe for filesystems in DEVICE"), 0},
++ {"root-device", 'r', N_("DEVICE"), 0,
++ N_("use DEVICE as the root device"), 0},
+ {"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
+ {"allow-floppy", 'a', 0, 0,
+ /* TRANSLATORS: The potential breakage isn't limited to floppies but it's
+@@ -130,6 +132,7 @@ struct arguments
+ char *core_file;
+ char *dir;
+ char *dev_map;
++ char *root_dev;
+ int force;
+ int fs_probe;
+ int allow_floppy;
+@@ -178,6 +181,13 @@ argp_parser (int key, char *arg, struct
+ arguments->dev_map = xstrdup (arg);
+ break;
+
++ case 'r':
++ if (arguments->root_dev)
++ free (arguments->root_dev);
++
++ arguments->root_dev = xstrdup (arg);
++ break;
++
+ case 'f':
+ arguments->force = 1;
+ break;
+@@ -313,7 +323,7 @@ main (int argc, char *argv[])
+ GRUB_SETUP_FUNC (arguments.dir ? : DEFAULT_DIRECTORY,
+ arguments.boot_file ? : DEFAULT_BOOT_FILE,
+ arguments.core_file ? : DEFAULT_CORE_FILE,
+- dest_dev, arguments.force,
++ arguments.root_dev, dest_dev, arguments.force,
+ arguments.fs_probe, arguments.allow_floppy,
+ arguments.add_rs_codes);
+
+--- a/util/setup.c
++++ b/util/setup.c
+@@ -252,13 +252,12 @@ identify_partmap (grub_disk_t disk __att
+ void
+ SETUP (const char *dir,
+ const char *boot_file, const char *core_file,
+- const char *dest, int force,
++ const char *root, const char *dest, int force,
+ int fs_probe, int allow_floppy,
+ int add_rs_codes __attribute__ ((unused))) /* unused on sparc64 */
+ {
+ char *core_path;
+ char *boot_img, *core_img, *boot_path;
+- char *root = 0;
+ size_t boot_size, core_size;
+ grub_uint16_t core_sectors;
+ grub_device_t root_dev = 0, dest_dev, core_dev;
+@@ -307,7 +306,10 @@ SETUP (const char *dir,
+
+ core_dev = dest_dev;
+
+- {
++ if (root)
++ root_dev = grub_device_open(root);
++
++ if (!root_dev) {
+ char **root_devices = grub_guess_root_devices (dir);
+ char **cur;
+ int found = 0;
+@@ -320,6 +322,8 @@ SETUP (const char *dir,
+ char *drive;
+ grub_device_t try_dev;
+
++ if (root_dev)
++ break;
+ drive = grub_util_get_grub_dev (*cur);
+ if (!drive)
+ continue;
+--- a/include/grub/util/install.h
++++ b/include/grub/util/install.h
+@@ -191,13 +191,13 @@ grub_install_get_image_target (const cha
+ void
+ grub_util_bios_setup (const char *dir,
+ const char *boot_file, const char *core_file,
+- const char *dest, int force,
++ const char *root, const char *dest, int force,
+ int fs_probe, int allow_floppy,
+ int add_rs_codes);
+ void
+ grub_util_sparc_setup (const char *dir,
+ const char *boot_file, const char *core_file,
+- const char *dest, int force,
++ const char *root, const char *dest, int force,
+ int fs_probe, int allow_floppy,
+ int add_rs_codes);
+
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -1712,7 +1712,7 @@ main (int argc, char *argv[])
+ /* Now perform the installation. */
+ if (install_bootsector)
+ grub_util_bios_setup (platdir, "boot.img", "core.img",
+- install_drive, force,
++ NULL, install_drive, force,
+ fs_probe, allow_floppy, add_rs_codes);
+ break;
+ }
+@@ -1738,7 +1738,7 @@ main (int argc, char *argv[])
+ /* Now perform the installation. */
+ if (install_bootsector)
+ grub_util_sparc_setup (platdir, "boot.img", "core.img",
+- install_drive, force,
++ NULL, install_drive, force,
+ fs_probe, allow_floppy,
+ 0 /* unused */ );
+ break;
diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch
new file mode 100644
index 0000000..22f6c90
--- /dev/null
+++ b/package/boot/grub2/patches/300-CVE-2015-8370.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+ This patch fixes two integer underflows at:
+ * grub-core/lib/crypto.c
+ * grub-core/normal/auth.c
+
+Resolves: CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ if (cur_len)
+ cur_len--;
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
+ break;
+ }
+
+- if (key == GRUB_TERM_BACKSPACE)
++ if (key == GRUB_TERM_BACKSPACE && cur_len)
+ {
+ if (cur_len)
+ {