[OE-core][dunfell 00/12] Patch review

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1224

The following changes since commit 7ce425fa1295a9dca48f8474be58db3ac8aa540d:

  glibc: Secruity fix for CVE-2020-6096 (2020-07-27 12:15:56 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  gnutls: upgrade 3.6.13 -> 3.6.14

Andrei Gherzan (2):
  initscripts: Fix various shellcheck warnings in populate-volatile.sh
  initscripts: Fix populate-volatile.sh bug when file/dir exists

Changqing Li (2):
  layer.conf: fix adwaita-icon-theme signature change problem
  gtk-icon-cache.bbclass: add features_check

Konrad Weihmann (1):
  cve-update: handle baseMetricV2 as optional

Lee Chee Yang (1):
  checklayer: check layer in BBLAYERS before test

Matt Madison (1):
  cogl-1.0: correct X11 dependencies

Steve Sakoman (1):
  glib-networking: upgrade 2.62.3 to 2.62.4

Viktor Rosendahl (1):
  boost: backport fix to make async_pipes work with asio

Yi Zhao (1):
  bind: upgrade 9.11.19 -> 9.11.21

zhengruoqin (1):
  gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file.

 meta/classes/gtk-icon-cache.bbclass           |  5 ++
 meta/conf/layer.conf                          |  2 +
 .../bind/{bind_9.11.19.bb => bind_9.11.21.bb} |  2 +-
 ...ng_2.62.3.bb => glib-networking_2.62.4.bb} |  4 +-
 .../initscripts-1.0/populate-volatile.sh      | 80 ++++++++---------
 .../recipes-core/meta/cve-update-db-native.bb | 13 ++-
 meta/recipes-graphics/cogl/cogl-1.0.inc       |  2 +-
 .../0001-added-typedef-executor_type.patch    | 54 +++++++++++
 meta/recipes-support/boost/boost_1.72.0.bb    |  1 +
 ...se-to-GPLv2.1-to-keep-with-LICENSE-f.patch | 90 +++++++++++++++++++
 .../{gnutls_3.6.13.bb => gnutls_3.6.14.bb}    |  4 +-
 scripts/lib/checklayer/__init__.py            | 14 +++
 scripts/yocto-check-layer                     |  9 +-
 13 files changed, 229 insertions(+), 51 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.11.19.bb => bind_9.11.21.bb} (98%)
 rename meta/recipes-core/glib-networking/{glib-networking_2.62.3.bb => glib-networking_2.62.4.bb} (88%)
 create mode 100644 meta/recipes-support/boost/boost/0001-added-typedef-executor_type.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch
 rename meta/recipes-support/gnutls/{gnutls_3.6.13.bb => gnutls_3.6.14.bb} (92%)

-- 
2.17.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

The following changes since commit 553a96644957ca6ad0f13b75a6e3a596357d1d52:

  linux-yocto/5.4: update to v5.4.57 (2020-08-13 04:47:52 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Adrian Bunk (1):
  librsvg: Upgrade 2.40.20 -> 2.40.21

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.58
  linux-yocto/5.4: perf cs-etm: Move definition of 'traceid_list' global
    variable from header file

Changqing Li (1):
  libffi: fix multilib header conflict

Chen Qi (1):
  fribidi: extend CVE_PRODUCT to include fribidi

Lee Chee Yang (2):
  ghostscript: update to 9.52
  perl: fix CVE-2020-12723

Mikko Rapeli (2):
  alsa-topology-conf: use ${datadir} in do_install()
  alsa-ucm-conf: use ${datadir} in do_install()

Richard Purdie (1):
  selftest/tinfoil: Increase wait event timeout

Vasyl Vavrychuk (1):
  runqemu: Check gtk or sdl option is passed together with gl or gl-es
    options.

Wang Mingyu (1):
  xserver-xorg: upgrade 1.20.7 -> 1.20.8

 meta/lib/oeqa/selftest/cases/tinfoil.py       |   5 +-
 .../perl/files/CVE-2020-12723.patch           | 302 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.30.1.bb     |   1 +
 .../do-not-check-local-libpng-source.patch    |  37 +--
 .../ghostscript/CVE-2019-14869-0001.patch     |  70 ----
 .../ghostscript/ghostscript/aarch64/objarch.h |  40 ---
 .../ghostscript/ghostscript/arm/objarch.h     |  40 ---
 .../ghostscript/ghostscript/armeb/objarch.h   |  40 ---
 .../ghostscript-9.02-genarch.patch            |  38 ---
 .../ghostscript/ghostscript/i586/objarch.h    |  41 ---
 .../ghostscript/ghostscript/i686              |   1 -
 .../ghostscript/microblaze/objarch.h          |  40 ---
 .../ghostscript/microblazeel/objarch.h        |  40 ---
 .../ghostscript/mipsarchn32eb/objarch.h       |  40 ---
 .../ghostscript/mipsarchn32el/objarch.h       |  40 ---
 .../ghostscript/mipsarchn64eb/objarch.h       |  40 ---
 .../ghostscript/mipsarchn64el/objarch.h       |  40 ---
 .../ghostscript/mipsarcho32eb/objarch.h       |  40 ---
 .../ghostscript/mipsarcho32el/objarch.h       |  40 ---
 .../ghostscript/ghostscript/nios2/objarch.h   |  40 ---
 .../ghostscript/ghostscript/powerpc/objarch.h |  40 ---
 .../ghostscript/powerpc64/objarch.h           |  40 ---
 .../ghostscript/powerpc64le/objarch.h         |  40 ---
 .../ghostscript/ghostscript/x86-64/objarch.h  |  40 ---
 ...hostscript_9.50.bb => ghostscript_9.52.bb} |  27 +-
 ...{librsvg_2.40.20.bb => librsvg_2.40.21.bb} |   3 +-
 ...-xorg_1.20.7.bb => xserver-xorg_1.20.8.bb} |   4 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../alsa/alsa-topology-conf_1.2.1.bb          |   4 +-
 .../alsa/alsa-ucm-conf_1.2.1.2.bb             |   6 +-
 meta/recipes-support/fribidi/fribidi_1.0.9.bb |   2 +-
 meta/recipes-support/libffi/libffi_3.3.bb     |   2 +-
 scripts/runqemu                               |   3 +-
 35 files changed, 361 insertions(+), 861 deletions(-)
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-12723.patch
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/aarch64/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/arm/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/i586/objarch.h
 delete mode 120000 meta/recipes-extended/ghostscript/ghostscript/i686
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/microblaze/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/microblazeel/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarchn32eb/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarchn32el/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarchn64eb/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarchn64el/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarcho32eb/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/mipsarcho32el/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/nios2/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/powerpc/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/powerpc64/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/powerpc64le/objarch.h
 delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/x86-64/objarch.h
 rename meta/recipes-extended/ghostscript/{ghostscript_9.50.bb => ghostscript_9.52.bb} (87%)
 rename meta/recipes-gnome/librsvg/{librsvg_2.40.20.bb => librsvg_2.40.21.bb} (92%)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.7.bb => xserver-xorg_1.20.8.bb} (89%)

-- 
2.17.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1560

The following changes since commit 8d54034bb8e522f9827ec6422b32cbd4e5bf1346:

  sqlite3: fix CVE-2020-13632 (2020-11-05 04:07:15 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  linux-firmware: upgrade 20200817 -> 20201022

Chee Yang Lee (1):
  ruby: fix CVE-2020-25613

Khem Raj (1):
  qemuboot.bbclass: Fix a typo

Max Krummenacher (2):
  linux-firmware: package marvel sdio 8997 firmware
  linux-firmware: package nvidia firmware

Maxime Roussin-Bélanger (1):
  meta: fix some unresponsive homepages and bugtracker links

Mingli Yu (1):
  update_udev_hwdb: clean hwdb.bin

Neil Armstrong (1):
  linux-firmware: add Amlogic VDEC firmware package

Steve Sakoman (2):
  netbase: update SRC_URI to reflect new file name
  netbase: bump PE to purge bogus hash equivalence from autobuilder

Yongxin Liu (2):
  grub: fix several CVEs in grub 2.04
  grub: clean up CVE patches

 meta/classes/qemuboot.bbclass                 |    2 +-
 ...308-calloc-Use-calloc-at-most-places.patch | 1863 +++++++++++++++++
 ...low-checking-primitives-where-we-do-.patch | 1330 ++++++++++++
 ...se-after-free-when-redefining-a-func.patch |  117 ++
 ...er-overflows-in-initrd-size-handling.patch |  177 ++
 ...-we-always-have-an-overflow-checking.patch |  246 +++
 ...dd-LVM-cache-logical-volume-handling.patch |  287 +++
 ...e-arithmetic-primitives-that-check-f.patch |   94 +
 ...used-fields-from-grub_script_functio.patch |   37 +
 meta/recipes-bsp/grub/grub2.inc               |    8 +
 meta/recipes-bsp/v86d/v86d_0.1.10.bb          |    2 +-
 .../recipes-connectivity/bind/bind_9.11.22.bb |    2 +-
 meta/recipes-connectivity/iw/iw_5.4.bb        |    2 +-
 meta/recipes-core/netbase/netbase_6.1.bb      |    9 +-
 meta/recipes-core/readline/readline.inc       |    2 +-
 meta/recipes-core/util-linux/util-linux.inc   |    4 +-
 meta/recipes-devtools/chrpath/chrpath_0.16.bb |    3 +-
 meta/recipes-devtools/ninja/ninja_1.10.0.bb   |    2 +-
 .../ruby/ruby/CVE-2020-25613.patch            |   40 +
 meta/recipes-devtools/ruby/ruby_2.7.1.bb      |    1 +
 meta/recipes-extended/lsb/lsb-release_1.4.bb  |    2 +-
 .../recipes-extended/minicom/minicom_2.7.1.bb |    2 +-
 meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb |    2 +-
 meta/recipes-extended/which/which_2.21.bb     |    2 +-
 meta/recipes-gnome/gnome/gconf_3.2.6.bb       |    2 +-
 meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb    |    3 +-
 meta/recipes-kernel/kmod/kmod.inc             |    2 +-
 ...20200817.bb => linux-firmware_20201022.bb} |   51 +-
 .../wireless-regdb_2020.04.29.bb              |    2 +-
 .../libvorbis/libvorbis_1.3.6.bb              |    4 +-
 .../settings-daemon/settings-daemon_0.0.2.bb  |    2 +-
 meta/recipes-support/atk/atk_2.34.1.bb        |    5 +-
 .../bash-completion/bash-completion_2.10.bb   |    4 +-
 meta/recipes-support/npth/npth_1.6.bb         |    4 +-
 scripts/postinst-intercepts/update_udev_hwdb  |    1 +
 35 files changed, 4279 insertions(+), 37 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
 create mode 100644 meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
 create mode 100644 meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
 create mode 100644 meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
 create mode 100644 meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20200817.bb => linux-firmware_20201022.bb} (95%)

-- 
2.17.1

[OE-core][dunfell 01/12] meta: fix some unresponsive homepages and bugtracker links

[Steve Sakoman]

From: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>

remove some extra whitespaces

Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 32ce3716761165b9df12306249418645724122cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/v86d/v86d_0.1.10.bb                         | 2 +-
 meta/recipes-connectivity/bind/bind_9.11.22.bb               | 2 +-
 meta/recipes-connectivity/iw/iw_5.4.bb                       | 2 +-
 meta/recipes-core/readline/readline.inc                      | 2 +-
 meta/recipes-core/util-linux/util-linux.inc                  | 4 ++--
 meta/recipes-devtools/chrpath/chrpath_0.16.bb                | 3 +--
 meta/recipes-devtools/ninja/ninja_1.10.0.bb                  | 2 +-
 meta/recipes-extended/lsb/lsb-release_1.4.bb                 | 2 +-
 meta/recipes-extended/minicom/minicom_2.7.1.bb               | 2 +-
 meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb                | 2 +-
 meta/recipes-extended/which/which_2.21.bb                    | 2 +-
 meta/recipes-gnome/gnome/gconf_3.2.6.bb                      | 2 +-
 meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb                   | 3 +--
 meta/recipes-kernel/kmod/kmod.inc                            | 2 +-
 .../wireless-regdb/wireless-regdb_2020.04.29.bb              | 2 +-
 meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb         | 4 ++--
 meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb   | 2 +-
 meta/recipes-support/atk/atk_2.34.1.bb                       | 5 ++---
 meta/recipes-support/bash-completion/bash-completion_2.10.bb | 4 ++--
 meta/recipes-support/npth/npth_1.6.bb                        | 4 ++--
 20 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/meta/recipes-bsp/v86d/v86d_0.1.10.bb b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
index 84e27d2007..a8df80fdd6 100644
--- a/meta/recipes-bsp/v86d/v86d_0.1.10.bb
+++ b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
@@ -1,5 +1,5 @@
 SUMMARY = "User support binary for the uvesafb kernel module"
-HOMEPAGE = "http://dev.gentoo.org/~spock/projects/uvesafb/"
+HOMEPAGE = "https://tracker.debian.org/pkg/v86d"
 
 # the copyright info is at the bottom of README, expect break
 LICENSE = "GPLv2"
diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb
index 7128bd3870..3b4a299b36 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb
@@ -1,5 +1,5 @@
 SUMMARY = "ISC Internet Domain Name Server"
-HOMEPAGE = "http://www.isc.org/sw/bind/"
+HOMEPAGE = "https://www.isc.org/bind/"
 SECTION = "console/network"
 
 LICENSE = "ISC & BSD"
diff --git a/meta/recipes-connectivity/iw/iw_5.4.bb b/meta/recipes-connectivity/iw/iw_5.4.bb
index 9f58e49709..96879a9689 100644
--- a/meta/recipes-connectivity/iw/iw_5.4.bb
+++ b/meta/recipes-connectivity/iw/iw_5.4.bb
@@ -2,7 +2,7 @@ SUMMARY = "nl80211 based CLI configuration utility for wireless devices"
 DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \
 wireless devices. It supports almost all new drivers that have been added \
 to the kernel recently. "
-HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
+HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw"
 SECTION = "base"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
diff --git a/meta/recipes-core/readline/readline.inc b/meta/recipes-core/readline/readline.inc
index 052e2d5f3d..039ffdee00 100644
--- a/meta/recipes-core/readline/readline.inc
+++ b/meta/recipes-core/readline/readline.inc
@@ -4,7 +4,7 @@ command lines as they are typed in. Both Emacs and vi editing modes are availabl
 additional functions to maintain a list of previously-entered command lines, to recall and perhaps reedit those   \
 lines, and perform csh-like history expansion on previous commands."
 SECTION = "libs"
-HOMEPAGE = "https://cnswww.cns.cwru.edu/php/chet/readline/rltop.html"
+HOMEPAGE = "https://tiswww.case.edu/php/chet/readline/rltop.html"
 
 # GPLv2+ (< 6.0), GPLv3+ (>= 6.0)
 LICENSE = "GPLv3+"
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 248dfc1b6e..0e85603d9a 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -1,5 +1,5 @@
 SUMMARY = "A suite of basic system administration utilities"
-HOMEPAGE = "http://userweb.kernel.org/~kzak/util-linux/"
+HOMEPAGE = "https://en.wikipedia.org/wiki/Util-linux"
 DESCRIPTION = "Util-linux includes a suite of basic system administration utilities \
 commonly found on most Linux systems.  Some of the more important utilities include \
 disk partitioning, kernel message management, filesystem creation, and system login."
@@ -113,7 +113,7 @@ EXTRA_OECONF_append = " --disable-hwclock-gplv3"
 #
 PACKAGECONFIG ?= "pcre2"
 PACKAGECONFIG_class-target ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
-# inherit manpages requires this to be present, however util-linux does not have 
+# inherit manpages requires this to be present, however util-linux does not have
 # configuration options, and installs manpages always
 PACKAGECONFIG[manpages] = ""
 PACKAGECONFIG[pam] = "--enable-su --enable-runuser,--disable-su --disable-runuser, libpam,"
diff --git a/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/meta/recipes-devtools/chrpath/chrpath_0.16.bb
index 8de8850576..f12366b4e8 100644
--- a/meta/recipes-devtools/chrpath/chrpath_0.16.bb
+++ b/meta/recipes-devtools/chrpath/chrpath_0.16.bb
@@ -2,8 +2,7 @@ SUMMARY = "Tool to edit rpath in ELF binaries"
 DESCRIPTION = "chrpath allows you to change the rpath (where the \
 application looks for libraries) in an application. It does not \
 (yet) allow you to add an rpath if there isn't one already."
-HOMEPAGE = "http://alioth.debian.org/projects/chrpath/"
-BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052"
+HOMEPAGE = "https://tracker.debian.org/pkg/chrpath"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
 
diff --git a/meta/recipes-devtools/ninja/ninja_1.10.0.bb b/meta/recipes-devtools/ninja/ninja_1.10.0.bb
index bdc6365052..ba3398c5d6 100644
--- a/meta/recipes-devtools/ninja/ninja_1.10.0.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.10.0.bb
@@ -1,5 +1,5 @@
 SUMMARY = "Ninja is a small build system with a focus on speed."
-HOMEPAGE = "http://martine.github.com/ninja/"
+HOMEPAGE = "https://ninja-build.org/"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=a81586a64ad4e476c791cda7e2f2c52e"
 
diff --git a/meta/recipes-extended/lsb/lsb-release_1.4.bb b/meta/recipes-extended/lsb/lsb-release_1.4.bb
index a06cbcf845..3e8f7a13ec 100644
--- a/meta/recipes-extended/lsb/lsb-release_1.4.bb
+++ b/meta/recipes-extended/lsb/lsb-release_1.4.bb
@@ -1,6 +1,6 @@
 SUMMARY = "lsb_release support for OpenEmbedded"
 SECTION = "console/utils"
-HOMEPAGE = "http://prdownloads.sourceforge.net/lsb"
+HOMEPAGE = "https://sourceforge.net/projects/lsb/files"
 LICENSE = "GPLv2+"
 
 # lsb_release needs getopt
diff --git a/meta/recipes-extended/minicom/minicom_2.7.1.bb b/meta/recipes-extended/minicom/minicom_2.7.1.bb
index 1e6f1317eb..6c539c553b 100644
--- a/meta/recipes-extended/minicom/minicom_2.7.1.bb
+++ b/meta/recipes-extended/minicom/minicom_2.7.1.bb
@@ -1,5 +1,5 @@
 SUMMARY = "Text-based modem control and terminal emulation program"
-HOMEPAGE = "http://alioth.debian.org/projects/minicom/"
+HOMEPAGE = "https://salsa.debian.org/minicom-team/minicom"
 DESCRIPTION = "Minicom is a text-based modem control and terminal emulation program for Unix-like operating systems"
 SECTION = "console/network"
 DEPENDS = "ncurses virtual/libiconv"
diff --git a/meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb b/meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb
index e321cd2b27..bcdcb7307d 100644
--- a/meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb
+++ b/meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "PBZIP2 is a parallel implementation of the bzip2 block-sorting \
 file compressor that uses pthreads and achieves near-linear speedup on SMP \
 machines. The output of this version is fully compatible with bzip2 v1.0.2 or \
 newer (ie: anything compressed with pbzip2 can be decompressed with bzip2)."
-HOMEPAGE = "http://compression.ca/pbzip2/"
+HOMEPAGE = "https://launchpad.net/pbzip2/"
 SECTION = "console/utils"
 LICENSE = "bzip2-1.0.6"
 LIC_FILES_CHKSUM = "file://COPYING;md5=398b8832c6f840cfebd20ab2be6a3743"
diff --git a/meta/recipes-extended/which/which_2.21.bb b/meta/recipes-extended/which/which_2.21.bb
index fac0fd3944..fc9185061b 100644
--- a/meta/recipes-extended/which/which_2.21.bb
+++ b/meta/recipes-extended/which/which_2.21.bb
@@ -4,7 +4,7 @@ executables that bash(1) would execute when the passed \
 program names would have been entered on the shell prompt. \
 It does this by using the exact same algorithm as bash."
 SECTION = "libs"
-HOMEPAGE = "http://carlo17.home.xs4all.nl/which/"
+HOMEPAGE = "https://carlowood.github.io/which/"
 
 LICENSE = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504\
diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index b8466d4833..18818d527c 100644
--- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "GConf is a system for storing application preferences. \
 It is intended for user preferences; not configuration of something like \
 Apache, or arbitrary data storage."
 SECTION = "x11/gnome"
-HOMEPAGE = "https://projects.gnome.org/gconf/"
+HOMEPAGE = "https://gitlab.gnome.org/Archive/gconf"
 LICENSE = "LGPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605"
 
diff --git a/meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb b/meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb
index b508e62741..fb5e69f401 100644
--- a/meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb
+++ b/meta/recipes-gnome/gtk-doc/gtk-doc_1.32.bb
@@ -1,7 +1,7 @@
 SUMMARY = "Documentation generator for glib-based software"
 DESCRIPTION = "Gtk-doc is a set of scripts that extract specially formatted comments \
                from glib-based software and produce a set of html documentation files from them"
-HOMEPAGE = "http://www.gtk.org/gtk-doc/"
+HOMEPAGE = "https://www.gtk.org/docs/"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
@@ -59,4 +59,3 @@ gtkdoc_makefiles_sysroot_preprocess() {
            -e "s|GTKDOC_RUN =.*|GTKDOC_RUN = \$(top_builddir)/gtkdoc-qemuwrapper|" \
            ${SYSROOT_DESTDIR}${datadir}/gtk-doc/data/gtk-doc*make
 }
-
diff --git a/meta/recipes-kernel/kmod/kmod.inc b/meta/recipes-kernel/kmod/kmod.inc
index 334453838e..5dae30ed88 100644
--- a/meta/recipes-kernel/kmod/kmod.inc
+++ b/meta/recipes-kernel/kmod/kmod.inc
@@ -4,7 +4,7 @@
 SUMMARY = "Tools for managing Linux kernel modules"
 DESCRIPTION = "kmod is a set of tools to handle common tasks with Linux kernel modules like \
                insert, remove, list, check properties, resolve dependencies and aliases."
-HOMEPAGE = "http://packages.profusion.mobi/kmod/"
+HOMEPAGE = "http://kernel.org/pub/linux/utils/kernel/kmod/"
 LICENSE = "GPL-2.0+ & LGPL-2.1+"
 LICENSE_libkmod = "LGPL-2.1+"
 SECTION = "base"
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb
index a5827b9ef0..30d4cb523f 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2020.04.29.bb
@@ -1,5 +1,5 @@
 SUMMARY = "Wireless Central Regulatory Domain Database"
-HOMEPAGE = "http://wireless.kernel.org/en/developers/Regulatory/CRDA"
+HOMEPAGE = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda"
 SECTION = "net"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb
index 1a3cdc2269..a3641bd5a0 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb
@@ -2,8 +2,8 @@ SUMMARY = "Ogg Vorbis Audio Codec"
 DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
 that is free of intellectual property restrictions. libvorbis \
 is the main vorbis codec library."
-HOMEPAGE = "http://www.vorbis.com/"
-BUGTRACKER = "https://trac.xiph.org"
+HOMEPAGE = "https://xiph.org/vorbis/"
+BUGTRACKER = "https://gitlab.xiph.org/xiph/vorbis/-/issues"
 SECTION = "libs"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=70c7063491d2d9f76a098d62ed5134f1 \
diff --git a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
index 227fd54b79..d01177f9b9 100644
--- a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
+++ b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
@@ -1,5 +1,5 @@
 SUMMARY = "Provides a bridge between gconf and xsettings"
-HOMEPAGE = "http://svn.o-hand.com/view/matchbox/trunk/settings-daemon/"
+HOMEPAGE = "https://git.yoctoproject.org/cgit/cgit.cgi/xsettings-daemon/"
 BUGTRACKER = "http://bugzilla.yoctoproject.org/"
 LICENSE = "MIT-style"
 LIC_FILES_CHKSUM = "file://xsettings-manager.h;endline=22;md5=7cfac9d2d4dc3694cc7eb605cf32a69b \
diff --git a/meta/recipes-support/atk/atk_2.34.1.bb b/meta/recipes-support/atk/atk_2.34.1.bb
index 277397c694..741350ffe5 100644
--- a/meta/recipes-support/atk/atk_2.34.1.bb
+++ b/meta/recipes-support/atk/atk_2.34.1.bb
@@ -1,6 +1,6 @@
 SUMMARY = "Accessibility toolkit for GNOME"
-HOMEPAGE = "http://live.gnome.org/GAP/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+HOMEPAGE = "https://wiki.gnome.org/Accessibility"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/atk/-/issues"
 SECTION = "x11/libs"
 
 LICENSE = "GPLv2+ & LGPLv2+"
@@ -18,4 +18,3 @@ SRC_URI[archive.md5sum] = "f60bbaf8bdd08b93d98736b54b2fc8e9"
 SRC_URI[archive.sha256sum] = "d4f0e3b3d21265fcf2bc371e117da51c42ede1a71f6db1c834e6976bb20997cb"
 
 BBCLASSEXTEND = "native nativesdk"
-
diff --git a/meta/recipes-support/bash-completion/bash-completion_2.10.bb b/meta/recipes-support/bash-completion/bash-completion_2.10.bb
index 041af7490e..93e7d9dc3c 100644
--- a/meta/recipes-support/bash-completion/bash-completion_2.10.bb
+++ b/meta/recipes-support/bash-completion/bash-completion_2.10.bb
@@ -1,6 +1,6 @@
 SUMMARY = "Programmable Completion for Bash 4"
-HOMEPAGE = "http://bash-completion.alioth.debian.org/"
-BUGTRACKER = "https://alioth.debian.org/projects/bash-completion/"
+HOMEPAGE = "https://github.com/scop/bash-completion"
+BUGTRACKER = "https://github.com/scop/bash-completion/issues"
 
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
diff --git a/meta/recipes-support/npth/npth_1.6.bb b/meta/recipes-support/npth/npth_1.6.bb
index 233e0dc4a4..88484acec3 100644
--- a/meta/recipes-support/npth/npth_1.6.bb
+++ b/meta/recipes-support/npth/npth_1.6.bb
@@ -1,5 +1,5 @@
 SUMMARY = "New GNU Portable Threads library"
-HOMEPAGE = "http://www.gnupg.org/software/pth/"
+HOMEPAGE = "https://www.gnu.org/software/pth/"
 SECTION = "libs"
 LICENSE = "LGPLv2+"
 LIC_FILES_CHKSUM = "\
@@ -15,7 +15,7 @@ SRC_URI[sha256sum] = "1393abd9adcf0762d34798dc34fdcf4d0d22a8410721e76f1e3afcd1da
 
 BINCONFIG = "${bindir}/npth-config"
 
-inherit autotools binconfig-disabled multilib_header 
+inherit autotools binconfig-disabled multilib_header
 
 FILES_${PN} = "${libdir}/libnpth.so.*"
 FILES_${PN}-dev += "${bindir}/npth-config"
-- 
2.17.1

[OE-core][dunfell 02/12] qemuboot.bbclass: Fix a typo

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2b5fb66344432390aa0cc199ad3f9ec2a4da26bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/qemuboot.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index 99da543f9a..648af09b6e 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -40,7 +40,7 @@
 #                          QB_NETWORK_DEVICE_prepend might be used, since Qemu enumerates the eth*
 #                          devices in reverse order to -device arguments.
 #
-# QB_TAP_OPT: netowrk option for 'tap' mode, e.g.,
+# QB_TAP_OPT: network option for 'tap' mode, e.g.,
 #             "-netdev tap,id=net0,ifname=@TAP@,script=no,downscript=no"
 #              Note, runqemu will replace "@TAP@" with the one which is used, such as tap0, tap1 ...
 #
-- 
2.17.1

[OE-core][dunfell 03/12] update_udev_hwdb: clean hwdb.bin

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

Steps to reproduce:
echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >> conf/local.conf

When install both udev-hwdb and lib32-udev-hwdb as above,
there comes below do_populate_sdk error:
 $ bitbake core-image-sato  -c populate_sdk
 ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with exit code '134'
 NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need to be rerun and 1 failed.

 $ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/pseudo/pseudo.log
 [snip]
 inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in request.
 [snip]

It is because both udev-hwdb and lib32-udev-hwdb will generate
${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during do_populate_sdk
and it triggers pseudo error.

So clean hwdb.bin before generate hwdb.bin to avoid conflict to
fix the above do_populate_sdk error.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c7472925feb53ce92c1799feba2b7a9104e3f38f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/postinst-intercepts/update_udev_hwdb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/postinst-intercepts/update_udev_hwdb b/scripts/postinst-intercepts/update_udev_hwdb
index 102e99b947..8076b8ae6f 100644
--- a/scripts/postinst-intercepts/update_udev_hwdb
+++ b/scripts/postinst-intercepts/update_udev_hwdb
@@ -17,5 +17,6 @@ case "${PREFERRED_PROVIDER_udev}" in
 		;;
 esac
 
+rm -f $D${UDEVLIBDIR}/udev/hwdb.bin
 PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D $D${libexecdir}/${binprefix}udevadm hwdb --update --root $D ${UDEV_EXTRA_ARGS}
 chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin
-- 
2.17.1

[OE-core][dunfell 04/12] linux-firmware: add Amlogic VDEC firmware package

[Steve Sakoman]

From: Neil Armstrong <narmstrong@baylibre.com>

Add package for the Amlogic VDEC firmwares.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aeb014b50433f254ced275711bee940cde9c1c8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20200817.bb             | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
index ffeb8e6926..5c9d4c3e04 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
@@ -294,6 +294,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
              ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 ${PN}-qcom-adreno-a630 \
              ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
+             ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
              ${PN}-whence-license \
              ${PN}-license \
              "
@@ -881,6 +882,12 @@ RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
 
 FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
 
+# For Amlogic VDEC
+LICENSE_${PN}-amlogic-vdec = "Firmware-amlogic_vdec"
+FILES_${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec"
+FILES_${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*"
+RDEPENDS_${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license"
+
 # For other firmwares
 # Maybe split out to separate packages when needed.
 LICENSE_${PN} = "\
@@ -888,6 +895,7 @@ LICENSE_${PN} = "\
     & Firmware-agere \
     & Firmware-amdgpu \
     & Firmware-amd-ucode \
+    & Firmware-amlogic_vdec \
     & Firmware-atmel \
     & Firmware-ca0132 \
     & Firmware-cavium \
-- 
2.17.1

[OE-core][dunfell 05/12] linux-firmware: package marvel sdio 8997 firmware

[Steve Sakoman]

From: Max Krummenacher <max.oss.09@gmail.com>

Add package for the firmware required by the Marvell 8997 chipset when
connected over SDIO.

Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8b69d826702db9f5a3482754db8967c924a156d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20200817.bb     | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
index 5c9d4c3e04..3d6644e504 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
@@ -218,8 +218,8 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-mt7601u-license ${PN}-mt7601u \
              ${PN}-radeon-license ${PN}-radeon \
              ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
-             ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 ${PN}-sd8887 ${PN}-sd8897 \
-             ${PN}-usb8997 \
+             ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
+             ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
              ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \
              ${PN}-vt6656-license ${PN}-vt6656 \
              ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
@@ -404,6 +404,7 @@ LICENSE_${PN}-sd8797 = "Firmware-Marvell"
 LICENSE_${PN}-sd8801 = "Firmware-Marvell"
 LICENSE_${PN}-sd8887 = "Firmware-Marvell"
 LICENSE_${PN}-sd8897 = "Firmware-Marvell"
+LICENSE_${PN}-sd8997 = "Firmware-Marvell"
 LICENSE_${PN}-usb8997 = "Firmware-Marvell"
 LICENSE_${PN}-marvell-license = "Firmware-Marvell"
 
@@ -439,6 +440,15 @@ FILES_${PN}-sd8887 = " \
 FILES_${PN}-sd8897 = " \
   ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \
 "
+do_install_append() {
+    # The kernel 5.6.x driver still uses the old name, provide a symlink for
+    # older kernels
+    ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin
+}
+FILES_${PN}-sd8997 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \
+  ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \
+"
 FILES_${PN}-usb8997 = " \
   ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \
 "
@@ -450,6 +460,7 @@ RDEPENDS_${PN}-sd8797 += "${PN}-marvell-license"
 RDEPENDS_${PN}-sd8801 += "${PN}-marvell-license"
 RDEPENDS_${PN}-sd8887 += "${PN}-marvell-license"
 RDEPENDS_${PN}-sd8897 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8997 += "${PN}-marvell-license"
 RDEPENDS_${PN}-usb8997 += "${PN}-marvell-license"
 
 # For netronome
-- 
2.17.1

[OE-core][dunfell 06/12] linux-firmware: package nvidia firmware

[Steve Sakoman]

From: Max Krummenacher <max.oss.09@gmail.com>

Add packages for the firmware required by the Nvidia chipsets.
Split it in Tegra K1, all other Tegras and desktop GPU packages.

Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f03b7bc5f164afd9cbb0c2bd3a932bb85d968bf7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20200817.bb | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
index 3d6644e504..0abd28c9fa 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
@@ -288,6 +288,9 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-adsp-sst-license ${PN}-adsp-sst \
              ${PN}-bnx2-mips \
              ${PN}-liquidio \
+             ${PN}-nvidia-license \
+             ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \
+             ${PN}-nvidia-gpu \
              ${PN}-netronome-license ${PN}-netronome \
              ${PN}-qat ${PN}-qat-license \
              ${PN}-qcom-license \
@@ -478,6 +481,27 @@ FILES_${PN}-netronome = " \
 
 RDEPENDS_${PN}-netronome += "${PN}-netronome-license"
 
+# For Nvidia
+LICENSE_${PN}-nvidia-gpu = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-tegra = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-tegra-k1 = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-license = "Firmware-nvidia"
+
+FILES_${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia"
+FILES_${PN}-nvidia-tegra = " \
+  ${nonarch_base_libdir}/firmware/nvidia/tegra* \
+  ${nonarch_base_libdir}/firmware/nvidia/gm20b \
+  ${nonarch_base_libdir}/firmware/nvidia/gp10b \
+"
+FILES_${PN}-nvidia-tegra-k1 = " \
+  ${nonarch_base_libdir}/firmware/nvidia/tegra124 \
+  ${nonarch_base_libdir}/firmware/nvidia/gk20a \
+"
+FILES_${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia"
+
+RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license"
+RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license"
+
 # For rtl
 LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware"
-- 
2.17.1

[OE-core][dunfell 07/12] linux-firmware: upgrade 20200817 -> 20201022

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

License-Update: WHENCE file names updates
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bca259699d79bb16a6f07afa80f2768f9c62ceec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...{linux-firmware_20200817.bb => linux-firmware_20201022.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20200817.bb => linux-firmware_20201022.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20201022.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20201022.bb
index 0abd28c9fa..045f2647e0 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20201022.bb
@@ -126,7 +126,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
                     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
                     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=4d229f79f8770b5b2c4aac655b9fabef \
+                    file://WHENCE;md5=daf28db5d6353de0a886f08106cffa22 \
                     "
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -198,7 +198,7 @@ PE = "1"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "76d05d5f1eff268d3b80675245fa596f557bd55ee2e16ddd54d18ffeae943887"
+SRC_URI[sha256sum] = "bf586e0beb4c65f22bf0a79811f259aa0a5a7cc9f70eebecb260525b6914cef7"
 
 inherit allarch
 
-- 
2.17.1

[OE-core][dunfell 08/12] netbase: update SRC_URI to reflect new file name

[Steve Sakoman]

The netbase_6.1.tar.xz file was removed and replaced with
netbase_6.1_bpo10+1.tar.xz.  File contents are identical except
for the changelog:

$ diff -rup netbase-6.1 netbase-6.1~bpo10+1/
 diff -rup netbase-6.1/debian/changelog netbase-6.1~bpo10+1/debian/changelog
 --- netbase-6.1/debian/changelog	2020-02-16 13:22:04.000000000 -1000
 +++ netbase-6.1~bpo10+1/debian/changelog	2020-08-26 23:10:59.000000000 -1000
 @@ -1,3 +1,9 @@
 +netbase (6.1~bpo10+1) buster-backports; urgency=medium
 +
 +  * Rebuild for buster-backports. (Closes: #969058)
 +
 + -- Arturo Borrero Gonzalez <arturo@debian.org>  Thu, 27 Aug 2020 11:10:59 +0200
 +
  netbase (6.1) unstable; urgency=medium

    * services: added isakmp (500/udp) which was removed by mistake in

[YOCTO #14084]

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8a09c2fcf2f8c91b7e3fea16f5c484e56187bbf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/netbase/netbase_6.1.bb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-core/netbase/netbase_6.1.bb b/meta/recipes-core/netbase/netbase_6.1.bb
index bc0049c020..0153746a90 100644
--- a/meta/recipes-core/netbase/netbase_6.1.bb
+++ b/meta/recipes-core/netbase/netbase_6.1.bb
@@ -6,10 +6,11 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://debian/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
 PE = "1"
 
-SRC_URI = "${DEBIAN_MIRROR}/main/n/${BPN}/${BPN}_${PV}.tar.xz"
+SRC_URI = "${DEBIAN_MIRROR}/main/n/${BPN}/${BPN}_${PV}~bpo10+1.tar.xz"
+S = "${WORKDIR}/${BPN}-${PV}~bpo10+1"
 
-SRC_URI[md5sum] = "e5871a3a5c8390557b8033cf19316a55"
-SRC_URI[sha256sum] = "084d743bd84d4d9380bac4c71c51e57406dce44f5a69289bb823c903e9b035d8"
+SRC_URI[md5sum] = "4fa7517285b4045ac0dc8dbf6730dd7a"
+SRC_URI[sha256sum] = "4e9c3082dff8896cb6b6bea9bb2200d82fb0d7c8d8c8fc9b18704fe553316237"
 
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netbase/"
 do_install () {
-- 
2.17.1

[OE-core][dunfell 09/12] netbase: bump PE to purge bogus hash equivalence from autobuilder

[Steve Sakoman]

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/netbase/netbase_6.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/netbase/netbase_6.1.bb b/meta/recipes-core/netbase/netbase_6.1.bb
index 0153746a90..21af3a6c7d 100644
--- a/meta/recipes-core/netbase/netbase_6.1.bb
+++ b/meta/recipes-core/netbase/netbase_6.1.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "http://packages.debian.org/netbase"
 SECTION = "base"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://debian/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
-PE = "1"
+PE = "2"
 
 SRC_URI = "${DEBIAN_MIRROR}/main/n/${BPN}/${BPN}_${PV}~bpo10+1.tar.xz"
 S = "${WORKDIR}/${BPN}-${PV}~bpo10+1"
-- 
2.17.1

[OE-core][dunfell 10/12] ruby: fix CVE-2020-25613

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ruby/ruby/CVE-2020-25613.patch            | 40 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_2.7.1.bb      |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
new file mode 100644
index 0000000000..1abcb7547e
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
@@ -0,0 +1,40 @@
+From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
+From: Yusuke Endoh <mame@ruby-lang.org>
+Date: Tue, 29 Sep 2020 13:15:58 +0900
+Subject: [PATCH] Make it more strict to interpret some headers
+
+Some regexps were too tolerant.
+
+Upstream-Status: Backport
+[https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7]
+CVE: CVE-2020-25613
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/webrick/httprequest.rb | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
+index 294bd91..d34eac7 100644
+--- a/lib/webrick/httprequest.rb
++++ b/lib/webrick/httprequest.rb
+@@ -227,9 +227,9 @@ def parse(socket=nil)
+         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
+       end
+ 
+-      if /close/io =~ self["connection"]
++      if /\Aclose\z/io =~ self["connection"]
+         @keep_alive = false
+-      elsif /keep-alive/io =~ self["connection"]
++      elsif /\Akeep-alive\z/io =~ self["connection"]
+         @keep_alive = true
+       elsif @http_version < "1.1"
+         @keep_alive = false
+@@ -508,7 +508,7 @@ def read_body(socket, block)
+       return unless socket
+       if tc = self['transfer-encoding']
+         case tc
+-        when /chunked/io then read_chunked(socket, block)
++        when /\Achunked\z/io then read_chunked(socket, block)
+         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
+         end
+       elsif self['content-length'] || @remaining_size
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.1.bb b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
index 3dd9fb0a62..f87686f6f7 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
@@ -6,6 +6,7 @@ SRC_URI += " \
            file://remove_has_include_macros.patch \
            file://run-ptest \
            file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
+           file://CVE-2020-25613.patch \
            "
 
 SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
-- 
2.17.1

[OE-core][dunfell 11/12] grub: fix several CVEs in grub 2.04

[Steve Sakoman]

From: Yongxin Liu <yongxin.liu@windriver.com>

Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.

CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch

CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch

CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch

CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67329184985a03534f11f95e9df5f9fb2305a261)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-we-always-have-an-overflow-checking.patch |  246 +++
 ...dd-LVM-cache-logical-volume-handling.patch |  287 +++
 ...003-calloc-Use-calloc-at-most-places.patch | 1859 +++++++++++++++++
 ...e-arithmetic-primitives-that-check-f.patch |   94 +
 ...low-checking-primitives-where-we-do-.patch | 1326 ++++++++++++
 ...used-fields-from-grub_script_functio.patch |   37 +
 ...se-after-free-when-redefining-a-func.patch |  113 +
 ...er-overflows-in-initrd-size-handling.patch |  173 ++
 meta/recipes-bsp/grub/grub2.inc               |    8 +
 9 files changed, 4143 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
 create mode 100644 meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
 create mode 100644 meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
 create mode 100644 meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
 create mode 100644 meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
 create mode 100644 meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
 create mode 100644 meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
 create mode 100644 meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch

diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
new file mode 100644
index 0000000000..c9536e68ef
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -0,0 +1,246 @@
+From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:15:29 -0400
+Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking
+ calloc() available
+
+This tries to make sure that everywhere in this source tree, we always have
+an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
+available, and that they all safely check for overflow and return NULL when
+it would occur.
+
+Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/kern/emu/misc.c          | 12 ++++++++++++
+ grub-core/kern/emu/mm.c            | 10 ++++++++++
+ grub-core/kern/mm.c                | 40 ++++++++++++++++++++++++++++++++++++++
+ grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++--
+ grub-core/lib/posix_wrap/stdlib.h  |  8 +++++++-
+ include/grub/emu/misc.h            |  1 +
+ include/grub/mm.h                  |  6 ++++++
+ 7 files changed, 85 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
+index 65db79b..dfd8a8e 100644
+--- a/grub-core/kern/emu/misc.c
++++ b/grub-core/kern/emu/misc.c
+@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
+   exit (1);
+ }
+ 
++void *
++xcalloc (grub_size_t nmemb, grub_size_t size)
++{
++  void *p;
++
++  p = calloc (nmemb, size);
++  if (!p)
++    grub_util_error ("%s", _("out of memory"));
++
++  return p;
++}
++
+ void *
+ xmalloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
+index f262e95..145b01d 100644
+--- a/grub-core/kern/emu/mm.c
++++ b/grub-core/kern/emu/mm.c
+@@ -25,6 +25,16 @@
+ #include <string.h>
+ #include <grub/i18n.h>
+ 
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++  void *ret;
++  ret = calloc (nmemb, size);
++  if (!ret)
++    grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
++  return ret;
++}
++
+ void *
+ grub_malloc (grub_size_t size)
+ {
+diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
+index ee88ff6..f2822a8 100644
+--- a/grub-core/kern/mm.c
++++ b/grub-core/kern/mm.c
+@@ -67,8 +67,10 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/mm_private.h>
++#include <grub/safemath.h>
+ 
+ #ifdef MM_DEBUG
++# undef grub_calloc
+ # undef grub_malloc
+ # undef grub_zalloc
+ # undef grub_realloc
+@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
+   return 0;
+ }
+ 
++/*
++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
++ * integer overflow.
++ */
++void *
++grub_calloc (grub_size_t nmemb, grub_size_t size)
++{
++  void *ret;
++  grub_size_t sz = 0;
++
++  if (grub_mul (nmemb, size, &sz))
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++      return NULL;
++    }
++
++  ret = grub_memalign (0, sz);
++  if (!ret)
++    return NULL;
++
++  grub_memset (ret, 0, sz);
++  return ret;
++}
++
+ /* Allocate SIZE bytes and return the pointer.  */
+ void *
+ grub_malloc (grub_size_t size)
+@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
+   grub_printf ("\n");
+ }
+ 
++void *
++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
++{
++  void *ptr;
++
++  if (grub_mm_debug)
++    grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
++		 file, line, size);
++  ptr = grub_calloc (nmemb, size);
++  if (grub_mm_debug)
++    grub_printf ("%p\n", ptr);
++  return ptr;
++}
++
+ void *
+ grub_debug_malloc (const char *file, int line, grub_size_t size)
+ {
+diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
+index beeb661..74c6eaf 100644
+--- a/grub-core/lib/libgcrypt_wrap/mem.c
++++ b/grub-core/lib/libgcrypt_wrap/mem.c
+@@ -4,6 +4,7 @@
+ #include <grub/crypto.h>
+ #include <grub/dl.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -36,7 +37,10 @@ void *
+ gcry_xcalloc (size_t n, size_t m)
+ {
+   void *ret;
+-  ret = grub_zalloc (n * m);
++  size_t sz;
++  if (grub_mul (n, m, &sz))
++    grub_fatal ("gcry_xcalloc would overflow");
++  ret = grub_zalloc (sz);
+   if (!ret)
+     grub_fatal ("gcry_xcalloc failed");
+   return ret;
+@@ -56,7 +60,10 @@ void *
+ gcry_xcalloc_secure (size_t n, size_t m)
+ {
+   void *ret;
+-  ret = grub_zalloc (n * m);
++  size_t sz;
++  if (grub_mul (n, m, &sz))
++    grub_fatal ("gcry_xcalloc would overflow");
++  ret = grub_zalloc (sz);
+   if (!ret)
+     grub_fatal ("gcry_xcalloc failed");
+   return ret;
+diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
+index 3b46f47..7a8d385 100644
+--- a/grub-core/lib/posix_wrap/stdlib.h
++++ b/grub-core/lib/posix_wrap/stdlib.h
+@@ -21,6 +21,7 @@
+ 
+ #include <grub/mm.h>
+ #include <grub/misc.h>
++#include <grub/safemath.h>
+ 
+ static inline void 
+ free (void *ptr)
+@@ -37,7 +38,12 @@ malloc (grub_size_t size)
+ static inline void *
+ calloc (grub_size_t size, grub_size_t nelem)
+ {
+-  return grub_zalloc (size * nelem);
++  grub_size_t sz;
++
++  if (grub_mul (size, nelem, &sz))
++    return NULL;
++
++  return grub_zalloc (sz);
+ }
+ 
+ static inline void *
+diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
+index ce464cf..ff9c48a 100644
+--- a/include/grub/emu/misc.h
++++ b/include/grub/emu/misc.h
+@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
+ #define GRUB_HOST_PRIuLONG_LONG "llu"
+ #define GRUB_HOST_PRIxLONG_LONG "llx"
+ 
++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
+ void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
+ char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
+diff --git a/include/grub/mm.h b/include/grub/mm.h
+index 28e2e53..9c38dd3 100644
+--- a/include/grub/mm.h
++++ b/include/grub/mm.h
+@@ -29,6 +29,7 @@
+ #endif
+ 
+ void grub_mm_init_region (void *addr, grub_size_t size);
++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
+ void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
+ void EXPORT_FUNC(grub_free) (void *ptr);
+@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
+ void grub_mm_dump_free (void);
+ void grub_mm_dump (unsigned lineno);
+ 
++#define grub_calloc(nmemb, size)	\
++  grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
++
+ #define grub_malloc(size)	\
+   grub_debug_malloc (GRUB_FILE, __LINE__, size)
+ 
+@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
+ #define grub_free(ptr)	\
+   grub_debug_free (GRUB_FILE, __LINE__, ptr)
+ 
++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
++				      grub_size_t nmemb, grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
+ 				      grub_size_t size);
+ void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
new file mode 100644
index 0000000000..2b8157f592
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
@@ -0,0 +1,287 @@
+From 8eb02bcb5897b238b29ff762402bb0c3028f0eab Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Thu, 19 Mar 2020 13:56:13 +0800
+Subject: [PATCH 3/9] lvm: Add LVM cache logical volume handling
+
+The LVM cache logical volume is the logical volume consisting of the original
+and the cache pool logical volume. The original is usually on a larger and
+slower storage device while the cache pool is on a smaller and faster one. The
+performance of the original volume can be improved by storing the frequently
+used data on the cache pool to utilize the greater performance of faster
+device.
+
+The default cache mode "writethrough" ensures that any data written will be
+stored both in the cache and on the origin LV, therefore grub can be straight
+to read the original lv as no data loss is guarenteed.
+
+The second cache mode is "writeback", which delays writing from the cache pool
+back to the origin LV to have increased performance. The drawback is potential
+data loss if losing the associated cache device.
+
+During the boot time grub reads the LVM offline i.e. LVM volumes are not
+activated and mounted, hence it should be fine to read directly from original
+lv since all cached data should have been flushed back in the process of taking
+it offline.
+
+It is also not much helpful to the situation by adding fsync calls to the
+install code. The fsync did not force to write back dirty cache to the original
+device and rather it would update associated cache metadata to complete the
+write transaction with the cache device. IOW the writes to cached blocks still
+go only to the cache device.
+
+To write back dirty cache, as LVM cache did not support dirty cache flush per
+block range, there'no way to do it for file. On the other hand the "cleaner"
+policy is implemented and can be used to write back "all" dirty blocks in a
+cache, which effectively drain all dirty cache gradually to attain and last in
+the "clean" state, which can be useful for shrinking or decommissioning a
+cache. The result and effect is not what we are looking for here.
+
+In conclusion, as it seems no way to enforce file writes to the original
+device, grub may suffer from power failure as it cannot assemble the cache
+device and read the dirty data from it. However since the case is only
+applicable to writeback mode which is sensitive to data lost in nature, I'd
+still like to propose my (relatively simple) patch and treat reading dirty
+cache as improvement.
+
+Upstream-Status: Backport [commit 0454b0445393aafc5600e92ef0c39494e333b135
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/disk/lvm.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 190 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 7b265c7..dc6b83b 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -33,6 +33,14 @@
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
++struct cache_lv
++{
++  struct grub_diskfilter_lv *lv;
++  char *cache_pool;
++  char *origin;
++  struct cache_lv *next;
++};
++
+ \f
+ /* Go the string STR and return the number after STR.  *P will point
+    at the number.  In case STR is not found, *P will be NULL and the
+@@ -95,6 +103,34 @@ grub_lvm_check_flag (char *p, const char *str, const char *flag)
+     }
+ }
+ 
++static void
++grub_lvm_free_cache_lvs (struct cache_lv *cache_lvs)
++{
++  struct cache_lv *cache;
++
++  while ((cache = cache_lvs))
++    {
++      cache_lvs = cache_lvs->next;
++
++      if (cache->lv)
++	{
++	  unsigned int i;
++
++	  for (i = 0; i < cache->lv->segment_count; ++i)
++	    if (cache->lv->segments)
++	      grub_free (cache->lv->segments[i].nodes);
++	  grub_free (cache->lv->segments);
++	  grub_free (cache->lv->fullname);
++	  grub_free (cache->lv->idname);
++	  grub_free (cache->lv->name);
++	}
++      grub_free (cache->lv);
++      grub_free (cache->origin);
++      grub_free (cache->cache_pool);
++      grub_free (cache);
++    }
++}
++
+ static struct grub_diskfilter_vg * 
+ grub_lvm_detect (grub_disk_t disk,
+ 		 struct grub_diskfilter_pv_id *id,
+@@ -242,6 +278,8 @@ grub_lvm_detect (grub_disk_t disk,
+ 
+   if (! vg)
+     {
++      struct cache_lv *cache_lvs = NULL;
++
+       /* First time we see this volume group. We've to create the
+ 	 whole volume group structure. */
+       vg = grub_malloc (sizeof (*vg));
+@@ -671,6 +709,106 @@ grub_lvm_detect (grub_disk_t disk,
+ 			  seg->nodes[seg->node_count - 1].name = tmp;
+ 			}
+ 		    }
++		  else if (grub_memcmp (p, "cache\"",
++				   sizeof ("cache\"") - 1) == 0)
++		    {
++		      struct cache_lv *cache = NULL;
++
++		      char *p2, *p3;
++		      grub_size_t sz;
++
++		      cache = grub_zalloc (sizeof (*cache));
++		      if (!cache)
++			goto cache_lv_fail;
++		      cache->lv = grub_zalloc (sizeof (*cache->lv));
++		      if (!cache->lv)
++			goto cache_lv_fail;
++		      grub_memcpy (cache->lv, lv, sizeof (*cache->lv));
++
++		      if (lv->fullname)
++			{
++			  cache->lv->fullname = grub_strdup (lv->fullname);
++			  if (!cache->lv->fullname)
++			    goto cache_lv_fail;
++			}
++		      if (lv->idname)
++			{
++			  cache->lv->idname = grub_strdup (lv->idname);
++			  if (!cache->lv->idname)
++			    goto cache_lv_fail;
++			}
++		      if (lv->name)
++			{
++			  cache->lv->name = grub_strdup (lv->name);
++			  if (!cache->lv->name)
++			    goto cache_lv_fail;
++			}
++
++		      skip_lv = 1;
++
++		      p2 = grub_strstr (p, "cache_pool = \"");
++		      if (!p2)
++			goto cache_lv_fail;
++
++		      p2 = grub_strchr (p2, '"');
++		      if (!p2)
++			goto cache_lv_fail;
++
++		      p3 = ++p2;
++		      p3 = grub_strchr (p3, '"');
++		      if (!p3)
++			goto cache_lv_fail;
++
++		      sz = p3 - p2;
++
++		      cache->cache_pool = grub_malloc (sz + 1);
++		      if (!cache->cache_pool)
++			goto cache_lv_fail;
++		      grub_memcpy (cache->cache_pool, p2, sz);
++		      cache->cache_pool[sz] = '\0';
++
++		      p2 = grub_strstr (p, "origin = \"");
++		      if (!p2)
++			goto cache_lv_fail;
++
++		      p2 = grub_strchr (p2, '"');
++		      if (!p2)
++			goto cache_lv_fail;
++
++		      p3 = ++p2;
++		      p3 = grub_strchr (p3, '"');
++		      if (!p3)
++			goto cache_lv_fail;
++
++		      sz = p3 - p2;
++
++		      cache->origin = grub_malloc (sz + 1);
++		      if (!cache->origin)
++			goto cache_lv_fail;
++		      grub_memcpy (cache->origin, p2, sz);
++		      cache->origin[sz] = '\0';
++
++		      cache->next = cache_lvs;
++		      cache_lvs = cache;
++		      break;
++
++		    cache_lv_fail:
++		      if (cache)
++			{
++			  grub_free (cache->origin);
++			  grub_free (cache->cache_pool);
++			  if (cache->lv)
++			    {
++			      grub_free (cache->lv->fullname);
++			      grub_free (cache->lv->idname);
++			      grub_free (cache->lv->name);
++			    }
++			  grub_free (cache->lv);
++			  grub_free (cache);
++			}
++		      grub_lvm_free_cache_lvs (cache_lvs);
++		      goto fail4;
++		    }
+ 		  else
+ 		    {
+ #ifdef GRUB_UTIL
+@@ -747,6 +885,58 @@ grub_lvm_detect (grub_disk_t disk,
+ 	      }
+ 	
+       }
++
++      {
++	struct cache_lv *cache;
++
++	for (cache = cache_lvs; cache; cache = cache->next)
++	  {
++	    struct grub_diskfilter_lv *lv;
++
++	    for (lv = vg->lvs; lv; lv = lv->next)
++	      if (grub_strcmp (lv->name, cache->origin) == 0)
++		break;
++	    if (lv)
++	      {
++		cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments));
++		if (!cache->lv->segments)
++		  {
++		    grub_lvm_free_cache_lvs (cache_lvs);
++		    goto fail4;
++		  }
++		grub_memcpy (cache->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments));
++
++		for (i = 0; i < lv->segment_count; ++i)
++		  {
++		    struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
++		    grub_size_t node_count = lv->segments[i].node_count;
++
++		    cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes));
++		    if (!cache->lv->segments[i].nodes)
++		      {
++			for (j = 0; j < i; ++j)
++			  grub_free (cache->lv->segments[j].nodes);
++			grub_free (cache->lv->segments);
++			cache->lv->segments = NULL;
++			grub_lvm_free_cache_lvs (cache_lvs);
++			goto fail4;
++		      }
++		    grub_memcpy (cache->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes));
++		  }
++
++		if (cache->lv->segments)
++		  {
++		    cache->lv->segment_count = lv->segment_count;
++		    cache->lv->vg = vg;
++		    cache->lv->next = vg->lvs;
++		    vg->lvs = cache->lv;
++		    cache->lv = NULL;
++		  }
++	      }
++	  }
++      }
++
++      grub_lvm_free_cache_lvs (cache_lvs);
+       if (grub_diskfilter_vg_register (vg))
+ 	goto fail4;
+     }
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
new file mode 100644
index 0000000000..eb3e42c3af
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
@@ -0,0 +1,1859 @@
+From bcdd6a55952222ec9829a59348240a4f983b0b56 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:26:01 -0400
+Subject: [PATCH 4/9] calloc: Use calloc() at most places
+
+This modifies most of the places we do some form of:
+
+  X = malloc(Y * Z);
+
+to use calloc(Y, Z) instead.
+
+Among other issues, this fixes:
+  - allocation of integer overflow in grub_png_decode_image_header()
+    reported by Chris Coulson,
+  - allocation of integer overflow in luks_recover_key()
+    reported by Chris Coulson,
+  - allocation of integer overflow in grub_lvm_detect()
+    reported by Chris Coulson.
+
+Fixes: CVE-2020-14308
+
+Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/bus/usb/usbhub.c                |  8 ++++----
+ grub-core/commands/efi/lsefisystab.c      |  3 ++-
+ grub-core/commands/legacycfg.c            |  6 +++---
+ grub-core/commands/menuentry.c            |  2 +-
+ grub-core/commands/nativedisk.c           |  2 +-
+ grub-core/commands/parttool.c             | 12 +++++++++---
+ grub-core/commands/regexp.c               |  2 +-
+ grub-core/commands/search_wrap.c          |  2 +-
+ grub-core/disk/diskfilter.c               |  4 ++--
+ grub-core/disk/ieee1275/ofdisk.c          |  2 +-
+ grub-core/disk/ldm.c                      | 14 +++++++-------
+ grub-core/disk/luks.c                     |  2 +-
+ grub-core/disk/lvm.c                      | 12 ++++++------
+ grub-core/disk/xen/xendisk.c              |  2 +-
+ grub-core/efiemu/loadcore.c               |  2 +-
+ grub-core/efiemu/mm.c                     |  6 +++---
+ grub-core/font/font.c                     |  3 +--
+ grub-core/fs/affs.c                       |  6 +++---
+ grub-core/fs/btrfs.c                      |  6 +++---
+ grub-core/fs/hfs.c                        |  2 +-
+ grub-core/fs/hfsplus.c                    |  6 +++---
+ grub-core/fs/iso9660.c                    |  2 +-
+ grub-core/fs/ntfs.c                       |  4 ++--
+ grub-core/fs/sfs.c                        |  2 +-
+ grub-core/fs/tar.c                        |  2 +-
+ grub-core/fs/udf.c                        |  4 ++--
+ grub-core/fs/zfs/zfs.c                    |  4 ++--
+ grub-core/gfxmenu/gui_string_util.c       |  2 +-
+ grub-core/gfxmenu/widget-box.c            |  4 ++--
+ grub-core/io/gzio.c                       |  2 +-
+ grub-core/kern/efi/efi.c                  |  6 +++---
+ grub-core/kern/emu/hostdisk.c             |  2 +-
+ grub-core/kern/fs.c                       |  2 +-
+ grub-core/kern/misc.c                     |  2 +-
+ grub-core/kern/parser.c                   |  2 +-
+ grub-core/kern/uboot/uboot.c              |  2 +-
+ grub-core/lib/libgcrypt/cipher/ac.c       |  8 ++++----
+ grub-core/lib/libgcrypt/cipher/primegen.c |  4 ++--
+ grub-core/lib/libgcrypt/cipher/pubkey.c   |  4 ++--
+ grub-core/lib/priority_queue.c            |  2 +-
+ grub-core/lib/reed_solomon.c              |  7 +++----
+ grub-core/lib/relocator.c                 | 10 +++++-----
+ grub-core/lib/zstd/fse_decompress.c       |  2 +-
+ grub-core/loader/arm/linux.c              |  2 +-
+ grub-core/loader/efi/chainloader.c        |  2 +-
+ grub-core/loader/i386/bsdXX.c             |  2 +-
+ grub-core/loader/i386/xnu.c               |  4 ++--
+ grub-core/loader/macho.c                  |  2 +-
+ grub-core/loader/multiboot_elfxx.c        |  2 +-
+ grub-core/loader/xnu.c                    |  2 +-
+ grub-core/mmap/mmap.c                     |  4 ++--
+ grub-core/net/bootp.c                     |  2 +-
+ grub-core/net/dns.c                       | 10 +++++-----
+ grub-core/net/net.c                       |  4 ++--
+ grub-core/normal/charset.c                | 10 +++++-----
+ grub-core/normal/cmdline.c                | 14 +++++++-------
+ grub-core/normal/menu_entry.c             | 14 +++++++-------
+ grub-core/normal/menu_text.c              |  4 ++--
+ grub-core/normal/term.c                   |  4 ++--
+ grub-core/osdep/linux/getroot.c           |  6 +++---
+ grub-core/osdep/unix/config.c             |  2 +-
+ grub-core/osdep/windows/getroot.c         |  2 +-
+ grub-core/osdep/windows/hostdisk.c        |  4 ++--
+ grub-core/osdep/windows/init.c            |  2 +-
+ grub-core/osdep/windows/platform.c        |  4 ++--
+ grub-core/osdep/windows/relpath.c         |  2 +-
+ grub-core/partmap/gpt.c                   |  2 +-
+ grub-core/partmap/msdos.c                 |  2 +-
+ grub-core/script/execute.c                |  2 +-
+ grub-core/tests/fake_input.c              |  2 +-
+ grub-core/tests/video_checksum.c          |  6 +++---
+ grub-core/video/capture.c                 |  2 +-
+ grub-core/video/emu/sdl.c                 |  2 +-
+ grub-core/video/i386/pc/vga.c             |  2 +-
+ grub-core/video/readers/png.c             |  2 +-
+ include/grub/unicode.h                    |  4 ++--
+ util/getroot.c                            |  2 +-
+ util/grub-file.c                          |  2 +-
+ util/grub-fstest.c                        |  4 ++--
+ util/grub-install-common.c                |  2 +-
+ util/grub-install.c                       |  4 ++--
+ util/grub-mkimagexx.c                     |  6 ++----
+ util/grub-mkrescue.c                      |  4 ++--
+ util/grub-mkstandalone.c                  |  2 +-
+ util/grub-pe2elf.c                        | 12 +++++-------
+ util/grub-probe.c                         |  4 ++--
+ 86 files changed, 178 insertions(+), 177 deletions(-)
+
+diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c
+index 34a7ff1..a06cce3 100644
+--- a/grub-core/bus/usb/usbhub.c
++++ b/grub-core/bus/usb/usbhub.c
+@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev)
+   grub_usb_set_configuration (dev, 1);
+ 
+   dev->nports = hubdesc.portcnt;
+-  dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0]));
+-  dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0]));
++  dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0]));
++  dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0]));
+   if (!dev->children || !dev->ports)
+     {
+       grub_free (dev->children);
+@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d
+ 
+   /* Query the number of ports the root Hub has.  */
+   hub->nports = controller->dev->hubports (controller);
+-  hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports);
+-  hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports);
++  hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0]));
++  hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0]));
+   if (!hub->devices || !hub->ports)
+     {
+       grub_free (hub->devices);
+diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c
+index df10302..cd81507 100644
+--- a/grub-core/commands/efi/lsefisystab.c
++++ b/grub-core/commands/efi/lsefisystab.c
+@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
+     grub_printf ("Vendor: ");
+     
+     for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++);
+-    vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1);
++    /* Allocate extra 3 bytes to simplify math. */
++    vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1);
+     if (!vendor)
+       return grub_errno;
+     *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor,
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index db7a8f0..5e3ec0d 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+   if (argc < 2)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ 
+-  cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1));
++  cutargs = grub_calloc (argc - 1, sizeof (cutargs[0]));
+   if (!cutargs)
+     return grub_errno;
+   cutargc = argc - 1;
+@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
+ 	    {
+ 	      char rbuf[3] = "-r";
+ 	      bsdargc = cutargc + 2;
+-	      bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc);
++	      bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0]));
+ 	      if (!bsdargs)
+ 		{
+ 		  err = grub_errno;
+@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"),
+ 			   "module");
+ 
+-      newargs = grub_malloc ((argc + 1) * sizeof (newargs[0]));
++      newargs = grub_calloc (argc + 1, sizeof (newargs[0]));
+       if (!newargs)
+ 	return grub_errno;
+       grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0]));
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 2c5363d..9164df7 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
+     goto fail;
+ 
+   /* Save argc, args to pass as parameters to block arg later. */
+-  menu_args = grub_malloc (sizeof (char*) * (argc + 1));
++  menu_args = grub_calloc (argc + 1, sizeof (char *));
+   if (! menu_args)
+     goto fail;
+ 
+diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
+index 699447d..7c8f97f 100644
+--- a/grub-core/commands/nativedisk.c
++++ b/grub-core/commands/nativedisk.c
+@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
+   else
+     path_prefix = prefix;
+ 
+-  mods = grub_malloc (argc * sizeof (mods[0]));
++  mods = grub_calloc (argc, sizeof (mods[0]));
+   if (!mods)
+     return grub_errno;
+ 
+diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c
+index 22b46b1..051e313 100644
+--- a/grub-core/commands/parttool.c
++++ b/grub-core/commands/parttool.c
+@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name,
+   for (nargs = 0; args[nargs].name != 0; nargs++);
+   cur->nargs = nargs;
+   cur->args = (struct grub_parttool_argdesc *)
+-    grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc));
++    grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc));
++  if (!cur->args)
++    {
++      grub_free (cur);
++      curhandle--;
++      return -1;
++    }
+   grub_memcpy (cur->args, args,
+ 	       (nargs + 1) * sizeof (struct grub_parttool_argdesc));
+ 
+@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ 	return err;
+       }
+ 
+-  parsed = (int *) grub_zalloc (argc * sizeof (int));
++  parsed = (int *) grub_calloc (argc, sizeof (int));
+ 
+   for (i = 1; i < argc; i++)
+     if (! parsed[i])
+@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
+ 	  }
+ 	ptool = cur;
+ 	pargs = (struct grub_parttool_args *)
+-	  grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args));
++	  grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args));
+ 	for (j = i; j < argc; j++)
+ 	  if (! parsed[j])
+ 	    {
+diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c
+index f00b184..4019164 100644
+--- a/grub-core/commands/regexp.c
++++ b/grub-core/commands/regexp.c
+@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args)
+   if (ret)
+     goto fail;
+ 
+-  matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1));
++  matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches));
+   if (! matches)
+     goto fail;
+ 
+diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
+index d7fd26b..47fc8eb 100644
+--- a/grub-core/commands/search_wrap.c
++++ b/grub-core/commands/search_wrap.c
+@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
+     for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++)
+       nhints++;
+ 
+-  hints = grub_malloc (sizeof (hints[0]) * nhints);
++  hints = grub_calloc (nhints, sizeof (hints[0]));
+   if (!hints)
+     return grub_errno;
+   j = 0;
+diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
+index c3b578a..68ca9e0 100644
+--- a/grub-core/disk/diskfilter.c
++++ b/grub-core/disk/diskfilter.c
+@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
+   array->lvs->segments->node_count = nmemb;
+   array->lvs->segments->raid_member_size = disk_size;
+   array->lvs->segments->nodes
+-    = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0]));
++    = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
+   array->lvs->segments->stripe_size = stripe_size;
+   for (i = 0; i < nmemb; i++)
+     {
+@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
+ 	  grub_partition_t p;
+ 	  for (p = disk->partition; p; p = p->parent)
+ 	    s++;
+-	  pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0]));
++	  pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0]));
+ 	  s = 0;
+ 	  for (p = disk->partition; p; p = p->parent)
+ 	    pv->partmaps[s++] = xstrdup (p->partmap->name);
+diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
+index f73257e..03674cb 100644
+--- a/grub-core/disk/ieee1275/ofdisk.c
++++ b/grub-core/disk/ieee1275/ofdisk.c
+@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
+       /* Power machines documentation specify 672 as maximum SAS disks in
+          one system. Using a slightly larger value to be safe. */
+       table_size = 768;
+-      table = grub_malloc (table_size * sizeof (grub_uint64_t));
++      table = grub_calloc (table_size, sizeof (grub_uint64_t));
+ 
+       if (!table)
+         {
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 2a22d2d..e632370 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk,
+ 	  lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ 	  lv->segments->node_count = 0;
+ 	  lv->segments->node_alloc = 8;
+-	  lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes)
+-					     * lv->segments->node_alloc);
++	  lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
++					     sizeof (*lv->segments->nodes));
+ 	  if (!lv->segments->nodes)
+ 	    goto fail2;
+ 	  ptr = vblk[i].dynamic;
+@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk,
+ 	    {
+ 	      comp->segment_alloc = 8;
+ 	      comp->segment_count = 0;
+-	      comp->segments = grub_malloc (sizeof (*comp->segments)
+-					    * comp->segment_alloc);
++	      comp->segments = grub_calloc (comp->segment_alloc,
++					    sizeof (*comp->segments));
+ 	      if (!comp->segments)
+ 		goto fail2;
+ 	    }
+@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk,
+ 		}
+ 	      comp->segments->node_count = read_int (ptr + 1, *ptr);
+ 	      comp->segments->node_alloc = comp->segments->node_count;
+-	      comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes)
+-						   * comp->segments->node_alloc);
++	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
++						   sizeof (*comp->segments->nodes));
+ 	      if (!lv->segments->nodes)
+ 		goto fail2;
+ 	    }
+@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors,
+       *nsectors = lv->size;
+       if (*nsectors > max_nsectors)
+ 	*nsectors = max_nsectors;
+-      *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++      *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+       if (!*sectors)
+ 	return grub_errno;
+       for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 86c50c6..18b3a8b 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source,
+ 	&& grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
+       max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
+ 
+-  split_key = grub_malloc (keysize * max_stripes);
++  split_key = grub_calloc (keysize, max_stripes);
+   if (!split_key)
+     return grub_errno;
+ 
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index dc6b83b..7b5fbbc 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -209,7 +209,7 @@ grub_lvm_detect (grub_disk_t disk,
+      first one.  */
+ 
+   /* Allocate buffer space for the circular worst-case scenario. */
+-  metadatabuf = grub_malloc (2 * mda_size);
++  metadatabuf = grub_calloc (2, mda_size);
+   if (! metadatabuf)
+     goto fail;
+ 
+@@ -464,7 +464,7 @@ grub_lvm_detect (grub_disk_t disk,
+ #endif
+ 		  goto lvs_fail;
+ 		}
+-	      lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count);
++	      lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
+ 	      seg = lv->segments;
+ 
+ 	      for (i = 0; i < lv->segment_count; i++)
+@@ -521,8 +521,8 @@ grub_lvm_detect (grub_disk_t disk,
+ 		      if (seg->node_count != 1)
+ 			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
+ 
+-		      seg->nodes = grub_zalloc (sizeof (*stripe)
+-						* seg->node_count);
++		      seg->nodes = grub_calloc (seg->node_count,
++						sizeof (*stripe));
+ 		      stripe = seg->nodes;
+ 
+ 		      p = grub_strstr (p, "stripes = [");
+@@ -898,7 +898,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 		break;
+ 	    if (lv)
+ 	      {
+-		cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments));
++		cache->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments));
+ 		if (!cache->lv->segments)
+ 		  {
+ 		    grub_lvm_free_cache_lvs (cache_lvs);
+@@ -911,7 +911,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 		    struct grub_diskfilter_node *nodes = lv->segments[i].nodes;
+ 		    grub_size_t node_count = lv->segments[i].node_count;
+ 
+-		    cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes));
++		    cache->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes));
+ 		    if (!cache->lv->segments[i].nodes)
+ 		      {
+ 			for (j = 0; j < i; ++j)
+diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c
+index 48476cb..d6612ee 100644
+--- a/grub-core/disk/xen/xendisk.c
++++ b/grub-core/disk/xen/xendisk.c
+@@ -426,7 +426,7 @@ grub_xendisk_init (void)
+   if (!ctr)
+     return;
+ 
+-  virtdisks = grub_malloc (ctr * sizeof (virtdisks[0]));
++  virtdisks = grub_calloc (ctr, sizeof (virtdisks[0]));
+   if (!virtdisks)
+     return;
+   if (grub_xenstore_dir ("device/vbd", fill, &ctr))
+diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c
+index 44085ef..2b92462 100644
+--- a/grub-core/efiemu/loadcore.c
++++ b/grub-core/efiemu/loadcore.c
+@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e)
+ 
+   grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize;
+   grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *)
+-    grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms);
++    grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym));
+ 
+   /* Relocators */
+   for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
+diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c
+index 52a032f..9b8e0d0 100644
+--- a/grub-core/efiemu/mm.c
++++ b/grub-core/efiemu/mm.c
+@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void)
+   /* Initialize variables*/
+   grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE);
+   scanline_events = (struct grub_efiemu_mmap_scan *)
+-    grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num);
++    grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2);
+ 
+   /* Number of chunks can't increase more than by factor of 2 */
+   result = (grub_efi_memory_descriptor_t *)
+-    grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num);
++    grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2);
+   if (!result || !scanline_events)
+     {
+       grub_free (result);
+@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void)
+ 
+   /* Preallocate mmap */
+   efiemu_mmap = (grub_efi_memory_descriptor_t *)
+-    grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t));
++    grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t));
+   if (!efiemu_mmap)
+     {
+       grub_efiemu_unload ();
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 85a2925..8e118b3 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct
+   font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE;
+ 
+   /* Allocate the character index array.  */
+-  font->char_index = grub_malloc (font->num_chars
+-				  * sizeof (struct char_index_entry));
++  font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry));
+   if (!font->char_index)
+     return 1;
+   font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t));
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 6b6a2bc..220b371 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node)
+       return 0;
+     }
+   latin1[symlink_size] = 0;
+-  utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++  utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size);
+   if (!utf8)
+     {
+       grub_free (latin1);
+@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ 	return 1;
+     }
+ 
+-  hashtable = grub_zalloc (data->htsize * sizeof (*hashtable));
++  hashtable = grub_calloc (data->htsize, sizeof (*hashtable));
+   if (!hashtable)
+     return 1;
+ 
+@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label)
+       len = file.namelen;
+       if (len > sizeof (file.name))
+ 	len = sizeof (file.name);
+-      *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++      *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len);
+       if (*label)
+ 	*grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
+     }
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 48bd3d0..11272ef 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data,
+     {
+       desc->allocated = 16;
+       desc->depth = 0;
+-      desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated);
++      desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0]));
+       if (!desc->data)
+ 	return grub_errno;
+     }
+@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data,
+   grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY;
+   grub_uint64_t i, failed_devices;
+ 
+-  buffers = grub_zalloc (sizeof(*buffers) * nstripes);
++  buffers = grub_calloc (nstripes, sizeof (*buffers));
+   if (!buffers)
+     goto cleanup;
+ 
+@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
+   *nsectors = 64 * 2 - 1;
+   if (*nsectors > max_nsectors)
+     *nsectors = max_nsectors;
+-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+   if (!*sectors)
+     return grub_errno;
+   for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index ac0a409..3fe842b 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label)
+       grub_size_t len = data->sblock.volname[0];
+       if (len > sizeof (data->sblock.volname) - 1)
+ 	len = sizeof (data->sblock.volname) - 1;
+-      *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
++      *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len);
+       if (*label)
+ 	macroman_to_utf8 (*label, data->sblock.volname + 1,
+ 			  len + 1, 0);
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 54786bb..dae43be 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg)
+   if (! filename)
+     return 0;
+ 
+-  keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname));
++  keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname));
+   if (!keyname)
+     {
+       grub_free (filename);
+@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
+     grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
+ 
+   label_len = grub_be_to_cpu16 (catkey->namelen);
+-  label_name = grub_malloc (label_len * sizeof (*label_name));
++  label_name = grub_calloc (label_len, sizeof (*label_name));
+   if (!label_name)
+     {
+       grub_free (node);
+@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ 	}
+     }
+ 
+-  *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++  *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+   if (! *label)
+     {
+       grub_free (label_name);
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 49c0c63..4f1b52a 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len)
+   int i;
+   grub_uint16_t t[MAX_NAMELEN / 2 + 1];
+ 
+-  p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++  p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
+   if (! p)
+     return NULL;
+ 
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index fc4e1f6..2f34f76 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
+   grub_uint16_t *tmp;
+   grub_size_t i;
+ 
+-  buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
+-  tmp = grub_malloc (len * sizeof (tmp[0]));
++  buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
++  tmp = grub_calloc (len, sizeof (tmp[0]));
+   if (!buf || !tmp)
+     {
+       grub_free (buf);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 50c1fe7..90f7fb3 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+       node->next_extent = node->block;
+       node->cache_size = 0;
+ 
+-      node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size);
++      node->cache = grub_calloc (cache_size, sizeof (node->cache[0]));
+       if (!node->cache)
+ 	{
+ 	  grub_errno = 0;
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 7d63e0c..c551ed6 100644
+--- a/grub-core/fs/tar.c
++++ b/grub-core/fs/tar.c
+@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ 	  if (data->linkname_alloc < linksize + 1)
+ 	    {
+ 	      char *n;
+-	      n = grub_malloc (2 * (linksize + 1));
++	      n = grub_calloc (2, linksize + 1);
+ 	      if (!n)
+ 		return grub_errno;
+ 	      grub_free (data->linkname);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index dc8b6e2..a837616 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+     {
+       unsigned i;
+       utf16len = sz - 1;
+-      utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++      utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+       if (!utf16)
+ 	return NULL;
+       for (i = 0; i < utf16len; i++)
+@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+     {
+       unsigned i;
+       utf16len = (sz - 1) / 2;
+-      utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
++      utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
+       if (!utf16)
+ 	return NULL;
+       for (i = 0; i < utf16len; i++)
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 2f72e42..381dde5 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
+ 	}
+       subvol->nkeys = 0;
+       zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data);
+-      subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
++      subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0]));
+       if (!subvol->keyring)
+ 	{
+ 	  grub_free (fsname);
+@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)),
+   *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS);
+   if (*nsectors > max_nsectors)
+     *nsectors = max_nsectors;
+-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+   if (!*sectors)
+     return grub_errno;
+   for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c
+index a9a415e..ba1e1ea 100644
+--- a/grub-core/gfxmenu/gui_string_util.c
++++ b/grub-core/gfxmenu/gui_string_util.c
+@@ -55,7 +55,7 @@ canonicalize_path (const char *path)
+     if (*p == '/')
+       components++;
+ 
+-  char **path_array = grub_malloc (components * sizeof (*path_array));
++  char **path_array = grub_calloc (components, sizeof (*path_array));
+   if (! path_array)
+     return 0;
+ 
+diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c
+index b606028..470597d 100644
+--- a/grub-core/gfxmenu/widget-box.c
++++ b/grub-core/gfxmenu/widget-box.c
+@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix,
+   box->content_height = 0;
+   box->raw_pixmaps =
+     (struct grub_video_bitmap **)
+-    grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++    grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+   box->scaled_pixmaps =
+     (struct grub_video_bitmap **)
+-    grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *));
++    grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *));
+ 
+   /* Initialize all pixmap pointers to NULL so that proper destruction can
+      be performed if an error is encountered partway through construction.  */
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 6208a97..43d98a7 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -554,7 +554,7 @@ huft_build (unsigned *b,	/* code lengths in bits (all assumed <= BMAX) */
+ 	      z = 1 << j;	/* table entries for j-bit table */
+ 
+ 	      /* allocate and link in new table */
+-	      q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft));
++	      q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft));
+ 	      if (! q)
+ 		{
+ 		  if (h)
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 6e1ceb9..dc31caa 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
+ 
+   len = grub_strlen (var);
+   len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+-  var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++  var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+   if (!var16)
+     return grub_errno;
+   len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+ 
+   len = grub_strlen (var);
+   len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+-  var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
++  var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+   if (!var16)
+     return NULL;
+   len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 	  while (len > 0 && fp->path_name[len - 1] == 0)
+ 	    len--;
+ 
+-	  dup_name = grub_malloc (len * sizeof (*dup_name));
++	  dup_name = grub_calloc (len, sizeof (*dup_name));
+ 	  if (!dup_name)
+ 	    {
+ 	      grub_free (name);
+diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c
+index e9ec680..d975265 100644
+--- a/grub-core/kern/emu/hostdisk.c
++++ b/grub-core/kern/emu/hostdisk.c
+@@ -615,7 +615,7 @@ static char *
+ grub_util_path_concat_real (size_t n, int ext, va_list ap)
+ {
+   size_t totlen = 0;
+-  char **l = xmalloc ((n + ext) * sizeof (l[0]));
++  char **l = xcalloc (n + ext, sizeof (l[0]));
+   char *r, *p, *pi;
+   size_t i;
+   int first = 1;
+diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
+index 2b85f49..f90be65 100644
+--- a/grub-core/kern/fs.c
++++ b/grub-core/kern/fs.c
+@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
+   while (p);
+ 
+   /* Allocate a block list.  */
+-  blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1));
++  blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block));
+   if (! blocks)
+     return 0;
+ 
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index 3b633d5..a7abd36 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -690,7 +690,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
+     args->ptr = args->prealloc;
+   else
+     {
+-      args->ptr = grub_malloc (args->count * sizeof (args->ptr[0]));
++      args->ptr = grub_calloc (args->count, sizeof (args->ptr[0]));
+       if (!args->ptr)
+ 	{
+ 	  grub_errno = GRUB_ERR_NONE;
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 78175aa..619db31 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline,
+     return grub_errno;
+   grub_memcpy (args, buffer, bp - buffer);
+ 
+-  *argv = grub_malloc (sizeof (char *) * (*argc + 1));
++  *argv = grub_calloc (*argc + 1, sizeof (char *));
+   if (!*argv)
+     {
+       grub_free (args);
+diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c
+index be4816f..aac8f9a 100644
+--- a/grub-core/kern/uboot/uboot.c
++++ b/grub-core/kern/uboot/uboot.c
+@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void)
+     return num_devices;
+ 
+   max_devices = 2;
+-  enum_devices = grub_malloc (sizeof(struct device_info) * max_devices);
++  enum_devices = grub_calloc (max_devices, sizeof(struct device_info));
+   if (!enum_devices)
+     return 0;
+ 
+diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c
+index f5e946a..63f6fcd 100644
+--- a/grub-core/lib/libgcrypt/cipher/ac.c
++++ b/grub-core/lib/libgcrypt/cipher/ac.c
+@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
+   gcry_mpi_t mpi;
+   char *label;
+ 
+-  data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
++  data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new));
+   if (! data_mpis_new)
+     {
+       err = gcry_error_from_errno (errno);
+@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
+     }
+ 
+   /* Add MPI list.  */
+-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
++  arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list));
+   if (! arg_list)
+     {
+       err = gcry_error_from_errno (errno);
+@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags,
+   /* We build a list of arguments to pass to
+      gcry_sexp_build_array().  */
+   data_length = _gcry_ac_data_length (data);
+-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
++  arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2);
+   if (! arg_list)
+     {
+       err = gcry_error_from_errno (errno);
+@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
+ 	arg_list_n += 2;
+ 
+   /* Allocate list.  */
+-  arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
++  arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list));
+   if (! arg_list)
+     {
+       err = gcry_error_from_errno (errno);
+diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c
+index 2788e34..b12e79b 100644
+--- a/grub-core/lib/libgcrypt/cipher/primegen.c
++++ b/grub-core/lib/libgcrypt/cipher/primegen.c
+@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor,
+     }
+ 
+   /* Allocate an array to track pool usage. */
+-  pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
++  pool_in_use = gcry_calloc (n, sizeof *pool_in_use);
+   if (!pool_in_use)
+     {
+       err = gpg_err_code_from_errno (errno);
+@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
+   if (nbits < 16)
+     log_fatal ("can't generate a prime with less than %d bits\n", 16);
+ 
+-  mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
++  mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods);
+   /* Make nbits fit into gcry_mpi_t implementation. */
+   val_2  = mpi_alloc_set_ui( 2 );
+   val_3 = mpi_alloc_set_ui( 3);
+diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c
+index 9109821..ca087ad 100644
+--- a/grub-core/lib/libgcrypt/cipher/pubkey.c
++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c
+@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
+        * array to a format string, so we have to do it this way :-(.  */
+       /* FIXME: There is now such a format specifier, so we can
+          change the code to be more clear. */
+-      arg_list = malloc (nelem * sizeof *arg_list);
++      arg_list = calloc (nelem, sizeof *arg_list);
+       if (!arg_list)
+         {
+           rc = gpg_err_code_from_syserror ();
+@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+         }
+       strcpy (p, "))");
+ 
+-      arg_list = malloc (nelem * sizeof *arg_list);
++      arg_list = calloc (nelem, sizeof *arg_list);
+       if (!arg_list)
+         {
+           rc = gpg_err_code_from_syserror ();
+diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c
+index 659be0b..7d5e7c0 100644
+--- a/grub-core/lib/priority_queue.c
++++ b/grub-core/lib/priority_queue.c
+@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize,
+ {
+   struct grub_priority_queue *ret;
+   void *els;
+-  els = grub_malloc (elsize * 8);
++  els = grub_calloc (8, elsize);
+   if (!els)
+     return 0;
+   ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret));
+diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
+index ee9fa7b..467305b 100644
+--- a/grub-core/lib/reed_solomon.c
++++ b/grub-core/lib/reed_solomon.c
+@@ -20,6 +20,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#define xcalloc calloc
+ #define xmalloc malloc
+ #define grub_memset memset
+ #define grub_memcpy memcpy
+@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
+   gf_single_t *rs_polynomial;
+   int i, j;
+   gf_single_t *m;
+-  m = xmalloc ((s + rs) * sizeof (gf_single_t));
++  m = xcalloc (s + rs, sizeof (gf_single_t));
+   grub_memcpy (m, data, s * sizeof (gf_single_t));
+-  grub_memset (m + s, 0, rs * sizeof (gf_single_t));
+-  rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t));
+-  grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t));
++  rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t));
+   rs_polynomial[rs] = 1;
+   /* Multiply with X - a^r */
+   for (j = 0; j < rs; j++)
+diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
+index ea3ebc7..5847aac 100644
+--- a/grub-core/lib/relocator.c
++++ b/grub-core/lib/relocator.c
+@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel,
+   }
+ #endif
+ 
+-  eventt = grub_malloc (maxevents * sizeof (events[0]));
++  eventt = grub_calloc (maxevents, sizeof (events[0]));
+   counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0]));
+-  events = grub_malloc (maxevents * sizeof (events[0]));
++  events = grub_calloc (maxevents, sizeof (events[0]));
+   if (!events || !eventt || !counter)
+     {
+       grub_dprintf ("relocator", "events or counter allocation failed %d\n",
+@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel,
+ #endif
+     unsigned cural = 0;
+     int oom = 0;
+-    res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs);
++    res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0]));
+     if (!res->subchunks)
+       oom = 1;
+     res->nsubchunks = nallocs;
+@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
+ 	    count[(chunk->src & 0xff) + 1]++;
+ 	  }
+     }
+-    from = grub_malloc (nchunks * sizeof (sorted[0]));
+-    to = grub_malloc (nchunks * sizeof (sorted[0]));
++    from = grub_calloc (nchunks, sizeof (sorted[0]));
++    to = grub_calloc (nchunks, sizeof (sorted[0]));
+     if (!from || !to)
+       {
+ 	grub_free (from);
+diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c
+index 72bbead..2227b84 100644
+--- a/grub-core/lib/zstd/fse_decompress.c
++++ b/grub-core/lib/zstd/fse_decompress.c
+@@ -82,7 +82,7 @@
+ FSE_DTable* FSE_createDTable (unsigned tableLog)
+ {
+     if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX;
+-    return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) );
++    return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) );
+ }
+ 
+ void FSE_freeDTable (FSE_DTable* dt)
+diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c
+index 5168491..d70c174 100644
+--- a/grub-core/loader/arm/linux.c
++++ b/grub-core/loader/arm/linux.c
+@@ -78,7 +78,7 @@ linux_prepare_atag (void *target_atag)
+ 
+   /* some place for cmdline, initrd and terminator.  */
+   tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4;
+-  tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t));
++  tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t));
+   if (!tmp_atag)
+     return grub_errno;
+ 
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index cd92ea3..daf8c6b 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -116,7 +116,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
+   fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE;
+   fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE;
+ 
+-  path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
++  path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
+   if (!path_name)
+     return;
+ 
+diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c
+index af6741d..a8d8bf7 100644
+--- a/grub-core/loader/i386/bsdXX.c
++++ b/grub-core/loader/i386/bsdXX.c
+@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
+   if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
+     return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
+ 
+-  *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
++  *shdr = grub_calloc (e->e_shnum, e->e_shentsize);
+   if (! *shdr)
+     return grub_errno;
+ 
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index e64ed08..b7d176b 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d
+     return grub_errno;
+ 
+   len = grub_strlen (name);
+-  utf16 = grub_malloc (sizeof (grub_uint16_t) * len);
++  utf16 = grub_calloc (len, sizeof (grub_uint16_t));
+   if (!utf16)
+     {
+       grub_free (utf8);
+@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor *
+   grub_uint16_t *utf16;
+   grub_err_t err;
+ 
+-  utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen);
++  utf16 = grub_calloc (namelen, sizeof (grub_uint16_t));
+   if (!utf16)
+     return grub_errno;
+   grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen);
+diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c
+index 085f9c6..05710c4 100644
+--- a/grub-core/loader/macho.c
++++ b/grub-core/loader/macho.c
+@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit)
+       if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header))
+ 	  == (grub_off_t) -1)
+ 	goto fail;
+-      archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++      archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+       if (!archs)
+ 	goto fail;
+       if (grub_file_read (macho->file, archs,
+diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
+index 70cd1db..cc68536 100644
+--- a/grub-core/loader/multiboot_elfxx.c
++++ b/grub-core/loader/multiboot_elfxx.c
+@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
+     {
+       grub_uint8_t *shdr, *shdrptr;
+ 
+-      shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize);
++      shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize);
+       if (!shdr)
+ 	return grub_errno;
+       
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 7f74d1d..77d7060 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -800,7 +800,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)),
+   if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC)
+     {
+       narchs = grub_be_to_cpu32 (head.nfat_arch);
+-      archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs);
++      archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch));
+       if (! archs)
+ 	{
+ 	  grub_file_close (file);
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 6a31cba..57b4e9a 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+ 
+   /* Initialize variables. */
+   ctx.scanline_events = (struct grub_mmap_scan *)
+-    grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num);
++    grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2);
+ 
+-  present = grub_zalloc (sizeof (present[0]) * current_priority);
++  present = grub_calloc (current_priority, sizeof (present[0]));
+ 
+   if (! ctx.scanline_events || !present)
+     {
+diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
+index 04cfbb0..6539572 100644
+--- a/grub-core/net/bootp.c
++++ b/grub-core/net/bootp.c
+@@ -766,7 +766,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)),
+   if (ncards == 0)
+     return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found"));
+ 
+-  ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
++  ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
+   if (!ifaces)
+     return grub_errno;
+ 
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index 5d9afe0..e332d5e 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+       ptr++;
+       ptr += 4;
+     }
+-  *data->addresses = grub_malloc (sizeof ((*data->addresses)[0])
+-				 * grub_be_to_cpu16 (head->ancount));
++  *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount),
++				  sizeof ((*data->addresses)[0]));
+   if (!*data->addresses)
+     {
+       grub_errno = GRUB_ERR_NONE;
+@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
+       dns_cache[h].addresses = 0;
+       dns_cache[h].name = grub_strdup (data->oname);
+       dns_cache[h].naddresses = *data->naddresses;
+-      dns_cache[h].addresses = grub_malloc (*data->naddresses
+-					    * sizeof (dns_cache[h].addresses[0]));
++      dns_cache[h].addresses = grub_calloc (*data->naddresses,
++					    sizeof (dns_cache[h].addresses[0]));
+       dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all;
+       if (!dns_cache[h].addresses || !dns_cache[h].name)
+ 	{
+@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name,
+ 	}
+     }
+ 
+-  sockets = grub_malloc (sizeof (sockets[0]) * n_servers);
++  sockets = grub_calloc (n_servers, sizeof (sockets[0]));
+   if (!sockets)
+     return grub_errno;
+ 
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index d5d726a..38f19df 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)),
+     ncards++;
+   }
+ 
+-  ifaces = grub_zalloc (ncards * sizeof (ifaces[0]));
+-  slaacs = grub_zalloc (ncards * sizeof (slaacs[0]));
++  ifaces = grub_calloc (ncards, sizeof (ifaces[0]));
++  slaacs = grub_calloc (ncards, sizeof (slaacs[0]));
+   if (!ifaces || !slaacs)
+     {
+       grub_free (ifaces);
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index b0ab47d..d57fb72 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg,
+ {
+   grub_size_t msg_len = grub_strlen (msg);
+ 
+-  *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++  *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+  
+   if (!*unicode_msg)
+     return -1;
+@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ 	    }
+ 	  else
+ 	    {
+-	      n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1));
++	      n = grub_calloc (out->ncomb + 1, sizeof (n[0]));
+ 	      if (!n)
+ 		{
+ 		  grub_errno = GRUB_ERR_NONE;
+@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical,
+       }							\
+   }
+ 
+-  visual = grub_malloc (sizeof (visual[0]) * logical_len);
++  visual = grub_calloc (logical_len, sizeof (visual[0]));
+   if (!visual)
+     return -1;
+ 
+@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical,
+ {
+   const grub_uint32_t *line_start = logical, *ptr;
+   struct grub_unicode_glyph *visual_ptr;
+-  *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0])
+-					  * (logical_len + 2));
++  *visual_out = visual_ptr = grub_calloc (logical_len + 2,
++					  3 * sizeof (visual_ptr[0]));
+   if (!visual_ptr)
+     return -1;
+   for (ptr = logical; ptr <= logical + logical_len; ptr++)
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c037d50..c57242e 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -41,7 +41,7 @@ grub_err_t
+ grub_set_history (int newsize)
+ {
+   grub_uint32_t **old_hist_lines = hist_lines;
+-  hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize);
++  hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *));
+ 
+   /* Copy the old lines into the new buffer.  */
+   if (old_hist_lines)
+@@ -114,7 +114,7 @@ static void
+ grub_history_set (int pos, grub_uint32_t *s, grub_size_t len)
+ {
+   grub_free (hist_lines[pos]);
+-  hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t));
++  hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t));
+   if (!hist_lines[pos])
+     {
+       grub_print_error ();
+@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated)
+   char *ret;
+   unsigned nterms;
+ 
+-  buf = grub_malloc (max_len * sizeof (grub_uint32_t));
++  buf = grub_calloc (max_len, sizeof (grub_uint32_t));
+   if (!buf)
+     return 0;
+ 
+@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated)
+     FOR_ACTIVE_TERM_OUTPUTS(cur)
+       nterms++;
+ 
+-    cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms);
++    cl_terms = grub_calloc (nterms, sizeof (cl_terms[0]));
+     if (!cl_terms)
+       {
+ 	grub_free (buf);
+@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated)
+       }
+     cl_term_cur = cl_terms;
+ 
+-    unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++    unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+     if (!unicode_msg)
+       {
+ 	grub_free (buf);
+@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated)
+ 		grub_uint32_t *insert;
+ 
+ 		insertlen = grub_strlen (insertu8);
+-		insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t));
++		insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t));
+ 		if (!insert)
+ 		  {
+ 		    grub_free (insertu8);
+@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated)
+ 
+ 	      grub_free (kill_buf);
+ 
+-	      kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
++	      kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t));
+ 	      if (grub_errno)
+ 		{
+ 		  grub_print_error ();
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index cdf3590..1993995 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep)
+ {
+   linep->len = 0;
+   linep->max_len = 80;
+-  linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0]));
+-  linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0]));
++  linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0]));
++  linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0]));
+   if (! linep->buf || !linep->pos)
+     {
+       grub_free (linep->buf);
+@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen,
+ 	  pos = linep->pos + (term_screen - screen->terms);
+ 
+ 	  if (!*pos)
+-	    *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos));
++	    *pos = grub_calloc (linep->len + 1, sizeof (**pos));
+ 
+ 	  if (i == region_start || linep == screen->lines + screen->line
+ 	      || (i > region_start && mode == ALL_LINES))
+@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update)
+ 
+ 	  /* Insert the string.  */
+ 	  current_linep = screen->lines + screen->line;
+-	  unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t));
++	  unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t));
+ 
+ 	  if (!unicode_msg)
+ 	    return 0;
+@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update)
+   if (completion_buffer.buf)
+     {
+       buflen = grub_strlen (completion_buffer.buf);
+-      ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1));
++      ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t));
+       
+       if (!ucs4)
+ 	{
+@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+   for (i = 0; i < (unsigned) screen->num_lines; i++)
+     {
+       grub_free (screen->lines[i].pos);
+-      screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0]));
++      screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0]));
+       if (! screen->lines[i].pos)
+ 	{
+ 	  grub_print_error ();
+@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+ 	}
+     }
+ 
+-  screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0]));
++  screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0]));
+   if (!screen->terms)
+     {
+       grub_print_error ();
+diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
+index e22bb91..18240e7 100644
+--- a/grub-core/normal/menu_text.c
++++ b/grub-core/normal/menu_text.c
+@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left,
+   grub_size_t msg_len = grub_strlen (msg) + 2;
+   int ret = 0;
+ 
+-  unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
++  unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
+  
+   if (!unicode_msg)
+     return 0;
+@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry,
+ 
+   title = entry ? entry->title : "";
+   title_len = grub_strlen (title);
+-  unicode_title = grub_malloc (title_len * sizeof (*unicode_title));
++  unicode_title = grub_calloc (title_len, sizeof (*unicode_title));
+   if (! unicode_title)
+     /* XXX How to show this error?  */
+     return;
+diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c
+index a1e5c5a..cc8c173 100644
+--- a/grub-core/normal/term.c
++++ b/grub-core/normal/term.c
+@@ -264,7 +264,7 @@ grub_term_save_pos (void)
+   FOR_ACTIVE_TERM_OUTPUTS(cur)
+     cnt++;
+ 
+-  ret = grub_malloc (cnt * sizeof (ret[0]));
++  ret = grub_calloc (cnt, sizeof (ret[0]));
+   if (!ret)
+     return NULL;
+ 
+@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len)
+ 
+   grub_error_push ();
+ 
+-  unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t));
++  unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t));
+  
+   grub_error_pop ();
+ 
+diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
+index 90d92d3..5b41ad0 100644
+--- a/grub-core/osdep/linux/getroot.c
++++ b/grub-core/osdep/linux/getroot.c
+@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable)
+   if (ret != 0)
+     grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno));
+ 
+-  devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *));
++  devicelist = xcalloc (info.nr_disks + 1, sizeof (char *));
+ 
+   for (i = 0, j = 0; j < info.nr_disks; i++)
+     {
+@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir)
+       return NULL;
+     }
+ 
+-  ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0]));
++  ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0]));
+ 
+   for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++)
+     {
+@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot)
+   if (relroot)
+     *relroot = NULL;
+ 
+-  entries = xmalloc (entry_max * sizeof (*entries));
++  entries = xcalloc (entry_max, sizeof (*entries));
+ 
+ again:
+   fp = grub_util_fopen ("/proc/self/mountinfo", "r");
+diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c
+index 65effa9..7d63251 100644
+--- a/grub-core/osdep/unix/config.c
++++ b/grub-core/osdep/unix/config.c
+@@ -89,7 +89,7 @@ grub_util_load_config (struct grub_util_config *cfg)
+   argv[0] = "sh";
+   argv[1] = "-c";
+ 
+-  script = xmalloc (4 * strlen (cfgfile) + 300);
++  script = xcalloc (4, strlen (cfgfile) + 300);
+ 
+   ptr = script;
+   memcpy (ptr, ". '", 3);
+diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c
+index 661d954..eada663 100644
+--- a/grub-core/osdep/windows/getroot.c
++++ b/grub-core/osdep/windows/getroot.c
+@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path)
+ 
+   for (ptr = path; *ptr; ptr++);
+   allocsize = (ptr - path + 10) * 2;
+-  out = xmalloc (allocsize * sizeof (out[0]));
++  out = xcalloc (allocsize, sizeof (out[0]));
+ 
+   /* When pointing to EFI system partition GetVolumePathName fails
+      for ESP root and returns abberant information for everything
+diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c
+index 3551007..0be3273 100644
+--- a/grub-core/osdep/windows/hostdisk.c
++++ b/grub-core/osdep/windows/hostdisk.c
+@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path)
+ 
+   while (1)
+     {
+-      fpa = xmalloc (alloc * sizeof (fpa[0]));
++      fpa = xcalloc (alloc, sizeof (fpa[0]));
+ 
+       len = GetFullPathName (tpath, alloc, fpa, NULL);
+       if (len >= alloc)
+@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name)
+   for (l = 0; name_windows[l]; l++);
+   for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--);
+   l++;
+-  pattern = xmalloc ((l + 3) * sizeof (pattern[0]));
++  pattern = xcalloc (l + 3, sizeof (pattern[0]));
+   memcpy (pattern, name_windows, l * sizeof (pattern[0]));
+   pattern[l] = '\\';
+   pattern[l + 1] = '*';
+diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c
+index e8ffd62..6297de6 100644
+--- a/grub-core/osdep/windows/init.c
++++ b/grub-core/osdep/windows/init.c
+@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)),
+   LPWSTR *targv;
+ 
+   targv = CommandLineToArgvW (tcmdline, argc);
+-  *argv = xmalloc ((*argc + 1) * sizeof (argv[0]));
++  *argv = xcalloc (*argc + 1, sizeof (argv[0]));
+ 
+   for (i = 0; i < *argc; i++)
+     (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); 
+diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c
+index 7eb53fe..1ef86bf 100644
+--- a/grub-core/osdep/windows/platform.c
++++ b/grub-core/osdep/windows/platform.c
+@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev,
+     grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode"));
+ 
+   distrib8_len = grub_strlen (efi_distributor);
+-  distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8
+-			   * sizeof (grub_uint16_t));
++  distributor16 = xcalloc (distrib8_len + 1,
++			   GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t));
+   distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8,
+ 				      (const grub_uint8_t *) efi_distributor,
+ 				      distrib8_len, 0);
+diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c
+index cb08617..478e8ef 100644
+--- a/grub-core/osdep/windows/relpath.c
++++ b/grub-core/osdep/windows/relpath.c
+@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path)
+       if (dirwindows[0] && dirwindows[1] == ':')
+ 	offset = 2;
+     }
+-  ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2));
++  ret = xcalloc (flen - offset + 2, sizeof (ret[0]));
+   if (dirwindows[offset] != '\\'
+       && dirwindows[offset] != '/'
+       && dirwindows[offset])
+diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c
+index 103f679..72a2e37 100644
+--- a/grub-core/partmap/gpt.c
++++ b/grub-core/partmap/gpt.c
+@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+   *nsectors = ctx.len;
+   if (*nsectors > max_nsectors)
+     *nsectors = max_nsectors;
+-  *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++  *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+   if (!*sectors)
+     return grub_errno;
+   for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c
+index 7b8e450..ee3f249 100644
+--- a/grub-core/partmap/msdos.c
++++ b/grub-core/partmap/msdos.c
+@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors,
+       avail_nsectors = *nsectors;
+       if (*nsectors > max_nsectors)
+ 	*nsectors = max_nsectors;
+-      *sectors = grub_malloc (*nsectors * sizeof (**sectors));
++      *sectors = grub_calloc (*nsectors, sizeof (**sectors));
+       if (!*sectors)
+ 	return grub_errno;
+       for (i = 0; i < *nsectors; i++)
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index ee299fd..c8d6806 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str)
+   for (iptr = orig_str; *iptr; iptr++)
+     if (*iptr == '$')
+       dollar_cnt++;
+-  ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt);
++  ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0]));
+ 
+   if (parse_string (orig_str, gettext_save_allow, &ctx, 0))
+     goto fail;
+diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c
+index 2d60852..b5eb516 100644
+--- a/grub-core/tests/fake_input.c
++++ b/grub-core/tests/fake_input.c
+@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in)
+     saved = grub_term_inputs;
+   if (seq)
+     grub_free (seq);
+-  seq = grub_malloc (nseq_in * sizeof (seq[0]));
++  seq = grub_calloc (nseq_in, sizeof (seq[0]));
+   if (!seq)
+     return;
+ 
+diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c
+index 74d5b65..44d0810 100644
+--- a/grub-core/tests/video_checksum.c
++++ b/grub-core/tests/video_checksum.c
+@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname,
+     {
+     case 4:
+       {
+-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ 	grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ 	grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ 	grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname,
+       }
+     case 3:
+       {
+-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ 	grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ 	grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ 	grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname,
+       }
+     case 2:
+       {
+-	grub_uint8_t *buffer = xmalloc (mode_info->width * 3);
++	grub_uint8_t *buffer = xcalloc (3, mode_info->width);
+ 	grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1);
+ 	grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1);
+ 	grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1);
+diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
+index 4f83c74..4d3195e 100644
+--- a/grub-core/video/capture.c
++++ b/grub-core/video/capture.c
+@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
+   framebuffer.mode_info = *mode_info;
+   framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info);
+ 
+-  framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch);
++  framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
+   if (!framebuffer.ptr)
+     return grub_errno;
+   
+diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c
+index a2f639f..0ebab6f 100644
+--- a/grub-core/video/emu/sdl.c
++++ b/grub-core/video/emu/sdl.c
+@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count,
+       if (start + count > mode_info.number_of_colors)
+ 	count = mode_info.number_of_colors - start;
+ 
+-      tmp = grub_malloc (count * sizeof (tmp[0]));
++      tmp = grub_calloc (count, sizeof (tmp[0]));
+       for (i = 0; i < count; i++)
+ 	{
+ 	  tmp[i].r = palette_data[i].r;
+diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
+index 01f4711..b2f776c 100644
+--- a/grub-core/video/i386/pc/vga.c
++++ b/grub-core/video/i386/pc/vga.c
+@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
+ 
+   vga_height = height ? : 480;
+ 
+-  framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH);
++  framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH);
+   framebuffer.front_page = 0;
+   framebuffer.back_page = 0;
+   if (!framebuffer.temporary_buffer)
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 777e713..61bd645 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
+   if (data->is_16bit || data->is_gray || data->is_palette)
+ #endif
+     {
+-      data->image_data = grub_malloc (data->image_height * data->row_bytes);
++      data->image_data = grub_calloc (data->image_height, data->row_bytes);
+       if (grub_errno)
+         return grub_errno;
+ 
+diff --git a/include/grub/unicode.h b/include/grub/unicode.h
+index a0403e9..4de986a 100644
+--- a/include/grub/unicode.h
++++ b/include/grub/unicode.h
+@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in)
+   grub_memcpy (out, in, sizeof (*in));
+   if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+     {
+-      out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++      out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+       if (!out->combining_ptr)
+ 	{
+ 	  grub_free (out);
+@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out,
+   grub_memcpy (out, in, sizeof (*in));
+   if (in->ncomb > ARRAY_SIZE (out->combining_inline))
+     {
+-      out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0]));
++      out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0]));
+       if (!out->combining_ptr)
+ 	return;
+       grub_memcpy (out->combining_ptr, in->combining_ptr,
+diff --git a/util/getroot.c b/util/getroot.c
+index 847406f..a5eaa64 100644
+--- a/util/getroot.c
++++ b/util/getroot.c
+@@ -200,7 +200,7 @@ make_device_name (const char *drive)
+   char *ret, *ptr;
+   const char *iptr;
+ 
+-  ret = xmalloc (strlen (drive) * 2);
++  ret = xcalloc (2, strlen (drive));
+   ptr = ret;
+   for (iptr = drive; *iptr; iptr++)
+     {
+diff --git a/util/grub-file.c b/util/grub-file.c
+index 50c18b6..b2e7dd6 100644
+--- a/util/grub-file.c
++++ b/util/grub-file.c
+@@ -54,7 +54,7 @@ main (int argc, char *argv[])
+ 
+   grub_util_host_init (&argc, &argv);
+ 
+-  argv2 = xmalloc (argc * sizeof (argv2[0]));
++  argv2 = xcalloc (argc, sizeof (argv2[0]));
+ 
+   if (argc == 2 && strcmp (argv[1], "--version") == 0)
+     {
+diff --git a/util/grub-fstest.c b/util/grub-fstest.c
+index f14e02d..57246af 100644
+--- a/util/grub-fstest.c
++++ b/util/grub-fstest.c
+@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
+   if (args_count < num_disks)
+     {
+       if (args_count == 0)
+-	images = xmalloc (num_disks * sizeof (images[0]));
++	images = xcalloc (num_disks, sizeof (images[0]));
+       images[args_count] = grub_canonicalize_file_name (arg);
+       args_count++;
+       return 0;
+@@ -734,7 +734,7 @@ main (int argc, char *argv[])
+ 
+   grub_util_host_init (&argc, &argv);
+ 
+-  args = xmalloc (argc * sizeof (args[0]));
++  args = xcalloc (argc, sizeof (args[0]));
+ 
+   argp_parse (&argp, argc, argv, 0, 0, 0);
+ 
+diff --git a/util/grub-install-common.c b/util/grub-install-common.c
+index ca0ac61..0295d40 100644
+--- a/util/grub-install-common.c
++++ b/util/grub-install-common.c
+@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val,
+       il->n_entries++;
+     }
+   il->n_alloc = il->n_entries + 1;
+-  il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0]));
++  il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0]));
+   ptr = val;
+   for (ce = il->entries; ; ce++)
+     {
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 8a55ad4..a82725f 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -626,7 +626,7 @@ device_map_check_duplicates (const char *dev_map)
+   if (! fp)
+     return;
+ 
+-  d = xmalloc (alloced * sizeof (d[0]));
++  d = xcalloc (alloced, sizeof (d[0]));
+ 
+   while (fgets (buf, sizeof (buf), fp))
+     {
+@@ -1260,7 +1260,7 @@ main (int argc, char *argv[])
+       ndev++;
+     }
+ 
+-  grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); 
++  grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0]));
+ 
+   for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
+        curdrive++)
+diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
+index bc087c2..d97d0e7 100644
+--- a/util/grub-mkimagexx.c
++++ b/util/grub-mkimagexx.c
+@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
+ 		      + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize);
+   smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset);
+ 
+-  smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections);
+-  memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections);
+-  smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections);
+-  memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections);
++  smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs));
++  smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs));
+ 
+   SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target);
+ 
+diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
+index ce2cbc4..5183102 100644
+--- a/util/grub-mkrescue.c
++++ b/util/grub-mkrescue.c
+@@ -441,8 +441,8 @@ main (int argc, char *argv[])
+   xorriso = xstrdup ("xorriso");
+   label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2");
+ 
+-  argp_argv = xmalloc (sizeof (argp_argv[0]) * argc);
+-  xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc);
++  argp_argv = xcalloc (argc, sizeof (argp_argv[0]));
++  xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0]));
+ 
+   xorriso_tail_argc = 0;
+   /* Program name */
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index 4907d44..edf3097 100644
+--- a/util/grub-mkstandalone.c
++++ b/util/grub-mkstandalone.c
+@@ -296,7 +296,7 @@ main (int argc, char *argv[])
+   grub_util_host_init (&argc, &argv);
+   grub_util_disable_fd_syncs ();
+ 
+-  files = xmalloc ((argc + 1) * sizeof (files[0]));
++  files = xcalloc (argc + 1, sizeof (files[0]));
+ 
+   argp_parse (&argp, argc, argv, 0, 0, 0);
+ 
+diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c
+index 0d4084a..1133129 100644
+--- a/util/grub-pe2elf.c
++++ b/util/grub-pe2elf.c
+@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image,
+   char *pe_strtab = (image + pe_chdr->symtab_offset
+ 		     + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol));
+ 
+-  section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int));
++  section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int));
+   section_map[0] = 0;
+-  shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0]));
++  shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0]));
+   idx = 1;
+   idx_reloc = pe_chdr->num_sections + 1;
+ 
+@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image,
+ 
+       pe_sec = pe_shdr + shdr[i].sh_link;
+       pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset);
+-      rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t));
++      rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t));
+       num_rels = 0;
+       modified = 0;
+ 
+@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image,
+   pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset);
+   pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols);
+ 
+-  symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) *
+-				sizeof (Elf_Sym));
+-  memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym));
++  symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym));
+   num_syms = 1;
+ 
+-  symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int));
++  symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int));
+ 
+   for (i = 0; i < (int) pe_chdr->num_symbols;
+        i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1)
+diff --git a/util/grub-probe.c b/util/grub-probe.c
+index 81d27ee..cbe6ed9 100644
+--- a/util/grub-probe.c
++++ b/util/grub-probe.c
+@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim)
+       grub_util_pull_device (*curdev);
+       ndev++;
+     }
+-  
+-  drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); 
++
++  drives_names = xcalloc (ndev + 1, sizeof (drives_names[0]));
+ 
+   for (curdev = device_names, curdrive = drives_names; *curdev; curdev++,
+        curdrive++)
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
new file mode 100644
index 0000000000..29021e8d8f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
@@ -0,0 +1,94 @@
+From 06c361a71c4998635493610e5d76d0d223925251 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 10:58:42 -0400
+Subject: [PATCH 5/9] safemath: Add some arithmetic primitives that check for
+ overflow
+
+This adds a new header, include/grub/safemath.h, that includes easy to
+use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
+
+  bool OP(a, b, res)
+
+where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
+case where the operation would overflow and res is not modified.
+Otherwise, false is returned and the operation is executed.
+
+These arithmetic primitives require newer compiler versions. So, bump
+these requirements in the INSTALL file too.
+
+Upstream-Status: Backport [commit 68708c4503018d61dbcce7ac11cbb511d6425f4d
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[YL: omit the change to INSTALL from original patch]
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ include/grub/compiler.h |  8 ++++++++
+ include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 45 insertions(+)
+ create mode 100644 include/grub/safemath.h
+
+diff --git a/include/grub/compiler.h b/include/grub/compiler.h
+index c9e1d7a..8f3be3a 100644
+--- a/include/grub/compiler.h
++++ b/include/grub/compiler.h
+@@ -48,4 +48,12 @@
+ #  define WARN_UNUSED_RESULT
+ #endif
+ 
++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
++#  define CLANG_PREREQ(maj,min) \
++          ((__clang_major__ > (maj)) || \
++	   (__clang_major__ == (maj) && __clang_minor__ >= (min)))
++#else
++#  define CLANG_PREREQ(maj,min) 0
++#endif
++
+ #endif /* ! GRUB_COMPILER_HEADER */
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+new file mode 100644
+index 0000000..c17b89b
+--- /dev/null
++++ b/include/grub/safemath.h
+@@ -0,0 +1,37 @@
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2020  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ *  Arithmetic operations that protect against overflow.
++ */
++
++#ifndef GRUB_SAFEMATH_H
++#define GRUB_SAFEMATH_H 1
++
++#include <grub/compiler.h>
++
++/* These appear in gcc 5.1 and clang 3.8. */
++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
++
++#define grub_add(a, b, res)	__builtin_add_overflow(a, b, res)
++#define grub_sub(a, b, res)	__builtin_sub_overflow(a, b, res)
++#define grub_mul(a, b, res)	__builtin_mul_overflow(a, b, res)
++
++#else
++#error gcc 5.1 or newer or clang 3.8 or newer is required
++#endif
++
++#endif /* GRUB_SAFEMATH_H */
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
new file mode 100644
index 0000000000..146602cd3e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -0,0 +1,1326 @@
+From eb77d1ef65e25746acff43545f62a71360b15eec Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 12:28:27 -0400
+Subject: [PATCH 6/9] malloc: Use overflow checking primitives where we do
+ complex allocations
+
+This attempts to fix the places where we do the following where
+arithmetic_expr may include unvalidated data:
+
+  X = grub_malloc(arithmetic_expr);
+
+It accomplishes this by doing the arithmetic ahead of time using grub_add(),
+grub_sub(), grub_mul() and testing for overflow before proceeding.
+
+Among other issues, this fixes:
+  - allocation of integer overflow in grub_video_bitmap_create()
+    reported by Chris Coulson,
+  - allocation of integer overflow in grub_png_decode_image_header()
+    reported by Chris Coulson,
+  - allocation of integer overflow in grub_squash_read_symlink()
+    reported by Chris Coulson,
+  - allocation of integer overflow in grub_ext2_read_symlink()
+    reported by Chris Coulson,
+  - allocation of integer overflow in read_section_as_string()
+    reported by Chris Coulson.
+
+Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
+ grub-core/commands/wildcard.c  | 36 ++++++++++++++++++++++++-----
+ grub-core/disk/ldm.c           | 32 ++++++++++++++++++--------
+ grub-core/font/font.c          |  7 +++++-
+ grub-core/fs/btrfs.c           | 28 +++++++++++++++--------
+ grub-core/fs/ext2.c            | 10 ++++++++-
+ grub-core/fs/iso9660.c         | 51 +++++++++++++++++++++++++++++-------------
+ grub-core/fs/sfs.c             | 27 +++++++++++++++++-----
+ grub-core/fs/squash4.c         | 45 ++++++++++++++++++++++++++++---------
+ grub-core/fs/udf.c             | 41 +++++++++++++++++++++------------
+ grub-core/fs/xfs.c             | 11 +++++----
+ grub-core/fs/zfs/zfs.c         | 22 ++++++++++++------
+ grub-core/fs/zfs/zfscrypt.c    |  7 +++++-
+ grub-core/lib/arg.c            | 20 +++++++++++++++--
+ grub-core/loader/i386/bsd.c    |  8 ++++++-
+ grub-core/net/dns.c            |  9 +++++++-
+ grub-core/normal/charset.c     | 10 +++++++--
+ grub-core/normal/cmdline.c     | 14 ++++++++++--
+ grub-core/normal/menu_entry.c  | 13 +++++++++--
+ grub-core/script/argv.c        | 16 +++++++++++--
+ grub-core/script/lexer.c       | 21 ++++++++++++++---
+ grub-core/video/bitmap.c       | 25 +++++++++++++--------
+ grub-core/video/readers/png.c  | 13 +++++++++--
+ 23 files changed, 382 insertions(+), 113 deletions(-)
+
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index 5e3ec0d..cc5971f 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -32,6 +32,7 @@
+ #include <grub/auth.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -104,13 +105,22 @@ legacy_file (const char *filename)
+ 	if (newsuffix)
+ 	  {
+ 	    char *t;
+-	    
++	    grub_size_t sz;
++
++	    if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) ||
++		grub_add (sz, 1, &sz))
++	      {
++		grub_errno = GRUB_ERR_OUT_OF_RANGE;
++		goto fail_0;
++	      }
++
+ 	    t = suffix;
+-	    suffix = grub_realloc (suffix, grub_strlen (suffix)
+-				   + grub_strlen (newsuffix) + 1);
++	    suffix = grub_realloc (suffix, sz);
+ 	    if (!suffix)
+ 	      {
+ 		grub_free (t);
++
++ fail_0:
+ 		grub_free (entrysrc);
+ 		grub_free (parsed);
+ 		grub_free (newsuffix);
+@@ -154,13 +164,22 @@ legacy_file (const char *filename)
+ 	  else
+ 	    {
+ 	      char *t;
++	      grub_size_t sz;
++
++	      if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) ||
++		  grub_add (sz, 1, &sz))
++		{
++		  grub_errno = GRUB_ERR_OUT_OF_RANGE;
++		  goto fail_1;
++		}
+ 
+ 	      t = entrysrc;
+-	      entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc)
+-				       + grub_strlen (parsed) + 1);
++	      entrysrc = grub_realloc (entrysrc, sz);
+ 	      if (!entrysrc)
+ 		{
+ 		  grub_free (t);
++
++ fail_1:
+ 		  grub_free (parsed);
+ 		  grub_free (suffix);
+ 		  return grub_errno;
+diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
+index 4a106ca..cc32903 100644
+--- a/grub-core/commands/wildcard.c
++++ b/grub-core/commands/wildcard.c
+@@ -23,6 +23,7 @@
+ #include <grub/file.h>
+ #include <grub/device.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+ 
+ #include <regex.h>
+ 
+@@ -48,6 +49,7 @@ merge (char **dest, char **ps)
+   int i;
+   int j;
+   char **p;
++  grub_size_t sz;
+ 
+   if (! dest)
+     return ps;
+@@ -60,7 +62,12 @@ merge (char **dest, char **ps)
+   for (j = 0; ps[j]; j++)
+     ;
+ 
+-  p = grub_realloc (dest, sizeof (char*) * (i + j + 1));
++  if (grub_add (i, j, &sz) ||
++      grub_add (sz, 1, &sz) ||
++      grub_mul (sz, sizeof (char *), &sz))
++    return dest;
++
++  p = grub_realloc (dest, sz);
+   if (! p)
+     {
+       grub_free (dest);
+@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp)
+   char ch;
+   int i = 0;
+   unsigned len = end - start;
+-  char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */
++  char *buffer;
++  grub_size_t sz;
+ 
++  /* Worst case size is (len * 2 + 2 + 1). */
++  if (grub_mul (len, 2, &sz) ||
++      grub_add (sz, 3, &sz))
++    return 1;
++
++  buffer = grub_malloc (sz);
+   if (! buffer)
+     return 1;
+ 
+@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data)
+   struct match_devices_ctx *ctx = data;
+   char **t;
+   char *buffer;
++  grub_size_t sz;
+ 
+   /* skip partitions if asked to. */
+   if (ctx->noparts && grub_strchr (name, ','))
+@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data)
+   if (regexec (ctx->regexp, buffer, 0, 0, 0))
+     {
+       grub_dprintf ("expand", "not matched\n");
++ fail:
+       grub_free (buffer);
+       return 0;
+     }
+ 
+-  t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2));
++  if (grub_add (ctx->ndev, 2, &sz) ||
++      grub_mul (sz, sizeof (char *), &sz))
++    goto fail;
++
++  t = grub_realloc (ctx->devs, sz);
+   if (! t)
+     {
+       grub_free (buffer);
+@@ -300,6 +320,7 @@ match_files_iter (const char *name,
+   struct match_files_ctx *ctx = data;
+   char **t;
+   char *buffer;
++  grub_size_t sz;
+ 
+   /* skip . and .. names */
+   if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0)
+@@ -315,9 +336,14 @@ match_files_iter (const char *name,
+   if (! buffer)
+     return 1;
+ 
+-  t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2));
+-  if (! t)
++  if (grub_add (ctx->nfile, 2, &sz) ||
++      grub_mul (sz, sizeof (char *), &sz))
++    goto fail;
++
++  t = grub_realloc (ctx->files, sz);
++  if (!t)
+     {
++ fail:
+       grub_free (buffer);
+       return 1;
+     }
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index e632370..58f8a53 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -25,6 +25,7 @@
+ #include <grub/msdos_partition.h>
+ #include <grub/gpt_partition.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ #ifdef GRUB_UTIL
+ #include <grub/emu/misc.h>
+@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk,
+       struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
+ 				/ sizeof (struct grub_ldm_vblk)];
+       unsigned i;
++      grub_size_t sz;
+       err = grub_disk_read (disk, cursec, 0,
+ 			    sizeof(vblk), &vblk);
+       if (err)
+@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk,
+ 	      grub_free (lv);
+ 	      goto fail2;
+ 	    }
+-	  lv->name = grub_malloc (*ptr + 1);
++	  if (grub_add (*ptr, 1, &sz))
++	    {
++	      grub_free (lv->internal_id);
++	      grub_free (lv);
++	      goto fail2;
++	    }
++	  lv->name = grub_malloc (sz);
+ 	  if (!lv->name)
+ 	    {
+ 	      grub_free (lv->internal_id);
+@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk,
+ 	  if (lv->segments->node_alloc == lv->segments->node_count)
+ 	    {
+ 	      void *t;
+-	      lv->segments->node_alloc *= 2; 
+-	      t = grub_realloc (lv->segments->nodes,
+-				sizeof (*lv->segments->nodes)
+-				* lv->segments->node_alloc);
++	      grub_size_t sz;
++
++	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
++		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
++		goto fail2;
++
++	      t = grub_realloc (lv->segments->nodes, sz);
+ 	      if (!t)
+ 		goto fail2;
+ 	      lv->segments->nodes = t;
+@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk,
+ 	      if (comp->segment_alloc == comp->segment_count)
+ 		{
+ 		  void *t;
+-		  comp->segment_alloc *= 2;
+-		  t = grub_realloc (comp->segments,
+-				    comp->segment_alloc
+-				    * sizeof (*comp->segments));
++		  grub_size_t sz;
++
++		  if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) ||
++		      grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz))
++		    goto fail2;
++
++		  t = grub_realloc (comp->segments, sz);
+ 		  if (!t)
+ 		    goto fail2;
+ 		  comp->segments = t;
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 8e118b3..5edb477 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -30,6 +30,7 @@
+ #include <grub/unicode.h>
+ #include <grub/fontformat.h>
+ #include <grub/env.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -360,9 +361,13 @@ static char *
+ read_section_as_string (struct font_file_section *section)
+ {
+   char *str;
++  grub_size_t sz;
+   grub_ssize_t ret;
+ 
+-  str = grub_malloc (section->length + 1);
++  if (grub_add (section->length, 1, &sz))
++    return NULL;
++
++  str = grub_malloc (sz);
+   if (!str)
+     return 0;
+ 
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 11272ef..2b65bd5 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -40,6 +40,7 @@
+ #include <grub/btrfs.h>
+ #include <grub/crypto.h>
+ #include <grub/diskfilter.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc,
+   if (desc->allocated < desc->depth)
+     {
+       void *newdata;
+-      desc->allocated *= 2;
+-      newdata = grub_realloc (desc->data, sizeof (desc->data[0])
+-			      * desc->allocated);
++      grub_size_t sz;
++
++      if (grub_mul (desc->allocated, 2, &desc->allocated) ||
++	  grub_mul (desc->allocated, sizeof (desc->data[0]), &sz))
++	return GRUB_ERR_OUT_OF_RANGE;
++
++      newdata = grub_realloc (desc->data, sz);
+       if (!newdata)
+ 	return grub_errno;
+       desc->data = newdata;
+@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id)
+   if (data->n_devices_attached > data->n_devices_allocated)
+     {
+       void *tmp;
+-      data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+-      data->devices_attached
+-	= grub_realloc (tmp = data->devices_attached,
+-			data->n_devices_allocated
+-			* sizeof (data->devices_attached[0]));
++      grub_size_t sz;
++
++      if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++	  grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++	  grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++	goto fail;
++
++      data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+       if (!data->devices_attached)
+ 	{
++	  data->devices_attached = tmp;
++
++ fail:
+ 	  if (ctx.dev_found)
+ 	    grub_device_close (ctx.dev_found);
+-	  data->devices_attached = tmp;
+ 	  return NULL;
+ 	}
+     }
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index 9b38980..ac33bcd 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -46,6 +46,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ {
+   char *symlink;
+   struct grub_fshelp_node *diro = node;
++  grub_size_t sz;
+ 
+   if (! diro->inode_read)
+     {
+@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+        }
+     }
+ 
+-  symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
++  if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz))
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++      return NULL;
++    }
++
++  symlink = grub_malloc (sz);
+   if (! symlink)
+     return 0;
+ 
+diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
+index 4f1b52a..7ba5b30 100644
+--- a/grub-core/fs/iso9660.c
++++ b/grub-core/fs/iso9660.c
+@@ -28,6 +28,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx,
+ 	  int len2)
+ {
+   int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
++  grub_size_t sz;
+ 
+-  ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1);
++  if (grub_add (size, len2, &sz) ||
++      grub_add (sz, 1, &sz))
++    return;
++
++  ctx->symlink = grub_realloc (ctx->symlink, sz);
+   if (! ctx->symlink)
+     return;
+ 
+@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
+ 	{
+ 	  grub_size_t off = 0, csize = 1;
+ 	  char *old;
++	  grub_size_t sz;
++
+ 	  csize = entry->len - 5;
+ 	  old = ctx->filename;
+ 	  if (ctx->filename_alloc)
+ 	    {
+ 	      off = grub_strlen (ctx->filename);
+-	      ctx->filename = grub_realloc (ctx->filename, csize + off + 1);
++	      if (grub_add (csize, off, &sz) ||
++		  grub_add (sz, 1, &sz))
++		return GRUB_ERR_OUT_OF_RANGE;
++	      ctx->filename = grub_realloc (ctx->filename, sz);
+ 	    }
+ 	  else
+ 	    {
+ 	      off = 0;
+-	      ctx->filename = grub_zalloc (csize + 1);
++	      if (grub_add (csize, 1, &sz))
++		return GRUB_ERR_OUT_OF_RANGE;
++	      ctx->filename = grub_zalloc (sz);
+ 	    }
+ 	  if (!ctx->filename)
+ 	    {
+@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ 	    if (node->have_dirents >= node->alloc_dirents)
+ 	      {
+ 		struct grub_fshelp_node *new_node;
+-		node->alloc_dirents *= 2;
+-		new_node = grub_realloc (node, 
+-					 sizeof (struct grub_fshelp_node)
+-					 + ((node->alloc_dirents
+-					     - ARRAY_SIZE (node->dirents))
+-					    * sizeof (node->dirents[0])));
++		grub_size_t sz;
++
++		if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) ||
++		    grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++		    grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++		    grub_add (sz, sizeof (struct grub_fshelp_node), &sz))
++		  goto fail_0;
++
++		new_node = grub_realloc (node, sz);
+ 		if (!new_node)
+ 		  {
++ fail_0:
+ 		    if (ctx.filename_alloc)
+ 		      grub_free (ctx.filename);
+ 		    grub_free (node);
+@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
+ 		* sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1)
+ 	      {
+ 		struct grub_fshelp_node *new_node;
+-		new_node = grub_realloc (node,
+-					 sizeof (struct grub_fshelp_node)
+-					 + ((node->alloc_dirents
+-					     - ARRAY_SIZE (node->dirents))
+-					    * sizeof (node->dirents[0]))
+-					 + grub_strlen (ctx.symlink) + 1);
++		grub_size_t sz;
++
++		if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) ||
++		    grub_mul (sz, sizeof (node->dirents[0]), &sz) ||
++		    grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) ||
++		    grub_add (sz, grub_strlen (ctx.symlink), &sz))
++		  goto fail_1;
++
++		new_node = grub_realloc (node, sz);
+ 		if (!new_node)
+ 		  {
++ fail_1:
+ 		    if (ctx.filename_alloc)
+ 		      grub_free (ctx.filename);
+ 		    grub_free (node);
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 90f7fb3..de2b107 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+       if (node->cache && node->cache_size >= node->cache_allocated)
+ 	{
+ 	  struct cache_entry *e = node->cache;
+-	  e = grub_realloc (node->cache,node->cache_allocated * 2
+-			    * sizeof (e[0]));
++	  grub_size_t sz;
++
++	  if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz))
++	    goto fail;
++
++	  e = grub_realloc (node->cache, sz);
+ 	  if (!e)
+ 	    {
++ fail:
+ 	      grub_errno = 0;
+ 	      grub_free (node->cache);
+ 	      node->cache = 0;
+@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node,
+   grub_size_t len = grub_strlen (name);
+   grub_uint8_t *name_u8;
+   int ret;
++  grub_size_t sz;
++
++  if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++      grub_add (sz, 1, &sz))
++    return 1;
++
+   *node = grub_malloc (sizeof (**node));
+   if (!*node)
+     return 1;
+-  name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++  name_u8 = grub_malloc (sz);
+   if (!name_u8)
+     {
+       grub_free (*node);
+@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label)
+   data = grub_sfs_mount (disk);
+   if (data)
+     {
+-      grub_size_t len = grub_strlen (data->label);
+-      *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
++      grub_size_t sz, len = grub_strlen (data->label);
++
++      if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) ||
++	  grub_add (sz, 1, &sz))
++	return GRUB_ERR_OUT_OF_RANGE;
++
++      *label = grub_malloc (sz);
+       if (*label)
+ 	*grub_latin1_to_utf8 ((grub_uint8_t *) *label,
+ 			      (const grub_uint8_t *) data->label,
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index 95d5c1e..7851238 100644
+--- a/grub-core/fs/squash4.c
++++ b/grub-core/fs/squash4.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/deflate.h>
++#include <grub/safemath.h>
+ #include <minilzo.h>
+ 
+ #include "xz.h"
+@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node)
+ {
+   char *ret;
+   grub_err_t err;
+-  ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1);
++  grub_size_t sz;
++
++  if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz))
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++      return NULL;
++    }
++
++  ret = grub_malloc (sz);
++  if (!ret)
++    return NULL;
+ 
+   err = read_chunk (node->data, ret,
+ 		    grub_le_to_cpu32 (node->ino.symlink.namelen),
+@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ 
+   {
+     grub_fshelp_node_t node;
+-    node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++    grub_size_t sz;
++
++    if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++	grub_add (sz, sizeof (*node), &sz))
++      return 0;
++
++    node = grub_malloc (sz);
+     if (!node)
+       return 0;
+-    grub_memcpy (node, dir,
+-		 sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++    grub_memcpy (node, dir, sz);
+     if (hook (".", GRUB_FSHELP_DIR, node, hook_data))
+       return 1;
+ 
+@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+       {
+ 	grub_err_t err;
+ 
+-	node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++	if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) ||
++	    grub_add (sz, sizeof (*node), &sz))
++	  return 0;
++
++	node = grub_malloc (sz);
+ 	if (!node)
+ 	  return 0;
+ 
+-	grub_memcpy (node, dir,
+-		     sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++	grub_memcpy (node, dir, sz);
+ 
+ 	node->stsize--;
+ 	err = read_chunk (dir->data, &node->ino, sizeof (node->ino),
+@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ 	  enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG;
+ 	  struct grub_squash_dirent di;
+ 	  struct grub_squash_inode ino;
++	  grub_size_t sz;
+ 
+ 	  err = read_chunk (dir->data, &di, sizeof (di),
+ 			    grub_le_to_cpu64 (dir->data->sb.diroffset)
+@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
+ 	  if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK)
+ 	    filetype = GRUB_FSHELP_SYMLINK;
+ 
+-	  node = grub_malloc (sizeof (*node)
+-			      + (dir->stsize + 1) * sizeof (dir->stack[0]));
++	  if (grub_add (dir->stsize, 1, &sz) ||
++	      grub_mul (sz, sizeof (dir->stack[0]), &sz) ||
++	      grub_add (sz, sizeof (*node), &sz))
++	    return 0;
++
++	  node = grub_malloc (sz);
+ 	  if (! node)
+ 	    return 0;
+ 
+-	  grub_memcpy (node, dir,
+-		       sizeof (*node) + dir->stsize * sizeof (dir->stack[0]));
++	  grub_memcpy (node, dir, sz - sizeof(dir->stack[0]));
+ 
+ 	  node->ino = ino;
+ 	  node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk);
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index a837616..21ac7f4 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -28,6 +28,7 @@
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
+ #include <grub/udf.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
+ 	utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2];
+     }
+   if (!outbuf)
+-    outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1);
++    {
++      grub_size_t size;
++
++      if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) ||
++	  grub_add (size, 1, &size))
++	goto fail;
++
++      outbuf = grub_malloc (size);
++    }
+   if (outbuf)
+     *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0';
++
++ fail:
+   grub_free (utf16);
+   return outbuf;
+ }
+@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+   grub_size_t sz = U64 (node->block.fe.file_size);
+   grub_uint8_t *raw;
+   const grub_uint8_t *ptr;
+-  char *out, *optr;
++  char *out = NULL, *optr;
+ 
+   if (sz < 4)
+     return NULL;
+@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+   if (!raw)
+     return NULL;
+   if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0)
+-    {
+-      grub_free (raw);
+-      return NULL;
+-    }
++    goto fail_1;
+ 
+-  out = grub_malloc (sz * 2 + 1);
++  if (grub_mul (sz, 2, &sz) ||
++      grub_add (sz, 1, &sz))
++    goto fail_0;
++
++  out = grub_malloc (sz);
+   if (!out)
+     {
++ fail_0:
+       grub_free (raw);
+       return NULL;
+     }
+@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+     {
+       grub_size_t s;
+       if ((grub_size_t) (ptr - raw + 4) > sz)
+-	goto fail;
++	goto fail_1;
+       if (!(ptr[2] == 0 && ptr[3] == 0))
+-	goto fail;
++	goto fail_1;
+       s = 4 + ptr[1];
+       if ((grub_size_t) (ptr - raw + s) > sz)
+-	goto fail;
++	goto fail_1;
+       switch (*ptr)
+ 	{
+ 	case 1:
+ 	  if (ptr[1])
+-	    goto fail;
++	    goto fail_1;
+ 	  /* Fallthrough.  */
+ 	case 2:
+ 	  /* in 4 bytes. out: 1 byte.  */
+@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+ 	  if (optr != out)
+ 	    *optr++ = '/';
+ 	  if (!read_string (ptr + 4, s - 4, optr))
+-	    goto fail;
++	    goto fail_1;
+ 	  optr += grub_strlen (optr);
+ 	  break;
+ 	default:
+-	  goto fail;
++	  goto fail_1;
+ 	}
+       ptr += s;
+     }
+@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node)
+   grub_free (raw);
+   return out;
+ 
+- fail:
++ fail_1:
+   grub_free (raw);
+   grub_free (out);
+   grub_error (GRUB_ERR_BAD_FS, "invalid symlink");
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index 96ffecb..ea65902 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -899,6 +900,7 @@ static struct grub_xfs_data *
+ grub_xfs_mount (grub_disk_t disk)
+ {
+   struct grub_xfs_data *data = 0;
++  grub_size_t sz;
+ 
+   data = grub_zalloc (sizeof (struct grub_xfs_data));
+   if (!data)
+@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk)
+   if (!grub_xfs_sb_valid(data))
+     goto fail;
+ 
+-  data = grub_realloc (data,
+-		       sizeof (struct grub_xfs_data)
+-		       - sizeof (struct grub_xfs_inode)
+-		       + grub_xfs_inode_size(data) + 1);
++  if (grub_add (grub_xfs_inode_size (data),
++      sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz))
++    goto fail;
++
++  data = grub_realloc (data, sz);
+ 
+   if (! data)
+     goto fail;
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 381dde5..36d0373 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -55,6 +55,7 @@
+ #include <grub/deflate.h>
+ #include <grub/crypto.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data,
+   if (data->n_devices_attached > data->n_devices_allocated)
+     {
+       void *tmp;
+-      data->n_devices_allocated = 2 * data->n_devices_attached + 1;
+-      data->devices_attached
+-	= grub_realloc (tmp = data->devices_attached,
+-			data->n_devices_allocated
+-			* sizeof (data->devices_attached[0]));
++      grub_size_t sz;
++
++      if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) ||
++	  grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) ||
++	  grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz))
++	return GRUB_ERR_OUT_OF_RANGE;
++
++      data->devices_attached = grub_realloc (tmp = data->devices_attached, sz);
+       if (!data->devices_attached)
+ 	{
+ 	  data->devices_attached = tmp;
+@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name)
+ {
+   char *nvpair;
+   char *ret;
+-  grub_size_t size;
++  grub_size_t size, sz;
+   int found;
+ 
+   found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair,
+ 			     &size, 0);
+   if (!found)
+     return 0;
+-  ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t));
++
++  if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz))
++      return 0;
++
++  ret = grub_zalloc (sz);
+   if (!ret)
+     return 0;
+   grub_memcpy (ret, nvlist, sizeof (grub_uint32_t));
+diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c
+index 1402e0b..de3b015 100644
+--- a/grub-core/fs/zfs/zfscrypt.c
++++ b/grub-core/fs/zfs/zfscrypt.c
+@@ -22,6 +22,7 @@
+ #include <grub/misc.h>
+ #include <grub/disk.h>
+ #include <grub/partition.h>
++#include <grub/safemath.h>
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/zfs/zfs.h>
+@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in,
+ 		  int passphrase)
+ {
+   struct grub_zfs_wrap_key *key;
++  grub_size_t sz;
++
+   if (!passphrase && keylen > 32)
+     keylen = 32;
+-  key = grub_malloc (sizeof (*key) + keylen);
++  if (grub_add (sizeof (*key), keylen, &sz))
++    return GRUB_ERR_OUT_OF_RANGE;
++  key = grub_malloc (sz);
+   if (!key)
+     return grub_errno;
+   key->is_passphrase = passphrase;
+diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c
+index fd7744a..3288609 100644
+--- a/grub-core/lib/arg.c
++++ b/grub-core/lib/arg.c
+@@ -23,6 +23,7 @@
+ #include <grub/term.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ /* Built-in parser for default options.  */
+ static const struct grub_arg_option help_options[] =
+@@ -216,7 +217,13 @@ static inline grub_err_t
+ add_arg (char ***argl, int *num, char *s)
+ {
+   char **p = *argl;
+-  *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *));
++  grub_size_t sz;
++
++  if (grub_add (++(*num), 1, &sz) ||
++      grub_mul (sz, sizeof (char *), &sz))
++    return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++  *argl = grub_realloc (*argl, sz);
+   if (! *argl)
+     {
+       grub_free (p);
+@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+   grub_size_t argcnt;
+   struct grub_arg_list *list;
+   const struct grub_arg_option *options;
++  grub_size_t sz0, sz1;
+ 
+   options = extcmd->options;
+   if (! options)
+@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ 	argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */
+     }
+ 
+-  list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt);
++  if (grub_mul (sizeof (*list), i, &sz0) ||
++      grub_mul (sizeof (char *), argcnt, &sz1) ||
++      grub_add (sz0, sz1, &sz0))
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++      return 0;
++    }
++
++  list = grub_zalloc (sz0);
+   if (! list)
+     return 0;
+ 
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index 3730ed3..b92cbe9 100644
+--- a/grub-core/loader/i386/bsd.c
++++ b/grub-core/loader/i386/bsd.c
+@@ -35,6 +35,7 @@
+ #include <grub/ns8250.h>
+ #include <grub/bsdlabel.h>
+ #include <grub/crypto.h>
++#include <grub/safemath.h>
+ #include <grub/verify.h>
+ #ifdef GRUB_MACHINE_PCBIOS
+ #include <grub/machine/int.h>
+@@ -1012,11 +1013,16 @@ grub_netbsd_add_modules (void)
+   struct grub_netbsd_btinfo_modules *mods;
+   unsigned i;
+   grub_err_t err;
++  grub_size_t sz;
+ 
+   for (mod = netbsd_mods; mod; mod = mod->next)
+     modcnt++;
+ 
+-  mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt);
++  if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) ||
++      grub_add (sz, sizeof (*mods), &sz))
++    return GRUB_ERR_OUT_OF_RANGE;
++
++  mods = grub_malloc (sz);
+   if (!mods)
+     return grub_errno;
+ 
+diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
+index e332d5e..906ec7d 100644
+--- a/grub-core/net/dns.c
++++ b/grub-core/net/dns.c
+@@ -22,6 +22,7 @@
+ #include <grub/i18n.h>
+ #include <grub/err.h>
+ #include <grub/time.h>
++#include <grub/safemath.h>
+ 
+ struct dns_cache_element
+ {
+@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s)
+     {
+       int na = dns_servers_alloc * 2;
+       struct grub_net_network_level_address *ns;
++      grub_size_t sz;
++
+       if (na < 8)
+ 	na = 8;
+-      ns = grub_realloc (dns_servers, na * sizeof (ns[0]));
++
++      if (grub_mul (na, sizeof (ns[0]), &sz))
++	return GRUB_ERR_OUT_OF_RANGE;
++
++      ns = grub_realloc (dns_servers, sz);
+       if (!ns)
+ 	return grub_errno;
+       dns_servers_alloc = na;
+diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
+index d57fb72..4dfcc31 100644
+--- a/grub-core/normal/charset.c
++++ b/grub-core/normal/charset.c
+@@ -48,6 +48,7 @@
+ #include <grub/unicode.h>
+ #include <grub/term.h>
+ #include <grub/normal.h>
++#include <grub/safemath.h>
+ 
+ #if HAVE_FONT_SOURCE
+ #include "widthspec.h"
+@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ 	{
+ 	  struct grub_unicode_combining *n;
+ 	  unsigned j;
++	  grub_size_t sz;
+ 
+ 	  if (!haveout)
+ 	    continue;
+@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
+ 	    n = out->combining_inline;
+ 	  else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline))
+ 	    {
+-	      n = grub_realloc (out->combining_ptr,
+-				sizeof (n[0]) * (out->ncomb + 1));
++	      if (grub_add (out->ncomb, 1, &sz) ||
++		  grub_mul (sz, sizeof (n[0]), &sz))
++		goto fail;
++
++	      n = grub_realloc (out->combining_ptr, sz);
+ 	      if (!n)
+ 		{
++ fail:
+ 		  grub_errno = GRUB_ERR_NONE;
+ 		  continue;
+ 		}
+diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c
+index c57242e..de03fe6 100644
+--- a/grub-core/normal/cmdline.c
++++ b/grub-core/normal/cmdline.c
+@@ -28,6 +28,7 @@
+ #include <grub/env.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+ 
+ static grub_uint32_t *kill_buf;
+ 
+@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms,
+   if (len + (*llen) >= (*max_len))
+     {
+       grub_uint32_t *nbuf;
+-      (*max_len) *= 2;
+-      nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len));
++      grub_size_t sz;
++
++      if (grub_mul (*max_len, 2, max_len) ||
++	  grub_mul (*max_len, sizeof (grub_uint32_t), &sz))
++	{
++	  grub_errno = GRUB_ERR_OUT_OF_RANGE;
++	  goto fail;
++	}
++
++      nbuf = grub_realloc ((*buf), sz);
+       if (nbuf)
+ 	(*buf) = nbuf;
+       else
+ 	{
++ fail:
+ 	  grub_print_error ();
+ 	  grub_errno = GRUB_ERR_NONE;
+ 	  (*max_len) /= 2;
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index 1993995..50eef91 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -27,6 +27,7 @@
+ #include <grub/auth.h>
+ #include <grub/i18n.h>
+ #include <grub/charset.h>
++#include <grub/safemath.h>
+ 
+ enum update_mode
+   {
+@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra)
+ {
+   if (linep->max_len < linep->len + extra)
+     {
+-      linep->max_len = 2 * (linep->len + extra);
+-      linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0]));
++      grub_size_t sz0, sz1;
++
++      if (grub_add (linep->len, extra, &sz0) ||
++	  grub_mul (sz0, 2, &sz0) ||
++	  grub_add (sz0, 1, &sz1) ||
++	  grub_mul (sz1, sizeof (linep->buf[0]), &sz1))
++	return 0;
++
++      linep->buf = grub_realloc (linep->buf, sz1);
+       if (! linep->buf)
+ 	return 0;
++      linep->max_len = sz0;
+     }
+ 
+   return 1;
+diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c
+index 217ec5d..5751fdd 100644
+--- a/grub-core/script/argv.c
++++ b/grub-core/script/argv.c
+@@ -20,6 +20,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/script_sh.h>
++#include <grub/safemath.h>
+ 
+ /* Return nearest power of two that is >= v.  */
+ static unsigned
+@@ -81,11 +82,16 @@ int
+ grub_script_argv_next (struct grub_script_argv *argv)
+ {
+   char **p = argv->args;
++  grub_size_t sz;
+ 
+   if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0)
+     return 0;
+ 
+-  p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *)));
++  if (grub_add (argv->argc, 2, &sz) ||
++      grub_mul (sz, sizeof (char *), &sz))
++    return 1;
++
++  p = grub_realloc (p, round_up_exp (sz));
+   if (! p)
+     return 1;
+ 
+@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s,
+ {
+   grub_size_t a;
+   char *p = argv->args[argv->argc - 1];
++  grub_size_t sz;
+ 
+   if (! s)
+     return 0;
+ 
+   a = p ? grub_strlen (p) : 0;
+ 
+-  p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char)));
++  if (grub_add (a, slen, &sz) ||
++      grub_add (sz, 1, &sz) ||
++      grub_mul (sz, sizeof (char), &sz))
++    return 1;
++
++  p = grub_realloc (p, round_up_exp (sz));
+   if (! p)
+     return 1;
+ 
+diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c
+index c6bd317..5fb0cbd 100644
+--- a/grub-core/script/lexer.c
++++ b/grub-core/script/lexer.c
+@@ -24,6 +24,7 @@
+ #include <grub/mm.h>
+ #include <grub/script_sh.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ #define yytext_ptr char *
+ #include "grub_script.tab.h"
+@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str)
+       old = lexer->recording;
+       if (lexer->recordlen < len)
+ 	lexer->recordlen = len;
+-      lexer->recordlen *= 2;
++
++      if (grub_mul (lexer->recordlen, 2, &lexer->recordlen))
++	goto fail;
++
+       lexer->recording = grub_realloc (lexer->recording, lexer->recordlen);
+       if (!lexer->recording)
+ 	{
++ fail:
+ 	  grub_free (old);
+ 	  lexer->recordpos = 0;
+ 	  lexer->recordlen = 0;
+@@ -130,7 +135,7 @@ int
+ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+ 			  const char *input)
+ {
+-  grub_size_t len = 0;
++  grub_size_t len = 0, sz;
+   char *p = 0;
+   char *line = 0;
+   YY_BUFFER_STATE buffer;
+@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate,
+     }
+   else if (len && line[len - 1] != '\n')
+     {
+-      p = grub_realloc (line, len + 2);
++      if (grub_add (len, 2, &sz))
++	{
++	  grub_free (line);
++	  grub_script_yyerror (parserstate, N_("overflow is detected"));
++	  return 1;
++	}
++
++      p = grub_realloc (line, sz);
+       if (p)
+ 	{
+ 	  p[len++] = '\n';
+ 	  p[len] = '\0';
+ 	}
++      else
++	grub_free (line);
++
+       line = p;
+     }
+ 
+diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c
+index b2e0315..6256e20 100644
+--- a/grub-core/video/bitmap.c
++++ b/grub-core/video/bitmap.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+                           enum grub_video_blit_format blit_format)
+ {
+   struct grub_video_mode_info *mode_info;
+-  unsigned int size;
++  grub_size_t size;
+ 
+   if (!bitmap)
+     return grub_error (GRUB_ERR_BUG, "invalid argument");
+@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap,
+ 
+   mode_info->pitch = width * mode_info->bytes_per_pixel;
+ 
+-  /* Calculate size needed for the data.  */
+-  size = (width * mode_info->bytes_per_pixel) * height;
++  /* Calculate size needed for the data. */
++  if (grub_mul (width, mode_info->bytes_per_pixel, &size) ||
++      grub_mul (size, height, &size))
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++      goto fail;
++    }
+ 
+   (*bitmap)->data = grub_zalloc (size);
+   if (! (*bitmap)->data)
+-    {
+-      grub_free (*bitmap);
+-      *bitmap = 0;
+-
+-      return grub_errno;
+-    }
++    goto fail;
+ 
+   return GRUB_ERR_NONE;
++
++ fail:
++  grub_free (*bitmap);
++  *bitmap = NULL;
++
++  return grub_errno;
+ }
+ 
+ /* Frees all resources allocated by bitmap.  */
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 61bd645..0157ff7 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/bufio.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data)
+       data->bpp <<= 1;
+ 
+   data->color_bits = color_bits;
+-  data->row_bytes = data->image_width * data->bpp;
++
++  if (grub_mul (data->image_width, data->bpp, &data->row_bytes))
++    return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
+   if (data->color_bits <= 4)
+-    data->row_bytes = (data->image_width * data->color_bits + 7) / 8;
++    {
++      if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes))
++	return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++
++      data->row_bytes >>= 3;
++    }
+ 
+ #ifndef GRUB_CPU_WORDS_BIGENDIAN
+   if (data->is_16bit || data->is_gray || data->is_palette)
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
new file mode 100644
index 0000000000..84a80d5ffd
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
@@ -0,0 +1,37 @@
+From e219bad8cee67b2bb21712df8f055706f8da25d2 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 11:21:14 +0100
+Subject: [PATCH 7/9] script: Remove unused fields from grub_script_function
+ struct
+
+Upstream-Status: Backport [commit 1a8d9c9b4ab6df7669b5aa36a56477f297825b96
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ include/grub/script_sh.h | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index 360c2be..b382bcf 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -359,13 +359,8 @@ struct grub_script_function
+   /* The script function.  */
+   struct grub_script *func;
+ 
+-  /* The flags.  */
+-  unsigned flags;
+-
+   /* The next element.  */
+   struct grub_script_function *next;
+-
+-  int references;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+ 
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
new file mode 100644
index 0000000000..fedfc5d203
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -0,0 +1,113 @@
+From c65fc7e75b7b7e880d90766057040011701e97f4 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Fri, 10 Jul 2020 14:41:45 +0100
+Subject: [PATCH 8/9] script: Avoid a use-after-free when redefining a function
+ during execution
+
+Defining a new function with the same name as a previously defined
+function causes the grub_script and associated resources for the
+previous function to be freed. If the previous function is currently
+executing when a function with the same name is defined, this results
+in use-after-frees when processing subsequent commands in the original
+function.
+
+Instead, reject a new function definition if it has the same name as
+a previously defined function, and that function is currently being
+executed. Although a behavioural change, this should be backwards
+compatible with existing configurations because they can't be
+dependent on the current behaviour without being broken.
+
+Fixes: CVE-2020-15706
+
+Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/script/execute.c  |  2 ++
+ grub-core/script/function.c | 16 +++++++++++++---
+ grub-core/script/parser.y   |  3 ++-
+ include/grub/script_sh.h    |  2 ++
+ 4 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index c8d6806..7e028e1 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
+   old_scope = scope;
+   scope = &new_scope;
+ 
++  func->executing++;
+   ret = grub_script_execute (func->func);
++  func->executing--;
+ 
+   function_return = 0;
+   active_loops = loops;
+diff --git a/grub-core/script/function.c b/grub-core/script/function.c
+index d36655e..3aad04b 100644
+--- a/grub-core/script/function.c
++++ b/grub-core/script/function.c
+@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+   func = (grub_script_function_t) grub_malloc (sizeof (*func));
+   if (! func)
+     return 0;
++  func->executing = 0;
+ 
+   func->name = grub_strdup (functionname_arg->str);
+   if (! func->name)
+@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
+       grub_script_function_t q;
+ 
+       q = *p;
+-      grub_script_free (q->func);
+-      q->func = cmd;
+       grub_free (func);
+-      func = q;
++      if (q->executing > 0)
++        {
++          grub_error (GRUB_ERR_BAD_ARGUMENT,
++		      N_("attempt to redefine a function being executed"));
++          func = NULL;
++        }
++      else
++        {
++          grub_script_free (q->func);
++          q->func = cmd;
++          func = q;
++        }
+     }
+   else
+     {
+diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
+index 4f0ab83..f80b86b 100644
+--- a/grub-core/script/parser.y
++++ b/grub-core/script/parser.y
+@@ -289,7 +289,8 @@ function: "function" "name"
+ 	      grub_script_mem_free (state->func_mem);
+ 	    else {
+ 	      script->children = state->scripts;
+-	      grub_script_function_create ($2, script);
++	      if (!grub_script_function_create ($2, script))
++		grub_script_free (script);
+ 	    }
+ 
+ 	    state->scripts = $<scripts>3;
+diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
+index b382bcf..6c48e07 100644
+--- a/include/grub/script_sh.h
++++ b/include/grub/script_sh.h
+@@ -361,6 +361,8 @@ struct grub_script_function
+ 
+   /* The next element.  */
+   struct grub_script_function *next;
++
++  unsigned executing;
+ };
+ typedef struct grub_script_function *grub_script_function_t;
+ 
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
new file mode 100644
index 0000000000..0731f0ec53
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -0,0 +1,173 @@
+From 68a09a74f6d726d79709847f3671c0a08e4fb5a0 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sat, 25 Jul 2020 12:15:37 +0100
+Subject: [PATCH 9/9] linux: Fix integer overflows in initrd size handling
+
+These could be triggered by a crafted filesystem with very large files.
+
+Fixes: CVE-2020-15707
+
+Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
+from https://git.savannah.gnu.org/git/grub.git]
+
+Signed-off-by: Colin Watson <cjwatson@debian.org>
+Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 54 insertions(+), 20 deletions(-)
+
+diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
+index 471b214..8c8565a 100644
+--- a/grub-core/loader/linux.c
++++ b/grub-core/loader/linux.c
+@@ -4,6 +4,7 @@
+ #include <grub/misc.h>
+ #include <grub/file.h>
+ #include <grub/mm.h>
++#include <grub/safemath.h>
+ 
+ struct newc_head
+ {
+@@ -98,13 +99,13 @@ free_dir (struct dir *root)
+   grub_free (root);
+ }
+ 
+-static grub_size_t
++static grub_err_t
+ insert_dir (const char *name, struct dir **root,
+-	    grub_uint8_t *ptr)
++	    grub_uint8_t *ptr, grub_size_t *size)
+ {
+   struct dir *cur, **head = root;
+   const char *cb, *ce = name;
+-  grub_size_t size = 0;
++  *size = 0;
+   while (1)
+     {
+       for (cb = ce; *cb == '/'; cb++);
+@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root,
+ 	      ptr = make_header (ptr, name, ce - name,
+ 				 040777, 0);
+ 	    }
+-	  size += ALIGN_UP ((ce - (char *) name)
+-			    + sizeof (struct newc_head), 4);
++	  if (grub_add (*size,
++		        ALIGN_UP ((ce - (char *) name)
++				  + sizeof (struct newc_head), 4),
++			size))
++	    {
++	      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++	      grub_free (n->name);
++	      grub_free (n);
++	      return grub_errno;
++	    }
+ 	  *head = n;
+ 	  cur = n;
+ 	}
+       root = &cur->next;
+     }
+-  return size;
++  return GRUB_ERR_NONE;
+ }
+ 
+ grub_err_t
+@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[],
+ 	  eptr = grub_strchr (ptr, ':');
+ 	  if (eptr)
+ 	    {
++	      grub_size_t dir_size, name_len;
++
+ 	      initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
+-	      if (!initrd_ctx->components[i].newc_name)
++	      if (!initrd_ctx->components[i].newc_name ||
++		  insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
++			      &dir_size))
+ 		{
+ 		  grub_initrd_close (initrd_ctx);
+ 		  return grub_errno;
+ 		}
+-	      initrd_ctx->size
+-		+= ALIGN_UP (sizeof (struct newc_head)
+-			    + grub_strlen (initrd_ctx->components[i].newc_name),
+-			     4);
+-	      initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
+-					      &root, 0);
++	      name_len = grub_strlen (initrd_ctx->components[i].newc_name);
++	      if (grub_add (initrd_ctx->size,
++			    ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
++			    &initrd_ctx->size) ||
++		  grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
++		goto overflow;
+ 	      newc = 1;
+ 	      fname = eptr + 1;
+ 	    }
+ 	}
+       else if (newc)
+ 	{
+-	  initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+-					+ sizeof ("TRAILER!!!") - 1, 4);
++	  if (grub_add (initrd_ctx->size,
++			ALIGN_UP (sizeof (struct newc_head)
++				  + sizeof ("TRAILER!!!") - 1, 4),
++			&initrd_ctx->size))
++	    goto overflow;
+ 	  free_dir (root);
+ 	  root = 0;
+ 	  newc = 0;
+@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[],
+       initrd_ctx->nfiles++;
+       initrd_ctx->components[i].size
+ 	= grub_file_size (initrd_ctx->components[i].file);
+-      initrd_ctx->size += initrd_ctx->components[i].size;
++      if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
++		    &initrd_ctx->size))
++	goto overflow;
+     }
+ 
+   if (newc)
+     {
+       initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
+-      initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
+-				    + sizeof ("TRAILER!!!") - 1, 4);
++      if (grub_add (initrd_ctx->size,
++		    ALIGN_UP (sizeof (struct newc_head)
++			      + sizeof ("TRAILER!!!") - 1, 4),
++		    &initrd_ctx->size))
++	goto overflow;
+       free_dir (root);
+       root = 0;
+     }
+   
+   return GRUB_ERR_NONE;
++
++ overflow:
++  free_dir (root);
++  grub_initrd_close (initrd_ctx);
++  return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ }
+ 
+ grub_size_t
+@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
+ 
+       if (initrd_ctx->components[i].newc_name)
+ 	{
+-	  ptr += insert_dir (initrd_ctx->components[i].newc_name,
+-			     &root, ptr);
++	  grub_size_t dir_size;
++
++	  if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
++			  &dir_size))
++	    {
++	      free_dir (root);
++	      grub_initrd_close (initrd_ctx);
++	      return grub_errno;
++	    }
++	  ptr += dir_size;
+ 	  ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
+ 			     grub_strlen (initrd_ctx->components[i].newc_name),
+ 			     0100777,
+-- 
+2.14.4
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index e3d929a824..ef3e64671f 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,6 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://CVE-2020-10713.patch \
+           file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \
+           file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \
+           file://0003-calloc-Use-calloc-at-most-places.patch \
+           file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \
+           file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
+           file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \
+           file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
+           file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
 "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.17.1

[OE-core][dunfell 12/12] grub: clean up CVE patches

[Steve Sakoman]

From: Yongxin Liu <yongxin.liu@windriver.com>

Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").

1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcb8b6719beaf6625e6b703e91958fe8afba5819)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...14308-calloc-Use-calloc-at-most-places.patch} | 10 +++++++---
 ...rflow-checking-primitives-where-we-do-.patch} | 10 +++++++---
 ...-use-after-free-when-redefining-a-func.patch} | 10 +++++++---
 ...eger-overflows-in-initrd-size-handling.patch} | 10 +++++++---
 ...re-we-always-have-an-overflow-checking.patch} |  0
 ...-Add-LVM-cache-logical-volume-handling.patch} |  0
 ...ome-arithmetic-primitives-that-check-f.patch} |  0
 ...unused-fields-from-grub_script_functio.patch} |  0
 meta/recipes-bsp/grub/grub2.inc                  | 16 ++++++++--------
 9 files changed, 36 insertions(+), 20 deletions(-)
 rename meta/recipes-bsp/grub/files/{0003-calloc-Use-calloc-at-most-places.patch => CVE-2020-14308-calloc-Use-calloc-at-most-places.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch => CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch => CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch} (95%)
 rename meta/recipes-bsp/grub/files/{0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch => CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch} (96%)
 rename meta/recipes-bsp/grub/files/{0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch => calloc-Make-sure-we-always-have-an-overflow-checking.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0002-lvm-Add-LVM-cache-logical-volume-handling.patch => lvm-Add-LVM-cache-logical-volume-handling.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch => safemath-Add-some-arithmetic-primitives-that-check-f.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0006-script-Remove-unused-fields-from-grub_script_functio.patch => script-Remove-unused-fields-from-grub_script_functio.patch} (100%)

diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
similarity index 99%
rename from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
index eb3e42c3af..637e368cb0 100644
--- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
@@ -19,11 +19,15 @@ Among other issues, this fixes:
 
 Fixes: CVE-2020-14308
 
-Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Peter Jones <pjones@redhat.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14308
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
+
 [YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
similarity index 99%
rename from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
index 146602cd3e..896a2145d4 100644
--- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -26,11 +26,15 @@ Among other issues, this fixes:
 
 Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
 
-Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Peter Jones <pjones@redhat.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
similarity index 95%
rename from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
index fedfc5d203..329e554a68 100644
--- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -19,11 +19,15 @@ dependent on the current behaviour without being broken.
 
 Fixes: CVE-2020-15706
 
-Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15706
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/script/execute.c  |  2 ++
diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
similarity index 96%
rename from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
index 0731f0ec53..d4f9300c0a 100644
--- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem with very large files.
 
 Fixes: CVE-2020-15707
 
-Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Colin Watson <cjwatson@debian.org>
 Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15707
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
rename to meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
rename to meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
rename to meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
rename to meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ef3e64671f..4ec7d0b0fc 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://CVE-2020-10713.patch \
-           file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \
-           file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \
-           file://0003-calloc-Use-calloc-at-most-places.patch \
-           file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \
-           file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
-           file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \
-           file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
-           file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
+           file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \
+           file://lvm-Add-LVM-cache-logical-volume-handling.patch \
+           file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \
+           file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \
+           file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
+           file://script-Remove-unused-fields-from-grub_script_functio.patch \
+           file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
+           file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
 "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.17.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1739

The following changes since commit af4fbea9a1656bdf95d85831cae13cae3a60d5ee:

  patch: fix CVE-2019-20633 (2021-01-04 04:50:23 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.85

Daniel Ammann (1):
  wic: fix typo

Mikko Rapeli (3):
  glibc: update to 2.31 stable tree head
  glib-2.0: add patch for CVE-2020-35457
  systemd: update from 244.3 to 244.5 stable release

Milan Shah (1):
  oe-pkgdata-util: Added a test to verify oe-pkgdata-util without
    parameters

Ovidiu Panait (1):
  timezone: upgrade to 2020f

Paul Barker (1):
  selftest: Add argument to keep build dir

Richard Purdie (1):
  gcc: Fix mangled patch

Ross Burton (2):
  diffstat: point the license checksum at the license
  ruby: remove tcl DEPENDS

Wang Mingyu (1):
  mobile-broadband-provider-info: upgrade 20190618 ->20201225

 meta/lib/oeqa/selftest/cases/pkgdata.py       |  6 ++
 meta/lib/oeqa/selftest/context.py             | 17 +++-
 .../mobile-broadband-provider-info_git.bb     |  4 +-
 ...econdition-to-avoid-GOptionEntry-lis.patch | 41 ++++++++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |  1 +
 meta/recipes-core/glibc/glibc-version.inc     |  2 +-
 ...md-boot_244.3.bb => systemd-boot_244.5.bb} |  0
 meta/recipes-core/systemd/systemd.inc         |  2 +-
 .../systemd/systemd/CVE-2020-13776.patch      | 96 -------------------
 ...temd-udev-seclabel-options-crash-fix.patch | 30 ------
 .../{systemd_244.3.bb => systemd_244.5.bb}    |  5 +-
 .../diffstat/diffstat_1.63.bb                 |  4 +-
 ...gcc-Fix-argument-list-too-long-error.patch |  6 +-
 meta/recipes-devtools/ruby/ruby.inc           |  2 +-
 meta/recipes-extended/timezone/timezone.inc   |  6 +-
 .../linux/linux-yocto-rt_5.4.bb               |  6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 ++---
 .../wic/plugins/source/bootimg-partition.py   |  2 +-
 19 files changed, 97 insertions(+), 163 deletions(-)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch
 rename meta/recipes-core/systemd/{systemd-boot_244.3.bb => systemd-boot_244.5.bb} (100%)
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/systemd-udev-seclabel-options-crash-fix.patch
 rename meta/recipes-core/systemd/{systemd_244.3.bb => systemd_244.5.bb} (99%)

-- 
2.17.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2087

The following changes since commit 2cc9e06807026b86038db88c2175c626feadc0be:

  linux-yocto/5.4: fix arm defconfig warnings (2021-04-22 06:23:22 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (2):
  oeqa: tear down oeqa decorators if one of them raises an exception in
    setup
  meta/lib/oeqa/core/tests/cases/timeout.py: add a testcase for the
    previous fix

Diego Sueiro (1):
  oeqa/selftest/bblayers: Add test case for bitbake-layers
    layerindex-show-depends

Khem Raj (1):
  go: Use dl.google.com for SRC_URI

Konrad Weihmann (1):
  cve-update-db-native: skip on empty cpe23Uri

Marek Vasut (1):
  linux-firmware: Package RSI 911x WiFi firmware

Reto Schneider (2):
  license_image.bbclass: Detect broken symlinks
  license_image.bbclass: Fix symlink to generic license files

Richard Purdie (1):
  yocto-check-layer: Avoid bug when iterating and autoadding
    dependencies

Vinay Kumar (1):
  Binutils: Fix CVE-2021-20197

Zhang Qiang (1):
  kernel.bbclass: Configuration for environment with HOSTCXX

wangmy (1):
  go: update SRC_URI to use https protocol

 meta/classes/kernel.bbclass                   |   2 +
 meta/classes/license_image.bbclass            |  20 +-
 meta/lib/oeqa/core/case.py                    |   9 +-
 meta/lib/oeqa/core/decorator/oetimeout.py     |   5 +-
 meta/lib/oeqa/core/tests/cases/timeout.py     |  13 +
 meta/lib/oeqa/core/tests/test_decorators.py   |   6 +
 meta/lib/oeqa/selftest/cases/bblayers.py      |   5 +
 .../recipes-core/meta/cve-update-db-native.bb |   7 +-
 .../binutils/binutils-2.34.inc                |   1 +
 .../binutils/binutils/CVE-2021-20197.patch    | 572 ++++++++++++++++++
 meta/recipes-devtools/go/go-common.inc        |   2 +-
 .../linux-firmware/linux-firmware_20210208.bb |  11 +
 scripts/yocto-check-layer                     |   3 +
 13 files changed, 646 insertions(+), 10 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2021-20197.patch

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2338

The following changes since commit c96bcf97272f243df14598c84a41097746884b65:

  oeqa/selftest/archiver: Allow tests to ignore empty directories (2021-07-06 04:37:02 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  bootchart2: update 0.14.8 -> 0.14.9

Chen Qi (1):
  busybox: fix CVE-2021-28831

Khem Raj (1):
  webkitgtk: Upgrade to 2.28.4

Marek Vasut (1):
  update-rc.d: update SRCREV to pull in fix for non-bash shell support

Minjae Kim (1):
  dhcp: fix CVE-2021-25217

Richard Purdie (4):
  webkitgtk: upgrade 2.28.2 -> 2.28.3
  dwarfsrcfiles: Avoid races over debug-link files
  oeqa/selftest/multiprocesslauch: Fix test race
  report-error: Drop pointless inherit

Steve Sakoman (1):
  glibc: update to lastest 2.31 release HEAD

Tim Orling (1):
  python3: upgrade 3.8.10 -> 3.8.11

Zoltán Böszörményi (1):
  tzdata: Allow controlling zoneinfo binary format

 meta/classes/report-error.bbclass             |   2 -
 meta/lib/oeqa/selftest/cases/oelib/utils.py   |   3 +-
 .../dhcp/dhcp/CVE-2021-25217.patch            |  66 ++++
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |   1 +
 ...ss_gunzip-Fix-DoS-if-gzip-is-corrupt.patch |  51 +++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   3 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../update-rc.d/update-rc.d_0.8.bb            |   2 +-
 ...tchart2_0.14.8.bb => bootchart2_0.14.9.bb} |   3 +-
 .../dwarfsrcfiles/files/dwarfsrcfiles.c       |  13 +-
 .../recipes-devtools/python/python3_3.8.11.bb | 362 ++++++++++++++++++
 meta/recipes-extended/timezone/tzdata.bb      |  10 +-
 ...build-errors-due-to-WWc-11-narrowing.patch |  66 ++++
 .../webkit/webkitgtk/CVE-2020-13753.patch     |  15 -
 ...ebkitgtk_2.28.2.bb => webkitgtk_2.28.4.bb} |   5 +-
 15 files changed, 571 insertions(+), 33 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2021-25217.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
 rename meta/recipes-devtools/bootchart2/{bootchart2_0.14.8.bb => bootchart2_0.14.9.bb} (99%)
 create mode 100644 meta/recipes-devtools/python/python3_3.8.11.bb
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.28.2.bb => webkitgtk_2.28.4.bb} (97%)

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2469

The following changes since commit ce78c16409363741d59a2f787aca66077bec93cd:

  sstate.bbclass: fix error handling when sstate mirrors is ro (2021-08-16 04:41:07 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexandre Belloni (1):
  oeqa/runtime/cases: make date.DateTest.test_date more reliable

Bruce Ashfield (3):
  linux-yocto/5.4: update to v5.4.137
  linux-yocto/5.4: update to v5.4.139
  linux-yocto/5.4: update to v5.4.141

Dmitry Baryshkov (1):
  linux-firmware: add more Qualcomm firmware packages

Dragos-Marian Panait (1):
  util-linux: fix CVE-2021-37600

Khem Raj (1):
  sdk: Enable do_populate_sdk with multilibs

Purushottam Choudhary (1):
  python3: Remove unused python3 recipe

Richard Purdie (1):
  oeqa/selftest/glibc: Handle incorrect encoding issuesin glibc test
    results

Ross Burton (2):
  tar: ignore node-tar CVEs
  ovmf: build natively everywhere

hongxu (1):
  sdk: fix relocate symlink failed

 meta/classes/multilib.bbclass                 |   1 -
 meta/classes/populate_sdk_base.bbclass        |   2 +-
 meta/files/toolchain-shar-relocate.sh         |   2 +-
 meta/lib/oeqa/runtime/cases/date.py           |   9 +-
 meta/lib/oeqa/selftest/cases/glibc.py         |   2 +-
 meta/recipes-core/ovmf/ovmf_git.bb            |   2 +-
 .../util-linux/CVE-2021-37600.patch           |  33 ++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 .../recipes-devtools/python/python3_3.8.10.bb | 363 ------------------
 meta/recipes-extended/tar/tar_1.32.bb         |   3 +
 .../linux-firmware/linux-firmware_20210511.bb |  17 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 14 files changed, 79 insertions(+), 392 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
 delete mode 100644 meta/recipes-devtools/python/python3_3.8.10.bb

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on auto builder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3096

with the exception of a known intermmitent autobuilder issue on oe-selftest-fedora,
which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/3004

The following changes since commit 1ab7aee542589f6b6c76f8515b4230ce870a8678:

  selftest: skip virgl test on fedora 34 entirely (2021-12-23 06:21:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  lib/oe/reproducible: correctly set .git location when recursively
    looking for git repos

Marek Vasut (1):
  weston: Backport patches to always activate the top-level surface

Marta Rybczynska (1):
  grub: fix CVE-2020-14372 and CVE-2020-27779

Richard Purdie (4):
  openssl: Add reproducibility fix
  oeqa/selftest/bbtests: Use YP sources mirror instead of GNU
  oeqa/selftest/tinfoil: Update to use test command
  scripts: Update to use exec_module() instead of load_module()

Steve Sakoman (3):
  libpcre2: update SRC_URI
  selftest: skip virgl test on fedora 35
  asciidoc: properly detect and compare Python versions >= 3.10

Tim Orling (1):
  scripts/buildhistory-diff: drop use of distutils

wangmy (1):
  linux-firmware: upgrade 20211027 -> 20211216

 meta/lib/oe/reproducible.py                   |   2 +-
 meta/lib/oeqa/selftest/cases/bbtests.py       |   2 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +
 meta/lib/oeqa/selftest/cases/tinfoil.py       |   6 +-
 .../grub/files/CVE-2020-14372.patch           |  76 +++
 .../grub/files/CVE-2020-14372_1.patch         | 130 ++++++
 .../grub/files/CVE-2020-14372_2.patch         | 431 ++++++++++++++++++
 .../grub/files/CVE-2020-14372_3.patch         |  57 +++
 .../grub/files/CVE-2020-14372_4.patch         |  52 +++
 .../grub/files/CVE-2020-14372_5.patch         | 158 +++++++
 .../grub/files/CVE-2020-27779.patch           |  70 +++
 .../grub/files/CVE-2020-27779_2.patch         | 105 +++++
 .../grub/files/CVE-2020-27779_3.patch         |  37 ++
 .../grub/files/CVE-2020-27779_4.patch         |  35 ++
 .../grub/files/CVE-2020-27779_5.patch         |  62 +++
 .../grub/files/CVE-2020-27779_6.patch         |  61 +++
 .../grub/files/CVE-2020-27779_7.patch         |  65 +++
 .../grub/files/no-insmod-on-sb.patch          | 107 +++++
 meta/recipes-bsp/grub/grub2.inc               |  14 +
 .../openssl/openssl/reproducibility.patch     |  22 +
 .../openssl/openssl_1.1.1l.bb                 |   1 +
 .../asciidoc/detect-python-version.patch      |  42 ++
 .../asciidoc/asciidoc_8.6.9.bb                |   3 +-
 ...move-no-op-de-activation-of-the-xdg-.patch |  32 ++
 ...name-gain-lose-keyboard-focus-to-act.patch |  57 +++
 ...bed-keyboard-focus-handle-code-when-.patch |  99 ++++
 meta/recipes-graphics/wayland/weston_8.0.0.bb |   3 +
 ...20211027.bb => linux-firmware_20211216.bb} |   4 +-
 .../recipes-support/libpcre/libpcre2_10.34.bb |   2 +-
 scripts/buildhistory-diff                     |   5 -
 scripts/lib/scriptutils.py                    |   7 +-
 scripts/lib/wic/pluginbase.py                 |   8 +-
 32 files changed, 1739 insertions(+), 18 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_1.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_2.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_3.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_4.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_2.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_3.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_6.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch
 create mode 100644 meta/recipes-bsp/grub/files/no-insmod-on-sb.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducibility.patch
 create mode 100644 meta/recipes-extended/asciidoc/asciidoc/detect-python-version.patch
 create mode 100644 meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch
 create mode 100644 meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch
 create mode 100644 meta/recipes-graphics/wayland/weston/0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211027.bb => linux-firmware_20211216.bb} (99%)

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3790

The following changes since commit 7e056e79a5acce8261cb5124c172cc40ad608b82:

  linux-yocto/5.4: update to v5.4.196 (2022-06-07 08:56:30 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Jose Quaresma (2):
  archiver: use bb.note instead of echo
  archiver: don't use machine variables in shared recipes

Marcel Ziswiler (1):
  alsa-plugins: fix libavtp vs. avtp packageconfig

Martin Jansa (1):
  rootfs.py: close kernel_abi_ver_file

Mingli Yu (1):
  oescripts: change compare logic in OEListPackageconfigTests

Pawan Badganchi (1):
  openssh: Whitelist CVE-2021-36368

Peter Kjellerstedt (1):
  license.bbclass: Bound beginline and endline in copy_license_files()

Rasmus Villemoes (1):
  e2fsprogs: add alternatives handling of lsattr as well

Richard Purdie (2):
  vim: Upgrade 8.2.5034 -> 8.2.5083
  gcc-source: Fix incorrect task dependencies from ${B}

Stefan Wiehler (1):
  kernel-yocto.bbclass: Reset to exiting on non-zero return code at end
    of task

Steve Sakoman (1):
  cups: fix CVE-2022-26691

 meta/classes/archiver.bbclass                 | 11 +++++--
 meta/classes/kernel-yocto.bbclass             |  8 +++++
 meta/classes/license.bbclass                  |  8 ++---
 meta/lib/oe/rootfs.py                         |  4 ++-
 meta/lib/oeqa/selftest/cases/oescripts.py     |  3 +-
 .../openssh/openssh_8.2p1.bb                  |  7 ++++
 .../e2fsprogs/e2fsprogs_1.45.7.bb             |  5 ++-
 meta/recipes-devtools/gcc/gcc-common.inc      |  2 +-
 meta/recipes-devtools/gcc/gcc-source.inc      |  1 +
 meta/recipes-extended/cups/cups.inc           |  3 +-
 .../cups/cups/CVE-2022-26691.patch            | 33 +++++++++++++++++++
 .../alsa/alsa-plugins_1.2.1.bb                |  2 +-
 meta/recipes-support/vim/vim.inc              |  4 +--
 13 files changed, 76 insertions(+), 15 deletions(-)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2022-26691.patch

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3844

With the exception of a known autobuilder intermittent issue:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14788

which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/5413

The following changes since commit c6f5fb5e7545636ef7948ad1562548b7b64dac35:

  linux-firmware: upgrade 20220509 -> 20220610 (2022-06-20 07:32:00 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ahmed Hossam (1):
  insane.bbclass: host-user-contaminated: Correct per package home path

Alexander Kanavin (1):
  wireless-regdb: upgrade 2022.04.08 -> 2022.06.06

Hitendra Prajapati (3):
  golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode
  golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse
    when reading a very large header
  grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow
    unprivileged user to read the file content

Joe Slater (1):
  unzip: fix CVE-2021-4217

Marek Vasut (1):
  lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes

Marta Rybczynska (2):
  cve-check: add support for Ignored CVEs
  oeqa/selftest/cve_check: add tests for Ignored and partial reports

Martin Jansa (1):
  wic: fix WicError message

Muhammad Hamza (1):
  initramfs-framework: move storage mounts to actual rootfs

Richard Purdie (1):
  unzip: Port debian fixes for two CVEs

 meta/classes/cve-check.bbclass                |  41 ++-
 meta/classes/insane.bbclass                   |   2 +-
 meta/lib/oeqa/selftest/cases/cve_check.py     |  82 ++++++
 .../grub/files/CVE-2021-3981.patch            |  32 +++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 .../initrdscripts/initramfs-framework/finish  |   9 +
 meta/recipes-devtools/go/go-1.14.inc          |   2 +
 .../go/go-1.14/CVE-2021-31525.patch           |  38 +++
 .../go/go-1.14/CVE-2022-24675.patch           | 271 ++++++++++++++++++
 .../unzip/unzip/CVE-2021-4217.patch           |  67 +++++
 .../unzip/unzip/CVE-2022-0529.patch           |  39 +++
 .../unzip/unzip/CVE-2022-0530.patch           |  33 +++
 meta/recipes-extended/unzip/unzip_6.0.bb      |   3 +
 ...ndom-remove-unused-tracepoints-v5.18.patch |  46 +++
 ...emove-unused-tracepoints-v5.10-v5.15.patch |  45 +++
 ...racepoints-removed-in-stable-kernels.patch |  51 ++++
 .../lttng/lttng-modules_2.11.6.bb             |   3 +
 ....04.08.bb => wireless-regdb_2022.06.06.bb} |   2 +-
 scripts/wic                                   |   2 +-
 19 files changed, 754 insertions(+), 15 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-24675.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0017-fix-random-remove-unused-tracepoints-v5.18.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0018-fix-random-remove-unused-tracepoints-v5.10-v5.15.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0019-fix-random-tracepoints-removed-in-stable-kernels.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.04.08.bb => wireless-regdb_2022.06.06.bb} (94%)

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4885

The following changes since commit 4f069121ddb99bb6e2f186724cd60ca07f74f503:

  python3: fix packaging of Windows distutils installer stubs (2023-02-04 04:34:20 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.229
  linux-yocto/5.4: update to v5.4.230

Khem Raj (1):
  libtirpc: Check if file exists before operating on it

Niko Mauno (1):
  Fix missing leading whitespace with ':append'

Ranjitsinh Rathod (1):
  libsdl2: Add fix for CVE-2022-4743

Steve Sakoman (4):
  lttng-modules: update 2.11.6 -> 2.11.7
  lttng-modules: update 2.11.7 -> 2.11.8
  lttng-modules: update 2.11.8 -> 2.11.9
  lttng-modules: fix build with 5.4.229 kernel

Thomas Roos (1):
  devtool: fix devtool finish when gitmodules file is empty

Vivek Kumbhar (1):
  go: fix CVE-2022-1962 go/parser stack exhaustion in all Parse*
    functions

Xiaobing Luo (1):
  devtool: Fix _copy_file() TypeError

 meta/classes/externalsrc.bbclass              |   2 +-
 meta/classes/populate_sdk_ext.bbclass         |   2 +-
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-1962.patch            | 357 ++++++++++++++++++
 .../libtirpc/libtirpc_1.2.6.bb                |   2 +-
 .../libsdl2/libsdl2/CVE-2022-4743.patch       |  38 ++
 .../libsdl2/libsdl2_2.0.12.bb                 |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 ...ncpy-equals-destination-size-warning.patch |  42 ---
 ...jtool-Rename-frame.h-objtool.h-v5.10.patch |  88 -----
 ...oints-output-proper-root-owner-for-t.patch | 316 ----------------
 ...rdered-extent-tracepoint-take-btrfs_.patch | 179 ---------
 ...ext4-fast-commit-recovery-path-v5.10.patch |  91 -----
 ...intr-vectoring-info-and-error-code-t.patch | 124 ------
 ...x86-mmu-Add-TDP-MMU-PF-handler-v5.10.patch |  82 ----
 ...Return-unique-RET_PF_-values-if-the-.patch |  71 ----
 ...int-Optimize-using-static_call-v5.10.patch | 155 --------
 ...-fix-include-order-for-older-kernels.patch |  31 --
 .../0011-Add-release-maintainer-script.patch  |  59 ---
 .../0012-Improve-the-release-script.patch     | 173 ---------
 ...fix-ext4-fast-commit-recovery-path-v.patch |  32 --
 ...-fix-include-order-for-older-kernels.patch |  32 --
 ...fix-tracepoint-Optimize-using-static.patch |  46 ---
 ...ion-range-for-trace_find_free_extent.patch |  30 --
 ...ix-jbd2-use-the-correct-print-format.patch | 147 ++++++++
 ...ules_2.11.6.bb => lttng-modules_2.11.9.bb} |  21 +-
 scripts/lib/devtool/standard.py               |   2 +-
 29 files changed, 569 insertions(+), 1591 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-1962.patch
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-strncpy-equals-destination-size-warning.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-objtool-Rename-frame.h-objtool.h-v5.10.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-btrfs-tracepoints-output-proper-root-owner-for-t.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0004-fix-btrfs-make-ordered-extent-tracepoint-take-btrfs_.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0005-fix-ext4-fast-commit-recovery-path-v5.10.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0006-fix-KVM-x86-Add-intr-vectoring-info-and-error-code-t.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0007-fix-kvm-x86-mmu-Add-TDP-MMU-PF-handler-v5.10.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0008-fix-KVM-x86-mmu-Return-unique-RET_PF_-values-if-the-.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0009-fix-tracepoint-Optimize-using-static_call-v5.10.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0010-fix-include-order-for-older-kernels.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0011-Add-release-maintainer-script.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0012-Improve-the-release-script.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0013-fix-backport-of-fix-ext4-fast-commit-recovery-path-v.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0014-Revert-fix-include-order-for-older-kernels.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0015-fix-backport-of-fix-tracepoint-Optimize-using-static.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0016-fix-adjust-version-range-for-trace_find_free_extent.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/fix-jbd2-use-the-correct-print-format.patch
 rename meta/recipes-kernel/lttng/{lttng-modules_2.11.6.bb => lttng-modules_2.11.9.bb} (59%)

-- 
2.25.1

[OE-core][dunfell 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Friday, March 22

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6692

The following changes since commit b49b0a3dd74c24f3a011c9c0b5cf8f6530956cfa:

  build-appliance-image: Update to dunfell head revision (2024-03-01 03:19:51 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23

Alexander Kanavin (1):
  linux-firmware: upgrade 20231211 -> 20240220

Alexander Sverdlin (1):
  linux-firmware: upgrade 20231030 -> 20231211

Michael Halstead (1):
  yocto-uninative: Update to 4.4 for glibc 2.39

Vijay Anusuri (1):
  libxml2: Backport fix for CVE-2024-25062

Wang Mingyu (1):
  wireless-regdb: upgrade 2023.05.03 -> 2023.09.01

Yoann Congal (6):
  cve-update-nvd2-native: Fix typo in comment
  cve-update-nvd2-native: Add an age threshold for incremental update
  cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
  cve-update-nvd2-native: nvd_request_next: Improve comment
  cve-update-nvd2-native: Fix CVE configuration update
  cve-update-nvd2-native: Remove rejected CVE from database

 meta/conf/distro/include/yocto-uninative.inc  | 10 ++---
 .../libxml/libxml2/CVE-2024-25062-pre1.patch  | 38 +++++++++++++++++++
 .../libxml/libxml2/CVE-2024-25062.patch       | 33 ++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |  2 +
 .../meta/cve-update-nvd2-native.bb            | 35 +++++++++++++----
 ...20231030.bb => linux-firmware_20240220.bb} |  7 ++--
 ....05.03.bb => wireless-regdb_2024.01.23.bb} |  4 +-
 7 files changed, 111 insertions(+), 18 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231030.bb => linux-firmware_20240220.bb} (99%)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => wireless-regdb_2024.01.23.bb} (88%)

-- 
2.34.1