commands/usbtest: Ensure string length is sufficient in usb string processing

If descstrp->length is less than 2 this will result in underflow in "descstrp->length / 2 - 1" math. Let's fix the check to make sure the value is sufficient. Signed-off-by: Jamie <volticks@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
commands/usbtest: Use correct string length field
2026-04-28 06:33:17 +00:00 · 2025-11-18 14:34:44 +01:00 · 2025-11-18 14:34:44 +01:00 · 2025-11-18 14:34:44 +01:00 · 2025-11-18 14:34:44 +01:00 · 2025-11-18 14:34:44 +01:00
25 changed files with 237 additions and 80 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -249,8 +249,6 @@ widthspec.bin
 /pata_test
 /po/*.gmo
 /po/*.mo
-/po/*.po
-/po/LINGUAS
 /po/Makefile.in.in
 /po/Makevars
 /po/Makevars.template
@@ -283,3 +281,4 @@ widthspec.bin
 /xfs_test
 /xzcompress_test
 /zfs_test
+/zfs_zstd_test
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -914,6 +914,12 @@ script = {
  common = tests/zfs_test.in;
 };

+script = {
+  testcase = native;
+  name = zfs_zstd_test;
+  common = tests/zfs_zstd_test.in;
+};
+
 script = {
  testcase = native;
  name = cpio_test;
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1642,6 +1642,13 @@ This option is unset by default, and is deprecated in favour of the less
 confusing @samp{GRUB_TIMEOUT_STYLE=countdown} or
@samp{GRUB_TIMEOUT_STYLE=hidden}.

+@item GRUB_FORCE_EFI_ALL_VIDEO
+When set to true, this will allow grub-mkconfig to generate a GRUB config
+that supports loading the all_video module on the EFI platform instead of
+just the efi_gop and efi_uga modules.
+
+This option is unset by default.
+
@end table

 For more detailed customisation of @command{grub-mkconfig}'s output, you may
@@ -9213,6 +9220,7 @@ environment variables and commands are listed in the same order.
 * TPM2 key protector::                 Managing disk key with TPM2 key protector
 * Signing certificate and hash files:: Certificate and hash file signing
 * Signing GRUB itself::                Ensuring the integrity of the GRUB core image
+* Hardening::                          Configuration and customization to maximize security
@end menu

@node Authentication and authorisation
@@ -10057,7 +10065,8 @@ loads GRUB to verify the integrity of the core image.
 This is ultimately platform-specific and individual platforms can define their
 own mechanisms. However, there are general-purpose mechanisms that can be used
 with GRUB.
-@section Signing GRUB for UEFI secure boot
+
+@subsection Signing GRUB for UEFI secure boot
 On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed
 with a tool such as @command{pesign} or @command{sbsign}. Refer to the
 suggestions in @pxref{UEFI secure boot and shim} to ensure that the final
@@ -10065,7 +10074,7 @@ image works under UEFI secure boot and can maintain the secure-boot chain. It
 will also be necessary to enroll the public key used into a relevant firmware
 key database.

-@section Signing GRUB with an appended signature
+@subsection Signing GRUB with an appended signature
 The @file{core.elf} itself can be signed with a Linux kernel module-style
 appended signature (@pxref{Using appended signatures}).
 To support IEEE1275 platforms where the boot image is often loaded directly
@@ -10160,6 +10169,50 @@ dd if=core.elf.signed of=/dev/sda1
 As with UEFI secure boot, it is necessary to build-in the required modules,
 or sign them if they are not part of the GRUB image.

+@node Hardening
+@section Hardening
+
+Security hardening involves additional / optional configuration and
+customization steps to GRUB to maximize security. The extent to which
+hardening can be accomplished depends on the threats attempting to be
+mitigated for a given system / device, the device architecture, and number
+of GRUB features required. The following is a listing of hardening steps which
+may be considered:
+
+@itemize
+@item (EFI Only) Enable secure boot to enable lockdown mode. This will limit
+the attack surface of GRUB by limiting the commands and file systems
+supported. (@pxref{Lockdown})
+@item (EFI Only) No-Execute capability of memory segments will be configured
+by GRUB as indicated by the UEFI. This makes some classes of vulnerabilities
+more difficult to exploit by providing support for marking memory as either
+writable or executable.
+@item (EFI Only) While building GRUB, the stack protector feature may be
+enabled during the configuration step. This feature can make certain
+vulnerabilities caused by stack buffer overflows more difficult to exploit.
+This can be enabled by including the "--enable-stack-protector" flag to the
+configure script:
+@example
+# @kbd{./configure --enable-stack-protector}
+@end example
+Please reference the file @file{INSTALL} for detailed instructions on how to
+build GRUB.
+@item Minimize the installed modules included with the GRUB installation.
+For instance, if a specific file system is used for a given system, modules
+for other file systems may be excluded. @pxref{Modules} for a list of
+modules.
+@item Minimize boot sources. In the GRUB configuration, reduce the possible
+boot sources to the minimum needed for system operation. For instance, if
+booting only from an internal drive, remove support for network booting
+and booting from removable media.
+@item Disable network support in GRUB if not required. Ensure network
+interfaces are not configured in the GRUB configuration and consider
+setting environment variable @samp{feature_net_search_cfg} to @samp{n} in an
+embedded GRUB config file in order to disable attempting to use the
+network for obtaining a GRUB config file.
+@end itemize
+
+
@node Platform limitations
@chapter Platform limitations

--- a/grub-core/commands/test.c
+++ b/grub-core/commands/test.c
@@ -403,7 +403,7 @@ test_parse (char **args, int *argn, int argc, int *depth)
 	  if (++(*depth) > MAX_TEST_RECURSION_DEPTH)
 	    {
 	      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("max recursion depth exceeded"));
-	      depth--;
+	      (*depth)--;
 	      return ctx.or || ctx.and;
 	    }

--- a/grub-core/commands/usbtest.c
+++ b/grub-core/commands/usbtest.c
@@ -90,7 +90,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
 			      0x06, (3 << 8) | index,
 			      langid, descstr.length, (char *) descstrp);

-  if (descstrp->length == 0)
+  if (descstrp->length < 2)
    {
      grub_free (descstrp);
      *string = grub_strdup ("");
@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
      return GRUB_USB_ERR_NONE;
    }

-  *string = grub_malloc (descstr.length * 2 + 1);
+  *string = grub_malloc (descstrp->length * 2 + 1);
  if (! *string)
    {
      grub_free (descstrp);
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -2743,7 +2743,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
  grub_uint64_t blkid, blksz;	/* the block id this object dnode is in */
  int epbs;			/* shift of number of dnodes in a block */
  int idx;			/* index within a block */
-  void *dnbuf;
+  dnode_phys_t *dnbuf;
  grub_err_t err;
  grub_zfs_endian_t endian;

@@ -2773,7 +2773,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,

  grub_dprintf ("zfs", "endian = %d, blkid=%llx\n", mdn->endian,
 		(unsigned long long) blkid);
-  err = dmu_read (mdn, blkid, &dnbuf, &endian, data);
+  err = dmu_read (mdn, blkid, (void **) &dnbuf, &endian, data);
  if (err)
    return err;
  grub_dprintf ("zfs", "alive\n");
@@ -2795,7 +2795,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
      data->dnode_endian = endian;
    }

-  grub_memmove (&(buf->dn), (dnode_phys_t *) dnbuf + idx, DNODE_SIZE);
+  grub_memmove (&(buf->dn), dnbuf + idx, DNODE_SIZE);
  if (data->dnode_buf == 0)
 	  /* dnbuf not used anymore if data->dnode_mdn malloc failed */
 	  grub_free (dnbuf);
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
  return 0;
 }

+static grub_command_t cmd;
+
 GRUB_MOD_INIT (gettext)
 {
  const char *lang;
@@ -521,11 +523,12 @@ GRUB_MOD_INIT (gettext)
  grub_register_variable_hook ("locale_dir", NULL, read_main);
  grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);

-  grub_register_command_p1 ("gettext", grub_cmd_translate,
+  cmd = grub_register_command_p1 ("gettext", grub_cmd_translate,
 				  N_("STRING"),
-			    /* TRANSLATORS: It refers to passing the string through gettext.
-			       So it's "translate" in the same meaning as in what you're
-			       doing now.
+				  /*
+				   * TRANSLATORS: It refers to passing the string through gettext.
+				   * So it's "translate" in the same meaning as in what you're
+				   * doing now.
 				   */
 				  N_("Translates the string with the current settings."));

@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext)
  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
  grub_register_variable_hook ("lang", NULL, NULL);

+  grub_unregister_command (cmd);
+
  grub_gettext_delete_list (&main_context);
  grub_gettext_delete_list (&secondary_context);

--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -201,12 +201,12 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
 grub_err_t
 grub_file_close (grub_file_t file)
 {
-  if (file->fs->mod)
-    grub_dl_unref (file->fs->mod);
-
  if (file->fs->fs_close)
    (file->fs->fs_close) (file);

+  if (file->fs->mod)
+    grub_dl_unref (file->fs->mod);
+
  if (file->device)
    grub_device_close (file->device);
  grub_free (file->name);
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -201,6 +201,11 @@ grub_ieee1275_devalias_next (struct grub_ieee1275_devalias *alias)
 	  alias->path = 0;
 	}
      tmp = grub_strdup (alias->name);
+      if (tmp == NULL)
+        {
+          grub_ieee1275_devalias_free (alias);
+          return 0;
+        }
      if (grub_ieee1275_next_property (alias->parent_dev, tmp,
 				       alias->name) <= 0)
 	{
@@ -432,9 +437,15 @@ grub_ieee1275_parse_args (const char *path, enum grub_ieee1275_parse_type ptype)
 	  ret = grub_strdup (args);
 	else
 	  ret = grub_strndup (args, (grub_size_t)(comma - args));
-	/* Consistently provide numbered partitions to GRUB.
-	   OpenBOOT traditionally uses alphabetical partition
-	   specifiers.  */
+
+        if (ret == NULL)
+          return 0;
+
+        /*
+         * Consistently provide numbered partitions to GRUB.
+         * OpenBOOT traditionally uses alphabetical partition
+         * specifiers.
+         */
 	if (ret[0] >= 'a' && ret[0] <= 'z')
 	    ret[0] = '1' + (ret[0] - 'a');
 	grub_free (args);
--- a/grub-core/kern/mips/arc/init.c
+++ b/grub-core/kern/mips/arc/init.c
@@ -403,6 +403,9 @@ grub_machine_get_bootlocation (char **device, char **path)
      if (!syspart)
 	return;
      loaddev = grub_strdup (syspart);
+      if (loaddev == NULL)
+        return;
+
    }

  partptr = get_part (loaddev);
--- a/grub-core/mmap/mmap.c
+++ b/grub-core/mmap/mmap.c
@@ -243,7 +243,11 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
 	    {
 	      struct mm_list *n = grub_malloc (sizeof (*n));
 	      if (n == NULL)
+		{
+		  grub_free (ctx.scanline_events);
+		  grub_free (present);
 		  return grub_errno;
+		}

 	      n->val = ctx.scanline_events[i].memtype;
 	      n->present = 1;
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -2146,6 +2146,7 @@ GRUB_MOD_FINI(net)
  grub_unregister_command (cmd_deladdr);
  grub_unregister_command (cmd_addroute);
  grub_unregister_command (cmd_delroute);
+  grub_unregister_command (cmd_setvlan);
  grub_unregister_command (cmd_lsroutes);
  grub_unregister_command (cmd_lscards);
  grub_unregister_command (cmd_lsaddr);
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -510,7 +510,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)),
  return 0;
 }

-static grub_command_t cmd_clear;
+static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit;

 static void (*grub_xputs_saved) (const char *str);
 static const char *features[] = {
@@ -554,9 +554,9 @@ GRUB_MOD_INIT(normal)
  grub_env_export ("pager");

  /* Register a command "normal" for the rescue mode.  */
-  grub_register_command ("normal", grub_cmd_normal,
+  cmd_normal = grub_register_command ("normal", grub_cmd_normal,
 				      0, N_("Enter normal mode."));
-  grub_register_command ("normal_exit", grub_cmd_normal_exit,
+  cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit,
 					   0, N_("Exit from normal mode."));

  /* Reload terminal colors when these variables are written to.  */
@@ -599,4 +599,6 @@ GRUB_MOD_FINI(normal)
  grub_register_variable_hook ("color_highlight", NULL, NULL);
  grub_fs_autoload_hook = 0;
  grub_unregister_command (cmd_clear);
+  grub_unregister_command (cmd_normal);
+  grub_unregister_command (cmd_normal_exit);
 }
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -991,6 +991,8 @@ grub_util_get_raid_grub_dev (const char *os_dev)
      char *p, *q;

      p = strdup (os_dev + sizeof ("/dev/md_d") - 1);
+      if (p == NULL)
+        return NULL;

      q = strchr (p, 'p');
      if (q)
@@ -1006,6 +1008,8 @@ grub_util_get_raid_grub_dev (const char *os_dev)
      char *p, *q;

      p = strdup (os_dev + sizeof ("/dev/md/d") - 1);
+      if (p == NULL)
+        return NULL;

      q = strchr (p, 'p');
      if (q)
@@ -1019,6 +1023,8 @@ grub_util_get_raid_grub_dev (const char *os_dev)
      char *p , *q;

      p = strdup (os_dev + sizeof ("/dev/md") - 1);
+      if (p == NULL)
+        return NULL;

      q = strchr (p, 'p');
      if (q)
@@ -1032,6 +1038,8 @@ grub_util_get_raid_grub_dev (const char *os_dev)
      char *p , *q;

      p = strdup (os_dev + sizeof ("/dev/md/") - 1);
+      if (p == NULL)
+        return NULL;

      q = strchr (p, 'p');
      if (q)
@@ -1046,6 +1054,8 @@ grub_util_get_raid_grub_dev (const char *os_dev)
      char *p , *q;

      p = strdup (os_dev + sizeof ("/dev/md/") - 1);
+      if (p == NULL)
+        return NULL;

      q = strchr (p, 'p');
      if (q)
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -1015,6 +1015,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
 	{
 	  /* As a last resort, try if it is an assignment.  */
 	  char *assign = grub_strdup (cmdname);
+          if (assign == NULL)
+            return grub_errno;
+
 	  char *eq = grub_strchr (assign, '=');

 	  if (eq)
--- a/grub-core/tests/lib/functional_test.c
+++ b/grub-core/tests/lib/functional_test.c
@@ -92,17 +92,18 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)),
  return GRUB_ERR_NONE;
 }

-static grub_extcmd_t cmd;
+static grub_extcmd_t cmd, cmd_all;

 GRUB_MOD_INIT (functional_test)
 {
  cmd = grub_register_extcmd ("functional_test", grub_functional_test, 0, 0,
 			      "Run all loaded functional tests.", 0);
-  cmd = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
+  cmd_all = grub_register_extcmd ("all_functional_test", grub_functional_all_tests, 0, 0,
 				  "Run all functional tests.", 0);
 }

 GRUB_MOD_FINI (functional_test)
 {
  grub_unregister_extcmd (cmd);
+  grub_unregister_extcmd (cmd_all);
 }
--- a/linguas.sh
+++ b/linguas.sh
@@ -1,5 +1,10 @@
 #!/bin/sh

+SDIR=$(realpath -e "$0")
+SDIR=${SDIR%/*}
+
+cd "$SDIR"
+
 rsync -Lrtvz translationproject.org::tp/latest/grub/ po

 autogenerated="en@quot en@hebrew de@hebrew en@cyrillic en@greek en@arabic en@piglatin de_CH"
--- a/tests/erofs_test.in
+++ b/tests/erofs_test.in
@@ -2,14 +2,6 @@

 set -ex

-if [ "x$EUID" = "x" ] ; then
-  EUID=`id -u`
-fi
-
-if [ "$EUID" != 0 ] ; then
-   exit 99
-fi
-
 if ! which mkfs.erofs >/dev/null 2>&1; then
   echo "mkfs.erofs not installed; cannot test erofs."
   exit 77
--- a/tests/grub_cmd_cryptomount.in
+++ b/tests/grub_cmd_cryptomount.in
@@ -38,6 +38,7 @@ fi
 COMMON_OPTS='${V:+--debug=$V} --cs-opts="--pbkdf-force-iterations 1000"'

 debug=${GRUB_SHELL_DEFAULT_DEBUG:-$GRUB_TEST_DEFAULT_DEBUG}
+builddir="@builddir@"

 _testcase() {
    local EXPECTEDRES=$1
@@ -92,95 +93,94 @@ testcase_fail() { _testcase 1 "$@"; }

 ### LUKS1 tests
 eval testcase "'LUKS1 test cryptsetup defaults:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS

 eval testcase "'LUKS1 test with twofish cipher:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        "--cs-opts='--cipher twofish-xts-plain64'"

 eval testcase "'LUKS1 test key file support:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        --keyfile

 eval testcase "'LUKS1 test key file with offset:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        --keyfile --cs-opts="--keyfile-offset=237"

 eval testcase "'LUKS1 test key file with offset and size:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"

 eval testcase "'LUKS1 test detached header support:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        --detached-header

 eval testcase "'LUKS1 test both detached header and key file:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        --keyfile --detached-header

 ### LUKS2 tests (mirroring the LUKS1 tests above)
 LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2"
 eval testcase "'LUKS2 test cryptsetup defaults:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS

 eval testcase "'LUKS2 test with twofish cipher:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--cipher twofish-xts-plain64'"

 eval testcase "'LUKS2 test key file support:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        --keyfile

 eval testcase "'LUKS2 test key file with offset:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        --keyfile --cs-opts="--keyfile-offset=237"

 eval testcase "'LUKS2 test key file with offset and size:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"

 eval testcase "'LUKS2 test detached header support:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        --detached-header

 eval testcase "'LUKS2 test both detached header and key file:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        --keyfile --detached-header

 ### LUKS1 specific tests
 # Tests for xts-plain and xts-plain64 modes
 eval testcase "'LUKS1 test cryptsetup xts-plain:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        "--cs-opts='--cipher aes-xts-plain'"

 eval testcase "'LUKS1 test cryptsetup xts-plain64:'" \
-    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" --luks=1 $COMMON_OPTS \
        "--cs-opts='--cipher aes-xts-plain64'"

 ### LUKS2 specific tests
 eval testcase "'LUKS2 test with 1k sector size:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--sector-size 1024'"

 eval testcase "'LUKS2 test with 2k sector size:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--sector-size 2048'"

 eval testcase "'LUKS2 test with 4k sector size:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--sector-size 4096'"

 eval testcase "'LUKS2 test with non-default key slot:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--key-slot 5'"

 eval testcase "'LUKS2 test with different metadata size:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-opts='--luks2-metadata-size 512k'"

-# TODO: Expect a failure with LUKS2 volumes with argon2 key derivation
-eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \
-    @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+eval testcase "'LUKS2 test with argon2 pbkdf:'" \
+    "$builddir/grub-shell-luks-tester" --luks=2 $COMMON_OPTS \
        "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'"

 # Add good password to second slot and change first slot to unchecked password
@@ -192,7 +192,7 @@ cat >$csscript <<'EOF'
 EOF

 eval testcase "'LUKS2 test with second key slot and first slot using different password:'" \
-    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+    "$builddir/grub-shell-luks-tester" $LUKS2_COMMON_OPTS $COMMON_OPTS \
        "--cs-script='$csscript'"

 test -n "$debug" || rm "$csscript"
--- a/tests/util/grub-fs-tester.in
+++ b/tests/util/grub-fs-tester.in
@@ -386,9 +386,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    FSLABEL="g;/_é䏌䐓䏕䎛䎾䏴кит u"
 		    #FSLABEL="g;/_é莭莽😁кит u"
 		    ;;
-		# FS LIMITATION: reiserfs, extN, jfs and erofs label is at most 16 UTF-8 characters
-		x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"mdraid"* | x"jfs" | x"jfs_caseins" | x"erofs_"*)
+		# FS LIMITATION: reiserfs, extN, and jfs label is at most 16 UTF-8 characters
+		x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"mdraid"* | x"jfs" | x"jfs_caseins")
 		    FSLABEL="g;/éт 莭😁";;
+		# FS LIMITATION: erofs label is at most 15 UTF-8 characters
+		x"erofs_"*)
+		    FSLABEL="g;/é 莭😁";;
 		# FS LIMITATION: No underscore, space, semicolon, slash or international characters in UFS* in label. Limited to 32 UTF-8 characters
 		x"ufs1" | x"ufs1_sun" | x"ufs2")
 		    FSLABEL="grubtest""ieurrucnenreeiurueurewf";;
@@ -587,6 +590,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		# FS LIMITATION: romfs has no timestamps.
 		x"romfs")
 		    NOFILETIME=y; NOFSTIME=y;;
+		# FS LIMITATION: Compact inodes do not allow for modification
+		#   times that are different from FS creation times.
+		x"erofs_compact")
+		    NOFILETIME=y;;
 	    esac

 	    NOFSLABEL=n
@@ -596,11 +603,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    | x"minix3" | xreiserfs_old)
 		    NOFSLABEL=y;;
 		x"erofs_"*)
-		    MKFS_EROFS_VERSION=$(mkfs.erofs -V 2>/dev/null | tr ' ' '\n' | grep '^[0-9]')
+		    MKFS_EROFS_VERSION=$(mkfs.erofs 2>/dev/null | head -n 1 | (read _ V; echo $V))
 		    # check if the version is at least 1.6
-		    if [ $(sort -V <(echo "$MKFS_EROFS_VERSION") <(echo "1.6") | head -n 1) != "1.6" ]; then
+		    if [ "$(echo -e "${MKFS_EROFS_VERSION}\n1.6" | sort -V | head -n 1)" != "1.6" ]; then
 			NOFSLABEL=y
-		    fi
+			unset FSLABEL
+		    fi;;
 	    esac

 	    PDIRCOMPNUM=210
@@ -877,7 +885,11 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		xnilfs2)
 		    "mkfs.nilfs2" -L "$FSLABEL" -b $BLKSIZE  -q "${MOUNTDEVICE}" ;;
 		xext2_old)
+                    if "mkfs.ext2" -r 0 2>&1 | grep -q -F "the -r option has been removed"; then
+                        MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext2" -E revision=0 -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
+                    else
                        MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext2" -r 0 -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
+                    fi
 		    MOUNTFS=ext2
 		    ;;
 		xext4_metabg)
@@ -1490,6 +1502,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 			# With some abstractions like mdraid flushing to disk
 			# may be delayed for a long time.
 			FSTIME="$UMOUNT_TIME";;
+		    x"erofs_"*)
+			# Creating the erofs image may take more than a few
+			# seconds. Use the more accurate timestamp from the
+			# superblock.
+			FSTIME="$(dump.erofs -s "${FSIMAGEP}0.img" | grep ^"Filesystem created:" | (read _ _ REST; echo $REST) )"
+			FSTIME="$(date -d "$FSTIME" -u '+%Y-%m-%d %H:%M:%S')";;
 		    xsquash*)
 			# Creating the squash image may take more than a few
 			# seconds. Use the more accurate timestamp from the
--- a/tests/zfs_test.in
+++ b/tests/zfs_test.in
@@ -19,7 +19,6 @@ fi
 "@builddir@/grub-fs-tester" zfs_lzjb
 "@builddir@/grub-fs-tester" zfs_gzip
 "@builddir@/grub-fs-tester" zfs_zle
-"@builddir@/grub-fs-tester" zfs_zstd
 "@builddir@/grub-fs-tester" zfs_raidz3
 "@builddir@/grub-fs-tester" zfs_raidz2
 "@builddir@/grub-fs-tester" zfs_raidz
--- a/tests/zfs_zstd_test.in
+++ b/tests/zfs_zstd_test.in
@@ -0,0 +1,30 @@
+#!@BUILD_SHEBANG@
+
+set -e
+
+if [ "x$EUID" = "x" ] ; then
+  EUID=`id -u`
+fi
+
+if [ "$EUID" != 0 ] ; then
+   exit 99
+fi
+
+if ! which zpool >/dev/null 2>&1; then
+   echo "zpool not installed; cannot test zfs."
+   exit 99
+fi
+
+if ! which zfs >/dev/null 2>&1; then
+   echo "zfs not installed; cannot test zfs."
+   exit 99
+fi
+
+# If ZFS ZSTD compression is not supported (as is the case with zfs-fuse
+# for example at the time of writing) then fail early the ZSTD compression testing.
+if ! zfs get 2>&1 | grep -q "compression.*zstd"; then
+   echo "zfs zstd compression not supported; cannot test zfs zstd."
+   exit 99
+fi
+
+"@builddir@/grub-fs-tester" zfs_zstd
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -255,7 +255,8 @@ export GRUB_DEFAULT \
  GRUB_ENABLE_CRYPTODISK \
  GRUB_BADRAM \
  GRUB_OS_PROBER_SKIP_LIST \
-  GRUB_DISABLE_SUBMENU
+  GRUB_DISABLE_SUBMENU \
+  GRUB_FORCE_EFI_ALL_VIDEO

 if test "x${grub_cfg}" != "x"; then
  rm -f "${grub_cfg}.new"
--- a/util/grub-mkrescue.c
+++ b/util/grub-mkrescue.c
@@ -339,7 +339,7 @@ check_xorriso (const char *val)
  const char *argv[5];
  int fd;
  pid_t pid;
-  FILE *mdadm;
+  FILE *fout;
  char *buf = NULL;
  size_t len = 0;
  int ret = 0;
@@ -356,12 +356,12 @@ check_xorriso (const char *val)
  if (!pid)
    return 0;

-  /* Parent.  Read mdadm's output.  */
-  mdadm = fdopen (fd, "r");
-  if (! mdadm)
+  /* Parent.  Read xorriso's output.  */
+  fout = fdopen (fd, "r");
+  if (! fout)
    return 0;

-  while (getline (&buf, &len, mdadm) > 0)
+  while (getline (&buf, &len, fout) > 0)
    {
      if (grub_strstr (buf, val))
 	ret = 1;
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -124,10 +124,24 @@ if [ -n "${GRUB_VIDEO_BACKEND}" ]; then
  insmod ${GRUB_VIDEO_BACKEND}
 EOF
 else
+# For EFI, use EFI video drivers only by default to avoid conflict between
+# GRUB Bochs/Cirrus and native EFI drivers. If GRUB_FORCE_EFI_ALL_VIDEO is
+# set/true then defer back to all_video even for EFI.
+if [ "${GRUB_FORCE_EFI_ALL_VIDEO}" = "1" ]; then
+    cat <<EOF
+  if [ x\$feature_all_video_module = xy ]; then
+EOF
+else # GRUB_FORCE_EFI_ALL_VIDEO is not set true
+    cat <<EOF
+  if [ x\$grub_platform = xefi ]; then
+    insmod efi_gop
+    insmod efi_uga
+  elif [ x\$feature_all_video_module = xy ]; then
+EOF
+fi # end GRUB_FORCE_EFI_ALL_VIDEO
 # If all_video.mod isn't available load all modules available
 # with versions prior to introduction of all_video.mod
 cat <<EOF
-  if [ x\$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
Author	SHA1	Message	Date
Jamie	7debdce1e9	commands/usbtest: Ensure string length is sufficient in usb string processing If descstrp->length is less than 2 this will result in underflow in "descstrp->length / 2 - 1" math. Let's fix the check to make sure the value is sufficient. Signed-off-by: Jamie <volticks@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Jamie	549a9cc372	commands/usbtest: Use correct string length field An incorrect length field is used for buffer allocation. This leads to grub_utf16_to_utf8() receiving an incorrect/different length and possibly causing OOB write. This makes sure to use the correct length. Fixes: CVE-2025-61661 Reported-by: Jamie <volticks@gmail.com> Signed-off-by: Jamie <volticks@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Alec Brown	9df1e693e7	tests/lib/functional_test: Unregister commands on module unload When the functional_test module is loaded, both the functional_test and all_functional_test commands are registered but only the all_functional_test command is being unregistered since it was the last to set the cmd variable that gets unregistered when the module is unloaded. To unregister both commands, we need to create an additional grub_extcmd_t variable. Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Alec Brown	05d3698b8b	normal/main: Unregister commands on module unload When the normal module is loaded, the normal and normal_exit commands are registered but aren't unregistered when the module is unloaded. We need to add calls to grub_unregister_command() when unloading the module for these commands. Fixes: CVE-2025-61663 Fixes: CVE-2025-61664 Reported-by: Alec Brown <alec.r.brown@oracle.com> Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Alec Brown	8ed78fd9f0	gettext/gettext: Unregister gettext command on module unload When the gettext module is loaded, the gettext command is registered but isn't unregistered when the module is unloaded. We need to add a call to grub_unregister_command() when unloading the module. Fixes: CVE-2025-61662 Reported-by: Alec Brown <alec.r.brown@oracle.com> Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Thomas Frauendorfer \| Miray Software	10e58a14db	net/net: Unregister net_set_vlan command on unload The commit `954c48b9c` (net/net: Add net_set_vlan command) added command net_set_vlan to the net module. Unfortunately the commit only added the grub_register_command() call on module load but missed the grub_unregister_command() on unload. Let's fix this. Fixes: CVE-2025-54770 Fixes: `954c48b9c` (net/net: Add net_set_vlan command) Reported-by: Thomas Frauendorfer \| Miray Software <tf@miray.de> Signed-off-by: Thomas Frauendorfer \| Miray Software <tf@miray.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Thomas Frauendorfer \| Miray Software	c4fb4cbc94	kern/file: Call grub_dl_unref() after fs->fs_close() With commit `16f196874` (kern/file: Implement filesystem reference counting) files hold a reference to their file systems. When closing a file in grub_file_close() we should not expect file->fs to stay valid after calling grub_dl_unref() on file->fs->mod. So, grub_dl_unref() should be called after file->fs->fs_close(). Fixes: CVE-2025-54771 Fixes: `16f196874` (kern/file: Implement filesystem reference counting) Reported-by: Thomas Frauendorfer \| Miray Software <tf@miray.de> Signed-off-by: Thomas Frauendorfer \| Miray Software <tf@miray.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Thomas Frauendorfer \| Miray Software	cc9d621dd0	commands/test: Fix error in recursion depth calculation The commit `c68b7d236` (commands/test: Stack overflow due to unlimited recursion depth) added recursion depth tests to the test command. But in the error case it decrements the pointer to the depth value instead of the value itself. Fix it. Fixes: `c68b7d236` (commands/test: Stack overflow due to unlimited recursion depth) Signed-off-by: Thomas Frauendorfer \| Miray Software <tf@miray.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Alec Brown	95e614a11b	fs/zfs/zfs: Avoid pointer downcasting in dnode_get() Coverity marks multiple issues in grub-core/fs/zfs/zfs.c as either "Untrusted value as argument", "Untrusted pointer read", or "Untrusted loop bound". Each of these issues share a common cause where Coverity finds that data->dnode_buf gets tainted by dnbuf since it is downcasting from (void ) to (dnode_phys_t ) and could imply that the data the pointer points to is tainted. However, the function zio_read(), which reads this data from disk, sanitizes this data by verifying its checksum. To resolve the issues for Coverity, setting dnbuf to (dnode_phys_t *) at the start of the function dnode_get() seems to do the trick. Fixes: CID 314020 Fixes: CID 896330 Fixes: CID 896331 Fixes: CID 896334 Fixes: CID 896336 Fixes: CID 896340 Fixes: CID 897337 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Alec Brown	2464d43829	mmap/mmap: Fix resource leak In the function grub_mmap_iterate(), memory is allocated to "ctx.scanline_events" and "present" but isn't freed when error handling grub_malloc(). Prior to returning grub_errno, these variables should be freed to prevent a resource leak. Fixes: CID 96655 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:44 +01:00
Glenn Washburn	f7bcca3168	linguas: Ensure that linguas.sh runs from the directory that it resides The script assumes that it is run from the root of the source tree, which is where it is located. So this should be enforced to prevent accidental misuses. realpath is used instead of readlink as that is recommended in Debian's readlink manpage since at least Debian 11. Also, use the shell variable's parameter expansion for removing a suffix pattern to get the directory in which the script resides. This is preferable to using the dirname binary as it avoids creating a new process. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:43 +01:00
Glenn Washburn	8b5d3bdf87	gitignore: Remove po/.po and po/LINGUAS po files will now be tracked. This has the following benefits as listed by Colin Watson: Build processes would no longer be vulnerable to an external server potentially going down for an extended period of time; they'd be stuck with outdated translations until the server was fixed or came up with a workaround, but that's better than nothing. * It would be easier to manage branches of stable releases, rather than assuming that translations downloaded for master will match the POT files for a stable release. * Tests would be able to pass from a clean git checkout without relying on an external server, improving QA reliability. * It would be easier to make and test branches while offline. * The translations shipped with a release tarball could be tagged in git so that it's easy to investigate bugs in them. * Downstream distributors would be able to use git branches without having to fill in additional files. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 14:34:43 +01:00
Glenn Washburn	445549c898	tests/grub_cmd_cryptomount: Use builddir shell variable and quote Using a shell variable instead of an autoconf macro creates less changes to the file, which can be desirable when modifying by hand later and then diffing with the unexpanded file. It also makes it simpler to change the builddir after expansion, which may need to happen when moving the build dir to a different path and not being able to rerun the autoconf expansion. Also, add quoting around the builddir variable as there may be spaces in the path. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 13:08:01 +01:00
Glenn Washburn	6ae8fd0ee5	tests/grub_cmd_cryptomount: Expect test success, now that GRUB supports Argon2 This test was included to verify that, while GRUB did not have Argon2 support, trying to open a LUKS2 volume with an Argon2 keyslot would fail Now that Argon2 support is included, the test is failing because it expected a failure, but is now getting success. Change the test to expect success. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 13:07:22 +01:00
Glenn Washburn	de8961314f	tests/erofs_test: Improve accuracy of FSTIME check On resource constrained test runs, the last modification time on the image is an unreliable date to check against the filesystem creation time. Use dump.erofs to get the filesystem creation time from the superblock. This should get the timestamp as shown by GRUB's "ls -l". Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 12:49:32 +01:00
Glenn Washburn	a94d3ab7fc	tests/erofs_test: Disable filetime check for erofs_compact Compact EROFS inodes do not allow for modification times that are different from FS creation times. The file modification time check is done between the EROFS image and the file system where test temporary files are written to, not the files as seen from the mounted EROFS image. So its likely that the file modification time will be different, more so when run on slower systems. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 12:49:32 +01:00
Glenn Washburn	b6aceba7fb	tests/erofs_test: Remove root check The erofs tests do not ever mount the generated erofs image. So root is not needed, as with the squashfs and iso9660 filesystems. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 12:49:32 +01:00
Glenn Washburn	0879ff7bc6	tests/erofs_test: Fix mkfs.erofs version test to not use process substitution bashism The shell used to run the tests is generally /bin/sh, which does not support process substitution. Fixes: `b990df0bef` (tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester) Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>	2025-11-18 12:49:32 +01:00
Andrew Hamilton	e4e99a8f84	tests: Support changed mkfs.ext2 behavior for -r flag Correct nuisance ext234_test failure on newer Linux distros. Recently, the mkfs.ext2 utility removed support for the -r flag to specify old (version 0) formats of ext2. A new flag was added to allow the same behavior. Support both ways of specifying version 0 ext2 file systems when testing ext2 in GRUB. Signed-off-by: Andrew Hamilton <adhamilt@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Glenn Washburn <development@efficientek.com>	2025-11-18 12:49:32 +01:00
Andrew Hamilton	a377cd67d0	tests: Avoid test failure in erofs for label length Recently, mkfs.erofs began to enforce that the file system label is 15 characters or less (excluding NUL terminator). This causes the current erofs test in GRUB to fail. Reduce the test label used to fit in this limit allowing the test to work as expected. Signed-off-by: Andrew Hamilton <adhamilt@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Glenn Washburn <development@efficientek.com>	2025-11-18 12:49:32 +01:00
Andrew Hamilton	a04171b4d2	tests: Split ZFS ZSTD test into new file Split ZFS ZSTD test into its own test script. Add a check to the new test script to see if the zfs utility installed on the host supports "zstd" compression before running the test and fail the test if not. It seems at least some zfs-fuse binaries do not support zstd compression and the current test will fail in that case. Splitting into a new file will avoid masking other test failures due to missing zstd support. Signed-off-by: Andrew Hamilton <adhamilt@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Glenn Washburn <development@efficientek.com>	2025-11-18 12:49:32 +01:00
Andrew Hamilton	ea0b76dc4a	util/grub.d/00_header.in: Disable loading all_video for EFI Loading all_video for EFI can cause video issues in some cases since GRUB Bochs/Cirrus drivers may conflict with native EFI drivers. Change default behavior for EFI to only load EFI specific video modules. Also include a new environment variable to restore the old behavior if needed. Fixes: https://savannah.gnu.org/bugs/?66200 Signed-off-by: Andrew Hamilton <adhamilt@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Glenn Washburn	73dee610b1	util/grub-mkrescue: Fix copy/paste issue referencing mdadm The check_xorriso() function appears to have been copy/pasted from somewhere that was originally checking the mdadm command. So the file handle to the output of the xorriso command is named "mdadm". Instead rename it to the more generic "fout". Also change a comment referencing mdadm to reference xorriso. Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Avnish Chouhan	72b4c99376	osdep/linux/getroot: Add missing strdup() failure checks If strdup() fails, it returns NULL and passing NULL further down to the code can lead to segmentation fault or an undefined behavior. Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Avnish Chouhan	f8c48cbedc	kern/mips/arc/init: Add missing grub_strdup() failure check If grub_strdup() fails, it returns NULL and passing NULL further down to the code can lead to segmentation fault or an undefined behavior. Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Avnish Chouhan	9eebd67744	script/execute: Add missing grub_strdup() failure check If grub_strdup() fails, it returns NULL and passing NULL further down to the code can lead to segmentation fault or an undefined behavior. Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Avnish Chouhan	f0170c2177	kern/ieee1275/openfw: Add missing grub_strdup() failure checks If grub_strdup() fails, it returns NULL and passing NULL further down to the code can lead to segmentation fault or an undefined behavior. Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:49:31 +01:00
Andrew Hamilton	3a66437054	docs: Add security hardening suggestions Add some suggestions to the security section on maximizing the security hardening of GRUB. This change reveals sectioning issues introduced by commit `0b59d379f` (docs/grub: Document signing GRUB under UEFI) and commit `0f2dda8cf` (docs/grub: Document signing GRUB with an appended signature). Fix them on the occasion. Signed-off-by: Andrew Hamilton <adhamilt@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>	2025-11-18 12:40:02 +01:00