summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-bsp/grub/files
diff options
context:
space:
mode:
authorPatrick Williams <patrick@stwcx.xyz>2020-12-01 20:48:33 +0300
committerPatrick Williams <patrick@stwcx.xyz>2020-12-03 21:04:38 +0300
commit94a70a0f73533c9af5a5a15942539e8eda1a6a5e (patch)
tree5498997319636e4a46d5c790f7f6b29c21bffcea /poky/meta/recipes-bsp/grub/files
parent1985ab5bd94a390b8e0c60091fb4ec5aaaf69a03 (diff)
downloadopenbmc-94a70a0f73533c9af5a5a15942539e8eda1a6a5e.tar.xz
subtree updates - pull latest dunfell
meta-raspberrypi: 8066fac91d..9879932097: Alex Gonzalez (1): linux-raspberrypi: Only deploy cmdline.txt for the main kernel Andrei Gherzan (5): Revert "Generalize the naming of the bootfiles deploy directory" Revert "u-boot: Move fw_env.config to u-boot append" Revert "u-boot-rpi: Locate local patches with FILESEXTRAPATHS." Revert "u-boot: Fix booting raspberrypi CM3 module" sdcard_image-rpi.bbclass: Fix when RPI_SDIMG_EXTRA_DEPENDS not defined Andrzej Bednarski (1): docs: Correct minor spelling issues Christopher Clark (4): linux-raspberrypi: bump to 5.4.50 since upstream was force-pushed rpi-base: add SERIAL_CONSOLES_CHECK to default to SERIAL_CONSOLES sdcard_image-rpi.bbclass: enable extensible inclusion into boot docs/extra-build-config.md: document vars to add to boot partition Drew Moseley (1): u-boot-rpi: Locate local patches with FILESEXTRAPATHS. Eino Juhani Oltedal (1): linux-raspberrypi: bump to Linux version 5.4.72 Fabio Berton (2): u-boot: Move fw_env.config to u-boot append u-boot: Move fw_env.config to u-boot append Jakub Luzny (2): rpi-config: Add CAN_OSCILLATOR variable to set mcp2515 crystal frequency docs/extra-build-config.md: Document CAN_OSCILLATOR variable Jeff Ithier (2): Generalize the naming of the bootfiles deploy directory Generalize the naming of the bootfiles deploy directory Jon Magnuson (1): packagegroup-rpi-test: resolve `wireless-regdb` conflict Khem Raj (16): linux-raspberrypi_5.4.bb: Move to 5.4.45 linux-raspberrypi_5.4.bb: Upgrade to 5.4.47 userland: Update to 2020-06-24 top commit linux-raspberrypi: Update to 5.4.59 raspberrypi-firmware: Upgrade to 20200819 xserver-xorg: Depend on userland when vc4graphics is disabled libsdl2: Add userland dependency when not using vc4graphics linux-raspberrypi_5.4.bb: Build ashmem and binder drivers README: Mention Yoe distro in supported distro list linux-firmware-rpidistro: Update to 20190114-1+rpt8 linux-raspberrypi_5.4.bb: Update to 5.4.69 raspberrypi-firmware: Update to 20201002 snapshot raspberrypi-tools: Update to latest snapshot as of 20200803 oeqa: Add 5.4 specific error messages to ignore list rpi-default-settings: Replace default parselogs with parselogs_rpi linux-raspberrypi: Fix build regression from last update Leon Anavi (8): rpi-base.inc: Add infrared dtbo lirc_%.bbappend: Fix for gpio-ir lirc_%.bbappend: Remove rpi-u-boot-scr: Create uboot.env via boot.cmd.in libubootenv_%.bbappend: Add fw_env.config rpi-config: Add ENABLE_IR variable for infrared rpi-base.inc: Include modules if IR is enabled docs/extra-build-config.md: Infrared Luis Alfredo da Silva (1): Revert "mesa: querying dma_buf modifiers for specific formats" M. ter Woord (1): Update layer-contents.md to include pi4 Madhavan Krishnan (1): libcamera: Define packageconfig to enable rpi pipeline Marek Belisko (2): u-boot: Fix booting raspberrypi CM3 module u-boot: Fix booting raspberrypi CM3 module Martin Jansa (10): linux-raspberrypi-5.4: bump SRCREV to latest to fix perf build layer.conf: Remove older releases from LAYERSERIES_COMPAT linux-raspberrypi-5.4: backport a fix for perf build with -fno-common from gcc-10 rpi-gpio: add -fcommon temporarily linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build raspberrypi-{firmware,tools}: set downloadfilename Revert "linux-raspberrypi-5.4: revert 1 commit from upstream to fix lttng-modules build" linux-raspberrypi-5.4: bump SRCREV to fix raspberrypi3-64 builds python3-rtimu: don't use trailing slash in S Revert "libcamera: Define packageconfig to enable rpi pipeline" Murat Kilivan (1): linux-raspberrypi_5.4.bb: Add kernel-cache source Pierre-Jean Texier (9): raspberrypi-firmware: update to current HEAD linux-raspberrypi: bump to Linux version 4.19.126 linux-raspberrypi: bump to Linux version 5.4.51 raspberrypi-firmware: update to current HEAD rpi-default-versions: Switch defaults to 5.4 raspberrypi-firmware: update to current HEAD linux-raspberrypi: bump to revision 4b945d5 raspberrypi-firmware: update to current HEAD linux-raspberrypi: bump to Linux version 5.4.64 colin (3): conf/machine/include/rpi-base.inc: Added can1 interface to bsp rpi-config_git: Added ENABLE_DUAL_CAN build configuration docs: Added documentation for Pican2 Duo support poky: ed3bdd7fbc..424296bf9b: Adrian Bunk (10): git: Upgrade 2.24.1 -> 2.24.3 wireless-regdb: Upgrade 2019.06.03 -> 2020.04.29 libubootenv: Remove the DEPENDS on mtd-utils iproute2: Remove -fcommon libxcrypt2: Remove -fcommon mesa: Remove -fcommon at-spi2-atk: Remove -fcommon menu-cache: Replace -fcommon with fix matchbox-wm: Replace -fcommon with fix librsvg: Upgrade 2.40.20 -> 2.40.21 Adrian Freihofer (1): oe-publish-sdk: fix layers init via ssh Alex Kiernan (1): recipetool: Fix list concatenation when using edit Alexander Kanavin (23): testresults.json: add duration of the tests as well lz4: disable static library linux-firmware: upgrade 20200421 -> 20200519 build-sysroots: add sysroot paths with native binaries to PATH patchelf: switch to git powertop: switch to Arjan's git apr-util: make gdbm optional linux-firmware: upgrade 20200519 -> 20200619 gobject-introspection: add a patch to fix a build race icu: make filtered data generation optional, serial and off by default babeltrace: correct the git SRC_URI gnutls: upgrade 3.6.13 -> 3.6.14 libexif: update to 0.6.22 testimage: add an overall timeout setting oeqa: write @OETestTag content into json test reports for each case linux-firmware: upgrade 20200619 -> 20200721 linux-firmware: update 20200721 -> 20200817 selftest/virgl: drop the custom 30 sec timeout nasm: update 2.14.02 -> 2.15.03 for CVE fixes linux-firmware: upgrade 20200817 -> 20201022 clutter-gst-3.0: do not call out to host gstreamer plugin scanner ptest-runner: fix upstream version check glib-2.0: correct build with latest meson Andreas M?ller (1): meson.bbclass: avoid unexpected operating-system names Andrei Gherzan (2): initscripts: Fix various shellcheck warnings in populate-volatile.sh initscripts: Fix populate-volatile.sh bug when file/dir exists Andrej Valek (1): oeqa/runtime/cases/ptest: Make output content path absolute Andrey Zhizhikin (3): kernel/yocto: fix search for defconfig from src_uri insane: check for missing update-alternatives inherit insane: add GitLab /archive/ tests Anibal Limon (2): recipes-kernel: linux-firmware add qcom-venus-{5.2,5.4} packages ptest-runner: Bump to 2.4.0 Anuj Mittal (1): linux-yocto: bump genericx86 kernel version to v5.4.40 Aníbal Limón (3): recipes-kernel/linux-firmware: Add wlanmdsp.mbn to qcom-modem package recipes-kernel/linux-firmware: Add adreno-a630 firmware package linux-firmware: Update to 20200122 -> 20200421 Armin Kuster (6): curl: Security fixes for CVE-2020-{8169/8177} wpa-supplicant: Security fix CVE-2020-12695 sqlite3: Security fix for CVE-2020-15358 glibc: Secruity fix for CVE-2020-6096 bind: update to 9.11.22 ESV timezone: update to 2020b Bjarne Michelsen (1): devtool: default to empty string, if LIC_FILES_CHKSUM is not available Bruce Ashfield (43): linux-yocto/5.4: update to v5.4.38 linux-yocto/5.4: update to v5.4.40 kernel/reproducibility: kernel modules need SOURCE_DATE_EPOCH export linux-yocto/5.4: update to v5.4.42 linux-yocto-rt/5.4: update to rt24 linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels linux-yocto: gather reproducibility configs into a fragment linux-yocto/5.4: update to v5.4.43 linux-yocto/5.4: update to v5.4.45 linux-yocto-rt/5.4: update to rt25 linux-yocto/5.4: update to v5.4.46 linux-yocto/5.4: update to v5.4.47 linux-yocto/5.4: update to v5.4.49 and -rt28 yocto-bsps: bump reference boards to v5.4.49 kernel/yocto: ensure that defconfigs are processed first linux-yocto/5.4: update to v5.4.50 kernel-yocto: account for extracted defconfig in elements check linux-yocto/5.4: update to v5.4.51 linux-yocto-rt/5.4: fix mmdrop stress test issues linux-yocto/5.4: update to v5.4.53 linux-yocto/5.4: fix perf build with binutils 2.35 linux-yocto/5.4: update to v5.4.54 linux-yocto-rt/5.4: update to rt32 linux-yocto/5.4: update to v5.4.56 linux-yocto/5.4: update to v5.4.57 linux-yocto/5.4: update to v5.4.58 linux-yocto/5.4: perf cs-etm: Move definition of 'traceid_list' global variable from header file linux-yocto/5.4: update to v5.4.59 linux-yocto/5.4: update to v5.4.60 linux-yocto/5.4: update to v5.4.61 kernel-yocto: checksum all modifications to available kernel fragments directories yocto-bsps: update reference BSPs to 5.4.54 yocto-bsp: update to v5.4.56 yocto-bsp: update to v5.4.58 kernel-yocto: add KBUILD_DEFCONFIG search location to failure message linux-yocto/config: netfilter: Enable nat for ipv4 and ipv6 linux-yocto/5.4: update to v5.4.64 linux-yocto/5.4: update to v5.4.65 lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+ linux-yocto/5.4: fix kprobes build warning linux-yocto/5.4: update to v5.4.67 linux-yocto/5.4: update to v5.4.68 linux-yocto/5.4: update to v5.4.69 Changqing Li (10): mime.bbclass: fix post install scriptlet error modutils-initscripts: update postinst initscripts: update postinst gtk-icon-cache.bbclass: add runtime dependency logrotate.py: fix testimage occasionally failure gtk-immodules-cache.bbclass: fix post install scriptlet error libffi: fix multilib header conflict gpgme: fix multilib header conflict toolchain-shar-extract.sh: don't print useless info timezone: upgrade to 2020d Charlie Davies (3): u-boot: fix condition to allow use of *.cfg bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url Chee Yang Lee (7): qemu : fix CVE-2020-16092 bash : inlcude patch 17 & 18 xserver-xorg: fix CVE-2020-14346/14361/14362 libx11: fix CVE-2020-14363 perl: fix ptest test count bluez5: update to 5.55 to fix CVE-2020-27153 ruby: fix CVE-2020-25613 Chen Qi (8): db: do not install db_verify if 'verify' is not enabled vim: restore the 'chmod -x' workaround in do_install systemd-serialgetty: do not use BindsTo oescripts.py: fix typo oescripts: ignore whitespaces when comparing lines rpm: fix nativesdk's default var location grub: set CVE_PRODUCT to grub2 fribidi: extend CVE_PRODUCT to include fribidi Chris Laplante (8): bitbake: ui/teamcity: don't use removed logging classes cve-update-db-native: add progress handler cve-check/cve-update-db-native: use lockfile to fix usage under multiconfig cve-update-db-native: use context manager for cve_f cve-check: avoid FileNotFoundError if no do_cve_check task has run cve-update-db-native: be less magical about checking whether the cve-check class is enabled cve-update-db-native: move -journal checking into do_fetch cve-update-db-native: remove unused variable Christian Eggers (3): libnl: Extend for native/nativesdk avahi: Fix typo in recipe packagegroup: rrecommend perf also for musl on ARM Christophe GUIBOUT (1): initramfs-framework: support kernel cmdline with double quotes Daniel Ammann (1): image.bbclass: improve wording when image size exceeds the specified limit Daniel Gomez (1): allarch: Add missing allarch ttf-bitstream-vera Daniel McGregor (1): buildhistory-collect-srcrevs: sort directories David Khouya (2): bitbake: lib/ui/taskexp: Validate gi import bitbake: lib/ui/taskexp: Fix missing Gtk import De Huo (1): bash: fix CVE-2019-18276 Denys Zagorui (1): binutils: reproducibility: reuse debug-prefix-map for stabs Diego Santa Cruz (1): freetype: fix CVE-2020-15999, backport from 2.10.4 Douglas (2): nativesdk: clear MACHINE_FEATURES nativesdk: Set the CXXFLAGS to the BUILDSDK_CXXFLAGS Geoff Parker (1): systemd-serialgetty: Replace sed quoting using ' with " to allow var expansion Gratian Crisan (1): kernel-module-split.bbclass: identify kernel modconf files as configuration files Gregor Zatko (1): sanity.bbclass: Detect and fail if 'inherit' is used in conf file Guillaume Champagne (1): weston: add missing packageconfigs Hannu Lounento (1): openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf Hongxu Jia (1): iso-codes: switch upstream branch master -> main Jacob Kroon (4): bitbake: doc: Clarify how task dependencies relate to RDEPENDS bitbake: doc: More explanation to tasks that recursively depend on themselves squashfs-tools: Backport fix for compiling with gcc 10 insane: Check for feature check variables not being used Jan-Simon Moeller (1): file: add bzip2-replacement-native to DEPENDS to fix sstate issue Jean-Francois Dagenais (1): bitbake: siggen: clean_basepath: remove recipe full path when virtual:xyz present Jens Rehsack (3): u-boot: avoid blind merging all *.cfg subversion: extend for nativesdk serf: extend for nativesdk Joe Slater (4): terminal.py: do not stop searching for auto qemu: force build type to production vim: _FORTIFY_SOURCE=2 be gone acpica: Upgrade 20200214 -> 20200430 for gcc-10 fixes Jose Quaresma (13): gstreamer1.0: Fix reproducibility issue around libcap gstreamer1.0: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3 gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3 gst-validate: Update 1.16.2 -> Update 1.16.3 gstreamer1.0: warn the user when something is wrong with GstBufferPool Joshua Watt (24): checklayer: Skip layers without a collection pycryptodome: Import from meta-python pyelftools: Import from meta-python python3-pycryptodome(x): Upgrade 3.9.4 -> 3.9.7 python3-pyelftools: Upgrade 0.25 -> 0.26 layer.conf: Bump OE-Core layer version classes/archiver: Create patched archive before configuring bitbake: hashserv: Chunkify large messages bitbake: siggen: Fix error when hash equivalence has an exception classes/archiver: run do_unpack_and_patch after do_preconfigure classes/archive: do_configure should not depend on do_ar_patched classes/cmake: Fix host detection classes/package: Use HOST_OS for runtime dependencies oeqa: runtime_tests: Extra GPG debugging oeqa: sdk: Capture stderr output wic: Add --offset argument for partitions wic: Fix --extra-space argument handling wic: Fix error message when reporting invalid offset wic: Add 512 Byte alignment to --offset classes/sanity: Bump minimum python version to 3.5 jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and CVE-2020-11023 classes/reproducible: Move to library code lib/oe/reproducible: Fix error when no git HEAD lib/oe/reproducible.py: Fix git HEAD check Kai Kang (5): gcr: depends on gnupg-native bitbake: bitbake-user-manual-metadata.xml: fix a minor error mdadm: remove service template from SYSTEMD_SERVICE wpa-supplicant: remove service templates from SYSTEMD_SERVICE encodings: clear postinst script Kevin Hao (3): wic/filemap: Drop the unused block_is_unmapped() wic/filemap: Drop the unused get_unmapped_ranges() wic/filemap: Fall back to standard copy when no way to get the block map Khem Raj (25): cve-check: Run it after do_fetch make-mod-scripts: Fix a rare build race condition glibc: Update to latest on 2.31 branch wayland: fix condition for strndup detection syslinux: Fix build with gcc10 valgrind: Do not use outline-atomics on aarch64 valgrind: Backport upstream patch to fix __getauxval needs go: Disbale CGO for riscv64 go-dep: Fix build on riscv64 qemumips: Use 34Kf CPU emulation glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch gcc-9.3.inc: Mark CVE-2019-15847 as fixed go: update 1.14.4 -> 1.14.6 go: Upgrade to 1.14.7 json-c: Fix CVE-2020-12762 util-linux: Allow update alternatives for additional apps json-glib: Backport a build fix with clang uninative: Upgrade to 2.9 rpcbind: Use update-alternatives for rpcinfo populate_sdk_ext: Do not assume local.conf will always exist site: Make sys_siglist default to no packagegroups: remove strace and lttng-tools for rv32/musl packagegroup-core-tools-debug: Disable for rv32/glibc as well qemuboot.bbclass: Fix a typo ptest-runner: Backport patch to fix inappropriate ioctl error Konrad Weihmann (14): qemurunner: fix ip fallback detection sysfsutils: rem leftover settings for libsysfs-dev cogl: point to correct HOMEPAGE runqemu: add QB_ROOTFS_EXTRA_OPT parameter testimage: enable ovmf support systemd: remove kernel-install from base pkg bitbake: pyshyacc: allow double COMMA statements ptest: append to FILES cve-update: handle baseMetricV2 as optional testexport: rename create_tarball method bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC oeqa/core/context: expose results as variable oeqa/core/context: initialize _run_end_time testimage: print results for interrupted runs Kurt Kiefer (1): linux-firmware: add ibt-20 package Lee Chee Yang (31): qemu: fix CVE-2020-11869 bind: fix CVE-2020-8616/7 libexif: fix CVE-2020-13114 qemu: fix CVE-2020-13361 dbus: fix CVE-2020-12049 perl: fix CVE-2020-10543 & CVE-2020-10878 oeqa/core/loader: refine regex to find module qemu: fix CVE-2020-10702/10761/13362/13659/13800 python3: fix CVE-2020-14422 bison: fix Argument list too long error systemd : fix CVE-2020-13776 buildhistory: use pid for temporary txt file name checklayer: check layer in BBLAYERS before test ghostscript: fix CVE-2020-15900 qemu: fix CVE-2020-15863 libjpeg-turbo: fix CVE-2020-13790 webkitgtk: fix CVE-2020-13753 ghostscript: update to 9.52 perl: fix CVE-2020-12723 xserver-xorg: fix CVE-2020-14347 qemu: fix CVE-2020-14364 CVE-2020-14415 libx11 : fix CVE-2020-14344 libproxy: fix CVE-2020-25219 python3: fix CVE-2020-26116 grub2: fix CVE-2020-10713 ffmpeg: fix CVE-2020-12284 libproxy: fix CVE-2020-26154 bison: update to 3.5.4 for CVE-2020-14150 python3: whitelist CVE-2020-15523 python3: fix CVE-2020-27619 qemu: fix CVE-2020-24352 Lili Li (1): kernel.bbclass: Fix Module.symvers support Marco Felsch (1): util-linux: alternatify rtcwake Marek Vasut (5): libubootenv: Depend on zlib lttng-modules: update to 2.11.6 lttng-tools: update to 2.11.5 lttng-ust: update to 2.11.1 stress-ng: Upgrade 0.11.01 -> 0.11.17 Mark Hatle (3): sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors package_tar.bbclass: Sync to the other package_* classes package.bbclass: Sort shlib2 output for hash equivalency Mark Jonas (5): Add license text for PSF-2.0 Map license names PSF and PSFv2 to PSF-2.0 libsdl2: Fix directfb syntax error libsdl2: Fix directfb SDL_RenderFillRect libbsd: Remove BSD-4-Clause from main package Martin Jansa (13): net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu perf: backport a fix for confusing non-fatal error devtool: expand SRC_URI when guessing recipe update mode arch-armv7a.inc: fix typo arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32 tune-mips64r6.inc: fix typo in mipsisa64r6-nf tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312 tune-riscv.inc: use nf suffix also for TUNE_PKGARCH siteinfo: Recognize 32bit PPC LE siteinfo: Recognize bigendian sh3be and sh4be lib/oe/patch: prevent applying patches without any subject lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook Revert "lib/oe/patch: fix handling of patches with no header" Matt Madison (2): cogl-1.0: correct X11 dependencies image.bbclass: fix REPRODUCIBLE_TIMESTAMP_ROOTFS reference Matthew (1): ltp: make copyFrom scp command non-fatal Max Krummenacher (2): linux-firmware: package marvel sdio 8997 firmware linux-firmware: package nvidia firmware Maxime Roussin-Bélanger (1): meta: fix some unresponsive homepages and bugtracker links Michael Gloff (2): sysvinit: Remove ${B} assignment sysvinit rc: Use PSPLASH_FIFO_DIR for progress fifo Michael Tretter (1): devtool: deploy-target: Fix size calculation for hard links Mikko Rapeli (2): alsa-topology-conf: use ${datadir} in do_install() alsa-ucm-conf: use ${datadir} in do_install() Ming Liu (6): u-boot: introduce UBOOT_INITIAL_ENV u-boot: support merging .cfg files for UBOOT_CONFIG conf/machine: set UBOOT_MACHINE for qemumips and qemumips64 multilib.conf: add u-boot to NON_MULTILIB_RECIPES libubootenv: uprev to v0.3 libubootenv: inherit uboot-config Mingli Yu (5): bison: fix the parallel build python3-setuptools: add the missing rdepends python3-libarchive-c: add the missing rdepends update_udev_hwdb: clean hwdb.bin python3: add ldconfig rdepends for python3-ctypes Naoki Hayama (1): uninative: Fix typo in error message Nathan Rossi (1): diffstat: add nativesdk to BBCLASSEXTEND Neil Armstrong (1): linux-firmware: add Amlogic VDEC firmware package Nicolas Dechesne (2): checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2() linux-libc-headers: kernel headers are installed in STAGING_KERNEL_BUILDDIR Norman Stetter (1): sstate.bbclass: Check file ownership before doing 'touch -a' Oleksandr Kravchuk (1): ell: update to 0.33 Otavio Salvador (7): systemd: Sync systemd-serialgetty@.service with upstream mtd-utils: Fix return value of ubiformat go-mod.bbclass: Add class for `go mod` support glide: Avoid use of 'go mod' support go-dep: Avoid use of 'go mod' support go.bbclass: Add `-trimpath` to default build flags openssh: Allow enable/disable of rng-tools recommendation on sshd Ovidiu Panait (1): libxml2: Fix CVE-2020-24977 Paul Barker (5): archiver.bbclass: Make do_deploy_archives a recursive dependency avahi: Don't advertise example services by default archiver: Fix test case for srpm archiver mode oe-selftest: Allow overriding the build directory used for tests oe-selftest: Recursively patch test case paths Peter A. Bigot (1): bluez5: fix builds that require ell support Peter Kjellerstedt (2): cairo: Do not try to remove nonexistent directories relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist Pierre-Jean Texier (2): ell: upgrade 0.31 -> 0.32 libubootenv: upgrade 0.3 -> 0.3.1 Quentin Schulz (1): base/insane: Check pkgs lics are subset of recipe lics only once Rahul Chauhan (1): busybox: Security Fix For CVE-2018-1000500 Rahul Kumar (1): systemd-serialgetty: Fix sed expression quoting Ralph Siemsen (1): cve-check: include epoch in product version output Randy MacLeod (1): curl: Change SRC_URI from http to https Rasmus Villemoes (3): coreutils: don't split stdbuf to own package with single-binary kernel.bbclass: run do_symlink_kernsrc before do_patch cml1: Move find_cfgs() helper to cml1.bbclass Ricardo Salveti (1): dosfstools: add mkfs.vfat to ALTERNATIVE Richard Leitner (7): libtirpc: remove extra "-fcommon" from CFLAGS gdbm: add patch to fix link failure against gcc 10 dtc: update to 1.6.0 libcomps: update to 0.1.15 binutils: add patch to fix issues with gcc 10 cpio: add patch to fix issues with gcc 10 xcb-proto: backport fix for python gcd function Richard Purdie (72): resulttool/report: Remove leftover debugging resulttool/log: Add ability to dump ltp logs as well as ptest poky.conf: Bump version for 3.1.1 dunfell release build-appliance-image: Update to dunfell head revision build-appliance: Update branch to point at dunfell build-appliance-image: Update to dunfell head revision ltp: Exclude the memcg_stress tests due to timeout problems maintainers: Update Ross' email address logrotate: Drop obsolete setting/comment oeqa/targetcontrol: Rework exception handling to avoid warnings patchelf: Add patch to address corrupt shared library issue bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror ltp: Add missing dependencies on coreutils, bc, e2fsprogs and gdb perl: Fix host specific modules problems bitbake: runqueue: Avoid unpickle errors in rare cases bitbake: msg: Avoid issues where paths have relative components pseudo: Fix attr errors due to incorrect library resolution issues oeqa/selftest/runcmd: Add better debug for thread count mismatch failures oeqa/utils/command: Improve stdin handling in runCmd scripts/install-buildtools: Update to 3.2 M1 buildtools scripts/install-buildtools: Handle new format checksum files oeqa/selftest: Clean up separate builddir in success case when non-threaded populate_sdk_ext: Fix to use python3, not python oeqa/selftest: recipetool/devtool: Avoid load_plugin test race oeqa/targetcontrol: Attempt to fix log closure warning message rootfs-postcommands: Improve/fix rootfs_check_host_user_contaminated bitbake: server/process: Increase timeout for commands bitbake: fetch2: Change git fetcher not to destroy old references bitbake: server/process: Fix a rare lockfile race bitbake: server/process: Ensure UI-less servers don't sit in infinite loops bitbake: server/process: Fix note reference -> info oeqa/selftest/sstatetests: Avoid polluting DL_DIR qemurunner: Ensure pid location is deterministic qemurunner: Add extra debug info when qemu fails to start oeqa/utils/qemurunner: Fix missing pid file tracebacks bitbake: cooker: Handle multiconfig name mappings correctly bitbake: server/process: Fix UI first connection tracking bitbake: server/process: Account for xmlrpc connections oeqa/qemurunner: Add priority/nice information for running processes uninative: Handle PREMIRRORS generically selftest/tinfoil: Increase wait event timeout runqemu: Show an error for conflicting graphics options selftest/prservice: Improve test failure message bitbake: fetch2: Drop cups.org from wget status checks runqemu: Add a hook to allow it to renice selftest/signing: Ensure build path relocation is safe oeqa/concurrencytest: Improve builddir path manipulations bitbake: tests/fetch: Move away from problematic freedesktop.org urls build-appliance-image: Update to dunfell head revision scripts/oe-build-perf-report: Use python3 from the environment build-appliance-image: Update to dunfell head revision python3-markupsafe: Import from meta-oe/meta-python python3-jinja2: Import from meta-oe/meta-python buildtools-tarball: Add python3-jinja2 dropbear/openssh: Lower priority of key generation buildtools: Handle generic environment setup injection buildtools-tarball: Fix conflicts with oe-selftest and other tooling oeqa/qemurunner: Increase serial timeout oeqa/selftest/incompatible_lib: Fix append usage oeqa/selftest/containerimage: Update to match assumptions in configuration ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys glibc: do_stash_locale must not delete files from ${D} libtools-cross/shadow-sysroot: Use nopackages inherit scripts/oe-build-perf-report: Allow operation with no buildstats oe-build-perf-report: Ensure correct data is shown for multiple branch options bitbake: tests/fetch: Update upstream master->main branchname transition oeqa: Add sync call to command execution sstatesig: Log timestamps for hashequiv in reprodubile builds for do_package ptest-runner: Fix license as it contains 'or later' clause libdnf: Fix license as it contains 'or later' clause alsa-utils: Fix license to GPLv2 only build-appliance-image: Update to dunfell head revision Robert P. J. Day (7): ref-manual: fix excessive command indentation ref-manual: IMAGE_TYPES, add tar.zst, delete elf ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS" ref-manual: Remove long-dead PACKAGE_GROUP variable ref-manual: delete long-unused comments in variable glossary bitbake: docs: delete reference to obsolete recipe-depends.dot bitbake: user manual: properly tag content as <replaceable> Robert Yang (2): archiver.bbclass: Fix duplicated SRC_URIs for do_ar_original openssl: openssl-bin requires openssl-conf to run Ross Burton (20): install-buildtools: fail if an error occurs install-buildtools: remove hardcoded x86-64 architecture common-licenses: add BSD-2-Clause-Patent gstreamer1.0-plugins-bad: add support for vdpau common-licenses: fix filename of BSD-2-Clause-Patent insane: consolidate skipping of temporary do_package files startup-notification: add time_t type mismatch patch from upstream package.bbclass: explode the RPROVIDES so we don't think the versions are provides insane: improve gnu-hash-style warning gdk-pixbuf: add tests PACKAGECONFIG insane: only load real files as ELF autoconf: consolidate DEPENDS curl: add vendors to CVE_PRODUCT to exclude false positives cmake: whitelist CVE-2016-10642 alsa-plugins: improve .la removal sato-screenshot: improve .la removal meta: add/fix invalid Upstream-Status tags gcc: mitigate the Straight-line Speculation attack glib-2.0: fix parsing of slim encoded tzdata syslinux: add link to upstream discussion in patch Sakib Sajal (1): busybox: make hwclock compatible with glibc 2.31 Steve Sakoman (31): poky: Add Ubuntu 20.04 as a supported distro Documenation: Prepared for the 3.1.1 release oeqa/concurrencytest: don't delete build directory for failed tests Documentation: Add 3.1.1 version updates missing from previous commit u-boot-tools: backport patch from upstream to fix gcc 10 builds buildtools-tarball: export OPENSSL_CONF in environment setup u-boot: move redundant-yyloc-global patch to u-boot-common.inc poky.conf: Bump version for 3.1.2 release Documenation: Prepared for the 3.1.2 release poky: Add fedora32 as a supported distro glib-networking: upgrade 2.62.3 to 2.62.4 Revert "gtk-icon-cache.bbclass: add runtime dependency" glib-2.0: update 2.62.4 to 2.62.5 glib-2.0: update 2.62.5 to 2.62.6 sanity.conf: update BB_MIN_VERSION to 1.46.0 Documenation: Prepared for the 3.1.3 release poky.conf: Bump version for 3.1.3 release Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch" xinput-calibrator: change SRC_URI to branch with libinput support Revert "lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+" qemu: fix CVE-2019-20175 sqlite3: fix CVE-2020-13434 sqlite3: fix CVE-2020-13435 sqlite3: fix CVE-2020-13630 sqlite3: fix CVE-2020-13631 sqlite3: fix CVE-2020-13632 netbase: update SRC_URI to reflect new file name netbase: bump PE to purge bogus hash equivalence from autobuilder Documenation: Prepared for the 3.1.4 release openssh: whitelist CVE-2014-9278 poky.conf: Bump version for 3.1.4 release Sumit Garg (1): insane: fix gnu-hash-style check TeohJayShen (2): oeqa/manual/bsp-hw.json : remove shutdown_system test oeqa/manual/bsp-hw.json : remove X_server_can_start_up_with_runlevel_5_boot test Tim Orling (4): bitbake: toaster-requirements.txt: require Django 2.2 lib/oe/recipeutils.py: add AUTHOR; BBCLASSEXTEND scripts/lib/recipetool/create.py: fix regex strings oeqa/selftest/cases/devtool.py: avoid .pyc race Timon Ulrich (1): kernel.bbclass: add lz4 dependency and fix the call to lz4 Trevor Gamblin (1): qemuarm: check serial consoles vs /proc/consoles Tuomas Salokanto (1): recipetool: create: fix SRCBRANCH not being passed to params Tyler Hicks (1): kernel-devicetree: Fix intermittent build failures caused by DTB builds Vacek, Patrick (1): oeqa/core/loader: fix regex to include numbers Vasyl Vavrychuk (1): runqemu: Check gtk or sdl option is passed together with gl or gl-es options. Victor Kamensky (1): qemu: change TLBs number to 64 in 34Kf mips cpu model Vijai Kumar K (2): image_types_wic: Add ASSUME_PROVIDED to WICVARS wic: misc: Add /bin to the list of searchpaths Viktor Rosendahl (1): boost: backport fix to make async_pipes work with asio Wang Mingyu (2): libdrm: upgrade 2.4.100 -> 2.4.101 xserver-xorg: upgrade 1.20.7 -> 1.20.8 Yann Dirson (1): package: get_package_mapping: avoid dependency mapping if renamed package provides original name Yann E. MORIN (2): common-licenses: add bzip2-1.0.4 recipes-core/busybox: fixup licensing information Yi Zhao (1): bind: upgrade 9.11.19 -> 9.11.21 Yoann Congal (1): bitbake-bblayers/create: Make the example recipe print its message Yongxin Liu (5): linux-firmware: add ice for Intel E800 series driver linux-firmware: fix the wrong file path for ibt-misc linux-firmware: move ibt-misc to the end of ibt packages grub: fix several CVEs in grub 2.04 grub: clean up CVE patches Zhixiong Chi (1): gnutls: CVE-2020-24659 akash hadke (1): systemd: udev SECLABEL{selinux} crash fix akuster (4): bind: update to 9.11.19 bitbake: test/fetch: change to better svn source glibc: whitelist CVE-2010-10029 cve-check.bbclass: always save cve report haiqing (1): libpam: Remove option 'obscure' from common-password hongxu (2): core-image-minimal-initramfs: keep restriction with initramfs-module-install sysstat: fix installed-vs-shipped QA Issue in systemd wenlin.kang@windriver.com (1): populate_sdk_base.bbclass: fix warning: name not matched zhengruoqin (4): make-mod-scripts: Fix dependence error. libtirpc: upgrade 1.2.5 -> 1.2.6 gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file. ruby: upgrade 2.7.0 -> 2.7.1 meta-openembedded: e413c1ef62..f2d02cb71e: Adrian Bunk (4): unicode-ucd: Stop broken license downloading postfix: Upgrade 3.4.10 -> 3.4.12 python3-docutils: Remove, moved to OE-core gnome-settings-daemon: Remove duplicate outdated SRC_URI hashes Alex Kiernan (1): zstd: Upgrade 1.4.4 -> 1.4.5 Alistair Francis (1): python3-obd: Add missing setuptools RDEPENDS Anatol Belski (1): chrony: Patch CVE-2020-14367 Andreas Müller (11): gexiv2: upgrade 0.12.0 -> 0.12.1 thunar: upgrade 1.8.14 -> 1.8.15 fluidsynth: upgrade 2.1.2 -> 2.1.3 libblockdev: upgrade 2.23 -> 2.24 openh264: upgrade 2.1.0 -> 2.1.1 tcpreplay: upgrade 4.3.2 -> 4.3.3 blueman: upgrade 2.1.1 -> 2.1.3 modemmanager: upgrade 1.12.10 -> 1.12.12 ibus: upgrade 1.5.21 -> 1.5.22 exiv2: upgrade 0.27.1 -> 0.27.3 gnome-settings-daemon: Remove wrong RDEPEND Andrew Geissler (1): nlohmann-json: backport gcc10 fix Armin Kuster (9): tremor: update SRC_URI as project moved to gitlab ntp: update 4.2.8p15 net-snmp: Security fix CVE-2019-20892 wireshark: Update to 3.2.5 Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3" jsoncpp: add PE do to revert to older PV vlc: fix loop initial declarations are only allowed in C99 mode babl-native: fix build issue gnome-settings-daemon: Backport 3.36 fix for building without wayland Bog999 (1): python3: Add python3-cryptography to RDEPENDS for python3-redis Changqing Li (4): python-django: add RDEPENDS python-m2crypto: Add RDEPENDS libmcrypt: set CLEANBROKEN radvd: add /etc/radvd.conf Christian Eggers (1): linuxptp: Fix segmentation fault on 32 bit platforms with 64 bit time_t Christoph Steiger (1): python-periphery: Add python-mmap to RDEPENDS Denys Dmytriyenko (2): python3-pycryptodome(x): moved to OE-Core, remove from meta-python python3-pyelftools: moved to OE-Core, remove from meta-python Diego Rondini (5): README: fix incorrect links gvfs: adjust fuse packageconfig to fuse3 libeigen: update SRC_URI to download from gitlab libeigen: update SRC_URI to use gitlab git hplip: use libexecdir Domarys Correa (2): python3-jinja2: Update 2.11.1 -> 2.11.2 python3-pyyaml: Update 5.3 -> 5.3.1 Gianluca Pacchiella (1): Add missing dependencies for rsnapshot. Hongxu Jia (2): multipath-tools: fix compiling parallel issue python3-pykwalify: fix missing comma Julius Hemanth Pitti (1): netkit-telnetd: Fix buffer overflow in netoprintf Kai Kang (6): xfconf: 4.14.2 -> 4.14.3 thunar: 1.8.12 -> 1.8.14 catfish: 1.4.11 -> 1.4.13 plymouth: disable systemd-integration for sysvinit lvm2: remove service template from SYSTEMD_SERVICE rdist: fix parallel build Khem Raj (10): netplan: Depend on systemd if it is in distro uim: Add patch to fix -fno-common link error postfix: Upgrade to 3.4.10 and compile with -fcommon safec: Update to latest on 3.5.1 release tags nss: Remove mcpu to avoid march conflicts samba: Fix conflicts with nss.h from glibc flashrom: Fix build failure with glibc 2.32 iwd: Upgrade to 1.9 ssmtp: Use update alternatives for conflicts with esmtp ubi-utils-klibc: Remove trailing slash from S Konrad Weihmann (10): passwdqc: remove double modify operation sound-theme-freedesktop: remove double depends python3-cmd2: remove double colorama in RDEPENDS python3-smbus2: remove duplicate RDEPENDS settings python3-twisted: remove double var modification proftpd: Fix typo for SRC_URI[md5sum] netkit-rsh: properly append PACKAGECONFIG zile: properly append PACKAGECONFIG libtalloc: fix upstream url openldap: packaging fixes Lee Chee Yang (2): glog : improve reproducibility libgphoto2: improve reproducibility Leon Anavi (8): python3-gmqtt: Upgrade to 0.6.5 python3-appdirs: Upgrade to 1.4.4 python3-pandas: Upgrade 1.0.1 -> 1.0.3 python3-parallax: Upgrade 1.0.5 -> 1.0.6 python3-openpyxl: Upgrade 2.6.3 -> 3.0.3 python3-colorama: Upgrade 0.4.1 -> 0.4.3 python3-sqlalchemy: Upgrade 1.3.12 -> 1.3.17 python3-pandas: Upgrade 1.0.3 -> 1.0.5 Maciej Pijanowski (1): qpdf: fix typo in RDEPENDS Mark Jonas (1): python3-pyinotify: Add missing ctypes dependency Martin Jansa (6): irssi: package libirc_proxy.a in PN-staticdev meta-python: depend on core version 12 or higher lcov: fix lcov-native build netkit-rsh: inherit update-alternatives ssmtp: adjust u-a remmina: use git fetcher Mingli Yu (5): python3-m2crypto: add the missing rdepends freeradius: fix the existed certificate error freeradius: fix the occasional verification failure smartmontools: Remove obsolete setting regarding the Standard Output strongswan: Remove obsolete setting regarding the Standard Output Oleksandr Kravchuk (1): iwd: update to 1.8 Ovidiu Panait (3): freediameter: Fix testcnx ptest failure nss: Fix CVE-2020-12399 net-snmp: Fix CVE-2020-15861 and CVE-2020-15862 Patrick Williams (1): net-snmp: refresh patches Paul Eggleton (1): protobuf-c: disable parallelism to avoid race condition Pierre-Jean Texier (15): librsync: upgrade 2.3.0 -> 2.3.1 ser2net: fix upstream check URL ser2net: upgrade 4.1.5 -> 4.1.8 zchunk: upgrade 1.1.5 -> 1.1.6 uriparser: upgrade 0.9.3 -> 0.9.4 jsoncpp: upgrade 1.9.2 -> 1.9.3 jpnevulator: upgrade 2.3.4 -> 2.3.5 libnftnl: upgrade 1.1.6 -> 1.1.7 nftables: upgrade 0.9.4 -> 0.9.5 haveged: upgrade 1.9.8 -> 1.9.9 rsnapshot: upgrade 1.4.2 -> 1.4.3 fuse3: upgrade 3.9.1 -> 3.9.2 minicoredumper: update SRC_URI to use github instead iwd: upgrade 1.6 -> 1.7 haveged: upgrade 1.9.9 -> 1.9.13 Qi.Chen@windriver.com (2): python-django: set CVE_PRODUCT to be django multipath-tools: disable parallel build as a workaround Robert Joslyn (1): postgresql: Update to 12.4 Robert Yang (2): drbd-utils: Add CLEANBROKEN to fix rebuild errors crda: rdepends on wireless-regdb-static Ross Burton (1): mpv: fetch waf in do_fetch Ryan Rowe (1): python3-pint: add setuptools and packaging to RDEPENDS Trevor Gamblin (1): python3-iso8601: add python3-numbers to RDEPENDS Ulrich Ölmann (1): usb-modeswitch, usb-modeswitch-data: fix usrmerge Wang Mingyu (7): jansson: upgrade 2.12 -> 2.13.1 openldap: upgrade 2.4.49 -> 2.4.50 python3-pycparser: upgrade 2.19 -> 2.20 cryptsetup: upgrade 2.3.1 -> 2.3.2 postgresql: 12.2 -> 12.3 openipmi: upgrade 2.0.28 -> 2.0.29 twm: upgrade 1.0.10 -> 1.0.11 Yanfei Xu (1): turbostat: fix the build failure for new v5.7-rc6 kernel Yi Zhao (4): apache2: create log/run directory via pkg_postinst samba: upgrade 4.10.15 -> 4.10.17 libldb: upgrade 1.5.7 -> 1.5.8 samba: upgrade 4.10.17 -> 4.10.18 Yue Tao (1): lua: Security Advisory - lua - CVE-2020-15888 Zang Ruochen (12): dnsmasq: upgrade 2.80 -> 2.81 fetchmail: upgrade 6.4.3 -> 6.4.4 libgphoto2: upgrade 2.5.24 -> 2.5.25 mosquitto: upgrade 1.6.9 -> 1.6.10 snort: upgrade 2.9.15 -> 2.9.16 wireshark: upgrade 3.2.2 -> 3.2.4 proj: upgrade 7.0.0 -> 7.0.1 libvpx: upgrade 1.8.1 -> 1.8.2 mm-common: upgrade 1.0..0 -> 1.0.1 nftables: upgrade 0.9.5 -> 0.9.6 wireshark: upgrade 3.2.5 -> 3.2.6 wireshark: upgrade 3.2.6 -> 3.2.7 Zheng Ruoqin (11): dstat: Fix runtime error that depend python. kea: upgrade 1.7.6 -> 1.7.7 libqmi: upgrade 1.24.8 -> 1.24.12 nano: upgrade 4.9.2 -> 4.9.3 gsoap: upgrade 2.8.100 -> 2.8.103 logwatch: upgrade 7.5.1 -> 7.5.3 libnet-dns-perl: upgrade 1.23 -> 1.24 Fix build error when enable multilib. mraa: Disable python2, otherwise, there is a build error when enable multilib. paho-mqtt-c: Fix build error when enable multilib. upm:Fix build error when enable multilib. meta-security: d83f7cb0c9..c74cc97641: Adrian (1): gitignore added Alexander Kanavin (1): apparmor: pull in coreutils/findutils only when not using systemd as init manager Armin Kuster (15): isafw.bbclass: typo in layer name trousers: Several Security fixes gitlab-ci: add support for dunfell packagegroup-core-security-ptest: update fail2ban ptest pkg name packagegroup-core-security: remove clamav for riscv* libsecomp: rv32/rv64 target builds are not supported yet packagegroup-core-security: remove libseccomp for riscv* packagegroup-core-security: dont include suricata on riscv or ppc apparmor: exclude mips64, not supported apparmor: fix build issue with ptest enabled. packagegroup-core-security: remove clamav from musl image ibmswtpm2: fix QA warning README: updated branch for Dunfell apparmor: fix issue with older use of shell in make apparmor: fix QA warning with systemd enabled Charlie Davies (2): clamav: add INSTALL_CLAMAV_CVD flag to do_install clamav: update SO_VER to 9.0.4 Jeremy Puhlman (4): clamav: resolve multilib issues tripwire: Remove makefiles from the man directories. cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev packagegroup-security-tpm2: Depend on preferred provider for cryptsetup Jonatan Pålsson (1): sssd: Make manpages buildable Kai Kang (1): sssd: disable build secrets Mingli Yu (1): scap-security-guide: add expat-native to DEPENDS Naveen Saini (3): initramfs-framework/dmverity: add retry loop for slow boot devices wic: add wks.in for intel dm-verity linux-%/5.x: Add dm-verity fragment as needed Sajjad Ahmed (1): layer.conf: use += instead of := to update BBFILES Zheng Ruoqin (2): ccs-tools:Fix build error when enable multilib. bastille: Deleted redundant inherit to fix error when enable multilib. niko.mauno@vaisala.com (12): dm-verity-img.bbclass: Fix bashisms dm-verity-img.bbclass: Reorder parse-time check dm-verity-image-initramfs: Ensure verity hash sync dm-verity-image-initramfs: Bind at do_image instead linux-yocto(-dev): Add dm-verity fragment as needed dm-verity-img.bbclass: Stage verity.env file initramfs-framework: Add dmverity module dm-verity-image-initramfs: Use initramfs-framework dm-verity-initramfs-image: Cosmetic improvements dm-verity-image-initramfs: Add base-passwd package dm-verity-image-initramfs: Drop locales from image beaglebone-yocto-verity.wks.in: Refer IMGDEPLOYDIR Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I9d46472961318a9060013505d7cb5df46b4ea38a
Diffstat (limited to 'poky/meta/recipes-bsp/grub/files')
-rw-r--r--poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch73
-rw-r--r--poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch1863
-rw-r--r--poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch1330
-rw-r--r--poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch117
-rw-r--r--poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch177
-rw-r--r--poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch246
-rw-r--r--poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch287
-rw-r--r--poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch94
-rw-r--r--poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch37
9 files changed, 4224 insertions, 0 deletions
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch
new file mode 100644
index 0000000000..c507ed3ea8
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch
@@ -0,0 +1,73 @@
+From a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 15 Apr 2020 15:45:02 -0400
+Subject: yylex: Make lexer fatal errors actually be fatal
+
+When presented with a command that can't be tokenized to anything
+smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
+expecting that will stop further processing, as such:
+
+ #define YY_DO_BEFORE_ACTION \
+ yyg->yytext_ptr = yy_bp; \
+ yyleng = (int) (yy_cp - yy_bp); \
+ yyg->yy_hold_char = *yy_cp; \
+ *yy_cp = '\0'; \
+ if ( yyleng >= YYLMAX ) \
+ YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
+ yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
+ yyg->yy_c_buf_p = yy_cp;
+
+The code flex generates expects that YY_FATAL_ERROR() will either return
+for it or do some form of longjmp(), or handle the error in some way at
+least, and so the strncpy() call isn't in an "else" clause, and thus if
+YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
+questionable limit, and predictable results ensue.
+
+Unfortunately, our implementation of YY_FATAL_ERROR() is:
+
+ #define YY_FATAL_ERROR(msg) \
+ do { \
+ grub_printf (_("fatal error: %s\n"), _(msg)); \
+ } while (0)
+
+The same pattern exists in yyless(), and similar problems exist in users
+of YY_INPUT(), several places in the main parsing loop,
+yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
+yy_scan_buffer(), etc.
+
+All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
+the things they do if it returns after calling it are wildly unsafe.
+
+Fixes: CVE-2020-10713
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e]
+CVE: CVE-2020-10713
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ grub-core/script/yylex.l | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
+index 7b44c37b7..b7203c823 100644
+--- a/grub-core/script/yylex.l
++++ b/grub-core/script/yylex.l
+@@ -37,11 +37,11 @@
+
+ /*
+ * As we don't have access to yyscanner, we cannot do much except to
+- * print the fatal error.
++ * print the fatal error and exit.
+ */
+ #define YY_FATAL_ERROR(msg) \
+ do { \
+- grub_printf (_("fatal error: %s\n"), _(msg)); \
++ grub_fatal (_("fatal error: %s\n"), _(msg));\
+ } while (0)
+
+ #define COPY(str, hint) \
+--
+cgit v1.2.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
new file mode 100644
index 0000000000..637e368cb0
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
@@ -0,0 +1,1863 @@
+From bcdd6a55952222ec9829a59348240a4f983b0b56 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:26:01 -0400
+Subject: [PATCH 4/9] calloc: Use calloc() at most places
+
+This modifies most of the places we do some form of:
+
+ X = malloc(Y * Z);
+
+to use calloc(Y, Z) instead.
+
+Among other issues, this fixes:
+ - allocation of integer overflow in grub_png_decode_image_header()
+ reported by Chris Coulson,
+ - allocation of integer overflow in luks_recover_key()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_lvm_detect()
+ reported by Chris Coulson.
+
+Fixes: CVE-2020-14308
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14308
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
+
+[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/bus/usb/usbhub.c | 8 ++++----
+ grub-core/commands/efi/lsefisystab.c | 3 ++-
+ grub-core/commands/legacycfg.c | 6 +++---
+ grub-core/commands/menuentry.c | 2 +-
+ grub-core/commands/nativedisk.c | 2 +-
+ grub-core/commands/parttool.c | 12 +++++++++---
+ grub-core/commands/regexp.c | 2 +-
+ grub-core/commands/search_wrap.c | 2 +-
+ grub-core/disk/diskfilter.c | 4 ++--
+ grub-core/disk/ieee1275/ofdisk.c | 2 +-
+ grub-core/disk/ldm.c | 14 +++++++-------
+ grub-core/disk/luks.c | 2 +-
+ grub-core/disk/lvm.c | 12 ++++++------
+ grub-core/disk/xen/xendisk.c | 2 +-
+ grub-core/efiemu/loadcore.c | 2 +-
+ grub-core/efiemu/mm.c | 6 +++---
+ grub-core/font/font.c | 3 +--
+ grub-core/fs/affs.c | 6 +++---
+ grub-core/fs/btrfs.c | 6 +++---
+ grub-core/fs/hfs.c | 2 +-
+ grub-core/fs/hfsplus.c | 6 +++---
+ grub-core/fs/iso9660.c | 2 +-
+ grub-core/fs/ntfs.c | 4 ++--
+ grub-core/fs/sfs.c | 2 +-
+ grub-core/fs/tar.c | 2 +-
+ grub-core/fs/udf.c | 4 ++--
+ grub-core/fs/zfs/zfs.c | 4 ++--
+ grub-core/gfxmenu/gui_string_util.c | 2 +-
+ grub-core/gfxmenu/widget-box.c | 4 ++--
+ grub-core/io/gzio.c | 2 +-
+ grub-core/kern/efi/efi.c | 6 +++---
+ grub-core/kern/emu/hostdisk.c | 2 +-
+ grub-core/kern/fs.c | 2 +-
+ grub-core/kern/misc.c | 2 +-
+ grub-core/kern/parser.c | 2 +-
+ grub-core/kern/uboot/uboot.c | 2 +-
+ grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++----
+ grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++--
+ grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++--
+ grub-core/lib/priority_queue.c | 2 +-
+ grub-core/lib/reed_solomon.c | 7 +++----
+ grub-core/lib/relocator.c | 10 +++++-----
+ grub-core/lib/zstd/fse_decompress.c | 2 +-
+ grub-core/loader/arm/linux.c | 2 +-
+ grub-core/loader/efi/chainloader.c | 2 +-
+ grub-core/loader/i386/bsdXX.c | 2 +-
+ grub-core/loader/i386/xnu.c | 4 ++--
+ grub-core/loader/macho.c | 2 +-
+ grub-core/loader/multiboot_elfxx.c | 2 +-
+ grub-core/loader/xnu.c | 2 +-
+ grub-core/mmap/mmap.c | 4 ++--
+ grub-core/net/bootp.c | 2 +-
+ grub-core/net/dns.c | 10 +++++-----
+ grub-core/net/net.c | 4 ++--
+ grub-core/normal/charset.c | 10 +++++-----
+ grub-core/normal/cmdline.c | 14 +++++++-------
+ grub-core/normal/menu_entry.c | 14 +++++++-------
+ grub-core/normal/menu_text.c | 4 ++--
+ grub-core/normal/term.c | 4 ++--
+ grub-core/osdep/linux/getroot.c | 6 +++---
+ grub-core/osdep/unix/config.c | 2 +-
+ grub-core/osdep/windows/getroot.c | 2 +-
+ grub-core/osdep/windows/hostdisk.c | 4 ++--
+ grub-core/osdep/windows/init.c | 2 +-
+ grub-core/osdep/windows/platform.c | 4 ++--
+ grub-core/osdep/windows/relpath.c | 2 +-
+ grub-core/partmap/gpt.c | 2 +-
+ grub-core/partmap/msdos.c | 2 +-
+ grub-core/script/execute.c | 2 +-
+ grub-core/tests/fake_input.c | 2 +-
+ grub-core/tests/video_checksum.c | 6 +++---
+ grub-core/video/capture.c | 2 +-
+ grub-core/video/emu/sdl.c | 2 +-
+ grub-core/video/i386/pc/vga.c | 2 +-
+ grub-core/video/readers/png.c | 2 +-
+ include/grub/unicode.h | 4 ++--
+ util/getroot.c | 2 +-
+ util/grub-file.c | 2 +-
+ util/grub-fstest.c | 4 ++--
+ util/grub-install-common.c | 2 +-
+ util/grub-install.c | 4 ++--
+ util/grub-mkimagexx.c | 6 ++----
+ util/grub-mkrescue.c | 4 ++--
+ util/grub-mkstandalone.c | 2 +-
+ util/grub-pe2elf.c | 12 +++++-------
+ util/grub-probe.c | 4 ++--
+ 86 files changed, 178 insertions(+), 177 deletions(-)
+
+diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c
+index 34a7ff1..a06cce3 100644
+--- a/grub-core/bus/usb/usbhub.c
++++ b/grub-core/bus/usb/usbhub.c
+@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev)
+ grub_usb_set_configuration (dev, 1);
+
+ dev->nports = hubdesc.portcnt;
+- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0]));
+- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0]));
++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0]));
++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0]));
+ if (!dev->children || !dev->ports)
+ {
+ grub_free (dev->children);
+@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d
+
+ /* Query the number of ports the root Hub has. */
+ hub->nports = controller->dev->hubports (controller);
+- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports);
+- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports);
++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0]));
++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0]));
+ if (!hub->devices || !hub->ports)
+ {
+ grub_free (hub->devices);
+diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c
+index df10302..cd81507 100644
+--- a/grub-core/commands/efi/lsefisystab.c
++++ b/grub-core/commands/efi/lsefisystab.c
+@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
+ grub_printf ("Vendor: ");
+
+ for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++);
+- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1);
++ /* Allocate extra 3 bytes to simplify math. */
++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1);
+ if (!vendor)
+ return grub_errno;
+ *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor,
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index db7a8f0..5e3ec0d 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+ if (argc < 2)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+
+- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1));
++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0]));
+ if (!cutargs)
+ return grub_errno;
+ cutargc = argc - 1;
+@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+ {
+ char rbuf[3] = "-r";
+ bsdargc = cutargc + 2;
+- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc);
++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0]));
+ if (!bsdargs)
+ {
+ err = grub_errno;
+@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"),
+ "module");
+
+- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0]));
++ newargs = grub_calloc (argc + 1, sizeof (newargs[0]));
+ if (!newargs)
+ return grub_errno;
+ grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0]));
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 2c5363d..9164df7 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
+ goto fail;
+
+ /* Save argc, args to pass as parameters to block arg later. */
+- menu_args = grub_malloc (sizeof (char*) * (argc + 1));
++ menu_args = grub_calloc (argc + 1, sizeof (char *));
+ if (! menu_args)
+ goto fail;
+
+diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
+index 699447d..7c8f97f 100644
+--- a/grub-core/commands/nativedisk.c
++++ b/grub-core/commands/nativedisk.c
+@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
+ else
+ path_prefix = prefix;
+
+- mods = grub_malloc (argc * sizeof (mods[0]));
++ mods = grub_calloc (argc, sizeof (mods[0]));
+ if (!mods)
+ return grub_errno;
+
+diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c
+index 22b46b1..051e313 100644
+--- a/grub-core/commands/parttool.c
++++ b/grub-core/commands/parttool.c
+@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name,
+ for (nargs = 0; args[nargs].name != 0; nargs++);
+ cur->nargs = nargs;
+ cur->args = (struct grub_parttool_argdesc *)
+- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc));
++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc));
++ if (!cur->args)
++ {
++ grub_free (cur);
++ curhandle--;
++ return -1;
++ }
+ grub_memcpy (cur->args, args,
+ (nargs + 1) * sizeof (struct grub_parttool_argdesc));
+
+@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ return err;
+ }
+
+- parsed = (int *) grub_zalloc (argc * sizeof (int));
++ parsed = (int *) grub_calloc (argc, sizeof (int));
+
+ for (i = 1; i < argc; i++)
+ if (! parsed[i])
+@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ }
+ ptool = cur;
+ pargs = (struct grub_parttool_args *)
+- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args));
++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args));
+ for (j = i; j < argc; j++)
+ if (! parsed[j])
+ {
+diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c
+index f00b184..4019164 100644
+--- a/grub-core/commands/regexp.c
++++ b/grub-core/commands/regexp.c
+@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args)
+ if (ret)
+ goto fail;
+
+- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1));
++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches));
+ if (! matches)
+ goto fail;
+
+diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
+index d7fd26b..47fc8eb 100644
+--- a/grub-core/commands/search_wrap.c
++++ b/grub-core/commands/search_wrap.c
+@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
+ for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++)
+ nhints++;
+
+- hints = grub_malloc (sizeof (hints[0]) * nhints);
++ hints = grub_calloc (nhints, sizeof (hints[0]));
+ if (!hints)
+ return grub_errno;
+ j = 0;
+diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
+index c3b578a..68ca9e0 100644
+--- a/grub-core/disk/diskfilter.c
++++ b/grub-core/disk/diskfilter.c
+@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
+ array->lvs->segments->node_count = nmemb;
+ array->lvs->segments->raid_member_size = disk_size;
+ array->lvs->segments->nodes
+- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0]));
++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
+ array->lvs->segments->stripe_size = stripe_size;
+ for (i = 0; i < nmemb; i++)
+ {
+@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
+ grub_partition_t p;
+ for (p = disk->partition; p; p = p->parent)
+ s++;
+- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0]));
++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0]));
+ s = 0;
+ for (p = disk->partition; p; p = p->parent)
+ pv->partmaps[s++] = xstrdup (p->partmap->name);
+diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
+index f73257e..03674cb 100644
+--- a/grub-core/disk/ieee1275/ofdisk.c
++++ b/grub-core/disk/ieee1275/ofdisk.c
+@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
+ /* Power machines documentation specify 672 as maximum SAS disks in
+ one system. Using a slightly larger value to be safe. */
+ table_size = 768;
+- table = grub_malloc (table_size * sizeof (grub_uint64_t));
++ table = grub_calloc (table_size, sizeof (grub_uint64_t));
+
+ if (!table)
+ {
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 2a22d2d..e632370 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk,
+ lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ lv->segments->node_count = 0;
+ lv->segments->node_alloc = 8;
+- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes)
+- * lv->segments->node_alloc);
++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
++ sizeof (*lv->segments->nodes));
+ if (!lv->segments->nodes)
+ goto fail2;
+ ptr = vblk[i].dynamic;
+@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk,
+ {
+ comp->segment_alloc = 8;
+ comp->segment_count = 0;
+- comp->segments = grub_malloc (sizeof (*comp->segments)
+- * comp->segment_alloc);
++ comp->segments = grub_calloc (comp->segment_alloc,
++ sizeof (*comp->segments));
+ if (!comp->segments)
+ goto fail2;
+ }
+@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk,
+ }
+ comp->segments->node_count = read_int (ptr + 1, *ptr);
+ comp->segments->node_alloc = comp->segments->node_count;
+- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes)
+- * comp->segments->node_alloc);
++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
++ sizeof (*comp->segments->nodes));
+ if (!lv->segments->nodes)
+ goto fail2;
+ }
+@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors,
+ *nsectors = lv->size;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 86c50c6..18b3a8b 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source,
+ && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
+ max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
+
+- split_key = grub_malloc (keysize * max_stripes);
++ split_key = grub_calloc (keysize, max_stripes);
+ if (!split_key)
+ return grub_errno;
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index dc6b83b..7b5fbbc 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -209,7 +209,7 @@ grub_lvm_detect (grub_disk_t disk,
+ first one. */
+
+ /* Allocate buffer space for the circular worst-case scenario. */
+- metadatabuf = grub_malloc (2 * mda_size);
++ metadatabuf = grub_calloc (2, mda_size);
+ if (! metadatabuf)
+ goto fail;
+
+@@ -464,7 +464,7 @@ grub_lvm_detect (grub_disk_t disk,
+ #endif
+ goto lvs_fail;
+ }
+- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count);
++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
+ seg = lv->segments;
+
+ for (i = 0; i < lv->segment_count; i++)
+@@ -521,8 +521,8 @@ grub_lvm_detect (grub_disk_t disk,
+ if (seg->node_count != 1)
+ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
+
+- seg->nodes = grub_zalloc (sizeof (*stripe)
+- * seg->node_count);
++ seg->nodes = grub_calloc (seg->node_count,
++ sizeof (*stripe));
+ stripe = seg->nodes;
+
+ p = grub_strstr (p, "stripes = [");
+@@ -898,7 +898,7 @@ grub_lvm_detect (grub_disk_t disk,
+ break;
+ if (lv)
+ {
+- cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments));
++ cache->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments));
+ if (!cache->lv->segments)
+ {
+ grub_lvm_free_cache_lvs (cache_lvs);
+@@ -911,7 +911,7 @@ grub_lvm_detect (grub_disk_t disk,
+ struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
+ grub_size_t node_count = lv->segments[i].node_count;
+
+- cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes));
++ cache->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes));
+ if (!cache->lv->segments[i].nodes)
+ {
+ for (j = 0; j < i; ++j)
+diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c
+index 48476cb..d6612ee 100644
+--- a/grub-core/disk/xen/xendisk.c
++++ b/grub-core/disk/xen/xendisk.c
+@@ -426,7 +426,7 @@ grub_xendisk_init (void)
+ if (!ctr)
+ return;
+
+- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0]));
++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0]));
+ if (!virtdisks)
+ return;
+ if (grub_xenstore_dir ("device/vbd", fill, &ctr))
+diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c
+index 44085ef..2b92462 100644
+--- a/grub-core/efiemu/loadcore.c
++++ b/grub-core/efiemu/loadcore.c
+@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e)
+
+ grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize;
+ grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *)
+- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms);
++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym));
+
+ /* Relocators */
+ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
+diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c
+index 52a032f..9b8e0d0 100644
+--- a/grub-core/efiemu/mm.c
++++ b/grub-core/efiemu/mm.c
+@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void)
+ /* Initialize variables*/
+ grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE);
+ scanline_events = (struct grub_efiemu_mmap_scan *)
+- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2);
+
+ /* Number of chunks can't increase more than by factor of 2 */
+ result = (grub_efi_memory_descriptor_t *)
+- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2);
+ if (!result || !scanline_events)
+ {
+ grub_free (result);
+@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void)
+
+ /* Preallocate mmap */
+ efiemu_mmap = (grub_efi_memory_descriptor_t *)
+- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t));
++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t));
+ if (!efiemu_mmap)
+ {
+ grub_efiemu_unload ();
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 85a2925..8e118b3 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct
+ font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE;
+
+ /* Allocate the character index array. */
+- font->char_index = grub_malloc (font->num_chars
+- * sizeof (struct char_index_entry));
++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry));
+ if (!font->char_index)
+ return 1;
+ font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t));
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 6b6a2bc..220b371 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node)
+ return 0;
+ }
+ latin1[symlink_size] = 0;
+- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size);
+ if (!utf8)
+ {
+ grub_free (latin1);
+@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ return 1;
+ }
+
+- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable));
++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable));
+ if (!hashtable)
+ return 1;
+
+@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label)
+ len = file.namelen;
+ if (len > sizeof (file.name))
+ len = sizeof (file.name);
+- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len);
+ if (*label)
+ *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
+ }
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 48bd3d0..11272ef 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data,
+ {
+ desc->allocated = 16;
+ desc->depth = 0;
+- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated);
++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0]));
+ if (!desc->data)
+ return grub_errno;
+ }
+@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data,
+ grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY;
+ grub_uint64_t i, failed_devices;
+
+- buffers = grub_zalloc (sizeof(*buffers) * nstripes);
++ buffers = grub_calloc (nstripes, sizeof (*buffers));
+ if (!buffers)
+ goto cleanup;
+
+@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
+ *nsectors = 64 * 2 - 1;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index ac0a409..3fe842b 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label)
+ grub_size_t len = data->sblock.volname[0];
+ if (len > sizeof (data->sblock.volname) - 1)
+ len = sizeof (data->sblock.volname) - 1;
+- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len);
+ if (*label)
+ macroman_to_utf8 (*label, data->sblock.volname + 1,
+ len + 1, 0);
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 54786bb..dae43be 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg)
+ if (! filename)
+ return 0;
+
+- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname));
++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname));
+ if (!keyname)
+ {
+ grub_free (filename);
+@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
+
+ label_len = grub_be_to_cpu16 (catkey->namelen);
+- label_name = grub_malloc (label_len * sizeof (*label_name));
++ label_name = grub_calloc (label_len, sizeof (*label_name));
+ if (!label_name)
+ {
+ grub_free (node);
+@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ }
+ }
+
+- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+ if (! *label)
+ {
+ grub_free (label_name);
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 49c0c63..4f1b52a 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len)
+ int i;
+ grub_uint16_t t[MAX_NAMELEN / 2 + 1];
+
+- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+ if (! p)
+ return NULL;
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index fc4e1f6..2f34f76 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
+ grub_uint16_t *tmp;
+ grub_size_t i;
+
+- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
+- tmp = grub_malloc (len * sizeof (tmp[0]));
++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
++ tmp = grub_calloc (len, sizeof (tmp[0]));
+ if (!buf || !tmp)
+ {
+ grub_free (buf);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 50c1fe7..90f7fb3 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ node->next_extent = node->block;
+ node->cache_size = 0;
+
+- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size);
++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0]));
+ if (!node->cache)
+ {
+ grub_errno = 0;
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 7d63e0c..c551ed6 100644
+--- a/grub-core/fs/tar.c
++++ b/grub-core/fs/tar.c
+@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ if (data->linkname_alloc < linksize + 1)
+ {
+ char *n;
+- n = grub_malloc (2 * (linksize + 1));
++ n = grub_calloc (2, linksize + 1);
+ if (!n)
+ return grub_errno;
+ grub_free (data->linkname);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index dc8b6e2..a837616 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ {
+ unsigned i;
+ utf16len = sz - 1;
+- utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++ utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+ if (!utf16)
+ return NULL;
+ for (i = 0; i < utf16len; i++)
+@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ {
+ unsigned i;
+ utf16len = (sz - 1) / 2;
+- utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++ utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+ if (!utf16)
+ return NULL;
+ for (i = 0; i < utf16len; i++)
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 2f72e42..381dde5 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
+ }
+ subvol->nkeys = 0;
+ zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data);
+- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0]));
+ if (!subvol->keyring)
+ {
+ grub_free (fsname);
+@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)),
+ *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS);
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c
+index a9a415e..ba1e1ea 100644
+--- a/grub-core/gfxmenu/gui_string_util.c
++++ b/grub-core/gfxmenu/gui_string_util.c
+@@ -55,7 +55,7 @@ canonicalize_path (const char *path)
+ if (*p == '/')
+ components++;
+
+- char **path_array = grub_malloc (components * sizeof (*path_array));
++ char **path_array = grub_calloc (components, sizeof (*path_array));
+ if (! path_array)
+ return 0;
+
+diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c
+index b606028..470597d 100644
+--- a/grub-core/gfxmenu/widget-box.c
++++ b/grub-core/gfxmenu/widget-box.c
+@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix,
+ box->content_height = 0;
+ box->raw_pixmaps =
+ (struct grub_video_bitmap **)
+- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+ box->scaled_pixmaps =
+ (struct grub_video_bitmap **)
+- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+
+ /* Initialize all pixmap pointers to NULL so that proper destruction can
+ be performed if an error is encountered partway through construction. */
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 6208a97..43d98a7 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */
+ z = 1 << j; /* table entries for j-bit table */
+
+ /* allocate and link in new table */
+- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft));
++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft));
+ if (! q)
+ {
+ if (h)
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 6e1ceb9..dc31caa 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
+
+ len = grub_strlen (var);
+ len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++ var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+ if (!var16)
+ return grub_errno;
+ len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+
+ len = grub_strlen (var);
+ len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++ var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+ if (!var16)
+ return NULL;
+ len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ while (len > 0 && fp->path_name[len - 1] == 0)
+ len--;
+
+- dup_name = grub_malloc (len * sizeof (*dup_name));
++ dup_name = grub_calloc (len, sizeof (*dup_name));
+ if (!dup_name)
+ {
+ grub_free (name);
+diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c
+index e9ec680..d975265 100644
+--- a/grub-core/kern/emu/hostdisk.c
++++ b/grub-core/kern/emu/hostdisk.c
+@@ -615,7 +615,7 @@ static char *
+ grub_util_path_concat_real (size_t n, int ext, va_list ap)
+ {
+ size_t totlen = 0;
+- char **l = xmalloc ((n + ext) * sizeof (l[0]));
++ char **l = xcalloc (n + ext, sizeof (l[0]));
+ char *r, *p, *pi;
+ size_t i;
+ int first = 1;
+diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
+index 2b85f49..f90be65 100644
+--- a/grub-core/kern/fs.c
++++ b/grub-core/kern/fs.c
+@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
+ while (p);
+
+ /* Allocate a block list. */
+- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1));
++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block));
+ if (! blocks)
+ return 0;
+
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index 3b633d5..a7abd36 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -690,7 +690,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
+ args->ptr = args->prealloc;
+ else
+ {
+- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0]));
++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0]));
+ if (!args->ptr)
+ {
+ grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 78175aa..619db31 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline,
+ return grub_errno;
+ grub_memcpy (args, buffer, bp - buffer);
+
+- *argv = grub_malloc (sizeof (char *) * (*argc + 1));
++ *argv = grub_calloc (*argc + 1, sizeof (char *));
+ if (!*argv)
+ {
+ grub_free (args);
+diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c
+index be4816f..aac8f9a 100644
+--- a/grub-core/kern/uboot/uboot.c
++++ b/grub-core/kern/uboot/uboot.c
+@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void)
+ return num_devices;
+
+ max_devices = 2;
+- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices);
++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info));
+ if (!enum_devices)
+ return 0;
+
+diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c
+index f5e946a..63f6fcd 100644
+--- a/grub-core/lib/libgcrypt/cipher/ac.c
++++ b/grub-core/lib/libgcrypt/cipher/ac.c
+@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
+ gcry_mpi_t mpi;
+ char *label;
+
+- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new));
+ if (! data_mpis_new)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
+ }
+
+ /* Add MPI list. */
+- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags,
+ /* We build a list of arguments to pass to
+ gcry_sexp_build_array(). */
+ data_length = _gcry_ac_data_length (data);
+- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2);
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
+ arg_list_n += 2;
+
+ /* Allocate list. */
+- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c
+index 2788e34..b12e79b 100644
+--- a/grub-core/lib/libgcrypt/cipher/primegen.c
++++ b/grub-core/lib/libgcrypt/cipher/primegen.c
+@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor,
+ }
+
+ /* Allocate an array to track pool usage. */
+- pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use);
+ if (!pool_in_use)
+ {
+ err = gpg_err_code_from_errno (errno);
+@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
+ if (nbits < 16)
+ log_fatal ("can't generate a prime with less than %d bits\n", 16);
+
+- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods);
+ /* Make nbits fit into gcry_mpi_t implementation. */
+ val_2 = mpi_alloc_set_ui( 2 );
+ val_3 = mpi_alloc_set_ui( 3);
+diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c
+index 9109821..ca087ad 100644
+--- a/grub-core/lib/libgcrypt/cipher/pubkey.c
++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c
+@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
+ * array to a format string, so we have to do it this way :-(. */
+ /* FIXME: There is now such a format specifier, so we can
+ change the code to be more clear. */
+- arg_list = malloc (nelem * sizeof *arg_list);
++ arg_list = calloc (nelem, sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_syserror ();
+@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+ }
+ strcpy (p, "))");
+
+- arg_list = malloc (nelem * sizeof *arg_list);
++ arg_list = calloc (nelem, sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_syserror ();
+diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c
+index 659be0b..7d5e7c0 100644
+--- a/grub-core/lib/priority_queue.c
++++ b/grub-core/lib/priority_queue.c
+@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize,
+ {
+ struct grub_priority_queue *ret;
+ void *els;
+- els = grub_malloc (elsize * 8);
++ els = grub_calloc (8, elsize);
+ if (!els)
+ return 0;
+ ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret));
+diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
+index ee9fa7b..467305b 100644
+--- a/grub-core/lib/reed_solomon.c
++++ b/grub-core/lib/reed_solomon.c
+@@ -20,6 +20,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#define xcalloc calloc
+ #define xmalloc malloc
+ #define grub_memset memset
+ #define grub_memcpy memcpy
+@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
+ gf_single_t *rs_polynomial;
+ int i, j;
+ gf_single_t *m;
+- m = xmalloc ((s + rs) * sizeof (gf_single_t));
++ m = xcalloc (s + rs, sizeof (gf_single_t));
+ grub_memcpy (m, data, s * sizeof (gf_single_t));
+- grub_memset (m + s, 0, rs * sizeof (gf_single_t));
+- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t));
+- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t));
++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t));
+ rs_polynomial[rs] = 1;
+ /* Multiply with X - a^r */
+ for (j = 0; j < rs; j++)
+diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
+index ea3ebc7..5847aac 100644
+--- a/grub-core/lib/relocator.c
++++ b/grub-core/lib/relocator.c
+@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel,
+ }
+ #endif
+
+- eventt = grub_malloc (maxevents * sizeof (events[0]));
++ eventt = grub_calloc (maxevents, sizeof (events[0]));
+ counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0]));
+- events = grub_malloc (maxevents * sizeof (events[0]));
++ events = grub_calloc (maxevents, sizeof (events[0]));
+ if (!events || !eventt || !counter)
+ {
+ grub_dprintf ("relocator", "events or counter allocation failed %d\n",
+@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel,
+ #endif
+ unsigned cural = 0;
+ int oom = 0;
+- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs);
++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0]));
+ if (!res->subchunks)
+ oom = 1;
+ res->nsubchunks = nallocs;
+@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
+ count[(chunk->src & 0xff) + 1]++;
+ }
+ }
+- from = grub_malloc (nchunks * sizeof (sorted[0]));
+- to = grub_malloc (nchunks * sizeof (sorted[0]));
++ from = grub_calloc (nchunks, sizeof (sorted[0]));
++ to = grub_calloc (nchunks, sizeof (sorted[0]));
+ if (!from || !to)
+ {
+ grub_free (from);
+diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c
+index 72bbead..2227b84 100644
+--- a/grub-core/lib/zstd/fse_decompress.c
++++ b/grub-core/lib/zstd/fse_decompress.c
+@@ -82,7 +82,7 @@
+ FSE_DTable* FSE_createDTable (unsigned tableLog)
+ {
+ if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX;
+- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) );
++ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) );
+ }
+
+ void FSE_freeDTable (FSE_DTable* dt)
+diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c
+index 5168491..d70c174 100644
+--- a/grub-core/loader/arm/linux.c
++++ b/grub-core/loader/arm/linux.c
+@@ -78,7 +78,7 @@ linux_prepare_atag (void *target_atag)
+
+ /* some place for cmdline, initrd and terminator. */
+ tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4;
+- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t));
++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t));
+ if (!tmp_atag)
+ return grub_errno;
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index cd92ea3..daf8c6b 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -116,7 +116,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
+ fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
+ fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
+
+- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
+ if (!path_name)
+ return;
+
+diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c
+index af6741d..a8d8bf7 100644
+--- a/grub-core/loader/i386/bsdXX.c
++++ b/grub-core/loader/i386/bsdXX.c
+@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
+ if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
+ return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
+
+- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize);
+ if (! *shdr)
+ return grub_errno;
+
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index e64ed08..b7d176b 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d
+ return grub_errno;
+
+ len = grub_strlen (name);
+- utf16 = grub_malloc (sizeof (grub_uint16_t) * len);
++ utf16 = grub_calloc (len, sizeof (grub_uint16_t));
+ if (!utf16)
+ {
+ grub_free (utf8);
+@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor *
+ grub_uint16_t *utf16;
+ grub_err_t err;
+
+- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen);
++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t));
+ if (!utf16)
+ return grub_errno;
+ grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen);
+diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c
+index 085f9c6..05710c4 100644
+--- a/grub-core/loader/macho.c
++++ b/grub-core/loader/macho.c
+@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit)
+ if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header))
+ == (grub_off_t) -1)
+ goto fail;
+- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+ if (!archs)
+ goto fail;
+ if (grub_file_read (macho->file, archs,
+diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
+index 70cd1db..cc68536 100644
+--- a/grub-core/loader/multiboot_elfxx.c
++++ b/grub-core/loader/multiboot_elfxx.c
+@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
+ {
+ grub_uint8_t *shdr, *shdrptr;
+
+- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize);
++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize);
+ if (!shdr)
+ return grub_errno;
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 7f74d1d..77d7060 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -800,7 +800,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)),
+ if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC)
+ {
+ narchs = grub_be_to_cpu32 (head.nfat_arch);
+- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+ if (! archs)
+ {
+ grub_file_close (file);
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 6a31cba..57b4e9a 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+
+ /* Initialize variables. */
+ ctx.scanline_events = (struct grub_mmap_scan *)
+- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num);
++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2);
+
+- present = grub_zalloc (sizeof (present[0]) * current_priority);
++ present = grub_calloc (current_priority, sizeof (present[0]));
+
+ if (! ctx.scanline_events || !present)
+ {
+diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
+index 04cfbb0..6539572 100644
+--- a/grub-core/net/bootp.c
++++ b/grub-core/net/bootp.c
+@@ -766,7 +766,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)),
+ if (ncards == 0)
+ return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found"));
+
+- ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
++ ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
+ if (!ifaces)
+ return grub_errno;
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index 5d9afe0..e332d5e 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ ptr++;
+ ptr += 4;
+ }
+- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0])
+- * grub_be_to_cpu16 (head->ancount));
++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount),
++ sizeof ((*data->addresses)[0]));
+ if (!*data->addresses)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ dns_cache[h].addresses = 0;
+ dns_cache[h].name = grub_strdup (data->oname);
+ dns_cache[h].naddresses = *data->naddresses;
+- dns_cache[h].addresses = grub_malloc (*data->naddresses
+- * sizeof (dns_cache[h].addresses[0]));
++ dns_cache[h].addresses = grub_calloc (*data->naddresses,
++ sizeof (dns_cache[h].addresses[0]));
+ dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all;
+ if (!dns_cache[h].addresses || !dns_cache[h].name)
+ {
+@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name,
+ }
+ }
+
+- sockets = grub_malloc (sizeof (sockets[0]) * n_servers);
++ sockets = grub_calloc (n_servers, sizeof (sockets[0]));
+ if (!sockets)
+ return grub_errno;
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index d5d726a..38f19df 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)),
+ ncards++;
+ }
+
+- ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
+- slaacs = grub_zalloc (ncards * sizeof (slaacs[0]));
++ ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
++ slaacs = grub_calloc (ncards, sizeof (slaacs[0]));
+ if (!ifaces || !slaacs)
+ {
+ grub_free (ifaces);
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index b0ab47d..d57fb72 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg,
+ {
+ grub_size_t msg_len = grub_strlen (msg);
+
+- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ if (!*unicode_msg)
+ return -1;
+@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ }
+ else
+ {
+- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1));
++ n = grub_calloc (out->ncomb + 1, sizeof (n[0]));
+ if (!n)
+ {
+ grub_errno = GRUB_ERR_NONE;
+@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical,
+ } \
+ }
+
+- visual = grub_malloc (sizeof (visual[0]) * logical_len);
++ visual = grub_calloc (logical_len, sizeof (visual[0]));
+ if (!visual)
+ return -1;
+
+@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical,
+ {
+ const grub_uint32_t *line_start = logical, *ptr;
+ struct grub_unicode_glyph *visual_ptr;
+- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0])
+- * (logical_len + 2));
++ *visual_out = visual_ptr = grub_calloc (logical_len + 2,
++ 3 * sizeof (visual_ptr[0]));
+ if (!visual_ptr)
+ return -1;
+ for (ptr = logical; ptr <= logical + logical_len; ptr++)
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c037d50..c57242e 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -41,7 +41,7 @@ grub_err_t
+ grub_set_history (int newsize)
+ {
+ grub_uint32_t **old_hist_lines = hist_lines;
+- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize);
++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *));
+
+ /* Copy the old lines into the new buffer. */
+ if (old_hist_lines)
+@@ -114,7 +114,7 @@ static void
+ grub_history_set (int pos, grub_uint32_t *s, grub_size_t len)
+ {
+ grub_free (hist_lines[pos]);
+- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t));
++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t));
+ if (!hist_lines[pos])
+ {
+ grub_print_error ();
+@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated)
+ char *ret;
+ unsigned nterms;
+
+- buf = grub_malloc (max_len * sizeof (grub_uint32_t));
++ buf = grub_calloc (max_len, sizeof (grub_uint32_t));
+ if (!buf)
+ return 0;
+
+@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated)
+ FOR_ACTIVE_TERM_OUTPUTS(cur)
+ nterms++;
+
+- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms);
++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0]));
+ if (!cl_terms)
+ {
+ grub_free (buf);
+@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated)
+ }
+ cl_term_cur = cl_terms;
+
+- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+ if (!unicode_msg)
+ {
+ grub_free (buf);
+@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated)
+ grub_uint32_t *insert;
+
+ insertlen = grub_strlen (insertu8);
+- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t));
++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t));
+ if (!insert)
+ {
+ grub_free (insertu8);
+@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated)
+
+ grub_free (kill_buf);
+
+- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t));
+ if (grub_errno)
+ {
+ grub_print_error ();
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index cdf3590..1993995 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep)
+ {
+ linep->len = 0;
+ linep->max_len = 80;
+- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0]));
+- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0]));
++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0]));
++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0]));
+ if (! linep->buf || !linep->pos)
+ {
+ grub_free (linep->buf);
+@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen,
+ pos = linep->pos + (term_screen - screen->terms);
+
+ if (!*pos)
+- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos));
++ *pos = grub_calloc (linep->len + 1, sizeof (**pos));
+
+ if (i == region_start || linep == screen->lines + screen->line
+ || (i > region_start && mode == ALL_LINES))
+@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update)
+
+ /* Insert the string. */
+ current_linep = screen->lines + screen->line;
+- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t));
+
+ if (!unicode_msg)
+ return 0;
+@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update)
+ if (completion_buffer.buf)
+ {
+ buflen = grub_strlen (completion_buffer.buf);
+- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1));
++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t));
+
+ if (!ucs4)
+ {
+@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+ for (i = 0; i < (unsigned) screen->num_lines; i++)
+ {
+ grub_free (screen->lines[i].pos);
+- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0]));
++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0]));
+ if (! screen->lines[i].pos)
+ {
+ grub_print_error ();
+@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+ }
+ }
+
+- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0]));
++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0]));
+ if (!screen->terms)
+ {
+ grub_print_error ();
+diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
+index e22bb91..18240e7 100644
+--- a/grub-core/normal/menu_text.c
++++ b/grub-core/normal/menu_text.c
+@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left,
+ grub_size_t msg_len = grub_strlen (msg) + 2;
+ int ret = 0;
+
+- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ if (!unicode_msg)
+ return 0;
+@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry,
+
+ title = entry ? entry->title : "";
+ title_len = grub_strlen (title);
+- unicode_title = grub_malloc (title_len * sizeof (*unicode_title));
++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title));
+ if (! unicode_title)
+ /* XXX How to show this error? */
+ return;
+diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c
+index a1e5c5a..cc8c173 100644
+--- a/grub-core/normal/term.c
++++ b/grub-core/normal/term.c
+@@ -264,7 +264,7 @@ grub_term_save_pos (void)
+ FOR_ACTIVE_TERM_OUTPUTS(cur)
+ cnt++;
+
+- ret = grub_malloc (cnt * sizeof (ret[0]));
++ ret = grub_calloc (cnt, sizeof (ret[0]));
+ if (!ret)
+ return NULL;
+
+@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len)
+
+ grub_error_push ();
+
+- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t));
++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t));
+
+ grub_error_pop ();
+
+diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
+index 90d92d3..5b41ad0 100644
+--- a/grub-core/osdep/linux/getroot.c
++++ b/grub-core/osdep/linux/getroot.c
+@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable)
+ if (ret != 0)
+ grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno));
+
+- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *));
++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *));
+
+ for (i = 0, j = 0; j < info.nr_disks; i++)
+ {
+@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir)
+ return NULL;
+ }
+
+- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0]));
++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0]));
+
+ for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++)
+ {
+@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot)
+ if (relroot)
+ *relroot = NULL;
+
+- entries = xmalloc (entry_max * sizeof (*entries));
++ entries = xcalloc (entry_max, sizeof (*entries));
+
+ again:
+ fp = grub_util_fopen ("/proc/self/mountinfo", "r");
+diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c
+index 65effa9..7d63251 100644
+--- a/grub-core/osdep/unix/config.c
++++ b/grub-core/osdep/unix/config.c
+@@ -89,7 +89,7 @@ grub_util_load_config (struct grub_util_config *cfg)
+ argv[0] = "sh";
+ argv[1] = "-c";
+
+- script = xmalloc (4 * strlen (cfgfile) + 300);
++ script = xcalloc (4, strlen (cfgfile) + 300);
+
+ ptr = script;
+ memcpy (ptr, ". '", 3);
+diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c
+index 661d954..eada663 100644
+--- a/grub-core/osdep/windows/getroot.c
++++ b/grub-core/osdep/windows/getroot.c
+@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path)
+
+ for (ptr = path; *ptr; ptr++);
+ allocsize = (ptr - path + 10) * 2;
+- out = xmalloc (allocsize * sizeof (out[0]));
++ out = xcalloc (allocsize, sizeof (out[0]));
+
+ /* When pointing to EFI system partition GetVolumePathName fails
+ for ESP root and returns abberant information for everything
+diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c
+index 3551007..0be3273 100644
+--- a/grub-core/osdep/windows/hostdisk.c
++++ b/grub-core/osdep/windows/hostdisk.c
+@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path)
+
+ while (1)
+ {
+- fpa = xmalloc (alloc * sizeof (fpa[0]));
++ fpa = xcalloc (alloc, sizeof (fpa[0]));
+
+ len = GetFullPathName (tpath, alloc, fpa, NULL);
+ if (len >= alloc)
+@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name)
+ for (l = 0; name_windows[l]; l++);
+ for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--);
+ l++;
+- pattern = xmalloc ((l + 3) * sizeof (pattern[0]));
++ pattern = xcalloc (l + 3, sizeof (pattern[0]));
+ memcpy (pattern, name_windows, l * sizeof (pattern[0]));
+ pattern[l] = '\\';
+ pattern[l + 1] = '*';
+diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c
+index e8ffd62..6297de6 100644
+--- a/grub-core/osdep/windows/init.c
++++ b/grub-core/osdep/windows/init.c
+@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)),
+ LPWSTR *targv;
+
+ targv = CommandLineToArgvW (tcmdline, argc);
+- *argv = xmalloc ((*argc + 1) * sizeof (argv[0]));
++ *argv = xcalloc (*argc + 1, sizeof (argv[0]));
+
+ for (i = 0; i < *argc; i++)
+ (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]);
+diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c
+index 7eb53fe..1ef86bf 100644
+--- a/grub-core/osdep/windows/platform.c
++++ b/grub-core/osdep/windows/platform.c
+@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev,
+ grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode"));
+
+ distrib8_len = grub_strlen (efi_distributor);
+- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8
+- * sizeof (grub_uint16_t));
++ distributor16 = xcalloc (distrib8_len + 1,
++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t));
+ distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8,
+ (const grub_uint8_t *) efi_distributor,
+ distrib8_len, 0);
+diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c
+index cb08617..478e8ef 100644
+--- a/grub-core/osdep/windows/relpath.c
++++ b/grub-core/osdep/windows/relpath.c
+@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path)
+ if (dirwindows[0] && dirwindows[1] == ':')
+ offset = 2;
+ }
+- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2));
++ ret = xcalloc (flen - offset + 2, sizeof (ret[0]));
+ if (dirwindows[offset] != '\\'
+ && dirwindows[offset] != '/'
+ && dirwindows[offset])
+diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c
+index 103f679..72a2e37 100644
+--- a/grub-core/partmap/gpt.c
++++ b/grub-core/partmap/gpt.c
+@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+ *nsectors = ctx.len;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c
+index 7b8e450..ee3f249 100644
+--- a/grub-core/partmap/msdos.c
++++ b/grub-core/partmap/msdos.c
+@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+ avail_nsectors = *nsectors;
+ if (*nsectors > max_nsectors)
+ *nsectors = max_nsectors;
+- *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++ *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+ if (!*sectors)
+ return grub_errno;
+ for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index ee299fd..c8d6806 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str)
+ for (iptr = orig_str; *iptr; iptr++)
+ if (*iptr == '$')
+ dollar_cnt++;
+- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt);
++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0]));
+
+ if (parse_string (orig_str, gettext_save_allow, &ctx, 0))
+ goto fail;
+diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c
+index 2d60852..b5eb516 100644
+--- a/grub-core/tests/fake_input.c
++++ b/grub-core/tests/fake_input.c
+@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in)
+ saved = grub_term_inputs;
+ if (seq)
+ grub_free (seq);
+- seq = grub_malloc (nseq_in * sizeof (seq[0]));
++ seq = grub_calloc (nseq_in, sizeof (seq[0]));
+ if (!seq)
+ return;
+
+diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c
+index 74d5b65..44d0810 100644
+--- a/grub-core/tests/video_checksum.c
++++ b/grub-core/tests/video_checksum.c
+@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname,
+ {
+ case 4:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname,
+ }
+ case 3:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname,
+ }
+ case 2:
+ {
+- grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++ grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
+index 4f83c74..4d3195e 100644
+--- a/grub-core/video/capture.c
++++ b/grub-core/video/capture.c
+@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
+ framebuffer.mode_info = *mode_info;
+ framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info);
+
+- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch);
++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
+ if (!framebuffer.ptr)
+ return grub_errno;
+
+diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c
+index a2f639f..0ebab6f 100644
+--- a/grub-core/video/emu/sdl.c
++++ b/grub-core/video/emu/sdl.c
+@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count,
+ if (start + count > mode_info.number_of_colors)
+ count = mode_info.number_of_colors - start;
+
+- tmp = grub_malloc (count * sizeof (tmp[0]));
++ tmp = grub_calloc (count, sizeof (tmp[0]));
+ for (i = 0; i < count; i++)
+ {
+ tmp[i].r = palette_data[i].r;
+diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
+index 01f4711..b2f776c 100644
+--- a/grub-core/video/i386/pc/vga.c
++++ b/grub-core/video/i386/pc/vga.c
+@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
+
+ vga_height = height ? : 480;
+
+- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH);
++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH);
+ framebuffer.front_page = 0;
+ framebuffer.back_page = 0;
+ if (!framebuffer.temporary_buffer)
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 777e713..61bd645 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ if (data->is_16bit || data->is_gray || data->is_palette)
+ #endif
+ {
+- data->image_data = grub_malloc (data->image_height * data->row_bytes);
++ data->image_data = grub_calloc (data->image_height, data->row_bytes);
+ if (grub_errno)
+ return grub_errno;
+
+diff --git a/include/grub/unicode.h b/include/grub/unicode.h
+index a0403e9..4de986a 100644
+--- a/include/grub/unicode.h
++++ b/include/grub/unicode.h
+@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in)
+ grub_memcpy (out, in, sizeof (*in));
+ if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+ {
+- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+ if (!out->combining_ptr)
+ {
+ grub_free (out);
+@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out,
+ grub_memcpy (out, in, sizeof (*in));
+ if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+ {
+- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+ if (!out->combining_ptr)
+ return;
+ grub_memcpy (out->combining_ptr, in->combining_ptr,
+diff --git a/util/getroot.c b/util/getroot.c
+index 847406f..a5eaa64 100644
+--- a/util/getroot.c
++++ b/util/getroot.c
+@@ -200,7 +200,7 @@ make_device_name (const char *drive)
+ char *ret, *ptr;
+ const char *iptr;
+
+- ret = xmalloc (strlen (drive) * 2);
++ ret = xcalloc (2, strlen (drive));
+ ptr = ret;
+ for (iptr = drive; *iptr; iptr++)
+ {
+diff --git a/util/grub-file.c b/util/grub-file.c
+index 50c18b6..b2e7dd6 100644
+--- a/util/grub-file.c
++++ b/util/grub-file.c
+@@ -54,7 +54,7 @@ main (int argc, char *argv[])
+
+ grub_util_host_init (&argc, &argv);
+
+- argv2 = xmalloc (argc * sizeof (argv2[0]));
++ argv2 = xcalloc (argc, sizeof (argv2[0]));
+
+ if (argc == 2 && strcmp (argv[1], "--version") == 0)
+ {
+diff --git a/util/grub-fstest.c b/util/grub-fstest.c
+index f14e02d..57246af 100644
+--- a/util/grub-fstest.c
++++ b/util/grub-fstest.c
+@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
+ if (args_count < num_disks)
+ {
+ if (args_count == 0)
+- images = xmalloc (num_disks * sizeof (images[0]));
++ images = xcalloc (num_disks, sizeof (images[0]));
+ images[args_count] = grub_canonicalize_file_name (arg);
+ args_count++;
+ return 0;
+@@ -734,7 +734,7 @@ main (int argc, char *argv[])
+
+ grub_util_host_init (&argc, &argv);
+
+- args = xmalloc (argc * sizeof (args[0]));
++ args = xcalloc (argc, sizeof (args[0]));
+
+ argp_parse (&argp, argc, argv, 0, 0, 0);
+
+diff --git a/util/grub-install-common.c b/util/grub-install-common.c
+index ca0ac61..0295d40 100644
+--- a/util/grub-install-common.c
++++ b/util/grub-install-common.c
+@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val,
+ il->n_entries++;
+ }
+ il->n_alloc = il->n_entries + 1;
+- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0]));
++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0]));
+ ptr = val;
+ for (ce = il->entries; ; ce++)
+ {
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 8a55ad4..a82725f 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -626,7 +626,7 @@ device_map_check_duplicates (const char *dev_map)
+ if (! fp)
+ return;
+
+- d = xmalloc (alloced * sizeof (d[0]));
++ d = xcalloc (alloced, sizeof (d[0]));
+
+ while (fgets (buf, sizeof (buf), fp))
+ {
+@@ -1260,7 +1260,7 @@ main (int argc, char *argv[])
+ ndev++;
+ }
+
+- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1));
++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0]));
+
+ for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
+ curdrive++)
+diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
+index bc087c2..d97d0e7 100644
+--- a/util/grub-mkimagexx.c
++++ b/util/grub-mkimagexx.c
+@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
+ + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize);
+ smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset);
+
+- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections);
+- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections);
+- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections);
+- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections);
++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs));
++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs));
+
+ SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target);
+
+diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
+index ce2cbc4..5183102 100644
+--- a/util/grub-mkrescue.c
++++ b/util/grub-mkrescue.c
+@@ -441,8 +441,8 @@ main (int argc, char *argv[])
+ xorriso = xstrdup ("xorriso");
+ label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2");
+
+- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc);
+- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc);
++ argp_argv = xcalloc (argc, sizeof (argp_argv[0]));
++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0]));
+
+ xorriso_tail_argc = 0;
+ /* Program name */
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index 4907d44..edf3097 100644
+--- a/util/grub-mkstandalone.c
++++ b/util/grub-mkstandalone.c
+@@ -296,7 +296,7 @@ main (int argc, char *argv[])
+ grub_util_host_init (&argc, &argv);
+ grub_util_disable_fd_syncs ();
+
+- files = xmalloc ((argc + 1) * sizeof (files[0]));
++ files = xcalloc (argc + 1, sizeof (files[0]));
+
+ argp_parse (&argp, argc, argv, 0, 0, 0);
+
+diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c
+index 0d4084a..1133129 100644
+--- a/util/grub-pe2elf.c
++++ b/util/grub-pe2elf.c
+@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image,
+ char *pe_strtab = (image + pe_chdr->symtab_offset
+ + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol));
+
+- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int));
++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int));
+ section_map[0] = 0;
+- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0]));
++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0]));
+ idx = 1;
+ idx_reloc = pe_chdr->num_sections + 1;
+
+@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image,
+
+ pe_sec = pe_shdr + shdr[i].sh_link;
+ pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset);
+- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t));
++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t));
+ num_rels = 0;
+ modified = 0;
+
+@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image,
+ pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset);
+ pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols);
+
+- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) *
+- sizeof (Elf_Sym));
+- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym));
++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym));
+ num_syms = 1;
+
+- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int));
++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int));
+
+ for (i = 0; i < (int) pe_chdr->num_symbols;
+ i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1)
+diff --git a/util/grub-probe.c b/util/grub-probe.c
+index 81d27ee..cbe6ed9 100644
+--- a/util/grub-probe.c
++++ b/util/grub-probe.c
+@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim)
+ grub_util_pull_device (*curdev);
+ ndev++;
+ }
+-
+- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1));
++
++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0]));
+
+ for (curdev = device_names, curdrive = drives_names; *curdev; curdev++,
+ curdrive++)
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
new file mode 100644
index 0000000000..896a2145d4
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -0,0 +1,1330 @@
+From eb77d1ef65e25746acff43545f62a71360b15eec Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:28:27 -0400
+Subject: [PATCH 6/9] malloc: Use overflow checking primitives where we do
+ complex allocations
+
+This attempts to fix the places where we do the following where
+arithmetic_expr may include unvalidated data:
+
+ X = grub_malloc(arithmetic_expr);
+
+It accomplishes this by doing the arithmetic ahead of time using grub_add(),
+grub_sub(), grub_mul() and testing for overflow before proceeding.
+
+Among other issues, this fixes:
+ - allocation of integer overflow in grub_video_bitmap_create()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_png_decode_image_header()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_squash_read_symlink()
+ reported by Chris Coulson,
+ - allocation of integer overflow in grub_ext2_read_symlink()
+ reported by Chris Coulson,
+ - allocation of integer overflow in read_section_as_string()
+ reported by Chris Coulson.
+
+Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
+ grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++-----
+ grub-core/disk/ldm.c | 32 ++++++++++++++++++--------
+ grub-core/font/font.c | 7 +++++-
+ grub-core/fs/btrfs.c | 28 +++++++++++++++--------
+ grub-core/fs/ext2.c | 10 ++++++++-
+ grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++-------------
+ grub-core/fs/sfs.c | 27 +++++++++++++++++-----
+ grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++---------
+ grub-core/fs/udf.c | 41 +++++++++++++++++++++------------
+ grub-core/fs/xfs.c | 11 +++++----
+ grub-core/fs/zfs/zfs.c | 22 ++++++++++++------
+ grub-core/fs/zfs/zfscrypt.c | 7 +++++-
+ grub-core/lib/arg.c | 20 +++++++++++++++--
+ grub-core/loader/i386/bsd.c | 8 ++++++-
+ grub-core/net/dns.c | 9 +++++++-
+ grub-core/normal/charset.c | 10 +++++++--
+ grub-core/normal/cmdline.c | 14 ++++++++++--
+ grub-core/normal/menu_entry.c | 13 +++++++++--
+ grub-core/script/argv.c | 16 +++++++++++--
+ grub-core/script/lexer.c | 21 ++++++++++++++---
+ grub-core/video/bitmap.c | 25 +++++++++++++--------
+ grub-core/video/readers/png.c | 13 +++++++++--
+ 23 files changed, 382 insertions(+), 113 deletions(-)
+
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index 5e3ec0d..cc5971f 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -32,6 +32,7 @@
+ #include <grub/auth.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -104,13 +105,22 @@ legacy_file (const char *filename)
+ if (newsuffix)
+ {
+ char *t;
+-
++ grub_size_t sz;
++
++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) ||
++ grub_add (sz, 1, &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail_0;
++ }
++
+ t = suffix;
+- suffix = grub_realloc (suffix, grub_strlen (suffix)
+- + grub_strlen (newsuffix) + 1);
++ suffix = grub_realloc (suffix, sz);
+ if (!suffix)
+ {
+ grub_free (t);
++
++ fail_0:
+ grub_free (entrysrc);
+ grub_free (parsed);
+ grub_free (newsuffix);
+@@ -154,13 +164,22 @@ legacy_file (const char *filename)
+ else
+ {
+ char *t;
++ grub_size_t sz;
++
++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) ||
++ grub_add (sz, 1, &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail_1;
++ }
+
+ t = entrysrc;
+- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc)
+- + grub_strlen (parsed) + 1);
++ entrysrc = grub_realloc (entrysrc, sz);
+ if (!entrysrc)
+ {
+ grub_free (t);
++
++ fail_1:
+ grub_free (parsed);
+ grub_free (suffix);
+ return grub_errno;
+diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
+index 4a106ca..cc32903 100644
+--- a/grub-core/commands/wildcard.c
++++ b/grub-core/commands/wildcard.c
+@@ -23,6 +23,7 @@
+ #include <grub/file.h>
+ #include <grub/device.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+
+ #include <regex.h>
+
+@@ -48,6 +49,7 @@ merge (char **dest, char **ps)
+ int i;
+ int j;
+ char **p;
++ grub_size_t sz;
+
+ if (! dest)
+ return ps;
+@@ -60,7 +62,12 @@ merge (char **dest, char **ps)
+ for (j = 0; ps[j]; j++)
+ ;
+
+- p = grub_realloc (dest, sizeof (char*) * (i + j + 1));
++ if (grub_add (i, j, &sz) ||
++ grub_add (sz, 1, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return dest;
++
++ p = grub_realloc (dest, sz);
+ if (! p)
+ {
+ grub_free (dest);
+@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp)
+ char ch;
+ int i = 0;
+ unsigned len = end - start;
+- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */
++ char *buffer;
++ grub_size_t sz;
+
++ /* Worst case size is (len * 2 + 2 + 1). */
++ if (grub_mul (len, 2, &sz) ||
++ grub_add (sz, 3, &sz))
++ return 1;
++
++ buffer = grub_malloc (sz);
+ if (! buffer)
+ return 1;
+
+@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data)
+ struct match_devices_ctx *ctx = data;
+ char **t;
+ char *buffer;
++ grub_size_t sz;
+
+ /* skip partitions if asked to. */
+ if (ctx->noparts && grub_strchr (name, ','))
+@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data)
+ if (regexec (ctx->regexp, buffer, 0, 0, 0))
+ {
+ grub_dprintf ("expand", "not matched\n");
++ fail:
+ grub_free (buffer);
+ return 0;
+ }
+
+- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2));
++ if (grub_add (ctx->ndev, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ goto fail;
++
++ t = grub_realloc (ctx->devs, sz);
+ if (! t)
+ {
+ grub_free (buffer);
+@@ -300,6 +320,7 @@ match_files_iter (const char *name,
+ struct match_files_ctx *ctx = data;
+ char **t;
+ char *buffer;
++ grub_size_t sz;
+
+ /* skip . and .. names */
+ if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0)
+@@ -315,9 +336,14 @@ match_files_iter (const char *name,
+ if (! buffer)
+ return 1;
+
+- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2));
+- if (! t)
++ if (grub_add (ctx->nfile, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ goto fail;
++
++ t = grub_realloc (ctx->files, sz);
++ if (!t)
+ {
++ fail:
+ grub_free (buffer);
+ return 1;
+ }
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index e632370..58f8a53 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -25,6 +25,7 @@
+ #include <grub/msdos_partition.h>
+ #include <grub/gpt_partition.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ #ifdef GRUB_UTIL
+ #include <grub/emu/misc.h>
+@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk,
+ struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
+ / sizeof (struct grub_ldm_vblk)];
+ unsigned i;
++ grub_size_t sz;
+ err = grub_disk_read (disk, cursec, 0,
+ sizeof(vblk), &vblk);
+ if (err)
+@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk,
+ grub_free (lv);
+ goto fail2;
+ }
+- lv->name = grub_malloc (*ptr + 1);
++ if (grub_add (*ptr, 1, &sz))
++ {
++ grub_free (lv->internal_id);
++ grub_free (lv);
++ goto fail2;
++ }
++ lv->name = grub_malloc (sz);
+ if (!lv->name)
+ {
+ grub_free (lv->internal_id);
+@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk,
+ if (lv->segments->node_alloc == lv->segments->node_count)
+ {
+ void *t;
+- lv->segments->node_alloc *= 2;
+- t = grub_realloc (lv->segments->nodes,
+- sizeof (*lv->segments->nodes)
+- * lv->segments->node_alloc);
++ grub_size_t sz;
++
++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
++ goto fail2;
++
++ t = grub_realloc (lv->segments->nodes, sz);
+ if (!t)
+ goto fail2;
+ lv->segments->nodes = t;
+@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk,
+ if (comp->segment_alloc == comp->segment_count)
+ {
+ void *t;
+- comp->segment_alloc *= 2;
+- t = grub_realloc (comp->segments,
+- comp->segment_alloc
+- * sizeof (*comp->segments));
++ grub_size_t sz;
++
++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) ||
++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz))
++ goto fail2;
++
++ t = grub_realloc (comp->segments, sz);
+ if (!t)
+ goto fail2;
+ comp->segments = t;
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 8e118b3..5edb477 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -30,6 +30,7 @@
+ #include <grub/unicode.h>
+ #include <grub/fontformat.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -360,9 +361,13 @@ static char *
+ read_section_as_string (struct font_file_section *section)
+ {
+ char *str;
++ grub_size_t sz;
+ grub_ssize_t ret;
+
+- str = grub_malloc (section->length + 1);
++ if (grub_add (section->length, 1, &sz))
++ return NULL;
++
++ str = grub_malloc (sz);
+ if (!str)
+ return 0;
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 11272ef..2b65bd5 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -40,6 +40,7 @@
+ #include <grub/btrfs.h>
+ #include <grub/crypto.h>
+ #include <grub/diskfilter.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc,
+ if (desc->allocated < desc->depth)
+ {
+ void *newdata;
+- desc->allocated *= 2;
+- newdata = grub_realloc (desc->data, sizeof (desc->data[0])
+- * desc->allocated);
++ grub_size_t sz;
++
++ if (grub_mul (desc->allocated, 2, &desc->allocated) ||
++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ newdata = grub_realloc (desc->data, sz);
+ if (!newdata)
+ return grub_errno;
+ desc->data = newdata;
+@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id)
+ if (data->n_devices_attached > data->n_devices_allocated)
+ {
+ void *tmp;
+- data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+- data->devices_attached
+- = grub_realloc (tmp = data->devices_attached,
+- data->n_devices_allocated
+- * sizeof (data->devices_attached[0]));
++ grub_size_t sz;
++
++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++ goto fail;
++
++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+ if (!data->devices_attached)
+ {
++ data->devices_attached = tmp;
++
++ fail:
+ if (ctx.dev_found)
+ grub_device_close (ctx.dev_found);
+- data->devices_attached = tmp;
+ return NULL;
+ }
+ }
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index 9b38980..ac33bcd 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -46,6 +46,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ {
+ char *symlink;
+ struct grub_fshelp_node *diro = node;
++ grub_size_t sz;
+
+ if (! diro->inode_read)
+ {
+@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ }
+ }
+
+- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ symlink = grub_malloc (sz);
+ if (! symlink)
+ return 0;
+
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 4f1b52a..7ba5b30 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -28,6 +28,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx,
+ int len2)
+ {
+ int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
++ grub_size_t sz;
+
+- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1);
++ if (grub_add (size, len2, &sz) ||
++ grub_add (sz, 1, &sz))
++ return;
++
++ ctx->symlink = grub_realloc (ctx->symlink, sz);
+ if (! ctx->symlink)
+ return;
+
+@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ {
+ grub_size_t off = 0, csize = 1;
+ char *old;
++ grub_size_t sz;
++
+ csize = entry->len - 5;
+ old = ctx->filename;
+ if (ctx->filename_alloc)
+ {
+ off = grub_strlen (ctx->filename);
+- ctx->filename = grub_realloc (ctx->filename, csize + off + 1);
++ if (grub_add (csize, off, &sz) ||
++ grub_add (sz, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ ctx->filename = grub_realloc (ctx->filename, sz);
+ }
+ else
+ {
+ off = 0;
+- ctx->filename = grub_zalloc (csize + 1);
++ if (grub_add (csize, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ ctx->filename = grub_zalloc (sz);
+ }
+ if (!ctx->filename)
+ {
+@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ if (node->have_dirents >= node->alloc_dirents)
+ {
+ struct grub_fshelp_node *new_node;
+- node->alloc_dirents *= 2;
+- new_node = grub_realloc (node,
+- sizeof (struct grub_fshelp_node)
+- + ((node->alloc_dirents
+- - ARRAY_SIZE (node->dirents))
+- * sizeof (node->dirents[0])));
++ grub_size_t sz;
++
++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) ||
++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++ grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz))
++ goto fail_0;
++
++ new_node = grub_realloc (node, sz);
+ if (!new_node)
+ {
++ fail_0:
+ if (ctx.filename_alloc)
+ grub_free (ctx.filename);
+ grub_free (node);
+@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1)
+ {
+ struct grub_fshelp_node *new_node;
+- new_node = grub_realloc (node,
+- sizeof (struct grub_fshelp_node)
+- + ((node->alloc_dirents
+- - ARRAY_SIZE (node->dirents))
+- * sizeof (node->dirents[0]))
+- + grub_strlen (ctx.symlink) + 1);
++ grub_size_t sz;
++
++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++ grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) ||
++ grub_add (sz, grub_strlen (ctx.symlink), &sz))
++ goto fail_1;
++
++ new_node = grub_realloc (node, sz);
+ if (!new_node)
+ {
++ fail_1:
+ if (ctx.filename_alloc)
+ grub_free (ctx.filename);
+ grub_free (node);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 90f7fb3..de2b107 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ if (node->cache && node->cache_size >= node->cache_allocated)
+ {
+ struct cache_entry *e = node->cache;
+- e = grub_realloc (node->cache,node->cache_allocated * 2
+- * sizeof (e[0]));
++ grub_size_t sz;
++
++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz))
++ goto fail;
++
++ e = grub_realloc (node->cache, sz);
+ if (!e)
+ {
++ fail:
+ grub_errno = 0;
+ grub_free (node->cache);
+ node->cache = 0;
+@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node,
+ grub_size_t len = grub_strlen (name);
+ grub_uint8_t *name_u8;
+ int ret;
++ grub_size_t sz;
++
++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++ grub_add (sz, 1, &sz))
++ return 1;
++
+ *node = grub_malloc (sizeof (**node));
+ if (!*node)
+ return 1;
+- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ name_u8 = grub_malloc (sz);
+ if (!name_u8)
+ {
+ grub_free (*node);
+@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label)
+ data = grub_sfs_mount (disk);
+ if (data)
+ {
+- grub_size_t len = grub_strlen (data->label);
+- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++ grub_size_t sz, len = grub_strlen (data->label);
++
++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++ grub_add (sz, 1, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ *label = grub_malloc (sz);
+ if (*label)
+ *grub_latin1_to_utf8 ((grub_uint8_t *) *label,
+ (const grub_uint8_t *) data->label,
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index 95d5c1e..7851238 100644
+--- a/grub-core/fs/squash4.c
++++ b/grub-core/fs/squash4.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/deflate.h>
++#include <grub/safemath.h>
+ #include <minilzo.h>
+
+ #include "xz.h"
+@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node)
+ {
+ char *ret;
+ grub_err_t err;
+- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1);
++ grub_size_t sz;
++
++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ ret = grub_malloc (sz);
++ if (!ret)
++ return NULL;
+
+ err = read_chunk (node->data, ret,
+ grub_le_to_cpu32 (node->ino.symlink.namelen),
+@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+
+ {
+ grub_fshelp_node_t node;
+- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_size_t sz;
++
++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (!node)
+ return 0;
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz);
+ if (hook (".", GRUB_FSHELP_DIR, node, hook_data))
+ return 1;
+
+@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ {
+ grub_err_t err;
+
+- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (!node)
+ return 0;
+
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz);
+
+ node->stsize--;
+ err = read_chunk (dir->data, &node->ino, sizeof (node->ino),
+@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG;
+ struct grub_squash_dirent di;
+ struct grub_squash_inode ino;
++ grub_size_t sz;
+
+ err = read_chunk (dir->data, &di, sizeof (di),
+ grub_le_to_cpu64 (dir->data->sb.diroffset)
+@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK)
+ filetype = GRUB_FSHELP_SYMLINK;
+
+- node = grub_malloc (sizeof (*node)
+- + (dir->stsize + 1) * sizeof (dir->stack[0]));
++ if (grub_add (dir->stsize, 1, &sz) ||
++ grub_mul (sz, sizeof (dir->stack[0]), &sz) ||
++ grub_add (sz, sizeof (*node), &sz))
++ return 0;
++
++ node = grub_malloc (sz);
+ if (! node)
+ return 0;
+
+- grub_memcpy (node, dir,
+- sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0]));
+
+ node->ino = ino;
+ node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index a837616..21ac7f4 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -28,6 +28,7 @@
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
+ #include <grub/udf.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2];
+ }
+ if (!outbuf)
+- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++ {
++ grub_size_t size;
++
++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) ||
++ grub_add (size, 1, &size))
++ goto fail;
++
++ outbuf = grub_malloc (size);
++ }
+ if (outbuf)
+ *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0';
++
++ fail:
+ grub_free (utf16);
+ return outbuf;
+ }
+@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ grub_size_t sz = U64 (node->block.fe.file_size);
+ grub_uint8_t *raw;
+ const grub_uint8_t *ptr;
+- char *out, *optr;
++ char *out = NULL, *optr;
+
+ if (sz < 4)
+ return NULL;
+@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ if (!raw)
+ return NULL;
+ if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0)
+- {
+- grub_free (raw);
+- return NULL;
+- }
++ goto fail_1;
+
+- out = grub_malloc (sz * 2 + 1);
++ if (grub_mul (sz, 2, &sz) ||
++ grub_add (sz, 1, &sz))
++ goto fail_0;
++
++ out = grub_malloc (sz);
+ if (!out)
+ {
++ fail_0:
+ grub_free (raw);
+ return NULL;
+ }
+@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ {
+ grub_size_t s;
+ if ((grub_size_t) (ptr - raw + 4) > sz)
+- goto fail;
++ goto fail_1;
+ if (!(ptr[2] == 0 && ptr[3] == 0))
+- goto fail;
++ goto fail_1;
+ s = 4 + ptr[1];
+ if ((grub_size_t) (ptr - raw + s) > sz)
+- goto fail;
++ goto fail_1;
+ switch (*ptr)
+ {
+ case 1:
+ if (ptr[1])
+- goto fail;
++ goto fail_1;
+ /* Fallthrough. */
+ case 2:
+ /* in 4 bytes. out: 1 byte. */
+@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ if (optr != out)
+ *optr++ = '/';
+ if (!read_string (ptr + 4, s - 4, optr))
+- goto fail;
++ goto fail_1;
+ optr += grub_strlen (optr);
+ break;
+ default:
+- goto fail;
++ goto fail_1;
+ }
+ ptr += s;
+ }
+@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ grub_free (raw);
+ return out;
+
+- fail:
++ fail_1:
+ grub_free (raw);
+ grub_free (out);
+ grub_error (GRUB_ERR_BAD_FS, "invalid symlink");
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index 96ffecb..ea65902 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -899,6 +900,7 @@ static struct grub_xfs_data *
+ grub_xfs_mount (grub_disk_t disk)
+ {
+ struct grub_xfs_data *data = 0;
++ grub_size_t sz;
+
+ data = grub_zalloc (sizeof (struct grub_xfs_data));
+ if (!data)
+@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk)
+ if (!grub_xfs_sb_valid(data))
+ goto fail;
+
+- data = grub_realloc (data,
+- sizeof (struct grub_xfs_data)
+- - sizeof (struct grub_xfs_inode)
+- + grub_xfs_inode_size(data) + 1);
++ if (grub_add (grub_xfs_inode_size (data),
++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz))
++ goto fail;
++
++ data = grub_realloc (data, sz);
+
+ if (! data)
+ goto fail;
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 381dde5..36d0373 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -55,6 +55,7 @@
+ #include <grub/deflate.h>
+ #include <grub/crypto.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data,
+ if (data->n_devices_attached > data->n_devices_allocated)
+ {
+ void *tmp;
+- data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+- data->devices_attached
+- = grub_realloc (tmp = data->devices_attached,
+- data->n_devices_allocated
+- * sizeof (data->devices_attached[0]));
++ grub_size_t sz;
++
++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+ if (!data->devices_attached)
+ {
+ data->devices_attached = tmp;
+@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name)
+ {
+ char *nvpair;
+ char *ret;
+- grub_size_t size;
++ grub_size_t size, sz;
+ int found;
+
+ found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair,
+ &size, 0);
+ if (!found)
+ return 0;
+- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t));
++
++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz))
++ return 0;
++
++ ret = grub_zalloc (sz);
+ if (!ret)
+ return 0;
+ grub_memcpy (ret, nvlist, sizeof (grub_uint32_t));
+diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c
+index 1402e0b..de3b015 100644
+--- a/grub-core/fs/zfs/zfscrypt.c
++++ b/grub-core/fs/zfs/zfscrypt.c
+@@ -22,6 +22,7 @@
+ #include <grub/misc.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/zfs/zfs.h>
+@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in,
+ int passphrase)
+ {
+ struct grub_zfs_wrap_key *key;
++ grub_size_t sz;
++
+ if (!passphrase && keylen > 32)
+ keylen = 32;
+- key = grub_malloc (sizeof (*key) + keylen);
++ if (grub_add (sizeof (*key), keylen, &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++ key = grub_malloc (sz);
+ if (!key)
+ return grub_errno;
+ key->is_passphrase = passphrase;
+diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c
+index fd7744a..3288609 100644
+--- a/grub-core/lib/arg.c
++++ b/grub-core/lib/arg.c
+@@ -23,6 +23,7 @@
+ #include <grub/term.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ /* Built-in parser for default options. */
+ static const struct grub_arg_option help_options[] =
+@@ -216,7 +217,13 @@ static inline grub_err_t
+ add_arg (char ***argl, int *num, char *s)
+ {
+ char **p = *argl;
+- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *));
++ grub_size_t sz;
++
++ if (grub_add (++(*num), 1, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++ *argl = grub_realloc (*argl, sz);
+ if (! *argl)
+ {
+ grub_free (p);
+@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ grub_size_t argcnt;
+ struct grub_arg_list *list;
+ const struct grub_arg_option *options;
++ grub_size_t sz0, sz1;
+
+ options = extcmd->options;
+ if (! options)
+@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */
+ }
+
+- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt);
++ if (grub_mul (sizeof (*list), i, &sz0) ||
++ grub_mul (sizeof (char *), argcnt, &sz1) ||
++ grub_add (sz0, sz1, &sz0))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return 0;
++ }
++
++ list = grub_zalloc (sz0);
+ if (! list)
+ return 0;
+
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index 3730ed3..b92cbe9 100644
+--- a/grub-core/loader/i386/bsd.c
++++ b/grub-core/loader/i386/bsd.c
+@@ -35,6 +35,7 @@
+ #include <grub/ns8250.h>
+ #include <grub/bsdlabel.h>
+ #include <grub/crypto.h>
++#include <grub/safemath.h>
+ #include <grub/verify.h>
+ #ifdef GRUB_MACHINE_PCBIOS
+ #include <grub/machine/int.h>
+@@ -1012,11 +1013,16 @@ grub_netbsd_add_modules (void)
+ struct grub_netbsd_btinfo_modules *mods;
+ unsigned i;
+ grub_err_t err;
++ grub_size_t sz;
+
+ for (mod = netbsd_mods; mod; mod = mod->next)
+ modcnt++;
+
+- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt);
++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) ||
++ grub_add (sz, sizeof (*mods), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ mods = grub_malloc (sz);
+ if (!mods)
+ return grub_errno;
+
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index e332d5e..906ec7d 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -22,6 +22,7 @@
+ #include <grub/i18n.h>
+ #include <grub/err.h>
+ #include <grub/time.h>
++#include <grub/safemath.h>
+
+ struct dns_cache_element
+ {
+@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s)
+ {
+ int na = dns_servers_alloc * 2;
+ struct grub_net_network_level_address *ns;
++ grub_size_t sz;
++
+ if (na < 8)
+ na = 8;
+- ns = grub_realloc (dns_servers, na * sizeof (ns[0]));
++
++ if (grub_mul (na, sizeof (ns[0]), &sz))
++ return GRUB_ERR_OUT_OF_RANGE;
++
++ ns = grub_realloc (dns_servers, sz);
+ if (!ns)
+ return grub_errno;
+ dns_servers_alloc = na;
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index d57fb72..4dfcc31 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -48,6 +48,7 @@
+ #include <grub/unicode.h>
+ #include <grub/term.h>
+ #include <grub/normal.h>
++#include <grub/safemath.h>
+
+ #if HAVE_FONT_SOURCE
+ #include "widthspec.h"
+@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ {
+ struct grub_unicode_combining *n;
+ unsigned j;
++ grub_size_t sz;
+
+ if (!haveout)
+ continue;
+@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ n = out->combining_inline;
+ else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline))
+ {
+- n = grub_realloc (out->combining_ptr,
+- sizeof (n[0]) * (out->ncomb + 1));
++ if (grub_add (out->ncomb, 1, &sz) ||
++ grub_mul (sz, sizeof (n[0]), &sz))
++ goto fail;
++
++ n = grub_realloc (out->combining_ptr, sz);
+ if (!n)
+ {
++ fail:
+ grub_errno = GRUB_ERR_NONE;
+ continue;
+ }
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c57242e..de03fe6 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -28,6 +28,7 @@
+ #include <grub/env.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ static grub_uint32_t *kill_buf;
+
+@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms,
+ if (len + (*llen) >= (*max_len))
+ {
+ grub_uint32_t *nbuf;
+- (*max_len) *= 2;
+- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len));
++ grub_size_t sz;
++
++ if (grub_mul (*max_len, 2, max_len) ||
++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz))
++ {
++ grub_errno = GRUB_ERR_OUT_OF_RANGE;
++ goto fail;
++ }
++
++ nbuf = grub_realloc ((*buf), sz);
+ if (nbuf)
+ (*buf) = nbuf;
+ else
+ {
++ fail:
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
+ (*max_len) /= 2;
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index 1993995..50eef91 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -27,6 +27,7 @@
+ #include <grub/auth.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+
+ enum update_mode
+ {
+@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra)
+ {
+ if (linep->max_len < linep->len + extra)
+ {
+- linep->max_len = 2 * (linep->len + extra);
+- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0]));
++ grub_size_t sz0, sz1;
++
++ if (grub_add (linep->len, extra, &sz0) ||
++ grub_mul (sz0, 2, &sz0) ||
++ grub_add (sz0, 1, &sz1) ||
++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1))
++ return 0;
++
++ linep->buf = grub_realloc (linep->buf, sz1);
+ if (! linep->buf)
+ return 0;
++ linep->max_len = sz0;
+ }
+
+ return 1;
+diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c
+index 217ec5d..5751fdd 100644
+--- a/grub-core/script/argv.c
++++ b/grub-core/script/argv.c
+@@ -20,6 +20,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+
+ /* Return nearest power of two that is >= v. */
+ static unsigned
+@@ -81,11 +82,16 @@ int
+ grub_script_argv_next (struct grub_script_argv *argv)
+ {
+ char **p = argv->args;
++ grub_size_t sz;
+
+ if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0)
+ return 0;
+
+- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *)));
++ if (grub_add (argv->argc, 2, &sz) ||
++ grub_mul (sz, sizeof (char *), &sz))
++ return 1;
++
++ p = grub_realloc (p, round_up_exp (sz));
+ if (! p)
+ return 1;
+
+@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s,
+ {
+ grub_size_t a;
+ char *p = argv->args[argv->argc - 1];
++ grub_size_t sz;
+
+ if (! s)
+ return 0;
+
+ a = p ? grub_strlen (p) : 0;
+
+- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char)));
++ if (grub_add (a, slen, &sz) ||
++ grub_add (sz, 1, &sz) ||
++ grub_mul (sz, sizeof (char), &sz))
++ return 1;
++
++ p = grub_realloc (p, round_up_exp (sz));
+ if (! p)
+ return 1;
+
+diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c
+index c6bd317..5fb0cbd 100644
+--- a/grub-core/script/lexer.c
++++ b/grub-core/script/lexer.c
+@@ -24,6 +24,7 @@
+ #include <grub/mm.h>
+ #include <grub/script_sh.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ #define yytext_ptr char *
+ #include "grub_script.tab.h"
+@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str)
+ old = lexer->recording;
+ if (lexer->recordlen < len)
+ lexer->recordlen = len;
+- lexer->recordlen *= 2;
++
++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen))
++ goto fail;
++
+ lexer->recording = grub_realloc (lexer->recording, lexer->recordlen);
+ if (!lexer->recording)
+ {
++ fail:
+ grub_free (old);
+ lexer->recordpos = 0;
+ lexer->recordlen = 0;
+@@ -130,7 +135,7 @@ int
+ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+ const char *input)
+ {
+- grub_size_t len = 0;
++ grub_size_t len = 0, sz;
+ char *p = 0;
+ char *line = 0;
+ YY_BUFFER_STATE buffer;
+@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+ }
+ else if (len && line[len - 1] != '\n')
+ {
+- p = grub_realloc (line, len + 2);
++ if (grub_add (len, 2, &sz))
++ {
++ grub_free (line);
++ grub_script_yyerror (parserstate, N_("overflow is detected"));
++ return 1;
++ }
++
++ p = grub_realloc (line, sz);
+ if (p)
+ {
+ p[len++] = '\n';
+ p[len] = '\0';
+ }
++ else
++ grub_free (line);
++
+ line = p;
+ }
+
+diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c
+index b2e0315..6256e20 100644
+--- a/grub-core/video/bitmap.c
++++ b/grub-core/video/bitmap.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+ enum grub_video_blit_format blit_format)
+ {
+ struct grub_video_mode_info *mode_info;
+- unsigned int size;
++ grub_size_t size;
+
+ if (!bitmap)
+ return grub_error (GRUB_ERR_BUG, "invalid argument");
+@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+
+ mode_info->pitch = width * mode_info->bytes_per_pixel;
+
+- /* Calculate size needed for the data. */
+- size = (width * mode_info->bytes_per_pixel) * height;
++ /* Calculate size needed for the data. */
++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) ||
++ grub_mul (size, height, &size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ goto fail;
++ }
+
+ (*bitmap)->data = grub_zalloc (size);
+ if (! (*bitmap)->data)
+- {
+- grub_free (*bitmap);
+- *bitmap = 0;
+-
+- return grub_errno;
+- }
++ goto fail;
+
+ return GRUB_ERR_NONE;
++
++ fail:
++ grub_free (*bitmap);
++ *bitmap = NULL;
++
++ return grub_errno;
+ }
+
+ /* Frees all resources allocated by bitmap. */
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 61bd645..0157ff7 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/bufio.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ data->bpp <<= 1;
+
+ data->color_bits = color_bits;
+- data->row_bytes = data->image_width * data->bpp;
++
++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
+ if (data->color_bits <= 4)
+- data->row_bytes = (data->image_width * data->color_bits + 7) / 8;
++ {
++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes))
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++ data->row_bytes >>= 3;
++ }
+
+ #ifndef GRUB_CPU_WORDS_BIGENDIAN
+ if (data->is_16bit || data->is_gray || data->is_palette)
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
new file mode 100644
index 0000000000..329e554a68
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -0,0 +1,117 @@
+From c65fc7e75b7b7e880d90766057040011701e97f4 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 14:41:45 +0100
+Subject: [PATCH 8/9] script: Avoid a use-after-free when redefining a function
+ during execution
+
+Defining a new function with the same name as a previously defined
+function causes the grub_script and associated resources for the
+previous function to be freed. If the previous function is currently
+executing when a function with the same name is defined, this results
+in use-after-frees when processing subsequent commands in the original
+function.
+
+Instead, reject a new function definition if it has the same name as
+a previously defined function, and that function is currently being
+executed. Although a behavioural change, this should be backwards
+compatible with existing configurations because they can't be
+dependent on the current behaviour without being broken.
+
+Fixes: CVE-2020-15706
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15706
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/script/execute.c | 2 ++
+ grub-core/script/function.c | 16 +++++++++++++---
+ grub-core/script/parser.y | 3 ++-
+ include/grub/script_sh.h | 2 ++
+ 4 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index c8d6806..7e028e1 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
+ old_scope = scope;
+ scope = &new_scope;
+
++ func->executing++;
+ ret = grub_script_execute (func->func);
++ func->executing--;
+
+ function_return = 0;
+ active_loops = loops;
+diff --git a/grub-core/script/function.c b/grub-core/script/function.c
+index d36655e..3aad04b 100644
+--- a/grub-core/script/function.c
++++ b/grub-core/script/function.c
+@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+ func = (grub_script_function_t) grub_malloc (sizeof (*func));
+ if (! func)
+ return 0;
++ func->executing = 0;
+
+ func->name = grub_strdup (functionname_arg->str);
+ if (! func->name)
+@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+ grub_script_function_t q;
+
+ q = *p;
+- grub_script_free (q->func);
+- q->func = cmd;
+ grub_free (func);
+- func = q;
++ if (q->executing > 0)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("attempt to redefine a function being executed"));
++ func = NULL;
++ }
++ else
++ {
++ grub_script_free (q->func);
++ q->func = cmd;
++ func = q;
++ }
+ }
+ else
+ {
+diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
+index 4f0ab83..f80b86b 100644
+--- a/grub-core/script/parser.y
++++ b/grub-core/script/parser.y
+@@ -289,7 +289,8 @@ function: "function" "name"
+ grub_script_mem_free (state->func_mem);
+ else {
+ script->children = state->scripts;
+- grub_script_function_create ($2, script);
++ if (!grub_script_function_create ($2, script))
++ grub_script_free (script);
+ }
+
+ state->scripts = $<scripts>3;
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index b382bcf..6c48e07 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -361,6 +361,8 @@ struct grub_script_function
+
+ /* The next element. */
+ struct grub_script_function *next;
++
++ unsigned executing;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
new file mode 100644
index 0000000000..d4f9300c0a
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -0,0 +1,177 @@
+From 68a09a74f6d726d79709847f3671c0a08e4fb5a0 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sat, 25 Jul 2020 12:15:37 +0100
+Subject: [PATCH 9/9] linux: Fix integer overflows in initrd size handling
+
+These could be triggered by a crafted filesystem with very large files.
+
+Fixes: CVE-2020-15707
+
+Signed-off-by: Colin Watson <cjwatson@debian.org>
+Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15707
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 54 insertions(+), 20 deletions(-)
+
+diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
+index 471b214..8c8565a 100644
+--- a/grub-core/loader/linux.c
++++ b/grub-core/loader/linux.c
+@@ -4,6 +4,7 @@
+ #include <grub/misc.h>
+ #include <grub/file.h>
+ #include <grub/mm.h>
++#include <grub/safemath.h>
+
+ struct newc_head
+ {
+@@ -98,13 +99,13 @@ free_dir (struct dir *root)
+ grub_free (root);
+ }
+
+-static grub_size_t
++static grub_err_t
+ insert_dir (const char *name, struct dir **root,
+- grub_uint8_t *ptr)
++ grub_uint8_t *ptr, grub_size_t *size)
+ {
+ struct dir *cur, **head = root;
+ const char *cb, *ce = name;
+- grub_size_t size = 0;
++ *size = 0;
+ while (1)
+ {
+ for (cb = ce; *cb == '/'; cb++);
+@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root,
+ ptr = make_header (ptr, name, ce - name,
+ 040777, 0);
+ }
+- size += ALIGN_UP ((ce - (char *) name)
+- + sizeof (struct newc_head), 4);
++ if (grub_add (*size,
++ ALIGN_UP ((ce - (char *) name)
++ + sizeof (struct newc_head), 4),
++ size))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ grub_free (n->name);
++ grub_free (n);
++ return grub_errno;
++ }
+ *head = n;
+ cur = n;
+ }
+ root = &cur->next;
+ }
+- return size;
++ return GRUB_ERR_NONE;
+ }
+
+ grub_err_t
+@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[],
+ eptr = grub_strchr (ptr, ':');
+ if (eptr)
+ {
++ grub_size_t dir_size, name_len;
++
+ initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
+- if (!initrd_ctx->components[i].newc_name)
++ if (!initrd_ctx->components[i].newc_name ||
++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
++ &dir_size))
+ {
+ grub_initrd_close (initrd_ctx);
+ return grub_errno;
+ }
+- initrd_ctx->size
+- += ALIGN_UP (sizeof (struct newc_head)
+- + grub_strlen (initrd_ctx->components[i].newc_name),
+- 4);
+- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
+- &root, 0);
++ name_len = grub_strlen (initrd_ctx->components[i].newc_name);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
++ &initrd_ctx->size) ||
++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
++ goto overflow;
+ newc = 1;
+ fname = eptr + 1;
+ }
+ }
+ else if (newc)
+ {
+- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+- + sizeof ("TRAILER!!!") - 1, 4);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head)
++ + sizeof ("TRAILER!!!") - 1, 4),
++ &initrd_ctx->size))
++ goto overflow;
+ free_dir (root);
+ root = 0;
+ newc = 0;
+@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[],
+ initrd_ctx->nfiles++;
+ initrd_ctx->components[i].size
+ = grub_file_size (initrd_ctx->components[i].file);
+- initrd_ctx->size += initrd_ctx->components[i].size;
++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
++ &initrd_ctx->size))
++ goto overflow;
+ }
+
+ if (newc)
+ {
+ initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
+- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+- + sizeof ("TRAILER!!!") - 1, 4);
++ if (grub_add (initrd_ctx->size,
++ ALIGN_UP (sizeof (struct newc_head)
++ + sizeof ("TRAILER!!!") - 1, 4),
++ &initrd_ctx->size))
++ goto overflow;
+ free_dir (root);
+ root = 0;
+ }
+
+ return GRUB_ERR_NONE;
++
++ overflow:
++ free_dir (root);
++ grub_initrd_close (initrd_ctx);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ }
+
+ grub_size_t
+@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
+
+ if (initrd_ctx->components[i].newc_name)
+ {
+- ptr += insert_dir (initrd_ctx->components[i].newc_name,
+- &root, ptr);
++ grub_size_t dir_size;
++
++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
++ &dir_size))
++ {
++ free_dir (root);
++ grub_initrd_close (initrd_ctx);
++ return grub_errno;
++ }
++ ptr += dir_size;
+ ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
+ grub_strlen (initrd_ctx->components[i].newc_name),
+ 0100777,
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch b/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
new file mode 100644
index 0000000000..c9536e68ef
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -0,0 +1,246 @@
+From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:15:29 -0400
+Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking
+ calloc() available
+
+This tries to make sure that everywhere in this source tree, we always have
+an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
+available, and that they all safely check for overflow and return NULL when
+it would occur.
+
+Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/kern/emu/misc.c | 12 ++++++++++++
+ grub-core/kern/emu/mm.c | 10 ++++++++++
+ grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++
+ grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++--
+ grub-core/lib/posix_wrap/stdlib.h | 8 +++++++-
+ include/grub/emu/misc.h | 1 +
+ include/grub/mm.h | 6 ++++++
+ 7 files changed, 85 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
+index 65db79b..dfd8a8e 100644
+--- a/grub-core/kern/emu/misc.c
++++ b/grub-core/kern/emu/misc.c
+@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
+ exit (1);
+ }
+
++void *
++xcalloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *p;
++
++ p = calloc (nmemb, size);
++ if (!p)
++ grub_util_error ("%s", _("out of memory"));
++
++ return p;
++}
++
+ void *
+ xmalloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
+index f262e95..145b01d 100644
+--- a/grub-core/kern/emu/mm.c
++++ b/grub-core/kern/emu/mm.c
+@@ -25,6 +25,16 @@
+ #include <string.h>
+ #include <grub/i18n.h>
+
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *ret;
++ ret = calloc (nmemb, size);
++ if (!ret)
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
++ return ret;
++}
++
+ void *
+ grub_malloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
+index ee88ff6..f2822a8 100644
+--- a/grub-core/kern/mm.c
++++ b/grub-core/kern/mm.c
+@@ -67,8 +67,10 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/mm_private.h>
++#include <grub/safemath.h>
+
+ #ifdef MM_DEBUG
++# undef grub_calloc
+ # undef grub_malloc
+ # undef grub_zalloc
+ # undef grub_realloc
+@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
+ return 0;
+ }
+
++/*
++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
++ * integer overflow.
++ */
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++ void *ret;
++ grub_size_t sz = 0;
++
++ if (grub_mul (nmemb, size, &sz))
++ {
++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++ return NULL;
++ }
++
++ ret = grub_memalign (0, sz);
++ if (!ret)
++ return NULL;
++
++ grub_memset (ret, 0, sz);
++ return ret;
++}
++
+ /* Allocate SIZE bytes and return the pointer. */
+ void *
+ grub_malloc (grub_size_t size)
+@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
+ grub_printf ("\n");
+ }
+
++void *
++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
++{
++ void *ptr;
++
++ if (grub_mm_debug)
++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
++ file, line, size);
++ ptr = grub_calloc (nmemb, size);
++ if (grub_mm_debug)
++ grub_printf ("%p\n", ptr);
++ return ptr;
++}
++
+ void *
+ grub_debug_malloc (const char *file, int line, grub_size_t size)
+ {
+diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
+index beeb661..74c6eaf 100644
+--- a/grub-core/lib/libgcrypt_wrap/mem.c
++++ b/grub-core/lib/libgcrypt_wrap/mem.c
+@@ -4,6 +4,7 @@
+ #include <grub/crypto.h>
+ #include <grub/dl.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -36,7 +37,10 @@ void *
+ gcry_xcalloc (size_t n, size_t m)
+ {
+ void *ret;
+- ret = grub_zalloc (n * m);
++ size_t sz;
++ if (grub_mul (n, m, &sz))
++ grub_fatal ("gcry_xcalloc would overflow");
++ ret = grub_zalloc (sz);
+ if (!ret)
+ grub_fatal ("gcry_xcalloc failed");
+ return ret;
+@@ -56,7 +60,10 @@ void *
+ gcry_xcalloc_secure (size_t n, size_t m)
+ {
+ void *ret;
+- ret = grub_zalloc (n * m);
++ size_t sz;
++ if (grub_mul (n, m, &sz))
++ grub_fatal ("gcry_xcalloc would overflow");
++ ret = grub_zalloc (sz);
+ if (!ret)
+ grub_fatal ("gcry_xcalloc failed");
+ return ret;
+diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
+index 3b46f47..7a8d385 100644
+--- a/grub-core/lib/posix_wrap/stdlib.h
++++ b/grub-core/lib/posix_wrap/stdlib.h
+@@ -21,6 +21,7 @@
+
+ #include <grub/mm.h>
+ #include <grub/misc.h>
++#include <grub/safemath.h>
+
+ static inline void
+ free (void *ptr)
+@@ -37,7 +38,12 @@ malloc (grub_size_t size)
+ static inline void *
+ calloc (grub_size_t size, grub_size_t nelem)
+ {
+- return grub_zalloc (size * nelem);
++ grub_size_t sz;
++
++ if (grub_mul (size, nelem, &sz))
++ return NULL;
++
++ return grub_zalloc (sz);
+ }
+
+ static inline void *
+diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
+index ce464cf..ff9c48a 100644
+--- a/include/grub/emu/misc.h
++++ b/include/grub/emu/misc.h
+@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
+ #define GRUB_HOST_PRIuLONG_LONG "llu"
+ #define GRUB_HOST_PRIxLONG_LONG "llx"
+
++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
+ char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
+diff --git a/include/grub/mm.h b/include/grub/mm.h
+index 28e2e53..9c38dd3 100644
+--- a/include/grub/mm.h
++++ b/include/grub/mm.h
+@@ -29,6 +29,7 @@
+ #endif
+
+ void grub_mm_init_region (void *addr, grub_size_t size);
++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
+ void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
+ void EXPORT_FUNC(grub_free) (void *ptr);
+@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
+ void grub_mm_dump_free (void);
+ void grub_mm_dump (unsigned lineno);
+
++#define grub_calloc(nmemb, size) \
++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
++
+ #define grub_malloc(size) \
+ grub_debug_malloc (GRUB_FILE, __LINE__, size)
+
+@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
+ #define grub_free(ptr) \
+ grub_debug_free (GRUB_FILE, __LINE__, ptr)
+
++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
++ grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
+ grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch b/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
new file mode 100644
index 0000000000..2b8157f592
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
@@ -0,0 +1,287 @@
+From 8eb02bcb5897b238b29ff762402bb0c3028f0eab Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Thu, 19 Mar 2020 13:56:13 +0800
+Subject: [PATCH 3/9] lvm: Add LVM cache logical volume handling
+
+The LVM cache logical volume is the logical volume consisting of the original
+and the cache pool logical volume. The original is usually on a larger and
+slower storage device while the cache pool is on a smaller and faster one. The
+performance of the original volume can be improved by storing the frequently
+used data on the cache pool to utilize the greater performance of faster
+device.
+
+The default cache mode "writethrough" ensures that any data written will be
+stored both in the cache and on the origin LV, therefore grub can be straight
+to read the original lv as no data loss is guarenteed.
+
+The second cache mode is "writeback", which delays writing from the cache pool
+back to the origin LV to have increased performance. The drawback is potential
+data loss if losing the associated cache device.
+
+During the boot time grub reads the LVM offline i.e. LVM volumes are not
+activated and mounted, hence it should be fine to read directly from original
+lv since all cached data should have been flushed back in the process of taking
+it offline.
+
+It is also not much helpful to the situation by adding fsync calls to the
+install code. The fsync did not force to write back dirty cache to the original
+device and rather it would update associated cache metadata to complete the
+write transaction with the cache device. IOW the writes to cached blocks still
+go only to the cache device.
+
+To write back dirty cache, as LVM cache did not support dirty cache flush per
+block range, there'no way to do it for file. On the other hand the "cleaner"
+policy is implemented and can be used to write back "all" dirty blocks in a
+cache, which effectively drain all dirty cache gradually to attain and last in
+the "clean" state, which can be useful for shrinking or decommissioning a
+cache. The result and effect is not what we are looking for here.
+
+In conclusion, as it seems no way to enforce file writes to the original
+device, grub may suffer from power failure as it cannot assemble the cache
+device and read the dirty data from it. However since the case is only
+applicable to writeback mode which is sensitive to data lost in nature, I'd
+still like to propose my (relatively simple) patch and treat reading dirty
+cache as improvement.
+
+Upstream-Status: Backport [commit 0454b0445393aafc5600e92ef0c39494e333b135
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/disk/lvm.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 190 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 7b265c7..dc6b83b 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -33,6 +33,14 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
++struct cache_lv
++{
++ struct grub_diskfilter_lv *lv;
++ char *cache_pool;
++ char *origin;
++ struct cache_lv *next;
++};
++
+
+ /* Go the string STR and return the number after STR. *P will point
+ at the number. In case STR is not found, *P will be NULL and the
+@@ -95,6 +103,34 @@ grub_lvm_check_flag (char *p, const char *str, const char *flag)
+ }
+ }
+
++static void
++grub_lvm_free_cache_lvs (struct cache_lv *cache_lvs)
++{
++ struct cache_lv *cache;
++
++ while ((cache = cache_lvs))
++ {
++ cache_lvs = cache_lvs->next;
++
++ if (cache->lv)
++ {
++ unsigned int i;
++
++ for (i = 0; i < cache->lv->segment_count; ++i)
++ if (cache->lv->segments)
++ grub_free (cache->lv->segments[i].nodes);
++ grub_free (cache->lv->segments);
++ grub_free (cache->lv->fullname);
++ grub_free (cache->lv->idname);
++ grub_free (cache->lv->name);
++ }
++ grub_free (cache->lv);
++ grub_free (cache->origin);
++ grub_free (cache->cache_pool);
++ grub_free (cache);
++ }
++}
++
+ static struct grub_diskfilter_vg *
+ grub_lvm_detect (grub_disk_t disk,
+ struct grub_diskfilter_pv_id *id,
+@@ -242,6 +278,8 @@ grub_lvm_detect (grub_disk_t disk,
+
+ if (! vg)
+ {
++ struct cache_lv *cache_lvs = NULL;
++
+ /* First time we see this volume group. We've to create the
+ whole volume group structure. */
+ vg = grub_malloc (sizeof (*vg));
+@@ -671,6 +709,106 @@ grub_lvm_detect (grub_disk_t disk,
+ seg->nodes[seg->node_count - 1].name = tmp;
+ }
+ }
++ else if (grub_memcmp (p, "cache\"",
++ sizeof ("cache\"") - 1) == 0)
++ {
++ struct cache_lv *cache = NULL;
++
++ char *p2, *p3;
++ grub_size_t sz;
++
++ cache = grub_zalloc (sizeof (*cache));
++ if (!cache)
++ goto cache_lv_fail;
++ cache->lv = grub_zalloc (sizeof (*cache->lv));
++ if (!cache->lv)
++ goto cache_lv_fail;
++ grub_memcpy (cache->lv, lv, sizeof (*cache->lv));
++
++ if (lv->fullname)
++ {
++ cache->lv->fullname = grub_strdup (lv->fullname);
++ if (!cache->lv->fullname)
++ goto cache_lv_fail;
++ }
++ if (lv->idname)
++ {
++ cache->lv->idname = grub_strdup (lv->idname);
++ if (!cache->lv->idname)
++ goto cache_lv_fail;
++ }
++ if (lv->name)
++ {
++ cache->lv->name = grub_strdup (lv->name);
++ if (!cache->lv->name)
++ goto cache_lv_fail;
++ }
++
++ skip_lv = 1;
++
++ p2 = grub_strstr (p, "cache_pool = \"");
++ if (!p2)
++ goto cache_lv_fail;
++
++ p2 = grub_strchr (p2, '"');
++ if (!p2)
++ goto cache_lv_fail;
++
++ p3 = ++p2;
++ p3 = grub_strchr (p3, '"');
++ if (!p3)
++ goto cache_lv_fail;
++
++ sz = p3 - p2;
++
++ cache->cache_pool = grub_malloc (sz + 1);
++ if (!cache->cache_pool)
++ goto cache_lv_fail;
++ grub_memcpy (cache->cache_pool, p2, sz);
++ cache->cache_pool[sz] = '\0';
++
++ p2 = grub_strstr (p, "origin = \"");
++ if (!p2)
++ goto cache_lv_fail;
++
++ p2 = grub_strchr (p2, '"');
++ if (!p2)
++ goto cache_lv_fail;
++
++ p3 = ++p2;
++ p3 = grub_strchr (p3, '"');
++ if (!p3)
++ goto cache_lv_fail;
++
++ sz = p3 - p2;
++
++ cache->origin = grub_malloc (sz + 1);
++ if (!cache->origin)
++ goto cache_lv_fail;
++ grub_memcpy (cache->origin, p2, sz);
++ cache->origin[sz] = '\0';
++
++ cache->next = cache_lvs;
++ cache_lvs = cache;
++ break;
++
++ cache_lv_fail:
++ if (cache)
++ {
++ grub_free (cache->origin);
++ grub_free (cache->cache_pool);
++ if (cache->lv)
++ {
++ grub_free (cache->lv->fullname);
++ grub_free (cache->lv->idname);
++ grub_free (cache->lv->name);
++ }
++ grub_free (cache->lv);
++ grub_free (cache);
++ }
++ grub_lvm_free_cache_lvs (cache_lvs);
++ goto fail4;
++ }
+ else
+ {
+ #ifdef GRUB_UTIL
+@@ -747,6 +885,58 @@ grub_lvm_detect (grub_disk_t disk,
+ }
+
+ }
++
++ {
++ struct cache_lv *cache;
++
++ for (cache = cache_lvs; cache; cache = cache->next)
++ {
++ struct grub_diskfilter_lv *lv;
++
++ for (lv = vg->lvs; lv; lv = lv->next)
++ if (grub_strcmp (lv->name, cache->origin) == 0)
++ break;
++ if (lv)
++ {
++ cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments));
++ if (!cache->lv->segments)
++ {
++ grub_lvm_free_cache_lvs (cache_lvs);
++ goto fail4;
++ }
++ grub_memcpy (cache->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments));
++
++ for (i = 0; i < lv->segment_count; ++i)
++ {
++ struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
++ grub_size_t node_count = lv->segments[i].node_count;
++
++ cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes));
++ if (!cache->lv->segments[i].nodes)
++ {
++ for (j = 0; j < i; ++j)
++ grub_free (cache->lv->segments[j].nodes);
++ grub_free (cache->lv->segments);
++ cache->lv->segments = NULL;
++ grub_lvm_free_cache_lvs (cache_lvs);
++ goto fail4;
++ }
++ grub_memcpy (cache->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes));
++ }
++
++ if (cache->lv->segments)
++ {
++ cache->lv->segment_count = lv->segment_count;
++ cache->lv->vg = vg;
++ cache->lv->next = vg->lvs;
++ vg->lvs = cache->lv;
++ cache->lv = NULL;
++ }
++ }
++ }
++ }
++
++ grub_lvm_free_cache_lvs (cache_lvs);
+ if (grub_diskfilter_vg_register (vg))
+ goto fail4;
+ }
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch b/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
new file mode 100644
index 0000000000..29021e8d8f
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
@@ -0,0 +1,94 @@
+From 06c361a71c4998635493610e5d76d0d223925251 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 10:58:42 -0400
+Subject: [PATCH 5/9] safemath: Add some arithmetic primitives that check for
+ overflow
+
+This adds a new header, include/grub/safemath.h, that includes easy to
+use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
+
+ bool OP(a, b, res)
+
+where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
+case where the operation would overflow and res is not modified.
+Otherwise, false is returned and the operation is executed.
+
+These arithmetic primitives require newer compiler versions. So, bump
+these requirements in the INSTALL file too.
+
+Upstream-Status: Backport [commit 68708c4503018d61dbcce7ac11cbb511d6425f4d
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[YL: omit the change to INSTALL from original patch]
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ include/grub/compiler.h | 8 ++++++++
+ include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 45 insertions(+)
+ create mode 100644 include/grub/safemath.h
+
+diff --git a/include/grub/compiler.h b/include/grub/compiler.h
+index c9e1d7a..8f3be3a 100644
+--- a/include/grub/compiler.h
++++ b/include/grub/compiler.h
+@@ -48,4 +48,12 @@
+ # define WARN_UNUSED_RESULT
+ #endif
+
++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
++# define CLANG_PREREQ(maj,min) \
++ ((__clang_major__ > (maj)) || \
++ (__clang_major__ == (maj) && __clang_minor__ >= (min)))
++#else
++# define CLANG_PREREQ(maj,min) 0
++#endif
++
+ #endif /* ! GRUB_COMPILER_HEADER */
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+new file mode 100644
+index 0000000..c17b89b
+--- /dev/null
++++ b/include/grub/safemath.h
+@@ -0,0 +1,37 @@
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2020 Free Software Foundation, Inc.
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Arithmetic operations that protect against overflow.
++ */
++
++#ifndef GRUB_SAFEMATH_H
++#define GRUB_SAFEMATH_H 1
++
++#include <grub/compiler.h>
++
++/* These appear in gcc 5.1 and clang 3.8. */
++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
++
++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res)
++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
++
++#else
++#error gcc 5.1 or newer or clang 3.8 or newer is required
++#endif
++
++#endif /* GRUB_SAFEMATH_H */
+--
+2.14.4
+
diff --git a/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch b/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
new file mode 100644
index 0000000000..84a80d5ffd
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
@@ -0,0 +1,37 @@
+From e219bad8cee67b2bb21712df8f055706f8da25d2 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 11:21:14 +0100
+Subject: [PATCH 7/9] script: Remove unused fields from grub_script_function
+ struct
+
+Upstream-Status: Backport [commit 1a8d9c9b4ab6df7669b5aa36a56477f297825b96
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ include/grub/script_sh.h | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index 360c2be..b382bcf 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -359,13 +359,8 @@ struct grub_script_function
+ /* The script function. */
+ struct grub_script *func;
+
+- /* The flags. */
+- unsigned flags;
+-
+ /* The next element. */
+ struct grub_script_function *next;
+-
+- int references;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+
+--
+2.14.4
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-17 17:38:52 +0300