Debian Patches
Status for grub2/2.12-7
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| olpc-prefix-hack.patch | Hack prefix for OLPC This sucks, but it's better than what OFW was giving us. |
Colin Watson <cjwatson@debian.org> | no | 2014-01-13 | ||
| core-in-fs.patch | Write marker if core.img was written to filesystem The Debian bug reporting script includes a warning in this case. |
Colin Watson <cjwatson@debian.org> | no | 2014-01-13 | ||
| grub-legacy-0-based-partitions.patch | Support running grub-probe in grub-legacy's update-grub | Colin Watson <cjwatson@debian.org> | not-needed | 2013-12-25 | ||
| disable-floppies.patch | Disable use of floppy devices An ugly kludge. Should this be merged upstream? |
Robert Millan | no | 2014-01-13 | ||
| gfxpayload-keep-default.patch | Disable gfxpayload=keep by default Setting gfxpayload=keep has been known to cause efifb to be inappropriately enabled. In any case, with the current Linux kernel the result of this option is that early kernelspace will be unable to print anything to the console, so (for example) if boot fails and you end up dumped to an initramfs prompt, you won't be able to see anything on the screen. As such it shouldn't be enabled by default in Debian, no matter what kernel options are enabled. gfxpayload=keep is a good idea but rather ahead of its time ... |
Colin Watson <cjwatson@debian.org> | no | debian | 2013-12-25 | |
| install-stage2-confusion.patch | If GRUB Legacy is still around, tell packaging to ignore it | Colin Watson <cjwatson@debian.org> | not-needed | debian | 2021-09-24 | |
| mkconfig-loopback.patch | Handle filesystems loop-mounted on file images Improve prepare_grub_to_access_device to emit appropriate commands for such filesystems, and ignore them in Linux grub.d scripts. This is needed for Ubuntu's Wubi installation method. This patch isn't inherently Debian/Ubuntu-specific. losetup and /proc/mounts are Linux-specific, though, so we might need to refine this before sending it upstream. The changes to the Linux grub.d scripts might be better handled by integrating 10_lupin properly instead. |
Colin Watson <cjwatson@debian.org> | no | 2014-01-13 | ||
| restore-mkdevicemap.patch | Restore grub-mkdevicemap This is kind of a mess, requiring lots of OS-specific code to iterate over all possible devices. However, we use it in a number of scripts to discover devices and reimplementing those in terms of something else would be very complicated. |
Dimitri John Ledkov <dimitri.ledkov@canonical.com> | no | 2021-09-24 | ||
| gettext-quiet.patch | Silence error messages when translations are unavailable | Colin Watson <cjwatson@ubuntu.com> | yes | upstream | 2013-11-14 | |
| install-efi-fallback.patch | Fall back to non-EFI if booted using EFI but -efi is missing It may be possible, particularly in recovery situations, to be booted using EFI on x86 when only the i386-pc target is installed, or on ARM when only the arm-uboot target is installed. There's nothing actually stopping us installing i386-pc or arm-uboot from an EFI environment, and it's better than returning a confusing error. |
Steve McIntyre <93sam@debian.org> | no | 2019-05-24 | ||
| mkconfig-ubuntu-recovery.patch | "single" -> "recovery" when friendly-recovery is installed If configured with --enable-ubuntu-recovery, also set nomodeset for recovery mode, and disable 'set gfxpayload=keep' even if the system normally supports it. See https://launchpad.net/ubuntu/+spec/desktop-o-xorg-tools-and-processes. |
Stéphane Graber <stgraber@ubuntu.com> | no | 2013-12-25 | ||
| install-locale-langpack.patch | Prefer translations from Ubuntu language packs if available | Colin Watson <cjwatson@ubuntu.com> | not-needed | 2013-12-25 | ||
| mkconfig-nonexistent-loopback.patch | Avoid getting confused by inaccessible loop device backing paths | Colin Watson <cjwatson@ubuntu.com> | no | 2021-09-24 | ||
| default-grub-d.patch | Read /etc/default/grub.d/*.cfg after /etc/default/grub | Colin Watson <cjwatson@ubuntu.com> | no | 2021-09-24 | ||
| blacklist-1440x900x32.patch | Blacklist 1440x900x32 from VBE preferred mode handling | Colin Watson <cjwatson@ubuntu.com> | no | 2013-11-14 | ||
| mkconfig-ubuntu-distributor.patch | Remove GNU/Linux from default distributor string for Ubuntu Ubuntu is called "Ubuntu", not "Ubuntu GNU/Linux". |
Harald Sitter <apachelogger@kubuntu.org> | not-needed | 2013-12-25 | ||
| maybe-quiet.patch | Add configure option to reduce visual clutter at boot time If this option is enabled, then do all of the following: Don't display introductory message about line editing unless we're actually offering a shell prompt. (This is believed to be a workaround for a different bug. We'll go with this for now, but will drop this in favour of a better fix upstream if somebody figures out what that is.) Don't clear the screen just before booting if we never drew the menu in the first place. Remove verbose messages printed before reading configuration. In some ways this is awkward because it makes debugging harder, but it's a requirement for a smooth-looking boot process; we may be able to do better in future. Upstream doesn't want this, though. Disable the cursor as well, for similar reasons of tidiness. Suppress kernel/initrd progress messages, except in recovery mode. Suppress "GRUB loading" message unless Shift is held down. Upstream doesn't want this, as it makes debugging harder. Ubuntu wants it to provide a cleaner boot experience. |
Will Thompson <will@willthompson.co.uk> | invalid | 2021-09-24 | ||
| install-efi-adjust-distributor.patch | Adjust efi_distributor for some distributions This is not a very good approach, and certainly not sanely upstreamable; we probably need to split GRUB_DISTRIBUTOR into a couple of different variables. |
Colin Watson <cjwatson@ubuntu.com> | not-needed | debian | 2019-08-06 | |
| quick-boot.patch | Add configure option to bypass boot menu if possible If other operating systems are installed, then automatically unhide the menu. Otherwise, if GRUB_HIDDEN_TIMEOUT is 0, then use keystatus if available to check whether Shift is pressed. If it is, show the menu, otherwise boot immediately. If keystatus is not available, then fall back to a short delay interruptible with Escape. This may or may not remain Ubuntu-specific, although it's not obviously wanted upstream. It implements a requirement of https://wiki.ubuntu.com/DesktopExperienceTeam/KarmicBootExperienceDesignSpec#Bootloader. If the previous boot failed (defined as failing to get to the end of one of the normal runlevels), then show the boot menu regardless. |
Robie Basak <robie.basak@ubuntu.com> | no | 2015-09-04 | ||
| quick-boot-lvm.patch | If we don't have writable grubenv and we're on EFI, always show the menu If we don't have writable grubenv, recordfail doesn't work, which means our quickboot behavior - with a timeout of 0 - leaves the user without a reliable way to access the boot menu if they're on UEFI, because unlike BIOS, UEFI does not support checking the state of modifier keys (i.e. holding down shift at boot is not detectable). Handle this corner case by always using a non-zero timeout on EFI when save_env doesn't work. Reuse GRUB_RECORDFAIL_TIMEOUT to avoid introducing another variable. |
Steve Langasek <steve.langasek@ubuntu.com> | no | 2019-06-24 | ||
| gfxpayload-dynamic.patch | Add configure option to enable gfxpayload=keep dynamically Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported on the current hardware. See https://blueprints.launchpad.net/ubuntu/+spec/packageselection-foundations-n-grub2-boot-framebuffer. |
Colin Watson <cjwatson@ubuntu.com> | no | 2019-05-25 | ||
| vt-handoff.patch | Add configure option to use vt.handoff=7 This is used for non-recovery Linux entries only; it enables flicker-free booting if gfxpayload=keep is in use and a suitable kernel is present. |
Andy Whitcroft <apw@canonical.com> | not-needed | 2013-12-25 | ||
| probe-fusionio.patch | Probe FusionIO devices | Colin Watson <cjwatson@ubuntu.com> | no | 2016-09-18 | ||
| ignore-grub_func_test-failures.patch | Ignore functional test failures for now as they are broken | Colin Watson <cjwatson@debian.org> | not-needed | 2013-11-19 | ||
| mkconfig-recovery-title.patch | Add GRUB_RECOVERY_TITLE option This allows the controversial "recovery mode" text to be customised. |
Colin Watson <cjwatson@ubuntu.com> | no | 2013-12-25 | ||
| install-powerpc-machtypes.patch | Port yaboot logic for various powerpc machine types Some powerpc machines require not updating the NVRAM. This can be handled by existing grub-install command-line options, but it's friendlier to detect this automatically. On chrp_ibm machines, use the nvram utility rather than nvsetenv. (This is possibly suitable for other machines too, but that needs to be verified.) |
Colin Watson <cjwatson@debian.org> | no | 2014-10-15 | ||
| ieee1275-clear-reset.patch | Include a text attribute reset in the clear command for ppc Always clear text attribute for clear command in order to avoid problems after it boots. * grub-core/term/terminfo.c: Add escape for text attribute reset |
Paulo Flabiano Smorigo <pfsmorigo@linux.vnet.ibm.com> | no | other, https://lists.gnu.org/archive/html/grub-devel/2014-09/msg00076.html | 2014-09-26 | |
| ppc64el-disable-vsx.patch | Disable VSX instruction VSX bit is enabled by default for Power7 and Power8 CPU models, so we need to disable them in order to avoid instruction exceptions. Kernel will activate it when necessary. * grub-core/kern/powerpc/ieee1275/startup.S: Disable VSX. |
Paulo Flabiano Smorigo <pfsmorigo@linux.vnet.ibm.com> | no | other, https://lists.gnu.org/archive/html/grub-devel/2014-09/msg00078.html | 2015-01-27 | |
| grub-install-pvxen-paths.patch | grub-install: Install PV Xen binaries into the upstream specified path Upstream have defined a specification for where guests ought to place their xenpv grub binaries in order to facilitate chainloading from a stage 1 grub loaded from dom0. http://xenbits.xen.org/docs/unstable-staging/misc/x86-xenpv-bootloader.html The spec calls for installation into /boot/xen/pvboot-i386.elf or /boot/xen/pvboot-x86_64.elf. |
Ian Campbell <ijc@hellion.org.uk> | yes | debian | 2014-10-24 | |
| insmod-xzio-and-lzopio-on-xen.patch | Arrange to insmod xzio and lzopio when booting a kernel as a Xen guest This is needed in case the Linux kernel is compiled with CONFIG_KERNEL_XZ or CONFIG_KERNEL_LZO rather than CONFIG_KERNEL_GZ (gzio is already loaded by grub.cfg today). |
Ian Campbell <ijc@debian.org> | yes | debian | 2014-11-30 | |
| zpool-full-device-name.patch | Tell zpool to emit full device names zfs-initramfs currently provides extraneous, undesired symlinks to devices directly underneath /dev/ to satisfy zpool's historical output of unqualified device names. By including this environment variable to signal our intent to zpool, zfs-linux packages can drop the symlink behavior when updating to its upstream or backported output behavior. |
Chad MILLER <chad.miller@canonical.com> | yes | debian upstream | 2016-11-01 | |
| network/net-http-check-result-of-grub_netbuff_put-in-http_receive.patch | net/http: check result of grub_netbuff_put() in http_receive() | Robbie Harwood <rharwood@redhat.com> | no | 2023-04-25 | ||
| network/bootp-new-net_bootp6-command.patch | efinet + bootp: add net_bootp6 command supporting dhcpv6 Implement new net_bootp6 command for IPv6 network auto configuration via the DHCPv6 protocol (RFC3315). |
Peter Jones <pjones@redhat.com> | no | 2023-04-25 | ||
| network/efinet-add-structures-for-PXE-messages.patch | efinet: add structures for PXE messages When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is cached in firmware buffer which can be obtained by PXE Base Code protocol. The network interface can be setup through the parameters in that obtained packet. Augment existing structures to represent this, and make them agnostic between ipv4 and ipv6. |
Michael Chang <mchang@suse.com> | no | 2023-04-25 | ||
| network/bootp-process-dhcpack-http-boot.patch | bootp: Process DHCPACK packet during HTTP Boot The vendor class identifier with the string "HTTPClient" is used to denote the packet as responding to HTTP boot request. In DHCP4 config, the filename for HTTP boot is the URL of the boot file, while for PXE boot it is the path to the boot file. As a consequence, the next-server becomes obselete because the HTTP URL already contains the server address for the boot file. For DHCP6 config, there's no difference definition in existing config as dhcp6.bootfile-url can be used to specify URL for both HTTP and PXE boot file. Add processing for "HTTPClient" vendor class identifier in DHCPACK packet by treating it as HTTP format, not as the PXE format. |
Michael Chang <mchang@suse.com> | no | 2023-04-25 | ||
| network/efinet-Configure-network-from-UEFI-device-path.patch | efinet Configure network from UEFI device path The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no longer provided for HTTP Boot. Instead, we have to get the HTTP boot information from the device path nodes defined in following UEFI Specification sections. 9.3.5.12 IPv4 Device Path 9.3.5.13 IPv6 Device Path 9.3.5.23 Uniform Resource Identifiers (URI) Device Path This patch basically does: include/grub/efi/api.h: Add new structure for Uniform Resource Identifiers (URI) Device Path grub-core/net/drivers/efi/efinet.c: Check if PXE Base Code is available. If not, try to obtain the netboot information from the device path where the image booted from. The DHCPACK packet is recoverd from the information in device patch and fed into the same DHCP packet processing functions to ensure the network interface is set up the same way it used to be. |
Michael Chang <mchang@suse.com> | no | 2023-04-25 | ||
| network/efinet-set-dns-from-uefi-proto.patch | efinet: set DNS server from UEFI protocol In the URI device path node, any name rather than address can be used for looking up the resources so that DNS service become needed to get answer of the name's address. Unfortunately, DNS is not defined in any of the device path nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain it. These two protcols are defined the sections of UEFI specification. 27.5 EFI IPv4 Configuration II Protocol 27.7 EFI IPv6 Configuration Protocol include/grub/efi/api.h: Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL. grub-core/net/drivers/efi/efinet.c: Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list of DNS server address for IPv4 and IPv6 respectively. The address of DNS servers is structured into DHCPACK packet and feed into the same DHCP packet processing functions to ensure the network interface is setting up the same way it used to be. (rebased against 2.12) |
Michael Chang <mchang@suse.com> | no | 2023-04-25 | ||
| network/support-uefi-networking-protocols.patch | Support UEFI networking protocols | Michael Chang <mchang@suse.com> | no | 2023-01-09 | ||
| network/efinet-also-use-the-firmware-acceleration-for-http.patch | efinet: also use the firmware acceleration for http | Peter Jones <pjones@redhat.com> | no | 2023-01-09 | ||
| network/efi-http-match-protocol-hostname-of-boot-url-in-root.patch | efi/http: match protocol+hostname of boot url in root_url This lets you write config files that don't know urls. |
Peter Jones <pjones@redhat.com> | no | 2023-01-09 | ||
| network/add-fw_path-variable-to-detect-config-file-on-efi.patch | Add fw_path variable to detect config file on efi This patch makes grub look for its config file on efi where the app was found. |
Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com> | no | 2023-01-09 | ||
| network/use-fw_path-prefix-when-fallback-searching-for-grub-config.patch | use fw_path prefix when fallback searching for grub config When PXE booting via UEFI firmware, grub was searching for grub.cfg in the fw_path directory where the grub application was found. If that didn't exist, a fallback search would look for config file names based on MAC and IP address. However, the search would look in the prefix directory which may not be the same fw_path. This patch changes that behavior to use the fw_path directory for the fallback search. Only if fw_path is NULL will the prefix directory be searched. |
Mark Salter <msalter@redhat.com> | no | 2023-01-09 | ||
| network/try-prefixes-for-tftp-config-file.patch | Try mac/guid/etc before grub.cfg on tftp config files | Peter Jones <pjones@redhat.com> | no | 2023-01-09 | ||
| network/prepend-prefix-when-http-path-is-relative.patch | Prepend prefix when HTTP path is relative This sets a couple of variables. With the url http://www.example.com/foo/bar : http_path: /foo/bar http_url: http://www.example.com/foo/bar |
Stephen Benjamin <stephen@redhat.com> | no | 2023-01-09 | ||
| network/efi-http-enclose-literal-ipv6-addresses-in-square-br.patch | efi/http: Enclose literal IPv6 addresses in square brackets According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6 addresses must be enclosed in square brackets. But GRUB currently does not do this and is causing HTTP servers to send Bad Request (400) responses. For example, the following is the HTTP stream when fetching a config file: HEAD /EFI/BOOT/grub.cfg HTTP/1.1 HTTP/1.1 400 Bad Request and after enclosing the IPv6 address the HTTP request is successful: HEAD /EFI/BOOT/grub.cfg HTTP/1.1 HTTP/1.1 200 OK |
Javier Martinez Canillas <javierm@redhat.com> | no | 2020-03-05 | ||
| network/http-prepend-prefix-when-the-http-path-is-relative.patch | http: Prepend prefix when the HTTP path is relative There are two different HTTP drivers that can be used when requesting an HTTP resource: the efi/http that uses the EFI_HTTP_PROTOCOL and the http that uses GRUB's HTTP and TCP/IP implementation. The efi/http driver appends a prefix that is defined in the variable http_path, but the http driver doesn't. So using this driver and attempting to fetch a resource using a relative path fails. Match the behavior of efi/http. |
Javier Martinez Canillas <javierm@redhat.com> | no | 2023-01-09 | ||
| network/discover-the-device-to-read-the-config-from-as-fallback.patch | normal/main: Discover the device to read the config from as a fallback When core.img is generated locally, the grub2-probe tool figures out the device and partition that needs to be read to parse the GRUB configuration file. But in some cases the core.img can't be generated on the host and instead has to be done at package build time. In particular, this will be true when it needs to be signed with a key that's only available on the package building infrastructure. In that case, the prefix variable won't have a device and partition but only a directory path. So there's no way for GRUB to know from which device has to read the configuration file. To allow GRUB to continue working on that scenario, fallback to iterating over all the available devices if reading the config failed when using the prefix and fw_path variables. |
Javier Martinez Canillas <javierm@redhat.com> | no | 2023-01-09 | ||
| network/efinet-add-dhcp-proxy-support.patch | efinet: Add DHCP proxy support If a proxyDHCP configuration is used, the server name, server IP and boot file values should be taken from the DHCP proxy offer instead of the DHCP server ack packet. |
Ian Page Hands <iphands@gmail.com> | no | 2023-01-09 | ||
| network/rhboot-http-message-field-size.patch | efi/http: change uint32_t to uintn_t Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to be UEFI 2.9 compliant. |
Keng-Yu Lin <kengyu@hpe.com> | no | 2023-04-26 | ||
| skip-grub_cmd_set_date.patch | Skip flaky grub_cmd_set_date test | Colin Watson <cjwatson@debian.org> | no | debian | 2018-10-28 | |
| bash-completion-drop-have-checks.patch | bash-completion: Drop "have" checks These don't work with and aren't needed by dynamically-loaded completions. |
Colin Watson <cjwatson@debian.org> | no | debian | 2018-11-16 | |
| at_keyboard-module-init.patch | at_keyboard: initialize keyboard in module init if keyboard is ready The change in 0c62a5b2 caused at_keyboard to fail on some machines. Immediately initializing the keyboard in the module init if the keyboard is ready makes the problem go away. |
Jeroen Dekkers <jeroen@dekkers.ch> | no | debian | 2019-02-09 | |
| uefi-secure-boot-cryptomount.patch | Fix setup on Secure Boot systems where cryptodisk is in use On full-encrypted systems, including /boot, the current code omits cryptodisk commands needed to open the drives if Secure Boot is enabled. This prevents grub2 from reading any further configuration residing on the encrypted disk. This patch fixes this issue by adding the needed "cryptomount" commands in the load.cfg file that is then copied in the EFI partition. |
=?utf-8?q?Herv=C3=A9_Werner?= <dud225@hotmail.com> | no | debian | 2019-02-10 | |
| efi-variable-storage-minimise-writes.patch | Minimise writes to EFI variable storage Some UEFI firmware is easily provoked into running out of space in its variable storage. This is usually due to certain kernel drivers (e.g. pstore), but regardless of the cause it can cause grub-install to fail because it currently asks efibootmgr to delete and re-add entries, and the deletion often doesn't result in an immediate garbage collection. Writing variables frequently also increases wear on the NVRAM which may have limited write cycles. For these reasons, it's desirable to find a way to minimise writes while still allowing grub-install to ensure that a suitable boot entry exists. Unfortunately, efibootmgr doesn't offer an interface that would let grub-install do this. It doesn't in general make very much effort to minimise writes; it doesn't allow modifying an existing Boot* variable entry, except in certain limited ways; and current versions don't have a way to export the expected variable data so that grub-install can compare it to the current data. While it would be possible (and perhaps desirable?) to add at least some of this to efibootmgr, that would still leave the problem that there isn't a good upstreamable way for grub-install to guarantee that it has a new enough version of efibootmgr. In any case, it's cumbersome and slow for grub-install to have to fork efibootmgr to get things done. Fortunately, a few years ago Peter Jones helpfully factored out a substantial part of efibootmgr to the efivar and efiboot libraries, and so it's now possible to have grub-install use those directly. We still have to use some code from efibootmgr, but much less than would previously have been necessary. grub-install now reuses existing boot entries where possible, and avoids writing to variables when the new contents are the same as the old contents. In the common upgrade case where nothing needs to change, it no longer writes to NVRAM at all. It's also now slightly faster, since using libefivar is faster than forking efibootmgr. Fixes Debian bug #891434. |
Colin Watson <cjwatson@ubuntu.com> | yes | debian | 2019-03-23 | |
| xen-no-xsm-policy-in-non-xsm-options.patch | 20_linux_xen: Do not load XSM policy in non-XSM options For complicated reasons, even if you have XSM/FLASK disabled (as is the default) the Xen build system still builds a policy file and puts it in /boot. Even so, we shouldn't be loading this in the usual non-"XSM enabled" entries. It doesn't do any particular harm but it is quite confusing. |
Ian Jackson <ian.jackson@eu.citrix.com> | no | debian | 2020-05-29 | |
| pc-verifiers-module.patch | i386-pc: build verifiers API as module Given no core functions on i386-pc would require verifiers to work and the only consumer of the verifier API is the pgp module, it looks good to me that we can move the verifiers out of the kernel image and let moddep.lst to auto-load it when pgp is loaded on i386-pc platform. This helps to reduce the size of core image and thus can relax the tension of exploding on some i386-pc system with very short MBR gap size. See also a very comprehensive summary from Colin [1] about the details. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00240.html V2: Drop COND_NOT_i386_pc and use !COND_i386_pc. Add comment in kern/verifiers.c to help understanding what's going on without digging into the commit history. |
Michael Chang <mchang@suse.com> | no | debian | other, https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00251.html | 2021-09-24 |
| debug_verifiers.patch | Add debug to display what's going on with verifiers | Steve McIntyre <93sam@debian.org> | no | 2021-04-17 | ||
| mkimage-fix-section-sizes.patch | util/mkimage: Some fixes to PE binaries section size calculation Commit f60ba9e5945 (util/mkimage: Refactor section setup to use a helper) added a helper function to setup PE sections, but it caused regressions in some arches where the natural alignment lead to wrong section sizes. This patch fixes a few things that were caused the section sizes to be calculated wrongly. These fixes are: * Only align the virtual memory addresses but not the raw data offsets. * Use aligned sizes for virtual memory sizes but not for raw data sizes. * Always align the sizes to set the virtual memory sizes. These seems to not cause problems for x64 and aa64 EFI platforms but was a problem for ia64. Because the size of the ".data" and "mods" sections were wrong and didn't have the correct content. Which lead to GRUB not being able to load any built-in module. |
Javier Martinez Canillas <javierm@redhat.com> | no | debian | 2021-04-16 | |
| 987008-lvrename-boot-fail.patch | fix renamed LV detection It looks like the detection of the LVM logical volumes fails in certain edge conditions. In particular, it was reported that renaming an LV will make grub fail to boot from the system as it cannot properly detect it anymore. . I have looked at the code surrounding the patch and cannot claim to understand the entire function here, as it is huge and quite cryptic. But it seems sane: the `ptr` we're inspecting here starts at the `rlocn->offset`, but we were adding `mda_size` to the (somewhat) unrelated metadatabuf instead. Now we're marking the `mda_end` correctly, based on the rlocn->offsite and ->size. . I have not tested this myself as the test setup is quite involved, but it seems others (e.g. "Hoyer, David" <David.Hoyer@netapp.com>) have tested the patch and confirmed it worked. |
Rogier <rogier777@gmail.com> | yes | debian upstream | other | 2023-02-25 |
| grub_os-prober.patch | grub_os-prober | GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> | no | 2023-06-19 | ||
| secure-boot/revert-efi-fallback-to-legacy.patch | Disable fallback to legacy mode if shim is loaded on x86 archs This reverts commits - 6425c12cd77ad51ad24be84c092aefacf0875089: this originally adds the fallback - e60015f574024584e43d1b3b245551e864aa8c4d: this triggers it in another case |
Julian Andres Klode <julian.klode@canonical.com> | no | 2023-07-19 | ||
| secure-boot/loader-framework.patch | efi: Provide wrappers for load_image, start_image, unload_image These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2023-07-24 | ||
| secure-boot/efi-use-peimage-shim.patch | efi: Provide a shim for load_image, start_image, unload_image Provide custom implementations of load_image(), start_image(), and unload_image() to workaround shim just forwarding those calls to the firmware. The code consumes a PE-COFF image loaded into memory. The functions * check validity of header * copy the sections * relocate the code * invalidate the instruction cache * execute the image * return to caller This was previously in use in Ubuntu on riscv64 and arm64 only, exposed as a single function grub_efi_run_image(). It was originally written by Heinrich and split up into 3 functions by Julian to integrate with the upstream boot loader. Caveats: - We do not always check for over and underflows, but at the point we reach this loader, the file has been verified by shim already, so this is not much of a concern. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2023-07-24 | ||
| zstd-require-8-byte-buffer.patch | zstd: Require at least 8 byte buffer in entropy_common This fixes the build on s390x which was rightfully complaining that iend - 7 = buffer + 4 - 7 = buffer -3 is outside the array bounds. ../../grub-core/lib/zstd/entropy_common.c: In function ‘FSE_readNCount’: ../../grub-core/lib/zstd/entropy_common.c:121:28: error: array subscript -3 is outside array bounds of ‘char[4]’ [-Werror=array-bounds] 121 | if ((ip <= iend-7) || (ip + (bitCount>>3) <= iend-4)) { | ~~~~^~ ../../grub-core/lib/zstd/entropy_common.c:77:14: note: while referencing ‘buffer’ 77 | char buffer[4]; | ^~~~~~ ../../grub-core/lib/zstd/entropy_common.c:105:30: error: array subscript -1 is outside array bounds of ‘char[4]’ [-Werror=array-bounds] 105 | if (ip < iend-5) { | ~~~~^~ ../../grub-core/lib/zstd/entropy_common.c:77:14: note: while referencing ‘buffer’ 77 | char buffer[4]; | ^~~~~~ ../../grub-core/lib/zstd/entropy_common.c:150:28: error: array subscript -3 is outside array bounds of ‘char[4]’ [-Werror=array-bounds] 150 | if ((ip <= iend-7) || (ip + (bitCount>>3) <= iend-4)) { | ~~~~^~ ../../grub-core/lib/zstd/entropy_common.c:77:14: note: while referencing ‘buffer’ 77 | char buffer[4]; | ^~~~~~ This is fixed in more recent zstd versions in basically the same way, but the new versions needs more work to import. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2021-12-02 | ||
| recovery-dis_ucode_ldr.patch | Pass dis_ucode_ldr to kernel for recovery mode In case of a botched microcode update, this allows people to easily roll back. It will of course break in the more unlikely event that you are missing a microcode update in your firmware that is needed to boot the system, but editing the entry to remove an option is easier than having to figure out the option and add it. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2020-06-19 | ||
| hwmatch-only-on-grub-pc-platform.patch | Call hwmatch only on the grub-pc platform Call hwmatch only on i386/pc as it is only available there. This avoids "error: can't find command `hwmatch'." on e.g., x86_64/efi. The equivalent behavior is linux_gfx_mode=keep because grub is special: the `if hwmatch` clause is true on that error and `$match = 0` is true too, as it is undefined (confirmed in grub shell.) A quick fix for now. Before and After: grub> hwmatch error: can't find command `hwmatch'. grub> echo $grub_platform efi grub> echo $linux_gfx_mode keep |
Mauricio Faria de Oliveira <mfo@canonical.com> | no | debian | 2020-08-20 | |
| fat-fix-listing-the-root-directory.patch | fat: fix listing the root directory ls / for a FAT partition leads to error: invalid modification timestamp for /. Not all entries of the directory are displayed. Linux never updates the modification timestamp of the /. directory entry. The FAT specification allows the access and creation date fields to be zero. We should follow Linux and render initial FAT timestamps as start of the epoch. |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | no | https://lists.gnu.org/archive/html/grub-devel/2022-01/msg00116.html | 2022-01-21 | |
| efivar-check-that-efivarfs-is-writeable.patch | [PATCH 1/1] efivar: check that efivarfs is writeable Some UEFI implementations (notably U-Boot) don't implement the SetVariable() runtime service. On these systems the GRUB installation must be completed manually. Write a warning in this case but avoid throwing an error. (LP: #1965288) |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | no | 2022-03-18 | ||
| fdt-add-debug-output-to-devicetree-command.patch | [PATCH] fdt: add debug output to devicetree command For debugging we need feedback that the devicetree command has be executed. |
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | no | 2022-03-24 | ||
| fdt-device-tree-fixup-protocol.patch | [PATCH] efi: EFI Device Tree Fixup Protocol Device-trees are used to convey information about hardware to the operating system. Some of the properties are only known at boot time. (One example of such a property is the number of the boot hart on RISC-V systems.) Therefore the firmware applies fix-ups to the original device-tree. Some nodes and properties are added or altered. When using GRUB's device-tree command the same fix-ups have to be applied. The EFI Device Tree Fixup Protocol allows to pass the loaded device tree to the firmware for this purpose. The protocol can * add nodes and update properties * reserve memory according to the /reserved-memory node and the memory reservation block * install the device-tree as configuration table With the patch GRUB checks if the protocol is installed and invokes it if available. (LP: #1965796) |
Heinrich Schuchardt <xypron.glpk@gmx.de> | no | 2021-01-29 | ||
| extra_deps_lst.patch | Checkout "extra_deps.lst" from upstream/master This file is unfortunately missing from upstream release tarball. |
Mate Kukri <mate.kukri@canonical.com> | no | 2024-01-10 | ||
| upstream/acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find_tabl.patch | acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() The calculation of the size of the table was incorrect (copy/pasta from grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long. This causes us to access beyond the end of the table which is causing crashes during boot on some systems. Typically this is causing a crash on VMWare when using UEFI and enabling serial autodetection, as grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE); Will goes past the end of the table (the SPCR table doesn't exits) |
Benjamin Herrenschmidt <benh@kernel.crashing.org> | no | 2024-10-16 | ||
| install-signed.patch | Install signed images if UEFI Secure Boot is enabled | Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> | no | 2023-01-15 | ||
| grub-install-extra-removable.patch | Add support for forcing EFI installation to the removable media path Add an extra option to grub-install "--force-extra-removable". On EFI platforms, this will cause an extra copy of the grub-efi image to be written to the appropriate removable media patch /boot/efi/EFI/BOOT/BOOT$ARCH.EFI as well. This will help with broken UEFI implementations where the firmware does not work when configured with new boot paths. |
Steve McIntyre <93sam@debian.org> | invalid | debian | 2021-09-24 | |
| grub-install-removable-shim.patch | Deal with --force-extra-removable with signed shim too In this case, we need both the signed shim as /EFI/BOOT/BOOTXXX.EFI and signed Grub as /EFI/BOOT/grubXXX.efi. Also install the BOOTXXX.CSV into /EFI/debian, and FBXXX.EFI into /EFI/BOOT/ so that it can work when needed (*iff* we're updating the NVRAM). [cjwatson: Refactored also_install_removable somewhat for brevity and so that we're using consistent case-insensitive logic.] |
Steve McIntyre <93sam@debian.org> | no | debian | 2021-09-24 | |
| cve-2025-jan/misc-Implement-grub_strlcpy.patch | misc: Implement grub_strlcpy() grub_strlcpy() acts the same way as strlcpy() does on most *NIX, returning the length of src and ensuring dest is always NUL terminated except when size is 0. |
B Horn <b@horn.uk> | no | 2024-06-15 | ||
| cve-2025-jan/fs-ufs-Fix-a-heap-OOB-write.patch | fs/ufs: Fix a heap OOB write grub_strcpy() was used to copy a symlink name from the filesystem image to a heap allocated buffer. This led to a OOB write to adjacent heap allocations. Fix by using grub_strlcpy(). |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch | fs/hfs: Fix stack OOB write with grub_strcpy() Replaced with grub_strlcpy(). |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-tar-Initialize-name-in-grub_cpio_find_file.patch | fs/tar: Initialize name in grub_cpio_find_file() It was possible to iterate through grub_cpio_find_file() without allocating name and not setting mode to GRUB_ARCHELP_ATTR_END, which would cause the uninitialized value for name to be used as an argument for canonicalize() in grub_archelp_dir(). |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch | fs/tar: Integer overflow leads to heap OOB write Both namesize and linksize are derived from hd.size, a 12-digit octal number parsed by read_number(). Later direct arithmetic calculation like "namesize + 1" and "linksize + 1" may exceed the maximum value of grub_size_t leading to heap OOB write. This patch fixes the issue by using grub_add() and checking for an overflow. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/fs-f2fs-Set-a-grub_errno-if-mount-fails.patch | fs/f2fs: Set a grub_errno if mount fails It was previously possible for grub_errno to not be set when grub_f2fs_mount() failed if nat_bitmap_ptr() returned NULL. This issue is solved by ensuring a grub_errno is set in the fail case. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch | fs/hfsplus: Set a grub_errno if mount fails It was possible for mount to fail but not set grub_errno. This led to a possible double decrement of the module reference count if the NULL page was mapped. Fixing in general as a similar bug was fixed in commit 61b13c187 (fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there are likely more variants around. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-iso9660-Set-a-grub_errno-if-mount-fails.patch | fs/iso9660: Set a grub_errno if mount fails It was possible for a grub_errno to not be set if mount of an ISO 9660 filesystem failed when set_rockridge() returned 0. This isn't known to be exploitable as the other filesystems due to filesystem helper checking the requested file type. Though fixing as a precaution. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/fs-iso9660-Fix-invalid-free.patch | fs/iso9660: Fix invalid free The ctx->filename can point to either a string literal or a dynamically allocated string. The ctx->filename_alloc field is used to indicate the type of allocation. An issue has been identified where ctx->filename is reassigned to a string literal in susp_iterate_dir() but ctx->filename_alloc is not correctly handled. This oversight causes a memory leak and an invalid free operation later. The fix involves checking ctx->filename_alloc, freeing the allocated string if necessary and clearing ctx->filename_alloc for string literals. |
Michael Chang <mchang@suse.com> | no | 2024-05-31 | ||
| cve-2025-jan/fs-jfs-Fix-OOB-read-in-jfs_getent.patch | fs/jfs: Fix OOB read in jfs_getent() The JFS fuzzing revealed an OOB read in grub_jfs_getent(). The crash was caused by an invalid leaf nodes count, diro->dirpage->header.count, which was larger than the maximum number of leaf nodes allowed in an inode. This fix is to ensure that the leaf nodes count is validated in grub_jfs_opendir() before calling grub_jfs_getent(). On the occasion replace existing raw numbers with newly defined constant. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/fs-jfs-Fix-OOB-read-caused-by-invalid-dir-slot-index.patch | fs/jfs: Fix OOB read caused by invalid dir slot index While fuzz testing JFS with ASAN enabled an OOB read was detected in grub_jfs_opendir(). The issue occurred due to an invalid directory slot index in the first entry of the sorted directory slot array in the inode directory header. The fix ensures the slot index is validated before accessing it. Given that an internal or a leaf node in a directory B+ tree is a 4 KiB in size and each directory slot is always 32 bytes, the max number of slots in a node is 128. The validation ensures that the slot index doesn't exceed this limit. [1] https://jfs.sourceforge.net/project/pub/jfslayout.pdf JFS will allocate 4K of disk space for an internal node of the B+ tree. An internal node looks the same as a leaf node. - page 10 Fixed number of Directory Slots depending on the size of the node. These are the slots to be used for storing the directory slot array and the directory entries or router entries. A directory slot is always 32 bytes. ... A Directory Slot Array which is a sorted array of indices to the directory slots that are currently in use. ... An internal or a leaf node in the directory B+ tree is a 4K page. - page 25 |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/fs-jfs-Use-full-40-bits-offset-and-address-for-a-data-ext.patch | fs/jfs: Use full 40 bits offset and address for a data extent An extent's logical offset and address are represented as a 40-bit value split into two parts: the most significant 8 bits and the least significant 32 bits. Currently the JFS code uses only the least significant 32 bits value for offsets and addresses assuming the data size will never exceed the 32-bit range. This approach ignores the most significant 8 bits potentially leading to incorrect offsets and addresses for larger values. The patch fixes it by incorporating the most significant 8 bits into the calculation to get the full 40-bits value for offsets and addresses. https://jfs.sourceforge.net/project/pub/jfslayout.pdf "off1,off2 is a 40-bit field, containing the logical offset of the first block in the extent. ... addr1,addr2 is a 40-bit field, containing the address of the extent." |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-12-16 | ||
| cve-2025-jan/fs-jfs-Inconsistent-signed-unsigned-types-usage-in-return.patch | fs/jfs: Inconsistent signed/unsigned types usage in return values The getblk() returns a value of type grub_int64_t which is assigned to iagblk and inoblk, both of type grub_uint64_t, in grub_jfs_read_inode() via grub_jfs_blkno(). This patch fixes the type mismatch in the functions. Additionally, the getblk() will return 0 instead of -1 on failure cases. This change is safe because grub_errno is always set in getblk() to indicate errors and it is later checked in the callers. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-12-16 | ||
| cve-2025-jan/fs-ext2-Fix-out-of-bounds-read-for-inline-extents.patch | fs/ext2: Fix out-of-bounds read for inline extents When inline extents are used, i.e. the extent tree depth equals zero, a maximum of four entries can fit into the inode's data block. If the extent header states a number of entries greater than four the current ext2 implementation causes an out-of-bounds read. Fix this issue by capping the number of extents to four when reading inline extents. |
Michael Chang <mchang@suse.com> | no | 2024-05-31 | ||
| cve-2025-jan/fs-xfs-Fix-out-of-bounds-read.patch | fs/xfs: Fix out-of-bounds read The number of records in the root key array read from disk was not being validated against the size of the root node. This could lead to an out-of-bounds read. This patch adds a check to ensure that the number of records in the root key array does not exceed the expected size of a root node read from disk. If this check detects an out-of-bounds condition the operation is aborted to prevent random errors due to metadata corruption. |
Michael Chang <mchang@suse.com> | no | 2024-05-31 | ||
| cve-2025-jan/fs-xfs-Ensuring-failing-to-mount-sets-a-grub_errno.patch | fs/xfs: Ensuring failing to mount sets a grub_errno It was previously possible for grub_xfs_mount() to return NULL without setting grub_errno if the XFS version was invalid. This resulted in it being possible for grub_dl_unref() to be called twice allowing the XFS module to be unloaded while there were still references to it. Fixing this problem in general by ensuring a grub_errno is set if the fail label is reached. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/kern-file-Ensure-file-data-is-set.patch | kern/file: Ensure file->data is set This is to avoid a generic issue were some filesystems would not set data and also not set a grub_errno. This meant it was possible for many filesystems to grub_dl_unref() themselves multiple times resulting in it being possible to unload the filesystems while there were still references to them, e.g., via a loopback. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/kern-file-Implement-filesystem-reference-counting.patch | kern/file: Implement filesystem reference counting The grub_file_open() and grub_file_close() should be the only places that allow a reference to a filesystem to stay open. So, add grub_dl_t to grub_fs_t and set this in the GRUB_MOD_INIT() for each filesystem to avoid issues when filesystems forget to do it themselves or do not track their own references, e.g. squash4. The fs_label(), fs_uuid(), fs_mtime() and fs_read() should all ref and unref in the same function but it is essentially redundant in GRUB single threaded model. Conflicts: grub-core/fs/erofs.c |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/disk-loopback-Reference-tracking-for-the-loopback.patch | disk/loopback: Reference tracking for the loopback It was possible to delete a loopback while there were still references to it. This led to an exploitable use-after-free. Fixed by implementing a reference counting in the grub_loopback struct. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/kern-disk-Limit-recursion-depth.patch | kern/disk: Limit recursion depth The grub_disk_read() may trigger other disk reads, e.g. via loopbacks. This may lead to very deep recursion which can corrupt the heap. So, fix the issue by limiting reads depth. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/kern-partition-Limit-recursion-in-part_iterate.patch | kern/partition: Limit recursion in part_iterate() The part_iterate() is used by grub_partition_iterate() as a callback in the partition iterate functions. However, part_iterate() may also call the partition iterate functions which may lead to recursion. Fix potential issue by limiting the recursion depth. |
B Horn <b@horn.uk> | no | 2024-11-16 | ||
| cve-2025-jan/script-execute-Limit-the-recursion-depth.patch | script/execute: Limit the recursion depth If unbounded recursion is allowed it becomes possible to collide the stack with the heap. As UEFI firmware often lacks guard pages this becomes an exploitable issue as it is possible in some cases to do a controlled overwrite of a section of this heap region with arbitrary data. |
B Horn <b@horn.uk> | no | 2024-04-18 | ||
| cve-2025-jan/net-Unregister-net_default_ip-and-net_default_mac-variabl.patch | net: Unregister net_default_ip and net_default_mac variables hooks on unload The net module is a dependency of normal. So, it shouldn't be possible to unload the net. Though unregister variables hooks as a precaution. It also gets in line with unregistering the other net module hooks. |
B Horn <b@horn.uk> | no | 2024-11-28 | ||
| cve-2025-jan/net-Remove-variables-hooks-when-interface-is-unregisted.patch | net: Remove variables hooks when interface is unregisted The grub_net_network_level_interface_unregister(), previously implemented in a header, did not remove the variables hooks that were registered in grub_net_network_level_interface_register(). Fix this by implementing the same logic used to register the variables and move the function into the grub-core/net/net.c. Conflicts: grub-core/net/net.c |
B Horn <b@horn.uk> | no | 2024-11-01 | ||
| cve-2025-jan/net-Fix-OOB-write-in-grub_net_search_config_file.patch | net: Fix OOB write in grub_net_search_config_file() The function included a call to grub_strcpy() which copied data from an environment variable to a buffer allocated in grub_cmd_normal(). The grub_cmd_normal() didn't consider the length of the environment variable. So, the copy operation could exceed the allocation and lead to an OOB write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and pass the underlying buffers size to the grub_net_search_config_file(). Conflicts: grub-core/normal/main.c |
B Horn <b@horn.uk> | no | 2024-11-15 | ||
| cve-2025-jan/net-tftp-Fix-stack-buffer-overflow-in-tftp_open.patch | net/tftp: Fix stack buffer overflow in tftp_open() An overly long filename can be passed to tftp_open() which would cause grub_normalize_filename() to write out of bounds. Fixed by adding an extra argument to grub_normalize_filename() for the space available, making it act closer to a strlcpy(). As several fixed strings are strcpy()'d after into the same buffer, their total length is checked to see if they exceed the remaining space in the buffer. If so, return an error. On the occasion simplify code a bit by removing unneeded rrqlen zeroing. |
B Horn <b@horn.uk> | no | 2024-04-18 | ||
| cve-2025-jan/video-readers-jpeg-Do-not-permit-duplicate-SOF0-markers-i.patch | video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG Otherwise a subsequent header could change the height and width allowing future OOB writes. |
Daniel Axtens <dja@axtens.net> | no | 2024-03-08 | ||
| cve-2025-jan/kern-dl-Fix-for-an-integer-overflow-in-grub_dl_ref.patch | kern/dl: Fix for an integer overflow in grub_dl_ref() It was possible to overflow the value of mod->ref_count, a signed integer, by repeatedly invoking insmod on an already loaded module. This led to a use-after-free. As once ref_count was overflowed it became possible to unload the module while there was still references to it. This resolves the issue by using grub_add() to check if the ref_count will overflow and then stops further increments. Further changes were also made to grub_dl_unref() to check for the underflow condition and the reference count was changed to an unsigned 64-bit integer. |
B Horn <b@horn.uk> | no | 2024-04-18 | ||
| cve-2025-jan/kern-dl-Check-for-the-SHF_INFO_LINK-flag-in-grub_dl_reloc.patch | kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() The grub_dl_relocate_symbols() iterates through the sections in an ELF looking for relocation sections. According to the spec [1] the SHF_INFO_LINK flag should be set if the sh_info field is meant to be a section index. [1] https://refspecs.linuxbase.org/elf/gabi4+/ch4.sheader.html Conflicts: grub-core/kern/dl.c Conflicts: grub-core/kern/dl.c |
B Horn <b@horn.uk> | no | 2024-11-07 | ||
| cve-2025-jan/commands-extcmd-Missing-check-for-failed-allocation.patch | commands/extcmd: Missing check for failed allocation The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate a grub_arg_list struct but it does not verify the allocation was successful. In case of failed allocation the NULL state pointer can be accessed in parse_option() through grub_arg_parse() which may lead to a security issue. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/commands-ls-Fix-NULL-dereference.patch | commands/ls: Fix NULL dereference The grub_strrchr() may return NULL when the dirname do not contain "/". This can happen on broken filesystems. |
B Horn <b@horn.uk> | no | 2024-05-12 | ||
| cve-2025-jan/commands-pgp-Unregister-the-check_signatures-hooks-on-mod.patch | commands/pgp: Unregister the "check_signatures" hooks on module unload If the hooks are not removed they can be called after the module has been unloaded leading to an use-after-free. |
B Horn <b@horn.uk> | no | 2024-11-01 | ||
| cve-2025-jan/normal-Remove-variables-hooks-on-module-unload.patch | normal: Remove variables hooks on module unload The normal module does not entirely cleanup after itself in its GRUB_MOD_FINI() leaving a few variables hooks in place. It is not possible to unload normal module now but fix the issues for completeness. On the occasion replace 0s with NULLs for "pager" variable hooks unregister. |
B Horn <b@horn.uk> | no | 2024-11-01 | ||
| cve-2025-jan/gettext-Remove-variables-hooks-on-module-unload.patch | gettext: Remove variables hooks on module unload The gettext module does not entirely cleanup after itself in its GRUB_MOD_FINI() leaving a few variables hooks in place. It is not possible to unload gettext module because normal module depends on it. Though fix the issues for completeness. |
B Horn <b@horn.uk> | no | 2024-11-01 | ||
| cve-2025-jan/gettext-Integer-overflow-leads-to-heap-OOB-write-or-read.patch | gettext: Integer overflow leads to heap OOB write or read Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may overflow leading to subsequent OOB write or read. This patch fixes the issue by replacing grub_zalloc() and explicit multiplication with grub_calloc() which does the same thing in safe manner. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/gettext-Integer-overflow-leads-to-heap-OOB-write.patch | gettext: Integer overflow leads to heap OOB write The size calculation of the translation buffer in grub_gettext_getstr_from_position() may overflow to 0 leading to heap OOB write. This patch fixes the issue by using grub_add() and checking for an overflow. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-11-22 | ||
| cve-2025-jan/commands-read-Fix-an-integer-overflow-when-supplying-more.patch | commands/read: Fix an integer overflow when supplying more than 2^31 characters The grub_getline() function currently has a signed integer variable "i" that can be overflown when user supplies more than 2^31 characters. It results in a memory corruption of the allocated line buffer as well as supplying large negative values to grub_realloc(). |
Jonathan Bar Or <jonathanbaror@gmail.com> | no | 2025-01-23 | ||
| cve-2025-jan/commands-test-Stack-overflow-due-to-unlimited-recursion-d.patch | commands/test: Stack overflow due to unlimited recursion depth The test_parse() evaluates test expression recursively. Due to lack of recursion depth check a specially crafted expression may cause a stack overflow. The recursion is only triggered by the parentheses usage and it can be unlimited. However, sensible expressions are unlikely to contain more than a few parentheses. So, this patch limits the recursion depth to 100, which should be sufficient. |
Lidong Chen <lidong.chen@oracle.com> | no | 2024-12-16 | ||
| cve-2025-jan/commands-minicmd-Block-the-dump-command-in-lockdown-mode.patch | commands/minicmd: Block the dump command in lockdown mode The dump enables a user to read memory which should not be possible in lockdown mode. |
B Horn <b@horn.uk> | no | 2024-04-18 | ||
| cve-2025-jan/commands-memrw-Disable-memory-reading-in-lockdown-mode.patch | commands/memrw: Disable memory reading in lockdown mode With the rest of module being blocked in lockdown mode it does not make a lot of sense to leave memory reading enabled. This also goes in par with disabling the dump command. |
B Horn <b@horn.uk> | no | 2024-04-18 | ||
| cve-2025-jan/commands-hexdump-Disable-memory-reading-in-lockdown-mode.patch | commands/hexdump: Disable memory reading in lockdown mode | B Horn <b@horn.uk> | no | 2024-04-19 | ||
| cve-2025-jan/fs-bfs-Disable-under-lockdown.patch | fs/bfs: Disable under lockdown The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown. This will also disable the AFS. |
Daniel Axtens <dja@axtens.net> | no | 2024-03-23 | ||
| cve-2025-jan/fs-Disable-many-filesystems-under-lockdown.patch | fs: Disable many filesystems under lockdown The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat, hfsplus, iso9660, squash4, tar, xfs and zfs. The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were reported by Jonathan Bar Or <jonathanbaror@gmail.com>. |
Daniel Axtens <dja@axtens.net> | no | 2024-03-23 | ||
| cve-2025-jan/disk-Use-safe-math-macros-to-prevent-overflows.patch | disk: Use safe math macros to prevent overflows Replace direct arithmetic operations with macros from include/grub/safemath.h to prevent potential overflow issues when calculating the memory sizes. Conflicts: grub-core/disk/cryptodisk.c |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/disk-Prevent-overflows-when-allocating-memory-for-arrays.patch | disk: Prevent overflows when allocating memory for arrays Use grub_calloc() when allocating memory for arrays to ensure proper overflow checks are in place. Conflicts: grub-core/disk/cryptodisk.c |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/disk-Check-if-returned-pointer-for-allocated-memory-is-NU.patch | disk: Check if returned pointer for allocated memory is NULL When using grub_malloc(), grub_zalloc() or grub_calloc(), these functions can fail if we are out of memory. After allocating memory we should check if these functions returned NULL and handle this error if they did. On the occasion make a NULL check in ATA code more obvious. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/disk-ieee1275-ofdisk-Call-grub_ieee1275_close-when-grub_m.patch | disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails In the dev_iterate() function a handle is opened but isn't closed when grub_malloc() returns NULL. We should fix this by closing it on error. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/fs-Use-safe-math-macros-to-prevent-overflows.patch | fs: Use safe math macros to prevent overflows Replace direct arithmetic operations with macros from include/grub/safemath.h to prevent potential overflow issues when calculating the memory sizes. Conflicts: grub-core/fs/erofs.c |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-21 | ||
| cve-2025-jan/fs-Prevent-overflows-when-allocating-memory-for-arrays.patch | fs: Prevent overflows when allocating memory for arrays Use grub_calloc() when allocating memory for arrays to ensure proper overflow checks are in place. The HFS+ and squash4 security vulnerabilities were reported by Jonathan Bar Or <jonathanbaror@gmail.com>. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-21 | ||
| cve-2025-jan/fs-Prevent-overflows-when-assigning-returned-values-from-.patch | fs: Prevent overflows when assigning returned values from read_number() The direct assignment of the unsigned long long value returned by read_number() can potentially lead to an overflow on a 32-bit systems. The fix replaces the direct assignments with calls to grub_cast() which detects the overflows and safely assigns the values if no overflow is detected. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-21 | ||
| cve-2025-jan/fs-zfs-Use-safe-math-macros-to-prevent-overflows.patch | fs/zfs: Use safe math macros to prevent overflows Replace direct arithmetic operations with macros from include/grub/safemath.h to prevent potential overflow issues when calculating the memory sizes. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/fs-zfs-Prevent-overflows-when-allocating-memory-for-array.patch | fs/zfs: Prevent overflows when allocating memory for arrays Use grub_calloc() when allocating memory for arrays to ensure proper overflow checks are in place. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/fs-zfs-Check-if-returned-pointer-for-allocated-memory-is-.patch | fs/zfs: Check if returned pointer for allocated memory is NULL When using grub_malloc() or grub_zalloc(), these functions can fail if we are out of memory. After allocating memory we should check if these functions returned NULL and handle this error if they did. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/fs-zfs-Add-missing-NULL-check-after-grub_strdup-call.patch | fs/zfs: Add missing NULL check after grub_strdup() call | Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/net-Use-safe-math-macros-to-prevent-overflows.patch | net: Use safe math macros to prevent overflows Replace direct arithmetic operations with macros from include/grub/safemath.h to prevent potential overflow issues when calculating the memory sizes. Conflicts: grub-core/net/bootp.c grub-core/net/net.c |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/net-Prevent-overflows-when-allocating-memory-for-arrays.patch | net: Prevent overflows when allocating memory for arrays Use grub_calloc() when allocating memory for arrays to ensure proper overflow checks are in place. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/net-Check-if-returned-pointer-for-allocated-memory-is-NUL.patch | net: Check if returned pointer for allocated memory is NULL When using grub_malloc(), the function can fail if we are out of memory. After allocating memory we should check if this function returned NULL and handle this error if it did. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-22 | ||
| cve-2025-jan/fs-sfs-Check-if-allocated-memory-is-NULL.patch | fs/sfs: Check if allocated memory is NULL When using grub_zalloc(), if we are out of memory, this function can fail. After allocating memory, we should check if grub_zalloc() returns NULL. If so, we should handle this error. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-01-28 | ||
| cve-2025-jan/script-execute-Fix-potential-underflow-and-NULL-dereferen.patch | script/execute: Fix potential underflow and NULL dereference The result is initialized to 0 in grub_script_arglist_to_argv(). If the for loop condition is not met both result.args and result.argc remain 0 causing result.argc - 1 to underflow and/or result.args NULL dereference. Fix the issues by adding relevant checks. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-29 | ||
| cve-2025-jan/osdep-unix-getroot-Fix-potential-underflow.patch | osdep/unix/getroot: Fix potential underflow The entry_len is initialized in grub_find_root_devices_from_mountinfo() to 0 before the while loop iterates through /proc/self/mountinfo. If the file is empty or contains only invalid entries entry_len remains 0 causing entry_len - 1 in the subsequent for loop initialization to underflow. To prevent this add a check to ensure entry_len > 0 before entering the for loop. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-29 | ||
| cve-2025-jan/misc-Ensure-consistent-overflow-error-messages.patch | misc: Ensure consistent overflow error messages Update the overflow error messages to make them consistent across the GRUB code. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-01-21 | ||
| cve-2025-jan/bus-usb-ehci-Define-GRUB_EHCI_TOGGLE-as-grub_uint32_t.patch | bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t The Coverity indicates that GRUB_EHCI_TOGGLE is an int that contains a negative value and we are using it for the variable token which is grub_uint32_t. To remedy this we can cast the definition to grub_uint32_t. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-02-04 | ||
| cve-2025-jan/normal-menu-Use-safe-math-to-avoid-an-integer-overflow.patch | normal/menu: Use safe math to avoid an integer overflow The Coverity indicates that the variable current_entry might overflow. To prevent this use safe math when adding GRUB_MENU_PAGE_SIZE to current_entry. On the occasion fix limiting condition which was broken. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-02-04 | ||
| cve-2025-jan/kern-partition-Add-sanity-check-after-grub_strtoul-call.patch | kern/partition: Add sanity check after grub_strtoul() call The current code incorrectly assumes that both the input and the values returned by grub_strtoul() are always valid which can lead to potential errors. This fix ensures proper validation to prevent any unintended issues. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-02-06 | ||
| cve-2025-jan/kern-misc-Add-sanity-check-after-grub_strtoul-call.patch | kern/misc: Add sanity check after grub_strtoul() call When the format string, fmt0, includes a positional argument grub_strtoul() or grub_strtoull() is called to extract the argument position. However, the returned argument position isn't fully validated. If the format is something like "%0$x" then these functions return 0 which leads to an underflow in the calculation of the args index, curn. The fix is to add a check to ensure the extracted argument position is greater than 0 before computing curn. Additionally, replace one grub_strtoull() with grub_strtoul() and change curn type to make code more correct. |
Lidong Chen <lidong.chen@oracle.com> | no | 2025-02-06 | ||
| cve-2025-jan/loader-i386-linux-Cast-left-shift-to-grub_uint32_t.patch | loader/i386/linux: Cast left shift to grub_uint32_t The Coverity complains that we might overflow into a negative value when setting linux_params.kernel_alignment to (1 << align). We can remedy this by casting it to grub_uint32_t. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-02-07 | ||
| cve-2025-jan/loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch | loader/i386/bsd: Use safe math to avoid underflow The operation kern_end - kern_start may underflow when we input it into grub_relocator_alloc_chunk_addr() call. To avoid this we can use safe math for this subtraction. |
Alec Brown <alec.r.brown@oracle.com> | no | 2025-02-05 | ||
| cve-2025-jan/fs-ext2-Rework-out-of-bounds-read-for-inline-and-external.patch | fs/ext2: Rework out-of-bounds read for inline and external extents Previously, the number of extent entries was not properly capped based on the actual available space. This could lead to insufficient reads for external extents, since the computation was based solely on the inline extent layout. In this patch, when processing the extent header, we determine whether the header is stored inline (i.e., at inode->blocks.dir_blocks) or in an external extent block. We then clamp the number of entries accordingly (using max_inline_ext for inline extents and max_external_ext for external extent blocks). This change ensures that only the valid number of extent entries is processed, preventing out-of-bound reads and potential filesystem corruption. |
Michael Chang <mchang@suse.com> | no | 2025-02-21 | ||
| cve-2025-jan/fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case-of-f.patch | fs/xfs: Fix grub_xfs_iterate_dir return value in case of failure Commit ef7850c757 introduced multiple boundary checks in grub_xfs_iterate_dir() but handled the error incorrectly returning error code instead of 0. Also change the error message so that it doesn't match the message in grub_xfs_read_inode(). |
Egor Ignatov <egori@altlinux.org> | no | 2025-01-23 | ||
| cve-2025-jan/fs-xfs-Propagate-incorrect-inode-error-from-grub_xfs_read.patch | fs/xfs: Propagate incorrect inode error from grub_xfs_read_inode The incorrect inode error from grub_xfs_read_inode did not propagate because grub_print_error() resetted grub_errno, and grub_xfs_iterate_dir() did not handle it at all. |
Egor Ignatov <egori@altlinux.org> | no | 2025-01-23 | ||
| cve-2025-jan/fs-xfs-Handle-root-inode-read-failure-in-grub_xfs_mount.patch | fs/xfs: Handle root inode read failure in grub_xfs_mount | Egor Ignatov <egori@altlinux.org> | no | 2025-01-23 |
All known versions for source package 'grub2'
- 2.12-7 (trixie, sid)
- 2.12-1~bpo12+1 (bookworm-backports)
- 2.06-13+deb12u1 (bookworm-security, bookworm)
- 2.06-3~deb11u6 (bullseye, bullseye-security)
- 2.06-3~deb11u2 (bullseye-updates)