about summary refs log tree commit diff
path: root/pkgs/tools/misc/grub
AgeCommit message (Collapse)AuthorFilesLines
2022-09-05grub2: fix initrd in menu entries for probed systemsJosé Romildo1-0/+7
Fix an issue where initrd images are separated by ^ instead of space. This was ocurring with menu entries for probed linux operating systems. See https://savannah.gnu.org/bugs/?47681
2022-07-25grub2: rename patch confusing vulnixRobin Gloster1-1/+1
2022-07-15grub2: fix build on pvgrubWilliam Johansson1-1/+1
2022-05-14grub2: separateDebugInfo = trueGuillaume Girol1-0/+2
2022-03-14trustedGrub: switch to fetchFromGitHubFelix Buehler1-16/+30
2022-02-08Merge pull request #146927 from trofi/fix-grub2-on-binutils-2.36Sandro1-0/+7
2022-01-16python,pythonPackages: make aliasesRobert Schütz1-2/+2
Since aliases are disallowed in nixpkgs, this makes usage of Python 2 which is EOL more explicit.
2021-11-30Merge master into staging-nextgithub-actions[bot]1-9/+9
2021-11-27grub2: fix buildPackage bash shebangArtturin1-2/+5
2021-11-27grub2: switch to release tarballArtturin1-8/+5
for the localization files
2021-11-21grub2_xen: pull upstream fix for binutils-2.36Sergei Trofimovich1-0/+7
Without the change linkage on binutils-2.36 fails as: ld: section .note.gnu.property VMA [0000000000400158,0000000000400187] overlaps section .bss VMA [000000000000f000,000000000041e1b7]
2021-11-14misc: Replace tab indentation with spacesVictor Engmark1-34/+34
I've tried to be consistent, using four or eight spaces to line up with existing code.
2021-09-11Merge master into staging-nextgithub-actions[bot]1-3/+12
2021-09-11trustedGrub, trustedGrub-for-HP: apply upstream fix for fresh glibcSergei Trofimovich1-3/+12
2021-08-01grub: replace name with pname&versionFelix Buehler1-3/+4
2021-07-15Merge pull request #126585 from helsinki-systems/upd/grub2ajs1241-2/+2
grub2: 2.06-rc1 -> 2.06
2021-07-13grub: latest gnulib requires autoconf 2.64gfrascadorio1-0/+4
2021-06-11grub2: 2.06-rc1 -> 2.06ajs1241-2/+2
* GCC 10 support. * clang 10 support. * SBAT support. * LUKS2 support. * Drop small MBR gap support. * Xen Security Modules (XSM/FLASK) support. * The lockdown mechanism similar to the Linux kernel one. * Disable the os-prober by default. * Many backports of GRUB distros specific patches. * BootHole and BootHole2 fixes. * XFS bigtime support. * ...and tons of other fixes and cleanups...
2021-05-04grub2: Add support for armv7l-linuxSamuel Dionne-Riel1-0/+2
2021-05-01grub2: Add support for hiddenentrySamuel Dionne-Riel1-0/+8
The iso image will use this to allow switching to the text console.
2021-05-01Merge pull request #119711 from delroth/grub2-crossSamuel Dionne-Riel1-5/+15
grub2_efi: fix cross-compilation
2021-05-01grub2_efi: fix cross-compilationPierre Bourdon1-5/+15
2021-04-25grub2: Add samueldr as maintainerSamuel Dionne-Riel1-0/+2
2021-03-23grub: 2.0.4 -> 2.0.6-rc1Martin Weinelt1-2/+2
Quoting from https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html: ******************************************************************************* CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CWE-184 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H GRUB2 enables the use of the command acpi even when Secure Boot is signaled by the firmware. An attacker with local root privileges to can drop a small SSDT in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT then gets run by the kernel and it overwrites the kernel lock down configuration enabling the attacker to load unsigned kernel modules and kexec unsigned code. Reported-by: Máté Kukri ******************************************************************************* CVE-2020-25632 grub2: Use-after-free in rmmod command CWE-416 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload a module used as dependency without checking if any other dependent module is still loaded. This leads to an use-after-free scenario possibly allowing an attacker to execute arbitrary code and by-pass Secure Boot protections. Reported-by: Chris Coulson (Canonical) ******************************************************************************* CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize() CWE-787 6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H grub_usb_device_initialize() is called to handle USB device initialization. It reads out the descriptors it needs from the USB device and uses that data to fill in some USB data structures. grub_usb_device_initialize() performs very little bounds checking and simply assumes the USB device provides sane values. This behavior can trigger memory corruption. If properly exploited, this would lead to arbitrary code execution allowing the attacker to by-pass Secure Boot mechanism. Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive) ******************************************************************************* CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline CWE-121 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H grub_parser_split_cmdline() expands variable names present in the supplied command line in to their corresponding variable contents and uses a 1kB stack buffer for temporary storage without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution. An attacker may use this to circumvent Secure Boot protections. Reported-by: Chris Coulson (Canonical) ******************************************************************************* CVE-2020-27779 grub2: The cutmem command allows privileged user to remove memory regions when Secure Boot is enabled CWE-285 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H The GRUB2's cutmem command does not honor Secure Boot locking. This allows an privileged attacker to remove address ranges from memory creating an opportunity to circumvent Secure Boot protections after proper triage about grub's memory layout. Reported-by: Teddy Reed ******************************************************************************* CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705 CWE-281 6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro specific flaw which made upstream in the mentioned version. If certificates that signed GRUB2 are installed into db, GRUB2 can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in Secure Boot mode and will implement lock down, yet it could have been tampered. This flaw only affects upstream and distributions using the shim_lock verifier. Reported-by: Dimitri John Ledkov (Canonical) ******************************************************************************* CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser CWE-787 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H The option parser in GRUB2 allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. Reported-by: Daniel Axtens (IBM) ******************************************************************************* CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of space required for quoting CWE-787 7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters. This allow an attacker to corrupt memory by one byte for each quote in the input. Reported-by: Daniel Axtens (IBM)
2021-02-17grub2: add passthru.testsRyan Burns1-0/+9
2021-02-17grub2: fix cross-compilationRyan Burns1-3/+9
* gettext is used for native binaries, not hosted libs * grub2 expects `BUILD_CC` to point to a native C compiler
2021-02-03grub2: fix grub-kbdcompMatthias Devlamynck1-0/+9
The grub-kbdcomp command was calling ckbcomp directly without patching to provide its path in the nix store.
2021-01-21grub2: Properly disable zfs by defaultmohe20151-1/+1
2021-01-16pkgs/tools: pkgconfig -> pkg-configBen Siraphob1-2/+2
2021-01-15pkgs/tools: stdenv.lib -> libBen Siraphob4-4/+4
2021-01-11treewide: with stdenv.lib; in meta -> with lib;Profpatsch4-8/+8
Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2020-08-28grub2: use python3 by defaultNathan van Doorn1-2/+2
It should work fine with either 2 or 3 (I'm pretty sure Arch uses 3, for example), and we should be aiming to move away from python 2 wherever possible
2020-04-28libusb-compat-0_1: rename from libusbJan Tojnar2-4/+4
2020-04-10treewide: Per RFC45, remove all unquoted URLsMichael Reilly3-4/+4
2020-02-23grub2: simplify gnulib usageBenno Fünfstück1-4/+1
2019-09-02Merge branch 'master' into stagingVladimír Čunát1-2/+2
2019-09-02grub2: 2.04-rc1 -> 2.04 (#67622)Andreas Wiese1-2/+2
2019-08-26treewide: remove redundant quotesvolth3-13/+13
2019-08-17treewide: name -> pnamevolth2-3/+5
2019-05-11grub: 2.02 -> 2.04-rc1volth2-43/+17
2019-02-20grub2: patch to work with updated binutilsVladimír Čunát2-15/+40
This blocked some EFI stuff and consequently the channels. I would fetchpatch, but their cgit server won't work on this commit.
2019-01-16treewide: use ${stdenv.shell} instead of /bin/sh where possiblernhmjoj2-2/+2
2018-12-22treewide: remove paxutils from stdenvJörg Thalheim2-6/+0
More then one year ago we removed grsecurity kernels from nixpkgs: https://github.com/NixOS/nixpkgs/pull/25277 This removes now also paxutils from stdenv.
2018-12-10grub: add patch for XFS sparse inode featureMarkus Kowalewski1-2/+11
xfsprogs-4.16 introduced an new on disk format feature that is not recognized properly by grub. This patch allows grub to access XFS filesystem created with xfsprogs >= 4.16. This upstream patch can be removed for grub-2.03.
2018-12-02Treewide: use HTTPS on GNU domainsc0bw3b2-2/+2
HTTP -> HTTPS for : - http://gnu.org/ - http://www.gnu.org/ - http://elpa.gnu.org/ - http://lists.gnu.org/ - http://gcc.gnu.org/ - http://ftp.gnu.org/ (except in fetchurl mirrors) - http://bugs.gnu.org/
2018-10-10grub: fetch from HTTPS instead of FTP; update meta (#48137)Benjamin Hipple1-4/+4
HTTPS is unlikely to be worse and is often better than FTP. Aside from being faster, there are many networking setups where outgoing FTP traffic is blocked.
2018-09-17grub: grub-0.97-patch-1.15 -> grub-0.97-73Samuel Dionne-Riel3-30/+112
Instead of using Gentoo's patchset, uses Debian's. Gentoo's doesn't work anymore.
2018-08-30reewide: Purge all uses `stdenv.system` and top-level `system`John Ericson3-12/+12
It is deprecated and will be removed after 18.09.
2018-08-16grub-0.97: add licenseMarkus Kowalewski1-2/+3
2018-07-21pkgs/*: remove unreferenced function argumentsvolth1-1/+1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-27 18:38:35 +0000