diff options
author | Yongxin Liu <yongxin.liu@windriver.com> | 2022-08-05 10:42:19 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-08-21 22:51:41 +0100 |
commit | d4b6ad56b707fc7a53fc424bea00383a4d4fa9f1 (patch) | |
tree | 23b07b32f92d7d7d8d353b36bc4e7fc777b095a3 /meta/recipes-bsp/grub | |
parent | 0081575ff9b3627c6d2fdee4bf88ea6cb87feb09 (diff) | |
download | poky-d4b6ad56b707fc7a53fc424bea00383a4d4fa9f1.tar.gz |
grub2: fix several CVEs
Backport CVE patches from upstream to fix:
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
Backport the following 5 patches to make CVE patches be applied smoothly.
video-Remove-trailing-whitespaces.patch
video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
(From OE-Core rev: db43401a3a4c201f02f4128fa4bac8ce993bfec0)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub')
11 files changed, 1621 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000000..7f7bb1acfe --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch | |||
@@ -0,0 +1,179 @@ | |||
1 | From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Tue, 6 Jul 2021 18:51:35 +1000 | ||
4 | Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap | ||
5 | out-of-bounds write | ||
6 | |||
7 | A 16-bit greyscale PNG without alpha is processed in the following loop: | ||
8 | |||
9 | for (i = 0; i < (data->image_width * data->image_height); | ||
10 | i++, d1 += 4, d2 += 2) | ||
11 | { | ||
12 | d1[R3] = d2[1]; | ||
13 | d1[G3] = d2[1]; | ||
14 | d1[B3] = d2[1]; | ||
15 | } | ||
16 | |||
17 | The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, | ||
18 | but there are only 3 bytes allocated for storage. This means that image | ||
19 | data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes | ||
20 | out of every 4 following the end of the image. | ||
21 | |||
22 | This has existed since greyscale support was added in 2013 in commit | ||
23 | 3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). | ||
24 | |||
25 | Saving starfield.png as a 16-bit greyscale image without alpha in the gimp | ||
26 | and attempting to load it causes grub-emu to crash - I don't think this code | ||
27 | has ever worked. | ||
28 | |||
29 | Delete all PNG greyscale support. | ||
30 | |||
31 | Fixes: CVE-2021-3695 | ||
32 | |||
33 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
34 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
35 | |||
36 | Upstream-Status: Backport | ||
37 | CVE: CVE-2021-3695 | ||
38 | |||
39 | Reference to upstream patch: | ||
40 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08 | ||
41 | |||
42 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
43 | --- | ||
44 | grub-core/video/readers/png.c | 87 +++-------------------------------- | ||
45 | 1 file changed, 7 insertions(+), 80 deletions(-) | ||
46 | |||
47 | diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c | ||
48 | index 35ae553c8..a3161e25b 100644 | ||
49 | --- a/grub-core/video/readers/png.c | ||
50 | +++ b/grub-core/video/readers/png.c | ||
51 | @@ -100,7 +100,7 @@ struct grub_png_data | ||
52 | |||
53 | unsigned image_width, image_height; | ||
54 | int bpp, is_16bit; | ||
55 | - int raw_bytes, is_gray, is_alpha, is_palette; | ||
56 | + int raw_bytes, is_alpha, is_palette; | ||
57 | int row_bytes, color_bits; | ||
58 | grub_uint8_t *image_data; | ||
59 | |||
60 | @@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) | ||
61 | data->bpp = 3; | ||
62 | else | ||
63 | { | ||
64 | - data->is_gray = 1; | ||
65 | - data->bpp = 1; | ||
66 | + return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
67 | + "png: color type not supported"); | ||
68 | } | ||
69 | |||
70 | if ((color_bits != 8) && (color_bits != 16) | ||
71 | && (color_bits != 4 | ||
72 | - || !(data->is_gray || data->is_palette))) | ||
73 | + || !data->is_palette)) | ||
74 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
75 | "png: bit depth must be 8 or 16"); | ||
76 | |||
77 | @@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) | ||
78 | } | ||
79 | |||
80 | #ifndef GRUB_CPU_WORDS_BIGENDIAN | ||
81 | - if (data->is_16bit || data->is_gray || data->is_palette) | ||
82 | + if (data->is_16bit || data->is_palette) | ||
83 | #endif | ||
84 | { | ||
85 | data->image_data = grub_calloc (data->image_height, data->row_bytes); | ||
86 | @@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) | ||
87 | int shift; | ||
88 | int mask = (1 << data->color_bits) - 1; | ||
89 | unsigned j; | ||
90 | - if (data->is_gray) | ||
91 | - { | ||
92 | - /* Generic formula is | ||
93 | - (0xff * i) / ((1U << data->color_bits) - 1) | ||
94 | - but for allowed bit depth of 1, 2 and for it's | ||
95 | - equivalent to | ||
96 | - (0xff / ((1U << data->color_bits) - 1)) * i | ||
97 | - Precompute the multipliers to avoid division. | ||
98 | - */ | ||
99 | - | ||
100 | - const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; | ||
101 | - for (i = 0; i < (1U << data->color_bits); i++) | ||
102 | - { | ||
103 | - grub_uint8_t col = multipliers[data->color_bits] * i; | ||
104 | - palette[i][0] = col; | ||
105 | - palette[i][1] = col; | ||
106 | - palette[i][2] = col; | ||
107 | - } | ||
108 | - } | ||
109 | - else | ||
110 | - grub_memcpy (palette, data->palette, 3 << data->color_bits); | ||
111 | + | ||
112 | + grub_memcpy (palette, data->palette, 3 << data->color_bits); | ||
113 | d1c = d1; | ||
114 | d2c = d2; | ||
115 | for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, | ||
116 | @@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) | ||
117 | return; | ||
118 | } | ||
119 | |||
120 | - if (data->is_gray) | ||
121 | - { | ||
122 | - switch (data->bpp) | ||
123 | - { | ||
124 | - case 4: | ||
125 | - /* 16-bit gray with alpha. */ | ||
126 | - for (i = 0; i < (data->image_width * data->image_height); | ||
127 | - i++, d1 += 4, d2 += 4) | ||
128 | - { | ||
129 | - d1[R4] = d2[3]; | ||
130 | - d1[G4] = d2[3]; | ||
131 | - d1[B4] = d2[3]; | ||
132 | - d1[A4] = d2[1]; | ||
133 | - } | ||
134 | - break; | ||
135 | - case 2: | ||
136 | - if (data->is_16bit) | ||
137 | - /* 16-bit gray without alpha. */ | ||
138 | - { | ||
139 | - for (i = 0; i < (data->image_width * data->image_height); | ||
140 | - i++, d1 += 4, d2 += 2) | ||
141 | - { | ||
142 | - d1[R3] = d2[1]; | ||
143 | - d1[G3] = d2[1]; | ||
144 | - d1[B3] = d2[1]; | ||
145 | - } | ||
146 | - } | ||
147 | - else | ||
148 | - /* 8-bit gray with alpha. */ | ||
149 | - { | ||
150 | - for (i = 0; i < (data->image_width * data->image_height); | ||
151 | - i++, d1 += 4, d2 += 2) | ||
152 | - { | ||
153 | - d1[R4] = d2[1]; | ||
154 | - d1[G4] = d2[1]; | ||
155 | - d1[B4] = d2[1]; | ||
156 | - d1[A4] = d2[0]; | ||
157 | - } | ||
158 | - } | ||
159 | - break; | ||
160 | - /* 8-bit gray without alpha. */ | ||
161 | - case 1: | ||
162 | - for (i = 0; i < (data->image_width * data->image_height); | ||
163 | - i++, d1 += 3, d2++) | ||
164 | - { | ||
165 | - d1[R3] = d2[0]; | ||
166 | - d1[G3] = d2[0]; | ||
167 | - d1[B3] = d2[0]; | ||
168 | - } | ||
169 | - break; | ||
170 | - } | ||
171 | - return; | ||
172 | - } | ||
173 | - | ||
174 | { | ||
175 | /* Only copy the upper 8 bit. */ | ||
176 | #ifndef GRUB_CPU_WORDS_BIGENDIAN | ||
177 | -- | ||
178 | 2.34.1 | ||
179 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch new file mode 100644 index 0000000000..f06514e665 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Tue, 6 Jul 2021 23:25:07 +1000 | ||
4 | Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table | ||
5 | items | ||
6 | |||
7 | In fuzzing we observed crashes where a code would attempt to be inserted | ||
8 | into a huffman table before the start, leading to a set of heap OOB reads | ||
9 | and writes as table entries with negative indices were shifted around and | ||
10 | the new code written in. | ||
11 | |||
12 | Catch the case where we would underflow the array and bail. | ||
13 | |||
14 | Fixes: CVE-2021-3696 | ||
15 | |||
16 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
17 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | CVE: CVE-2021-3696 | ||
21 | |||
22 | Reference to upstream patch: | ||
23 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042 | ||
24 | |||
25 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
26 | --- | ||
27 | grub-core/video/readers/png.c | 7 +++++++ | ||
28 | 1 file changed, 7 insertions(+) | ||
29 | |||
30 | diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c | ||
31 | index a3161e25b..d7ed5aa6c 100644 | ||
32 | --- a/grub-core/video/readers/png.c | ||
33 | +++ b/grub-core/video/readers/png.c | ||
34 | @@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) | ||
35 | for (i = len; i < ht->max_length; i++) | ||
36 | n += ht->maxval[i]; | ||
37 | |||
38 | + if (n > ht->num_values) | ||
39 | + { | ||
40 | + grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
41 | + "png: out of range inserting huffman table item"); | ||
42 | + return; | ||
43 | + } | ||
44 | + | ||
45 | for (i = 0; i < n; i++) | ||
46 | ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; | ||
47 | |||
48 | -- | ||
49 | 2.34.1 | ||
50 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch new file mode 100644 index 0000000000..e9fc52df86 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch | |||
@@ -0,0 +1,84 @@ | |||
1 | From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Wed, 7 Jul 2021 15:38:19 +1000 | ||
4 | Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write | ||
5 | |||
6 | Certain 1 px wide images caused a wild pointer write in | ||
7 | grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), | ||
8 | we have the following loop: | ||
9 | |||
10 | for (; data->r1 < nr1 && (!data->dri || rst); | ||
11 | data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) | ||
12 | |||
13 | We did not check if vb * width >= hb * nc1. | ||
14 | |||
15 | On a 64-bit platform, if that turns out to be negative, it will underflow, | ||
16 | be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so | ||
17 | we see data->bitmap_ptr jump, e.g.: | ||
18 | |||
19 | 0x6180_0000_0480 to | ||
20 | 0x6181_0000_0498 | ||
21 | ^ | ||
22 | ~--- carry has occurred and this pointer is now far away from | ||
23 | any object. | ||
24 | |||
25 | On a 32-bit platform, it will decrement the pointer, creating a pointer | ||
26 | that won't crash but will overwrite random data. | ||
27 | |||
28 | Catch the underflow and error out. | ||
29 | |||
30 | Fixes: CVE-2021-3697 | ||
31 | |||
32 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
33 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
34 | |||
35 | Upstream-Status: Backport | ||
36 | CVE: CVE-2021-3697 | ||
37 | |||
38 | Reference to upstream patch: | ||
39 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 | ||
40 | |||
41 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
42 | --- | ||
43 | grub-core/video/readers/jpeg.c | 10 +++++++++- | ||
44 | 1 file changed, 9 insertions(+), 1 deletion(-) | ||
45 | |||
46 | diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c | ||
47 | index 579bbe8a4..09596fbf5 100644 | ||
48 | --- a/grub-core/video/readers/jpeg.c | ||
49 | +++ b/grub-core/video/readers/jpeg.c | ||
50 | @@ -23,6 +23,7 @@ | ||
51 | #include <grub/mm.h> | ||
52 | #include <grub/misc.h> | ||
53 | #include <grub/bufio.h> | ||
54 | +#include <grub/safemath.h> | ||
55 | |||
56 | GRUB_MOD_LICENSE ("GPLv3+"); | ||
57 | |||
58 | @@ -699,6 +700,7 @@ static grub_err_t | ||
59 | grub_jpeg_decode_data (struct grub_jpeg_data *data) | ||
60 | { | ||
61 | unsigned c1, vb, hb, nr1, nc1; | ||
62 | + unsigned stride_a, stride_b, stride; | ||
63 | int rst = data->dri; | ||
64 | grub_err_t err = GRUB_ERR_NONE; | ||
65 | |||
66 | @@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) | ||
67 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
68 | "jpeg: attempted to decode data before start of stream"); | ||
69 | |||
70 | + if (grub_mul(vb, data->image_width, &stride_a) || | ||
71 | + grub_mul(hb, nc1, &stride_b) || | ||
72 | + grub_sub(stride_a, stride_b, &stride)) | ||
73 | + return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
74 | + "jpeg: cannot decode image with these dimensions"); | ||
75 | + | ||
76 | for (; data->r1 < nr1 && (!data->dri || rst); | ||
77 | - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) | ||
78 | + data->r1++, data->bitmap_ptr += stride * 3) | ||
79 | for (c1 = 0; c1 < nc1 && (!data->dri || rst); | ||
80 | c1++, rst--, data->bitmap_ptr += hb * 3) | ||
81 | { | ||
82 | -- | ||
83 | 2.34.1 | ||
84 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000000..8bf9090f94 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Mon, 20 Dec 2021 19:41:21 +1100 | ||
4 | Subject: [PATCH] net/ip: Do IP fragment maths safely | ||
5 | |||
6 | We can receive packets with invalid IP fragmentation information. This | ||
7 | can lead to rsm->total_len underflowing and becoming very large. | ||
8 | |||
9 | Then, in grub_netbuff_alloc(), we add to this very large number, which can | ||
10 | cause it to overflow and wrap back around to a small positive number. | ||
11 | The allocation then succeeds, but the resulting buffer is too small and | ||
12 | subsequent operations can write past the end of the buffer. | ||
13 | |||
14 | Catch the underflow here. | ||
15 | |||
16 | Fixes: CVE-2022-28733 | ||
17 | |||
18 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
19 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
20 | |||
21 | Upstream-Status: Backport | ||
22 | CVE: CVE-2022-28733 | ||
23 | |||
24 | Reference to upstream patch: | ||
25 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287 | ||
26 | |||
27 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
28 | |||
29 | --- | ||
30 | grub-core/net/ip.c | 10 +++++++++- | ||
31 | 1 file changed, 9 insertions(+), 1 deletion(-) | ||
32 | |||
33 | diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c | ||
34 | index e3d62e97f..3c3d0be0e 100644 | ||
35 | --- a/grub-core/net/ip.c | ||
36 | +++ b/grub-core/net/ip.c | ||
37 | @@ -25,6 +25,7 @@ | ||
38 | #include <grub/net/netbuff.h> | ||
39 | #include <grub/mm.h> | ||
40 | #include <grub/priority_queue.h> | ||
41 | +#include <grub/safemath.h> | ||
42 | #include <grub/time.h> | ||
43 | |||
44 | struct iphdr { | ||
45 | @@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, | ||
46 | { | ||
47 | rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) | ||
48 | + (nb->tail - nb->data)); | ||
49 | - rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); | ||
50 | + | ||
51 | + if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), | ||
52 | + &rsm->total_len)) | ||
53 | + { | ||
54 | + grub_dprintf ("net", "IP reassembly size underflow\n"); | ||
55 | + return GRUB_ERR_NONE; | ||
56 | + } | ||
57 | + | ||
58 | rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); | ||
59 | if (!rsm->asm_netbuff) | ||
60 | { | ||
61 | -- | ||
62 | 2.34.1 | ||
63 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000000..f31167d315 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Tue, 8 Mar 2022 19:04:40 +1100 | ||
4 | Subject: [PATCH] net/http: Error out on headers with LF without CR | ||
5 | |||
6 | In a similar vein to the previous patch, parse_line() would write | ||
7 | a NUL byte past the end of the buffer if there was an HTTP header | ||
8 | with a LF rather than a CRLF. | ||
9 | |||
10 | RFC-2616 says: | ||
11 | |||
12 | Many HTTP/1.1 header field values consist of words separated by LWS | ||
13 | or special characters. These special characters MUST be in a quoted | ||
14 | string to be used within a parameter value (as defined in section 3.6). | ||
15 | |||
16 | We don't support quoted sections or continuation lines, etc. | ||
17 | |||
18 | If we see an LF that's not part of a CRLF, bail out. | ||
19 | |||
20 | Fixes: CVE-2022-28734 | ||
21 | |||
22 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
23 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
24 | |||
25 | Upstream-Status: Backport | ||
26 | CVE: CVE-2022-28734 | ||
27 | |||
28 | Reference to upstream patch: | ||
29 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 | ||
30 | |||
31 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
32 | --- | ||
33 | grub-core/net/http.c | 8 ++++++++ | ||
34 | 1 file changed, 8 insertions(+) | ||
35 | |||
36 | diff --git a/grub-core/net/http.c b/grub-core/net/http.c | ||
37 | index 33a0a28c4..9291a13e2 100644 | ||
38 | --- a/grub-core/net/http.c | ||
39 | +++ b/grub-core/net/http.c | ||
40 | @@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) | ||
41 | char *end = ptr + len; | ||
42 | while (end > ptr && *(end - 1) == '\r') | ||
43 | end--; | ||
44 | + | ||
45 | + /* LF without CR. */ | ||
46 | + if (end == ptr + len) | ||
47 | + { | ||
48 | + data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); | ||
49 | + return GRUB_ERR_NONE; | ||
50 | + } | ||
51 | *end = 0; | ||
52 | + | ||
53 | /* Trailing CRLF. */ | ||
54 | if (data->in_chunk_len == 1) | ||
55 | { | ||
56 | -- | ||
57 | 2.34.1 | ||
58 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000000..e0ca1eec44 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Tue, 8 Mar 2022 18:17:03 +1100 | ||
4 | Subject: [PATCH] net/http: Fix OOB write for split http headers | ||
5 | |||
6 | GRUB has special code for handling an http header that is split | ||
7 | across two packets. | ||
8 | |||
9 | The code tracks the end of line by looking for a "\n" byte. The | ||
10 | code for split headers has always advanced the pointer just past the | ||
11 | end of the line, whereas the code that handles unsplit headers does | ||
12 | not advance the pointer. This extra advance causes the length to be | ||
13 | one greater, which breaks an assumption in parse_line(), leading to | ||
14 | it writing a NUL byte one byte past the end of the buffer where we | ||
15 | reconstruct the line from the two packets. | ||
16 | |||
17 | It's conceivable that an attacker controlled set of packets could | ||
18 | cause this to zero out the first byte of the "next" pointer of the | ||
19 | grub_mm_region structure following the current_line buffer. | ||
20 | |||
21 | Do not advance the pointer in the split header case. | ||
22 | |||
23 | Fixes: CVE-2022-28734 | ||
24 | |||
25 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
26 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
27 | |||
28 | Upstream-Status: Backport | ||
29 | CVE: CVE-2022-28734 | ||
30 | |||
31 | Reference to upstream patch: | ||
32 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b | ||
33 | |||
34 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
35 | --- | ||
36 | grub-core/net/http.c | 4 +--- | ||
37 | 1 file changed, 1 insertion(+), 3 deletions(-) | ||
38 | |||
39 | diff --git a/grub-core/net/http.c b/grub-core/net/http.c | ||
40 | index f8d7bf0cd..33a0a28c4 100644 | ||
41 | --- a/grub-core/net/http.c | ||
42 | +++ b/grub-core/net/http.c | ||
43 | @@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), | ||
44 | int have_line = 1; | ||
45 | char *t; | ||
46 | ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); | ||
47 | - if (ptr) | ||
48 | - ptr++; | ||
49 | - else | ||
50 | + if (ptr == NULL) | ||
51 | { | ||
52 | have_line = 0; | ||
53 | ptr = (char *) nb->tail; | ||
54 | -- | ||
55 | 2.34.1 | ||
56 | |||
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch new file mode 100644 index 0000000000..7a59f10bfb --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch | |||
@@ -0,0 +1,111 @@ | |||
1 | From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001 | ||
2 | From: Julian Andres Klode <julian.klode@canonical.com> | ||
3 | Date: Thu, 2 Dec 2021 15:03:53 +0100 | ||
4 | Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock | ||
5 | verifier | ||
6 | |||
7 | We must not allow other verifiers to pass things like the GRUB modules. | ||
8 | Instead of maintaining a blocklist, maintain an allowlist of things | ||
9 | that we do not care about. | ||
10 | |||
11 | This allowlist really should be made reusable, and shared by the | ||
12 | lockdown verifier, but this is the minimal patch addressing | ||
13 | security concerns where the TPM verifier was able to mark modules | ||
14 | as verified (or the OpenPGP verifier for that matter), when it | ||
15 | should not do so on shim-powered secure boot systems. | ||
16 | |||
17 | Fixes: CVE-2022-28735 | ||
18 | |||
19 | Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> | ||
20 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
21 | |||
22 | Upstream-Status: Backport | ||
23 | CVE:CVE-2022-28735 | ||
24 | |||
25 | Reference to upstream patch: | ||
26 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53 | ||
27 | |||
28 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
29 | --- | ||
30 | grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- | ||
31 | include/grub/verify.h | 1 + | ||
32 | 2 files changed, 37 insertions(+), 3 deletions(-) | ||
33 | |||
34 | diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c | ||
35 | index c52ec6226..89c4bb3fd 100644 | ||
36 | --- a/grub-core/kern/efi/sb.c | ||
37 | +++ b/grub-core/kern/efi/sb.c | ||
38 | @@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), | ||
39 | void **context __attribute__ ((unused)), | ||
40 | enum grub_verify_flags *flags) | ||
41 | { | ||
42 | - *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; | ||
43 | + *flags = GRUB_VERIFY_FLAGS_NONE; | ||
44 | |||
45 | switch (type & GRUB_FILE_TYPE_MASK) | ||
46 | { | ||
47 | + /* Files we check. */ | ||
48 | case GRUB_FILE_TYPE_LINUX_KERNEL: | ||
49 | case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: | ||
50 | case GRUB_FILE_TYPE_BSD_KERNEL: | ||
51 | @@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), | ||
52 | case GRUB_FILE_TYPE_PLAN9_KERNEL: | ||
53 | case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: | ||
54 | *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; | ||
55 | + return GRUB_ERR_NONE; | ||
56 | |||
57 | - /* Fall through. */ | ||
58 | + /* Files that do not affect secureboot state. */ | ||
59 | + case GRUB_FILE_TYPE_NONE: | ||
60 | + case GRUB_FILE_TYPE_LOOPBACK: | ||
61 | + case GRUB_FILE_TYPE_LINUX_INITRD: | ||
62 | + case GRUB_FILE_TYPE_OPENBSD_RAMDISK: | ||
63 | + case GRUB_FILE_TYPE_XNU_RAMDISK: | ||
64 | + case GRUB_FILE_TYPE_SIGNATURE: | ||
65 | + case GRUB_FILE_TYPE_PUBLIC_KEY: | ||
66 | + case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: | ||
67 | + case GRUB_FILE_TYPE_PRINT_BLOCKLIST: | ||
68 | + case GRUB_FILE_TYPE_TESTLOAD: | ||
69 | + case GRUB_FILE_TYPE_GET_SIZE: | ||
70 | + case GRUB_FILE_TYPE_FONT: | ||
71 | + case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: | ||
72 | + case GRUB_FILE_TYPE_CAT: | ||
73 | + case GRUB_FILE_TYPE_HEXCAT: | ||
74 | + case GRUB_FILE_TYPE_CMP: | ||
75 | + case GRUB_FILE_TYPE_HASHLIST: | ||
76 | + case GRUB_FILE_TYPE_TO_HASH: | ||
77 | + case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: | ||
78 | + case GRUB_FILE_TYPE_PIXMAP: | ||
79 | + case GRUB_FILE_TYPE_GRUB_MODULE_LIST: | ||
80 | + case GRUB_FILE_TYPE_CONFIG: | ||
81 | + case GRUB_FILE_TYPE_THEME: | ||
82 | + case GRUB_FILE_TYPE_GETTEXT_CATALOG: | ||
83 | + case GRUB_FILE_TYPE_FS_SEARCH: | ||
84 | + case GRUB_FILE_TYPE_LOADENV: | ||
85 | + case GRUB_FILE_TYPE_SAVEENV: | ||
86 | + case GRUB_FILE_TYPE_VERIFY_SIGNATURE: | ||
87 | + *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; | ||
88 | + return GRUB_ERR_NONE; | ||
89 | |||
90 | + /* Other files. */ | ||
91 | default: | ||
92 | - return GRUB_ERR_NONE; | ||
93 | + return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); | ||
94 | } | ||
95 | } | ||
96 | |||
97 | diff --git a/include/grub/verify.h b/include/grub/verify.h | ||
98 | index cd129c398..672ae1692 100644 | ||
99 | --- a/include/grub/verify.h | ||
100 | +++ b/include/grub/verify.h | ||
101 | @@ -24,6 +24,7 @@ | ||
102 | |||
103 | enum grub_verify_flags | ||
104 | { | ||
105 | + GRUB_VERIFY_FLAGS_NONE = 0, | ||
106 | GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, | ||
107 | GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, | ||
108 | /* Defer verification to another authority. */ | ||
109 | -- | ||
110 | 2.34.1 | ||
111 | |||
diff --git a/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch new file mode 100644 index 0000000000..2db9bcbbc5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch | |||
@@ -0,0 +1,693 @@ | |||
1 | From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001 | ||
2 | From: Elyes Haouas <ehaouas@noos.fr> | ||
3 | Date: Fri, 4 Mar 2022 07:42:13 +0100 | ||
4 | Subject: [PATCH] video: Remove trailing whitespaces | ||
5 | |||
6 | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> | ||
7 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | Reference to upstream patch: | ||
12 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a | ||
13 | |||
14 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
15 | --- | ||
16 | grub-core/video/bochs.c | 2 +- | ||
17 | grub-core/video/capture.c | 2 +- | ||
18 | grub-core/video/cirrus.c | 4 ++-- | ||
19 | grub-core/video/coreboot/cbfb.c | 2 +- | ||
20 | grub-core/video/efi_gop.c | 22 +++++++++---------- | ||
21 | grub-core/video/fb/fbblit.c | 8 +++---- | ||
22 | grub-core/video/fb/video_fb.c | 10 ++++----- | ||
23 | grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- | ||
24 | grub-core/video/i386/pc/vga.c | 6 ++--- | ||
25 | grub-core/video/ieee1275.c | 4 ++-- | ||
26 | grub-core/video/radeon_fuloong2e.c | 6 ++--- | ||
27 | grub-core/video/radeon_yeeloong3a.c | 6 ++--- | ||
28 | grub-core/video/readers/png.c | 2 +- | ||
29 | grub-core/video/readers/tga.c | 2 +- | ||
30 | grub-core/video/sis315_init.c | 2 +- | ||
31 | grub-core/video/sis315pro.c | 8 +++---- | ||
32 | grub-core/video/sm712.c | 10 ++++----- | ||
33 | grub-core/video/video.c | 8 +++---- | ||
34 | 18 files changed, 69 insertions(+), 69 deletions(-) | ||
35 | |||
36 | diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c | ||
37 | index 30ea1bd82..edc651697 100644 | ||
38 | --- a/grub-core/video/bochs.c | ||
39 | +++ b/grub-core/video/bochs.c | ||
40 | @@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) | ||
41 | |||
42 | if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) | ||
43 | return 0; | ||
44 | - | ||
45 | + | ||
46 | addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); | ||
47 | framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; | ||
48 | if (!framebuffer.base) | ||
49 | diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c | ||
50 | index 4d3195e01..c653d89f9 100644 | ||
51 | --- a/grub-core/video/capture.c | ||
52 | +++ b/grub-core/video/capture.c | ||
53 | @@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, | ||
54 | framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); | ||
55 | if (!framebuffer.ptr) | ||
56 | return grub_errno; | ||
57 | - | ||
58 | + | ||
59 | err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, | ||
60 | &framebuffer.mode_info, | ||
61 | framebuffer.ptr); | ||
62 | diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c | ||
63 | index e2149e8ce..f5542ccdc 100644 | ||
64 | --- a/grub-core/video/cirrus.c | ||
65 | +++ b/grub-core/video/cirrus.c | ||
66 | @@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, | ||
67 | grub_uint8_t sr_ext = 0, hidden_dac = 0; | ||
68 | |||
69 | grub_vga_set_geometry (&config, grub_vga_cr_write); | ||
70 | - | ||
71 | + | ||
72 | grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, | ||
73 | GRUB_VGA_GR_MODE); | ||
74 | grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); | ||
75 | - | ||
76 | + | ||
77 | grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); | ||
78 | |||
79 | grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) | ||
80 | diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c | ||
81 | index 9af81fa5b..986003c51 100644 | ||
82 | --- a/grub-core/video/coreboot/cbfb.c | ||
83 | +++ b/grub-core/video/coreboot/cbfb.c | ||
84 | @@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, | ||
85 | |||
86 | grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, | ||
87 | grub_video_fbstd_colors); | ||
88 | - | ||
89 | + | ||
90 | return err; | ||
91 | } | ||
92 | |||
93 | diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c | ||
94 | index b7590dc6c..7a5054631 100644 | ||
95 | --- a/grub-core/video/efi_gop.c | ||
96 | +++ b/grub-core/video/efi_gop.c | ||
97 | @@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo | ||
98 | grub_efi_status_t status; | ||
99 | struct grub_efi_gop_mode_info *info = NULL; | ||
100 | struct grub_video_mode_info mode_info; | ||
101 | - | ||
102 | + | ||
103 | status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); | ||
104 | |||
105 | if (status) | ||
106 | @@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
107 | found = 1; | ||
108 | } | ||
109 | } | ||
110 | - | ||
111 | + | ||
112 | if (!found) | ||
113 | { | ||
114 | unsigned mode; | ||
115 | @@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
116 | { | ||
117 | grub_efi_uintn_t size; | ||
118 | grub_efi_status_t status; | ||
119 | - | ||
120 | + | ||
121 | status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); | ||
122 | if (status) | ||
123 | { | ||
124 | @@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
125 | framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; | ||
126 | framebuffer.offscreen | ||
127 | = grub_malloc (framebuffer.mode_info.height | ||
128 | - * framebuffer.mode_info.width | ||
129 | + * framebuffer.mode_info.width | ||
130 | * sizeof (struct grub_efi_gop_blt_pixel)); | ||
131 | |||
132 | buffer = framebuffer.offscreen; | ||
133 | - | ||
134 | + | ||
135 | if (!buffer) | ||
136 | { | ||
137 | grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); | ||
138 | @@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
139 | &framebuffer.mode_info); | ||
140 | buffer = framebuffer.ptr; | ||
141 | } | ||
142 | - | ||
143 | + | ||
144 | grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", | ||
145 | framebuffer.ptr, framebuffer.mode_info.width, | ||
146 | framebuffer.mode_info.height, framebuffer.mode_info.bpp); | ||
147 | - | ||
148 | + | ||
149 | err = grub_video_fb_create_render_target_from_pointer | ||
150 | (&framebuffer.render_target, &framebuffer.mode_info, buffer); | ||
151 | |||
152 | @@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
153 | grub_dprintf ("video", "GOP: Couldn't create FB target\n"); | ||
154 | return err; | ||
155 | } | ||
156 | - | ||
157 | + | ||
158 | err = grub_video_fb_set_active_render_target (framebuffer.render_target); | ||
159 | - | ||
160 | + | ||
161 | if (err) | ||
162 | { | ||
163 | grub_dprintf ("video", "GOP: Couldn't set FB target\n"); | ||
164 | return err; | ||
165 | } | ||
166 | - | ||
167 | + | ||
168 | err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, | ||
169 | grub_video_fbstd_colors); | ||
170 | |||
171 | @@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, | ||
172 | grub_dprintf ("video", "GOP: Couldn't set palette\n"); | ||
173 | else | ||
174 | grub_dprintf ("video", "GOP: Success\n"); | ||
175 | - | ||
176 | + | ||
177 | return err; | ||
178 | } | ||
179 | |||
180 | diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c | ||
181 | index d55924837..1010ef393 100644 | ||
182 | --- a/grub-core/video/fb/fbblit.c | ||
183 | +++ b/grub-core/video/fb/fbblit.c | ||
184 | @@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, | ||
185 | for (i = 0; i < width; i++) | ||
186 | { | ||
187 | register grub_uint32_t col; | ||
188 | - if (*srcptr == 0xf0) | ||
189 | + if (*srcptr == 0xf0) | ||
190 | col = palette[16]; | ||
191 | else | ||
192 | col = palette[*srcptr & 0xf]; | ||
193 | @@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, | ||
194 | *dstptr++ = col >> 0; | ||
195 | *dstptr++ = col >> 8; | ||
196 | *dstptr++ = col >> 16; | ||
197 | -#endif | ||
198 | +#endif | ||
199 | srcptr++; | ||
200 | } | ||
201 | |||
202 | @@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, | ||
203 | for (i = 0; i < width; i++) | ||
204 | { | ||
205 | register grub_uint32_t col; | ||
206 | - if (*srcptr != 0xf0) | ||
207 | + if (*srcptr != 0xf0) | ||
208 | { | ||
209 | col = palette[*srcptr & 0xf]; | ||
210 | #ifdef GRUB_CPU_WORDS_BIGENDIAN | ||
211 | @@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, | ||
212 | *dstptr++ = col >> 0; | ||
213 | *dstptr++ = col >> 8; | ||
214 | *dstptr++ = col >> 16; | ||
215 | -#endif | ||
216 | +#endif | ||
217 | } | ||
218 | else | ||
219 | dstptr += 3; | ||
220 | diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c | ||
221 | index ae6b89f9a..fa4ebde26 100644 | ||
222 | --- a/grub-core/video/fb/video_fb.c | ||
223 | +++ b/grub-core/video/fb/video_fb.c | ||
224 | @@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, | ||
225 | *alpha = 0; | ||
226 | return; | ||
227 | } | ||
228 | - | ||
229 | + | ||
230 | /* If we have an out-of-bounds color, return transparent black. */ | ||
231 | if (color > 255) | ||
232 | { | ||
233 | @@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) | ||
234 | /* If everything is aligned on 32-bit use 32-bit copy. */ | ||
235 | if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) | ||
236 | % sizeof (grub_uint32_t) == 0 | ||
237 | - && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) | ||
238 | + && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) | ||
239 | % sizeof (grub_uint32_t) == 0 | ||
240 | && linelen % sizeof (grub_uint32_t) == 0 | ||
241 | && linedelta % sizeof (grub_uint32_t) == 0) | ||
242 | @@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) | ||
243 | else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) | ||
244 | % sizeof (grub_uint16_t) == 0 | ||
245 | && (grub_addr_t) grub_video_fb_get_video_ptr (&target, | ||
246 | - dst_x, dst_y) | ||
247 | + dst_x, dst_y) | ||
248 | % sizeof (grub_uint16_t) == 0 | ||
249 | && linelen % sizeof (grub_uint16_t) == 0 | ||
250 | && linedelta % sizeof (grub_uint16_t) == 0) | ||
251 | @@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) | ||
252 | { | ||
253 | grub_uint8_t *src, *dst; | ||
254 | DO_SCROLL | ||
255 | - } | ||
256 | + } | ||
257 | } | ||
258 | |||
259 | /* 4. Fill empty space with specified color. In this implementation | ||
260 | @@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, | ||
261 | framebuffer.render_target = framebuffer.back_target; | ||
262 | return GRUB_ERR_NONE; | ||
263 | } | ||
264 | - | ||
265 | + | ||
266 | mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED | ||
267 | | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); | ||
268 | |||
269 | diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c | ||
270 | index b7f911926..0e65b5206 100644 | ||
271 | --- a/grub-core/video/i386/pc/vbe.c | ||
272 | +++ b/grub-core/video/i386/pc/vbe.c | ||
273 | @@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) | ||
274 | } | ||
275 | |||
276 | /* Call VESA BIOS 0x4f09 to set palette data, return status. */ | ||
277 | -static grub_vbe_status_t | ||
278 | +static grub_vbe_status_t | ||
279 | grub_vbe_bios_set_palette_data (grub_uint32_t color_count, | ||
280 | grub_uint32_t start_index, | ||
281 | struct grub_vbe_palette_data *palette_data) | ||
282 | @@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, | ||
283 | } | ||
284 | |||
285 | /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ | ||
286 | -grub_vbe_status_t | ||
287 | +grub_vbe_status_t | ||
288 | grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) | ||
289 | { | ||
290 | struct grub_bios_int_registers regs; | ||
291 | @@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) | ||
292 | } | ||
293 | |||
294 | /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ | ||
295 | -grub_vbe_status_t | ||
296 | +grub_vbe_status_t | ||
297 | grub_vbe_bios_get_mode_info (grub_uint32_t mode, | ||
298 | struct grub_vbe_mode_info_block *mode_info) | ||
299 | { | ||
300 | @@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, | ||
301 | } | ||
302 | |||
303 | /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ | ||
304 | -grub_vbe_status_t | ||
305 | +grub_vbe_status_t | ||
306 | grub_vbe_bios_get_mode (grub_uint32_t *mode) | ||
307 | { | ||
308 | struct grub_bios_int_registers regs; | ||
309 | @@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) | ||
310 | return regs.eax & 0xffff; | ||
311 | } | ||
312 | |||
313 | -grub_vbe_status_t | ||
314 | +grub_vbe_status_t | ||
315 | grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) | ||
316 | { | ||
317 | struct grub_bios_int_registers regs; | ||
318 | @@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, | ||
319 | } | ||
320 | |||
321 | /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ | ||
322 | -grub_vbe_status_t | ||
323 | +grub_vbe_status_t | ||
324 | grub_vbe_bios_set_scanline_length (grub_uint32_t length) | ||
325 | { | ||
326 | struct grub_bios_int_registers regs; | ||
327 | @@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) | ||
328 | regs.ecx = length; | ||
329 | regs.eax = 0x4f06; | ||
330 | /* BL = 2, Set Scan Line in Bytes. */ | ||
331 | - regs.ebx = 0x0002; | ||
332 | + regs.ebx = 0x0002; | ||
333 | regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; | ||
334 | grub_bios_interrupt (0x10, ®s); | ||
335 | return regs.eax & 0xffff; | ||
336 | } | ||
337 | |||
338 | /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ | ||
339 | -grub_vbe_status_t | ||
340 | +grub_vbe_status_t | ||
341 | grub_vbe_bios_get_scanline_length (grub_uint32_t *length) | ||
342 | { | ||
343 | struct grub_bios_int_registers regs; | ||
344 | @@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) | ||
345 | } | ||
346 | |||
347 | /* Call VESA BIOS 0x4f07 to set display start, return status. */ | ||
348 | -static grub_vbe_status_t | ||
349 | +static grub_vbe_status_t | ||
350 | grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) | ||
351 | { | ||
352 | struct grub_bios_int_registers regs; | ||
353 | @@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) | ||
354 | regs.edx = y; | ||
355 | regs.eax = 0x4f07; | ||
356 | /* BL = 80h, Set Display Start during Vertical Retrace. */ | ||
357 | - regs.ebx = 0x0080; | ||
358 | + regs.ebx = 0x0080; | ||
359 | regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; | ||
360 | grub_bios_interrupt (0x10, ®s); | ||
361 | |||
362 | @@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) | ||
363 | } | ||
364 | |||
365 | /* Call VESA BIOS 0x4f07 to get display start, return status. */ | ||
366 | -grub_vbe_status_t | ||
367 | +grub_vbe_status_t | ||
368 | grub_vbe_bios_get_display_start (grub_uint32_t *x, | ||
369 | grub_uint32_t *y) | ||
370 | { | ||
371 | @@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, | ||
372 | } | ||
373 | |||
374 | /* Call VESA BIOS 0x4f0a. */ | ||
375 | -grub_vbe_status_t | ||
376 | +grub_vbe_status_t | ||
377 | grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, | ||
378 | grub_uint16_t *length) | ||
379 | { | ||
380 | @@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, | ||
381 | case GRUB_VBE_MEMORY_MODEL_YUV: | ||
382 | mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; | ||
383 | break; | ||
384 | - | ||
385 | + | ||
386 | case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: | ||
387 | mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; | ||
388 | break; | ||
389 | @@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, | ||
390 | break; | ||
391 | case 8: | ||
392 | mode_info->bytes_per_pixel = 1; | ||
393 | - break; | ||
394 | + break; | ||
395 | case 4: | ||
396 | mode_info->bytes_per_pixel = 0; | ||
397 | - break; | ||
398 | + break; | ||
399 | } | ||
400 | |||
401 | if (controller_info.version >= 0x300) | ||
402 | @@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo | ||
403 | |||
404 | static grub_err_t | ||
405 | grub_video_vbe_setup (unsigned int width, unsigned int height, | ||
406 | - grub_video_mode_type_t mode_type, | ||
407 | + grub_video_mode_type_t mode_type, | ||
408 | grub_video_mode_type_t mode_mask) | ||
409 | { | ||
410 | grub_uint16_t *p; | ||
411 | @@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void) | ||
412 | controller_info.version & 0xFF, | ||
413 | controller_info.oem_software_rev >> 8, | ||
414 | controller_info.oem_software_rev & 0xFF); | ||
415 | - | ||
416 | + | ||
417 | /* The total_memory field is in 64 KiB units. */ | ||
418 | grub_printf_ (N_(" total memory: %d KiB\n"), | ||
419 | (controller_info.total_memory << 6)); | ||
420 | diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c | ||
421 | index b2f776c99..50d0b5e02 100644 | ||
422 | --- a/grub-core/video/i386/pc/vga.c | ||
423 | +++ b/grub-core/video/i386/pc/vga.c | ||
424 | @@ -48,7 +48,7 @@ static struct | ||
425 | int back_page; | ||
426 | } framebuffer; | ||
427 | |||
428 | -static unsigned char | ||
429 | +static unsigned char | ||
430 | grub_vga_set_mode (unsigned char mode) | ||
431 | { | ||
432 | struct grub_bios_int_registers regs; | ||
433 | @@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, | ||
434 | |||
435 | is_target = 1; | ||
436 | err = grub_video_fb_set_active_render_target (framebuffer.render_target); | ||
437 | - | ||
438 | + | ||
439 | if (err) | ||
440 | return err; | ||
441 | - | ||
442 | + | ||
443 | err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, | ||
444 | grub_video_fbstd_colors); | ||
445 | |||
446 | diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c | ||
447 | index f437fb0df..ca3d3c3b2 100644 | ||
448 | --- a/grub-core/video/ieee1275.c | ||
449 | +++ b/grub-core/video/ieee1275.c | ||
450 | @@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, | ||
451 | /* TODO. */ | ||
452 | return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); | ||
453 | } | ||
454 | - | ||
455 | + | ||
456 | err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); | ||
457 | if (err) | ||
458 | { | ||
459 | @@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, | ||
460 | |||
461 | grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, | ||
462 | grub_video_fbstd_colors); | ||
463 | - | ||
464 | + | ||
465 | return err; | ||
466 | } | ||
467 | |||
468 | diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c | ||
469 | index b4da34b5e..40917acb7 100644 | ||
470 | --- a/grub-core/video/radeon_fuloong2e.c | ||
471 | +++ b/grub-core/video/radeon_fuloong2e.c | ||
472 | @@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) | ||
473 | if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA | ||
474 | || pciid != 0x515a1002) | ||
475 | return 0; | ||
476 | - | ||
477 | + | ||
478 | *found = 1; | ||
479 | |||
480 | addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); | ||
481 | @@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, | ||
482 | framebuffer.mapped = 1; | ||
483 | |||
484 | /* Prevent garbage from appearing on the screen. */ | ||
485 | - grub_memset (framebuffer.ptr, 0x55, | ||
486 | + grub_memset (framebuffer.ptr, 0x55, | ||
487 | framebuffer.mode_info.height * framebuffer.mode_info.pitch); | ||
488 | |||
489 | #ifndef TEST | ||
490 | @@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, | ||
491 | return err; | ||
492 | |||
493 | err = grub_video_fb_set_active_render_target (framebuffer.render_target); | ||
494 | - | ||
495 | + | ||
496 | if (err) | ||
497 | return err; | ||
498 | |||
499 | diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c | ||
500 | index 52614feb6..48631c181 100644 | ||
501 | --- a/grub-core/video/radeon_yeeloong3a.c | ||
502 | +++ b/grub-core/video/radeon_yeeloong3a.c | ||
503 | @@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) | ||
504 | if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA | ||
505 | || pciid != 0x96151002) | ||
506 | return 0; | ||
507 | - | ||
508 | + | ||
509 | *found = 1; | ||
510 | |||
511 | addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); | ||
512 | @@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, | ||
513 | #endif | ||
514 | |||
515 | /* Prevent garbage from appearing on the screen. */ | ||
516 | - grub_memset (framebuffer.ptr, 0, | ||
517 | + grub_memset (framebuffer.ptr, 0, | ||
518 | framebuffer.mode_info.height * framebuffer.mode_info.pitch); | ||
519 | |||
520 | #ifndef TEST | ||
521 | @@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, | ||
522 | return err; | ||
523 | |||
524 | err = grub_video_fb_set_active_render_target (framebuffer.render_target); | ||
525 | - | ||
526 | + | ||
527 | if (err) | ||
528 | return err; | ||
529 | |||
530 | diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c | ||
531 | index 0157ff742..54dfedf43 100644 | ||
532 | --- a/grub-core/video/readers/png.c | ||
533 | +++ b/grub-core/video/readers/png.c | ||
534 | @@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) | ||
535 | } | ||
536 | return; | ||
537 | } | ||
538 | - | ||
539 | + | ||
540 | if (data->is_gray) | ||
541 | { | ||
542 | switch (data->bpp) | ||
543 | diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c | ||
544 | index 7cb9d1d2a..a9ec3a1b6 100644 | ||
545 | --- a/grub-core/video/readers/tga.c | ||
546 | +++ b/grub-core/video/readers/tga.c | ||
547 | @@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) | ||
548 | |||
549 | if (len > sizeof (data->palette)) | ||
550 | len = sizeof (data->palette); | ||
551 | - | ||
552 | + | ||
553 | if (grub_file_read (data->file, &data->palette, len) | ||
554 | != (grub_ssize_t) len) | ||
555 | return grub_errno; | ||
556 | diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c | ||
557 | index ae5c1419c..09c3c7bbe 100644 | ||
558 | --- a/grub-core/video/sis315_init.c | ||
559 | +++ b/grub-core/video/sis315_init.c | ||
560 | @@ -1,4 +1,4 @@ | ||
561 | -static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = | ||
562 | +static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = | ||
563 | { | ||
564 | { 0x28, 0x81 }, | ||
565 | { 0x2a, 0x00 }, | ||
566 | diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c | ||
567 | index 22a0c85a6..4d2f9999a 100644 | ||
568 | --- a/grub-core/video/sis315pro.c | ||
569 | +++ b/grub-core/video/sis315pro.c | ||
570 | @@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) | ||
571 | if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA | ||
572 | || pciid != GRUB_SIS315PRO_PCIID) | ||
573 | return 0; | ||
574 | - | ||
575 | + | ||
576 | *found = 1; | ||
577 | |||
578 | addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); | ||
579 | @@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, | ||
580 | |||
581 | #ifndef TEST | ||
582 | /* Prevent garbage from appearing on the screen. */ | ||
583 | - grub_memset (framebuffer.ptr, 0, | ||
584 | + grub_memset (framebuffer.ptr, 0, | ||
585 | framebuffer.mode_info.height * framebuffer.mode_info.pitch); | ||
586 | grub_arch_sync_dma_caches (framebuffer.ptr, | ||
587 | framebuffer.mode_info.height | ||
588 | @@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, | ||
589 | | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 | ||
590 | | GRUB_VGA_IO_MISC_28MHZ | ||
591 | | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS | ||
592 | - | GRUB_VGA_IO_MISC_COLOR, | ||
593 | + | GRUB_VGA_IO_MISC_COLOR, | ||
594 | GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); | ||
595 | |||
596 | grub_vga_sr_write (0x86, 5); | ||
597 | @@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, | ||
598 | { | ||
599 | if (read_sis_cmd (0x5) != 0xa1) | ||
600 | write_sis_cmd (0x86, 0x5); | ||
601 | - | ||
602 | + | ||
603 | write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); | ||
604 | write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); | ||
605 | |||
606 | diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c | ||
607 | index 10c46eb65..65f59f84b 100644 | ||
608 | --- a/grub-core/video/sm712.c | ||
609 | +++ b/grub-core/video/sm712.c | ||
610 | @@ -167,7 +167,7 @@ enum | ||
611 | GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, | ||
612 | GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, | ||
613 | GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, | ||
614 | - GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, | ||
615 | + GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, | ||
616 | GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, | ||
617 | GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, | ||
618 | GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, | ||
619 | @@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) | ||
620 | if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA | ||
621 | || pciid != GRUB_SM712_PCIID) | ||
622 | return 0; | ||
623 | - | ||
624 | + | ||
625 | *found = 1; | ||
626 | |||
627 | addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); | ||
628 | @@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, | ||
629 | |||
630 | #if !defined (TEST) && !defined(GENINIT) | ||
631 | /* Prevent garbage from appearing on the screen. */ | ||
632 | - grub_memset ((void *) framebuffer.cached_ptr, 0, | ||
633 | + grub_memset ((void *) framebuffer.cached_ptr, 0, | ||
634 | framebuffer.mode_info.height * framebuffer.mode_info.pitch); | ||
635 | #endif | ||
636 | |||
637 | @@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, | ||
638 | grub_sm712_sr_write (0x2, 0x6b); | ||
639 | grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); | ||
640 | grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); | ||
641 | - grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY | ||
642 | + grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY | ||
643 | | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY | ||
644 | | GRUB_VGA_IO_MISC_UPPER_64K | ||
645 | | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 | ||
646 | @@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, | ||
647 | for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) | ||
648 | grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, | ||
649 | dda_lookups[i].vcentering); | ||
650 | - | ||
651 | + | ||
652 | /* Undocumented */ | ||
653 | grub_sm712_cr_write (0, 0x9c); | ||
654 | grub_sm712_cr_write (0, 0x9d); | ||
655 | diff --git a/grub-core/video/video.c b/grub-core/video/video.c | ||
656 | index 983424107..8937da745 100644 | ||
657 | --- a/grub-core/video/video.c | ||
658 | +++ b/grub-core/video/video.c | ||
659 | @@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) | ||
660 | current_mode); | ||
661 | |||
662 | param++; | ||
663 | - | ||
664 | + | ||
665 | *width = grub_strtoul (value, 0, 0); | ||
666 | if (grub_errno != GRUB_ERR_NONE) | ||
667 | return grub_error (GRUB_ERR_BAD_ARGUMENT, | ||
668 | N_("invalid video mode specification `%s'"), | ||
669 | current_mode); | ||
670 | - | ||
671 | + | ||
672 | /* Find height value. */ | ||
673 | value = param; | ||
674 | param = grub_strchr(param, 'x'); | ||
675 | @@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) | ||
676 | { | ||
677 | /* We have optional color depth value. */ | ||
678 | param++; | ||
679 | - | ||
680 | + | ||
681 | *height = grub_strtoul (value, 0, 0); | ||
682 | if (grub_errno != GRUB_ERR_NONE) | ||
683 | return grub_error (GRUB_ERR_BAD_ARGUMENT, | ||
684 | N_("invalid video mode specification `%s'"), | ||
685 | current_mode); | ||
686 | - | ||
687 | + | ||
688 | /* Convert color depth value. */ | ||
689 | value = param; | ||
690 | *depth = grub_strtoul (value, 0, 0); | ||
691 | -- | ||
692 | 2.34.1 | ||
693 | |||
diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000000..0c7deae858 --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch | |||
@@ -0,0 +1,264 @@ | |||
1 | From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Mon, 28 Jun 2021 14:16:14 +1000 | ||
4 | Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails | ||
5 | |||
6 | Fuzzing revealed some inputs that were taking a long time, potentially | ||
7 | forever, because they did not bail quickly upon encountering an I/O error. | ||
8 | |||
9 | Try to catch I/O errors sooner and bail out. | ||
10 | |||
11 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
12 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | Reference to upstream patch: | ||
17 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b | ||
18 | |||
19 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
20 | --- | ||
21 | grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- | ||
22 | 1 file changed, 70 insertions(+), 16 deletions(-) | ||
23 | |||
24 | diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c | ||
25 | index c47ffd651..806c56c78 100644 | ||
26 | --- a/grub-core/video/readers/jpeg.c | ||
27 | +++ b/grub-core/video/readers/jpeg.c | ||
28 | @@ -109,9 +109,17 @@ static grub_uint8_t | ||
29 | grub_jpeg_get_byte (struct grub_jpeg_data *data) | ||
30 | { | ||
31 | grub_uint8_t r; | ||
32 | + grub_ssize_t bytes_read; | ||
33 | |||
34 | r = 0; | ||
35 | - grub_file_read (data->file, &r, 1); | ||
36 | + bytes_read = grub_file_read (data->file, &r, 1); | ||
37 | + | ||
38 | + if (bytes_read != 1) | ||
39 | + { | ||
40 | + grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
41 | + "jpeg: unexpected end of data"); | ||
42 | + return 0; | ||
43 | + } | ||
44 | |||
45 | return r; | ||
46 | } | ||
47 | @@ -120,9 +128,17 @@ static grub_uint16_t | ||
48 | grub_jpeg_get_word (struct grub_jpeg_data *data) | ||
49 | { | ||
50 | grub_uint16_t r; | ||
51 | + grub_ssize_t bytes_read; | ||
52 | |||
53 | r = 0; | ||
54 | - grub_file_read (data->file, &r, sizeof (grub_uint16_t)); | ||
55 | + bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); | ||
56 | + | ||
57 | + if (bytes_read != sizeof (grub_uint16_t)) | ||
58 | + { | ||
59 | + grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
60 | + "jpeg: unexpected end of data"); | ||
61 | + return 0; | ||
62 | + } | ||
63 | |||
64 | return grub_be_to_cpu16 (r); | ||
65 | } | ||
66 | @@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) | ||
67 | if (data->bit_mask == 0) | ||
68 | { | ||
69 | data->bit_save = grub_jpeg_get_byte (data); | ||
70 | + if (grub_errno != GRUB_ERR_NONE) { | ||
71 | + grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
72 | + "jpeg: file read error"); | ||
73 | + return 0; | ||
74 | + } | ||
75 | if (data->bit_save == JPEG_ESC_CHAR) | ||
76 | { | ||
77 | if (grub_jpeg_get_byte (data) != 0) | ||
78 | @@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) | ||
79 | "jpeg: invalid 0xFF in data stream"); | ||
80 | return 0; | ||
81 | } | ||
82 | + if (grub_errno != GRUB_ERR_NONE) | ||
83 | + { | ||
84 | + grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); | ||
85 | + return 0; | ||
86 | + } | ||
87 | } | ||
88 | data->bit_mask = 0x80; | ||
89 | } | ||
90 | @@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) | ||
91 | return 0; | ||
92 | |||
93 | msb = value = grub_jpeg_get_bit (data); | ||
94 | - for (i = 1; i < num; i++) | ||
95 | + for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) | ||
96 | value = (value << 1) + (grub_jpeg_get_bit (data) != 0); | ||
97 | if (!msb) | ||
98 | value += 1 - (1 << num); | ||
99 | @@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) | ||
100 | while (data->file->offset + sizeof (count) + 1 <= next_marker) | ||
101 | { | ||
102 | id = grub_jpeg_get_byte (data); | ||
103 | + if (grub_errno != GRUB_ERR_NONE) | ||
104 | + return grub_errno; | ||
105 | ac = (id >> 4) & 1; | ||
106 | id &= 0xF; | ||
107 | if (id > 1) | ||
108 | @@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) | ||
109 | |||
110 | next_marker = data->file->offset; | ||
111 | next_marker += grub_jpeg_get_word (data); | ||
112 | + if (grub_errno != GRUB_ERR_NONE) | ||
113 | + return grub_errno; | ||
114 | |||
115 | if (next_marker > data->file->size) | ||
116 | { | ||
117 | @@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) | ||
118 | <= next_marker) | ||
119 | { | ||
120 | id = grub_jpeg_get_byte (data); | ||
121 | + if (grub_errno != GRUB_ERR_NONE) | ||
122 | + return grub_errno; | ||
123 | if (id >= 0x10) /* Upper 4-bit is precision. */ | ||
124 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
125 | "jpeg: only 8-bit precision is supported"); | ||
126 | @@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) | ||
127 | next_marker = data->file->offset; | ||
128 | next_marker += grub_jpeg_get_word (data); | ||
129 | |||
130 | + if (grub_errno != GRUB_ERR_NONE) | ||
131 | + return grub_errno; | ||
132 | + | ||
133 | if (grub_jpeg_get_byte (data) != 8) | ||
134 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
135 | "jpeg: only 8-bit precision is supported"); | ||
136 | @@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) | ||
137 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); | ||
138 | |||
139 | ss = grub_jpeg_get_byte (data); /* Sampling factor. */ | ||
140 | + if (grub_errno != GRUB_ERR_NONE) | ||
141 | + return grub_errno; | ||
142 | if (!id) | ||
143 | { | ||
144 | grub_uint8_t vs, hs; | ||
145 | @@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) | ||
146 | } | ||
147 | } | ||
148 | |||
149 | -static void | ||
150 | +static grub_err_t | ||
151 | grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) | ||
152 | { | ||
153 | int h1, h2, qt; | ||
154 | @@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) | ||
155 | data->dc_value[id] += | ||
156 | grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); | ||
157 | |||
158 | + if (grub_errno != GRUB_ERR_NONE) | ||
159 | + return grub_errno; | ||
160 | + | ||
161 | du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; | ||
162 | pos = 1; | ||
163 | while (pos < ARRAY_SIZE (data->quan_table[qt])) | ||
164 | @@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) | ||
165 | num >>= 4; | ||
166 | pos += num; | ||
167 | |||
168 | + if (grub_errno != GRUB_ERR_NONE) | ||
169 | + return grub_errno; | ||
170 | + | ||
171 | if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) | ||
172 | { | ||
173 | - grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
174 | - "jpeg: invalid position in zigzag order!?"); | ||
175 | - return; | ||
176 | + return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
177 | + "jpeg: invalid position in zigzag order!?"); | ||
178 | } | ||
179 | |||
180 | du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; | ||
181 | @@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) | ||
182 | } | ||
183 | |||
184 | grub_jpeg_idct_transform (du); | ||
185 | + return GRUB_ERR_NONE; | ||
186 | } | ||
187 | |||
188 | static void | ||
189 | @@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) | ||
190 | data_offset += grub_jpeg_get_word (data); | ||
191 | |||
192 | cc = grub_jpeg_get_byte (data); | ||
193 | - | ||
194 | + if (grub_errno != GRUB_ERR_NONE) | ||
195 | + return grub_errno; | ||
196 | if (cc != 3 && cc != 1) | ||
197 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
198 | "jpeg: component count must be 1 or 3"); | ||
199 | @@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) | ||
200 | id = grub_jpeg_get_byte (data) - 1; | ||
201 | if ((id < 0) || (id >= 3)) | ||
202 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); | ||
203 | - | ||
204 | + if (grub_errno != GRUB_ERR_NONE) | ||
205 | + return grub_errno; | ||
206 | ht = grub_jpeg_get_byte (data); | ||
207 | data->comp_index[id][1] = (ht >> 4); | ||
208 | data->comp_index[id][2] = (ht & 0xF) + 2; | ||
209 | @@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) | ||
210 | if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || | ||
211 | (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) | ||
212 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); | ||
213 | + if (grub_errno != GRUB_ERR_NONE) | ||
214 | + return grub_errno; | ||
215 | } | ||
216 | |||
217 | grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ | ||
218 | grub_jpeg_get_word (data); | ||
219 | - | ||
220 | + if (grub_errno != GRUB_ERR_NONE) | ||
221 | + return grub_errno; | ||
222 | if (data->file->offset != data_offset) | ||
223 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); | ||
224 | |||
225 | @@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) | ||
226 | { | ||
227 | unsigned c1, vb, hb, nr1, nc1; | ||
228 | int rst = data->dri; | ||
229 | + grub_err_t err = GRUB_ERR_NONE; | ||
230 | |||
231 | vb = 8 << data->log_vs; | ||
232 | hb = 8 << data->log_hs; | ||
233 | @@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) | ||
234 | |||
235 | for (r2 = 0; r2 < (1U << data->log_vs); r2++) | ||
236 | for (c2 = 0; c2 < (1U << data->log_hs); c2++) | ||
237 | - grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); | ||
238 | + { | ||
239 | + err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); | ||
240 | + if (err != GRUB_ERR_NONE) | ||
241 | + return err; | ||
242 | + } | ||
243 | |||
244 | if (data->color_components >= 3) | ||
245 | { | ||
246 | - grub_jpeg_decode_du (data, 1, data->cbdu); | ||
247 | - grub_jpeg_decode_du (data, 2, data->crdu); | ||
248 | + err = grub_jpeg_decode_du (data, 1, data->cbdu); | ||
249 | + if (err != GRUB_ERR_NONE) | ||
250 | + return err; | ||
251 | + err = grub_jpeg_decode_du (data, 2, data->crdu); | ||
252 | + if (err != GRUB_ERR_NONE) | ||
253 | + return err; | ||
254 | } | ||
255 | |||
256 | - if (grub_errno) | ||
257 | - return grub_errno; | ||
258 | - | ||
259 | nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; | ||
260 | nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; | ||
261 | |||
262 | -- | ||
263 | 2.34.1 | ||
264 | |||
diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000000..91ecaad98a --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Axtens <dja@axtens.net> | ||
3 | Date: Mon, 28 Jun 2021 14:25:17 +1000 | ||
4 | Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of | ||
5 | streams | ||
6 | |||
7 | An invalid file could contain multiple start of stream blocks, which | ||
8 | would cause us to reallocate and leak our bitmap. Refuse to handle | ||
9 | multiple start of streams. | ||
10 | |||
11 | Additionally, fix a grub_error() call formatting. | ||
12 | |||
13 | Signed-off-by: Daniel Axtens <dja@axtens.net> | ||
14 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | |||
18 | Reference to upstream patch: | ||
19 | https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf | ||
20 | |||
21 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
22 | --- | ||
23 | grub-core/video/readers/jpeg.c | 7 +++++-- | ||
24 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c | ||
27 | index 2284a6c06..579bbe8a4 100644 | ||
28 | --- a/grub-core/video/readers/jpeg.c | ||
29 | +++ b/grub-core/video/readers/jpeg.c | ||
30 | @@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) | ||
31 | if (data->file->offset != data_offset) | ||
32 | return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); | ||
33 | |||
34 | + if (*data->bitmap) | ||
35 | + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); | ||
36 | + | ||
37 | if (grub_video_bitmap_create (data->bitmap, data->image_width, | ||
38 | data->image_height, | ||
39 | GRUB_VIDEO_BLIT_FORMAT_RGB_888)) | ||
40 | @@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) | ||
41 | nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); | ||
42 | |||
43 | if (data->bitmap_ptr == NULL) | ||
44 | - return grub_error(GRUB_ERR_BAD_FILE_TYPE, | ||
45 | - "jpeg: attempted to decode data before start of stream"); | ||
46 | + return grub_error (GRUB_ERR_BAD_FILE_TYPE, | ||
47 | + "jpeg: attempted to decode data before start of stream"); | ||
48 | |||
49 | for (; data->r1 < nr1 && (!data->dri || rst); | ||
50 | data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) | ||
51 | -- | ||
52 | 2.34.1 | ||
53 | |||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 45852ab9b1..47ea561002 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -22,6 +22,16 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
22 | file://0001-RISC-V-Restore-the-typcast-to-long.patch \ | 22 | file://0001-RISC-V-Restore-the-typcast-to-long.patch \ |
23 | file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ | 23 | file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ |
24 | file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ | 24 | file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ |
25 | file://video-Remove-trailing-whitespaces.patch \ | ||
26 | file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ | ||
27 | file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ | ||
28 | file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ | ||
29 | file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ | ||
30 | file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ | ||
31 | file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ | ||
32 | file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ | ||
33 | file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ | ||
34 | file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ | ||
25 | " | 35 | " |
26 | 36 | ||
27 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" | 37 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" |