X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=lfs%2Fgrub;h=8b82189fce16a7015a7e13355a3ee2555f03a2da;hb=6033b2710346f9bf4e1182db706775ccde59e5c1;hp=a054b8e50b73df89a574aecd0052d0bd47286772;hpb=9376c3ae9251ae24813cac08c1885e3da730675d;p=ipfire-2.x.git

diff --git a/lfs/grub b/lfs/grub
index a054b8e50b..8b82189fce 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub2-remove-gets.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_ignore_missing_symtab.patch
 	cd $(DIR_APP) && \
 		./configure \
 			--prefix=/usr \
@@ -100,6 +101,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	-mkdir -pv /etc/default
 	install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub
 
+	# Disable hardening.
+	paxctl -Cmpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe
+	paxctl -Cmpexs /usr/bin/grub-script-check
+
 	# We don't need to install unifont just to generate a grub2 compatible
 	# font archive for the graphical boot menu. The following command only
 	# converts Latin-1, Latin Extended A+B, Arrows, Box and Block characters.