diff options
Diffstat (limited to 'meta/recipes-bsp/grub/grub2.inc')
| -rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 118 |
1 files changed, 77 insertions, 41 deletions
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 0b169bfbea..bf7aba6b1c 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -8,43 +8,82 @@ standard, which allows for flexible loading of multiple boot images." HOMEPAGE = "http://www.gnu.org/software/grub/" SECTION = "bootloaders" -LICENSE = "GPLv3" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \ - file://grub-2.00-fpmath-sse-387-fix.patch \ - file://check-if-liblzma-is-disabled.patch \ - file://fix-issue-with-flex-2.5.37.patch \ - file://grub-2.00-add-oe-kernel.patch \ - file://grub-install.in.patch \ - file://remove-gets.patch \ - file://fix-endianness-problem.patch \ - file://grub2-remove-sparc64-setup-from-x86-builds.patch \ - file://grub-2.00-fix-enable_execute_stack-check.patch \ - file://grub-no-unused-result.patch \ - file://grub-efi-allow-a-compilation-without-mcmodel-large.patch \ - file://grub-efi-fix-with-glibc-2.20.patch \ - file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ - file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ - file://grub2-fix-initrd-size-bug.patch \ - file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \ - file://0001-Remove-direct-_llseek-code-and-require-long-filesyst.patch \ - file://fix-texinfo.patch \ - file://0001-grub-core-gettext-gettext.c-main_context-secondary_c.patch \ - " - -DEPENDS = "flex-native bison-native" - -SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c" -SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3" - -COMPATIBLE_HOST = '(x86_64.*|i.86.*)-(linux|freebsd.*)' - -inherit autotools gettext texinfo +CVE_PRODUCT = "grub2" + +SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ + file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \ + file://autogen.sh-exclude-pc.patch \ + file://grub-module-explicitly-keeps-symbole-.module_license.patch \ + file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ + file://determinism.patch \ + file://0001-RISC-V-Restore-the-typcast-to-long.patch \ + file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ + file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ + file://video-Remove-trailing-whitespaces.patch \ + file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ + file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ + file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ + file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ + file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ + file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ + file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ + file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ + file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ + file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ + file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ + file://loader-efi-chainloader-Simplify-the-loader-state.patch \ + file://commands-boot-Add-API-to-pass-context-to-loader.patch \ + file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ +" + +SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" + +# Applies only to RHEL +CVE_CHECK_IGNORE += "CVE-2019-14865" +# Applies only to SUSE +CVE_CHECK_IGNORE += "CVE-2021-46705" + +DEPENDS = "flex-native bison-native gettext-native" + +GRUB_COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*|riscv.*)-(linux.*|freebsd.*)' +COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}" +# Grub doesn't support hard float toolchain and won't be able to forcefully +# disable it on some of the target CPUs. See 'configure.ac' for +# supported/unsupported CPUs in hardfp. +COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" + +# configure.ac has code to set this automagically from the target tuple +# but the OE freeform one (core2-foo-bar-linux) don't work with that. + +GRUBPLATFORM:arm = "efi" +GRUBPLATFORM:aarch64 = "efi" +GRUBPLATFORM:riscv32 = "efi" +GRUBPLATFORM:riscv64 = "efi" +GRUBPLATFORM ??= "pc" + +inherit autotools gettext texinfo pkgconfig + +CFLAGS:remove = "-O2" + +EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \ + --disable-grub-mkfont \ + --program-prefix="" \ + --enable-liblzma=no \ + --enable-libzfs=no \ + --enable-largefile \ + --disable-werror \ +" PACKAGECONFIG ??= "" PACKAGECONFIG[grub-mount] = "--enable-grub-mount,--disable-grub-mount,fuse" -PACKAGECONFIG[device-mapper] = "--enable-device-mapper,--disable-device-mapper,lvm2" +PACKAGECONFIG[device-mapper] = "--enable-device-mapper,--disable-device-mapper,libdevmapper" # grub2 creates its own set of -nostdinc / -isystem / -ffreestanding CFLAGS and # OE's default BUILD_CFLAGS (assigned to CFLAGS for native builds) etc, conflict @@ -55,13 +94,10 @@ BUILD_CFLAGS = "" BUILD_CXXFLAGS = "" BUILD_LDFLAGS = "" -do_configure_prepend() { - # The grub2 configure script uses variables such as TARGET_CFLAGS etc - # for its own purposes. Remove the OE versions from the environment to - # avoid conflicts. - unset TARGET_CPPFLAGS TARGET_CFLAGS TARGET_CXXFLAGS TARGET_LDFLAGS -} +export PYTHON = "python3" -# grub and grub-efi's sysroot/${datadir}/grub/grub-mkconfig_lib are -# conflicted, remove it since no one uses it. -SYSROOT_DIRS_BLACKLIST += "${datadir}/grub/grub-mkconfig_lib" +do_configure:prepend() { + cd ${S} + FROM_BOOTSTRAP=1 ${S}/autogen.sh + cd ${B} +} |