Bundle unicode.pf2 with images

Resolves: #2143725
Resolves: #2144113
Signed-off-by: Robbie Harwood <rharwood@redhat.com>

0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch

@@ -0,0 +1,80 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Wed, 16 Nov 2022 14:40:04 +0000
+Subject: [PATCH] font: Try opening fonts from the bundled memdisk
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit b77167c407b74d27d506f866f66d5204dc3785c7)
+(cherry picked from commit a316f5c36b3c2c1bf3f6c5fcba7c2897d63d79bb)
+---
+ grub-core/font/font.c | 48 +++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 31 insertions(+), 17 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index e6616e610c..e421d1ae6f 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -409,6 +409,27 @@ read_section_as_short (struct font_file_section *section,
+   return 0;
+ }
+ 
++static grub_file_t
++try_open_from_prefix (const char *prefix, const char *filename)
++{
++  grub_file_t file;
++  char *fullname, *ptr;
++
++  fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1
++			  + sizeof ("/fonts/") + sizeof (".pf2"));
++  if (!fullname)
++    return 0;
++  ptr = grub_stpcpy (fullname, prefix);
++  ptr = grub_stpcpy (ptr, "/fonts/");
++  ptr = grub_stpcpy (ptr, filename);
++  ptr = grub_stpcpy (ptr, ".pf2");
++  *ptr = 0;
++
++  file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024);
++  grub_free (fullname);
++  return file;
++}
++
+ /* Load a font and add it to the beginning of the global font list.
+    Returns 0 upon success, nonzero upon failure.  */
+ grub_font_t
+@@ -427,25 +448,18 @@ grub_font_load (const char *filename)
+     file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024);
+   else
+     {
+-      const char *prefix = grub_env_get ("prefix");
+-      char *fullname, *ptr;
+-      if (!prefix)
++      file = try_open_from_prefix ("(memdisk)", filename);
++      if (!file)
+ 	{
+-	  grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"),
+-		      "prefix");
+-	  goto fail;
++	  const char *prefix = grub_env_get ("prefix");
++	  if (!prefix)
++	    {
++	      grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"),
++			  "prefix");
++	      goto fail;
++	    }
++	  file = try_open_from_prefix (prefix, filename);
+ 	}
+-      fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1
+-			      + sizeof ("/fonts/") + sizeof (".pf2"));
+-      if (!fullname)
+-	goto fail;
+-      ptr = grub_stpcpy (fullname, prefix);
+-      ptr = grub_stpcpy (ptr, "/fonts/");
+-      ptr = grub_stpcpy (ptr, filename);
+-      ptr = grub_stpcpy (ptr, ".pf2");
+-      *ptr = 0;
+-      file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024);
+-      grub_free (fullname);
+     }
+   if (!file)
+     goto fail;

grub.macros

@@ -380,11 +380,16 @@ rm -f %{1}.conf							\
 
 %ifarch x86_64 aarch64 %{arm} riscv64
 %define mkimage()						\
+mkdir -p memdisk/fonts						\
+cp %{4}/unicode.pf2 memdisk/fonts				\
+mksquashfs memdisk memdisk.squashfs -comp xz			\
 %{4}./grub-mkimage -O %{1} -o %{2}.orig				\\\
 	-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES}	\\\
+	-m memdisk.squashfs					\\\
 	--sbat %{4}./sbat.csv					\
 %{4}./grub-mkimage -O %{1} -o %{3}.orig				\\\
 	-p /EFI/BOOT -d grub-core ${GRUB_MODULES}		\\\
+	-m memdisk.squashfs					\\\
 	--sbat %{4}./sbat.csv					\
 %{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
 %{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
@@ -517,8 +522,6 @@ install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3}		\
 %ifarch %{arm}							\
 install -D -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_boot}/BOOTARM.EFI \
 %endif								\
-install -D -m 700 unicode.pf2					\\\
-	${RPM_BUILD_ROOT}/boot/%{name}/fonts/unicode.pf2		\
 ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv			\\\
 		${RPM_BUILD_ROOT}/boot/%{name}/grubenv create	\
 %{expand:%%do_install_protected_file %{name}-%{package_arch}}	\
@@ -616,7 +619,6 @@ ln -s ../boot/%{name}/grub.cfg					\\\
 %ifarch %{arm}							\
 %attr(0700,root,root)%{efi_esp_boot}/BOOTARM.EFI		\
 %endif								\
-%attr(0700,root,root)/boot/%{name}/fonts			\
 %dir %attr(0700,root,root)/boot/loader/entries			\
 %ghost %config(noreplace) /boot/%{name}/grub.cfg		\
 %ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg	\
@@ -638,5 +640,4 @@ ln -s ../boot/%{name}/grub.cfg					\\\
 %{expand:%%files %{1}-cdboot}					\
 %defattr(-,root,root,-)						\
 %attr(0700,root,root)%{efi_esp_dir}/%{3}			\
-%attr(0700,root,root)/boot/%{name}/fonts			\
 %{nil}

grub.patches

@@ -280,3 +280,4 @@ Patch0279: 0279-font-Fix-an-integer-underflow-in-blit_comb.patch
 Patch0280: 0280-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
 Patch0281: 0281-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
 Patch0282: 0282-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
+Patch0283: 0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch

grub2.spec

@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	12%{?dist}
+Release:	13%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -46,6 +46,7 @@ BuildRequires:	freetype-devel gettext-devel git
 BuildRequires:	texinfo
 BuildRequires:	dejavu-sans-fonts
 BuildRequires:	help2man
+BuildRequires:	squashfs-tools
 # For %%_userunitdir macro
 BuildRequires:	systemd
 %ifarch %{efi_arch}
@@ -523,6 +524,11 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Tue Nov 22 2022 Robbie Harwood <rharwood@redhat.com> - 2.06-13
+- Bundle unicode.pf2 with images
+- Resolves: #2143725
+- Resolves: #2144113
+
 * Tue Nov 15 2022 Robbie Harwood <rharwood@redhat.com> - 2.06-12
 - Font fixes (CVE-2022-2601 batch)