diff --git a/0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch b/0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch new file mode 100644 index 0000000..69ac171 --- /dev/null +++ b/0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch @@ -0,0 +1,80 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 16 Nov 2022 14:40:04 +0000 +Subject: [PATCH] font: Try opening fonts from the bundled memdisk + +Signed-off-by: Robbie Harwood +(cherry picked from commit b77167c407b74d27d506f866f66d5204dc3785c7) +(cherry picked from commit a316f5c36b3c2c1bf3f6c5fcba7c2897d63d79bb) +--- + grub-core/font/font.c | 48 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 31 insertions(+), 17 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index e6616e610c..e421d1ae6f 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -409,6 +409,27 @@ read_section_as_short (struct font_file_section *section, + return 0; + } + ++static grub_file_t ++try_open_from_prefix (const char *prefix, const char *filename) ++{ ++ grub_file_t file; ++ char *fullname, *ptr; ++ ++ fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1 ++ + sizeof ("/fonts/") + sizeof (".pf2")); ++ if (!fullname) ++ return 0; ++ ptr = grub_stpcpy (fullname, prefix); ++ ptr = grub_stpcpy (ptr, "/fonts/"); ++ ptr = grub_stpcpy (ptr, filename); ++ ptr = grub_stpcpy (ptr, ".pf2"); ++ *ptr = 0; ++ ++ file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024); ++ grub_free (fullname); ++ return file; ++} ++ + /* Load a font and add it to the beginning of the global font list. + Returns 0 upon success, nonzero upon failure. */ + grub_font_t +@@ -427,25 +448,18 @@ grub_font_load (const char *filename) + file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024); + else + { +- const char *prefix = grub_env_get ("prefix"); +- char *fullname, *ptr; +- if (!prefix) ++ file = try_open_from_prefix ("(memdisk)", filename); ++ if (!file) + { +- grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), +- "prefix"); +- goto fail; ++ const char *prefix = grub_env_get ("prefix"); ++ if (!prefix) ++ { ++ grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), ++ "prefix"); ++ goto fail; ++ } ++ file = try_open_from_prefix (prefix, filename); + } +- fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1 +- + sizeof ("/fonts/") + sizeof (".pf2")); +- if (!fullname) +- goto fail; +- ptr = grub_stpcpy (fullname, prefix); +- ptr = grub_stpcpy (ptr, "/fonts/"); +- ptr = grub_stpcpy (ptr, filename); +- ptr = grub_stpcpy (ptr, ".pf2"); +- *ptr = 0; +- file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024); +- grub_free (fullname); + } + if (!file) + goto fail; diff --git a/grub.macros b/grub.macros index 5863037..234892a 100644 --- a/grub.macros +++ b/grub.macros @@ -380,11 +380,16 @@ rm -f %{1}.conf \ %ifarch x86_64 aarch64 %{arm} riscv64 %define mkimage() \ +mkdir -p memdisk/fonts \ +cp %{4}/unicode.pf2 memdisk/fonts \ +mksquashfs memdisk memdisk.squashfs -comp xz \ %{4}./grub-mkimage -O %{1} -o %{2}.orig \\\ -p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \\\ + -m memdisk.squashfs \\\ --sbat %{4}./sbat.csv \ %{4}./grub-mkimage -O %{1} -o %{3}.orig \\\ -p /EFI/BOOT -d grub-core ${GRUB_MODULES} \\\ + -m memdisk.squashfs \\\ --sbat %{4}./sbat.csv \ %{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \ %{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \ @@ -517,8 +522,6 @@ install -m 700 %{3} $RPM_BUILD_ROOT%{efi_esp_dir}/%{3} \ %ifarch %{arm} \ install -D -m 700 %{2} $RPM_BUILD_ROOT%{efi_esp_boot}/BOOTARM.EFI \ %endif \ -install -D -m 700 unicode.pf2 \\\ - ${RPM_BUILD_ROOT}/boot/%{name}/fonts/unicode.pf2 \ ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\ ${RPM_BUILD_ROOT}/boot/%{name}/grubenv create \ %{expand:%%do_install_protected_file %{name}-%{package_arch}} \ @@ -616,7 +619,6 @@ ln -s ../boot/%{name}/grub.cfg \\\ %ifarch %{arm} \ %attr(0700,root,root)%{efi_esp_boot}/BOOTARM.EFI \ %endif \ -%attr(0700,root,root)/boot/%{name}/fonts \ %dir %attr(0700,root,root)/boot/loader/entries \ %ghost %config(noreplace) /boot/%{name}/grub.cfg \ %ghost %config(noreplace) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \ @@ -638,5 +640,4 @@ ln -s ../boot/%{name}/grub.cfg \\\ %{expand:%%files %{1}-cdboot} \ %defattr(-,root,root,-) \ %attr(0700,root,root)%{efi_esp_dir}/%{3} \ -%attr(0700,root,root)/boot/%{name}/fonts \ %{nil} diff --git a/grub.patches b/grub.patches index a535c34..1cfed04 100644 --- a/grub.patches +++ b/grub.patches @@ -280,3 +280,4 @@ Patch0279: 0279-font-Fix-an-integer-underflow-in-blit_comb.patch Patch0280: 0280-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch Patch0281: 0281-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch Patch0282: 0282-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch +Patch0283: 0283-font-Try-opening-fonts-from-the-bundled-memdisk.patch diff --git a/grub2.spec b/grub2.spec index 5bfef0f..e616c2e 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -46,6 +46,7 @@ BuildRequires: freetype-devel gettext-devel git BuildRequires: texinfo BuildRequires: dejavu-sans-fonts BuildRequires: help2man +BuildRequires: squashfs-tools # For %%_userunitdir macro BuildRequires: systemd %ifarch %{efi_arch} @@ -523,6 +524,11 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Tue Nov 22 2022 Robbie Harwood - 2.06-13 +- Bundle unicode.pf2 with images +- Resolves: #2143725 +- Resolves: #2144113 + * Tue Nov 15 2022 Robbie Harwood - 2.06-12 - Font fixes (CVE-2022-2601 batch)