grub

Merge ~xnox/grub:initrdless-docs into ~ubuntu-core-dev/grub/+git/ubuntu:master

Git
lp:~xnox/grub
initrdless-docs
Merge into master

Proposed by Dimitri John Ledkov on 2020-10-27

Status:

Superseded

Proposed branch:

~xnox/grub:initrdless-docs

Merge into:

~ubuntu-core-dev/grub/+git/ubuntu:master

Diff against target:

43648 lines (+27070/-3040)

374 files modified

INSTALL (+2/-20)
Makefile.am (+3/-0)
Makefile.util.def (+7/-0)
configure.ac (+12/-2)
debian/.git-dpm (+2/-2)
debian/build-efi-images (+9/-4)
debian/canonical-uefi-ca.crt (+25/-0)
debian/changelog (+1029/-0)
debian/control (+10/-6)
debian/gettext-patches/0001-Support-POTFILES-shell.patch (+54/-0)
debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch (+46/-0)
debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch (+34/-0)
debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch (+26/-0)
debian/grub-check-signatures (+129/-0)
debian/grub-common.dirs (+1/-0)
debian/grub-common.install.in (+4/-0)
debian/grub-common.service (+14/-0)
debian/grub-common.templates (+53/-0)
debian/grub-multi-install (+417/-0)
debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch (+26/-0)
debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch (+86/-0)
debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch (+118/-0)
debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch (+25/-0)
debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch (+66/-0)
debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch (+120/-0)
debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch (+239/-0)
debian/patches/0084-calloc-Use-calloc-at-most-places.patch (+1833/-0)
debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch (+1319/-0)
debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch (+65/-0)
debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch (+34/-0)
debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch (+32/-0)
debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch (+48/-0)
debian/patches/0090-tftp-Do-not-use-priority-queue.patch (+279/-0)
debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch (+29/-0)
debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch (+104/-0)
debian/patches/0093-hfsplus-fix-two-more-overflows.patch (+53/-0)
debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch (+98/-0)
debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch (+247/-0)
debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch (+90/-0)
debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch (+84/-0)
debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch (+175/-0)
debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch (+42/-0)
debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch (+146/-0)
debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch (+334/-0)
debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch (+42/-0)
debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch (+25/-0)
debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch (+165/-0)
debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch (+50/-0)
debian/patches/at_keyboard-module-init.patch (+2/-2)
debian/patches/bash-completion-drop-have-checks.patch (+2/-2)
debian/patches/blacklist-1440x900x32.patch (+2/-2)
debian/patches/bootp-new-net_bootp6-command.patch (+4/-4)
debian/patches/bootp-process-dhcpack-http-boot.patch (+3/-3)
debian/patches/cherrypick-lsefisystab-define-smbios3.patch (+45/-0)
debian/patches/cherrypick-lsefisystab-show-dtb.patch (+40/-0)
debian/patches/cherrypick-smbios-module.patch (+771/-0)
debian/patches/core-in-fs.patch (+1/-1)
debian/patches/default-grub-d.patch (+3/-3)
debian/patches/disable-floppies.patch (+1/-1)
debian/patches/dpkg-version-comparison.patch (+1/-1)
debian/patches/efi-variable-storage-minimise-writes.patch (+19/-19)
debian/patches/efinet-set-dns-from-uefi-proto.patch (+3/-3)
debian/patches/efinet-set-network-from-uefi-devpath.patch (+3/-3)
debian/patches/efinet-uefi-ipv6-pxe-support.patch (+3/-3)
debian/patches/gettext-quiet.patch (+2/-2)
debian/patches/gfxpayload-dynamic.patch (+88/-9)
debian/patches/gfxpayload-keep-default.patch (+23/-7)
debian/patches/grub-install-backup-and-restore.patch (+175/-0)
debian/patches/grub-install-pvxen-paths.patch (+4/-4)
debian/patches/grub-legacy-0-based-partitions.patch (+1/-1)
debian/patches/grub.cfg-400.patch (+1/-1)
debian/patches/ieee1275-clear-reset.patch (+2/-2)
debian/patches/ignore-grub_func_test-failures.patch (+2/-2)
debian/patches/insmod-xzio-and-lzopio-on-xen.patch (+18/-5)
debian/patches/install-efi-fallback.patch (+2/-2)
debian/patches/install-efi-ubuntu-flavours.patch (+2/-2)
debian/patches/install-locale-langpack.patch (+2/-2)
debian/patches/install-powerpc-machtypes.patch (+7/-7)
debian/patches/install-stage2-confusion.patch (+2/-2)
debian/patches/maybe-quiet.patch (+50/-15)
debian/patches/mkconfig-loopback.patch (+4/-4)
debian/patches/mkconfig-mid-upgrade.patch (+2/-2)
debian/patches/mkconfig-nonexistent-loopback.patch (+3/-3)
debian/patches/mkconfig-other-inits.patch (+5/-5)
debian/patches/mkconfig-recovery-title.patch (+45/-10)
debian/patches/mkconfig-signed-kernel.patch (+48/-8)
debian/patches/mkconfig-ubuntu-distributor.patch (+25/-4)
debian/patches/mkconfig-ubuntu-recovery.patch (+58/-10)
debian/patches/mkrescue-efi-modules.patch (+2/-2)
debian/patches/net-read-bracketed-ipv6-addr.patch (+5/-5)
debian/patches/no-devicetree-if-secure-boot.patch (+3/-3)
debian/patches/no-insmod-on-sb.patch (+4/-4)
debian/patches/olpc-prefix-hack.patch (+1/-1)
debian/patches/ppc64el-disable-vsx.patch (+2/-2)
debian/patches/probe-fusionio.patch (+3/-3)
debian/patches/quick-boot-lvm.patch (+2/-2)
debian/patches/quick-boot.patch (+34/-10)
debian/patches/restore-mkdevicemap.patch (+7/-7)
debian/patches/series (+58/-5)
debian/patches/skip-grub_cmd_set_date.patch (+2/-2)
debian/patches/sleep-shift.patch (+3/-3)
debian/patches/ubuntu-add-devicetree-command-support.patch (+52/-0)
debian/patches/ubuntu-add-initrd-less-boot-fallback.patch (+213/-0)
debian/patches/ubuntu-add-initrd-less-boot-messages.patch (+56/-0)
debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch (+69/-0)
debian/patches/ubuntu-dejavu-font-path.patch (+25/-0)
debian/patches/ubuntu-dont-verify-loopback-images.patch (+37/-0)
debian/patches/ubuntu-efi-allow-loopmount-chainload.patch (+127/-0)
debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch (+197/-0)
debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch (+30/-0)
debian/patches/ubuntu-flavour-order.patch (+61/-0)
debian/patches/ubuntu-grub-install-extra-removable.patch (+64/-38)
debian/patches/ubuntu-install-signed.patch (+33/-30)
debian/patches/ubuntu-linuxefi-arm64.patch (+185/-0)
debian/patches/ubuntu-linuxefi.patch (+2795/-0)
debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch (+29/-0)
debian/patches/ubuntu-recovery-dis_ucode_ldr.patch (+84/-0)
debian/patches/ubuntu-resilient-boot-boot-order.patch (+231/-0)
debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch (+208/-0)
debian/patches/ubuntu-shorter-version-info.patch (+41/-0)
debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch (+59/-0)
debian/patches/ubuntu-speed-zsys-history.patch (+158/-0)
debian/patches/ubuntu-support-initrd-less-boot.patch (+107/-0)
debian/patches/ubuntu-temp-keep-auto-nvram.patch (+39/-0)
debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch (+56/-0)
debian/patches/ubuntu-zfs-enhance-support.patch (+1031/-0)
debian/patches/uefi-firmware-setup.patch (+4/-4)
debian/patches/uefi-secure-boot-cryptomount.patch (+3/-3)
debian/patches/vsnprintf-upper-case-hex.patch (+2/-2)
debian/patches/vt-handoff.patch (+70/-9)
debian/patches/wubi-no-windows.patch (+2/-2)
debian/patches/zpool-full-device-name.patch (+2/-2)
debian/po/ar.po (+99/-18)
debian/po/ast.po (+107/-18)
debian/po/be.po (+118/-18)
debian/po/bg.po (+119/-18)
debian/po/ca.po (+120/-18)
debian/po/cs.po (+118/-18)
debian/po/cy.po (+109/-18)
debian/po/da.po (+119/-18)
debian/po/de.po (+122/-18)
debian/po/dz.po (+107/-18)
debian/po/el.po (+120/-18)
debian/po/eo.po (+118/-18)
debian/po/es.po (+119/-18)
debian/po/eu.po (+118/-18)
debian/po/fa.po (+108/-18)
debian/po/fi.po (+118/-18)
debian/po/fr.po (+120/-18)
debian/po/gl.po (+108/-18)
debian/po/gu.po (+106/-18)
debian/po/he.po (+117/-18)
debian/po/hr.po (+118/-18)
debian/po/hu.po (+109/-18)
debian/po/id.po (+107/-18)
debian/po/is.po (+119/-18)
debian/po/it.po (+120/-18)
debian/po/ja.po (+119/-18)
debian/po/ka.po (+87/-18)
debian/po/kk.po (+119/-18)
debian/po/km.po (+106/-18)
debian/po/ko.po (+118/-18)
debian/po/lt.po (+118/-18)
debian/po/lv.po (+118/-18)
debian/po/mr.po (+117/-18)
debian/po/nb.po (+119/-18)
debian/po/nl.po (+120/-18)
debian/po/pl.po (+120/-18)
debian/po/pt.po (+120/-18)
debian/po/pt_BR.po (+120/-18)
debian/po/ro.po (+119/-18)
debian/po/ru.po (+118/-18)
debian/po/si.po (+106/-18)
debian/po/sk.po (+107/-18)
debian/po/sl.po (+118/-18)
debian/po/sq.po (+105/-18)
debian/po/sr.po (+107/-18)
debian/po/sr@latin.po (+107/-18)
debian/po/sv.po (+119/-18)
debian/po/ta.po (+106/-18)
debian/po/templates.pot (+87/-18)
debian/po/th.po (+117/-18)
debian/po/tr.po (+118/-18)
debian/po/ug.po (+119/-18)
debian/po/uk.po (+118/-18)
debian/po/vi.po (+119/-18)
debian/po/zh_CN.po (+105/-18)
debian/po/zh_TW.po (+116/-18)
debian/postinst.in (+80/-14)
debian/rules (+21/-6)
debian/signing-template.json.in (+0/-1)
debian/templates.in (+78/-8)
dev/null (+0/-550)
docs/grub.info (+13/-0)
docs/grub.texi (+88/-0)
grub-core/Makefile.am (+1/-0)
grub-core/Makefile.core.def (+24/-2)
grub-core/bus/usb/usbhub.c (+4/-4)
grub-core/commands/efi/lsefisystab.c (+4/-1)
grub-core/commands/efi/smbios.c (+61/-0)
grub-core/commands/efi/tpm.c (+8/-4)
grub-core/commands/i386/pc/smbios.c (+52/-0)
grub-core/commands/iorw.c (+7/-0)
grub-core/commands/legacycfg.c (+27/-8)
grub-core/commands/memrw.c (+7/-0)
grub-core/commands/menuentry.c (+1/-1)
grub-core/commands/nativedisk.c (+1/-1)
grub-core/commands/parttool.c (+9/-3)
grub-core/commands/regexp.c (+1/-1)
grub-core/commands/search_wrap.c (+1/-1)
grub-core/commands/smbios.c (+398/-0)
grub-core/commands/wildcard.c (+31/-5)
grub-core/disk/diskfilter.c (+2/-2)
grub-core/disk/ieee1275/ofdisk.c (+1/-1)
grub-core/disk/ldm.c (+30/-16)
grub-core/disk/loopback.c (+3/-9)
grub-core/disk/luks.c (+1/-1)
grub-core/disk/lvm.c (+35/-12)
grub-core/disk/xen/xendisk.c (+1/-1)
grub-core/efiemu/i386/pc/cfgtables.c (+4/-11)
grub-core/efiemu/loadcore.c (+1/-1)
grub-core/efiemu/mm.c (+3/-3)
grub-core/font/font.c (+13/-3)
grub-core/fs/affs.c (+3/-3)
grub-core/fs/btrfs.c (+22/-12)
grub-core/fs/ext2.c (+9/-1)
grub-core/fs/hfs.c (+1/-1)
grub-core/fs/hfsplus.c (+11/-6)
grub-core/fs/iso9660.c (+55/-18)
grub-core/fs/ntfs.c (+2/-2)
grub-core/fs/sfs.c (+23/-6)
grub-core/fs/squash4.c (+34/-11)
grub-core/fs/tar.c (+1/-1)
grub-core/fs/udf.c (+29/-16)
grub-core/fs/xfs.c (+7/-4)
grub-core/fs/zfs/zfs.c (+17/-9)
grub-core/fs/zfs/zfscrypt.c (+6/-1)
grub-core/gfxmenu/gui_image.c (+4/-1)
grub-core/gfxmenu/gui_string_util.c (+1/-1)
grub-core/gfxmenu/widget-box.c (+2/-2)
grub-core/io/gzio.c (+1/-1)
grub-core/kern/arm/coreboot/coreboot.S (+6/-0)
grub-core/kern/arm/efi/init.c (+3/-0)
grub-core/kern/arm64/efi/init.c (+3/-0)
grub-core/kern/dl.c (+1/-0)
grub-core/kern/efi/efi.c (+62/-42)
grub-core/kern/efi/init.c (+0/-1)
grub-core/kern/efi/sb.c (+66/-0)
grub-core/kern/emu/hostdisk.c (+1/-1)
grub-core/kern/emu/misc.c (+12/-0)
grub-core/kern/emu/mm.c (+10/-0)
grub-core/kern/fs.c (+1/-1)
grub-core/kern/i386/efi/init.c (+7/-2)
grub-core/kern/ia64/efi/init.c (+7/-2)
grub-core/kern/misc.c (+1/-1)
grub-core/kern/mm.c (+40/-0)
grub-core/kern/parser.c (+1/-1)
grub-core/kern/riscv/efi/init.c (+3/-0)
grub-core/kern/uboot/uboot.c (+1/-1)
grub-core/lib/LzmaEnc.c (+8/-2)
grub-core/lib/arg.c (+18/-2)
grub-core/lib/efi/halt.c (+2/-1)
grub-core/lib/i386/relocator.c (+11/-17)
grub-core/lib/libgcrypt/cipher/ac.c (+4/-4)
grub-core/lib/libgcrypt/cipher/primegen.c (+2/-2)
grub-core/lib/libgcrypt/cipher/pubkey.c (+2/-2)
grub-core/lib/libgcrypt_wrap/mem.c (+9/-2)
grub-core/lib/mips/relocator.c (+2/-4)
grub-core/lib/posix_wrap/stdlib.h (+7/-1)
grub-core/lib/powerpc/relocator.c (+2/-4)
grub-core/lib/priority_queue.c (+1/-1)
grub-core/lib/reed_solomon.c (+3/-4)
grub-core/lib/relocator.c (+7/-7)
grub-core/lib/x86_64/efi/relocator.c (+3/-4)
grub-core/lib/zstd/fse_decompress.c (+1/-1)
grub-core/loader/arm/linux.c (+1/-1)
grub-core/loader/arm64/linux.c (+77/-50)
grub-core/loader/efi/appleloader.c (+7/-0)
grub-core/loader/efi/chainloader.c (+796/-78)
grub-core/loader/efi/fdt.c (+1/-0)
grub-core/loader/efi/linux.c (+87/-0)
grub-core/loader/i386/bsd.c (+14/-1)
grub-core/loader/i386/bsdXX.c (+1/-1)
grub-core/loader/i386/efi/linux.c (+154/-150)
grub-core/loader/i386/linux.c (+59/-39)
grub-core/loader/i386/multiboot_mbi.c (+3/-4)
grub-core/loader/i386/pc/linux.c (+37/-18)
grub-core/loader/i386/xen.c (+10/-2)
grub-core/loader/i386/xnu.c (+7/-6)
grub-core/loader/linux.c (+56/-22)
grub-core/loader/macho.c (+1/-1)
grub-core/loader/mips/linux.c (+3/-6)
grub-core/loader/multiboot.c (+8/-1)
grub-core/loader/multiboot_elfxx.c (+6/-6)
grub-core/loader/multiboot_mbi2.c (+5/-5)
grub-core/loader/xnu.c (+15/-5)
grub-core/loader/xnu_resume.c (+1/-1)
grub-core/mmap/mmap.c (+2/-2)
grub-core/net/bootp.c (+1/-1)
grub-core/net/dns.c (+13/-6)
grub-core/net/net.c (+2/-2)
grub-core/net/tftp.c (+53/-118)
grub-core/normal/charset.c (+13/-7)
grub-core/normal/cmdline.c (+19/-9)
grub-core/normal/main.c (+4/-1)
grub-core/normal/menu_entry.c (+18/-9)
grub-core/normal/menu_text.c (+2/-2)
grub-core/normal/term.c (+2/-2)
grub-core/osdep/basic/no_platform.c (+1/-1)
grub-core/osdep/linux/getroot.c (+3/-3)
grub-core/osdep/unix/config.c (+1/-1)
grub-core/osdep/unix/efivar.c (+167/-11)
grub-core/osdep/unix/platform.c (+3/-3)
grub-core/osdep/windows/getroot.c (+1/-1)
grub-core/osdep/windows/hostdisk.c (+2/-2)
grub-core/osdep/windows/init.c (+1/-1)
grub-core/osdep/windows/platform.c (+3/-3)
grub-core/osdep/windows/relpath.c (+1/-1)
grub-core/partmap/gpt.c (+1/-1)
grub-core/partmap/msdos.c (+1/-1)
grub-core/script/argv.c (+14/-2)
grub-core/script/execute.c (+3/-1)
grub-core/script/function.c (+13/-3)
grub-core/script/lexer.c (+18/-3)
grub-core/script/parser.y (+2/-1)
grub-core/script/yylex.l (+2/-2)
grub-core/term/efi/console.c (+45/-23)
grub-core/tests/fake_input.c (+1/-1)
grub-core/tests/video_checksum.c (+3/-3)
grub-core/video/bitmap.c (+16/-9)
grub-core/video/capture.c (+1/-1)
grub-core/video/emu/sdl.c (+1/-1)
grub-core/video/i386/pc/vga.c (+1/-1)
grub-core/video/readers/png.c (+12/-3)
grub-initrd-fallback.service (+12/-0)
include/grub/arm64/linux.h (+2/-0)
include/grub/compiler.h (+8/-0)
include/grub/efi/api.h (+14/-5)
include/grub/efi/efi.h (+0/-1)
include/grub/efi/linux.h (+31/-0)
include/grub/efi/pe32.h (+47/-5)
include/grub/efi/sb.h (+29/-0)
include/grub/emu/misc.h (+1/-0)
include/grub/i386/linux.h (+6/-1)
include/grub/ia64/linux.h (+0/-0)
include/grub/loader.h (+1/-0)
include/grub/loopback.h (+30/-0)
include/grub/mips/linux.h (+0/-0)
include/grub/mm.h (+6/-0)
include/grub/powerpc/linux.h (+0/-0)
include/grub/relocator.h (+29/-0)
include/grub/safemath.h (+37/-0)
include/grub/script_sh.h (+1/-4)
include/grub/smbios.h (+69/-0)
include/grub/sparc64/linux.h (+0/-0)
include/grub/unicode.h (+2/-2)
include/grub/util/install.h (+8/-9)
util/deviceiter.c (+3/-0)
util/getroot.c (+1/-1)
util/grub-file.c (+1/-1)
util/grub-fstest.c (+2/-2)
util/grub-install-common.c (+91/-16)
util/grub-install.c (+90/-109)
util/grub-mkconfig.in (+6/-1)
util/grub-mkconfig_lib.in (+15/-0)
util/grub-mkimagexx.c (+2/-4)
util/grub-mkrescue.c (+2/-2)
util/grub-mkstandalone.c (+1/-1)
util/grub-pe2elf.c (+5/-7)
util/grub-probe.c (+2/-2)
util/grub.d/00_header.in (+27/-0)
util/grub.d/10_linux.in (+133/-13)
util/grub.d/10_linux_zfs.in (+1117/-0)
util/grub.d/30_uefi-firmware.in (+2/-2)

Related bugs:

Bug #1896608: [regression-in-stable] grub-multi-install fails with exit 1 when question grub-efi/install_devices_empty is skipped	Undecided	Fix Released
Bug #1897819: boot fails on hi1620, thunderx2 platforms	Critical	Fix Released
Bug #1901553: Improve documentation around initrdless boot	Undecided	Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu Core Development Team		2020-10-27	Pending
Review via email: mp+392865@code.launchpad.net

This proposal has been superseded by a proposal from 2020-10-27.

Commit message

Add more messages about initrdless boot.

See https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1901553

Unmerged commits

debed15... by Dimitri John Ledkov on 2020-10-27

grub-common.service: port init.d script to systemd unit. Add warning message, when initrdless boot fails triggering fallback. LP: #1901553

2b306df... by Dimitri John Ledkov on 2020-10-27

10_linux: emit messages when initrdless boot is configured, attempted and fails triggering fallback. LP: #1901553

c50fe8d... by Dimitri John Ledkov on 2020-10-27

merge patched-ubuntu into ubuntu

50b1378... by Dimitri John Ledkov on 2020-10-26

Ubuntu: add initrd-less-boot informational messages

Add additional messages when initrd-less boot is attempted or
fails. As otherwise it is not obvious why boot seems to panic and
reboot by default.

Patch-Name: ubuntu-add-initrd-less-boot-messages.patch

13b8f84... by Dimitri John Ledkov on 2020-10-01

releasing package grub2 version 2.04-1ubuntu35

5649e23... by Dimitri John Ledkov on 2020-10-01

Do not finalize params twice on arm64. LP: #1897819

0511ec4... by Dimitri John Ledkov on 2020-10-01

merge patched-ubuntu into ubuntu

26335cb... by Dimitri John Ledkov on 2020-09-14

configure.ac: one more dejavu font search path

Debian/Ubuntu ship dejavu font in a subdir of truetype.

Patch-Name: ubuntu-dejavu-font-path.patch

f38282a... by Julian Andres Klode on 2020-09-11

Cherry-pick back parts of "Load arm with SB enabled."

These parts got lost in our 2.04 rebase, let's add them back.

Pick (grub_efi_physical_address_t)(grub_efi_uintn_t) cast from
fedora-34 instead, it seems to cause compilation error on armhf
to not do the (grub_efi_uintn_t) cast first.

Bug-Ubuntu: https://bugs.launchpad.net/1862279
Origin: vendor, https://github.com/rhboot/grub2/commit/2786ab864cf00c15123320671f653e9a36ba12b4
Patch-Name: ubuntu-linuxefi-arm64.patch

e07b23a... by Dimitri John Ledkov on 2020-09-28

postinst.in, grub-multi-install: fix logic of skipping installing onto any device, if one chose to not install bootloader on any device. LP: #1896608

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Dimitri John Ledkov

Julian Andres Klode

Ubuntu Core Development Team

 diff --git a/INSTALL b/INSTALL
 index 342c158..991479b 100644
 --- a/INSTALL
 +++ b/INSTALL
@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
  you don't have any of them, please obtain and install them before
  configuring the GRUB.
--* GCC 4.1.3 or later
--  Note: older versions may work but support is limited
--
--  Experimental support for clang 3.3 or later (results in much bigger binaries)
++* GCC 5.1.0 or later
++  Experimental support for clang 3.8.0 or later (results in much bigger binaries)
    for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
--  Note: clang 3.2 or later works for i386 and x86_64 targets but results in
--        much bigger binaries.
--	earlier versions not tested
--  Note: clang 3.2 or later works for arm
--	earlier versions not tested
--  Note: clang on arm64 is not supported due to
--	https://llvm.org/bugs/show_bug.cgi?id=26030
--  Note: clang 3.3 or later works for mips(el)
--	earlier versions fail to generate .reginfo and hence gprel relocations
--	fail.
--  Note: clang 3.2 or later works for powerpc
--	earlier versions not tested
--  Note: clang 3.5 or later works for sparc64
--        earlier versions return "error: unable to interface with target machine"
--  Note: clang has no support for ia64 and hence you can't compile GRUB
--	for ia64 with clang
  * GNU Make
  * GNU Bison 2.3 or later
  * GNU gettext 0.17 or later
 diff --git a/Makefile.am b/Makefile.am
 index 1f4bb9b..e6a2207 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -473,6 +473,9 @@ ChangeLog: FORCE
  		touch $@; \
  	fi
++systemdsystemunit_DATA = \
++	grub-initrd-fallback.service
++
  EXTRA_DIST += ChangeLog ChangeLog-2015
  syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg
 diff --git a/Makefile.util.def b/Makefile.util.def
 index 59e4142..504d1c0 100644
 --- a/Makefile.util.def
 +++ b/Makefile.util.def
@@ -500,6 +500,13 @@ script = {
  };
  script = {
++  name = '10_linux_zfs';
++  common = util/grub.d/10_linux_zfs.in;
++  installdir = grubconf;
++  condition = COND_HOST_LINUX;
++};
++
++script = {
    name = '10_xnu';
    common = util/grub.d/10_xnu.in;
    installdir = grubconf;
 diff --git a/configure.ac b/configure.ac
 index 8832455..fae9171 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -305,6 +305,16 @@ AC_SUBST(grubdirname)
  AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname",
      [Default grub directory name])
++##### systemd unit files
++AC_ARG_WITH([systemdsystemunitdir],
++            AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
++            [],
++            [with_systemdsystemunitdir=/usr/lib/systemd/system],
++            [with_systemdsystemunitdir=no])
++if test "x$with_systemdsystemunitdir" != xno; then
++   AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
++fi
++
+ #
  # Checks for build programs.
+ #
@@ -410,7 +420,7 @@ else
  fi
  # Check for functions and headers.
--AC_CHECK_FUNCS(posix_memalign memalign getextmntent)
++AC_CHECK_FUNCS(posix_memalign memalign getextmntent on_exit)
  AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
  # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation
@@ -1661,7 +1671,7 @@ fi
  if test x"$starfield_excuse" = x; then
     for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do
--     for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype; do
++     for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/share/fonts/truetype/dejavu; do
          if test -f "$dir/DejaVuSans.$ext"; then
            DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext"
            break 2
 diff --git a/debian/.git-dpm b/debian/.git-dpm
 index a87b37e..b8d04a8 100644
 --- a/debian/.git-dpm
 +++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
  # see git-dpm(1) from git-dpm package
--3d51b212987d47da2b8c65a911140bbbc2fd3153
--3d51b212987d47da2b8c65a911140bbbc2fd3153
++50b137848fd25a580fcd76760802af16e4e961fa
++50b137848fd25a580fcd76760802af16e4e961fa
 bb115fbd47e1c464696f1f8d6183e5443975d
 bb115fbd47e1c464696f1f8d6183e5443975d
  grub2_2.04.orig.tar.xz
 diff --git a/debian/build-efi-images b/debian/build-efi-images
 index dbff3e7..f789cf6 100755
 --- a/debian/build-efi-images
 +++ b/debian/build-efi-images
@@ -129,6 +129,7 @@ CD_MODULES="
  	search_fs_file
  	search_label
  	sleep
++	smbios
  	squash4
  	test
  	true
@@ -189,6 +190,7 @@ GRUB_MODULES="$CD_MODULES
  	raid6rec
+ 	"
  NET_MODULES="$CD_MODULES
++	http
  	tftp
+ 	"
@@ -212,9 +214,12 @@ NET_MODULES="$CD_MODULES
  # Special network boot image for d-i to use. Just the same as the
  # normal network boot image, but with a different value baked in for
  # the prefix setting
--"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \
--	-d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \
--	-m "$workdir/memdisk-netboot.fat" \
--	-p "${efi_vendor}-installer/$deb_arch/grub" $NET_MODULES
++#
++# but not on Ubuntu LP: #1863994
++#
++#"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \
++#	-d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \
++#	-m "$workdir/memdisk-netboot.fat" \
++#	-p "${efi_vendor}-installer/$deb_arch/grub" $NET_MODULES
  exit 0
 diff --git a/debian/canonical-uefi-ca.crt b/debian/canonical-uefi-ca.crt
 new file mode 100644
 index 0000000..55c06d5
 --- /dev/null
 +++ b/debian/canonical-uefi-ca.crt
@@ -0,0 +1,25 @@
++-----BEGIN CERTIFICATE-----
++MIIENDCCAxygAwIBAgIJALlBJKAYLJJnMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
++VQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xEDAOBgNVBAcMB0RvdWdsYXMx
++FzAVBgNVBAoMDkNhbm9uaWNhbCBMdGQuMTQwMgYDVQQDDCtDYW5vbmljYWwgTHRk
++LiBNYXN0ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDQxMjExMTI1MVoX
++DTQyMDQxMTExMTI1MVowgYQxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9m
++IE1hbjEQMA4GA1UEBwwHRG91Z2xhczEXMBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4x
++NDAyBgNVBAMMK0Nhbm9uaWNhbCBMdGQuIE1hc3RlciBDZXJ0aWZpY2F0ZSBBdXRo
++b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/WzoWdO4hXa5h
++7Z1WrL3e3nLz3X4tTGIPrMBtSAgRz42L+2EfJ8wRbtlVPTlU60A7sbvihTR5yvd7
++v7p6yBAtGX2tWc+m1OlOD9quUupMnpDOxpkNTmdleF350dU4Skp6j5OcfxqjhdvO
+++ov3wqIhLZtUQTUQVxONbLwpBlBKfuqZqWinO8cHGzKeoBmHDnm7aJktfpNS5fbr
++yZv5K+24aEm82ZVQQFvFsnGq61xX3nH5QArdW6wehC1QGlLW4fNrbpBkT1u06yDk
++YRDaWvDq5ELXAcT+IR/ZucBUlUKBUnIfSWR6yGwk8QhwC02loDLRoBxXqE3jr6WO
++BQU+EEOhAgMBAAGjgaYwgaMwHQYDVR0OBBYEFK2RmQvCKrH1FwSMI7ZlWiaONFpj
++MB8GA1UdIwQYMBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA8GA1UdEwEB/wQFMAMB
++Af8wCwYDVR0PBAQDAgGGMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuY2Fu
++b25pY2FsLmNvbS9zZWN1cmUtYm9vdC1tYXN0ZXItY2EuY3JsMA0GCSqGSIb3DQEB
++CwUAA4IBAQA/ffZ2pbODtCt60G1SGgODxBKnUJxHkszAlHeC0q5Xs5kE9TI6xlUd
++B9sSqVb62NR2IOvkw1Hbmlyckj8Yc9qUaqGZOIykiG3B/Dlx0HR2FgM+ViM11VVH
++WxodQcLTEkzc/64KkpxiChcBnHPgXrH9vNa1GRF6fs0+A35m21uoyTlIUf9T4Zwx
++U5EbOxB1Axe65oECgJRwTEa3lLA9Fc0fjgLgaAKP+/lHHX2iAcYHUcSazO3dz6Nd
++7ZK7vtH95uwfM1FzBL48crB9CPgB/5h9y5zgaTl3JUdxiLGNJ6UuqPc/X4Bplz6p
++9JkU284DDgtmxBxtvbgnd8FClL38agq8
++-----END CERTIFICATE-----
 diff --git a/debian/changelog b/debian/changelog
 index 79734b2..a9de8cc 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,506 @@
++grub2 (2.04-1ubuntu36) UNRELEASED; urgency=medium
++
++  * 10_linux: emit messages when initrdless boot is configured, attempted
++    and fails triggering fallback. LP: #1901553
++  * grub-common.service: port init.d script to systemd unit. Add warning
++    message, when initrdless boot fails triggering fallback. LP: #1901553
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 27 Oct 2020 13:07:20 +0000
++
++grub2 (2.04-1ubuntu35) groovy; urgency=medium
++
++  * postinst.in, grub-multi-install: fix logic of skipping installing onto
++    any device, if one chose to not install bootloader on any device. LP:
++    #1896608
++  * Do not finalize params twice on arm64. LP: #1897819
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 01 Oct 2020 22:59:51 +0800
++
++grub2 (2.04-1ubuntu34) groovy; urgency=medium
++
++  * configure.ac: one more dejavu font search path
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 14 Sep 2020 10:53:07 +0100
++
++grub2 (2.04-1ubuntu33) groovy; urgency=medium
++
++  * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 13 Sep 2020 23:49:08 -0700
++
++grub2 (2.04-1ubuntu32) groovy; urgency=medium
++
++  * ubuntu-linuxefi-arm64.patch: Fix build on armhf
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 11 Sep 2020 20:33:34 +0200
++
++grub2 (2.04-1ubuntu31) groovy; urgency=medium
++
++  * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch
++    that got lost in the 2.04 rebase (LP: #1862279)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 11 Sep 2020 17:49:50 +0200
++
++grub2 (2.04-1ubuntu30) groovy; urgency=medium
++
++  * postinst.in: do not attempt to call grub-install upon fresh install of
++    grub-pc because it it a job of installers to do that after fresh
++    install.
++  * grub-multi-install: fix non-interactive failures for grub-efi like it
++    was fixed in postinst for grub-pc.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 03 Sep 2020 14:54:23 +0100
++
++grub2 (2.04-1ubuntu29) groovy; urgency=medium
++
++  * grub-install: cherry-pick patch from grub-devel to make grub-install
++    fault tolerant. Create backup of files in /boot/grub, and restore them
++    on failure to complete grub-install. LP: #1891680
++  * postinst.in: do not exit successfully when failing to show critical
++    grub-pc/install_devices_failed and grub-pc/install_devices_empty
++    prompts in non-interactive mode. This enables surfacing upgrade errors
++    to the users and/or automation. LP: #1891680
++  * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit
++    dpkg-reconfigure grub-pc. LP: #1892526
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 01 Sep 2020 20:04:44 +0100
++
++grub2 (2.04-1ubuntu28) groovy; urgency=medium
++
++  * Ensure that grub-multi-install can always find templates (LP: #1879948)
++  * Fix changelog entries for security update
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 10 Aug 2020 15:07:29 +0200
++
++grub2 (2.04-1ubuntu27) groovy; urgency=medium
++
++  * debian/patches/ubuntu-flavour-order.patch:
++    - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel
++      flavours as preferred, and specify an order between those preferred
++      flavours (LP: #1882663)
++  * debian/patches/ubuntu-zfs-enhance-support.patch:
++    - Use version_find_latest for ordering kernels, so it also supports
++      the GRUB_FLAVOUR_ORDER setting.
++  * debian/patches/ubuntu-dont-verify-loopback-images.patch:
++    - disk/loopback: Don't verify loopback images (LP: #1878541),
++      Thanks to Chris Coulson for the patch
++  * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch
++    - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789)
++  * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch:
++    - Merge changes from xnox to fix multiple initrds support (LP: #1878705)
++  * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch:
++    - Remove, no longer needed thanks to xnox's patch
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Thu, 06 Aug 2020 14:47:52 +0200
++
++grub2 (2.04-1ubuntu26.2) focal; urgency=medium
++
++  * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc
++    package, since we cannot be certain that it will install to the correct
++    disk and a grub-install failure will render the system unbootable.
++    LP: #1889556.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 30 Jul 2020 17:34:25 -0700
++
++grub2 (2.04-1ubuntu26.1) focal; urgency=medium
++
++  [ Julian Andres Klode ]
++  * Move gettext patches out of git-dpm's way, so it does not delete them
++
++  [ Chris Coulson ]
++  * SECURITY UPDATE: Heap buffer overflow when encountering commands that
++    cannot be tokenized to less than 8192 characters.
++    - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
++      fatal lexer errors actually be fatal
++    - CVE-2020-10713
++  * SECURITY UPDATE: Multiple integer overflow bugs that could result in
++    heap buffer allocations that were too small and subsequent heap buffer
++    overflows when handling certain filesystems, font files or PNG images.
++    - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
++      arithmetic primitives that allow for overflows to be detected
++    - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
++      Make sure that there is always an overflow checking implementation
++      of calloc() available
++    - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
++      appropriate
++    - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
++      overflow-safe arithmetic primitives when performing allocations
++      based on the results of operations that might overflow
++    - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
++      hfsplus
++    - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
++      more potential integer overflows in lvm
++    - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
++  * SECURITY UPDATE: Use-after-free when executing a command that causes
++    a currently executing function to be redefined.
++    - 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
++      Remove unused fields from grub_script_function
++    - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
++      Avoid a use-after-free when redefining a function during execution
++    - CVE-2020-15706
++  * SECURITY UPDATE: Integer overflows that could result in heap buffer
++    allocations that were too small and subsequent heap buffer overflows
++    during initrd loading.
++    - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
++      integer overflows in initrd size handling
++    - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
++      integer overflows in linuxefi grub_cmd_initrd
++    - CVE-2020-15707
++  * Various fixes as a result of code review and static analysis:
++    - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
++     memory leak on realloc failures when processing symbolic links
++    - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
++      memory leak when processing font files with more than one NAME
++      section
++    - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
++      after it is freed in order to avoid a potential double free later on
++    - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
++      out-of-bounds read in LzmaEncode
++    - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
++      priority queues and fix a double free
++    - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
++      various arithmetic errors with malformed device paths
++    - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
++      a NULL deref in the chainloader command introduced by a previous
++      patch
++    - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
++      use-after-free in the halt and reboot commands by not freeing
++      allocated memory in these paths
++    - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
++      Avoid a double free in the chainloader command when validation fails
++    - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
++      Protect grub_relocator_alloc_chunk_addr input arguments against
++      integer overflow / underflow
++    - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
++      Protect grub_relocator_alloc_chunk_align max_addr argument against
++      integer underflow
++    - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
++      grub_relocator_alloc_chunk_align top memory allocation
++    - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
++      Avoid overflow on initrd size calculation
++
++  [ Dimitri John Ledkov ]
++  * SECURITY UPDATE: Grub does not enforce kernel signature validation
++    when the shim protocol isn't present.
++    - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
++      Fail kernel validation if the shim protocol isn't available
++    - CVE-2020-15705
++
++ -- Chris Coulson <chris.coulson@canonical.com>  Mon, 20 Jul 2020 19:19:08 +0100
++
++grub2 (2.04-1ubuntu26) focal; urgency=medium
++
++  [ Julian Andres Klode ]
++  * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere
++    (LP: #1872077)
++  * Display disk name and size in the ESP selection dialog, instead of ???
++
++  [ Sebastien Bacher ]
++  * debian/patches/gettext,
++    debian/patches/rules:
++    - backport upstream patches to fix the list of translated strings,
++      reported on the ubuntu-translators mailing list. The changes would
++      be overwritten by autoreconf so applying from a rules override.
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 15 Apr 2020 13:31:27 +0200
++
++grub2 (2.04-1ubuntu25) focal; urgency=medium
++
++  [ Jean-Baptiste Lallement ]
++  [ Didier Roche ]
++  * debian/patches/ubuntu-zfs-enhance-support.patch:
++    - fix trailing } when no advanced menu is printed
++    - ensure we unmount all temporary snapshots path before zfs collect them
++      out.
++  * debian/patches/ubuntu-speed-zsys-history.patch:
++    - Speed up navigating zsys history by reducing greatly grub.cfg file size.
++      It used to take eg 80 seconds when loading 100 system snapshots. This is
++      now instantaneous by using a function with parameters that the users can
++      still easily edit.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Mon, 13 Apr 2020 15:17:42 +0200
++
++grub2 (2.04-1ubuntu24) focal; urgency=medium
++
++  * Support installing to multiple ESPs (LP: #1871821)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Thu, 09 Apr 2020 12:51:07 +0200
++
++grub2 (2.04-1ubuntu23) focal; urgency=medium
++
++  [ Jean-Baptiste Lallement ]
++  [ Didier Roche ]
++  * Performance improvements for update-grub on ZFS systems (LP: #1869885)
++
++ -- Didier Roche <didrocks@ubuntu.com>  Tue, 31 Mar 2020 15:30:36 +0200
++
++grub2 (2.04-1ubuntu22) focal; urgency=medium
++
++  * smbios: Add a --linux argument to apply linux modalias-like filtering
++  * Make the linux command in EFI grub always try EFI handover; thanks
++    to Chris Coulson for the patches (LP: #1864533)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 11 Mar 2020 17:46:35 +0100
++
++grub2 (2.04-1ubuntu21) focal; urgency=medium
++
++  * Make ZFS menu generation depending on new zsysd binary instead of eoan
++    zsys compatibility symlink.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Wed, 26 Feb 2020 09:59:49 +0100
++
++grub2 (2.04-1ubuntu20) focal; urgency=medium
++
++  * build-efi-images: do not produce -installer.efi.signed. LP: #1863994
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 25 Feb 2020 01:11:31 +0000
++
++grub2 (2.04-1ubuntu19) focal; urgency=medium
++
++  * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings
++    (LP: #1864547)
++  * build-efi-images: add smbios module to the prebuilt signed EFI images
++    (LP: #1856424)
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 24 Feb 2020 20:34:13 +0000
++
++grub2 (2.04-1ubuntu18) focal; urgency=medium
++
++  * Cherry-pick fix from Colin W. in debian to build with python3.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 06 Feb 2020 18:37:44 +0100
++
++grub2 (2.04-1ubuntu17) focal; urgency=medium
++
++  * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list
++    snapshots due to an upstream change.
++    https://github.com/zfsonlinux/zfs/issues/9958
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 06 Feb 2020 18:20:16 +0100
++
++grub2 (2.04-1ubuntu16) focal; urgency=medium
++
++  * Revert "Add smbios module to build-efi-images script" from previous
++    upload, pending review see https://bugs.launchpad.net/bugs/1856424
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sun, 15 Dec 2019 01:28:49 +0000
++
++grub2 (2.04-1ubuntu15) focal; urgency=medium
++
++  * ubuntu-efi-allow-loopmount-chainload.patch:
++    - Enable chainloading EFI apps from loopmounts
++  * cherrypick-lsefisystab-define-smbios3.patch:
++  * cherrypick-smbios-modules.patch:
++    - Cherrypick from 2.05 module for retrieving SMBIOS information
++  * cherrypick-lsefisystab-show-dtb.patch:
++    - If dtb is provided by the firmware / DtbLoader driver, display it in
++    human form, rather than just UUID
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 13 Dec 2019 11:24:21 +0000
++
++grub2 (2.04-1ubuntu14) focal; urgency=medium
++
++  * debian/patches/ubuntu-zfs-enhance-support.patch:
++    - Handle the case where grub-probe returns several devices for a single
++      pool (LP: #1848856). Thanks jpb for the report and the proposed patch.
++    - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik
++      for the patch.
++    - Do not crash on invalid fstab and report the invalid entry.
++      (LP: #1849347) Thanks Deltik for the patch.
++    - When a pool fails to import, catch and display the error message and
++      continue with other pools. Import all the pools in readonly mode so we
++      can import other pools with unsupported features (LP: #1848399) Thanks
++      satmandu for the investigation and the proposed patch
++
++ -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com>  Mon, 18 Nov 2019 11:22:43 +0100
++
++grub2 (2.04-1ubuntu13) focal; urgency=medium
++
++  * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown"
++    TPM errors as non-fatal, but still write up the details as debug messages
++    so we can further track what happens with the systems throwing those up.
++    (LP: #1848892)
++  * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot
++    status in linuxefi_secure_validate(); it's unnecessary and blocking boot
++    in chainload (like chainloading Windows) when SB is disabled.
++    (LP: #1845289)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 31 Oct 2019 17:58:47 -0400
++
++grub2 (2.04-1ubuntu12) eoan; urgency=medium
++
++  * Move our identifier to com.ubuntu
++    As we are not going to own org.zsys, move our identifier under
++    com.ubuntu.zsys (LP: #1847711)
++
++ -- Didier Roche <didrocks@ubuntu.com>  Fri, 11 Oct 2019 15:57:47 +0200
++
++grub2 (2.04-1ubuntu11) eoan; urgency=medium
++
++  * Load all kernels (even those without .efi.signed) for secure boot mode
++    as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581)
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 10 Oct 2019 11:40:44 +0200
++
++grub2 (2.04-1ubuntu10) eoan; urgency=medium
++
++  * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch:
++    skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration.
++    (LP: #1838525)
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Mon, 07 Oct 2019 23:23:54 -0300
++
++grub2 (2.04-1ubuntu9) eoan; urgency=medium
++
++  * debian/patches/ubuntu-zfs-enhance-support.patch:
++    - Handle case of pure zfs only snapshots giving additional "}", and as
++      such, creating invalid grub menu.
++      Spotted by grubzfs-testsuite autopkgtests.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Wed, 02 Oct 2019 09:59:19 +0200
++
++grub2 (2.04-1ubuntu8) eoan; urgency=medium
++
++  * debian/patches/install-signed.patch -> ubuntu-install-signed.patch:
++    Really fix the installation of UEFI artefacts to the distributor path (we
++    only want shim, grub, and MokManager, and shim's boot.csv there), and to
++    the removable /EFI/BOOT path (where we want shim and fallback only).
++    Rename the patch to ubuntu- like others that are Ubuntu-specific or
++    otherwise modified to avoid such confusion at merge time in the future.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 01 Oct 2019 11:29:24 -0400
++
++grub2 (2.04-1ubuntu7) eoan; urgency=medium
++
++  * debian/patches/ubuntu-zfs-enhance-support.patch:
++    Disable history entry under some conditions:
++    - Don't show up if the system is a zsys one and zsys isn't installed
++      (LP: #1845333)
++    - Don't show for pure zfs systems: we identified multiple issues due
++      to the mount generator in upstream zfs which makes it incompatible.
++      Disable for now (LP: #1845913)
++
++ -- Didier Roche <didrocks@ubuntu.com>  Mon, 30 Sep 2019 09:35:03 +0200
++
++grub2 (2.04-1ubuntu6) eoan; urgency=medium
++
++  * debian/patches/install-signed.patch: fix paths for MokManager/fallback;
++    shim no longer ships these with a .signed suffix. (LP: #1845466)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 26 Sep 2019 09:48:07 -0400
++
++grub2 (2.04-1ubuntu5) eoan; urgency=medium
++
++  * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix
++    mis-spelling of helper function in final computation of GRUB_DEVICE in
++    multipath case.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 13 Aug 2019 08:56:16 +1200
++
++grub2 (2.04-1ubuntu4) eoan; urgency=medium
++
++  * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is
++    multipathed there will be multiple paths to the partition, so using
++    root=UUID= exposes the boot process to udev races.  In addition
++    grub-probe --target device / in this case reports /dev/dm-1 or similar --
++    better to use a symlink that depends on the multipath name. (LP: #1429327)
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 06 Aug 2019 12:37:18 +1200
++
++grub2 (2.04-1ubuntu3) eoan; urgency=medium
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch
++    into git-dpm: drop [PATCH] tag and add Patch-Name.
++
++  [ Didier Roche ]
++  * debian/patches/ubuntu-zfs-enhance-support.patch
++    - Don't patch autoregenerated files.
++    - rewrite generate MenuMeta implementation in shell (LP: #1834095)
++      mawk doesn't support \s and other array features.
++      + Change \s by their space or tab equivalent.
++      + Rewrite the menumeta generation in pure shell, which is easier to
++        debug, keeping globally the same algorithm
++      + Support i18n in entry name generation.
++      Co-authored with Jean-Baptiste.
++    - Resplit all patches in debian/patches/*, so that we have upstreamable
++      and non upstreamable parts separate. Also, any change in 10_linux patch
++      will be reflected in 10_linux_zfs.
++    - Always import pools (using force), as we don't mount them. Ensure also
++      that we don't update the host cache, as we import all pools, and not
++      only those attached to that system.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Mon, 29 Jul 2019 08:08:48 +0200
++
++grub2 (2.04-1ubuntu2) eoan; urgency=medium
++
++  * Add device-tree command support as installed by flash-kernel.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 17 Jul 2019 23:47:27 +0100
++
++grub2 (2.04-1ubuntu1) eoan; urgency=medium
++
++  * Merge against Debian; remaining changes:
++    - debian/control: Update Vcs fields for code location on Ubuntu.
++    - debian/control: Breaks shim (<< 13).
++    - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset
++      from rhboot repo, flattened to a single patch.
++    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
++      - Make sure if we install shim; it should also be exported as the default
++        bootloader to install later to a removable path, if we do.
++      - Rework grub-install-extra-removable.patch to reverse its logic: in the
++        default case, install the bootloader to /EFI/BOOT, unless we're trying
++        to install on a removable device, or explicitly telling grub *not* to
++        do it.
++      - Install a BOOT.CSV for fallback to use.
++      - Make sure postinst and templates know about the replacement of
++        --force-extra-removable with --no-extra-removable.
++    - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd
++      boot config.
++    - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel
++      fails to boot without initrd, we will fallback to trying to boot the
++      kernel with an initrd.
++    - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure
++      grub-mkconfig leaves a trace of what files were sourced to help generate
++      the config we're building.
++    - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI
++      console, only set text-mode when we're actually going to need it.
++    - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support.
++    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
++      number of entries/clutter from other OSes in Petitboot
++    - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream
++      version in menu and console, and hide the package one in a
++      package_version variable.
++    - Verify that the current and newer kernels are signed when grub is
++      updated, to make sure people do not accidentally shutdown without a
++      signed kernel.
++    - debian/default/grub: replace GRUB_HIDDEN_* variables with the less
++      confusing GRUB_TIMEOUT_STYLE=hidden.
++    - debian/rules: shuffle files around for now to keep build artefacts
++      for signing at the same location as they were expected by Launchpad.
++    - debian/rules, debian/control: enable dh-systemd.
++    - debian/grub-common.install.in: install the systemd unit that's part of
++      initrd fallback handling, missed when the feature landed.
++    - debian/build-efi-images: add http module to NET_MODULES.
++  * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one.
++  * debian/patches: rename patches to use "-" as a separator rather than "_".
++  * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu"
++    so it's clearer which are new or changed when doing a merge.
++  * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due
++    to objcopy building an invalid binary padded with zeroes (LP: #1833234)
++  * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid
++    spacing for the initrd command when not using early initrds.
++  * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd
++    boot success/failure service to start later at boot time. (LP: #1823391)
++  * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which
++    breaks with new linuxefi patchset.
++  * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the
++    --auto-nvram option we previously had as a supported option in grub-install
++    (with no effect now), to avoid breaking upgrades. "auto-nvram" is default
++    behavior now that we use libefivar instead of calling efibootmgr.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 16 Jul 2019 11:31:29 -0400
++
  grub2 (2.04-2) UNRELEASED; urgency=medium
    [ James Clarke ]
@@ -139,6 +642,112 @@ grub2 (2.02+dfsg1-13) unstable; urgency=medium
   -- Colin Watson <cjwatson@debian.org>  Thu, 14 Mar 2019 10:33:24 +0000
++grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium
++
++  * debian/patches/zfs_enhance_support.patch:
++    Enhance ZFS grub support:
++    - Support multiple zfs systems (grouped by machine-id)
++    - Group zfs snapshots and clones with latest dataset for a given
++      installation.
++    - Support "history" entry with one time boot, recovery mode and
++      consecutive reboots.
++    - Pin kernel to particular snapshot, trying to reboot with the exact
++      same kernel and initrd.
++    - Disable in 10_linux zfs support if 10_linux_zfs is installed so that
++      we don't end up with the same installation multiple times.
++  * debian/patches/*:
++    - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs.
++
++  Work done with Jean-Baptiste.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Mon, 17 Jun 2019 11:28:48 +0200
++
++grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium
++
++  * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console,
++    only set text-mode when we're actually going to need it.
++  * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 11 Mar 2019 17:48:49 -0400
++
++grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
++
++  * Merge against Debian unstable; remaining changes (LP: #564853):
++    - debian/control: Update Vcs fields for code location on Ubuntu.
++    - debian/control: Breaks shim (<< 13).
++    - Secure Boot support: use newer patchset from rhboot repo:
++      - many linuxefi_* patches added and modified
++      - dropped debian/patches/linuxefi_require_shim.patch
++      - renamed: debian/patches/no_insmod_on_sb.patch ->
++        debian/patches/linuxefi_no_insmod_on_sb.patch
++    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
++      - Make sure if we install shim; it should also be exported as the default
++        bootloader to install later to a removable path, if we do.
++      - Rework grub-install-extra-removable.patch to reverse its logic: in the
++        default case, install the bootloader to /EFI/BOOT, unless we're trying
++        to install on a removable device, or explicitly telling grub *not* to
++        do it.
++      - Install a BOOT.CSV for fallback to use.
++      - Make sure postinst and templates know about the replacement of
++        --force-extra-removable with --no-extra-removable.
++    - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
++      --auto-nvram option to grub-install for auto-detecting NVRAM availability
++      before attempting NVRAM updates.
++    - debian/build-efi-images: provide a new grub EFI image which enforces that
++      loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
++      the same as grub$arch.efi minus the 'linux' module. Without fallback to
++      'linux' for unsigned loading, this makes it effectively enforce having a
++      signed kernel.
++    - Verify that the current and newer kernels are signed when grub is
++      updated, to make sure people do not accidentally shutdown without a
++      signed kernel.
++    - debian/default/grub: replace GRUB_HIDDEN_* variables with the less
++      confusing GRUB_TIMEOUT_STYLE=hidden.
++    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
++      non-initrd boot config.
++    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
++      number of entries/clutter from other OSes in Petitboot
++    - debian/patches/shorter_version_info.patch: Only show the upstream version
++      in menu and console, and hide the package one in a package_version
++      variable.
++    - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
++      'text' payload if it's not supported but present in gfxpayload, such as
++      on EFI systems.
++    - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
++      fizes as block sizes in bufio: this avoids potentially seeking back in
++      the files unnecessarily, which may require re-open files that cannot be
++      seeked into, such as via TFTP.
++    - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
++      structs in bootpath parser.
++    - debian/rules: shuffle files around for now to keep build artefacts
++      for signing at the same location as they were expected by Launchpad.
++    - debian/rules, debian/control: enable dh-systemd.
++    - debian/grub-common.install.in: install the systemd unit that's part of
++      initrd fallback handling, missed when the feature landed.
++    - debian/patches/quick-boot-lvm.patch: If we don't have writable
++      grubenv and we're on EFI, always show the menu.
++    - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
++      leaves a trace of what files were sourced to help generate the config
++      we're building.
++    - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
++      7 bootloader has inconsistent headers; truncate to the smaller, correct
++      size to fix chainloading Windows 7.
++    - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
++      relocate_coff() causing issues with relocation of code in chainload.
++    - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
++      capabilities. If a kernel fails to boot without initrd, we will fallback
++      to trying to boot the kernel with an initrd. Patch by Chris Glass.
++    - debian/patches/grub-reboot-warn.patch: Warn when "for the next
++      boot only" promise cannot be kept.
++  * Refreshed patches and fixed up attribution to the right authors after
++    merge with Debian.
++  * debian/patches/linuxefi_missing_include.patch,
++    debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
++    small fixes to casts, format strings, includes and Makefile to make sure
++    the newer linuxefi patches apply and build properly.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 05 Mar 2019 17:05:09 -0500
++
  grub2 (2.02+dfsg1-12) unstable; urgency=medium
    [ Colin Watson ]
@@ -283,6 +892,175 @@ grub2 (2.02+dfsg1-6) unstable; urgency=medium
   -- Colin Watson <cjwatson@debian.org>  Tue, 28 Aug 2018 16:17:21 +0100
++grub2 (2.02+dfsg1-5ubuntu11) disco; urgency=medium
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/grub-check-signatures: properly account for DB showing as empty on
++    some broken firmwares: Guard against mokutil --export --db failing, and do
++    a better job at finding the DER certs for conversion to PEM format.
++    (LP: #1814575)
++
++  [ Steve Langasek ]
++  * debian/patches/quick-boot-lvm.patch: checking the return value of
++    'lsefi' when the command doesn't exist does not do what's expected, so
++    instead check the value of $grub_platform which is simpler anyway.
++    LP: #1814403.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 04 Feb 2019 17:51:15 -0500
++
++grub2 (2.02+dfsg1-5ubuntu10) disco; urgency=medium
++
++  * debian/grub-check-signatures: check kernel signatures against keys known
++    in firmware, in case a kernel is signed but not using a key that will pass
++    validation, such as when using kernels coming from a PPA. (LP: #1789918)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 21 Jan 2019 09:34:36 -0500
++
++grub2 (2.02+dfsg1-5ubuntu9) disco; urgency=medium
++
++  [ Steve Langasek ]
++  * debian/patches/quick-boot-lvm.patch: If we don't have writable
++    grubenv and we're on EFI, always show the menu.  Closes LP: #1800722.
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
++    leaves a trace of what files were sourced to help generate the config
++    we're building.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 07 Jan 2019 17:32:01 -0500
++
++grub2 (2.02+dfsg1-5ubuntu8) cosmic; urgency=medium
++
++  * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to
++    the EFI removable path to avoid boot failures after install when certs
++    need to be enrolled and the system's firmware is confused. (LP: #1798171)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 17 Oct 2018 14:44:49 -0400
++
++grub2 (2.02+dfsg1-5ubuntu7) cosmic; urgency=medium
++
++  [ Steve Langasek ]
++  * debian/grub-common.install.in: install the systemd unit that's part of
++    initrd fallback handling, missed when the feature landed.
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT,
++    to avoid unnecessary delay at boot time. (LP: #1784363)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Fri, 12 Oct 2018 11:10:10 -0400
++
++grub2 (2.02+dfsg1-5ubuntu6) cosmic; urgency=medium
++
++  [ Steve Langasek ]
++  * debian/grub-check-signatures: Handle the case where we have unsigned
++    vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 03 Oct 2018 14:59:05 -0400
++
++grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows
++    7 bootloader has inconsistent headers; truncate to the smaller, correct
++    size to fix chainloading Windows 7.
++
++  [ Steve Langasek ]
++  * debian/rules, debian/control: enable dh-systemd.
++  * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
++    capabilities. If a kernel fails to boot without initrd, grub will fallback
++    to trying to boot the kernel with an initrd. Patch by Chris Glass.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 25 Sep 2018 16:05:13 -0400
++
++grub2 (2.02+dfsg1-5ubuntu4) cosmic; urgency=medium
++
++  * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
++    relocate_coff() causing issues with relocation of code in chainload.
++    (LP: #1792575)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 17 Sep 2018 07:45:49 -0400
++
++grub2 (2.02+dfsg1-5ubuntu3) cosmic; urgency=medium
++
++  * debian/patches/grub-reboot-warn.patch: Warn when "for the next
++    boot only" promise cannot be kept. (LP: #788298)
++
++ -- dann frazier <dannf@ubuntu.com>  Thu, 13 Sep 2018 15:28:50 -0600
++
++grub2 (2.02+dfsg1-5ubuntu2) cosmic; urgency=medium
++
++  * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for
++    ext_lfb_base. (LP: #1785033)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 05 Sep 2018 14:29:04 -0400
++
++grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium
++
++  [ Mathieu Trudel-Lapierre]
++  * Merge against Debian unstable; remaining changes:
++    - debian/control: Update Vcs fields for code location on Ubuntu.
++    - debian/control: Breaks shim (<< 13).
++    - Secure Boot support: use newer patchset from rhboot repo:
++      - many linuxefi_* patches added and modified
++      - dropped debian/patches/linuxefi_require_shim.patch
++      - renamed: debian/patches/no_insmod_on_sb.patch ->
++        debian/patches/linuxefi_no_insmod_on_sb.patch
++    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
++      - Make sure if we install shim; it should also be exported as the default
++        bootloader to install later to a removable path, if we do.
++      - Rework grub-install-extra-removable.patch to reverse its logic: in the
++        default case, install the bootloader to /EFI/BOOT, unless we're trying
++        to install on a removable device, or explicitly telling grub *not* to
++        do it.
++      - Move installing fb$arch.efi to --no-extra-removable; as we don't want
++        fallback to be installed unless we're also installing to /EFI/BOOT.
++        (LP: #1684341)
++      - Install a BOOT.CSV for fallback to use.
++      - Make sure postinst and templates know about the replacement of
++        --force-extra-removable with --no-extra-removable.
++    - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
++      --auto-nvram option to grub-install for auto-detecting NVRAM availability
++      before attempting NVRAM updates.
++    - debian/build-efi-images: provide a new grub EFI image which enforces that
++      loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
++      the same as grub$arch.efi minus the 'linux' module. Without fallback to
++      'linux' for unsigned loading, this makes it effectively enforce having a
++      signed kernel. (LP: #1401532)
++    - Verify that the current and newer kernels are signed when grub is
++      updated, to make sure people do not accidentally shutdown without a
++      signed kernel.
++    - debian/default/grub: replace GRUB_HIDDEN_* variables with the less
++      confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597)
++    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
++      non-initrd boot config. (LP: #1640878)
++    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
++      number of entries/clutter from other OSes in Petitboot (LP: #1447500)
++    - debian/patches/shorter_version_info.patch: Only show the upstream version
++      in menu and console, and hide the package one in a package_version
++      variable. (LP: #1723434)
++    - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
++      'text' payload if it's not supported but present in gfxpayload, such as
++      on EFI systems. (LP: #1711452)
++    - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
++      fizes as block sizes in bufio: this avoids potentially seeking back in
++      the files unnecessarily, which may require re-open files that cannot be
++      seeked into, such as via TFTP. (LP: #1743249)
++    * util/grub-install.c: Drop extra handling for x.efi.signed files for mok
++      and fallback binaries: shim now installs them without the .signed
++      extension. (LP: #1708245)
++    - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and
++      the casting they do on some architectures: we don't want to fail build
++      because of some of the warnings that can show up since we otherwise build
++      with -Werror.
++  * debian/rules: shuffle files around for now to keep putting build artefacts
++    for signing at the same location as they were expected by Launchpad.
++
++  [ Julian Andres Klode ]
++  * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
++    structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 23 Aug 2018 15:00:14 -0400
++
  grub2 (2.02+dfsg1-5) unstable; urgency=medium
    [ Colin Watson ]
@@ -379,6 +1157,171 @@ grub2 (2.02-3) unstable; urgency=medium
   -- Colin Watson <cjwatson@debian.org>  Sat, 10 Feb 2018 03:00:30 +0000
++grub2 (2.02-2ubuntu13) cosmic; urgency=medium
++
++  * debian/patches/tests_update_for_new_qemu.patch: update qemu options to
++    remove deprecated options that fail tests.
++  * debian/patches: fix up busted patches due to git-dpm:
++    - debian/patches/add-an-auto-nvram-option-to-grub-install.patch
++    - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch
++  * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose
++    of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as
++    R_X86_64_PC32. Make R_X86_64_PLT32 supported.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 19 Jul 2018 09:46:53 -0400
++
++grub2 (2.02-2ubuntu12) cosmic; urgency=medium
++
++  * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise
++    and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 16 Jul 2018 14:18:46 -0400
++
++grub2 (2.02-2ubuntu11) cosmic; urgency=medium
++
++  * Verify that the current and newer kernels are signed when grub is updated, to
++    make sure people do not accidentally shutdown without a signed kernel.
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 13 Jul 2018 15:21:48 +0200
++
++grub2 (2.02-2ubuntu10) cosmic; urgency=medium
++
++  * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the
++    grub-shell test helper, disable seabios's serial console through fw_cfg
++    runtime configuration as its boot output interferes with testing.
++    (LP: #1775249)
++
++ -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com>  Wed, 06 Jun 2018 01:03:26 +0200
++
++grub2 (2.02-2ubuntu9) cosmic; urgency=medium
++
++  * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
++    --auto-nvram option to grub-install for auto-detecting NVRAM availability
++    before attempting NVRAM updates.
++
++ -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com>  Tue, 05 Jun 2018 00:34:38 +0200
++
++grub2 (2.02-2ubuntu8) bionic; urgency=medium
++
++  * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can
++    lead to flickering between graphical and text mode when traversing the
++    menu. (LP: #1752767)
++  * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS
++    with flex 2.6.4.
++
++ -- dann frazier <dannf@ubuntu.com>  Sun, 04 Mar 2018 06:11:35 -0700
++
++grub2 (2.02-2ubuntu7) bionic; urgency=medium
++
++  [ Julian Andres Klode ]
++  * debian/patches/shorter_version_info.patch: Only show the upstream version
++    in menu and console, and hide the package one in a package_version
++    variable. (LP: #1723434)
++
++  [ Mathieu Trudel-Lapierre ]
++  * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
++    'text' payload if it's not supported but present in gfxpayload, such as
++    on EFI systems. (LP: #1711452)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Fri, 09 Feb 2018 16:30:45 -0500
++
++grub2 (2.02-2ubuntu6) bionic; urgency=medium
++
++  [ Steve Langasek ]
++  * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
++    fizes as block sizes in bufio: this avoids potentially seeking back in
++    the files unnecessarily, which may require re-open files that cannot be
++    seeked into, such as via TFTP. (LP: #1743249)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 05 Feb 2018 11:58:09 -0500
++
++grub2 (2.02-2ubuntu5) bionic; urgency=medium
++
++  * debian/patches/mkconfig_keep_native_term_active.patch: Keep the
++    default EFI console active while enabling gfxterm. (LP: #1743884)
++
++ -- dann frazier <dannf@ubuntu.com>  Wed, 31 Jan 2018 10:51:11 -0700
++
++grub2 (2.02-2ubuntu4) bionic; urgency=medium
++
++  * debian/patches/vt_handoff.patch: modify the existing patch to set
++    vt.handoff=1 instead of vt.handoff=7 as we now start display managers on
++    vt1 anyway. This also fixes issues with netboot installed server systems
++    not displaying the login prompt on boot. (LP: #1675453)
++
++ -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com>  Thu, 18 Jan 2018 18:32:31 +0100
++
++grub2 (2.02-2ubuntu3) bionic; urgency=medium
++
++  * util/grub-install.c: Drop extra handling for x.efi.signed files for mok
++    and fallback binaries: shim now installs them without the .signed
++    extension. (LP: #1708245)
++  * debian/control: Breaks shim (<< 13).
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 17 Jan 2018 09:25:09 -0500
++
++grub2 (2.02-2ubuntu2) bionic; urgency=medium
++
++  * Cherry-pick upstream patch to change the default TSC calibration method
++    to pmtimer on EFI systems (LP: #1734278)
++  * debian/control: Update Vcs fields for code location on Ubuntu.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Tue, 05 Dec 2017 11:47:31 -0500
++
++grub2 (2.02-2ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
++      non-initrd boot config. (LP: #1640878)
++    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
++      number of entries/clutter from other OSes in Petitboot (LP: #1447500)
++    - debian/build-efi-images: provide a new grub EFI image which enforces that
++      loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
++      the same as grub$arch.efi minus the 'linux' module. Without fallback to
++      'linux' for unsigned loading, this makes it effectively enforce having a
++      signed kernel. (LP: #1401532)
++    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
++      - Make sure if we install shim; it should also be exported as the default
++        bootloader to install later to a removable path, if we do.
++      - Rework grub-install-extra-removable.patch to reverse its logic: in the
++        default case, install the bootloader to /EFI/BOOT, unless we're trying
++        to install on a removable device, or explicitly telling grub *not* to
++        do it.
++      - Move installing fb$arch.efi to --no-extra-removable; as we don't want
++        fallback to be installed unless we're also installing to /EFI/BOOT.
++        (LP: #1684341)
++      - Make sure postinst and templates know about the replacement of
++        --force-extra-removable with --no-extra-removable.
++  * Sync Secure Boot support patches with the upstream patch set from
++    rhboot/grub2:master-sb. Renamed some patches and updated descriptions for
++    the whole thing to make more sense, too:
++    - dropped debian/patches/linuxefi_require_shim.patch
++    - renamed: debian/patches/no_insmod_on_sb.patch ->
++      debian/patches/linuxefi_no_insmod_on_sb.patch
++    - debian/patches/linuxefi.patch
++    - debian/patches/linuxefi_debug.patch
++    - debian/patches/linuxefi_non_sb_fallback.patch
++    - debian/patches/linuxefi_add_sb_to_efi_chainload.patch
++    - debian/patches/linuxefi_cleanup_errors_in_loader.patch
++    - debian/patches/linuxefi_fix_efi_validation_race.patch
++    - debian/patches/linuxefi_handle_multiarch_boot.patch
++    - debian/patches/linuxefi_honor_sb_mode.patch
++    - debian/patches/linuxefi_move_fdt_helper.patch
++    - debian/patches/linuxefi_load_arm_with_sb.patch
++    - debian/patches/linuxefi_minor_cleanups.patch
++    - debian/patches/linuxefi_re-enable_linux_cmd.patch
++    - debian/patches/linuxefi_rework_linux16_cmd.patch
++    - debian/patches/linuxefi_rework_linux_cmd.patch
++    - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch
++    - debian/patches/linuxefi_rework_pe_loading.patch
++    - debian/patches/linuxefi_use_dev_chainloader_target.patch
++  * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and
++    the casting they do on some architectures: we don't want to fail build
++    because of some of the warnings that can show up since we otherwise build
++    with -Werror.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 06 Nov 2017 15:37:12 -0500
++
  grub2 (2.02-2) unstable; urgency=medium
    * Comment out debian/watch lines for betas and pre-releases for now.
@@ -415,6 +1358,92 @@ grub2 (2.02~beta3-5) unstable; urgency=medium
   -- Colin Watson <cjwatson@debian.org>  Sat, 11 Feb 2017 15:09:19 +0000
++grub2 (2.02~beta3-4ubuntu7) artful; urgency=medium
++
++  * debian/patches/headers_for_device_macros.patch,
++    debian/patches/fix_check_for_sys_macros.patch: make sure the right
++    device macro header is included and that the deprecation warning
++    is dealt with. LP: #1722955.
++
++ -- Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>  Thu, 12 Oct 2017 09:41:17 -0400
++
++grub2 (2.02~beta3-4ubuntu6) artful; urgency=medium
++
++  * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to
++    mount an EXT4 partition that has the 'encrypt' feature enabled
++    (closes: 840204)
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Wed, 05 Jul 2017 22:23:03 +0000
++
++grub2 (2.02~beta3-4ubuntu5) artful; urgency=medium
++
++  * debian/patches/linuxefi.patch: fix double-free caused by an extra
++    grub_free() call in this patch (which the previous upload didn't change).
++  * debian/patches/linuxefi_rework_non-sb_cases.patch,
++    debian/patches/linuxefi_non_sb_fallback.patch: refreshed.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Mon, 29 May 2017 16:28:41 -0400
++
++grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium
++
++  * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
++    SB patch set:
++    - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
++      chainloader.
++    - linuxefi_fix_validation_race.patch: Fix a race in validating images.
++    - linuxefi_chainloader_path.patch: honor the starting path for grub, so
++      images do not need to be started from $root.
++    - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
++      when Secure Boot is enabled.
++    - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
++      loaders: don't load the commands when Secure Boot is enabled.
++    - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
++      initrd commands to automatically hand-off to linuxefi/initrdefi; re-
++      enable the linux loader.
++    - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
++      "special" PE images, such as Windows'.
++    - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
++      disabled or shim validation is disabled so loading works as EFI binaries
++      when it is supposed to.
++    - Removed linuxefi_require_shim.patch; superseded by the above.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 11 May 2017 17:05:04 -0400
++
++grub2 (2.02~beta3-4ubuntu3) artful; urgency=medium
++
++  * debian/patches/install_signed.patch, grub-install-extra-removable.patch:
++    - Make sure if we install shim; it should also be exported as the default
++      bootloader to install later to a removable path, if we do.
++    - Rework grub-install-extra-removable.patch to reverse its logic: in the
++      default case, install the bootloader to /EFI/BOOT, unless we're trying
++      to install on a removable device, or explicitly telling grub *not* to
++      do it.
++    - Move installing fb$arch.efi to --no-extra-removable; as we don't want
++      fallback to be installed unless we're also installing to /EFI/BOOT.
++      (LP: #1684341)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 26 Apr 2017 21:08:22 -0400
++
++grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium
++
++  * debian/build-efi-images: provide a new grub EFI image which enforces that
++    loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
++    the same as grub$arch.efi minus the 'linux' module. Without fallback to
++    'linux' for unsigned loading, this makes it effectively enforce having a
++    signed kernel. (LP: #1401532)
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Thu, 30 Mar 2017 17:45:23 -0400
++
++grub2 (2.02~beta3-4ubuntu1) zesty; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
++      non-initrd boot config. (LP: #1640878)
++    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
++      number of entries/clutter from other OSes in Petitboot (LP: #1447500)
++
++ -- dann frazier <dannf@ubuntu.com>  Thu, 09 Feb 2017 10:06:57 -0700
++
  grub2 (2.02~beta3-4) unstable; urgency=medium
    [ Colin Watson ]
 diff --git a/debian/control b/debian/control
 index bed7c77..f9fd5b0 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,11 +1,15 @@
  Source: grub2
  Section: admin
  Priority: optional
--Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
  Uploaders: Felix Zielcke <fzielcke@z-51.de>, Jordi Mallach <jordi@debian.org>, Colin Watson <cjwatson@debian.org>, Ian Campbell <ijc@debian.org>, Steve McIntyre <93sam@debian.org>
  Build-Depends: debhelper (>= 10~),
   patchutils,
-- python,
++ dh-autoreconf,
++ dh-systemd,
++ automake,
++ python3,
   flex,
   bison,
   po-debconf,
@@ -24,7 +28,7 @@ Build-Depends: debhelper (>= 10~),
   cpio [i386 kopensolaris-i386 amd64 x32],
   parted [!hurd-any],
   libfuse-dev (>= 2.8.4-1.4) [linux-any kfreebsd-any],
-- ttf-dejavu-core,
++ fonts-dejavu-core,
   liblzma-dev,
   dosfstools [any-i386 any-amd64 any-arm64],
   mtools [any-i386 any-amd64 any-arm64],
@@ -37,8 +41,8 @@ Build-Depends: debhelper (>= 10~),
  Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev
  Standards-Version: 3.9.6
  Homepage: https://www.gnu.org/software/grub/
--Vcs-Git: https://salsa.debian.org/grub-team/grub.git
--Vcs-Browser: https://salsa.debian.org/grub-team/grub
++Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu
++Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu
  Rules-Requires-Root: no
  Package: grub2
@@ -94,7 +98,7 @@ Architecture: any-i386 any-amd64 any-powerpc any-ppc64 any-ppc64el any-sparc any
  Depends: grub-common (= ${binary:Version}), dpkg (>= 1.15.4) | install-info, ${shlibs:Depends}, ${misc:Depends}
  Replaces: grub, grub-legacy, ${legacy-doc-br}, grub-common (<< 1.99-1), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.02+dfsg1-7), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.02+dfsg1-7), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4)
  Conflicts: grub-legacy
--Breaks: grub (<< 0.97-54), ${legacy-doc-br}, shim (<< 0.9+1474479173.6c180c6-0ubuntu1~), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.02+dfsg1-7), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.02+dfsg1-7), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4)
++Breaks: grub (<< 0.97-54), ${legacy-doc-br}, shim (<< 13), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.02+dfsg1-7), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.02+dfsg1-7), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4)
  Multi-Arch: foreign
  Description: GRand Unified Bootloader (common files for version 2)
   This package contains common files shared by the distinct flavours of GRUB.
 diff --git a/debian/gettext-patches/0001-Support-POTFILES-shell.patch b/debian/gettext-patches/0001-Support-POTFILES-shell.patch
 new file mode 100644
 index 0000000..5a5d1ec
 --- /dev/null
 +++ b/debian/gettext-patches/0001-Support-POTFILES-shell.patch
@@ -0,0 +1,54 @@
++From d5bbd8f60aacb0f73ea5a0bde999152c467d0e78 Mon Sep 17 00:00:00 2001
++From: Colin Watson <cjwatson@debian.org>
++Date: Sun, 1 Mar 2020 11:57:58 +0000
++Subject: [PATCH 1/4] Support POTFILES-shell
++
++---
++ gettext-runtime/po/Makefile.in.in | 24 ++++++++++++++++++++++--
++ 1 file changed, 22 insertions(+), 2 deletions(-)
++
++diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in
++index fabdc76c9..32e9323d3 100644
++--- a/gettext-runtime/po/Makefile.in.in
+++++ b/gettext-runtime/po/Makefile.in.in
++@@ -142,7 +142,7 @@ stamp-po: $(srcdir)/$(DOMAIN).pot
++ # The determination of whether the package xyz is a GNU one is based on the
++ # heuristic whether some file in the top level directory mentions "GNU xyz".
++ # If GNU 'find' is available, we avoid grepping through monster files.
++-$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed
+++$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell.in remove-potcdate.sed
++ 	if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \
++ 	       LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \
++ 	     else \
++@@ -175,7 +175,27 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed
++ 	      --package-version='@VERSION@' \
++ 	      --msgid-bugs-address="$$msgid_bugs_address" \
++ 	    ;; \
++-	esac
+++	esac; \
+++	case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
+++	  '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \
+++	    $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+++	      --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \
+++	      --files-from=$(srcdir)/POTFILES-shell.in \
+++	      --copyright-holder='$(COPYRIGHT_HOLDER)' \
+++	      --msgid-bugs-address="$$msgid_bugs_address" \
+++	      --join-existing --language=Shell --keyword=gettext_quoted \
+++	    ;; \
+++	  *) \
+++	    $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+++	      --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \
+++	      --files-from=$(srcdir)/POTFILES-shell.in \
+++	      --copyright-holder='$(COPYRIGHT_HOLDER)' \
+++	      --package-name="$${package_gnu}@PACKAGE@" \
+++	      --package-version='@VERSION@' \
+++	      --msgid-bugs-address="$$msgid_bugs_address" \
+++	      --join-existing --language=Shell --keyword=gettext_quoted \
+++	    ;; \
+++	esac; \
++ 	test ! -f $(DOMAIN).po || { \
++ 	  if test -f $(srcdir)/$(DOMAIN).pot; then \
++ 	    sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
++--
++2.17.1
++
 diff --git a/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch b/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch
 new file mode 100644
 index 0000000..2767ed6
 --- /dev/null
 +++ b/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch
@@ -0,0 +1,46 @@
++From fd17c51f2e6c87427679fbdfb5f6224ff48795db Mon Sep 17 00:00:00 2001
++From: Colin Watson <cjwatson@debian.org>
++Date: Sun, 1 Mar 2020 12:00:41 +0000
++Subject: [PATCH 2/4] Handle gettext_printf shell function
++
++Extract gettext_printf arguments.
++
++Run grub.d.sed over strings extracted from util/grub.d/, in order to set
++c-format flags (xgettext refuses to include these itself for strings it
++extracted from a shell file, but these really are c-format).
++---
++ gettext-runtime/po/Makefile.in.in | 8 ++++++--
++ 1 file changed, 6 insertions(+), 2 deletions(-)
++
++diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in
++index 32e9323d3..32e0c99a2 100644
++--- a/gettext-runtime/po/Makefile.in.in
+++++ b/gettext-runtime/po/Makefile.in.in
++@@ -183,7 +183,8 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell
++ 	      --files-from=$(srcdir)/POTFILES-shell.in \
++ 	      --copyright-holder='$(COPYRIGHT_HOLDER)' \
++ 	      --msgid-bugs-address="$$msgid_bugs_address" \
++-	      --join-existing --language=Shell --keyword=gettext_quoted \
+++	      --join-existing --language=Shell \
+++	      --keyword=gettext_quoted --keyword=gettext_printf \
++ 	    ;; \
++ 	  *) \
++ 	    $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
++@@ -193,10 +194,13 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell
++ 	      --package-name="$${package_gnu}@PACKAGE@" \
++ 	      --package-version='@VERSION@' \
++ 	      --msgid-bugs-address="$$msgid_bugs_address" \
++-	      --join-existing --language=Shell --keyword=gettext_quoted \
+++	      --join-existing --language=Shell \
+++	      --keyword=gettext_quoted --keyword=gettext_printf \
++ 	    ;; \
++ 	esac; \
++ 	test ! -f $(DOMAIN).po || { \
+++	  sed -f grub.d.sed < $(DOMAIN).po > $(DOMAIN).1po && \
+++	  mv $(DOMAIN).1po $(DOMAIN).po; \
++ 	  if test -f $(srcdir)/$(DOMAIN).pot; then \
++ 	    sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
++ 	    sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
++--
++2.17.1
++
 diff --git a/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch b/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch
 new file mode 100644
 index 0000000..4141611
 --- /dev/null
 +++ b/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch
@@ -0,0 +1,34 @@
++From 156c523e2945c9b43c5500fb93988b0dd2f08d75 Mon Sep 17 00:00:00 2001
++From: Vladimir Serbinenko <phcoder@gmail.com>
++Date: Sun, 1 Mar 2020 12:09:25 +0000
++Subject: [PATCH 3/4] Make msgfmt output in little-endian
++
++GRUB expects this.
++---
++ gettext-runtime/po/Makefile.in.in | 6 +++---
++ 1 file changed, 3 insertions(+), 3 deletions(-)
++
++diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in
++index 32e0c99a2..f3ef54c39 100644
++--- a/gettext-runtime/po/Makefile.in.in
+++++ b/gettext-runtime/po/Makefile.in.in
++@@ -84,13 +84,13 @@ CATALOGS = @CATALOGS@
++
++ .po.mo:
++ 	@echo "$(MSGFMT) -c -o $@ $<"; \
++-	$(MSGFMT) -c -o t-$@ $< && mv t-$@ $@
+++	$(MSGFMT) --endianness=little -c -o t-$@ $< && mv t-$@ $@
++
++ .po.gmo:
++ 	@lang=`echo $* | sed -e 's,.*/,,'`; \
++ 	test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
++-	echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \
++-	cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
+++	echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \
+++	cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
++
++ .sin.sed:
++ 	sed -e '/^#/d' $< > t-$@
++--
++2.17.1
++
 diff --git a/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch b/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch
 new file mode 100644
 index 0000000..790521d
 --- /dev/null
 +++ b/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch
@@ -0,0 +1,26 @@
++From f36f12e77798223ee7ee882c0d09e0e63db11454 Mon Sep 17 00:00:00 2001
++From: Colin Watson <cjwatson@debian.org>
++Date: Sun, 1 Mar 2020 12:14:07 +0000
++Subject: [PATCH 4/4] Use @SHELL rather than /bin/sh
++
++/bin/sh might not exist.
++---
++ gettext-runtime/po/Makefile.in.in | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in
++index f3ef54c39..285a55a9d 100644
++--- a/gettext-runtime/po/Makefile.in.in
+++++ b/gettext-runtime/po/Makefile.in.in
++@@ -16,7 +16,7 @@ VERSION = @VERSION@
++ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
++
++ SED = @SED@
++-SHELL = /bin/sh
+++SHELL = @SHELL@
++ @SET_MAKE@
++
++ srcdir = @srcdir@
++--
++2.17.1
++
 diff --git a/debian/grub-check-signatures b/debian/grub-check-signatures
 new file mode 100755
 index 0000000..3d41c3c
 --- /dev/null
 +++ b/debian/grub-check-signatures
@@ -0,0 +1,129 @@
++#!/bin/sh
++
++set -e
++
++. /usr/share/debconf/confmodule
++
++# Check if we are on an EFI system
++efivars=/sys/firmware/efi/efivars
++secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
++moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23
++tmpdir=$(mktemp -d)
++
++on_secure_boot() {
++	# Validate any queued actions before we go try to do them.
++	local moksbstatert=0
++
++	if ! [ -d $efivars ]; then
++		return 1
++	fi
++
++	if ! [ -f $efivars/$secureboot_var ] \
++		|| [ "$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF }')" -ne 1 ]
++	then
++		return 1
++	fi
++
++	if [ -f /proc/sys/kernel/moksbstate_disabled ]; then
++		moksbstatert=$(cat /proc/sys/kernel/moksbstate_disabled 2>/dev/null || echo 0)
++	elif [ -f $efivars/$moksbstatert_var ]; then
++		# MokSBStateRT set to 1 means validation is disabled
++		moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \
++					   awk '{ print $NF; }')
++	fi
++
++	if [ $moksbstatert -eq 1 ]; then
++		return 1
++	fi
++
++	return 0
++}
++
++# Retrieve the keys we do trust from PK, DB, KEK, and MokList.
++extract_known_keys() {
++	# Make the Canonical CA cert available for validation too; in case
++	# MokListRT is empty due to a bug.
++	cp /usr/share/grub/canonical-uefi-ca.crt $tmpdir
++
++	# Extract known UEFI certs from firmware variables
++	( cd $tmpdir; \
++		mokutil --export --db >/dev/null 2>/dev/null; \
++		mokutil --export --mok >/dev/null 2>/dev/null; )
++	find $tmpdir -name "*.der" -exec openssl x509 -inform der -in {} -outform pem -out {}.crt  \;
++}
++
++# Check if a given kernel image is signed
++is_signed() {
++	tmp=$(mktemp)
++	sbattach --detach $tmp $1 >/dev/null 2>/dev/null 	# that's ugly...
++	test "$(wc -c < $tmp)" -ge 16	# Just _some_ minimum size
++	result=$?
++	if [ $result -eq 0 ]; then
++		sig_subject=$(openssl pkcs7 -inform der -in $tmp -print_certs | openssl x509 -noout -text | grep Subject: )
++	fi
++	rm $tmp
++	if [ $result -eq 0 ]; then
++		for crtfile in $tmpdir/*.crt; do
++			sbverify --cert $crtfile $1 >/dev/null 2>/dev/null
++			result=$?
++			if [ $result -eq 0 ]; then
++				return $result;
++			fi
++		done
++		echo "$1 is signed, but using an unknown key:" >&2
++		echo "$sig_subject" >&2
++	else
++		echo "$1 is unsigned." >&2
++	fi
++	return $result
++}
++
++# Check that our current kernel and every newer one is signed
++find_unsigned() {
++	uname_r="$(uname -r)"
++	for kernel in $(ls -1 /boot/vmlinuz-* | sort -V -r); do
++		# no kernels :(
++		if [ "$kernel" = "/boot/vmlinuz-*" ]; then
++			break
++		fi
++		this_uname_r="$(echo "$kernel" | sed -r 's#^/boot/vmlinuz-(.*)#\1#; s#\.efi\.signed$##')"
++		if dpkg --compare-versions "$this_uname_r" lt "$uname_r"; then
++			continue
++		fi
++		if [ -e "$kernel.efi.signed" ]; then
++			continue
++		fi
++		if ! is_signed $kernel; then
++			echo "$this_uname_r"
++		fi
++	done
++}
++
++# Only reached from show_warning
++error() {
++	echo "E: Your kernels are not signed with a key known to your firmware. This system will fail to boot in a Secure Boot environment." >&2
++	exit 1
++}
++
++# Either shows a debconf note or prints an error with error() above if
++# that fails
++show_warning() {
++	# kernels should be an indented list of one version per line
++	escaped="$(printf "%s" "$unsigned" | sed "s#^#     #" | debconf-escape -e )"
++	db_capb escape
++	db_settitle grub2/unsigned_kernels_title || error
++	db_fset grub2/unsigned_kernels seen 0 || error
++	db_subst grub2/unsigned_kernels unsigned_versions "$escaped" || error
++	db_input critical grub2/unsigned_kernels || error
++	db_go || error
++	error
++}
++
++if on_secure_boot; then
++	extract_known_keys
++	unsigned="$(find_unsigned)"
++	if [ -n "$unsigned" ]; then
++		show_warning "$unsigned"
++	fi
++	rm -rf "$tmpdir"
++fi
 diff --git a/debian/grub-common.dirs b/debian/grub-common.dirs
 index 3d70df4..832239c 100644
 --- a/debian/grub-common.dirs
 +++ b/debian/grub-common.dirs
@@ -1,2 +1,3 @@
  usr/sbin
  var/lib/grub/ucf
++var/lib/grub/esp
 diff --git a/debian/grub-common.install.in b/debian/grub-common.install.in
 index 420a61e..6c5c9f0 100644
 --- a/debian/grub-common.install.in
 +++ b/debian/grub-common.install.in
@@ -1,6 +1,9 @@
  ../../debian/apport/source_grub2.py	usr/share/apport/package-hooks/
  ../../debian/grub.d			etc
  ../../debian/init-select.cfg		etc/default/grub.d
++../../debian/grub-check-signatures usr/share/grub/
++../../debian/grub-multi-install usr/lib/grub/
++../../debian/canonical-uefi-ca.crt usr/share/grub/
  etc/grub.d
  usr/bin/grub-editenv
@@ -20,6 +23,7 @@ usr/bin/grub-mkstandalone
  usr/bin/grub-render-label
  usr/bin/grub-script-check
  usr/bin/grub-syslinux2cfg
++usr/lib/systemd/system/grub-initrd-fallback.service lib/systemd/system
  usr/sbin/grub-macbless
  usr/sbin/grub-mkconfig
  usr/sbin/grub-mkdevicemap
 diff --git a/debian/grub-common.service b/debian/grub-common.service
 new file mode 100644
 index 0000000..1395ad9
 --- /dev/null
 +++ b/debian/grub-common.service
@@ -0,0 +1,14 @@
++[Unit]
++Description=Record successful boot for GRUB
++
++[Service]
++Type=simple
++Restart=no
++RemainAfterExit=yes
++ExecStartPre=/bin/sh -c '[ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv; mkdir -p /boot/grub'
++ExecStart=grub-editenv /boot/grub/grubenv unset recordfail
++ExecStartPost=/bin/sh -c 'if grub-editenv /boot/grub/grubenv list | grep -q initrdless_boot_fallback_triggered=1; then echo "<3>grub: GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered."; fi'
++StandardOutput=kmsg
++
++[Install]
++WantedBy=multi-user.target
 \ No newline at end of file
 diff --git a/debian/grub-common.templates b/debian/grub-common.templates
 new file mode 100644
 index 0000000..c75e5d3
 --- /dev/null
 +++ b/debian/grub-common.templates
@@ -0,0 +1,53 @@
++Template: grub-efi/install_devices
++Type: multiselect
++Choices-C: ${RAW_CHOICES}
++Choices: ${CHOICES}
++_Description: GRUB EFI system partitions:
++ The grub-efi package is being upgraded. This menu allows you to select which
++ EFI system partions you'd like grub-install to be automatically run for, if any.
++ .
++ Running grub-install automatically is recommended in most situations, to
++ prevent the installed GRUB core image from getting out of sync with GRUB
++ modules or grub.cfg.
++
++Template: grub-efi/install_devices_disks_changed
++Type: multiselect
++Choices-C: ${RAW_CHOICES}
++Choices: ${CHOICES}
++_Description: GRUB install devices:
++ The GRUB boot loader was previously installed to a disk that is no longer
++ present, or whose unique identifier has changed for some reason. It is
++ important to make sure that the installed GRUB core image stays in sync
++ with GRUB modules and grub.cfg. Please check again to make sure that GRUB
++ is written to the appropriate boot devices.
++
++Template: grub-efi/partition_description
++Type: text
++_Description: ${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}
++
++Template: grub-efi/install_devices_failed
++Type: boolean
++Default: false
++#flag:translate!:3
++_Description: Writing GRUB to boot device failed - continue?
++ GRUB failed to install to the following devices:
++ .
++ ${FAILED_DEVICES}
++ .
++ Do you want to continue anyway? If you do, your computer may not start up
++ properly.
++
++Template: grub-efi/install_devices_empty
++Type: boolean
++Default: false
++_Description: Continue without installing GRUB?
++ You chose not to install GRUB to any devices. If you continue, the boot
++ loader may not be properly configured, and when this computer next starts
++ up it will use whatever was previously configured. If there is an
++ earlier version of GRUB 2 in the EFI system partition, it may be unable to load
++ modules or handle the current configuration file.
++ .
++ If you are already using a different boot loader and want to carry on
++ doing so, or if this is a special environment where you do not need a boot
++ loader, then you should continue anyway. Otherwise, you should install
++ GRUB somewhere.
 diff --git a/debian/grub-multi-install b/debian/grub-multi-install
 new file mode 100755
 index 0000000..bedc700
 --- /dev/null
 +++ b/debian/grub-multi-install
@@ -0,0 +1,417 @@
++#!/bin/bash
++#
++# Install to multiple ESPs
++
++set -e
++
++# Most of this is copy-paste from grub postinst, sigh.
++
++. /usr/share/debconf/confmodule
++
++# shamelessly stolen from ucf:
++#
++# Load our templates, just in case our template has
++# not been loaded or the Debconf DB lost or corrupted
++# since then.
++db_x_loadtemplatefile "$(dpkg-query --control-path grub-common templates)" grub-common
++
++###############################################################################
++#                       COPY FROM POSTINST
++###############################################################################
++# This only works on a Linux system with udev running.  This is probably the
++# vast majority of systems where we need any of this, though, and we fall
++# back reasonably gracefully if we don't have it.
++cached_available_ids=
++available_ids()
++{
++  local id path
++
++  if [ "$cached_available_ids" ]; then
++    echo "$cached_available_ids"
++    return
++  fi
++
++  [ -d /dev/disk/by-id ] || return
++  cached_available_ids="$(
++    for path in /dev/disk/by-id/*; do
++      [ -e "$path" ] || continue
++      printf '%s %s\n' "$path" "$(readlink -f "$path")"
++    done | sort -k2 -s -u | cut -d' ' -f1
++  )"
++  echo "$cached_available_ids"
++}
++
++# Returns non-zero and no output if no mapping can be found.
++device_to_id()
++{
++  local id
++  for id in $(available_ids); do
++    if [ "$(readlink -f "$id")" = "$(readlink -f "$1")" ]; then
++      echo "$id"
++      return 0
++    fi
++  done
++  # Fall back to the plain device name if there's no by-id link for it.
++  if [ -e "$1" ]; then
++    echo "$1"
++    return 0
++  fi
++  return 1
++}
++
++# for Linux
++sysfs_size()
++{
++  local num_sectors sector_size size
++  # Try to find out the size without relying on a partitioning tool being
++  # installed. This isn't too hard on Linux 2.6 with sysfs, but we have to
++  # try a couple of variants on detection of the sector size.
++  if [ -e "$1/size" ]; then
++    num_sectors="$(cat "$1/size")"
++    sector_size=512
++    if [ -e "$1/queue/logical_block_size" ]; then
++      sector_size="$(cat "$1/queue/logical_block_size")"
++    elif [ -e "$1/queue/hw_sector_size" ]; then
++      sector_size="$(cat "$1/queue/hw_sector_size")"
++    fi
++    size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)"
++  fi
++  [ "$size" ] || size='???'
++  echo "$size"
++}
++
++# for kFreeBSD
++camcontrol_size()
++{
++  local num_sectors sector_size size=
++
++  if num_sectors="$(camcontrol readcap "$1" -q -s -N)"; then
++    sector_size="$(camcontrol readcap "$1" -q -b)"
++    size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)"
++  fi
++
++  [ "$size" ] || size='???'
++  echo "$size"
++}
++
++maybe_udevadm()
++{
++  if which udevadm >/dev/null 2>&1; then
++    udevadm "$@" || true
++  fi
++}
++
++# Parse /proc/mounts and find out the mount for the given device.
++# The device must be a real device in /dev, not a symlink to one.
++get_mounted_device()
++{
++  mountpoint="$1"
++  cat /proc/mounts | while read -r line; do
++    set -f
++    set -- $line
++    set +f
++    if [ "$2" = "$mountpoint" ]; then
++      echo "$1"
++      break
++    fi
++  done
++}
++
++###############################################################################
++#                            New or modified helpers
++###############################################################################
++
++# Fixed: Return nothing if the argument is empty
++get_mountpoint()
++{
++  local relpath boot_mountpoint
++
++  if [ -z "$1" ]; then
++    return
++  fi
++
++  relpath="$(grub-mkrelpath "$1")"
++  boot_mountpoint="${1#$relpath}"
++  echo "${boot_mountpoint:-/}"
++}
++
++
++# Returns value in $RET, like a debconf command.
++#
++# Merged version of describe_disk and describe_partition, as disks can't be
++# valid ESPs on their own, so we can't render them as an entry.
++describe_efi_system_partition()
++{
++  local disk part id path sysfs_path diskbase partbase size
++  local disk_basename disk_size model
++  disk="$1"
++  part="$2"
++  id="$3"
++  path="$4"
++
++  # BEGIN: Stolen from describe_disk
++  model=
++  case $(uname -s) in
++    Linux)
++      sysfs_path="$(maybe_udevadm info -n "$disk" -q path)"
++      if [ -z "$sysfs_path" ]; then
++        sysfs_path="/block/$(printf %s "${disk#/dev/}" | sed 's,/,!,g')"
++      fi
++      disk_size="$(sysfs_size "/sys$sysfs_path")"
++
++      model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^ID_MODEL=//p')"
++      if [ -z "$model" ]; then
++        model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^DM_NAME=//p')"
++        if [ -z "$model" ]; then
++          model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^MD_NAME=//p')"
++          if [ -z "$model" ] && which dmsetup >/dev/null 2>&1; then
++            model="$(dmsetup info -c --noheadings -o name "$disk" 2>/dev/null || true)"
++          fi
++        fi
++      fi
++    ;;
++    GNU/kFreeBSD)
++      disk_basename=$(basename "$disk")
++      disk_size="$(camcontrol_size "$disk_basename")"
++      model="$(camcontrol inquiry "$disk_basename" | sed -ne "s/^pass0: <\([^>]*\)>.*/\1/p")"
++    ;;
++  esac
++
++  [ "$model" ] || model='???'
++
++  # END: Stolen from describe_disk
++
++  sysfs_path="$(maybe_udevadm info -n "$part" -q path)"
++  if [ -z "$sysfs_path" ]; then
++    diskbase="${disk#/dev/}"
++    diskbase="$(printf %s "$diskbase" | sed 's,/,!,g')"
++    partbase="${part#/dev/}"
++    partbase="$(printf %s "$partbase" | sed 's,/,!,g')"
++    sysfs_path="/block/$diskbase/$partbase"
++  fi
++  size="$(sysfs_size "/sys$sysfs_path")"
++
++  db_subst grub-efi/partition_description DEVICE "$part"
++  db_subst grub-efi/partition_description SIZE "$size"
++  db_subst grub-efi/partition_description PATH "$path"
++  db_subst grub-efi/partition_description DISK_MODEL "$model"
++  db_subst grub-efi/partition_description DISK_SIZE "$disk_size"
++  db_metaget grub-efi/partition_description description
++}
++
++
++# Parse /proc/mounts and find out the mount for the given device.
++# The device must be a real device in /dev, not a symlink to one.
++find_mount_point()
++{
++  real_device="$1"
++  cat /proc/mounts | while read -r line; do
++    set -f
++    set -- $line
++    set +f
++    if [ "$1" = "$real_device" -a "$3" = "vfat" ]; then
++      echo "$2"
++      break
++    fi
++  done
++}
++
++# Return all devices that are a valid ESP
++usable_efi_system_partitions()
++{
++  local last_partition path partition partition_id
++  local ID_PART_ENTRY_TYPE ID_PART_ENTRY_SCHEME
++
++  last_partition=
++  (
++  for partition in /dev/disk/by-id/*; do
++    eval "$(udevadm info -q property -n "$partition" | grep -E '^ID_PART_ENTRY_(TYPE|SCHEME)=')"
++    if [ -z "$ID_PART_ENTRY_TYPE" -o -z "$ID_PART_ENTRY_SCHEME" -o \
++    \( "$ID_PART_ENTRY_SCHEME" != gpt -a "$ID_PART_ENTRY_SCHEME" != dos \) -o \
++    \( "$ID_PART_ENTRY_SCHEME" = gpt -a "$ID_PART_ENTRY_TYPE" != c12a7328-f81f-11d2-ba4b-00a0c93ec93b \) -o \
++    \( "$ID_PART_ENTRY_SCHEME" = dos -a "$ID_PART_ENTRY_TYPE" != 0xef \) ]; then
++      continue
++    fi
++    # unify the partition id
++    partition_id="$(device_to_id "$partition" || true)"
++    real_device="$(readlink -f "$partition")"
++    path="$(find_mount_point $real_device)"
++    echo "$path:$partition_id"
++  done
++  ) | sort -t: -k2 -u
++}
++
++###############################################################################
++#                            MAGIC SCRIPT
++###############################################################################
++FALLBACK_MOUNTPOINT=/var/lib/grub/esp
++
++# Initial install/upgrade from /boot/efi?
++db_fget grub-efi/install_devices seen
++seen="$RET"
++
++# Get configured value
++question=grub-efi/install_devices
++priority=high
++db_get grub-efi/install_devices
++valid=1
++
++# We either migrate /boot/efi over, or we check if we have invalid devices
++if [ -z "$RET" ] && [ "$seen" != "true" ]; then
++  echo "Trying to migrate /boot/efi into esp config"
++  esp="$(get_mounted_device /boot/efi)"
++  if [ "$esp" ]; then
++    esp="$(device_to_id "$esp")"
++  fi
++  if [ "$esp" ]; then
++    db_set grub-efi/install_devices "$esp"
++    db_fset grub-efi/install_devices seen true
++    RET="$esp"
++  fi
++else
++  for device in $RET; do
++    if [ ! -e "${device%,}" ]; then
++      valid=0
++      break
++    fi
++  done
++fi
++
++# If /boot/efi points to a device that's not in the list, trigger the
++# install_devices_disks_changed prompt below, but add the device behind
++# /boot/efi to the defaults.
++boot_efi_device=$(get_mounted_device /boot/efi || true)
++if [ "$boot_efi_device" ]; then
++  for device in $RET; do
++    device="${device%,}"
++    real_device="$(readlink -f "$device" || true)"
++    if [ "$real_device" = "$boot_efi_device" ]; then
++      boot_efi_device=""
++      break
++    fi
++  done
++
++  if [ "$boot_efi_device" ]; then
++    boot_efi_device="$(device_to_id "$boot_efi_device" || true)"
++    if [ "$RET" ]; then
++      RET="$RET, $boot_efi_device"
++    else
++      RET="$boot_efi_device"
++    fi
++    valid=0
++  fi
++fi
++
++
++if [ "$valid" = 0 ]; then
++  question=grub-efi/install_devices_disks_changed
++  priority=critical
++  db_set "$question" "$RET"
++  db_fset "$question" seen false
++  db_fset grub-efi/install_devices_empty seen false
++fi
++
++while :; do
++  ids=
++  descriptions=
++  partitions="$(usable_efi_system_partitions)"
++
++  for partition_pair in $partitions; do
++    partition_id="${partition_pair#*:}"
++    device="${partition_id%%-part*}"
++    ids="${ids:+$ids, }$partition_id"
++    describe_efi_system_partition "$(readlink -f "$device")" "$(readlink -f "$partition_id")" "$partition_id" "$(get_mountpoint "${partition_pair%%:*}")"
++    RET="$(printf %s "$RET" | sed 's/,/\\,/g')"
++    descriptions="${descriptions:+$descriptions, }$RET"
++  done
++
++  db_subst "$question" RAW_CHOICES "$ids"
++  db_subst "$question" CHOICES "$descriptions"
++  db_input "$priority" "$question" || true
++  db_go
++  db_get "$question"
++
++
++  # Run the installer
++  failed_devices=
++  for i in `echo $RET | sed -e 's/, / /g'` ; do
++    real_device="$(readlink -f "$i")"
++    mntpoint=$(find_mount_point $real_device)
++    if [ -z "$mntpoint" ]; then
++      mntpoint=$FALLBACK_MOUNTPOINT
++      mount $real_device $mntpoint
++    fi
++    echo "Installing grub to $mntpoint." >&2
++    if _UBUNTU_ALTERNATIVE_ESPS="$RET" grub-install --efi-directory=$mntpoint "$@" ; then
++      # We just installed GRUB 2; then also generate grub.cfg.
++      touch /boot/grub/grub.cfg
++    else
++      failed_devices="$failed_devices $real_device"
++    fi
++
++    if [ "$mntpoint" = "$FALLBACK_MOUNTPOINT" ]; then
++      umount $mntpoint
++    fi
++  done
++
++  if [ "$question" != grub-efi/install_devices ] && [ "$RET" ]; then
++    # XXX cjwatson 2019-02-26: The description of
++    # grub-efi/install_devices_disks_changed ought to explain that
++    # selecting no devices will leave the configuration unchanged
++    # so that you'll be prompted again next time, but it's a bit
++    # close to the Debian 10 release to be introducing new
++    # translatable text.  For now, it should be sufficient to
++    # avoid losing configuration data.
++    db_set grub-efi/install_devices "$RET"
++    db_fset grub-efi/install_devices seen true
++  fi
++
++  if [ "$failed_devices" ]; then
++    db_subst grub-efi/install_devices_failed FAILED_DEVICES "$failed_devices"
++    db_fset grub-efi/install_devices_failed seen false
++    if db_input critical grub-efi/install_devices_failed; then
++      db_go
++      db_get grub-efi/install_devices_failed
++      if [ "$RET" = true ]; then
++        break
++      else
++        db_fset "$question" seen false
++        db_fset grub-efi/install_devices_failed seen false
++        continue
++      fi
++    else
++      exit 1 # noninteractive
++    fi
++  fi
++
++  db_get "$question"
++  if [ -z "$RET" ]; then
++    # Reset the seen flag if the current answer is false, since
++    # otherwise we'll loop with no indication of why.
++    db_get grub-efi/install_devices_empty
++    if [ "$RET" = false ]; then
++      db_fset grub-efi/install_devices_empty seen false
++    fi
++    if db_input critical grub-efi/install_devices_empty; then
++      db_go
++      db_get grub-efi/install_devices_empty
++      if [ "$RET" = true ]; then
++        break
++      else
++        db_fset "$question" seen false
++        db_fset grub-efi/install_devices_empty seen false
++      fi
++    else
++      # if question was seen we are done
++      # Otherwise, abort
++      db_fget grub-efi/install_devices_empty seen
++      if [ "$RET" = true ]; then
++        break
++      else
++        exit 1
++      fi
++    fi
++  else
++    break
++  fi
++done
 diff --git a/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch b/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch
 new file mode 100644
 index 0000000..20dbfb4
 --- /dev/null
 +++ b/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch
@@ -0,0 +1,26 @@
++From 7bae32b384bf0129a980b77447e21abb4024f693 Mon Sep 17 00:00:00 2001
++From: Dimitri John Ledkov <xnox@ubuntu.com>
++Date: Mon, 24 Feb 2020 20:29:53 +0000
++Subject: uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings
++
++LP: #1864547
++---
++ util/grub.d/30_uefi-firmware.in | 4 ++--
++ 1 file changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in
++index 3c9f533d8c..b072d219f6 100644
++--- a/util/grub.d/30_uefi-firmware.in
+++++ b/util/grub.d/30_uefi-firmware.in
++@@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data"
++
++ if [ -e "$OsIndications" ] && \
++    [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then
++-  LABEL="System setup"
+++  LABEL="UEFI Firmware Settings"
++
++-  gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2
+++  gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2
++
++   onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
++
 diff --git a/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch b/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch
 new file mode 100644
 index 0000000..3f8f67c
 --- /dev/null
 +++ b/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch
@@ -0,0 +1,86 @@
++From 484c805e1361fd010e0c3e2c44585f5f7e3899c1 Mon Sep 17 00:00:00 2001
++From: Julian Andres Klode <julian.klode@canonical.com>
++Date: Tue, 3 Mar 2020 16:06:34 +0100
++Subject: smbios: Add a --linux argument to apply linux modalias-like filtering
++
++Linux creates modalias strings by filtering out non-ASCII, space,
++and colon characters. Provide an option that does the same filtering
++so people can create a modalias string in GRUB, and then match their
++modalias patterns against it.
++
++Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=87049f9716fb095aecb595fb8f45497bbbb1b4a2
++---
++ grub-core/commands/smbios.c | 24 ++++++++++++++++++++++++
++ 1 file changed, 24 insertions(+)
++
++diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c
++index 7a6a391fc1..1a9086ddd4 100644
++--- a/grub-core/commands/smbios.c
+++++ b/grub-core/commands/smbios.c
++@@ -64,6 +64,21 @@ grub_smbios_get_eps3 (void)
++   return eps;
++ }
++
+++static char *
+++linux_string (const char *value)
+++{
+++  char *out = grub_malloc( grub_strlen (value) + 1);
+++  const char *src = value;
+++  char *dst = out;
+++
+++  for (; *src; src++)
+++    if (*src > ' ' && *src < 127 && *src != ':')
+++      *dst++ = *src;
+++
+++  *dst = 0;
+++  return out;
+++}
+++
++ /*
++  * These functions convert values from the various SMBIOS structure field types
++  * into a string formatted to be returned to the user.  They expect that the
++@@ -176,6 +191,7 @@ static const struct {
++ /* List command options, with structure field getters ordered as above. */
++ #define FIRST_GETTER_OPT (3)
++ #define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors))
+++#define LINUX_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors) + 1)
++
++ static const struct grub_arg_option options[] = {
++   {"type",       't', 0, N_("Match structures with the given type."),
++@@ -198,6 +214,8 @@ static const struct grub_arg_option options[] = {
++                          N_("offset"), ARG_TYPE_INT},
++   {"set",       '\0', 0, N_("Store the value in the given variable name."),
++                          N_("variable"), ARG_TYPE_STRING},
+++  {"linux",     '\0', 0, N_("Filter the result like linux does."),
+++                         N_("variable"), ARG_TYPE_NONE},
++   {0, 0, 0, 0, 0, 0}
++ };
++
++@@ -261,6 +279,7 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt,
++
++   const grub_uint8_t *structure;
++   const char *value;
+++  char *modified_value = NULL;
++   grub_int32_t option;
++   grub_int8_t field_type = -1;
++   grub_uint8_t i;
++@@ -334,12 +353,17 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt,
++     return grub_error (GRUB_ERR_IO,
++                        N_("failed to retrieve the structure field"));
++
+++  if (state[LINUX_OPT].set)
+++    value = modified_value = linux_string (value);
+++
++   /* Store or print the formatted value. */
++   if (state[SETTER_OPT].set)
++     grub_env_set (state[SETTER_OPT].arg, value);
++   else
++     grub_printf ("%s\n", value);
++
+++  grub_free(modified_value);
+++
++   return GRUB_ERR_NONE;
++ }
++
 diff --git a/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch
 new file mode 100644
 index 0000000..8460c3c
 --- /dev/null
 +++ b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch
@@ -0,0 +1,118 @@
++From 80b0e6a9375628f209b96173ce0a3af70060131c Mon Sep 17 00:00:00 2001
++From: Chris Coulson <chris.coulson@canonical.com>
++Date: Wed, 11 Mar 2020 16:46:00 +0100
++Subject: ubuntu: Make the linux command in EFI grub always try EFI handover
++
++The previous implementation only boots via the EFI handover protocol when
++secure boot is enabled. This means that disabling secure boot breaks some
++features that depend on the kernel being booted via the EFI handover entry
++point, such as retrieval of the TCG event log.
++
++Update the linux command to always attempt to defer to linuxefi in EFI grub
++builds, regardless of whether secure boot is enabled or not. This also allows
++a fallback to the non-EFI handover path on kernels that don't support it, but
++only if secure boot is disabled.
++---
++ grub-core/loader/i386/efi/linux.c | 14 +++++----
++ grub-core/loader/i386/linux.c     | 47 +++++++++++++++++--------------
++ 2 files changed, 35 insertions(+), 26 deletions(-)
++
++diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
++index 6b6aef87f7..fe3ca2c596 100644
++--- a/grub-core/loader/i386/efi/linux.c
+++++ b/grub-core/loader/i386/efi/linux.c
++@@ -27,6 +27,7 @@
++ #include <grub/lib/cmdline.h>
++ #include <grub/efi/efi.h>
++ #include <grub/efi/linux.h>
+++#include <grub/efi/sb.h>
++
++ GRUB_MOD_LICENSE ("GPLv3+");
++
++@@ -195,12 +196,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
++       goto fail;
++     }
++
++-  rc = grub_linuxefi_secure_validate (kernel, filelen);
++-  if (rc < 0)
+++  if (grub_efi_secure_boot ())
++     {
++-      grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"),
++-		  argv[0]);
++-      goto fail;
+++      rc = grub_linuxefi_secure_validate (kernel, filelen);
+++      if (rc < 0)
+++	{
+++	  grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"),
+++		      argv[0]);
+++	  goto fail;
+++	}
++     }
++
++   params = grub_efi_allocate_pages_max (0x3fffffff,
++diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
++index 4328bcbdb0..991eb29db9 100644
++--- a/grub-core/loader/i386/linux.c
+++++ b/grub-core/loader/i386/linux.c
++@@ -658,35 +658,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
++
++ #ifdef GRUB_MACHINE_EFI
++   using_linuxefi = 0;
++-  if (grub_efi_secure_boot ())
++-    {
++-      /* linuxefi requires a successful signature check and then hand over
++-	 to the kernel without calling ExitBootServices. */
++-      grub_dl_t mod;
++-      grub_command_t linuxefi_cmd;
++
++-      grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n");
+++  grub_dl_t mod;
+++  grub_command_t linuxefi_cmd;
+++
+++  grub_dprintf ("linux", "Trying linuxefi\n");
++
++-      mod = grub_dl_load ("linuxefi");
++-      if (mod)
+++  mod = grub_dl_load ("linuxefi");
+++  if (mod)
+++    {
+++      grub_dl_ref (mod);
+++      linuxefi_cmd = grub_command_find ("linuxefi");
+++      initrdefi_cmd = grub_command_find ("initrdefi");
+++      if (linuxefi_cmd && initrdefi_cmd)
++ 	{
++-	  grub_dl_ref (mod);
++-	  linuxefi_cmd = grub_command_find ("linuxefi");
++-	  initrdefi_cmd = grub_command_find ("initrdefi");
++-	  if (linuxefi_cmd && initrdefi_cmd)
+++	  (linuxefi_cmd->func) (linuxefi_cmd, argc, argv);
+++	  if (grub_errno == GRUB_ERR_NONE)
+++	    {
+++	      grub_dprintf ("linux", "Handing off to linuxefi\n");
+++	      using_linuxefi = 1;
+++	      return GRUB_ERR_NONE;
+++	    }
+++	  else if (grub_efi_secure_boot ())
++ 	    {
++-	      (linuxefi_cmd->func) (linuxefi_cmd, argc, argv);
++-	      if (grub_errno == GRUB_ERR_NONE)
++-		{
++-		  grub_dprintf ("linux", "Handing off to linuxefi\n");
++-		  using_linuxefi = 1;
++-		  return GRUB_ERR_NONE;
++-		}
++-	      grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno);
+++	      grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno);
++ 	      goto fail;
++ 	    }
++ 	}
++     }
+++
+++  if (grub_efi_secure_boot ())
+++    {
+++      grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n");
+++      goto fail;
+++    }
++ #endif
++
++   if (argc == 0)
 diff --git a/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch b/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch
 new file mode 100644
 index 0000000..dfd3ee8
 --- /dev/null
 +++ b/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch
@@ -0,0 +1,25 @@
++From f59fbf2d6ae70d8872d8b680cfccb6e139410944 Mon Sep 17 00:00:00 2001
++From: Chris Coulson <chris.coulson@canonical.com>
++Date: Wed, 11 Mar 2020 16:46:41 +0100
++Subject: ubuntu: Update the linux boot protocol version check.
++
++The EFI implementation of grub_cmd_linux makes use of xloadflags which was
++introduced in to version 2.12 of the kernel's boot protocol, so update the
++check accordingly.
++---
++ grub-core/loader/i386/efi/linux.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
++index fe3ca2c596..2929da7a29 100644
++--- a/grub-core/loader/i386/efi/linux.c
+++++ b/grub-core/loader/i386/efi/linux.c
++@@ -245,7 +245,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
++     }
++
++   grub_dprintf ("linuxefi", "checking lh->version\n");
++-  if (lh->version < grub_cpu_to_le16 (0x020b))
+++  if (lh->version < grub_cpu_to_le16 (0x020c))
++     {
++       grub_error (GRUB_ERR_BAD_OS, N_("kernel too old"));
++       goto fail;
 diff --git a/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
 new file mode 100644
 index 0000000..5ce30a2
 --- /dev/null
 +++ b/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
@@ -0,0 +1,66 @@
++From e25ff4f02fae2c006408a8fa1283320cd81ff87d Mon Sep 17 00:00:00 2001
++From: Peter Jones <pjones@redhat.com>
++Date: Wed, 15 Apr 2020 15:45:02 -0400
++Subject: yylex: Make lexer fatal errors actually be fatal
++
++When presented with a command that can't be tokenized to anything
++smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
++expecting that will stop further processing, as such:
++
++  #define YY_DO_BEFORE_ACTION \
++        yyg->yytext_ptr = yy_bp; \
++        yyleng = (int) (yy_cp - yy_bp); \
++        yyg->yy_hold_char = *yy_cp; \
++        *yy_cp = '\0'; \
++        if ( yyleng >= YYLMAX ) \
++                YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
++        yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
++        yyg->yy_c_buf_p = yy_cp;
++
++The code flex generates expects that YY_FATAL_ERROR() will either return
++for it or do some form of longjmp(), or handle the error in some way at
++least, and so the strncpy() call isn't in an "else" clause, and thus if
++YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
++questionable limit, and predictable results ensue.
++
++Unfortunately, our implementation of YY_FATAL_ERROR() is:
++
++   #define YY_FATAL_ERROR(msg)                     \
++     do {                                          \
++       grub_printf (_("fatal error: %s\n"), _(msg));     \
++     } while (0)
++
++The same pattern exists in yyless(), and similar problems exist in users
++of YY_INPUT(), several places in the main parsing loop,
++yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
++yy_scan_buffer(), etc.
++
++All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
++the things they do if it returns after calling it are wildly unsafe.
++
++Fixes: CVE-2020-10713
++
++Signed-off-by: Peter Jones <pjones@redhat.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++---
++ grub-core/script/yylex.l | 4 ++--
++ 1 file changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
++index 7b44c37b76..b7203c8230 100644
++--- a/grub-core/script/yylex.l
+++++ b/grub-core/script/yylex.l
++@@ -37,11 +37,11 @@
++
++ /*
++  * As we don't have access to yyscanner, we cannot do much except to
++- * print the fatal error.
+++ * print the fatal error and exit.
++  */
++ #define YY_FATAL_ERROR(msg)                     \
++   do {                                          \
++-    grub_printf (_("fatal error: %s\n"), _(msg));     \
+++    grub_fatal (_("fatal error: %s\n"), _(msg));\
++   } while (0)
++
++ #define COPY(str, hint)                         \
 diff --git a/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch
 new file mode 100644
 index 0000000..b87a7fb
 --- /dev/null
 +++ b/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch
@@ -0,0 +1,120 @@
++From daa399d191529cbbe465cfe3ecf5e90cada76786 Mon Sep 17 00:00:00 2001
++From: Peter Jones <pjones@redhat.com>
++Date: Mon, 15 Jun 2020 10:58:42 -0400
++Subject: safemath: Add some arithmetic primitives that check for overflow
++
++This adds a new header, include/grub/safemath.h, that includes easy to
++use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
++
++  bool OP(a, b, res)
++
++where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
++case where the operation would overflow and res is not modified.
++Otherwise, false is returned and the operation is executed.
++
++These arithmetic primitives require newer compiler versions. So, bump
++these requirements in the INSTALL file too.
++
++Signed-off-by: Peter Jones <pjones@redhat.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++---
++ INSTALL                 | 22 ++--------------------
++ include/grub/compiler.h |  8 ++++++++
++ include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
++ 3 files changed, 47 insertions(+), 20 deletions(-)
++ create mode 100644 include/grub/safemath.h
++
++diff --git a/INSTALL b/INSTALL
++index 342c158e91..991479b521 100644
++--- a/INSTALL
+++++ b/INSTALL
++@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
++ you don't have any of them, please obtain and install them before
++ configuring the GRUB.
++
++-* GCC 4.1.3 or later
++-  Note: older versions may work but support is limited
++-
++-  Experimental support for clang 3.3 or later (results in much bigger binaries)
+++* GCC 5.1.0 or later
+++  Experimental support for clang 3.8.0 or later (results in much bigger binaries)
++   for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
++-  Note: clang 3.2 or later works for i386 and x86_64 targets but results in
++-        much bigger binaries.
++-	earlier versions not tested
++-  Note: clang 3.2 or later works for arm
++-	earlier versions not tested
++-  Note: clang on arm64 is not supported due to
++-	https://llvm.org/bugs/show_bug.cgi?id=26030
++-  Note: clang 3.3 or later works for mips(el)
++-	earlier versions fail to generate .reginfo and hence gprel relocations
++-	fail.
++-  Note: clang 3.2 or later works for powerpc
++-	earlier versions not tested
++-  Note: clang 3.5 or later works for sparc64
++-        earlier versions return "error: unable to interface with target machine"
++-  Note: clang has no support for ia64 and hence you can't compile GRUB
++-	for ia64 with clang
++ * GNU Make
++ * GNU Bison 2.3 or later
++ * GNU gettext 0.17 or later
++diff --git a/include/grub/compiler.h b/include/grub/compiler.h
++index c9e1d7a73d..8f3be3ae70 100644
++--- a/include/grub/compiler.h
+++++ b/include/grub/compiler.h
++@@ -48,4 +48,12 @@
++ #  define WARN_UNUSED_RESULT
++ #endif
++
+++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
+++#  define CLANG_PREREQ(maj,min) \
+++          ((__clang_major__ > (maj)) || \
+++	   (__clang_major__ == (maj) && __clang_minor__ >= (min)))
+++#else
+++#  define CLANG_PREREQ(maj,min) 0
+++#endif
+++
++ #endif /* ! GRUB_COMPILER_HEADER */
++diff --git a/include/grub/safemath.h b/include/grub/safemath.h
++new file mode 100644
++index 0000000000..c17b89bba1
++--- /dev/null
+++++ b/include/grub/safemath.h
++@@ -0,0 +1,37 @@
+++/*
+++ *  GRUB  --  GRand Unified Bootloader
+++ *  Copyright (C) 2020  Free Software Foundation, Inc.
+++ *
+++ *  GRUB is free software: you can redistribute it and/or modify
+++ *  it under the terms of the GNU General Public License as published by
+++ *  the Free Software Foundation, either version 3 of the License, or
+++ *  (at your option) any later version.
+++ *
+++ *  GRUB is distributed in the hope that it will be useful,
+++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+++ *  GNU General Public License for more details.
+++ *
+++ *  You should have received a copy of the GNU General Public License
+++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+++ *
+++ *  Arithmetic operations that protect against overflow.
+++ */
+++
+++#ifndef GRUB_SAFEMATH_H
+++#define GRUB_SAFEMATH_H 1
+++
+++#include <grub/compiler.h>
+++
+++/* These appear in gcc 5.1 and clang 3.8. */
+++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
+++
+++#define grub_add(a, b, res)	__builtin_add_overflow(a, b, res)
+++#define grub_sub(a, b, res)	__builtin_sub_overflow(a, b, res)
+++#define grub_mul(a, b, res)	__builtin_mul_overflow(a, b, res)
+++
+++#else
+++#error gcc 5.1 or newer or clang 3.8 or newer is required
+++#endif
+++
+++#endif /* GRUB_SAFEMATH_H */
 diff --git a/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch
 new file mode 100644
 index 0000000..6238eee
 --- /dev/null
 +++ b/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -0,0 +1,239 @@
++From 5cffb625b814199eff98b73c34a92879b17fd5ac Mon Sep 17 00:00:00 2001
++From: Peter Jones <pjones@redhat.com>
++Date: Mon, 15 Jun 2020 12:15:29 -0400
++Subject: calloc: Make sure we always have an overflow-checking calloc()
++ available
++
++This tries to make sure that everywhere in this source tree, we always have
++an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
++available, and that they all safely check for overflow and return NULL when
++it would occur.
++
++Signed-off-by: Peter Jones <pjones@redhat.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++---
++ grub-core/kern/emu/misc.c          | 12 +++++++++
++ grub-core/kern/emu/mm.c            | 10 ++++++++
++ grub-core/kern/mm.c                | 40 ++++++++++++++++++++++++++++++
++ grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++--
++ grub-core/lib/posix_wrap/stdlib.h  |  8 +++++-
++ include/grub/emu/misc.h            |  1 +
++ include/grub/mm.h                  |  6 +++++
++ 7 files changed, 85 insertions(+), 3 deletions(-)
++
++diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
++index 65db79baa1..dfd8a8ec48 100644
++--- a/grub-core/kern/emu/misc.c
+++++ b/grub-core/kern/emu/misc.c
++@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
++   exit (1);
++ }
++
+++void *
+++xcalloc (grub_size_t nmemb, grub_size_t size)
+++{
+++  void *p;
+++
+++  p = calloc (nmemb, size);
+++  if (!p)
+++    grub_util_error ("%s", _("out of memory"));
+++
+++  return p;
+++}
+++
++ void *
++ xmalloc (grub_size_t size)
++ {
++diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
++index f262e95e38..145b01d371 100644
++--- a/grub-core/kern/emu/mm.c
+++++ b/grub-core/kern/emu/mm.c
++@@ -25,6 +25,16 @@
++ #include <string.h>
++ #include <grub/i18n.h>
++
+++void *
+++grub_calloc (grub_size_t nmemb, grub_size_t size)
+++{
+++  void *ret;
+++  ret = calloc (nmemb, size);
+++  if (!ret)
+++    grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+++  return ret;
+++}
+++
++ void *
++ grub_malloc (grub_size_t size)
++ {
++diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
++index ee88ff6118..f2822a8364 100644
++--- a/grub-core/kern/mm.c
+++++ b/grub-core/kern/mm.c
++@@ -67,8 +67,10 @@
++ #include <grub/dl.h>
++ #include <grub/i18n.h>
++ #include <grub/mm_private.h>
+++#include <grub/safemath.h>
++
++ #ifdef MM_DEBUG
+++# undef grub_calloc
++ # undef grub_malloc
++ # undef grub_zalloc
++ # undef grub_realloc
++@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
++   return 0;
++ }
++
+++/*
+++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
+++ * integer overflow.
+++ */
+++void *
+++grub_calloc (grub_size_t nmemb, grub_size_t size)
+++{
+++  void *ret;
+++  grub_size_t sz = 0;
+++
+++  if (grub_mul (nmemb, size, &sz))
+++    {
+++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+++      return NULL;
+++    }
+++
+++  ret = grub_memalign (0, sz);
+++  if (!ret)
+++    return NULL;
+++
+++  grub_memset (ret, 0, sz);
+++  return ret;
+++}
+++
++ /* Allocate SIZE bytes and return the pointer.  */
++ void *
++ grub_malloc (grub_size_t size)
++@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
++   grub_printf ("\n");
++ }
++
+++void *
+++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
+++{
+++  void *ptr;
+++
+++  if (grub_mm_debug)
+++    grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
+++		 file, line, size);
+++  ptr = grub_calloc (nmemb, size);
+++  if (grub_mm_debug)
+++    grub_printf ("%p\n", ptr);
+++  return ptr;
+++}
+++
++ void *
++ grub_debug_malloc (const char *file, int line, grub_size_t size)
++ {
++diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
++index beeb661a3c..74c6eafe52 100644
++--- a/grub-core/lib/libgcrypt_wrap/mem.c
+++++ b/grub-core/lib/libgcrypt_wrap/mem.c
++@@ -4,6 +4,7 @@
++ #include <grub/crypto.h>
++ #include <grub/dl.h>
++ #include <grub/env.h>
+++#include <grub/safemath.h>
++
++ GRUB_MOD_LICENSE ("GPLv3+");
++
++@@ -36,7 +37,10 @@ void *
++ gcry_xcalloc (size_t n, size_t m)
++ {
++   void *ret;
++-  ret = grub_zalloc (n * m);
+++  size_t sz;
+++  if (grub_mul (n, m, &sz))
+++    grub_fatal ("gcry_xcalloc would overflow");
+++  ret = grub_zalloc (sz);
++   if (!ret)
++     grub_fatal ("gcry_xcalloc failed");
++   return ret;
++@@ -56,7 +60,10 @@ void *
++ gcry_xcalloc_secure (size_t n, size_t m)
++ {
++   void *ret;
++-  ret = grub_zalloc (n * m);
+++  size_t sz;
+++  if (grub_mul (n, m, &sz))
+++    grub_fatal ("gcry_xcalloc would overflow");
+++  ret = grub_zalloc (sz);
++   if (!ret)
++     grub_fatal ("gcry_xcalloc failed");
++   return ret;
++diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
++index 3b46f47ff5..7a8d385e97 100644
++--- a/grub-core/lib/posix_wrap/stdlib.h
+++++ b/grub-core/lib/posix_wrap/stdlib.h
++@@ -21,6 +21,7 @@
++
++ #include <grub/mm.h>
++ #include <grub/misc.h>
+++#include <grub/safemath.h>
++
++ static inline void
++ free (void *ptr)
++@@ -37,7 +38,12 @@ malloc (grub_size_t size)
++ static inline void *
++ calloc (grub_size_t size, grub_size_t nelem)
++ {
++-  return grub_zalloc (size * nelem);
+++  grub_size_t sz;
+++
+++  if (grub_mul (size, nelem, &sz))
+++    return NULL;
+++
+++  return grub_zalloc (sz);
++ }
++
++ static inline void *
++diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
++index ce464cfd00..ff9c48a649 100644
++--- a/include/grub/emu/misc.h
+++++ b/include/grub/emu/misc.h
++@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
++ #define GRUB_HOST_PRIuLONG_LONG "llu"
++ #define GRUB_HOST_PRIxLONG_LONG "llx"
++
+++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
++ void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
++ void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
++ char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
++diff --git a/include/grub/mm.h b/include/grub/mm.h
++index 28e2e53eb3..9c38dd3ca5 100644
++--- a/include/grub/mm.h
+++++ b/include/grub/mm.h
++@@ -29,6 +29,7 @@
++ #endif
++
++ void grub_mm_init_region (void *addr, grub_size_t size);
+++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
++ void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
++ void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
++ void EXPORT_FUNC(grub_free) (void *ptr);
++@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
++ void grub_mm_dump_free (void);
++ void grub_mm_dump (unsigned lineno);
++
+++#define grub_calloc(nmemb, size)	\
+++  grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
+++
++ #define grub_malloc(size)	\
++   grub_debug_malloc (GRUB_FILE, __LINE__, size)
++
++@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
++ #define grub_free(ptr)	\
++   grub_debug_free (GRUB_FILE, __LINE__, ptr)
++
+++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
+++				      grub_size_t nmemb, grub_size_t size);
++ void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
++ 				      grub_size_t size);
++ void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
 diff --git a/debian/patches/0084-calloc-Use-calloc-at-most-places.patch b/debian/patches/0084-calloc-Use-calloc-at-most-places.patch
 new file mode 100644
 index 0000000..ac5217f
 --- /dev/null
 +++ b/debian/patches/0084-calloc-Use-calloc-at-most-places.patch
@@ -0,0 +1,1833 @@
++From 855173c18eab34ad93f21f5c509fe0e91bfd1c44 Mon Sep 17 00:00:00 2001
++From: Peter Jones <pjones@redhat.com>
++Date: Mon, 15 Jun 2020 12:26:01 -0400
++Subject: calloc: Use calloc() at most places
++
++This modifies most of the places we do some form of:
++
++  X = malloc(Y * Z);
++
++to use calloc(Y, Z) instead.
++
++Among other issues, this fixes:
++  - allocation of integer overflow in grub_png_decode_image_header()
++    reported by Chris Coulson,
++  - allocation of integer overflow in luks_recover_key()
++    reported by Chris Coulson,
++  - allocation of integer overflow in grub_lvm_detect()
++    reported by Chris Coulson.
++
++Fixes: CVE-2020-14308
++
++Signed-off-by: Peter Jones <pjones@redhat.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++---
++ grub-core/bus/usb/usbhub.c                |  8 ++++----
++ grub-core/commands/efi/lsefisystab.c      |  3 ++-
++ grub-core/commands/legacycfg.c            |  6 +++---
++ grub-core/commands/menuentry.c            |  2 +-
++ grub-core/commands/nativedisk.c           |  2 +-
++ grub-core/commands/parttool.c             | 12 +++++++++---
++ grub-core/commands/regexp.c               |  2 +-
++ grub-core/commands/search_wrap.c          |  2 +-
++ grub-core/disk/diskfilter.c               |  4 ++--
++ grub-core/disk/ieee1275/ofdisk.c          |  2 +-
++ grub-core/disk/ldm.c                      | 14 +++++++-------
++ grub-core/disk/luks.c                     |  2 +-
++ grub-core/disk/lvm.c                      |  8 ++++----
++ grub-core/disk/xen/xendisk.c              |  2 +-
++ grub-core/efiemu/loadcore.c               |  2 +-
++ grub-core/efiemu/mm.c                     |  6 +++---
++ grub-core/font/font.c                     |  3 +--
++ grub-core/fs/affs.c                       |  6 +++---
++ grub-core/fs/btrfs.c                      |  6 +++---
++ grub-core/fs/hfs.c                        |  2 +-
++ grub-core/fs/hfsplus.c                    |  6 +++---
++ grub-core/fs/iso9660.c                    |  2 +-
++ grub-core/fs/ntfs.c                       |  4 ++--
++ grub-core/fs/sfs.c                        |  2 +-
++ grub-core/fs/tar.c                        |  2 +-
++ grub-core/fs/udf.c                        |  4 ++--
++ grub-core/fs/zfs/zfs.c                    |  4 ++--
++ grub-core/gfxmenu/gui_string_util.c       |  2 +-
++ grub-core/gfxmenu/widget-box.c            |  4 ++--
++ grub-core/io/gzio.c                       |  2 +-
++ grub-core/kern/efi/efi.c                  |  6 +++---
++ grub-core/kern/emu/hostdisk.c             |  2 +-
++ grub-core/kern/fs.c                       |  2 +-
++ grub-core/kern/misc.c                     |  2 +-
++ grub-core/kern/parser.c                   |  2 +-
++ grub-core/kern/uboot/uboot.c              |  2 +-
++ grub-core/lib/libgcrypt/cipher/ac.c       |  8 ++++----
++ grub-core/lib/libgcrypt/cipher/primegen.c |  4 ++--
++ grub-core/lib/libgcrypt/cipher/pubkey.c   |  4 ++--
++ grub-core/lib/priority_queue.c            |  2 +-
++ grub-core/lib/reed_solomon.c              |  7 +++----
++ grub-core/lib/relocator.c                 | 10 +++++-----
++ grub-core/lib/zstd/fse_decompress.c       |  2 +-
++ grub-core/loader/arm/linux.c              |  2 +-
++ grub-core/loader/efi/chainloader.c        |  2 +-
++ grub-core/loader/i386/bsdXX.c             |  2 +-
++ grub-core/loader/i386/xnu.c               |  4 ++--
++ grub-core/loader/macho.c                  |  2 +-
++ grub-core/loader/multiboot_elfxx.c        |  2 +-
++ grub-core/loader/xnu.c                    |  2 +-
++ grub-core/mmap/mmap.c                     |  4 ++--
++ grub-core/net/bootp.c                     |  2 +-
++ grub-core/net/dns.c                       | 10 +++++-----
++ grub-core/net/net.c                       |  4 ++--
++ grub-core/normal/charset.c                | 10 +++++-----
++ grub-core/normal/cmdline.c                | 14 +++++++-------
++ grub-core/normal/menu_entry.c             | 14 +++++++-------
++ grub-core/normal/menu_text.c              |  4 ++--
++ grub-core/normal/term.c                   |  4 ++--
++ grub-core/osdep/linux/getroot.c           |  6 +++---
++ grub-core/osdep/unix/config.c             |  2 +-
++ grub-core/osdep/windows/getroot.c         |  2 +-
++ grub-core/osdep/windows/hostdisk.c        |  4 ++--
++ grub-core/osdep/windows/init.c            |  2 +-
++ grub-core/osdep/windows/platform.c        |  4 ++--
++ grub-core/osdep/windows/relpath.c         |  2 +-
++ grub-core/partmap/gpt.c                   |  2 +-
++ grub-core/partmap/msdos.c                 |  2 +-
++ grub-core/script/execute.c                |  2 +-
++ grub-core/tests/fake_input.c              |  2 +-
++ grub-core/tests/video_checksum.c          |  6 +++---
++ grub-core/video/capture.c                 |  2 +-
++ grub-core/video/emu/sdl.c                 |  2 +-
++ grub-core/video/i386/pc/vga.c             |  2 +-
++ grub-core/video/readers/png.c             |  2 +-
++ include/grub/unicode.h                    |  4 ++--
++ util/getroot.c                            |  2 +-
++ util/grub-file.c                          |  2 +-
++ util/grub-fstest.c                        |  4 ++--
++ util/grub-install-common.c                |  2 +-
++ util/grub-install.c                       |  4 ++--
++ util/grub-mkimagexx.c                     |  6 ++----
++ util/grub-mkrescue.c                      |  4 ++--
++ util/grub-mkstandalone.c                  |  2 +-
++ util/grub-pe2elf.c                        | 12 +++++-------
++ util/grub-probe.c                         |  4 ++--
++ 86 files changed, 176 insertions(+), 175 deletions(-)
++
++diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c
++index 34a7ff1b5f..a06cce302d 100644
++--- a/grub-core/bus/usb/usbhub.c
+++++ b/grub-core/bus/usb/usbhub.c
++@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev)
++   grub_usb_set_configuration (dev, 1);
++
++   dev->nports = hubdesc.portcnt;
++-  dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0]));
++-  dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0]));
+++  dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0]));
+++  dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0]));
++   if (!dev->children || !dev->ports)
++     {
++       grub_free (dev->children);
++@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d
++
++   /* Query the number of ports the root Hub has.  */
++   hub->nports = controller->dev->hubports (controller);
++-  hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports);
++-  hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports);
+++  hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0]));
+++  hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0]));
++   if (!hub->devices || !hub->ports)
++     {
++       grub_free (hub->devices);
++diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c
++index 902788250e..d29188efaf 100644
++--- a/grub-core/commands/efi/lsefisystab.c
+++++ b/grub-core/commands/efi/lsefisystab.c
++@@ -73,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
++     grub_printf ("Vendor: ");
++
++     for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++);
++-    vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1);
+++    /* Allocate extra 3 bytes to simplify math. */
+++    vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1);
++     if (!vendor)
++       return grub_errno;
++     *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor,
++diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
++index db7a8f0027..5e3ec0d5e4 100644
++--- a/grub-core/commands/legacycfg.c
+++++ b/grub-core/commands/legacycfg.c
++@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
++   if (argc < 2)
++     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
++
++-  cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1));
+++  cutargs = grub_calloc (argc - 1, sizeof (cutargs[0]));
++   if (!cutargs)
++     return grub_errno;
++   cutargc = argc - 1;
++@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
++ 	    {
++ 	      char rbuf[3] = "-r";
++ 	      bsdargc = cutargc + 2;
++-	      bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc);
+++	      bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0]));
++ 	      if (!bsdargs)
++ 		{
++ 		  err = grub_errno;
++@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused
++ 	return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"),
++ 			   "module");
++
++-      newargs = grub_malloc ((argc + 1) * sizeof (newargs[0]));
+++      newargs = grub_calloc (argc + 1, sizeof (newargs[0]));
++       if (!newargs)
++ 	return grub_errno;
++       grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0]));
++diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
++index 2c5363da7f..9164df744a 100644
++--- a/grub-core/commands/menuentry.c
+++++ b/grub-core/commands/menuentry.c
++@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
++     goto fail;
++
++   /* Save argc, args to pass as parameters to block arg later. */
++-  menu_args = grub_malloc (sizeof (char*) * (argc + 1));
+++  menu_args = grub_calloc (argc + 1, sizeof (char *));
++   if (! menu_args)
++     goto fail;
++
++diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
++index 699447d11e..7c8f97f6ad 100644
++--- a/grub-core/commands/nativedisk.c
+++++ b/grub-core/commands/nativedisk.c
++@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
++   else
++     path_prefix = prefix;
++
++-  mods = grub_malloc (argc * sizeof (mods[0]));
+++  mods = grub_calloc (argc, sizeof (mods[0]));
++   if (!mods)
++     return grub_errno;
++
++diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c
++index 22b46b1874..051e31320e 100644
++--- a/grub-core/commands/parttool.c
+++++ b/grub-core/commands/parttool.c
++@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name,
++   for (nargs = 0; args[nargs].name != 0; nargs++);
++   cur->nargs = nargs;
++   cur->args = (struct grub_parttool_argdesc *)
++-    grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc));
+++    grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc));
+++  if (!cur->args)
+++    {
+++      grub_free (cur);
+++      curhandle--;
+++      return -1;
+++    }
++   grub_memcpy (cur->args, args,
++ 	       (nargs + 1) * sizeof (struct grub_parttool_argdesc));
++
++@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
++ 	return err;
++       }
++
++-  parsed = (int *) grub_zalloc (argc * sizeof (int));
+++  parsed = (int *) grub_calloc (argc, sizeof (int));
++
++   for (i = 1; i < argc; i++)
++     if (! parsed[i])
++@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
++ 	  }
++ 	ptool = cur;
++ 	pargs = (struct grub_parttool_args *)
++-	  grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args));
+++	  grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args));
++ 	for (j = i; j < argc; j++)
++ 	  if (! parsed[j])
++ 	    {
++diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c
++index f00b184c81..4019164f36 100644
++--- a/grub-core/commands/regexp.c
+++++ b/grub-core/commands/regexp.c
++@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args)
++   if (ret)
++     goto fail;
++
++-  matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1));
+++  matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches));
++   if (! matches)
++     goto fail;
++
++diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
++index d7fd26b940..47fc8eb996 100644
++--- a/grub-core/commands/search_wrap.c
+++++ b/grub-core/commands/search_wrap.c
++@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
++     for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++)
++       nhints++;
++
++-  hints = grub_malloc (sizeof (hints[0]) * nhints);
+++  hints = grub_calloc (nhints, sizeof (hints[0]));
++   if (!hints)
++     return grub_errno;
++   j = 0;
++diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
++index c3b578acf2..68ca9e0be9 100644
++--- a/grub-core/disk/diskfilter.c
+++++ b/grub-core/disk/diskfilter.c
++@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
++   array->lvs->segments->node_count = nmemb;
++   array->lvs->segments->raid_member_size = disk_size;
++   array->lvs->segments->nodes
++-    = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0]));
+++    = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
++   array->lvs->segments->stripe_size = stripe_size;
++   for (i = 0; i < nmemb; i++)
++     {
++@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
++ 	  grub_partition_t p;
++ 	  for (p = disk->partition; p; p = p->parent)
++ 	    s++;
++-	  pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0]));
+++	  pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0]));
++ 	  s = 0;
++ 	  for (p = disk->partition; p; p = p->parent)
++ 	    pv->partmaps[s++] = xstrdup (p->partmap->name);
++diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
++index f73257e66d..03674cb477 100644
++--- a/grub-core/disk/ieee1275/ofdisk.c
+++++ b/grub-core/disk/ieee1275/ofdisk.c
++@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
++       /* Power machines documentation specify 672 as maximum SAS disks in
++          one system. Using a slightly larger value to be safe. */
++       table_size = 768;
++-      table = grub_malloc (table_size * sizeof (grub_uint64_t));
+++      table = grub_calloc (table_size, sizeof (grub_uint64_t));
++
++       if (!table)
++         {
++diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
++index 2a22d2d6c1..e6323701ab 100644
++--- a/grub-core/disk/ldm.c
+++++ b/grub-core/disk/ldm.c
++@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk,
++ 	  lv->segments->type = GRUB_DISKFILTER_MIRROR;
++ 	  lv->segments->node_count = 0;
++ 	  lv->segments->node_alloc = 8;
++-	  lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes)
++-					     * lv->segments->node_alloc);
+++	  lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
+++					     sizeof (*lv->segments->nodes));
++ 	  if (!lv->segments->nodes)
++ 	    goto fail2;
++ 	  ptr = vblk[i].dynamic;
++@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk,
++ 	    {
++ 	      comp->segment_alloc = 8;
++ 	      comp->segment_count = 0;
++-	      comp->segments = grub_malloc (sizeof (*comp->segments)
++-					    * comp->segment_alloc);
+++	      comp->segments = grub_calloc (comp->segment_alloc,
+++					    sizeof (*comp->segments));
++ 	      if (!comp->segments)
++ 		goto fail2;
++ 	    }
++@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk,
++ 		}
++ 	      comp->segments->node_count = read_int (ptr + 1, *ptr);
++ 	      comp->segments->node_alloc = comp->segments->node_count;
++-	      comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes)
++-						   * comp->segments->node_alloc);
+++	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
+++						   sizeof (*comp->segments->nodes));
++ 	      if (!lv->segments->nodes)
++ 		goto fail2;
++ 	    }
++@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors,
++       *nsectors = lv->size;
++       if (*nsectors > max_nsectors)
++ 	*nsectors = max_nsectors;
++-      *sectors = grub_malloc (*nsectors * sizeof (**sectors));
+++      *sectors = grub_calloc (*nsectors, sizeof (**sectors));
++       if (!*sectors)
++ 	return grub_errno;
++       for (i = 0; i < *nsectors; i++)
++diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
++index 86c50c6121..18b3a8bb1d 100644
++--- a/grub-core/disk/luks.c
+++++ b/grub-core/disk/luks.c
++@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source,
++ 	&& grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
++       max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
++
++-  split_key = grub_malloc (keysize * max_stripes);
+++  split_key = grub_calloc (keysize, max_stripes);
++   if (!split_key)
++     return grub_errno;
++
++diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
++index 7b265c780c..d1df640b31 100644
++--- a/grub-core/disk/lvm.c
+++++ b/grub-core/disk/lvm.c
++@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk,
++      first one.  */
++
++   /* Allocate buffer space for the circular worst-case scenario. */
++-  metadatabuf = grub_malloc (2 * mda_size);
+++  metadatabuf = grub_calloc (2, mda_size);
++   if (! metadatabuf)
++     goto fail;
++
++@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk,
++ #endif
++ 		  goto lvs_fail;
++ 		}
++-	      lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count);
+++	      lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
++ 	      seg = lv->segments;
++
++ 	      for (i = 0; i < lv->segment_count; i++)
++@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk,
++ 		      if (seg->node_count != 1)
++ 			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
++
++-		      seg->nodes = grub_zalloc (sizeof (*stripe)
++-						* seg->node_count);
+++		      seg->nodes = grub_calloc (seg->node_count,
+++						sizeof (*stripe));
++ 		      stripe = seg->nodes;
++
++ 		      p = grub_strstr (p, "stripes = [");
++diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c
++index 48476cbbf9..d6612eebd7 100644
++--- a/grub-core/disk/xen/xendisk.c
+++++ b/grub-core/disk/xen/xendisk.c
++@@ -426,7 +426,7 @@ grub_xendisk_init (void)
++   if (!ctr)
++     return;
++
++-  virtdisks = grub_malloc (ctr * sizeof (virtdisks[0]));
+++  virtdisks = grub_calloc (ctr, sizeof (virtdisks[0]));
++   if (!virtdisks)
++     return;
++   if (grub_xenstore_dir ("device/vbd", fill, &ctr))
++diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c
++index 44085ef818..2b924623f5 100644
++--- a/grub-core/efiemu/loadcore.c
+++++ b/grub-core/efiemu/loadcore.c
++@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e)
++
++   grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize;
++   grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *)
++-    grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms);
+++    grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym));
++
++   /* Relocators */
++   for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
++diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c
++index 52a032f7b2..9b8e0d0ad1 100644
++--- a/grub-core/efiemu/mm.c
+++++ b/grub-core/efiemu/mm.c
++@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void)
++   /* Initialize variables*/
++   grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE);
++   scanline_events = (struct grub_efiemu_mmap_scan *)
++-    grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num);
+++    grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2);
++
++   /* Number of chunks can't increase more than by factor of 2 */
++   result = (grub_efi_memory_descriptor_t *)
++-    grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num);
+++    grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2);
++   if (!result || !scanline_events)
++     {
++       grub_free (result);
++@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void)
++
++   /* Preallocate mmap */
++   efiemu_mmap = (grub_efi_memory_descriptor_t *)
++-    grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t));
+++    grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t));
++   if (!efiemu_mmap)
++     {
++       grub_efiemu_unload ();
++diff --git a/grub-core/font/font.c b/grub-core/font/font.c
++index 85a292557a..8e118b315c 100644
++--- a/grub-core/font/font.c
+++++ b/grub-core/font/font.c
++@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct
++   font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE;
++
++   /* Allocate the character index array.  */
++-  font->char_index = grub_malloc (font->num_chars
++-				  * sizeof (struct char_index_entry));
+++  font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry));
++   if (!font->char_index)
++     return 1;
++   font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t));
++diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
++index 6b6a2bc913..220b3712f2 100644
++--- a/grub-core/fs/affs.c
+++++ b/grub-core/fs/affs.c
++@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node)
++       return 0;
++     }
++   latin1[symlink_size] = 0;
++-  utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1);
+++  utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size);
++   if (!utf8)
++     {
++       grub_free (latin1);
++@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
++ 	return 1;
++     }
++
++-  hashtable = grub_zalloc (data->htsize * sizeof (*hashtable));
+++  hashtable = grub_calloc (data->htsize, sizeof (*hashtable));
++   if (!hashtable)
++     return 1;
++
++@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label)
++       len = file.namelen;
++       if (len > sizeof (file.name))
++ 	len = sizeof (file.name);
++-      *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
+++      *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len);
++       if (*label)
++ 	*grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
++     }
++diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
++index 48bd3d04a5..11272efc1a 100644
++--- a/grub-core/fs/btrfs.c
+++++ b/grub-core/fs/btrfs.c
++@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data,
++     {
++       desc->allocated = 16;
++       desc->depth = 0;
++-      desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated);
+++      desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0]));
++       if (!desc->data)
++ 	return grub_errno;
++     }
++@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data,
++   grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY;
++   grub_uint64_t i, failed_devices;
++
++-  buffers = grub_zalloc (sizeof(*buffers) * nstripes);
+++  buffers = grub_calloc (nstripes, sizeof (*buffers));
++   if (!buffers)
++     goto cleanup;
++
++@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
++   *nsectors = 64 * 2 - 1;
++   if (*nsectors > max_nsectors)
++     *nsectors = max_nsectors;
++-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
+++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
++   if (!*sectors)
++     return grub_errno;
++   for (i = 0; i < *nsectors; i++)
++diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
++index ac0a40990e..3fe842b4d8 100644
++--- a/grub-core/fs/hfs.c
+++++ b/grub-core/fs/hfs.c
++@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label)
++       grub_size_t len = data->sblock.volname[0];
++       if (len > sizeof (data->sblock.volname) - 1)
++ 	len = sizeof (data->sblock.volname) - 1;
++-      *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
+++      *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len);
++       if (*label)
++ 	macroman_to_utf8 (*label, data->sblock.volname + 1,
++ 			  len + 1, 0);
++diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
++index 54786bb1c6..dae43becc9 100644
++--- a/grub-core/fs/hfsplus.c
+++++ b/grub-core/fs/hfsplus.c
++@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg)
++   if (! filename)
++     return 0;
++
++-  keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname));
+++  keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname));
++   if (!keyname)
++     {
++       grub_free (filename);
++@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
++     grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
++
++   label_len = grub_be_to_cpu16 (catkey->namelen);
++-  label_name = grub_malloc (label_len * sizeof (*label_name));
+++  label_name = grub_calloc (label_len, sizeof (*label_name));
++   if (!label_name)
++     {
++       grub_free (node);
++@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
++ 	}
++     }
++
++-  *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1);
+++  *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1);
++   if (! *label)
++     {
++       grub_free (label_name);
++diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
++index 49c0c632bf..4f1b52a552 100644
++--- a/grub-core/fs/iso9660.c
+++++ b/grub-core/fs/iso9660.c
++@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len)
++   int i;
++   grub_uint16_t t[MAX_NAMELEN / 2 + 1];
++
++-  p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
+++  p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
++   if (! p)
++     return NULL;
++
++diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
++index fc4e1f678d..2f34f76da8 100644
++--- a/grub-core/fs/ntfs.c
+++++ b/grub-core/fs/ntfs.c
++@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
++   grub_uint16_t *tmp;
++   grub_size_t i;
++
++-  buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++-  tmp = grub_malloc (len * sizeof (tmp[0]));
+++  buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+++  tmp = grub_calloc (len, sizeof (tmp[0]));
++   if (!buf || !tmp)
++     {
++       grub_free (buf);
++diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
++index 50c1fe72f4..90f7fb3791 100644
++--- a/grub-core/fs/sfs.c
+++++ b/grub-core/fs/sfs.c
++@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
++       node->next_extent = node->block;
++       node->cache_size = 0;
++
++-      node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size);
+++      node->cache = grub_calloc (cache_size, sizeof (node->cache[0]));
++       if (!node->cache)
++ 	{
++ 	  grub_errno = 0;
++diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
++index 7d63e0c99c..c551ed6b52 100644
++--- a/grub-core/fs/tar.c
+++++ b/grub-core/fs/tar.c
++@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
++ 	  if (data->linkname_alloc < linksize + 1)
++ 	    {
++ 	      char *n;
++-	      n = grub_malloc (2 * (linksize + 1));
+++	      n = grub_calloc (2, linksize + 1);
++ 	      if (!n)
++ 		return grub_errno;
++ 	      grub_free (data->linkname);
++diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
++index dc8b6e2d1c..a83761674a 100644
++--- a/grub-core/fs/udf.c
+++++ b/grub-core/fs/udf.c
++@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
++     {
++       unsigned i;
++       utf16len = sz - 1;
++-      utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
+++      utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
++       if (!utf16)
++ 	return NULL;
++       for (i = 0; i < utf16len; i++)
++@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
++     {
++       unsigned i;
++       utf16len = (sz - 1) / 2;
++-      utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
+++      utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
++       if (!utf16)
++ 	return NULL;
++       for (i = 0; i < utf16len; i++)
++diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
++index 2f72e42bf8..381dde556d 100644
++--- a/grub-core/fs/zfs/zfs.c
+++++ b/grub-core/fs/zfs/zfs.c
++@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
++ 	}
++       subvol->nkeys = 0;
++       zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data);
++-      subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
+++      subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0]));
++       if (!subvol->keyring)
++ 	{
++ 	  grub_free (fsname);
++@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)),
++   *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS);
++   if (*nsectors > max_nsectors)
++     *nsectors = max_nsectors;
++-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
+++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
++   if (!*sectors)
++     return grub_errno;
++   for (i = 0; i < *nsectors; i++)
++diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c
++index a9a415e312..ba1e1eab31 100644
++--- a/grub-core/gfxmenu/gui_string_util.c
+++++ b/grub-core/gfxmenu/gui_string_util.c
++@@ -55,7 +55,7 @@ canonicalize_path (const char *path)
++     if (*p == '/')
++       components++;
++
++-  char **path_array = grub_malloc (components * sizeof (*path_array));
+++  char **path_array = grub_calloc (components, sizeof (*path_array));
++   if (! path_array)
++     return 0;
++
++diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c
++index b606028891..470597ded2 100644
++--- a/grub-core/gfxmenu/widget-box.c
+++++ b/grub-core/gfxmenu/widget-box.c
++@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix,
++   box->content_height = 0;
++   box->raw_pixmaps =
++     (struct grub_video_bitmap **)
++-    grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
+++    grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
++   box->scaled_pixmaps =
++     (struct grub_video_bitmap **)
++-    grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
+++    grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
++
++   /* Initialize all pixmap pointers to NULL so that proper destruction can
++      be performed if an error is encountered partway through construction.  */
++diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
++index 6208a97636..43d98a7bdf 100644
++--- a/grub-core/io/gzio.c
+++++ b/grub-core/io/gzio.c
++@@ -554,7 +554,7 @@ huft_build (unsigned *b,	/* code lengths in bits (all assumed <= BMAX) */
++ 	      z = 1 << j;	/* table entries for j-bit table */
++
++ 	      /* allocate and link in new table */
++-	      q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft));
+++	      q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft));
++ 	      if (! q)
++ 		{
++ 		  if (h)
++diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
++index 6e1ceb9051..dc31caa213 100644
++--- a/grub-core/kern/efi/efi.c
+++++ b/grub-core/kern/efi/efi.c
++@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
++
++   len = grub_strlen (var);
++   len16 = len * GRUB_MAX_UTF16_PER_UTF8;
++-  var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
+++  var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
++   if (!var16)
++     return grub_errno;
++   len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
++@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
++
++   len = grub_strlen (var);
++   len16 = len * GRUB_MAX_UTF16_PER_UTF8;
++-  var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
+++  var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
++   if (!var16)
++     return NULL;
++   len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
++@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
++ 	  while (len > 0 && fp->path_name[len - 1] == 0)
++ 	    len--;
++
++-	  dup_name = grub_malloc (len * sizeof (*dup_name));
+++	  dup_name = grub_calloc (len, sizeof (*dup_name));
++ 	  if (!dup_name)
++ 	    {
++ 	      grub_free (name);
++diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c
++index 8ac5239538..f90b6c9ce4 100644
++--- a/grub-core/kern/emu/hostdisk.c
+++++ b/grub-core/kern/emu/hostdisk.c
++@@ -627,7 +627,7 @@ static char *
++ grub_util_path_concat_real (size_t n, int ext, va_list ap)
++ {
++   size_t totlen = 0;
++-  char **l = xmalloc ((n + ext) * sizeof (l[0]));
+++  char **l = xcalloc (n + ext, sizeof (l[0]));
++   char *r, *p, *pi;
++   size_t i;
++   int first = 1;
++diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
++index 2b85f4950b..f90be6566b 100644
++--- a/grub-core/kern/fs.c
+++++ b/grub-core/kern/fs.c
++@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
++   while (p);
++
++   /* Allocate a block list.  */
++-  blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1));
+++  blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block));
++   if (! blocks)
++     return 0;
++
++diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
++index 18cad5803b..83c068d61b 100644
++--- a/grub-core/kern/misc.c
+++++ b/grub-core/kern/misc.c
++@@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
++     args->ptr = args->prealloc;
++   else
++     {
++-      args->ptr = grub_malloc (args->count * sizeof (args->ptr[0]));
+++      args->ptr = grub_calloc (args->count, sizeof (args->ptr[0]));
++       if (!args->ptr)
++ 	{
++ 	  grub_errno = GRUB_ERR_NONE;
++diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
++index 78175aac2d..619db3122a 100644
++--- a/grub-core/kern/parser.c
+++++ b/grub-core/kern/parser.c
++@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline,
++     return grub_errno;
++   grub_memcpy (args, buffer, bp - buffer);
++
++-  *argv = grub_malloc (sizeof (char *) * (*argc + 1));
+++  *argv = grub_calloc (*argc + 1, sizeof (char *));
++   if (!*argv)
++     {
++       grub_free (args);
++diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c
++index be4816fe6f..aac8f9ae1f 100644
++--- a/grub-core/kern/uboot/uboot.c
+++++ b/grub-core/kern/uboot/uboot.c
++@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void)
++     return num_devices;
++
++   max_devices = 2;
++-  enum_devices = grub_malloc (sizeof(struct device_info) * max_devices);
+++  enum_devices = grub_calloc (max_devices, sizeof(struct device_info));
++   if (!enum_devices)
++     return 0;
++
++diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c
++index f5e946a2d8..63f6fcd11e 100644
++--- a/grub-core/lib/libgcrypt/cipher/ac.c
+++++ b/grub-core/lib/libgcrypt/cipher/ac.c
++@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
++   gcry_mpi_t mpi;
++   char *label;
++
++-  data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
+++  data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new));
++   if (! data_mpis_new)
++     {
++       err = gcry_error_from_errno (errno);
++@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
++     }
++
++   /* Add MPI list.  */
++-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
+++  arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list));
++   if (! arg_list)
++     {
++       err = gcry_error_from_errno (errno);
++@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags,
++   /* We build a list of arguments to pass to
++      gcry_sexp_build_array().  */
++   data_length = _gcry_ac_data_length (data);
++-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
+++  arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2);
++   if (! arg_list)
++     {
++       err = gcry_error_from_errno (errno);
++@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
++ 	arg_list_n += 2;
++
++   /* Allocate list.  */
++-  arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
+++  arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list));
++   if (! arg_list)
++     {
++       err = gcry_error_from_errno (errno);
++diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c
++index 2788e349fa..b12e79b192 100644
++--- a/grub-core/lib/libgcrypt/cipher/primegen.c
+++++ b/grub-core/lib/libgcrypt/cipher/primegen.c
++@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor,
++     }
++
++   /* Allocate an array to track pool usage. */
++-  pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
+++  pool_in_use = gcry_calloc (n, sizeof *pool_in_use);
++   if (!pool_in_use)
++     {
++       err = gpg_err_code_from_errno (errno);
++@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
++   if (nbits < 16)
++     log_fatal ("can't generate a prime with less than %d bits\n", 16);
++
++-  mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
+++  mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods);
++   /* Make nbits fit into gcry_mpi_t implementation. */
++   val_2  = mpi_alloc_set_ui( 2 );
++   val_3 = mpi_alloc_set_ui( 3);
++diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c
++index 910982141e..ca087ad75b 100644
++--- a/grub-core/lib/libgcrypt/cipher/pubkey.c
+++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c
++@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
++        * array to a format string, so we have to do it this way :-(.  */
++       /* FIXME: There is now such a format specifier, so we can
++          change the code to be more clear. */
++-      arg_list = malloc (nelem * sizeof *arg_list);
+++      arg_list = calloc (nelem, sizeof *arg_list);
++       if (!arg_list)
++         {
++           rc = gpg_err_code_from_syserror ();
++@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
++         }
++       strcpy (p, "))");
++
++-      arg_list = malloc (nelem * sizeof *arg_list);
+++      arg_list = calloc (nelem, sizeof *arg_list);
++       if (!arg_list)
++         {
++           rc = gpg_err_code_from_syserror ();
++diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c
++index 659be0b7f4..7d5e7c05aa 100644
++--- a/grub-core/lib/priority_queue.c
+++++ b/grub-core/lib/priority_queue.c
++@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize,
++ {
++   struct grub_priority_queue *ret;
++   void *els;
++-  els = grub_malloc (elsize * 8);
+++  els = grub_calloc (8, elsize);
++   if (!els)
++     return 0;
++   ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret));
++diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
++index ee9fa7b4fe..467305b46a 100644
++--- a/grub-core/lib/reed_solomon.c
+++++ b/grub-core/lib/reed_solomon.c
++@@ -20,6 +20,7 @@
++ #include <stdio.h>
++ #include <string.h>
++ #include <stdlib.h>
+++#define xcalloc calloc
++ #define xmalloc malloc
++ #define grub_memset memset
++ #define grub_memcpy memcpy
++@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
++   gf_single_t *rs_polynomial;
++   int i, j;
++   gf_single_t *m;
++-  m = xmalloc ((s + rs) * sizeof (gf_single_t));
+++  m = xcalloc (s + rs, sizeof (gf_single_t));
++   grub_memcpy (m, data, s * sizeof (gf_single_t));
++-  grub_memset (m + s, 0, rs * sizeof (gf_single_t));
++-  rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t));
++-  grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t));
+++  rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t));
++   rs_polynomial[rs] = 1;
++   /* Multiply with X - a^r */
++   for (j = 0; j < rs; j++)
++diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
++index ea3ebc719b..5847aac364 100644
++--- a/grub-core/lib/relocator.c
+++++ b/grub-core/lib/relocator.c
++@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel,
++   }
++ #endif
++
++-  eventt = grub_malloc (maxevents * sizeof (events[0]));
+++  eventt = grub_calloc (maxevents, sizeof (events[0]));
++   counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0]));
++-  events = grub_malloc (maxevents * sizeof (events[0]));
+++  events = grub_calloc (maxevents, sizeof (events[0]));
++   if (!events || !eventt || !counter)
++     {
++       grub_dprintf ("relocator", "events or counter allocation failed %d\n",
++@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel,
++ #endif
++     unsigned cural = 0;
++     int oom = 0;
++-    res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs);
+++    res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0]));
++     if (!res->subchunks)
++       oom = 1;
++     res->nsubchunks = nallocs;
++@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
++ 	    count[(chunk->src & 0xff) + 1]++;
++ 	  }
++     }
++-    from = grub_malloc (nchunks * sizeof (sorted[0]));
++-    to = grub_malloc (nchunks * sizeof (sorted[0]));
+++    from = grub_calloc (nchunks, sizeof (sorted[0]));
+++    to = grub_calloc (nchunks, sizeof (sorted[0]));
++     if (!from || !to)
++       {
++ 	grub_free (from);
++diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c
++index 72bbead5be..2227b84bc7 100644
++--- a/grub-core/lib/zstd/fse_decompress.c
+++++ b/grub-core/lib/zstd/fse_decompress.c
++@@ -82,7 +82,7 @@
++ FSE_DTable* FSE_createDTable (unsigned tableLog)
++ {
++     if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX;
++-    return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) );
+++    return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) );
++ }
++
++ void FSE_freeDTable (FSE_DTable* dt)
++diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c
++index 092e8e3077..979d425dfb 100644
++--- a/grub-core/loader/arm/linux.c
+++++ b/grub-core/loader/arm/linux.c
++@@ -82,7 +82,7 @@ linux_prepare_atag (void *target_atag)
++
++   /* some place for cmdline, initrd and terminator.  */
++   tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4;
++-  tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t));
+++  tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t));
++   if (!tmp_atag)
++     return grub_errno;
++
++diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
++index 04e815c052..b9a2df34b1 100644
++--- a/grub-core/loader/efi/chainloader.c
+++++ b/grub-core/loader/efi/chainloader.c
++@@ -126,7 +126,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
++   fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
++   fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
++
++-  path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
+++  path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
++   if (!path_name)
++     return;
++
++diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c
++index af6741d157..a8d8bf7dae 100644
++--- a/grub-core/loader/i386/bsdXX.c
+++++ b/grub-core/loader/i386/bsdXX.c
++@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
++   if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
++     return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
++
++-  *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
+++  *shdr = grub_calloc (e->e_shnum, e->e_shentsize);
++   if (! *shdr)
++     return grub_errno;
++
++diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
++index e64ed08f58..b7d176b5d3 100644
++--- a/grub-core/loader/i386/xnu.c
+++++ b/grub-core/loader/i386/xnu.c
++@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d
++     return grub_errno;
++
++   len = grub_strlen (name);
++-  utf16 = grub_malloc (sizeof (grub_uint16_t) * len);
+++  utf16 = grub_calloc (len, sizeof (grub_uint16_t));
++   if (!utf16)
++     {
++       grub_free (utf8);
++@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor *
++   grub_uint16_t *utf16;
++   grub_err_t err;
++
++-  utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen);
+++  utf16 = grub_calloc (namelen, sizeof (grub_uint16_t));
++   if (!utf16)
++     return grub_errno;
++   grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen);
++diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c
++index 085f9c6890..05710c48e0 100644
++--- a/grub-core/loader/macho.c
+++++ b/grub-core/loader/macho.c
++@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit)
++       if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header))
++ 	  == (grub_off_t) -1)
++ 	goto fail;
++-      archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
+++      archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
++       if (!archs)
++ 	goto fail;
++       if (grub_file_read (macho->file, archs,
++diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
++index 70cd1db513..cc6853692a 100644
++--- a/grub-core/loader/multiboot_elfxx.c
+++++ b/grub-core/loader/multiboot_elfxx.c
++@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
++     {
++       grub_uint8_t *shdr, *shdrptr;
++
++-      shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize);
+++      shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize);
++       if (!shdr)
++ 	return grub_errno;
++
++diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
++index e0f47e72b0..2f0ebd0b8b 100644
++--- a/grub-core/loader/xnu.c
+++++ b/grub-core/loader/xnu.c
++@@ -801,7 +801,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)),
++   if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC)
++     {
++       narchs = grub_be_to_cpu32 (head.nfat_arch);
++-      archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
+++      archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
++       if (! archs)
++ 	{
++ 	  grub_file_close (file);
++diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
++index 6a31cbae32..57b4e9a72a 100644
++--- a/grub-core/mmap/mmap.c
+++++ b/grub-core/mmap/mmap.c
++@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
++
++   /* Initialize variables. */
++   ctx.scanline_events = (struct grub_mmap_scan *)
++-    grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num);
+++    grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2);
++
++-  present = grub_zalloc (sizeof (present[0]) * current_priority);
+++  present = grub_calloc (current_priority, sizeof (present[0]));
++
++   if (! ctx.scanline_events || !present)
++     {
++diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
++index 558d97ba1e..dd0ffcdaea 100644
++--- a/grub-core/net/bootp.c
+++++ b/grub-core/net/bootp.c
++@@ -1559,7 +1559,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)),
++   if (ncards == 0)
++     return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found"));
++
++-  ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
+++  ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
++   if (!ifaces)
++     return grub_errno;
++
++diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
++index 5d9afe093c..e332d5eb4a 100644
++--- a/grub-core/net/dns.c
+++++ b/grub-core/net/dns.c
++@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
++       ptr++;
++       ptr += 4;
++     }
++-  *data->addresses = grub_malloc (sizeof ((*data->addresses)[0])
++-				 * grub_be_to_cpu16 (head->ancount));
+++  *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount),
+++				  sizeof ((*data->addresses)[0]));
++   if (!*data->addresses)
++     {
++       grub_errno = GRUB_ERR_NONE;
++@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
++       dns_cache[h].addresses = 0;
++       dns_cache[h].name = grub_strdup (data->oname);
++       dns_cache[h].naddresses = *data->naddresses;
++-      dns_cache[h].addresses = grub_malloc (*data->naddresses
++-					    * sizeof (dns_cache[h].addresses[0]));
+++      dns_cache[h].addresses = grub_calloc (*data->naddresses,
+++					    sizeof (dns_cache[h].addresses[0]));
++       dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all;
++       if (!dns_cache[h].addresses || !dns_cache[h].name)
++ 	{
++@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name,
++ 	}
++     }
++
++-  sockets = grub_malloc (sizeof (sockets[0]) * n_servers);
+++  sockets = grub_calloc (n_servers, sizeof (sockets[0]));
++   if (!sockets)
++     return grub_errno;
++
++diff --git a/grub-core/net/net.c b/grub-core/net/net.c
++index b917a75d54..fed7bc57cb 100644
++--- a/grub-core/net/net.c
+++++ b/grub-core/net/net.c
++@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)),
++     ncards++;
++   }
++
++-  ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
++-  slaacs = grub_zalloc (ncards * sizeof (slaacs[0]));
+++  ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
+++  slaacs = grub_calloc (ncards, sizeof (slaacs[0]));
++   if (!ifaces || !slaacs)
++     {
++       grub_free (ifaces);
++diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
++index b0ab47d73f..d57fb72faa 100644
++--- a/grub-core/normal/charset.c
+++++ b/grub-core/normal/charset.c
++@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg,
++ {
++   grub_size_t msg_len = grub_strlen (msg);
++
++-  *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+++  *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
++
++   if (!*unicode_msg)
++     return -1;
++@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
++ 	    }
++ 	  else
++ 	    {
++-	      n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1));
+++	      n = grub_calloc (out->ncomb + 1, sizeof (n[0]));
++ 	      if (!n)
++ 		{
++ 		  grub_errno = GRUB_ERR_NONE;
++@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical,
++       }							\
++   }
++
++-  visual = grub_malloc (sizeof (visual[0]) * logical_len);
+++  visual = grub_calloc (logical_len, sizeof (visual[0]));
++   if (!visual)
++     return -1;
++
++@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical,
++ {
++   const grub_uint32_t *line_start = logical, *ptr;
++   struct grub_unicode_glyph *visual_ptr;
++-  *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0])
++-					  * (logical_len + 2));
+++  *visual_out = visual_ptr = grub_calloc (logical_len + 2,
+++					  3 * sizeof (visual_ptr[0]));
++   if (!visual_ptr)
++     return -1;
++   for (ptr = logical; ptr <= logical + logical_len; ptr++)
++diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
++index c037d5050e..c57242e2ea 100644
++--- a/grub-core/normal/cmdline.c
+++++ b/grub-core/normal/cmdline.c
++@@ -41,7 +41,7 @@ grub_err_t
++ grub_set_history (int newsize)
++ {
++   grub_uint32_t **old_hist_lines = hist_lines;
++-  hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize);
+++  hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *));
++
++   /* Copy the old lines into the new buffer.  */
++   if (old_hist_lines)
++@@ -114,7 +114,7 @@ static void
++ grub_history_set (int pos, grub_uint32_t *s, grub_size_t len)
++ {
++   grub_free (hist_lines[pos]);
++-  hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t));
+++  hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t));
++   if (!hist_lines[pos])
++     {
++       grub_print_error ();
++@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated)
++   char *ret;
++   unsigned nterms;
++
++-  buf = grub_malloc (max_len * sizeof (grub_uint32_t));
+++  buf = grub_calloc (max_len, sizeof (grub_uint32_t));
++   if (!buf)
++     return 0;
++
++@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated)
++     FOR_ACTIVE_TERM_OUTPUTS(cur)
++       nterms++;
++
++-    cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms);
+++    cl_terms = grub_calloc (nterms, sizeof (cl_terms[0]));
++     if (!cl_terms)
++       {
++ 	grub_free (buf);
++@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated)
++       }
++     cl_term_cur = cl_terms;
++
++-    unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+++    unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
++     if (!unicode_msg)
++       {
++ 	grub_free (buf);
++@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated)
++ 		grub_uint32_t *insert;
++
++ 		insertlen = grub_strlen (insertu8);
++-		insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t));
+++		insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t));
++ 		if (!insert)
++ 		  {
++ 		    grub_free (insertu8);
++@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated)
++
++ 	      grub_free (kill_buf);
++
++-	      kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
+++	      kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t));
++ 	      if (grub_errno)
++ 		{
++ 		  grub_print_error ();
++diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
++index cdf3590a36..1993995be6 100644
++--- a/grub-core/normal/menu_entry.c
+++++ b/grub-core/normal/menu_entry.c
++@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep)
++ {
++   linep->len = 0;
++   linep->max_len = 80;
++-  linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0]));
++-  linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0]));
+++  linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0]));
+++  linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0]));
++   if (! linep->buf || !linep->pos)
++     {
++       grub_free (linep->buf);
++@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen,
++ 	  pos = linep->pos + (term_screen - screen->terms);
++
++ 	  if (!*pos)
++-	    *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos));
+++	    *pos = grub_calloc (linep->len + 1, sizeof (**pos));
++
++ 	  if (i == region_start || linep == screen->lines + screen->line
++ 	      || (i > region_start && mode == ALL_LINES))
++@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update)
++
++ 	  /* Insert the string.  */
++ 	  current_linep = screen->lines + screen->line;
++-	  unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t));
+++	  unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t));
++
++ 	  if (!unicode_msg)
++ 	    return 0;
++@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update)
++   if (completion_buffer.buf)
++     {
++       buflen = grub_strlen (completion_buffer.buf);
++-      ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1));
+++      ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t));
++
++       if (!ucs4)
++ 	{
++@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
++   for (i = 0; i < (unsigned) screen->num_lines; i++)
++     {
++       grub_free (screen->lines[i].pos);
++-      screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0]));
+++      screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0]));
++       if (! screen->lines[i].pos)
++ 	{
++ 	  grub_print_error ();
++@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
++ 	}
++     }
++
++-  screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0]));
+++  screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0]));
++   if (!screen->terms)
++     {
++       grub_print_error ();
++diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
++index e22bb91f6e..18240e76ce 100644
++--- a/grub-core/normal/menu_text.c
+++++ b/grub-core/normal/menu_text.c
++@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left,
++   grub_size_t msg_len = grub_strlen (msg) + 2;
++   int ret = 0;
++
++-  unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+++  unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
++
++   if (!unicode_msg)
++     return 0;
++@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry,
++
++   title = entry ? entry->title : "";
++   title_len = grub_strlen (title);
++-  unicode_title = grub_malloc (title_len * sizeof (*unicode_title));
+++  unicode_title = grub_calloc (title_len, sizeof (*unicode_title));
++   if (! unicode_title)
++     /* XXX How to show this error?  */
++     return;
++diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c
++index a1e5c5a0da..cc8c173b6e 100644
++--- a/grub-core/normal/term.c
+++++ b/grub-core/normal/term.c
++@@ -264,7 +264,7 @@ grub_term_save_pos (void)
++   FOR_ACTIVE_TERM_OUTPUTS(cur)
++     cnt++;
++
++-  ret = grub_malloc (cnt * sizeof (ret[0]));
+++  ret = grub_calloc (cnt, sizeof (ret[0]));
++   if (!ret)
++     return NULL;
++
++@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len)
++
++   grub_error_push ();
++
++-  unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t));
+++  unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t));
++
++   grub_error_pop ();
++
++diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
++index 7adc0f30ee..a5bd0752fb 100644
++--- a/grub-core/osdep/linux/getroot.c
+++++ b/grub-core/osdep/linux/getroot.c
++@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable)
++   if (ret != 0)
++     grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno));
++
++-  devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *));
+++  devicelist = xcalloc (info.nr_disks + 1, sizeof (char *));
++
++   for (i = 0, j = 0; j < info.nr_disks; i++)
++     {
++@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir)
++       return NULL;
++     }
++
++-  ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0]));
+++  ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0]));
++
++   for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++)
++     {
++@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot)
++   if (relroot)
++     *relroot = NULL;
++
++-  entries = xmalloc (entry_max * sizeof (*entries));
+++  entries = xcalloc (entry_max, sizeof (*entries));
++
++ again:
++   fp = grub_util_fopen ("/proc/self/mountinfo", "r");
++diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c
++index 5478030fde..89dc70d93c 100644
++--- a/grub-core/osdep/unix/config.c
+++++ b/grub-core/osdep/unix/config.c
++@@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_config *cfg)
++   if (num_cfgpaths == 0)
++     goto out;
++
++-  sorted_cfgpaths = xmalloc (num_cfgpaths * sizeof (*sorted_cfgpaths));
+++  sorted_cfgpaths = xcalloc (num_cfgpaths, sizeof (*sorted_cfgpaths));
++   i = 0;
++   if (grub_util_is_regular (cfgfile))
++     sorted_cfgpaths[i++] = xstrdup (cfgfile);
++diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c
++index 661d954619..eada663b26 100644
++--- a/grub-core/osdep/windows/getroot.c
+++++ b/grub-core/osdep/windows/getroot.c
++@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path)
++
++   for (ptr = path; *ptr; ptr++);
++   allocsize = (ptr - path + 10) * 2;
++-  out = xmalloc (allocsize * sizeof (out[0]));
+++  out = xcalloc (allocsize, sizeof (out[0]));
++
++   /* When pointing to EFI system partition GetVolumePathName fails
++      for ESP root and returns abberant information for everything
++diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c
++index 355100789a..0be3273949 100644
++--- a/grub-core/osdep/windows/hostdisk.c
+++++ b/grub-core/osdep/windows/hostdisk.c
++@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path)
++
++   while (1)
++     {
++-      fpa = xmalloc (alloc * sizeof (fpa[0]));
+++      fpa = xcalloc (alloc, sizeof (fpa[0]));
++
++       len = GetFullPathName (tpath, alloc, fpa, NULL);
++       if (len >= alloc)
++@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name)
++   for (l = 0; name_windows[l]; l++);
++   for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--);
++   l++;
++-  pattern = xmalloc ((l + 3) * sizeof (pattern[0]));
+++  pattern = xcalloc (l + 3, sizeof (pattern[0]));
++   memcpy (pattern, name_windows, l * sizeof (pattern[0]));
++   pattern[l] = '\\';
++   pattern[l + 1] = '*';
++diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c
++index e8ffd62c6a..6297de6326 100644
++--- a/grub-core/osdep/windows/init.c
+++++ b/grub-core/osdep/windows/init.c
++@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)),
++   LPWSTR *targv;
++
++   targv = CommandLineToArgvW (tcmdline, argc);
++-  *argv = xmalloc ((*argc + 1) * sizeof (argv[0]));
+++  *argv = xcalloc (*argc + 1, sizeof (argv[0]));
++
++   for (i = 0; i < *argc; i++)
++     (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]);
++diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c
++index a3f738fb9b..b160949d8e 100644
++--- a/grub-core/osdep/windows/platform.c
+++++ b/grub-core/osdep/windows/platform.c
++@@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir,
++     grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode"));
++
++   distrib8_len = grub_strlen (efi_distributor);
++-  distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8
++-			   * sizeof (grub_uint16_t));
+++  distributor16 = xcalloc (distrib8_len + 1,
+++			   GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t));
++   distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8,
++ 				      (const grub_uint8_t *) efi_distributor,
++ 				      distrib8_len, 0);
++diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c
++index cb0861744a..478e8ef14d 100644
++--- a/grub-core/osdep/windows/relpath.c
+++++ b/grub-core/osdep/windows/relpath.c
++@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path)
++       if (dirwindows[0] && dirwindows[1] == ':')
++ 	offset = 2;
++     }
++-  ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2));
+++  ret = xcalloc (flen - offset + 2, sizeof (ret[0]));
++   if (dirwindows[offset] != '\\'
++       && dirwindows[offset] != '/'
++       && dirwindows[offset])
++diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c
++index 103f6796f3..72a2e37cd4 100644
++--- a/grub-core/partmap/gpt.c
+++++ b/grub-core/partmap/gpt.c
++@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
++   *nsectors = ctx.len;
++   if (*nsectors > max_nsectors)
++     *nsectors = max_nsectors;
++-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
+++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
++   if (!*sectors)
++     return grub_errno;
++   for (i = 0; i < *nsectors; i++)
++diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c
++index 7b8e450762..ee3f24982b 100644
++--- a/grub-core/partmap/msdos.c
+++++ b/grub-core/partmap/msdos.c
++@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
++       avail_nsectors = *nsectors;
++       if (*nsectors > max_nsectors)
++ 	*nsectors = max_nsectors;
++-      *sectors = grub_malloc (*nsectors * sizeof (**sectors));
+++      *sectors = grub_calloc (*nsectors, sizeof (**sectors));
++       if (!*sectors)
++ 	return grub_errno;
++       for (i = 0; i < *nsectors; i++)
++diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
++index ee299fd0ea..c8d6806fe0 100644
++--- a/grub-core/script/execute.c
+++++ b/grub-core/script/execute.c
++@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str)
++   for (iptr = orig_str; *iptr; iptr++)
++     if (*iptr == '$')
++       dollar_cnt++;
++-  ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt);
+++  ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0]));
++
++   if (parse_string (orig_str, gettext_save_allow, &ctx, 0))
++     goto fail;
++diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c
++index 2d60852989..b5eb516be2 100644
++--- a/grub-core/tests/fake_input.c
+++++ b/grub-core/tests/fake_input.c
++@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in)
++     saved = grub_term_inputs;
++   if (seq)
++     grub_free (seq);
++-  seq = grub_malloc (nseq_in * sizeof (seq[0]));
+++  seq = grub_calloc (nseq_in, sizeof (seq[0]));
++   if (!seq)
++     return;
++
++diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c
++index 74d5b65e5c..44d0810698 100644
++--- a/grub-core/tests/video_checksum.c
+++++ b/grub-core/tests/video_checksum.c
++@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname,
++     {
++     case 4:
++       {
++-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
+++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
++ 	grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
++ 	grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
++ 	grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
++@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname,
++       }
++     case 3:
++       {
++-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
+++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
++ 	grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
++ 	grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
++ 	grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
++@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname,
++       }
++     case 2:
++       {
++-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
+++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
++ 	grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1);
++ 	grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1);
++ 	grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1);
++diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
++index 4f83c74411..4d3195e017 100644
++--- a/grub-core/video/capture.c
+++++ b/grub-core/video/capture.c
++@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
++   framebuffer.mode_info = *mode_info;
++   framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info);
++
++-  framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch);
+++  framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
++   if (!framebuffer.ptr)
++     return grub_errno;
++
++diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c
++index a2f639f66d..0ebab6f57d 100644
++--- a/grub-core/video/emu/sdl.c
+++++ b/grub-core/video/emu/sdl.c
++@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count,
++       if (start + count > mode_info.number_of_colors)
++ 	count = mode_info.number_of_colors - start;
++
++-      tmp = grub_malloc (count * sizeof (tmp[0]));
+++      tmp = grub_calloc (count, sizeof (tmp[0]));
++       for (i = 0; i < count; i++)
++ 	{
++ 	  tmp[i].r = palette_data[i].r;
++diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
++index 01f47112d3..b2f776c997 100644
++--- a/grub-core/video/i386/pc/vga.c
+++++ b/grub-core/video/i386/pc/vga.c
++@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
++
++   vga_height = height ? : 480;
++
++-  framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH);
+++  framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH);
++   framebuffer.front_page = 0;
++   framebuffer.back_page = 0;
++   if (!framebuffer.temporary_buffer)
++diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
++index 777e71334c..61bd645379 100644
++--- a/grub-core/video/readers/png.c
+++++ b/grub-core/video/readers/png.c
++@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
++   if (data->is_16bit || data->is_gray || data->is_palette)
++ #endif
++     {
++-      data->image_data = grub_malloc (data->image_height * data->row_bytes);
+++      data->image_data = grub_calloc (data->image_height, data->row_bytes);
++       if (grub_errno)
++         return grub_errno;
++
++diff --git a/include/grub/unicode.h b/include/grub/unicode.h
++index a0403e91f9..4de986a857 100644
++--- a/include/grub/unicode.h
+++++ b/include/grub/unicode.h
++@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in)
++   grub_memcpy (out, in, sizeof (*in));
++   if (in->ncomb > ARRAY_SIZE (out->combining_inline))
++     {
++-      out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
+++      out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
++       if (!out->combining_ptr)
++ 	{
++ 	  grub_free (out);
++@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out,
++   grub_memcpy (out, in, sizeof (*in));
++   if (in->ncomb > ARRAY_SIZE (out->combining_inline))
++     {
++-      out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
+++      out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
++       if (!out->combining_ptr)
++ 	return;
++       grub_memcpy (out->combining_ptr, in->combining_ptr,
++diff --git a/util/getroot.c b/util/getroot.c
++index cdd41153c5..6ae35ecaa6 100644
++--- a/util/getroot.c
+++++ b/util/getroot.c
++@@ -200,7 +200,7 @@ make_device_name (const char *drive)
++   char *ret, *ptr;
++   const char *iptr;
++
++-  ret = xmalloc (strlen (drive) * 2);
+++  ret = xcalloc (2, strlen (drive));
++   ptr = ret;
++   for (iptr = drive; *iptr; iptr++)
++     {
++diff --git a/util/grub-file.c b/util/grub-file.c
++index 50c18b6835..b2e7dd69f4 100644
++--- a/util/grub-file.c
+++++ b/util/grub-file.c
++@@ -54,7 +54,7 @@ main (int argc, char *argv[])
++
++   grub_util_host_init (&argc, &argv);
++
++-  argv2 = xmalloc (argc * sizeof (argv2[0]));
+++  argv2 = xcalloc (argc, sizeof (argv2[0]));
++
++   if (argc == 2 && strcmp (argv[1], "--version") == 0)
++     {
++diff --git a/util/grub-fstest.c b/util/grub-fstest.c
++index f14e02d972..57246af7c6 100644
++--- a/util/grub-fstest.c
+++++ b/util/grub-fstest.c
++@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
++   if (args_count < num_disks)
++     {
++       if (args_count == 0)
++-	images = xmalloc (num_disks * sizeof (images[0]));
+++	images = xcalloc (num_disks, sizeof (images[0]));
++       images[args_count] = grub_canonicalize_file_name (arg);
++       args_count++;
++       return 0;
++@@ -734,7 +734,7 @@ main (int argc, char *argv[])
++
++   grub_util_host_init (&argc, &argv);
++
++-  args = xmalloc (argc * sizeof (args[0]));
+++  args = xcalloc (argc, sizeof (args[0]));
++
++   argp_parse (&argp, argc, argv, 0, 0, 0);
++
++diff --git a/util/grub-install-common.c b/util/grub-install-common.c
++index fdfe2c7ead..447504d3f4 100644
++--- a/util/grub-install-common.c
+++++ b/util/grub-install-common.c
++@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val,
++       il->n_entries++;
++     }
++   il->n_alloc = il->n_entries + 1;
++-  il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0]));
+++  il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0]));
++   ptr = val;
++   for (ce = il->entries; ; ce++)
++     {
++diff --git a/util/grub-install.c b/util/grub-install.c
++index f408b19860..843dfc7c80 100644
++--- a/util/grub-install.c
+++++ b/util/grub-install.c
++@@ -658,7 +658,7 @@ device_map_check_duplicates (const char *dev_map)
++   if (! fp)
++     return;
++
++-  d = xmalloc (alloced * sizeof (d[0]));
+++  d = xcalloc (alloced, sizeof (d[0]));
++
++   while (fgets (buf, sizeof (buf), fp))
++     {
++@@ -1405,7 +1405,7 @@ main (int argc, char *argv[])
++       ndev++;
++     }
++
++-  grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1));
+++  grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0]));
++
++   for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
++        curdrive++)
++diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
++index bc087c2b57..d97d0e7bef 100644
++--- a/util/grub-mkimagexx.c
+++++ b/util/grub-mkimagexx.c
++@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
++ 		      + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize);
++   smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset);
++
++-  smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections);
++-  memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections);
++-  smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections);
++-  memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections);
+++  smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs));
+++  smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs));
++
++   SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target);
++
++diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
++index 45d6140d3e..cb972f120b 100644
++--- a/util/grub-mkrescue.c
+++++ b/util/grub-mkrescue.c
++@@ -441,8 +441,8 @@ main (int argc, char *argv[])
++   xorriso = xstrdup ("xorriso");
++   label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2");
++
++-  argp_argv = xmalloc (sizeof (argp_argv[0]) * argc);
++-  xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc);
+++  argp_argv = xcalloc (argc, sizeof (argp_argv[0]));
+++  xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0]));
++
++   xorriso_tail_argc = 0;
++   /* Program name */
++diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
++index 4907d44c0b..edf309717c 100644
++--- a/util/grub-mkstandalone.c
+++++ b/util/grub-mkstandalone.c
++@@ -296,7 +296,7 @@ main (int argc, char *argv[])
++   grub_util_host_init (&argc, &argv);
++   grub_util_disable_fd_syncs ();
++
++-  files = xmalloc ((argc + 1) * sizeof (files[0]));
+++  files = xcalloc (argc + 1, sizeof (files[0]));
++
++   argp_parse (&argp, argc, argv, 0, 0, 0);
++
++diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c
++index 0d4084a108..11331294f1 100644
++--- a/util/grub-pe2elf.c
+++++ b/util/grub-pe2elf.c
++@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image,
++   char *pe_strtab = (image + pe_chdr->symtab_offset
++ 		     + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol));
++
++-  section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int));
+++  section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int));
++   section_map[0] = 0;
++-  shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0]));
+++  shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0]));
++   idx = 1;
++   idx_reloc = pe_chdr->num_sections + 1;
++
++@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image,
++
++       pe_sec = pe_shdr + shdr[i].sh_link;
++       pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset);
++-      rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t));
+++      rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t));
++       num_rels = 0;
++       modified = 0;
++
++@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image,
++   pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset);
++   pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols);
++
++-  symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) *
++-				sizeof (Elf_Sym));
++-  memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym));
+++  symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym));
++   num_syms = 1;
++
++-  symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int));
+++  symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int));
++
++   for (i = 0; i < (int) pe_chdr->num_symbols;
++        i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1)
++diff --git a/util/grub-probe.c b/util/grub-probe.c
++index 81d27eead5..cbe6ed94ca 100644
++--- a/util/grub-probe.c
+++++ b/util/grub-probe.c
++@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim)
++       grub_util_pull_device (*curdev);
++       ndev++;
++     }
++-
++-  drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1));
+++
+++  drives_names = xcalloc (ndev + 1, sizeof (drives_names[0]));
++
++   for (curdev = device_names, curdrive = drives_names; *curdev; curdev++,
++        curdrive++)
 diff --git a/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch
 new file mode 100644
 index 0000000..e0bb952
 --- /dev/null
 +++ b/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -0,0 +1,1319 @@
++From 83e59f56362e11618083f376cbf700861d6b8f2a Mon Sep 17 00:00:00 2001
++From: Peter Jones <pjones@redhat.com>
++Date: Mon, 15 Jun 2020 12:28:27 -0400
++Subject: malloc: Use overflow checking primitives where we do complex
++ allocations
++
++This attempts to fix the places where we do the following where
++arithmetic_expr may include unvalidated data:
++
++  X = grub_malloc(arithmetic_expr);
++
++It accomplishes this by doing the arithmetic ahead of time using grub_add(),
++grub_sub(), grub_mul() and testing for overflow before proceeding.
++
++Among other issues, this fixes:
++  - allocation of integer overflow in grub_video_bitmap_create()
++    reported by Chris Coulson,
++  - allocation of integer overflow in grub_png_decode_image_header()
++    reported by Chris Coulson,
++  - allocation of integer overflow in grub_squash_read_symlink()
++    reported by Chris Coulson,
++  - allocation of integer overflow in grub_ext2_read_symlink()
++    reported by Chris Coulson,
++  - allocation of integer overflow in read_section_as_string()
++    reported by Chris Coulson.
++
++Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
++
++Signed-off-by: Peter Jones <pjones@redhat.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
++---
++ grub-core/commands/legacycfg.c | 29 +++++++++++++++----
++ grub-core/commands/wildcard.c  | 36 ++++++++++++++++++++----
++ grub-core/disk/ldm.c           | 32 +++++++++++++++------
++ grub-core/font/font.c          |  7 ++++-
++ grub-core/fs/btrfs.c           | 28 +++++++++++++------
++ grub-core/fs/ext2.c            | 10 ++++++-
++ grub-core/fs/iso9660.c         | 51 ++++++++++++++++++++++++----------
++ grub-core/fs/sfs.c             | 27 ++++++++++++++----
++ grub-core/fs/squash4.c         | 45 ++++++++++++++++++++++--------
++ grub-core/fs/udf.c             | 41 +++++++++++++++++----------
++ grub-core/fs/xfs.c             | 11 +++++---
++ grub-core/fs/zfs/zfs.c         | 22 ++++++++++-----
++ grub-core/fs/zfs/zfscrypt.c    |  7 ++++-
++ grub-core/lib/arg.c            | 20 +++++++++++--
++ grub-core/loader/i386/bsd.c    |  8 +++++-
++ grub-core/net/dns.c            |  9 +++++-
++ grub-core/normal/charset.c     | 10 +++++--
++ grub-core/normal/cmdline.c     | 14 ++++++++--
++ grub-core/normal/menu_entry.c  | 13 +++++++--
++ grub-core/script/argv.c        | 16 +++++++++--
++ grub-core/script/lexer.c       | 21 ++++++++++++--
++ grub-core/video/bitmap.c       | 25 +++++++++++------
++ grub-core/video/readers/png.c  | 13 +++++++--
++ 23 files changed, 382 insertions(+), 113 deletions(-)
++
++diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
++index 5e3ec0d5e4..cc5971f4db 100644
++--- a/grub-core/commands/legacycfg.c
+++++ b/grub-core/commands/legacycfg.c
++@@ -32,6 +32,7 @@
++ #include <grub/auth.h>
++ #include <grub/disk.h>
++ #include <grub/partition.h>
+++#include <grub/safemath.h>
++
++ GRUB_MOD_LICENSE ("GPLv3+");
++
++@@ -104,13 +105,22 @@ legacy_file (const char *filename)
++ 	if (newsuffix)
++ 	  {
++ 	    char *t;
++-
+++	    grub_size_t sz;
+++
+++	    if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) ||
+++		grub_add (sz, 1, &sz))
+++	      {
+++		grub_errno = GRUB_ERR_OUT_OF_RANGE;
+++		goto fail_0;
+++	      }
+++
++ 	    t = suffix;
++-	    suffix = grub_realloc (suffix, grub_strlen (suffix)
++-				   + grub_strlen (newsuffix) + 1);
+++	    suffix = grub_realloc (suffix, sz);
++ 	    if (!suffix)
++ 	      {
++ 		grub_free (t);
+++
+++ fail_0:
++ 		grub_free (entrysrc);
++ 		grub_free (parsed);
++ 		grub_free (newsuffix);
++@@ -154,13 +164,22 @@ legacy_file (const char *filename)
++ 	  else
++ 	    {
++ 	      char *t;
+++	      grub_size_t sz;
+++
+++	      if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) ||
+++		  grub_add (sz, 1, &sz))
+++		{
+++		  grub_errno = GRUB_ERR_OUT_OF_RANGE;
+++		  goto fail_1;
+++		}
++
++ 	      t = entrysrc;
++-	      entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc)
++-				       + grub_strlen (parsed) + 1);
+++	      entrysrc = grub_realloc (entrysrc, sz);
++ 	      if (!entrysrc)
++ 		{
++ 		  grub_free (t);
+++
+++ fail_1:
++ 		  grub_free (parsed);
++ 		  grub_free (suffix);
++ 		  return grub_errno;
++diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
++index 4a106ca040..cc3290311f 100644
++--- a/grub-core/commands/wildcard.c
+++++ b/grub-core/commands/wildcard.c
++@@ -23,6 +23,7 @@
++ #include <grub/file.h>
++ #include <grub/device.h>
++ #include <grub/script_sh.h>
+++#include <grub/safemath.h>
++
++ #include <regex.h>
++
++@@ -48,6 +49,7 @@ merge (char **dest, char **ps)
++   int i;
++   int j;
++   char **p;
+++  grub_size_t sz;
++
++   if (! dest)
++     return ps;
++@@ -60,7 +62,12 @@ merge (char **dest, char **ps)
++   for (j = 0; ps[j]; j++)
++     ;
++
++-  p = grub_realloc (dest, sizeof (char*) * (i + j + 1));
+++  if (grub_add (i, j, &sz) ||
+++      grub_add (sz, 1, &sz) ||
+++      grub_mul (sz, sizeof (char *), &sz))
+++    return dest;
+++
+++  p = grub_realloc (dest, sz);
++   if (! p)
++     {
++       grub_free (dest);
++@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp)
++   char ch;
++   int i = 0;
++   unsigned len = end - start;
++-  char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */
+++  char *buffer;
+++  grub_size_t sz;
++
+++  /* Worst case size is (len * 2 + 2 + 1). */
+++  if (grub_mul (len, 2, &sz) ||
+++      grub_add (sz, 3, &sz))
+++    return 1;
+++
+++  buffer = grub_malloc (sz);
++   if (! buffer)
++     return 1;
++
++@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data)
++   struct match_devices_ctx *ctx = data;
++   char **t;
++   char *buffer;
+++  grub_size_t sz;
++
++   /* skip partitions if asked to. */
++   if (ctx->noparts && grub_strchr (name, ','))
++@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data)
++   if (regexec (ctx->regexp, buffer, 0, 0, 0))
++     {
++       grub_dprintf ("expand", "not matched\n");
+++ fail:
++       grub_free (buffer);
++       return 0;
++     }
++
++-  t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2));
+++  if (grub_add (ctx->ndev, 2, &sz) ||
+++      grub_mul (sz, sizeof (char *), &sz))
+++    goto fail;
+++
+++  t = grub_realloc (ctx->devs, sz);
++   if (! t)
++     {
++       grub_free (buffer);
++@@ -300,6 +320,7 @@ match_files_iter (const char *name,
++   struct match_files_ctx *ctx = data;
++   char **t;
++   char *buffer;
+++  grub_size_t sz;
++
++   /* skip . and .. names */
++   if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0)
++@@ -315,9 +336,14 @@ match_files_iter (const char *name,
++   if (! buffer)
++     return 1;
++
++-  t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2));
++-  if (! t)
+++  if (grub_add (ctx->nfile, 2, &sz) ||
+++      grub_mul (sz, sizeof (char *), &sz))
+++    goto fail;
+++
+++  t = grub_realloc (ctx->files, sz);
+++  if (!t)
++     {
+++ fail:
++       grub_free (buffer);
++       return 1;
++     }
++diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
++index e6323701ab..58f8a53e1a 100644
++--- a/grub-core/disk/ldm.c
+++++ b/grub-core/disk/ldm.c
++@@ -25,6 +25,7 @@
++ #include <grub/msdos_partition.h>
++ #include <grub/gpt_partition.h>
++ #include <grub/i18n.h>
+++#include <grub/safemath.h>
++
++ #ifdef GRUB_UTIL
++ #include <grub/emu/misc.h>
++@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk,
++       struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
++ 				/ sizeof (struct grub_ldm_vblk)];
++       unsigned i;
+++      grub_size_t sz;
++       err = grub_disk_read (disk, cursec, 0,
++ 			    sizeof(vblk), &vblk);
++       if (err)
++@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk,
++ 	      grub_free (lv);
++ 	      goto fail2;
++ 	    }
++-	  lv->name = grub_malloc (*ptr + 1);
+++	  if (grub_add (*ptr, 1, &sz))
+++	    {
+++	      grub_free (lv->internal_id);
+++	      grub_free (lv);
+++	      goto fail2;
+++	    }
+++	  lv->name = grub_malloc (sz);
++ 	  if (!lv->name)
++ 	    {
++ 	      grub_free (lv->internal_id);
++@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk,
++ 	  if (lv->segments->node_alloc == lv->segments->node_count)
++ 	    {
++ 	      void *t;
++-	      lv->segments->node_alloc *= 2;
++-	      t = grub_realloc (lv->segments->nodes,
++-				sizeof (*lv->segments->nodes)
++-				* lv->segments->node_alloc);
+++	      grub_size_t sz;
+++
+++	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
+++		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
+++		goto fail2;
+++
+++	      t = grub_realloc (lv->segments->nodes, sz);
++ 	      if (!t)
++ 		goto fail2;
++ 	      lv->segments->nodes = t;
++@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk,
++ 	      if (comp->segment_alloc == comp->segment_count)
++ 		{
++ 		  void *t;
++-		  comp->segment_alloc *= 2;