* [PATCH] grub: Fix CVE's by updating to version 2.12 with commit 0e36779
@ 2025-08-11 9:35 Adolf Belka
0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2025-08-11 9:35 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- Update from version 2.12 to 2.12 and all commits up to 0e36779
- Update of rootfiles for all architectures
- Back in Feb 2025 20 CVE's were identified in Grub-2.12 and 73 security patchers were
applied. However there has been no movement to doing a fresh release. Arch Linux has
just used the committs up to the last of the security patches. However since then they
have also continued takingnew snapshots of the grub git commits to do updates.
- This patch takes the last commit in the grub master dated 11th July 2025.
- Built successfully also on aarch64 & riscv64
- Tested out on my vm testbed. The grub screen worked as expected and the grub version
has been made to show as 2.12.0e36779. This way any further update before version
2.13 is released will follow the same pattern of adding the number of the commit
used in the snapshot.
- The snapshot required the bootstrap script to be used. However this either needs
internet access to download the gnulib git sources or requires a local copy of the
gnulib git sources to be available. Therefore I took the snapshot and downloaded a
local copy of the gnulinb sources to my desktop build system and created a
bootstrapped version of the snapshot, which is the source file I have provided
into the sources and used by the lfs. This means that the autoconf -vfi command in
the lfs is not needed. I just commented it out in case there is a release package in
the future.
- I am not sure if this will be merged into CU197 or wait for CU198.
- As far as I can see all the CVE-s require acces to the grub system, which means local
physical access so don't believe these are critical for the IPFire user base but
it might be good for someone more experienced than me to check the CVE's.
- Changelog
For details of all changes then the grub git repo has to be looked at.
https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=shortlog;h=refs/heads/master
There is no changelog of all the commits, except for a list of the CVE's that were
identified and fixed in this update. These CVE's are listed below.
CVE-2024-45775: commands/extcmd: Missing check for failed allocation
In grub_extcmd_dispatcher() function grub2 calls grub_arg_list_alloc()
to allocate memory for the grub's argument list, however it misses to
check in case the memory allocation failed. Once the allocation failed,
a NULL point will be processed by the parse_option() function leading
grub to crash or in some rare scenarios corrupt the IVT data.
CVE-2024-45776: grub-core/gettext: Integer overflow leads to Heap OOB Write and
Read
When reading language .mo file in grub_mofile_open(), grub2 fails to verify to
a integer overflow when allocating its internal buffer. A crafted .mo file may
lead to the buffer size calculation to overflow leading to Out-of-bound reads
and writes. An attacker may leverage this flaw to leak sensitive data or
overwrite critical data possibly leading to the circumvention of secure boot
protections.
CVE-2024-45777: grub-core/gettext: Integer overflow leads to Heap OOB Write
The calculation of the translation buffer when reading a language .mo file in
grub_gettext_getstr_from_position() may overflow leading to a Out-of-bound
write. This may be leveraged by an attacker to overwrite senstive grub2's heap
data, eventually leading to the circumvention of secure boot protections
CVE-2024-45778: fs/bfs: Integer overflow in the BFS parser
There's a stack overflow when reading a BFS file system. A crafted BFS
filesystem may lead to a uncontrolled loop causing grub2 to crash
CVE-2024-45779: fs/bfs: Integer overflow leads to Heap OOB Read (Write?) in the
BFS parser
There's an integer overflow in the BFS file system driver. When reading a file
with indirect extent map grub2 fails to validate the number of extent entries
to be read. A crafted or corrupted BFS filesystem may cause a integer overflow
during the file reading, leading to a Heap Ouf-of-Bounds read. As consequence
sensitive data may be leaked or the grub2 to crash.
CVE-2024-45780: fs/tar: Integer Overflow causes Heap OOB Write
When reading tar files, grub2 allocates an internal buffer for the file name
however it fails to properly verify the allocation against possible Integer
Overflows. It's possible to cause the allocation length to overflow with
a crafted tar file leading to a head Out-of-bounds write, as consequence an
attacker may leverage this to eventually circumvent secure boot protections.
CVE-2024-45781: fs/ufs: OOB write in the heap
When reading a symbolic link's name from a UFS filesystem, grub2 fails to
validate the string length taken as an input. The lack of validation may lead
to a heap Out-of-bounds write, causing data integrity issues and eventually
allowing an attacker to circumvent secure boot protections.
CVE-2024-45782: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
When reading a HFS volume's name at grub_fs_mount(), the HFS filesystem driver
performs a strcpy() using the user provided volume name as input without proper
validating the volume name's length. This may read to a heap based
Out-of-bounds write, impacting on grub's sensitive data integrity and
eventually leading to secure boot protection bypass.
CVE-2024-45783: fs/hfs+: refcount can be decremented twice
When failing to mount a HFS+ grub hfsplus filesystem driver doesn't properly
set a ERRNO value. This may lead to a NULL pointer access.
CVE-2025-0622: command/gpg: Use-after-free due to hooks not being removed on
module unload
In some scenarios hooks created by loaded modules are not being removed when
the related module is being unloaded. An attacker may leverage this by forcing
the grub2 to call the hooks once the module which registered it was unloaded,
leading to a Use-after-free vulnerability. If correctly exploited this
vulnerability may result int Arbitrary Code Execution eventually allowing the
attacker to by-pass secure boot protections.
CVE-2025-0624: net: Out-of-bounds write in grub_net_search_config_file()
During the network boot process when trying to search for the configuration
file, grub copies data from a user controlled environment variable into an
internal buffer using grub_strcpy() function. During this step it fails to
consider the environment variable length when allocating the internal buffer,
resulting in a out-of-bounds write. If correctly exploited this issue may
result in remote code execution through the same network segment the grub is
searching for the boot information, which can be used to by-pass secure boot
protections.
CVE-2025-0677: UFS: Integer overflow may lead to heap based out-of-bounds write
when handling symlinks
When performing a symlink lookup the grub's UFS module check the inode's data
size to allocate the internal buffer for reading the file content however it
misses to check if the symlink data size has overflown. If that happens
grub_malloc() may be called with a smaller value than needed, as consequence
when further reading the data from disk into the buffer
grub_ufs_lookup_symlink() function will write past the end of the allocated
size. An attack may leverage that by crafting a malicious filesystem and as
a result it will corrupt data stored in the heap, it's possible that arbitrary
code execution may be achieved through it and to be used to by-pass secure boot
mechanisms.
CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds
write when reading data
When reading data from a squash4 filesystem, grub's squash4 fs module uses
user-controlled parameters from the filesystem geometry to determine the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the direct_read() will perform a heap
based out-of-bounds write during data reading. This flaw may be leveraged to
corrupt grub's internal critical data and may result in arbitrary code
execution by-passing secure boot protections.
CVE-2025-0684: reiserfs: Integer overflow when handling symlinks may lead to
heap based out-of-bounds write when reading data
When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs
module uses user-controlled parameters from the filesystem geometry to
determine the internal buffers size, however it misses to properly check for
integer overflows. A maliciouly crafted filesystem may lead some of those
buffer size calculation to overflow, causing it to perform a grub_malloc()
operation with a smaller size than expected. As a result the
grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with
a overflown length parameter leading to a heap based out-of-bounds write during
data reading. This flaw may be leveraged to corrupt grub's internal critical
data and may result in arbitrary code execution by-passing secure boot
protections.
CVE-2025-0685: jfs: Integer overflow when handling symlinks may lead to heap
based out-of-bounds write when reading data
When reading data from a jfs filesystem, grub's jfs filesystem module uses
user-controlled parameters from the filesystem geometry to determine the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the grub_jfs_lookup_symlink() function
will write past of the internal buffer length during grub_jfs_read_file(). This
flaw may be leveraged to corrupt grub's internal critical data and may result
in arbitrary code execution by-passing secure boot protections.
CVE-2025-0686: romfs: Integer overflow when handling symlinks may lead to heap
based out-of-bounds write when reading data
When performing a symlink lookup from a romfs filesystem, grub's romfs
filesystem module uses user-controlled parameters from the filesystem geometry
to determine the internal buffers size, however it misses to properly check for
integer overflows. A maliciouly crafted filesystem may lead some of those
buffer size calculation to overflow, causing it to perform a grub_malloc()
operation with a smaller size than expected. As a result the
grub_romfs_read_symlink() may cause a out-of-bounds writes when calling
grub_disk_read() function. This flaw may be leveraged to corrupt grub's
internal critical data and may result in arbitrary code execution by-passing
secure boot protections.
CVE-2025-0689: udf: Heap based buffer overflow in grub_udf_read_block() may
lead to arbitrary code execution
When reading data from disk, the grub's UDF filesystem module utilizes the user
controlled data length metadata to allocate its internal buffers. In certain
scenarios, while iterating through disk sectors, it assumes the read size from
the disk is always smaller than the allocated buffer size which is not
guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow
resulting in critical data to be corrupted, resulting in the risk of arbitrary
code execution by-passing secure boot protections.
CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write
The read command is used to read the keyboard input from the user, while reads
it keeps the input length in a 32-bit integer value which is further used to
reallocate the line buffer to accept the next character. During this process,
with a line big enough it's possible to make this variable to overflow leading
to a out-of-bounds write in the heap based buffer. This flaw may be leveraged
to corrupt grub's internal critical data and secure boot bypass is not
discarded as consequence.
CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure
boot is enabled
The grub's dump command is not blocked when grub is in lockdown mode. This
allows the user to read any memory information, an attacker may leverage that
in order to extract signatures, salts and other sensitive information from the
memory.
CVE-2025-1125: fs/hfs: Interger overflow may lead to heap based out-of-bounds write
When reading data from a hfs filesystem, grub's hfs filesystem module uses
user-controlled parameters from the filesystem metadata to calculate the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the hfsplus_open_compressed_real()
function will write past of the internal buffer length. This flaw may be
leveraged to corrupt grub's internal critical data and may result in arbitrary
code execution by-passing secure boot protections.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/aarch64/grub | 114 +++++++++-----------
config/rootfiles/common/riscv64/grub | 114 +++++++++-----------
config/rootfiles/common/x86_64/grub | 154 +++++++++++++++------------
lfs/grub | 8 +-
4 files changed, 193 insertions(+), 197 deletions(-)
diff --git a/config/rootfiles/common/aarch64/grub b/config/rootfiles/common/aarch64/grub
index 274346765..2d2370771 100644
--- a/config/rootfiles/common/aarch64/grub
+++ b/config/rootfiles/common/aarch64/grub
@@ -1,7 +1,5 @@
#boot/grub
boot/grub/splash.png
-#etc/bash_completion.d
-#etc/bash_completion.d/grub
#etc/default
etc/default/grub
#etc/grub.d
@@ -29,6 +27,7 @@ usr/bin/grub-mkpasswd-pbkdf2
usr/bin/grub-mkrelpath
usr/bin/grub-mkrescue
usr/bin/grub-mkstandalone
+usr/bin/grub-protect
usr/bin/grub-render-label
usr/bin/grub-script-check
usr/bin/grub-syslinux2cfg
@@ -48,6 +47,10 @@ usr/lib/grub/arm64-efi/all_video.mod
usr/lib/grub/arm64-efi/all_video.module
usr/lib/grub/arm64-efi/archelp.mod
usr/lib/grub/arm64-efi/archelp.module
+usr/lib/grub/arm64-efi/asn1.mod
+usr/lib/grub/arm64-efi/asn1.module
+usr/lib/grub/arm64-efi/asn1_test.mod
+usr/lib/grub/arm64-efi/asn1_test.module
usr/lib/grub/arm64-efi/bfs.mod
usr/lib/grub/arm64-efi/bfs.module
usr/lib/grub/arm64-efi/bitmap.mod
@@ -72,8 +75,6 @@ usr/lib/grub/arm64-efi/cbfs.mod
usr/lib/grub/arm64-efi/cbfs.module
usr/lib/grub/arm64-efi/chain.mod
usr/lib/grub/arm64-efi/chain.module
-usr/lib/grub/arm64-efi/cmdline_cat_test.mod
-usr/lib/grub/arm64-efi/cmdline_cat_test.module
usr/lib/grub/arm64-efi/cmp.mod
usr/lib/grub/arm64-efi/cmp.module
usr/lib/grub/arm64-efi/cmp_test.mod
@@ -111,6 +112,8 @@ usr/lib/grub/arm64-efi/div_test.mod
usr/lib/grub/arm64-efi/div_test.module
usr/lib/grub/arm64-efi/dm_nv.mod
usr/lib/grub/arm64-efi/dm_nv.module
+usr/lib/grub/arm64-efi/dsa_sexp_test.mod
+usr/lib/grub/arm64-efi/dsa_sexp_test.module
usr/lib/grub/arm64-efi/echo.mod
usr/lib/grub/arm64-efi/echo.module
usr/lib/grub/arm64-efi/efi_gop.mod
@@ -123,6 +126,8 @@ usr/lib/grub/arm64-efi/efitextmode.mod
usr/lib/grub/arm64-efi/efitextmode.module
usr/lib/grub/arm64-efi/elf.mod
usr/lib/grub/arm64-efi/elf.module
+usr/lib/grub/arm64-efi/erofs.mod
+usr/lib/grub/arm64-efi/erofs.module
usr/lib/grub/arm64-efi/eval.mod
usr/lib/grub/arm64-efi/eval.module
usr/lib/grub/arm64-efi/exfat.mod
@@ -151,6 +156,10 @@ usr/lib/grub/arm64-efi/functional_test.mod
usr/lib/grub/arm64-efi/functional_test.module
usr/lib/grub/arm64-efi/gcry_arcfour.mod
usr/lib/grub/arm64-efi/gcry_arcfour.module
+usr/lib/grub/arm64-efi/gcry_aria.mod
+usr/lib/grub/arm64-efi/gcry_aria.module
+usr/lib/grub/arm64-efi/gcry_blake2.mod
+usr/lib/grub/arm64-efi/gcry_blake2.module
usr/lib/grub/arm64-efi/gcry_blowfish.mod
usr/lib/grub/arm64-efi/gcry_blowfish.module
usr/lib/grub/arm64-efi/gcry_camellia.mod
@@ -163,8 +172,14 @@ usr/lib/grub/arm64-efi/gcry_des.mod
usr/lib/grub/arm64-efi/gcry_des.module
usr/lib/grub/arm64-efi/gcry_dsa.mod
usr/lib/grub/arm64-efi/gcry_dsa.module
+usr/lib/grub/arm64-efi/gcry_gost28147.mod
+usr/lib/grub/arm64-efi/gcry_gost28147.module
+usr/lib/grub/arm64-efi/gcry_gostr3411_94.mod
+usr/lib/grub/arm64-efi/gcry_gostr3411_94.module
usr/lib/grub/arm64-efi/gcry_idea.mod
usr/lib/grub/arm64-efi/gcry_idea.module
+usr/lib/grub/arm64-efi/gcry_keccak.mod
+usr/lib/grub/arm64-efi/gcry_keccak.module
usr/lib/grub/arm64-efi/gcry_md4.mod
usr/lib/grub/arm64-efi/gcry_md4.module
usr/lib/grub/arm64-efi/gcry_md5.mod
@@ -177,6 +192,8 @@ usr/lib/grub/arm64-efi/gcry_rmd160.mod
usr/lib/grub/arm64-efi/gcry_rmd160.module
usr/lib/grub/arm64-efi/gcry_rsa.mod
usr/lib/grub/arm64-efi/gcry_rsa.module
+usr/lib/grub/arm64-efi/gcry_salsa20.mod
+usr/lib/grub/arm64-efi/gcry_salsa20.module
usr/lib/grub/arm64-efi/gcry_seed.mod
usr/lib/grub/arm64-efi/gcry_seed.module
usr/lib/grub/arm64-efi/gcry_serpent.mod
@@ -187,6 +204,12 @@ usr/lib/grub/arm64-efi/gcry_sha256.mod
usr/lib/grub/arm64-efi/gcry_sha256.module
usr/lib/grub/arm64-efi/gcry_sha512.mod
usr/lib/grub/arm64-efi/gcry_sha512.module
+usr/lib/grub/arm64-efi/gcry_sm3.mod
+usr/lib/grub/arm64-efi/gcry_sm3.module
+usr/lib/grub/arm64-efi/gcry_sm4.mod
+usr/lib/grub/arm64-efi/gcry_sm4.module
+usr/lib/grub/arm64-efi/gcry_stribog.mod
+usr/lib/grub/arm64-efi/gcry_stribog.module
usr/lib/grub/arm64-efi/gcry_tiger.mod
usr/lib/grub/arm64-efi/gcry_tiger.module
usr/lib/grub/arm64-efi/gcry_twofish.mod
@@ -205,8 +228,6 @@ usr/lib/grub/arm64-efi/gfxterm.mod
usr/lib/grub/arm64-efi/gfxterm.module
usr/lib/grub/arm64-efi/gfxterm_background.mod
usr/lib/grub/arm64-efi/gfxterm_background.module
-usr/lib/grub/arm64-efi/gfxterm_menu.mod
-usr/lib/grub/arm64-efi/gfxterm_menu.module
usr/lib/grub/arm64-efi/gptsync.mod
usr/lib/grub/arm64-efi/gptsync.module
usr/lib/grub/arm64-efi/gzio.mod
@@ -239,6 +260,8 @@ usr/lib/grub/arm64-efi/json.mod
usr/lib/grub/arm64-efi/json.module
usr/lib/grub/arm64-efi/kernel.exec
usr/lib/grub/arm64-efi/kernel.img
+usr/lib/grub/arm64-efi/key_protector.mod
+usr/lib/grub/arm64-efi/key_protector.module
usr/lib/grub/arm64-efi/keystatus.mod
usr/lib/grub/arm64-efi/keystatus.module
usr/lib/grub/arm64-efi/ldm.mod
@@ -373,6 +396,8 @@ usr/lib/grub/arm64-efi/procfs.mod
usr/lib/grub/arm64-efi/procfs.module
usr/lib/grub/arm64-efi/progress.mod
usr/lib/grub/arm64-efi/progress.module
+usr/lib/grub/arm64-efi/pubkey.mod
+usr/lib/grub/arm64-efi/pubkey.module
usr/lib/grub/arm64-efi/raid5rec.mod
usr/lib/grub/arm64-efi/raid5rec.module
usr/lib/grub/arm64-efi/raid6rec.mod
@@ -387,6 +412,8 @@ usr/lib/grub/arm64-efi/reiserfs.mod
usr/lib/grub/arm64-efi/reiserfs.module
usr/lib/grub/arm64-efi/romfs.mod
usr/lib/grub/arm64-efi/romfs.module
+usr/lib/grub/arm64-efi/rsa_sexp_test.mod
+usr/lib/grub/arm64-efi/rsa_sexp_test.module
usr/lib/grub/arm64-efi/scsi.mod
usr/lib/grub/arm64-efi/scsi.module
usr/lib/grub/arm64-efi/search.mod
@@ -444,12 +471,16 @@ usr/lib/grub/arm64-efi/time.mod
usr/lib/grub/arm64-efi/time.module
usr/lib/grub/arm64-efi/tpm.mod
usr/lib/grub/arm64-efi/tpm.module
+usr/lib/grub/arm64-efi/tpm2_key_protector.mod
+usr/lib/grub/arm64-efi/tpm2_key_protector.module
usr/lib/grub/arm64-efi/tr.mod
usr/lib/grub/arm64-efi/tr.module
usr/lib/grub/arm64-efi/trig.mod
usr/lib/grub/arm64-efi/trig.module
usr/lib/grub/arm64-efi/true.mod
usr/lib/grub/arm64-efi/true.module
+usr/lib/grub/arm64-efi/tss2.mod
+usr/lib/grub/arm64-efi/tss2.module
usr/lib/grub/arm64-efi/udf.mod
usr/lib/grub/arm64-efi/udf.module
usr/lib/grub/arm64-efi/ufs1.mod
@@ -498,6 +529,19 @@ usr/sbin/grub-probe
usr/sbin/grub-reboot
usr/sbin/grub-set-default
usr/sbin/grub-sparc64-setup
+usr/share/bash-completion/completions/grub
+usr/share/bash-completion/completions/grub-bios-setup
+usr/share/bash-completion/completions/grub-editenv
+usr/share/bash-completion/completions/grub-install
+usr/share/bash-completion/completions/grub-mkconfig
+usr/share/bash-completion/completions/grub-mkfont
+usr/share/bash-completion/completions/grub-mkimage
+usr/share/bash-completion/completions/grub-mkpasswd-pbkdf2
+usr/share/bash-completion/completions/grub-probe
+usr/share/bash-completion/completions/grub-reboot
+usr/share/bash-completion/completions/grub-script-check
+usr/share/bash-completion/completions/grub-set-default
+usr/share/bash-completion/completions/grub-sparc64-setup
#usr/share/grub
#usr/share/grub/ascii.h
usr/share/grub/ascii.pf2
@@ -509,63 +553,6 @@ usr/share/grub/unicode.pf2
#usr/share/info/grub.info
#usr/share/info/grub.info-1
#usr/share/info/grub.info-2
-#usr/share/locale/ast/LC_MESSAGES/grub.mo
-#usr/share/locale/ca/LC_MESSAGES/grub.mo
-#usr/share/locale/da/LC_MESSAGES/grub.mo
-#usr/share/locale/de/LC_MESSAGES/grub.mo
-#usr/share/locale/de@hebrew
-#usr/share/locale/de@hebrew/LC_MESSAGES
-#usr/share/locale/de@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/de_CH
-#usr/share/locale/de_CH/LC_MESSAGES
-#usr/share/locale/de_CH/LC_MESSAGES/grub.mo
-#usr/share/locale/en@arabic
-#usr/share/locale/en@arabic/LC_MESSAGES
-#usr/share/locale/en@arabic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@cyrillic
-#usr/share/locale/en@cyrillic/LC_MESSAGES
-#usr/share/locale/en@cyrillic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@greek
-#usr/share/locale/en@greek/LC_MESSAGES
-#usr/share/locale/en@greek/LC_MESSAGES/grub.mo
-#usr/share/locale/en@hebrew
-#usr/share/locale/en@hebrew/LC_MESSAGES
-#usr/share/locale/en@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/en@piglatin
-#usr/share/locale/en@piglatin/LC_MESSAGES
-#usr/share/locale/en@piglatin/LC_MESSAGES/grub.mo
-#usr/share/locale/en@quot/LC_MESSAGES/grub.mo
-#usr/share/locale/eo/LC_MESSAGES/grub.mo
-#usr/share/locale/es/LC_MESSAGES/grub.mo
-#usr/share/locale/fi/LC_MESSAGES/grub.mo
-#usr/share/locale/fr/LC_MESSAGES/grub.mo
-#usr/share/locale/gl/LC_MESSAGES/grub.mo
-#usr/share/locale/he/LC_MESSAGES/grub.mo
-#usr/share/locale/hr/LC_MESSAGES/grub.mo
-#usr/share/locale/hu/LC_MESSAGES/grub.mo
-#usr/share/locale/id/LC_MESSAGES/grub.mo
-#usr/share/locale/it/LC_MESSAGES/grub.mo
-#usr/share/locale/ja/LC_MESSAGES/grub.mo
-#usr/share/locale/ka/LC_MESSAGES/grub.mo
-#usr/share/locale/ko/LC_MESSAGES/grub.mo
-#usr/share/locale/lg/LC_MESSAGES/grub.mo
-#usr/share/locale/lt/LC_MESSAGES/grub.mo
-#usr/share/locale/nb/LC_MESSAGES/grub.mo
-#usr/share/locale/nl/LC_MESSAGES/grub.mo
-#usr/share/locale/pa/LC_MESSAGES/grub.mo
-#usr/share/locale/pl/LC_MESSAGES/grub.mo
-#usr/share/locale/pt/LC_MESSAGES/grub.mo
-#usr/share/locale/pt_BR/LC_MESSAGES/grub.mo
-#usr/share/locale/ro/LC_MESSAGES/grub.mo
-#usr/share/locale/ru/LC_MESSAGES/grub.mo
-#usr/share/locale/sl/LC_MESSAGES/grub.mo
-#usr/share/locale/sr/LC_MESSAGES/grub.mo
-#usr/share/locale/sv/LC_MESSAGES/grub.mo
-#usr/share/locale/tr/LC_MESSAGES/grub.mo
-#usr/share/locale/uk/LC_MESSAGES/grub.mo
-#usr/share/locale/vi/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_CN/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_TW/LC_MESSAGES/grub.mo
#usr/share/man/man1/grub-editenv.1
#usr/share/man/man1/grub-file.1
#usr/share/man/man1/grub-fstest.1
@@ -580,6 +567,7 @@ usr/share/grub/unicode.pf2
#usr/share/man/man1/grub-mkrelpath.1
#usr/share/man/man1/grub-mkrescue.1
#usr/share/man/man1/grub-mkstandalone.1
+#usr/share/man/man1/grub-protect.1
#usr/share/man/man1/grub-render-label.1
#usr/share/man/man1/grub-script-check.1
#usr/share/man/man1/grub-syslinux2cfg.1
diff --git a/config/rootfiles/common/riscv64/grub b/config/rootfiles/common/riscv64/grub
index 4bbe3ed70..29e1d48f4 100644
--- a/config/rootfiles/common/riscv64/grub
+++ b/config/rootfiles/common/riscv64/grub
@@ -1,7 +1,5 @@
#boot/grub
boot/grub/splash.png
-#etc/bash_completion.d
-#etc/bash_completion.d/grub
#etc/default
etc/default/grub
#etc/grub.d
@@ -29,6 +27,7 @@ usr/bin/grub-mkpasswd-pbkdf2
usr/bin/grub-mkrelpath
usr/bin/grub-mkrescue
usr/bin/grub-mkstandalone
+usr/bin/grub-protect
usr/bin/grub-render-label
usr/bin/grub-script-check
usr/bin/grub-syslinux2cfg
@@ -48,6 +47,10 @@ usr/lib/grub/riscv64-efi/all_video.mod
usr/lib/grub/riscv64-efi/all_video.module
usr/lib/grub/riscv64-efi/archelp.mod
usr/lib/grub/riscv64-efi/archelp.module
+usr/lib/grub/riscv64-efi/asn1.mod
+usr/lib/grub/riscv64-efi/asn1.module
+usr/lib/grub/riscv64-efi/asn1_test.mod
+usr/lib/grub/riscv64-efi/asn1_test.module
usr/lib/grub/riscv64-efi/bfs.mod
usr/lib/grub/riscv64-efi/bfs.module
usr/lib/grub/riscv64-efi/bitmap.mod
@@ -72,8 +75,6 @@ usr/lib/grub/riscv64-efi/cbfs.mod
usr/lib/grub/riscv64-efi/cbfs.module
usr/lib/grub/riscv64-efi/chain.mod
usr/lib/grub/riscv64-efi/chain.module
-usr/lib/grub/riscv64-efi/cmdline_cat_test.mod
-usr/lib/grub/riscv64-efi/cmdline_cat_test.module
usr/lib/grub/riscv64-efi/cmp.mod
usr/lib/grub/riscv64-efi/cmp.module
usr/lib/grub/riscv64-efi/cmp_test.mod
@@ -111,6 +112,8 @@ usr/lib/grub/riscv64-efi/div_test.mod
usr/lib/grub/riscv64-efi/div_test.module
usr/lib/grub/riscv64-efi/dm_nv.mod
usr/lib/grub/riscv64-efi/dm_nv.module
+usr/lib/grub/riscv64-efi/dsa_sexp_test.mod
+usr/lib/grub/riscv64-efi/dsa_sexp_test.module
usr/lib/grub/riscv64-efi/echo.mod
usr/lib/grub/riscv64-efi/echo.module
usr/lib/grub/riscv64-efi/efi_gop.mod
@@ -123,6 +126,8 @@ usr/lib/grub/riscv64-efi/efitextmode.mod
usr/lib/grub/riscv64-efi/efitextmode.module
usr/lib/grub/riscv64-efi/elf.mod
usr/lib/grub/riscv64-efi/elf.module
+usr/lib/grub/riscv64-efi/erofs.mod
+usr/lib/grub/riscv64-efi/erofs.module
usr/lib/grub/riscv64-efi/eval.mod
usr/lib/grub/riscv64-efi/eval.module
usr/lib/grub/riscv64-efi/exfat.mod
@@ -151,6 +156,10 @@ usr/lib/grub/riscv64-efi/functional_test.mod
usr/lib/grub/riscv64-efi/functional_test.module
usr/lib/grub/riscv64-efi/gcry_arcfour.mod
usr/lib/grub/riscv64-efi/gcry_arcfour.module
+usr/lib/grub/riscv64-efi/gcry_aria.mod
+usr/lib/grub/riscv64-efi/gcry_aria.module
+usr/lib/grub/riscv64-efi/gcry_blake2.mod
+usr/lib/grub/riscv64-efi/gcry_blake2.module
usr/lib/grub/riscv64-efi/gcry_blowfish.mod
usr/lib/grub/riscv64-efi/gcry_blowfish.module
usr/lib/grub/riscv64-efi/gcry_camellia.mod
@@ -163,8 +172,14 @@ usr/lib/grub/riscv64-efi/gcry_des.mod
usr/lib/grub/riscv64-efi/gcry_des.module
usr/lib/grub/riscv64-efi/gcry_dsa.mod
usr/lib/grub/riscv64-efi/gcry_dsa.module
+usr/lib/grub/riscv64-efi/gcry_gost28147.mod
+usr/lib/grub/riscv64-efi/gcry_gost28147.module
+usr/lib/grub/riscv64-efi/gcry_gostr3411_94.mod
+usr/lib/grub/riscv64-efi/gcry_gostr3411_94.module
usr/lib/grub/riscv64-efi/gcry_idea.mod
usr/lib/grub/riscv64-efi/gcry_idea.module
+usr/lib/grub/riscv64-efi/gcry_keccak.mod
+usr/lib/grub/riscv64-efi/gcry_keccak.module
usr/lib/grub/riscv64-efi/gcry_md4.mod
usr/lib/grub/riscv64-efi/gcry_md4.module
usr/lib/grub/riscv64-efi/gcry_md5.mod
@@ -177,6 +192,8 @@ usr/lib/grub/riscv64-efi/gcry_rmd160.mod
usr/lib/grub/riscv64-efi/gcry_rmd160.module
usr/lib/grub/riscv64-efi/gcry_rsa.mod
usr/lib/grub/riscv64-efi/gcry_rsa.module
+usr/lib/grub/riscv64-efi/gcry_salsa20.mod
+usr/lib/grub/riscv64-efi/gcry_salsa20.module
usr/lib/grub/riscv64-efi/gcry_seed.mod
usr/lib/grub/riscv64-efi/gcry_seed.module
usr/lib/grub/riscv64-efi/gcry_serpent.mod
@@ -187,6 +204,12 @@ usr/lib/grub/riscv64-efi/gcry_sha256.mod
usr/lib/grub/riscv64-efi/gcry_sha256.module
usr/lib/grub/riscv64-efi/gcry_sha512.mod
usr/lib/grub/riscv64-efi/gcry_sha512.module
+usr/lib/grub/riscv64-efi/gcry_sm3.mod
+usr/lib/grub/riscv64-efi/gcry_sm3.module
+usr/lib/grub/riscv64-efi/gcry_sm4.mod
+usr/lib/grub/riscv64-efi/gcry_sm4.module
+usr/lib/grub/riscv64-efi/gcry_stribog.mod
+usr/lib/grub/riscv64-efi/gcry_stribog.module
usr/lib/grub/riscv64-efi/gcry_tiger.mod
usr/lib/grub/riscv64-efi/gcry_tiger.module
usr/lib/grub/riscv64-efi/gcry_twofish.mod
@@ -205,8 +228,6 @@ usr/lib/grub/riscv64-efi/gfxterm.mod
usr/lib/grub/riscv64-efi/gfxterm.module
usr/lib/grub/riscv64-efi/gfxterm_background.mod
usr/lib/grub/riscv64-efi/gfxterm_background.module
-usr/lib/grub/riscv64-efi/gfxterm_menu.mod
-usr/lib/grub/riscv64-efi/gfxterm_menu.module
usr/lib/grub/riscv64-efi/gptsync.mod
usr/lib/grub/riscv64-efi/gptsync.module
usr/lib/grub/riscv64-efi/gzio.mod
@@ -239,6 +260,8 @@ usr/lib/grub/riscv64-efi/json.mod
usr/lib/grub/riscv64-efi/json.module
usr/lib/grub/riscv64-efi/kernel.exec
usr/lib/grub/riscv64-efi/kernel.img
+usr/lib/grub/riscv64-efi/key_protector.mod
+usr/lib/grub/riscv64-efi/key_protector.module
usr/lib/grub/riscv64-efi/keystatus.mod
usr/lib/grub/riscv64-efi/keystatus.module
usr/lib/grub/riscv64-efi/ldm.mod
@@ -373,6 +396,8 @@ usr/lib/grub/riscv64-efi/procfs.mod
usr/lib/grub/riscv64-efi/procfs.module
usr/lib/grub/riscv64-efi/progress.mod
usr/lib/grub/riscv64-efi/progress.module
+usr/lib/grub/riscv64-efi/pubkey.mod
+usr/lib/grub/riscv64-efi/pubkey.module
usr/lib/grub/riscv64-efi/raid5rec.mod
usr/lib/grub/riscv64-efi/raid5rec.module
usr/lib/grub/riscv64-efi/raid6rec.mod
@@ -387,6 +412,8 @@ usr/lib/grub/riscv64-efi/reiserfs.mod
usr/lib/grub/riscv64-efi/reiserfs.module
usr/lib/grub/riscv64-efi/romfs.mod
usr/lib/grub/riscv64-efi/romfs.module
+usr/lib/grub/riscv64-efi/rsa_sexp_test.mod
+usr/lib/grub/riscv64-efi/rsa_sexp_test.module
usr/lib/grub/riscv64-efi/scsi.mod
usr/lib/grub/riscv64-efi/scsi.module
usr/lib/grub/riscv64-efi/search.mod
@@ -444,12 +471,16 @@ usr/lib/grub/riscv64-efi/time.mod
usr/lib/grub/riscv64-efi/time.module
usr/lib/grub/riscv64-efi/tpm.mod
usr/lib/grub/riscv64-efi/tpm.module
+usr/lib/grub/riscv64-efi/tpm2_key_protector.mod
+usr/lib/grub/riscv64-efi/tpm2_key_protector.module
usr/lib/grub/riscv64-efi/tr.mod
usr/lib/grub/riscv64-efi/tr.module
usr/lib/grub/riscv64-efi/trig.mod
usr/lib/grub/riscv64-efi/trig.module
usr/lib/grub/riscv64-efi/true.mod
usr/lib/grub/riscv64-efi/true.module
+usr/lib/grub/riscv64-efi/tss2.mod
+usr/lib/grub/riscv64-efi/tss2.module
usr/lib/grub/riscv64-efi/udf.mod
usr/lib/grub/riscv64-efi/udf.module
usr/lib/grub/riscv64-efi/ufs1.mod
@@ -496,6 +527,19 @@ usr/sbin/grub-probe
usr/sbin/grub-reboot
usr/sbin/grub-set-default
usr/sbin/grub-sparc64-setup
+usr/share/bash-completion/completions/grub
+usr/share/bash-completion/completions/grub-bios-setup
+usr/share/bash-completion/completions/grub-editenv
+usr/share/bash-completion/completions/grub-install
+usr/share/bash-completion/completions/grub-mkconfig
+usr/share/bash-completion/completions/grub-mkfont
+usr/share/bash-completion/completions/grub-mkimage
+usr/share/bash-completion/completions/grub-mkpasswd-pbkdf2
+usr/share/bash-completion/completions/grub-probe
+usr/share/bash-completion/completions/grub-reboot
+usr/share/bash-completion/completions/grub-script-check
+usr/share/bash-completion/completions/grub-set-default
+usr/share/bash-completion/completions/grub-sparc64-setup
#usr/share/grub
#usr/share/grub/ascii.h
usr/share/grub/ascii.pf2
@@ -507,63 +551,6 @@ usr/share/grub/unicode.pf2
#usr/share/info/grub.info
#usr/share/info/grub.info-1
#usr/share/info/grub.info-2
-#usr/share/locale/ast/LC_MESSAGES/grub.mo
-#usr/share/locale/ca/LC_MESSAGES/grub.mo
-#usr/share/locale/da/LC_MESSAGES/grub.mo
-#usr/share/locale/de/LC_MESSAGES/grub.mo
-#usr/share/locale/de@hebrew
-#usr/share/locale/de@hebrew/LC_MESSAGES
-#usr/share/locale/de@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/de_CH
-#usr/share/locale/de_CH/LC_MESSAGES
-#usr/share/locale/de_CH/LC_MESSAGES/grub.mo
-#usr/share/locale/en@arabic
-#usr/share/locale/en@arabic/LC_MESSAGES
-#usr/share/locale/en@arabic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@cyrillic
-#usr/share/locale/en@cyrillic/LC_MESSAGES
-#usr/share/locale/en@cyrillic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@greek
-#usr/share/locale/en@greek/LC_MESSAGES
-#usr/share/locale/en@greek/LC_MESSAGES/grub.mo
-#usr/share/locale/en@hebrew
-#usr/share/locale/en@hebrew/LC_MESSAGES
-#usr/share/locale/en@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/en@piglatin
-#usr/share/locale/en@piglatin/LC_MESSAGES
-#usr/share/locale/en@piglatin/LC_MESSAGES/grub.mo
-#usr/share/locale/en@quot/LC_MESSAGES/grub.mo
-#usr/share/locale/eo/LC_MESSAGES/grub.mo
-#usr/share/locale/es/LC_MESSAGES/grub.mo
-#usr/share/locale/fi/LC_MESSAGES/grub.mo
-#usr/share/locale/fr/LC_MESSAGES/grub.mo
-#usr/share/locale/gl/LC_MESSAGES/grub.mo
-#usr/share/locale/he/LC_MESSAGES/grub.mo
-#usr/share/locale/hr/LC_MESSAGES/grub.mo
-#usr/share/locale/hu/LC_MESSAGES/grub.mo
-#usr/share/locale/id/LC_MESSAGES/grub.mo
-#usr/share/locale/it/LC_MESSAGES/grub.mo
-#usr/share/locale/ja/LC_MESSAGES/grub.mo
-#usr/share/locale/ka/LC_MESSAGES/grub.mo
-#usr/share/locale/ko/LC_MESSAGES/grub.mo
-#usr/share/locale/lg/LC_MESSAGES/grub.mo
-#usr/share/locale/lt/LC_MESSAGES/grub.mo
-#usr/share/locale/nb/LC_MESSAGES/grub.mo
-#usr/share/locale/nl/LC_MESSAGES/grub.mo
-#usr/share/locale/pa/LC_MESSAGES/grub.mo
-#usr/share/locale/pl/LC_MESSAGES/grub.mo
-#usr/share/locale/pt/LC_MESSAGES/grub.mo
-#usr/share/locale/pt_BR/LC_MESSAGES/grub.mo
-#usr/share/locale/ro/LC_MESSAGES/grub.mo
-#usr/share/locale/ru/LC_MESSAGES/grub.mo
-#usr/share/locale/sl/LC_MESSAGES/grub.mo
-#usr/share/locale/sr/LC_MESSAGES/grub.mo
-#usr/share/locale/sv/LC_MESSAGES/grub.mo
-#usr/share/locale/tr/LC_MESSAGES/grub.mo
-#usr/share/locale/uk/LC_MESSAGES/grub.mo
-#usr/share/locale/vi/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_CN/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_TW/LC_MESSAGES/grub.mo
#usr/share/man/man1/grub-editenv.1
#usr/share/man/man1/grub-file.1
#usr/share/man/man1/grub-fstest.1
@@ -578,6 +565,7 @@ usr/share/grub/unicode.pf2
#usr/share/man/man1/grub-mkrelpath.1
#usr/share/man/man1/grub-mkrescue.1
#usr/share/man/man1/grub-mkstandalone.1
+#usr/share/man/man1/grub-protect.1
#usr/share/man/man1/grub-render-label.1
#usr/share/man/man1/grub-script-check.1
#usr/share/man/man1/grub-syslinux2cfg.1
diff --git a/config/rootfiles/common/x86_64/grub b/config/rootfiles/common/x86_64/grub
index 548c40a1f..90dc90800 100644
--- a/config/rootfiles/common/x86_64/grub
+++ b/config/rootfiles/common/x86_64/grub
@@ -1,8 +1,6 @@
#boot/grub
boot/grub/grub.cfg
boot/grub/splash.png
-#etc/bash_completion.d
-#etc/bash_completion.d/grub
#etc/default
etc/default/grub
#etc/grub.d
@@ -30,6 +28,7 @@ usr/bin/grub-mkpasswd-pbkdf2
usr/bin/grub-mkrelpath
usr/bin/grub-mkrescue
usr/bin/grub-mkstandalone
+usr/bin/grub-protect
usr/bin/grub-render-label
usr/bin/grub-script-check
usr/bin/grub-syslinux2cfg
@@ -53,6 +52,10 @@ usr/lib/grub/i386-pc/aout.mod
usr/lib/grub/i386-pc/aout.module
usr/lib/grub/i386-pc/archelp.mod
usr/lib/grub/i386-pc/archelp.module
+usr/lib/grub/i386-pc/asn1.mod
+usr/lib/grub/i386-pc/asn1.module
+usr/lib/grub/i386-pc/asn1_test.mod
+usr/lib/grub/i386-pc/asn1_test.module
usr/lib/grub/i386-pc/at_keyboard.mod
usr/lib/grub/i386-pc/at_keyboard.module
usr/lib/grub/i386-pc/ata.mod
@@ -99,8 +102,6 @@ usr/lib/grub/i386-pc/cdboot.image
usr/lib/grub/i386-pc/cdboot.img
usr/lib/grub/i386-pc/chain.mod
usr/lib/grub/i386-pc/chain.module
-usr/lib/grub/i386-pc/cmdline_cat_test.mod
-usr/lib/grub/i386-pc/cmdline_cat_test.module
usr/lib/grub/i386-pc/cmosdump.mod
usr/lib/grub/i386-pc/cmosdump.module
usr/lib/grub/i386-pc/cmostest.mod
@@ -150,6 +151,8 @@ usr/lib/grub/i386-pc/dm_nv.mod
usr/lib/grub/i386-pc/dm_nv.module
usr/lib/grub/i386-pc/drivemap.mod
usr/lib/grub/i386-pc/drivemap.module
+usr/lib/grub/i386-pc/dsa_sexp_test.mod
+usr/lib/grub/i386-pc/dsa_sexp_test.module
usr/lib/grub/i386-pc/echo.mod
usr/lib/grub/i386-pc/echo.module
usr/lib/grub/i386-pc/efiemu.mod
@@ -158,6 +161,8 @@ usr/lib/grub/i386-pc/ehci.mod
usr/lib/grub/i386-pc/ehci.module
usr/lib/grub/i386-pc/elf.mod
usr/lib/grub/i386-pc/elf.module
+usr/lib/grub/i386-pc/erofs.mod
+usr/lib/grub/i386-pc/erofs.module
usr/lib/grub/i386-pc/eval.mod
usr/lib/grub/i386-pc/eval.module
usr/lib/grub/i386-pc/exfat.mod
@@ -186,6 +191,10 @@ usr/lib/grub/i386-pc/functional_test.mod
usr/lib/grub/i386-pc/functional_test.module
usr/lib/grub/i386-pc/gcry_arcfour.mod
usr/lib/grub/i386-pc/gcry_arcfour.module
+usr/lib/grub/i386-pc/gcry_aria.mod
+usr/lib/grub/i386-pc/gcry_aria.module
+usr/lib/grub/i386-pc/gcry_blake2.mod
+usr/lib/grub/i386-pc/gcry_blake2.module
usr/lib/grub/i386-pc/gcry_blowfish.mod
usr/lib/grub/i386-pc/gcry_blowfish.module
usr/lib/grub/i386-pc/gcry_camellia.mod
@@ -198,8 +207,14 @@ usr/lib/grub/i386-pc/gcry_des.mod
usr/lib/grub/i386-pc/gcry_des.module
usr/lib/grub/i386-pc/gcry_dsa.mod
usr/lib/grub/i386-pc/gcry_dsa.module
+usr/lib/grub/i386-pc/gcry_gost28147.mod
+usr/lib/grub/i386-pc/gcry_gost28147.module
+usr/lib/grub/i386-pc/gcry_gostr3411_94.mod
+usr/lib/grub/i386-pc/gcry_gostr3411_94.module
usr/lib/grub/i386-pc/gcry_idea.mod
usr/lib/grub/i386-pc/gcry_idea.module
+usr/lib/grub/i386-pc/gcry_keccak.mod
+usr/lib/grub/i386-pc/gcry_keccak.module
usr/lib/grub/i386-pc/gcry_md4.mod
usr/lib/grub/i386-pc/gcry_md4.module
usr/lib/grub/i386-pc/gcry_md5.mod
@@ -212,6 +227,8 @@ usr/lib/grub/i386-pc/gcry_rmd160.mod
usr/lib/grub/i386-pc/gcry_rmd160.module
usr/lib/grub/i386-pc/gcry_rsa.mod
usr/lib/grub/i386-pc/gcry_rsa.module
+usr/lib/grub/i386-pc/gcry_salsa20.mod
+usr/lib/grub/i386-pc/gcry_salsa20.module
usr/lib/grub/i386-pc/gcry_seed.mod
usr/lib/grub/i386-pc/gcry_seed.module
usr/lib/grub/i386-pc/gcry_serpent.mod
@@ -222,6 +239,12 @@ usr/lib/grub/i386-pc/gcry_sha256.mod
usr/lib/grub/i386-pc/gcry_sha256.module
usr/lib/grub/i386-pc/gcry_sha512.mod
usr/lib/grub/i386-pc/gcry_sha512.module
+usr/lib/grub/i386-pc/gcry_sm3.mod
+usr/lib/grub/i386-pc/gcry_sm3.module
+usr/lib/grub/i386-pc/gcry_sm4.mod
+usr/lib/grub/i386-pc/gcry_sm4.module
+usr/lib/grub/i386-pc/gcry_stribog.mod
+usr/lib/grub/i386-pc/gcry_stribog.module
usr/lib/grub/i386-pc/gcry_tiger.mod
usr/lib/grub/i386-pc/gcry_tiger.module
usr/lib/grub/i386-pc/gcry_twofish.mod
@@ -242,8 +265,6 @@ usr/lib/grub/i386-pc/gfxterm.mod
usr/lib/grub/i386-pc/gfxterm.module
usr/lib/grub/i386-pc/gfxterm_background.mod
usr/lib/grub/i386-pc/gfxterm_background.module
-usr/lib/grub/i386-pc/gfxterm_menu.mod
-usr/lib/grub/i386-pc/gfxterm_menu.module
usr/lib/grub/i386-pc/gptsync.mod
usr/lib/grub/i386-pc/gptsync.module
usr/lib/grub/i386-pc/gzio.mod
@@ -280,6 +301,8 @@ usr/lib/grub/i386-pc/json.mod
usr/lib/grub/i386-pc/json.module
usr/lib/grub/i386-pc/kernel.exec
usr/lib/grub/i386-pc/kernel.img
+usr/lib/grub/i386-pc/key_protector.mod
+usr/lib/grub/i386-pc/key_protector.module
usr/lib/grub/i386-pc/keylayouts.mod
usr/lib/grub/i386-pc/keylayouts.module
usr/lib/grub/i386-pc/keystatus.mod
@@ -446,6 +469,8 @@ usr/lib/grub/i386-pc/procfs.mod
usr/lib/grub/i386-pc/procfs.module
usr/lib/grub/i386-pc/progress.mod
usr/lib/grub/i386-pc/progress.module
+usr/lib/grub/i386-pc/pubkey.mod
+usr/lib/grub/i386-pc/pubkey.module
usr/lib/grub/i386-pc/pxe.mod
usr/lib/grub/i386-pc/pxe.module
usr/lib/grub/i386-pc/pxeboot.image
@@ -472,6 +497,8 @@ usr/lib/grub/i386-pc/relocator.mod
usr/lib/grub/i386-pc/relocator.module
usr/lib/grub/i386-pc/romfs.mod
usr/lib/grub/i386-pc/romfs.module
+usr/lib/grub/i386-pc/rsa_sexp_test.mod
+usr/lib/grub/i386-pc/rsa_sexp_test.module
usr/lib/grub/i386-pc/scsi.mod
usr/lib/grub/i386-pc/scsi.module
usr/lib/grub/i386-pc/search.mod
@@ -631,6 +658,10 @@ usr/lib/grub/x86_64-efi/appleldr.mod
usr/lib/grub/x86_64-efi/appleldr.module
usr/lib/grub/x86_64-efi/archelp.mod
usr/lib/grub/x86_64-efi/archelp.module
+usr/lib/grub/x86_64-efi/asn1.mod
+usr/lib/grub/x86_64-efi/asn1.module
+usr/lib/grub/x86_64-efi/asn1_test.mod
+usr/lib/grub/x86_64-efi/asn1_test.module
usr/lib/grub/x86_64-efi/at_keyboard.mod
usr/lib/grub/x86_64-efi/at_keyboard.module
usr/lib/grub/x86_64-efi/ata.mod
@@ -671,8 +702,10 @@ usr/lib/grub/x86_64-efi/cbtime.mod
usr/lib/grub/x86_64-efi/cbtime.module
usr/lib/grub/x86_64-efi/chain.mod
usr/lib/grub/x86_64-efi/chain.module
-usr/lib/grub/x86_64-efi/cmdline_cat_test.mod
-usr/lib/grub/x86_64-efi/cmdline_cat_test.module
+usr/lib/grub/x86_64-efi/cmosdump.mod
+usr/lib/grub/x86_64-efi/cmosdump.module
+usr/lib/grub/x86_64-efi/cmostest.mod
+usr/lib/grub/x86_64-efi/cmostest.module
usr/lib/grub/x86_64-efi/cmp.mod
usr/lib/grub/x86_64-efi/cmp.module
usr/lib/grub/x86_64-efi/cmp_test.mod
@@ -714,6 +747,8 @@ usr/lib/grub/x86_64-efi/div_test.mod
usr/lib/grub/x86_64-efi/div_test.module
usr/lib/grub/x86_64-efi/dm_nv.mod
usr/lib/grub/x86_64-efi/dm_nv.module
+usr/lib/grub/x86_64-efi/dsa_sexp_test.mod
+usr/lib/grub/x86_64-efi/dsa_sexp_test.module
usr/lib/grub/x86_64-efi/echo.mod
usr/lib/grub/x86_64-efi/echo.module
usr/lib/grub/x86_64-efi/efi_gop.mod
@@ -730,6 +765,8 @@ usr/lib/grub/x86_64-efi/ehci.mod
usr/lib/grub/x86_64-efi/ehci.module
usr/lib/grub/x86_64-efi/elf.mod
usr/lib/grub/x86_64-efi/elf.module
+usr/lib/grub/x86_64-efi/erofs.mod
+usr/lib/grub/x86_64-efi/erofs.module
usr/lib/grub/x86_64-efi/eval.mod
usr/lib/grub/x86_64-efi/eval.module
usr/lib/grub/x86_64-efi/exfat.mod
@@ -758,6 +795,10 @@ usr/lib/grub/x86_64-efi/functional_test.mod
usr/lib/grub/x86_64-efi/functional_test.module
usr/lib/grub/x86_64-efi/gcry_arcfour.mod
usr/lib/grub/x86_64-efi/gcry_arcfour.module
+usr/lib/grub/x86_64-efi/gcry_aria.mod
+usr/lib/grub/x86_64-efi/gcry_aria.module
+usr/lib/grub/x86_64-efi/gcry_blake2.mod
+usr/lib/grub/x86_64-efi/gcry_blake2.module
usr/lib/grub/x86_64-efi/gcry_blowfish.mod
usr/lib/grub/x86_64-efi/gcry_blowfish.module
usr/lib/grub/x86_64-efi/gcry_camellia.mod
@@ -770,8 +811,14 @@ usr/lib/grub/x86_64-efi/gcry_des.mod
usr/lib/grub/x86_64-efi/gcry_des.module
usr/lib/grub/x86_64-efi/gcry_dsa.mod
usr/lib/grub/x86_64-efi/gcry_dsa.module
+usr/lib/grub/x86_64-efi/gcry_gost28147.mod
+usr/lib/grub/x86_64-efi/gcry_gost28147.module
+usr/lib/grub/x86_64-efi/gcry_gostr3411_94.mod
+usr/lib/grub/x86_64-efi/gcry_gostr3411_94.module
usr/lib/grub/x86_64-efi/gcry_idea.mod
usr/lib/grub/x86_64-efi/gcry_idea.module
+usr/lib/grub/x86_64-efi/gcry_keccak.mod
+usr/lib/grub/x86_64-efi/gcry_keccak.module
usr/lib/grub/x86_64-efi/gcry_md4.mod
usr/lib/grub/x86_64-efi/gcry_md4.module
usr/lib/grub/x86_64-efi/gcry_md5.mod
@@ -784,6 +831,8 @@ usr/lib/grub/x86_64-efi/gcry_rmd160.mod
usr/lib/grub/x86_64-efi/gcry_rmd160.module
usr/lib/grub/x86_64-efi/gcry_rsa.mod
usr/lib/grub/x86_64-efi/gcry_rsa.module
+usr/lib/grub/x86_64-efi/gcry_salsa20.mod
+usr/lib/grub/x86_64-efi/gcry_salsa20.module
usr/lib/grub/x86_64-efi/gcry_seed.mod
usr/lib/grub/x86_64-efi/gcry_seed.module
usr/lib/grub/x86_64-efi/gcry_serpent.mod
@@ -794,6 +843,12 @@ usr/lib/grub/x86_64-efi/gcry_sha256.mod
usr/lib/grub/x86_64-efi/gcry_sha256.module
usr/lib/grub/x86_64-efi/gcry_sha512.mod
usr/lib/grub/x86_64-efi/gcry_sha512.module
+usr/lib/grub/x86_64-efi/gcry_sm3.mod
+usr/lib/grub/x86_64-efi/gcry_sm3.module
+usr/lib/grub/x86_64-efi/gcry_sm4.mod
+usr/lib/grub/x86_64-efi/gcry_sm4.module
+usr/lib/grub/x86_64-efi/gcry_stribog.mod
+usr/lib/grub/x86_64-efi/gcry_stribog.module
usr/lib/grub/x86_64-efi/gcry_tiger.mod
usr/lib/grub/x86_64-efi/gcry_tiger.module
usr/lib/grub/x86_64-efi/gcry_twofish.mod
@@ -812,8 +867,6 @@ usr/lib/grub/x86_64-efi/gfxterm.mod
usr/lib/grub/x86_64-efi/gfxterm.module
usr/lib/grub/x86_64-efi/gfxterm_background.mod
usr/lib/grub/x86_64-efi/gfxterm_background.module
-usr/lib/grub/x86_64-efi/gfxterm_menu.mod
-usr/lib/grub/x86_64-efi/gfxterm_menu.module
usr/lib/grub/x86_64-efi/gptsync.mod
usr/lib/grub/x86_64-efi/gptsync.module
usr/lib/grub/x86_64-efi/gzio.mod
@@ -850,6 +903,8 @@ usr/lib/grub/x86_64-efi/json.mod
usr/lib/grub/x86_64-efi/json.module
usr/lib/grub/x86_64-efi/kernel.exec
usr/lib/grub/x86_64-efi/kernel.img
+usr/lib/grub/x86_64-efi/key_protector.mod
+usr/lib/grub/x86_64-efi/key_protector.module
usr/lib/grub/x86_64-efi/keylayouts.mod
usr/lib/grub/x86_64-efi/keylayouts.module
usr/lib/grub/x86_64-efi/keystatus.mod
@@ -1012,6 +1067,8 @@ usr/lib/grub/x86_64-efi/procfs.mod
usr/lib/grub/x86_64-efi/procfs.module
usr/lib/grub/x86_64-efi/progress.mod
usr/lib/grub/x86_64-efi/progress.module
+usr/lib/grub/x86_64-efi/pubkey.mod
+usr/lib/grub/x86_64-efi/pubkey.module
usr/lib/grub/x86_64-efi/raid5rec.mod
usr/lib/grub/x86_64-efi/raid5rec.module
usr/lib/grub/x86_64-efi/raid6rec.mod
@@ -1032,6 +1089,8 @@ usr/lib/grub/x86_64-efi/relocator.mod
usr/lib/grub/x86_64-efi/relocator.module
usr/lib/grub/x86_64-efi/romfs.mod
usr/lib/grub/x86_64-efi/romfs.module
+usr/lib/grub/x86_64-efi/rsa_sexp_test.mod
+usr/lib/grub/x86_64-efi/rsa_sexp_test.module
usr/lib/grub/x86_64-efi/scsi.mod
usr/lib/grub/x86_64-efi/scsi.module
usr/lib/grub/x86_64-efi/search.mod
@@ -1093,12 +1152,16 @@ usr/lib/grub/x86_64-efi/time.mod
usr/lib/grub/x86_64-efi/time.module
usr/lib/grub/x86_64-efi/tpm.mod
usr/lib/grub/x86_64-efi/tpm.module
+usr/lib/grub/x86_64-efi/tpm2_key_protector.mod
+usr/lib/grub/x86_64-efi/tpm2_key_protector.module
usr/lib/grub/x86_64-efi/tr.mod
usr/lib/grub/x86_64-efi/tr.module
usr/lib/grub/x86_64-efi/trig.mod
usr/lib/grub/x86_64-efi/trig.module
usr/lib/grub/x86_64-efi/true.mod
usr/lib/grub/x86_64-efi/true.module
+usr/lib/grub/x86_64-efi/tss2.mod
+usr/lib/grub/x86_64-efi/tss2.module
usr/lib/grub/x86_64-efi/udf.mod
usr/lib/grub/x86_64-efi/udf.module
usr/lib/grub/x86_64-efi/ufs1.mod
@@ -1171,6 +1234,19 @@ usr/sbin/grub-probe
usr/sbin/grub-reboot
usr/sbin/grub-set-default
usr/sbin/grub-sparc64-setup
+usr/share/bash-completion/completions/grub
+usr/share/bash-completion/completions/grub-bios-setup
+usr/share/bash-completion/completions/grub-editenv
+usr/share/bash-completion/completions/grub-install
+usr/share/bash-completion/completions/grub-mkconfig
+usr/share/bash-completion/completions/grub-mkfont
+usr/share/bash-completion/completions/grub-mkimage
+usr/share/bash-completion/completions/grub-mkpasswd-pbkdf2
+usr/share/bash-completion/completions/grub-probe
+usr/share/bash-completion/completions/grub-reboot
+usr/share/bash-completion/completions/grub-script-check
+usr/share/bash-completion/completions/grub-set-default
+usr/share/bash-completion/completions/grub-sparc64-setup
#usr/share/grub
#usr/share/grub/ascii.h
usr/share/grub/ascii.pf2
@@ -1182,63 +1258,6 @@ usr/share/grub/unicode.pf2
#usr/share/info/grub.info
#usr/share/info/grub.info-1
#usr/share/info/grub.info-2
-#usr/share/locale/ast/LC_MESSAGES/grub.mo
-#usr/share/locale/ca/LC_MESSAGES/grub.mo
-#usr/share/locale/da/LC_MESSAGES/grub.mo
-#usr/share/locale/de/LC_MESSAGES/grub.mo
-#usr/share/locale/de@hebrew
-#usr/share/locale/de@hebrew/LC_MESSAGES
-#usr/share/locale/de@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/de_CH
-#usr/share/locale/de_CH/LC_MESSAGES
-#usr/share/locale/de_CH/LC_MESSAGES/grub.mo
-#usr/share/locale/en@arabic
-#usr/share/locale/en@arabic/LC_MESSAGES
-#usr/share/locale/en@arabic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@cyrillic
-#usr/share/locale/en@cyrillic/LC_MESSAGES
-#usr/share/locale/en@cyrillic/LC_MESSAGES/grub.mo
-#usr/share/locale/en@greek
-#usr/share/locale/en@greek/LC_MESSAGES
-#usr/share/locale/en@greek/LC_MESSAGES/grub.mo
-#usr/share/locale/en@hebrew
-#usr/share/locale/en@hebrew/LC_MESSAGES
-#usr/share/locale/en@hebrew/LC_MESSAGES/grub.mo
-#usr/share/locale/en@piglatin
-#usr/share/locale/en@piglatin/LC_MESSAGES
-#usr/share/locale/en@piglatin/LC_MESSAGES/grub.mo
-#usr/share/locale/en@quot/LC_MESSAGES/grub.mo
-#usr/share/locale/eo/LC_MESSAGES/grub.mo
-#usr/share/locale/es/LC_MESSAGES/grub.mo
-#usr/share/locale/fi/LC_MESSAGES/grub.mo
-#usr/share/locale/fr/LC_MESSAGES/grub.mo
-#usr/share/locale/gl/LC_MESSAGES/grub.mo
-#usr/share/locale/he/LC_MESSAGES/grub.mo
-#usr/share/locale/hr/LC_MESSAGES/grub.mo
-#usr/share/locale/hu/LC_MESSAGES/grub.mo
-#usr/share/locale/id/LC_MESSAGES/grub.mo
-#usr/share/locale/it/LC_MESSAGES/grub.mo
-#usr/share/locale/ja/LC_MESSAGES/grub.mo
-#usr/share/locale/ka/LC_MESSAGES/grub.mo
-#usr/share/locale/ko/LC_MESSAGES/grub.mo
-#usr/share/locale/lg/LC_MESSAGES/grub.mo
-#usr/share/locale/lt/LC_MESSAGES/grub.mo
-#usr/share/locale/nb/LC_MESSAGES/grub.mo
-#usr/share/locale/nl/LC_MESSAGES/grub.mo
-#usr/share/locale/pa/LC_MESSAGES/grub.mo
-#usr/share/locale/pl/LC_MESSAGES/grub.mo
-#usr/share/locale/pt/LC_MESSAGES/grub.mo
-#usr/share/locale/pt_BR/LC_MESSAGES/grub.mo
-#usr/share/locale/ro/LC_MESSAGES/grub.mo
-#usr/share/locale/ru/LC_MESSAGES/grub.mo
-#usr/share/locale/sl/LC_MESSAGES/grub.mo
-#usr/share/locale/sr/LC_MESSAGES/grub.mo
-#usr/share/locale/sv/LC_MESSAGES/grub.mo
-#usr/share/locale/tr/LC_MESSAGES/grub.mo
-#usr/share/locale/uk/LC_MESSAGES/grub.mo
-#usr/share/locale/vi/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_CN/LC_MESSAGES/grub.mo
-#usr/share/locale/zh_TW/LC_MESSAGES/grub.mo
#usr/share/man/man1/grub-editenv.1
#usr/share/man/man1/grub-file.1
#usr/share/man/man1/grub-fstest.1
@@ -1253,6 +1272,7 @@ usr/share/grub/unicode.pf2
#usr/share/man/man1/grub-mkrelpath.1
#usr/share/man/man1/grub-mkrescue.1
#usr/share/man/man1/grub-mkstandalone.1
+#usr/share/man/man1/grub-protect.1
#usr/share/man/man1/grub-render-label.1
#usr/share/man/man1/grub-script-check.1
#usr/share/man/man1/grub-syslinux2cfg.1
diff --git a/lfs/grub b/lfs/grub
index 91dda242c..2ff91f7ee 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.12
+VER = 0e36779-bootstrapped
THISAPP = grub-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -61,7 +61,7 @@ objects = $(DL_FILE) \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
unifont-7.0.03.pcf.gz = $(DL_FROM)/unifont-7.0.03.pcf.gz
-$(DL_FILE)_BLAKE2 = a678f7fafb945d325c8cf47aa086f48357a8f6335b762f77038c30a3896b3b05491598d9931d5335841d224fffcbe4a9a43ca1479057c1f1ce52b8d2a952c431
+$(DL_FILE)_BLAKE2 = 4e006b3e852403eaed348de188406656a6d8cdff14a1394dd7cf3ada45218e4f4cfd3ee4a4b235633cbee7ea87a49a267c44e48105095ebb13d8192382bd8ce2
unifont-7.0.03.pcf.gz_BLAKE2 = fb96c1786fcc8c77796c90ce30a2b7d544013bd62cedbf7b027e1894fe75cdbd2044717796cb0e3150db1457fcb58076491d9c0b855621b652fb9a52c0793469
install : $(TARGET)
@@ -96,7 +96,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.02_disable_vga_fallback.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
cd $(DIR_APP) && [ ! -e grub-core/extra_deps.lst ] && echo 'depends bli part_gpt' > grub-core/extra_deps.lst
- cd $(DIR_APP) && autoreconf -vfi
+ #cd $(DIR_APP) && autoreconf -vfi
# Install unifont
cp -v $(DIR_DL)/unifont-7.0.03.pcf.gz $(DIR_APP)/unifont.pcf.gz
--
2.50.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-11 9:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-11 9:35 [PATCH] grub: Fix CVE's by updating to version 2.12 with commit 0e36779 Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox