sys-boot/grub/grub-2.06.ebuild - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2

 EAPI="6"

 inherit bash-completion-r1 eutils toolchain-funcs multiprocessing

 DESCRIPTION="GNU GRUB 2 boot loader"
 HOMEPAGE="http://www.gnu.org/software/grub/"
 SRC_URI="ftp://ftp.gnu.org/gnu/grub/${P}.tar.xz"

 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="-* amd64"

 PROVIDE="virtual/bootloader"

 export STRIP_MASK="*.img *.mod *.module"

 # The ordering doesn't seem to matter.
 PLATFORMS=( "efi" "pc" )
 TARGETS=( "i386" "x86_64" )

 PATCHES=(
 	"${FILESDIR}/0001-Forward-port-ChromeOS-specific-GRUB-environment-vari.patch"
 	"${FILESDIR}/0002-Forward-port-gptpriority-command-to-GRUB-2.00.patch"
 	"${FILESDIR}/0003-Add-configure-option-to-reduce-visual-clutter-at-boo.patch"
 	"${FILESDIR}/0004-configure-Remove-obsoleted-malign-jumps-loops-functions.patch"
 	"${FILESDIR}/0005-configure-Check-for-falign-jumps-1-beside-falign-loops-1.patch"
 	"${FILESDIR}/0006-configure-replace-wl-r-d-fno-common.patch"

 	# Apply these upstream cosmetic patches so that the security patches
 	# below apply without conflicts.
 	"${FILESDIR}/0007-net-Remove-trailing-whitespaces.patch"
 	"${FILESDIR}/0008-video-Remove-trailing-whitespaces.patch"

 	# Security patches for the 2022/06/07 vulnerabilities:
 	# https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
 	#
 	# Generated from the grub repo with:
 	# git format-patch --start-number 9 1469983eb~..2f4430cc0
 	"${FILESDIR}/0009-loader-efi-chainloader-Simplify-the-loader-state.patch"
 	"${FILESDIR}/0010-commands-boot-Add-API-to-pass-context-to-loader.patch"
 	"${FILESDIR}/0011-loader-efi-chainloader-Use-grub_loader_set_ex.patch"
 	"${FILESDIR}/0012-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch"
 	"${FILESDIR}/0013-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch"
 	"${FILESDIR}/0014-video-readers-png-Abort-sooner-if-a-read-operation-f.patch"
 	"${FILESDIR}/0015-video-readers-png-Refuse-to-handle-multiple-image-he.patch"
 	"${FILESDIR}/0016-video-readers-png-Drop-greyscale-support-to-fix-heap.patch"
 	"${FILESDIR}/0017-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch"
 	"${FILESDIR}/0018-video-readers-png-Sanity-check-some-huffman-codes.patch"
 	"${FILESDIR}/0019-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch"
 	"${FILESDIR}/0020-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch"
 	"${FILESDIR}/0021-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch"
 	"${FILESDIR}/0022-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch"
 	"${FILESDIR}/0023-normal-charset-Fix-array-out-of-bounds-formatting-un.patch"
 	"${FILESDIR}/0024-net-ip-Do-IP-fragment-maths-safely.patch"
 	"${FILESDIR}/0025-net-netbuff-Block-overly-large-netbuff-allocs.patch"
 	"${FILESDIR}/0026-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch"
 	"${FILESDIR}/0027-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch"
 	"${FILESDIR}/0028-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch"
 	"${FILESDIR}/0029-net-tftp-Avoid-a-trivial-UAF.patch"
 	"${FILESDIR}/0030-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch"
 	"${FILESDIR}/0031-net-http-Fix-OOB-write-for-split-http-headers.patch"
 	"${FILESDIR}/0032-net-http-Error-out-on-headers-with-LF-without-CR.patch"
 	"${FILESDIR}/0033-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch"
 	"${FILESDIR}/0034-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch"
 	"${FILESDIR}/0035-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch"
 	"${FILESDIR}/0036-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch"
 	"${FILESDIR}/0037-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch"
 	"${FILESDIR}/0038-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch"

 	"${FILESDIR}/0039-strip-interp-from-diskboot.patch"
 )

 src_prepare() {
 	default

 	bash autogen.sh || die
 }

 src_configure() {
 	local platform target
 	# Fix timestamps to prevent unnecessary rebuilding
 	find "${S}" -exec touch -r "${S}/configure" {} +
 	multijob_init
 	for platform in "${PLATFORMS[@]}" ; do
 		for target in "${TARGETS[@]}" ; do
 			mkdir -p ${target}-${platform}-build
 			pushd ${target}-${platform}-build >/dev/null
 			# GRUB defaults to a --program-prefix set based on target
 			# platform; explicitly set it to nothing to install unprefixed
 			# tools.  https://savannah.gnu.org/bugs/?39818
 			ECONF_SOURCE="${S}" multijob_child_init econf \
 				TARGET_CC="$(tc-getCC)" \
 				--disable-werror \
 				--disable-grub-mkfont \
 				--disable-grub-mount \
 				--disable-device-mapper \
 				--disable-efiemu \
 				--disable-libzfs \
 				--disable-nls \
 				--enable-quiet-boot \
 				--sbindir=/sbin \
 				--bindir=/bin \
 				--libdir=/$(get_libdir) \
 				--with-platform=${platform} \
 				--target=${target} \
 				--program-prefix=
 			popd >/dev/null
 		done
 	done
 	multijob_finish
 }

 src_compile() {
 	local platform target
 	multijob_init
 	for platform in "${PLATFORMS[@]}" ; do
 		for target in "${TARGETS[@]}" ; do
 			multijob_child_init \
 				emake -C ${target}-${platform}-build -j1
 		done
 	done
 	multijob_finish
 }

 src_install() {
 	local platform target
 	# The installations have several file conflicts that prevent
 	# parallel installation.
 	for platform in "${PLATFORMS[@]}" ; do
 		for target in "${TARGETS[@]}" ; do
 			emake -C ${target}-${platform}-build DESTDIR="${D}" \
 				install bashcompletiondir="$(get_bashcompdir)"
 		done
 	done
 }
	# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
	# Distributed under the terms of the GNU General Public License v2

	EAPI="6"

	inherit bash-completion-r1 eutils toolchain-funcs multiprocessing

	DESCRIPTION="GNU GRUB 2 boot loader"
	HOMEPAGE="http://www.gnu.org/software/grub/"
	SRC_URI="ftp://ftp.gnu.org/gnu/grub/${P}.tar.xz"

	LICENSE="GPL-3"
	SLOT="0"
	KEYWORDS="-* amd64"

	PROVIDE="virtual/bootloader"

	export STRIP_MASK=".img .mod *.module"

	# The ordering doesn't seem to matter.
	PLATFORMS=( "efi" "pc" )
	TARGETS=( "i386" "x86_64" )

	PATCHES=(
	"${FILESDIR}/0001-Forward-port-ChromeOS-specific-GRUB-environment-vari.patch"
	"${FILESDIR}/0002-Forward-port-gptpriority-command-to-GRUB-2.00.patch"
	"${FILESDIR}/0003-Add-configure-option-to-reduce-visual-clutter-at-boo.patch"
	"${FILESDIR}/0004-configure-Remove-obsoleted-malign-jumps-loops-functions.patch"
	"${FILESDIR}/0005-configure-Check-for-falign-jumps-1-beside-falign-loops-1.patch"
	"${FILESDIR}/0006-configure-replace-wl-r-d-fno-common.patch"

	# Apply these upstream cosmetic patches so that the security patches
	# below apply without conflicts.
	"${FILESDIR}/0007-net-Remove-trailing-whitespaces.patch"
	"${FILESDIR}/0008-video-Remove-trailing-whitespaces.patch"

	# Security patches for the 2022/06/07 vulnerabilities:
	# https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
	#
	# Generated from the grub repo with:
	# git format-patch --start-number 9 1469983eb~..2f4430cc0
	"${FILESDIR}/0009-loader-efi-chainloader-Simplify-the-loader-state.patch"
	"${FILESDIR}/0010-commands-boot-Add-API-to-pass-context-to-loader.patch"
	"${FILESDIR}/0011-loader-efi-chainloader-Use-grub_loader_set_ex.patch"
	"${FILESDIR}/0012-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch"
	"${FILESDIR}/0013-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch"
	"${FILESDIR}/0014-video-readers-png-Abort-sooner-if-a-read-operation-f.patch"
	"${FILESDIR}/0015-video-readers-png-Refuse-to-handle-multiple-image-he.patch"
	"${FILESDIR}/0016-video-readers-png-Drop-greyscale-support-to-fix-heap.patch"
	"${FILESDIR}/0017-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch"
	"${FILESDIR}/0018-video-readers-png-Sanity-check-some-huffman-codes.patch"
	"${FILESDIR}/0019-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch"
	"${FILESDIR}/0020-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch"
	"${FILESDIR}/0021-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch"
	"${FILESDIR}/0022-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch"
	"${FILESDIR}/0023-normal-charset-Fix-array-out-of-bounds-formatting-un.patch"
	"${FILESDIR}/0024-net-ip-Do-IP-fragment-maths-safely.patch"
	"${FILESDIR}/0025-net-netbuff-Block-overly-large-netbuff-allocs.patch"
	"${FILESDIR}/0026-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch"
	"${FILESDIR}/0027-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch"
	"${FILESDIR}/0028-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch"
	"${FILESDIR}/0029-net-tftp-Avoid-a-trivial-UAF.patch"
	"${FILESDIR}/0030-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch"
	"${FILESDIR}/0031-net-http-Fix-OOB-write-for-split-http-headers.patch"
	"${FILESDIR}/0032-net-http-Error-out-on-headers-with-LF-without-CR.patch"
	"${FILESDIR}/0033-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch"
	"${FILESDIR}/0034-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch"
	"${FILESDIR}/0035-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch"
	"${FILESDIR}/0036-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch"
	"${FILESDIR}/0037-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch"
	"${FILESDIR}/0038-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch"

	"${FILESDIR}/0039-strip-interp-from-diskboot.patch"
	)

	src_prepare() {
	default

	bash autogen.sh \|\| die
	}

	src_configure() {
	local platform target
	# Fix timestamps to prevent unnecessary rebuilding
	find "${S}" -exec touch -r "${S}/configure" {} +
	multijob_init
	for platform in "${PLATFORMS[@]}" ; do
	for target in "${TARGETS[@]}" ; do
	mkdir -p ${target}-${platform}-build
	pushd ${target}-${platform}-build >/dev/null
	# GRUB defaults to a --program-prefix set based on target
	# platform; explicitly set it to nothing to install unprefixed
	# tools. https://savannah.gnu.org/bugs/?39818
	ECONF_SOURCE="${S}" multijob_child_init econf \
	TARGET_CC="$(tc-getCC)" \
	--disable-werror \
	--disable-grub-mkfont \
	--disable-grub-mount \
	--disable-device-mapper \
	--disable-efiemu \
	--disable-libzfs \
	--disable-nls \
	--enable-quiet-boot \
	--sbindir=/sbin \
	--bindir=/bin \
	--libdir=/$(get_libdir) \
	--with-platform=${platform} \
	--target=${target} \
	--program-prefix=
	popd >/dev/null
	done
	done
	multijob_finish
	}

	src_compile() {
	local platform target
	multijob_init
	for platform in "${PLATFORMS[@]}" ; do
	for target in "${TARGETS[@]}" ; do
	multijob_child_init \
	emake -C ${target}-${platform}-build -j1
	done
	done
	multijob_finish
	}

	src_install() {
	local platform target
	# The installations have several file conflicts that prevent
	# parallel installation.
	for platform in "${PLATFORMS[@]}" ; do
	for target in "${TARGETS[@]}" ; do
	emake -C ${target}-${platform}-build DESTDIR="${D}" \
	install bashcompletiondir="$(get_bashcompdir)"
	done
	done
	}