grub2: 2.06 -> unstable-2023-07-03 · tjh.dev/nixpkgs@163b243

+204

pkgs/tools/misc/grub/add-hidden-menu-entries.patch

···

+46 -301

pkgs/tools/misc/grub/default.nix

··· 1 - { lib, stdenv, fetchurl, flex, bison, python3, autoreconfHook, gnulib, libtool, bash 2 - , gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config 1 + { lib, stdenv, runCommand, fetchFromSavannah, flex, bison, python3, autoconf, automake, libtool, bash 2 + , rsync, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkg-config 3 3 , buildPackages 4 - , fetchpatch 5 - , pkgsBuildBuild 6 4 , nixosTests 7 5 , fuse # only needed for grub-mount 8 6 , runtimeShell ··· 40 42 canEfi = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) efiSystemsBuild); 41 43 inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.mapAttrsToList (name: _: name) pcSystems); 42 44 43 - version = "2.06"; 45 + gnulib = fetchFromSavannah { 46 + repo = "gnulib"; 47 + # NOTE: keep in sync with bootstrap.conf! 48 + rev = "9f48fb992a3d7e96610c4ce8be969cff2d61a01b"; 49 + hash = "sha256-mzbF66SNqcSlI+xmjpKpNMwzi13yEWoc1Fl7p4snTto="; 50 + }; 44 51 52 + src = fetchFromSavannah { 53 + repo = "grub"; 54 + rev = "6425c12cd77ad51ad24be84c092aefacf0875089"; 55 + hash = "sha256-PSCa993Reph6w9+leE4a/9E6vIALdOqU3FZEPwasFyk="; 56 + }; 57 + 58 + # HACK: the translations are stored on a different server, 59 + # not versioned and not included in the git repo, so fetch them 60 + # and hope they don't change often 61 + locales = runCommand "grub-locales" { 62 + nativeBuildInputs = [rsync]; 63 + 64 + outputHashAlgo = "sha256"; 65 + outputHashMode = "recursive"; 66 + outputHash = "sha256-bQPQ65gAcuUQ8ELB2hKywuXZ0kdC2bBCsUII/b4FkvQ="; 67 + } 68 + '' 69 + mkdir -p po 70 + ${src}/linguas.sh 71 + 72 + mv po $out 73 + ''; 45 74 in ( 46 75 47 76 assert efiSupport -> canEfi; ··· 77 52 78 53 stdenv.mkDerivation rec { 79 54 pname = "grub"; 80 - inherit version; 81 - 82 - src = fetchurl { 83 - url = "mirror://gnu/grub/grub-${version}.tar.xz"; 84 - sha256 = "sha256-t56kSvkbk9F80/6Ava5u1DdwZ4qaWuGSzOqAPrtlfuE="; 85 - }; 55 + version = "unstable-2023-07-03"; 56 + inherit src; 86 57 87 58 patches = [ 88 59 ./fix-bash-completion.patch 89 - (fetchpatch { 90 - name = "Add-hidden-menu-entries.patch"; 91 - # https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00089.html 92 - url = "https://marc.info/?l=grub-devel&m=146193404929072&q=mbox"; 93 - sha256 = "00wa1q5adiass6i0x7p98vynj9vsz1w0gn1g4dgz89v35mpyw2bi"; 94 - }) 95 - 96 - # Pull upstream patch to fix linkage against binutils-2.36. 97 - (fetchpatch { 98 - name = "binutils-2.36.patch"; 99 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701"; 100 - sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82"; 101 - }) 102 - # Properly handle multiple initrd paths in 30_os-prober 103 - # Remove this patch once a new release is cut 104 - (fetchpatch { 105 - name = "Properly-handle-multiple-initrd-paths-in-os-prober.patch"; 106 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8"; 107 - sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM="; 108 - }) 109 - 110 - # Upstreamed patches for flicker-free boot 111 - # Remove these patches once a new release is cut 112 - (fetchpatch { 113 - # term/efi/console: Do not set colorstate until the first text output 114 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9381dbe045b39bd9395c9ab4276d95b4041ec9fb"; 115 - sha256 = "sha256-ZFq/PdCYo6aRySZRAfZARO8BmXwGgqeXz+9uNgNJEO8="; 116 - }) 117 - (fetchpatch { 118 - # term/efi/console: Do not set cursor until the first text output 119 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7c316e18301e101e4dcd8abe88c0bed0b1b78857"; 120 - sha256 = "sha256-WJiK7MqmdStzq77vIDsO60Fu7i9LE/jDYzF4E9FXb7c="; 121 - }) 122 - (fetchpatch { 123 - # normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN 124 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bb4f2b7d665c84bde402d1a528b652a61753380"; 125 - sha256 = "sha256-lwJPPyq6yj7X1C2RuHfxnwKKstFkWGxcMXuSQqd9Z4I="; 126 - }) 127 - (fetchpatch { 128 - # kern/main: Suppress the "Welcome to GRUB!" message in EFI builds 129 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4cbbeca0ef35097301a1086f85fd0d119e64aa"; 130 - sha256 = "sha256-cQX4x9V5Y7SU9WACn5FzDjukL2/StAUMMoHY/DRHq+g="; 131 - }) 132 - 133 - (fetchpatch { 134 - name = "CVE-2021-3981.patch"; 135 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4"; 136 - sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw="; 137 - }) 138 - # June 2022 security patches 139 - # https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html 140 - (fetchpatch { 141 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch"; 142 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce"; 143 - sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg="; 144 - }) 145 - (fetchpatch { 146 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch"; 147 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e"; 148 - sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE="; 149 - }) 150 - (fetchpatch { 151 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch"; 152 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d"; 153 - sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM="; 154 - }) 155 - (fetchpatch { 156 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch"; 157 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53"; 158 - sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k="; 159 - }) 160 - (fetchpatch { 161 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch"; 162 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f"; 163 - sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4="; 164 - }) 165 - (fetchpatch { 166 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch"; 167 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa"; 168 - sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w="; 169 - }) 170 - (fetchpatch { 171 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch"; 172 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3"; 173 - sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU="; 174 - }) 175 - ## Needed to apply patch 8 176 - (fetchpatch { 177 - name = "video-remove-trailing-whitespaces.patch"; 178 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a"; 179 - sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI="; 180 - }) 181 - (fetchpatch { 182 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch"; 183 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08"; 184 - sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg="; 185 - }) 186 - (fetchpatch { 187 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch"; 188 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042"; 189 - sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew="; 190 - }) 191 - (fetchpatch { 192 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch"; 193 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64"; 194 - sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8="; 195 - }) 196 - (fetchpatch { 197 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch"; 198 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b"; 199 - sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0="; 200 - }) 201 - (fetchpatch { 202 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch"; 203 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8"; 204 - sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c="; 205 - }) 206 - (fetchpatch { 207 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch"; 208 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf"; 209 - sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8="; 210 - }) 211 - (fetchpatch { 212 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch"; 213 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6"; 214 - sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA="; 215 - }) 216 - (fetchpatch { 217 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch"; 218 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0"; 219 - sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w="; 220 - }) 221 - (fetchpatch { 222 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch"; 223 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287"; 224 - sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg="; 225 - }) 226 - (fetchpatch { 227 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch"; 228 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7"; 229 - sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4="; 230 - }) 231 - (fetchpatch { 232 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch"; 233 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b"; 234 - sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w="; 235 - }) 236 - ## Needed to apply patch 19 237 - (fetchpatch { 238 - name = "net-remove-trailing-whitespaces.patch"; 239 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687"; 240 - sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY="; 241 - }) 242 - (fetchpatch { 243 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch"; 244 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322"; 245 - sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo="; 246 - }) 247 - (fetchpatch { 248 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch"; 249 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c"; 250 - sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk="; 251 - }) 252 - (fetchpatch { 253 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch"; 254 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85"; 255 - sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE="; 256 - }) 257 - (fetchpatch { 258 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch"; 259 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12"; 260 - sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4="; 261 - }) 262 - (fetchpatch { 263 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch"; 264 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b"; 265 - sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM="; 266 - }) 267 - (fetchpatch { 268 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch"; 269 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4"; 270 - sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI="; 271 - }) 272 - (fetchpatch { 273 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch"; 274 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8"; 275 - sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE="; 276 - }) 277 - (fetchpatch { 278 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch"; 279 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772"; 280 - sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68="; 281 - }) 282 - (fetchpatch { 283 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch"; 284 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539"; 285 - sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg="; 286 - }) 287 - (fetchpatch { 288 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch"; 289 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957"; 290 - sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M="; 291 - }) 292 - (fetchpatch { 293 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch"; 294 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0"; 295 - sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik="; 296 - }) 297 - (fetchpatch { 298 - name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch"; 299 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3"; 300 - sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8="; 301 - }) 302 - # October 2022 security patches 303 - # https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html 304 - (fetchpatch { 305 - name = "CVE-2022-2601.CVE-2022-3775.1.patch"; 306 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5"; 307 - sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE="; 308 - }) 309 - (fetchpatch { 310 - name = "CVE-2022-2601.CVE-2022-3775.2.patch"; 311 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532"; 312 - sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM="; 313 - }) 314 - (fetchpatch { 315 - name = "CVE-2022-2601.CVE-2022-3775.3.patch"; 316 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e"; 317 - sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8="; 318 - }) 319 - (fetchpatch { 320 - name = "CVE-2022-2601.CVE-2022-3775.4.patch"; 321 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a"; 322 - sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU="; 323 - }) 324 - (fetchpatch { 325 - name = "CVE-2022-2601.CVE-2022-3775.5.patch"; 326 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8"; 327 - sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc="; 328 - }) 329 - (fetchpatch { 330 - name = "CVE-2022-2601.CVE-2022-3775.6.patch"; 331 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de"; 332 - sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4="; 333 - }) 334 - (fetchpatch { 335 - name = "CVE-2022-2601.CVE-2022-3775.7.patch"; 336 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7"; 337 - sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU="; 338 - }) 339 - (fetchpatch { 340 - name = "CVE-2022-2601.CVE-2022-3775.8.patch"; 341 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5"; 342 - sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0="; 343 - }) 344 - (fetchpatch { 345 - name = "CVE-2022-2601.CVE-2022-3775.9.patch"; 346 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549"; 347 - sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94="; 348 - }) 349 - (fetchpatch { 350 - name = "CVE-2022-2601.CVE-2022-3775.10.patch"; 351 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af"; 352 - sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk="; 353 - }) 354 - (fetchpatch { 355 - name = "CVE-2022-2601.CVE-2022-3775.11.patch"; 356 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc"; 357 - sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE="; 358 - }) 359 - (fetchpatch { 360 - name = "CVE-2022-2601.CVE-2022-3775.12.patch"; 361 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6"; 362 - sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0="; 363 - }) 364 - (fetchpatch { 365 - name = "CVE-2022-2601.CVE-2022-3775.13.patch"; 366 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c"; 367 - sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo="; 368 - }) 369 - 370 - # fix incompatibility with e2fsprogs 1.47+ 371 - (fetchpatch { 372 - url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763"; 373 - sha256 = "sha256-pejn1bJkC7XnT2ODaxeERHUrMOONoBV6w0wF2Z2ZKWI="; 374 - }) 60 + ./add-hidden-menu-entries.patch 375 61 ]; 376 62 377 63 postPatch = if kbdcompSupport then '' ··· 93 357 ''; 94 358 95 359 depsBuildBuild = [ buildPackages.stdenv.cc ]; 96 - nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoreconfHook ]; 360 + nativeBuildInputs = [ bison flex python3 pkg-config gettext freetype autoconf automake ]; 97 361 buildInputs = [ ncurses libusb-compat-0_1 freetype lvm2 fuse libtool bash ] 98 362 ++ lib.optional doCheck qemu 99 363 ++ lib.optional zfsSupport zfs; ··· 103 367 hardeningDisable = [ "all" ]; 104 368 105 369 separateDebugInfo = !xenSupport; 106 - 107 - # Work around a bug in the generated flex lexer (upstream flex bug?) 108 - env.NIX_CFLAGS_COMPILE = "-Wno-error"; 109 370 110 371 preConfigure = 111 372 '' for i in "tests/util/"*.in ··· 125 392 unset CPP # setting CPP intereferes with dependency calculation 126 393 127 394 patchShebangs . 395 + 396 + GNULIB_REVISION=$(. bootstrap.conf; echo $GNULIB_REVISION) 397 + if [ "$GNULIB_REVISION" != ${gnulib.rev} ]; then 398 + echo "This version of GRUB requires a different gnulib revision!" 399 + echo "We have: ${gnulib.rev}" 400 + echo "GRUB needs: $GNULIB_REVISION" 401 + exit 1 402 + fi 403 + 404 + cp -f --no-preserve=mode ${locales}/* po 405 + 406 + ./bootstrap --no-git --gnulib-srcdir=${gnulib} 128 407 129 408 substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts' 130 409 '';

+1 -11

pkgs/top-level/all-packages.nix

··· 8471 8471 8472 8472 grpc-client-cli = callPackage ../development/tools/misc/grpc-client-cli { }; 8473 8473 8474 - grub2 = callPackage ../tools/misc/grub/default.nix { 8475 - # update breaks grub2 8476 - gnulib = pkgs.gnulib.overrideAttrs { 8477 - version = "20200223"; 8478 - src = fetchgit { 8479 - url = "https://git.savannah.gnu.org/r/gnulib.git"; 8480 - rev = "292fd5d6ff5ecce81ec3c648f353732a9ece83c0"; 8481 - sha256 = "0hkg3nql8nsll0vrqk4ifda0v4kpi67xz42r8daqsql6c4rciqnw"; 8482 - }; 8483 - }; 8484 - }; 8474 + grub2 = callPackage ../tools/misc/grub/default.nix { }; 8485 8475 8486 8476 grub2_efi = grub2.override { 8487 8477 efiSupport = true;