e74d81ece2
When building GRUB with binutils 2.35.2 or later, an error occurs due to a section .note.gnu.property that is placed at an offset such that objcopy needs to pad the img file with zeros. This in turn causes the following error: "error: Decompressor is too big.". The fix accepted by upstream patches a python script that isn't executed at all when building GRUB with OpenWrt buildroot. There's another patch that patches the files generated by that python script directly, but by including it we would deviate further from upstream. Instead of doing that, simply bump to the latest release candidate. As one of the fixes for the CVEs causes grub to crash on some x86 hardware using legacy BIOS when compiled with -O2, filter -O2 and -O3 out of TARGET_CFLAGS. Fixes the following CVEs: - CVE-2020-14372 - CVE-2020-25632 - CVE-2020-25647 - CVE-2020-27749 - CVE-2020-27779 - CVE-2021-3418 - CVE-2021-20225 - CVE-2021-20233 Runtime-tested on x86/64. Fixes: FS#3790 Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
158 lines
4.6 KiB
Makefile
158 lines
4.6 KiB
Makefile
#
|
|
# Copyright (C) 2006-2015 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
PKG_NAME:=grub
|
|
PKG_CPE_ID:=cpe:/a:gnu:grub2
|
|
PKG_VERSION:=2.06~rc1
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub
|
|
PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484
|
|
|
|
HOST_BUILD_PARALLEL:=1
|
|
PKG_BUILD_DEPENDS:=grub2/host
|
|
|
|
PKG_ASLR_PIE:=0
|
|
PKG_SSP:=0
|
|
|
|
PKG_FLAGS:=nonshared
|
|
|
|
include $(INCLUDE_DIR)/host-build.mk
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/grub2/Default
|
|
CATEGORY:=Boot Loaders
|
|
SECTION:=boot
|
|
TITLE:=GRand Unified Bootloader ($(1))
|
|
URL:=http://www.gnu.org/software/grub/
|
|
DEPENDS:=@TARGET_x86
|
|
VARIANT:=$(1)
|
|
endef
|
|
|
|
Package/grub2=$(call Package/grub2/Default,pc)
|
|
Package/grub2-efi=$(call Package/grub2/Default,efi)
|
|
|
|
define Package/grub2-editenv
|
|
CATEGORY:=Utilities
|
|
SECTION:=utils
|
|
SUBMENU:=Boot Loaders
|
|
TITLE:=Grub2 Environment editor
|
|
URL:=http://www.gnu.org/software/grub/
|
|
DEPENDS:=@TARGET_x86
|
|
VARIANT:=pc
|
|
endef
|
|
|
|
define Package/grub2-editenv/description
|
|
Edit grub2 environment files.
|
|
endef
|
|
|
|
HOST_BUILD_PREFIX := $(STAGING_DIR_HOST)
|
|
|
|
CONFIGURE_VARS += \
|
|
grub_build_mkfont_excuse="don't want fonts"
|
|
|
|
CONFIGURE_ARGS += \
|
|
--target=$(REAL_GNU_TARGET_NAME) \
|
|
--disable-werror \
|
|
--disable-nls \
|
|
--disable-device-mapper \
|
|
--disable-libzfs \
|
|
--disable-grub-mkfont \
|
|
--with-platform=$(BUILD_VARIANT)
|
|
|
|
HOST_CONFIGURE_VARS += \
|
|
grub_build_mkfont_excuse="don't want fonts"
|
|
|
|
HOST_CONFIGURE_ARGS += \
|
|
--disable-grub-mkfont \
|
|
--target=$(REAL_GNU_TARGET_NAME) \
|
|
--sbindir="$(STAGING_DIR_HOST)/bin" \
|
|
--disable-werror \
|
|
--disable-libzfs \
|
|
--disable-nls \
|
|
--with-platform=none
|
|
|
|
HOST_MAKE_FLAGS += \
|
|
TARGET_RANLIB=$(TARGET_RANLIB) \
|
|
LIBLZMA=$(STAGING_DIR_HOST)/lib/liblzma.a
|
|
|
|
TARGET_CFLAGS := $(filter-out -O2 -O3 -fno-plt,$(TARGET_CFLAGS))
|
|
|
|
define Host/Configure
|
|
$(SED) 's,(RANLIB),(TARGET_RANLIB),' $(HOST_BUILD_DIR)/grub-core/Makefile.in
|
|
$(Host/Configure/Default)
|
|
endef
|
|
|
|
define Package/grub2/install
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-bios-setup $(1)/usr/sbin/
|
|
$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/grub2
|
|
$(CP) $(PKG_BUILD_DIR)/grub-core/boot.img $(STAGING_DIR_IMAGE)/grub2/
|
|
$(CP) $(PKG_BUILD_DIR)/grub-core/cdboot.img $(STAGING_DIR_IMAGE)/grub2/
|
|
sed 's#msdos1#gpt1#g' ./files/grub-early.cfg >$(PKG_BUILD_DIR)/grub-early.cfg
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O i386-pc \
|
|
-c $(PKG_BUILD_DIR)/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/gpt-core.img \
|
|
at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot serial vga
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O i386-pc \
|
|
-c ./files/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/generic-core.img \
|
|
at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O i386-pc \
|
|
-c ./files/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/eltorito.img \
|
|
at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O i386-pc \
|
|
-c ./files/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/legacy-core.img \
|
|
biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
|
|
endef
|
|
|
|
define Package/grub2-efi/install
|
|
sed 's#msdos1#gpt1#g' ./files/grub-early.cfg >$(PKG_BUILD_DIR)/grub-early.cfg
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O $(CONFIG_ARCH)-efi \
|
|
-c $(PKG_BUILD_DIR)/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/boot$(if $(CONFIG_x86_64),x64,ia32).efi \
|
|
at_keyboard boot chain configfile fat linux ls part_gpt reboot serial efi_gop efi_uga
|
|
$(STAGING_DIR_HOST)/bin/grub-mkimage \
|
|
-d $(PKG_BUILD_DIR)/grub-core \
|
|
-p /boot/grub \
|
|
-O $(CONFIG_ARCH)-efi \
|
|
-c ./files/grub-early.cfg \
|
|
-o $(STAGING_DIR_IMAGE)/grub2/iso-boot$(if $(CONFIG_x86_64),x64,ia32).efi \
|
|
at_keyboard boot chain configfile fat iso9660 linux ls part_msdos part_gpt reboot serial test efi_gop efi_uga
|
|
endef
|
|
|
|
define Package/grub2-editenv/install
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-editenv $(1)/usr/sbin/
|
|
endef
|
|
|
|
$(eval $(call HostBuild))
|
|
$(eval $(call BuildPackage,grub2))
|
|
$(eval $(call BuildPackage,grub2-efi))
|
|
$(eval $(call BuildPackage,grub2-editenv))
|