backport some patches from upstream

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>

backport-kern-Check-for-NULL-when-closing-devices-and-disks.patch

@@ -0,0 +1,50 @@
+From d09387287b7bbd7770bc9d172cc0e06181183e02 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Fri, 26 May 2023 13:35:50 +0200
+Subject: kern: Check for NULL when closing devices and disks
+
+Add checks for NULL pointers to grub_device_close() and
+grub_disk_close() to make these functions more robust.
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=d09387287b7bbd7770bc9d172cc0e06181183e02
+Conflict:NA
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/kern/device.c | 3 +++
+ grub-core/kern/disk.c   | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/grub-core/kern/device.c b/grub-core/kern/device.c
+index f58b58c..2a6d81f 100644
+--- a/grub-core/kern/device.c
++++ b/grub-core/kern/device.c
+@@ -72,6 +72,9 @@ grub_device_open (const char *name)
+ grub_err_t
+ grub_device_close (grub_device_t device)
+ {
++  if (device == NULL)
++    return GRUB_ERR_NONE;
++
+   if (device->disk)
+     grub_disk_close (device->disk);
+ 
+diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c
+index 05a28ab..3ca8528 100644
+--- a/grub-core/kern/disk.c
++++ b/grub-core/kern/disk.c
+@@ -294,6 +294,10 @@ void
+ grub_disk_close (grub_disk_t disk)
+ {
+   grub_partition_t part;
++
++  if (disk == NULL)
++    return;
++
+   grub_dprintf ("disk", "Closing `%s'...\n", disk->name);
+ 
+   if (disk->dev && disk->dev->disk_close)
+-- 
+2.19.1
+

backport-kern-efi-mm-Fix-use-after-free-in-finish-boot-services.patch

@@ -0,0 +1,47 @@
+From 6f05a277961dc801ba6de4f0f3bc22184ae80b0f Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Mon, 22 May 2023 16:52:49 -0400
+Subject: kern/efi/mm: Fix use-after-free in finish boot services
+
+In grub-core/kern/efi/mm.c, grub_efi_finish_boot_services() has an instance
+where the memory for the variable finish_mmap_buf is freed, but on the next
+iteration of a while loop, grub_efi_get_memory_map() uses finish_mmap_buf. To
+prevent this, we can set finish_mmap_buf to NULL after the free.
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=6f05a277961dc801ba6de4f0f3bc22184ae80b0f
+Conflict:NA
+
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/kern/efi/mm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index 2be0e69..6a6fba8 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -263,6 +263,7 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf,
+ 				   &finish_desc_size, &finish_desc_version) <= 0)
+ 	{
+ 	  grub_free (finish_mmap_buf);
++	  finish_mmap_buf = NULL;
+ 	  return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map");
+ 	}
+ 
+@@ -274,10 +275,12 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf,
+       if (status != GRUB_EFI_INVALID_PARAMETER)
+ 	{
+ 	  grub_free (finish_mmap_buf);
++	  finish_mmap_buf = NULL;
+ 	  return grub_error (GRUB_ERR_IO, "couldn't terminate EFI services");
+ 	}
+ 
+       grub_free (finish_mmap_buf);
++      finish_mmap_buf = NULL;
+       grub_printf ("Trying to terminate EFI services again\n");
+     }
+   grub_efi_is_finished = 1;
+-- 
+cgit v1.1
+

backport-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch

@@ -0,0 +1,102 @@
+From 1be86fae1587cb8c53c2327971c8fc94fcb3234e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
+Date: Wed, 3 May 2023 12:21:31 +0200
+Subject: net/dns: Fix lookup error when no IPv6 is returned
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When trying to resolve DNS names into IP addresses, the DNS code fails
+from time to time with the following error:
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+error: ../../grub-core/net/dns.c:688:no DNS record found.
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+
+This happens when both IPv4 and IPv6 queries are performed against the
+DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as
+shown below:
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+grub> net_del_dns 192.168.122.1
+grub> net_add_dns 8.8.8.8
+grub> net_nslookup ipv4.test-ipv6.com
+error: ../../grub-core/net/dns.c:688:no DNS record found.
+grub> net_nslookup ipv4.test-ipv6.com
+216.218.228.115
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+
+The root cause is the code exiting prematurely when the data->addresses
+buffer has been allocated in recv_hook(), even if there was no address
+returned last time recv_hook() executed.
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=1be86fae1587cb8c53c2327971c8fc94fcb3234e
+Conflict:NA
+
+Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/net/dns.c | 22 ++++++----------------
+ 1 file changed, 6 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index 9760980..fcc09aa 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -261,7 +261,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+   /* Code apparently assumed that only one packet is received as response.
+      We may get multiple responses due to network condition, so check here
+      and quit early. */
+-  if (*data->addresses)
++  if (*data->naddresses)
+     goto out;
+ 
+   head = (struct dns_header *) nb->data;
+@@ -305,11 +305,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+       grub_uint32_t ttl = 0;
+       grub_uint16_t length;
+       if (ptr >= nb->tail)
+-	{
+-	  if (!*data->naddresses)
+-	    grub_free (*data->addresses);
+-	  goto out;
+-	}
++	goto out;
+       ignored = !check_name (ptr, nb->data, nb->tail, data->name);
+       while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
+ 	ptr += *ptr + 1;
+@@ -317,11 +313,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	ptr++;
+       ptr++;
+       if (ptr + 10 >= nb->tail)
+-	{
+-	  if (!*data->naddresses)
+-	    grub_free (*data->addresses);
+-	  goto out;
+-	}
++	goto out;
+       if (*ptr++ != 0)
+ 	ignored = 1;
+       class = *ptr++;
+@@ -337,11 +329,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+       length = *ptr++ << 8;
+       length |= *ptr++;
+       if (ptr + length > nb->tail)
+-	{
+-	  if (!*data->naddresses)
+-	    grub_free (*data->addresses);
+-	  goto out;
+-	}
++	goto out;
+       if (!ignored)
+ 	{
+ 	  if (ttl_all > ttl)
+@@ -428,6 +416,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+  out:
+   grub_netbuff_free (nb);
+   grub_free (redirect_save);
++  if (!*data->naddresses)
++    grub_free (*data->addresses);
+   return GRUB_ERR_NONE;
+ }
+ 
+-- 
+cgit v1.1

backport-net-dns-Fix-removal-of-DNS-server.patch

@@ -0,0 +1,49 @@
+From f301a9356b6338e983eae38debe69bbd3a417b1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
+Date: Fri, 28 Apr 2023 13:05:37 +0200
+Subject: net/dns: Fix removal of DNS server
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When deleting the DNS server, we get the following error message:
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+grub> net_del_dns 192.168.122.1
+error: ../../grub-core/net/dns.c:646:no DNS reply received.
+-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
+
+This happens because the implementation is broken, it does a "add"
+internally instead of a "delete".
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=f301a9356b6338e983eae38debe69bbd3a417b1a
+Conflict:NA
+
+Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/net/dns.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index afa3894..e51682d 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -765,11 +765,14 @@ grub_cmd_del_dns (struct grub_command *cmd __attribute__ ((unused)),
+ 
+   if (argc != 1)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+-  err = grub_net_resolve_address (args[1], &server);
++
++  err = grub_net_resolve_address (args[0], &server);
+   if (err)
+     return err;
+ 
+-  return grub_net_add_dns_server (&server);
++  grub_net_remove_dns_server (&server);
++
++  return GRUB_ERR_NONE;
+ }
+ 
+ static grub_command_t cmd, cmd_add, cmd_del, cmd_list;
+-- 
+cgit v1.1

backport-net-dns-Simplify-error-handling-of-recv_hook-function.patch

@@ -0,0 +1,141 @@
+From 6c0edcdc27568bb7ae9e5bd89ebc7b8c137f6bc0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
+Date: Wed, 3 May 2023 12:21:29 +0200
+Subject: net/dns: Simplify error handling of recv_hook() function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/net/dns.c?id=6c0edcdc27568bb7ae9e5bd89ebc7b8c137f6bc0
+Conflict:NA
+
+Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/net/dns.c | 50 +++++++++++++++------------------------------
+ 1 file changed, 16 insertions(+), 34 deletions(-)
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index e9edf5d..0aba533 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -262,42 +262,26 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+      We may get multiple responses due to network condition, so check here
+      and quit early. */
+   if (*data->addresses)
+-    {
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
+-    }
++    goto out;
+ 
+   head = (struct dns_header *) nb->data;
+   ptr = (grub_uint8_t *) (head + 1);
+   if (ptr >= nb->tail)
+-    {
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
+-    }
+-  
++    goto out;
++
+   if (head->id != data->id)
+-    {
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
+-    }
++    goto out;
+   if (!(head->flags & FLAGS_RESPONSE) || (head->flags & FLAGS_OPCODE))
+-    {
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
+-    }
++    goto out;
+   if (head->ra_z_r_code & ERRCODE_MASK)
+     {
+       data->dns_err = 1;
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
++      goto out;
+     }
+   for (i = 0; i < grub_be_to_cpu16 (head->qdcount); i++)
+     {
+       if (ptr >= nb->tail)
+-	{
+-	  grub_netbuff_free (nb);
+-	  return GRUB_ERR_NONE;
+-	}
++	goto out;
+       while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
+ 	ptr += *ptr + 1;
+       if (ptr < nb->tail && (*ptr & 0xc0))
+@@ -310,8 +294,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+   if (!*data->addresses)
+     {
+       grub_errno = GRUB_ERR_NONE;
+-      grub_netbuff_free (nb);
+-      return GRUB_ERR_NONE;
++      goto out;
+     }
+   reparse_ptr = ptr;
+  reparse:
+@@ -325,7 +308,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	{
+ 	  if (!*data->naddresses)
+ 	    grub_free (*data->addresses);
+-	  return GRUB_ERR_NONE;
++	  goto out;
+ 	}
+       ignored = !check_name (ptr, nb->data, nb->tail, data->name);
+       while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
+@@ -337,8 +320,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	{
+ 	  if (!*data->naddresses)
+ 	    grub_free (*data->addresses);
+-	  grub_netbuff_free (nb);
+-	  return GRUB_ERR_NONE;
++	  goto out;
+ 	}
+       if (*ptr++ != 0)
+ 	ignored = 1;
+@@ -358,8 +340,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	{
+ 	  if (!*data->naddresses)
+ 	    grub_free (*data->addresses);
+-	  grub_netbuff_free (nb);
+-	  return GRUB_ERR_NONE;
++	  goto out;
+ 	}
+       if (!ignored)
+ 	{
+@@ -400,15 +381,14 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	      if (!data->name)
+ 		{
+ 		  data->dns_err = 1;
+-		  grub_errno = 0;
+-		  return GRUB_ERR_NONE;
++		  grub_errno = GRUB_ERR_NONE;
++		  goto out;
+ 		}
+ 	      grub_dprintf ("dns", "CNAME %s\n", data->name);
+ 	      if (grub_strcmp (redirect_save, data->name) == 0)
+ 		{
+ 		  data->dns_err = 1;
+-		  grub_free (redirect_save);
+-		  return GRUB_ERR_NONE;
++		  goto out;
+ 		}
+ 	      goto reparse;
+ 	    }
+@@ -440,6 +420,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 		   *data->naddresses
+ 		   * sizeof (dns_cache[h].addresses[0]));
+     }
++
++ out:
+   grub_netbuff_free (nb);
+   grub_free (redirect_save);
+   return GRUB_ERR_NONE;
+-- 
+2.19.1
+

backport-util-grub-install-common-Fix-the-key-of.patch

@@ -0,0 +1,43 @@
+From a6eba8f1276e58d94b4134b2488768349c8f37dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=81kos=20Nagy?= <nagyakos@outlook.com>
+Date: Fri, 5 May 2023 14:04:28 +0200
+Subject: util/grub-install-common: Fix the key of the --core-compress option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit f23bc6510 (Transform -C option to grub-mkstandalone to
+--core-compress available in all grub-install flavours.) declared
+a new long option for specifying the compression method to use for
+the core image.
+
+However, the option key has not been replaced in the parser function,
+it still expects the old one formerly used by grub-mkstandalone.
+Because of this the option is not recognized by any of the utils for
+which it is listed as supported.
+
+Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=a6eba8f1276e58d94b4134b2488768349c8f37dc
+Conflict:NA
+
+Signed-off-by: Ákos Nagy <nagyakos@outlook.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ util/grub-install-common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-install-common.c b/util/grub-install-common.c
+index 57ac445..52a29d1 100644
+--- a/util/grub-install-common.c
++++ b/util/grub-install-common.c
+@@ -472,7 +472,7 @@ grub_install_parse (int key, char *arg)
+   const char *end;
+   switch (key)
+     {
+-    case 'C':
++    case GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS:
+       if (grub_strcmp (arg, "xz") == 0)
+ 	{
+ #ifdef HAVE_LIBLZMA
+-- 
+cgit v1.1
+

grub.patches

@@ -334,3 +334,9 @@ Patch0326: remove-the-items-of-unsupported-filesystems-in-fs.ls.patch
 %ifarch loongarch64
 Patch0327: loongarch-Fix-the-initrd-parameter-passing.patch
 %endif
+Patch0328: backport-net-dns-Fix-removal-of-DNS-server.patch
+Patch0329: backport-net-dns-Simplify-error-handling-of-recv_hook-function.patch
+Patch0330: backport-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch
+Patch0331: backport-util-grub-install-common-Fix-the-key-of.patch
+Patch0332: backport-kern-efi-mm-Fix-use-after-free-in-finish-boot-services.patch
+Patch0333: backport-kern-Check-for-NULL-when-closing-devices-and-disks.patch

grub2.spec

@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	34
+Release:	35
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -440,6 +440,17 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Thu Aug 17 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.06-35
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:kern: Check for NULL when closing devices and disks
+       kern/efi/mm: Fix use-after-free in finish boot services
+       util/grub-install-common: Fix the key of the --core-compress option
+       net/dns: Fix lookup error when no IPv6 is returned
+       net/dns: Simplify error handling of recv_hook() function
+       net/dns: Fix removal of DNS server
+
 * Mon Aug 7 2023 mengyingkun <mengyingkun@loongson.com> - 1:2.06-34
 - Type:bugfix
 - CVE:NA