nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Dec 2021 15:07:50 -0500
Subject: [PATCH] Update gnulib version and drop most gnulib patches

In addition to the changes carried in our gnulib patches, several
Coverity and code hygiene fixes that were previously downstream are also
included in this 3-year gnulib increment.

Unfortunately, fix-width.patch is retained.

Bump minimum autoconf version from 2.63 to 2.64 and automake from 1.11
to 1.14, as required by gnulib.

Sync bootstrap script itself with gnulib.

Update regexp module for new dynarray dependency.

Fix various new warnings.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit deb18ff931c3133c2aa536a92bd92e50d6615303)
[rharwood: backport around requirements in INSTALL]
---
 configure.ac                                       |   2 +-
 grub-core/Makefile.core.def                        |   3 +
 grub-core/disk/luks2.c                             |   4 +-
 grub-core/lib/posix_wrap/limits.h                  |   6 +-
 include/grub/compiler.h                            |   4 +-
 include/grub/list.h                                |   2 +-
 INSTALL                                            |   2 +-
 bootstrap                                          | 291 ++++++++++++---------
 bootstrap.conf                                     |  22 +-
 conf/Makefile.extra-dist                           |   6 -
 config.h.in                                        |  68 +++++
 grub-core/lib/gnulib-patches/fix-null-deref.patch  |  13 -
 .../lib/gnulib-patches/fix-null-state-deref.patch  |  12 -
 .../gnulib-patches/fix-regcomp-uninit-token.patch  |  15 --
 .../gnulib-patches/fix-regexec-null-deref.patch    |  12 -
 .../lib/gnulib-patches/fix-uninit-structure.patch  |  11 -
 .../lib/gnulib-patches/fix-unused-value.patch      |  14 -
 17 files changed, 262 insertions(+), 225 deletions(-)
 delete mode 100644 grub-core/lib/gnulib-patches/fix-null-deref.patch
 delete mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch
 delete mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
 delete mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
 delete mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch
 delete mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch

diff --git a/configure.ac b/configure.ac
index 40c4338bce..79f45ef1e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,7 +49,7 @@ AC_CANONICAL_TARGET
 program_prefix="${save_program_prefix}"
 
 AM_INIT_AUTOMAKE([1.11])
-AC_PREREQ(2.63)
+AC_PREREQ(2.64)
 AC_CONFIG_SRCDIR([include/grub/dl.h])
 AC_CONFIG_HEADER([config-util.h])
 
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 08ac0fb15f..ec1ec5083b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -762,6 +762,9 @@ module = {
   name = regexp;
   common = commands/regexp.c;
   common = commands/wildcard.c;
+  common = lib/gnulib/malloc/dynarray_finalize.c;
+  common = lib/gnulib/malloc/dynarray_emplace_enlarge.c;
+  common = lib/gnulib/malloc/dynarray_resize.c;
   common = lib/gnulib/regex.c;
   cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
   cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)';
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 371a53b837..c917a5f91e 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -389,7 +389,7 @@ luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t *candidate_key,
 {
   grub_uint8_t candidate_digest[GRUB_CRYPTODISK_MAX_KEYLEN];
   grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN], salt[GRUB_CRYPTODISK_MAX_KEYLEN];
-  grub_size_t saltlen = sizeof (salt), digestlen = sizeof (digest);
+  idx_t saltlen = sizeof (salt), digestlen = sizeof (digest);
   const gcry_md_spec_t *hash;
   gcry_err_code_t gcry_ret;
 
@@ -428,7 +428,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
   grub_uint8_t area_key[GRUB_CRYPTODISK_MAX_KEYLEN];
   grub_uint8_t salt[GRUB_CRYPTODISK_MAX_KEYLEN];
   grub_uint8_t *split_key = NULL;
-  grub_size_t saltlen = sizeof (salt);
+  idx_t saltlen = sizeof (salt);
   char cipher[32], *p;
   const gcry_md_spec_t *hash;
   gcry_err_code_t gcry_ret;
diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h
index 591dbf3289..4be7b40806 100644
--- a/grub-core/lib/posix_wrap/limits.h
+++ b/grub-core/lib/posix_wrap/limits.h
@@ -25,7 +25,11 @@
 #define USHRT_MAX GRUB_USHRT_MAX
 #define UINT_MAX GRUB_UINT_MAX
 #define ULONG_MAX GRUB_ULONG_MAX
-#define SIZE_MAX GRUB_SIZE_MAX
+
+/* gnulib also defines this type */
+#ifndef SIZE_MAX
+#  define SIZE_MAX GRUB_SIZE_MAX
+#endif
 
 #define SCHAR_MIN GRUB_SCHAR_MIN
 #define SCHAR_MAX GRUB_SCHAR_MAX
diff --git a/include/grub/compiler.h b/include/grub/compiler.h
index ebafec6895..441a9eca07 100644
--- a/include/grub/compiler.h
+++ b/include/grub/compiler.h
@@ -30,10 +30,10 @@
 
 /* Does this compiler support compile-time error attributes? */
 #if GNUC_PREREQ(4,3)
-#  define ATTRIBUTE_ERROR(msg) \
+#  define GRUB_ATTRIBUTE_ERROR(msg) \
 	__attribute__ ((__error__ (msg)))
 #else
-#  define ATTRIBUTE_ERROR(msg) __attribute__ ((noreturn))
+#  define GRUB_ATTRIBUTE_ERROR(msg) __attribute__ ((noreturn))
 #endif
 
 #if GNUC_PREREQ(4,4)
diff --git a/include/grub/list.h b/include/grub/list.h
index b13acb9624..21f4b4b44a 100644
--- a/include/grub/list.h
+++ b/include/grub/list.h
@@ -40,7 +40,7 @@ void EXPORT_FUNC(grub_list_remove) (grub_list_t item);
 
 static inline void *
 grub_bad_type_cast_real (int line, const char *file)
-     ATTRIBUTE_ERROR ("bad type cast between incompatible grub types");
+     GRUB_ATTRIBUTE_ERROR ("bad type cast between incompatible grub types");
 
 static inline void *
 grub_bad_type_cast_real (int line, const char *file)
diff --git a/INSTALL b/INSTALL
index 79a0af7d93..ee9f536f76 100644
--- a/INSTALL
+++ b/INSTALL
@@ -42,7 +42,7 @@ If you use a development snapshot or want to hack on GRUB you may
 need the following.
 
 * Python 2.6 or later
-* Autoconf 2.63 or later
+* Autoconf 2.64 or later
 * Automake 1.11 or later
 
 Prerequisites for make-check:
diff --git a/bootstrap b/bootstrap
index 5b08e7e2d4..dc2238f4ad 100755
--- a/bootstrap
+++ b/bootstrap
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2019-01-04.17; # UTC
+scriptversion=2022-01-26.05; # UTC
 
 # Bootstrap this package from checked-out sources.
 
-# Copyright (C) 2003-2019 Free Software Foundation, Inc.
+# Copyright (C) 2003-2022 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -47,7 +47,7 @@ PERL="${PERL-perl}"
 
 me=$0
 
-default_gnulib_url=git://git.sv.gnu.org/gnulib
+default_gnulib_url=https://git.savannah.gnu.org/git/gnulib.git
 
 usage() {
   cat <<EOF
@@ -71,7 +71,9 @@ Options:
  --no-git                 do not use git to update gnulib.  Requires that
                           --gnulib-srcdir point to a correct gnulib snapshot
  --skip-po                do not download po files
-
+EOF
+  bootstrap_print_option_usage_hook
+  cat <<EOF
 If the file $me.conf exists in the same directory as this script, its
 contents are read as shell variables to configure the bootstrap.
 
@@ -113,6 +115,12 @@ Running without arguments will suffice in most cases.
 EOF
 }
 
+copyright_year=`echo "$scriptversion" | sed -e 's/[^0-9].*//'`
+copyright="Copyright (C) ${copyright_year} Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law."
+
 # warnf_ FORMAT-STRING ARG1...
 warnf_ ()
 {
@@ -154,6 +162,18 @@ gnulib_files=
 : ${AUTOPOINT=autopoint}
 : ${AUTORECONF=autoreconf}
 
+# A function to be called for each unrecognized option.  Returns 0 if
+# the option in $1 has been processed by the function.  Returns 1 if
+# the option has not been processed by the function.  Override it via
+# your own definition in bootstrap.conf
+
+bootstrap_option_hook() { return 1; }
+
+# A function to be called in order to print the --help information
+# corresponding to user-defined command-line options.
+
+bootstrap_print_option_usage_hook() { :; }
+
 # A function to be called right after gnulib-tool is run.
 # Override it via your own definition in bootstrap.conf.
 bootstrap_post_import_hook() { :; }
@@ -166,11 +186,11 @@ bootstrap_epilogue() { :; }
 # specified directory.  Fill in the first %s with the destination
 # directory and the second with the domain name.
 po_download_command_format=\
-"wget --mirror --level=1 -nd -q -A.po -P '%s' \
+"wget --mirror --level=1 -nd -nv -A.po -P '%s' \
  https://translationproject.org/latest/%s/"
 
 # Prefer a non-empty tarname (4th argument of AC_INIT if given), else
-# fall back to the package name (1st argument with munging)
+# fall back to the package name (1st argument with munging).
 extract_package_name='
   /^AC_INIT(\[*/{
      s///
@@ -187,8 +207,11 @@ extract_package_name='
      p
   }
 '
-package=$(sed -n "$extract_package_name" configure.ac) \
-  || die 'cannot find package name in configure.ac'
+package=$(${AUTOCONF:-autoconf} --trace AC_INIT:\$4 configure.ac 2>/dev/null)
+if test -z "$package"; then
+  package=$(sed -n "$extract_package_name" configure.ac) \
+      || die 'cannot find package name in configure.ac'
+fi
 gnulib_name=lib$package
 
 build_aux=build-aux
@@ -290,6 +313,116 @@ find_tool ()
   eval "export $find_tool_envvar"
 }
 
+# Strip blank and comment lines to leave significant entries.
+gitignore_entries() {
+  sed '/^#/d; /^$/d' "$@"
+}
+
+# If $STR is not already on a line by itself in $FILE, insert it at the start.
+# Entries are inserted at the start of the ignore list to ensure existing
+# entries starting with ! are not overridden.  Such entries support
+# whitelisting exceptions after a more generic blacklist pattern.
+insert_if_absent() {
+  file=$1
+  str=$2
+  test -f $file || touch $file
+  test -r $file || die "Error: failed to read ignore file: $file"
+  duplicate_entries=$(gitignore_entries $file | sort | uniq -d)
+  if [ "$duplicate_entries" ] ; then
+    die "Error: Duplicate entries in $file: " $duplicate_entries
+  fi
+  linesold=$(gitignore_entries $file | wc -l)
+  linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l)
+  if [ $linesold != $linesnew ] ; then
+    { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
+      || die "insert_if_absent $file $str: failed"
+  fi
+}
+
+# Adjust $PATTERN for $VC_IGNORE_FILE and insert it with
+# insert_if_absent.
+insert_vc_ignore() {
+  vc_ignore_file="$1"
+  pattern="$2"
+  case $vc_ignore_file in
+  *.gitignore)
+    # A .gitignore entry that does not start with '/' applies
+    # recursively to subdirectories, so prepend '/' to every
+    # .gitignore entry.
+    pattern=$(echo "$pattern" | sed s,^,/,);;
+  esac
+  insert_if_absent "$vc_ignore_file" "$pattern"
+}
+
+symlink_to_dir()
+{
+  src=$1/$2
+  dst=${3-$2}
+
+  test -f "$src" && {
+
+    # If the destination directory doesn't exist, create it.
+    # This is required at least for "lib/uniwidth/cjk.h".
+    dst_dir=$(dirname "$dst")
+    if ! test -d "$dst_dir"; then
+      mkdir -p "$dst_dir"
+
+      # If we've just created a directory like lib/uniwidth,
+      # tell version control system(s) it's ignorable.
+      # FIXME: for now, this does only one level
+      parent=$(dirname "$dst_dir")
+      for dot_ig in x $vc_ignore; do
+        test $dot_ig = x && continue
+        ig=$parent/$dot_ig
+        insert_vc_ignore $ig "${dst_dir##*/}"
+      done
+    fi
+
+    if $copy; then
+      {
+        test ! -h "$dst" || {
+          echo "$me: rm -f $dst" &&
+          rm -f "$dst"
+        }
+      } &&
+      test -f "$dst" &&
+      cmp -s "$src" "$dst" || {
+        echo "$me: cp -fp $src $dst" &&
+        cp -fp "$src" "$dst"
+      }
+    else
+      # Leave any existing symlink alone, if it already points to the source,
+      # so that broken build tools that care about symlink times
+      # aren't confused into doing unnecessary builds.  Conversely, if the
+      # existing symlink's timestamp is older than the source, make it afresh,
+      # so that broken tools aren't confused into skipping needed builds.  See
+      # <https://lists.gnu.org/r/bug-gnulib/2011-05/msg00326.html>.
+      test -h "$dst" &&
+      src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 &&
+      dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 &&
+      test "$src_i" = "$dst_i" &&
+      both_ls=$(ls -dt "$src" "$dst") &&
+      test "X$both_ls" = "X$dst$nl$src" || {
+        dot_dots=
+        case $src in
+        /*) ;;
+        *)
+          case /$dst/ in
+          *//* | */../* | */./* | /*/*/*/*/*/)
+             die "invalid symlink calculation: $src -> $dst";;
+          /*/*/*/*/)    dot_dots=../../../;;
+          /*/*/*/)      dot_dots=../../;;
+          /*/*/)        dot_dots=../;;
+          esac;;
+        esac
+
+        echo "$me: ln -fs $dot_dots$src $dst" &&
+        ln -fs "$dot_dots$src" "$dst"
+      }
+    fi
+  }
+}
+
 # Override the default configuration, if necessary.
 # Make sure that bootstrap.conf is sourced from the current directory
 # if we were invoked as "sh bootstrap".
@@ -320,6 +453,12 @@ do
   --help)
     usage
     exit;;
+  --version)
+    set -e
+    echo "bootstrap $scriptversion"
+    echo "$copyright"
+    exit 0
+    ;;
   --gnulib-srcdir=*)
     GNULIB_SRCDIR=${option#--gnulib-srcdir=};;
   --skip-po)
@@ -335,7 +474,7 @@ do
   --no-git)
     use_git=false;;
   *)
-    die "$option: unknown option";;
+    bootstrap_option_hook $option || die "$option: unknown option";;
   esac
 done
 
@@ -346,47 +485,6 @@ if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
   die "Bootstrapping from a non-checked-out distribution is risky."
 fi
 
-# Strip blank and comment lines to leave significant entries.
-gitignore_entries() {
-  sed '/^#/d; /^$/d' "$@"
-}
-
-# If $STR is not already on a line by itself in $FILE, insert it at the start.
-# Entries are inserted at the start of the ignore list to ensure existing
-# entries starting with ! are not overridden.  Such entries support
-# whitelisting exceptions after a more generic blacklist pattern.
-insert_if_absent() {
-  file=$1
-  str=$2
-  test -f $file || touch $file
-  test -r $file || die "Error: failed to read ignore file: $file"
-  duplicate_entries=$(gitignore_entries $file | sort | uniq -d)
-  if [ "$duplicate_entries" ] ; then
-    die "Error: Duplicate entries in $file: " $duplicate_entries
-  fi
-  linesold=$(gitignore_entries $file | wc -l)
-  linesnew=$( { echo "$str"; cat $file; } | gitignore_entries | sort -u | wc -l)
-  if [ $linesold != $linesnew ] ; then
-    { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
-      || die "insert_if_absent $file $str: failed"
-  fi
-}
-
-# Adjust $PATTERN for $VC_IGNORE_FILE and insert it with
-# insert_if_absent.
-insert_vc_ignore() {
-  vc_ignore_file="$1"
-  pattern="$2"
-  case $vc_ignore_file in
-  *.gitignore)
-    # A .gitignore entry that does not start with '/' applies
-    # recursively to subdirectories, so prepend '/' to every
-    # .gitignore entry.
-    pattern=$(echo "$pattern" | sed s,^,/,);;
-  esac
-  insert_if_absent "$vc_ignore_file" "$pattern"
-}
-
 # Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac.
 found_aux_dir=no
 grep '^[	 ]*AC_CONFIG_AUX_DIR(\['"$build_aux"'\])' configure.ac \
@@ -665,9 +763,25 @@ if $use_gnulib; then
       shallow=
       if test -z "$GNULIB_REVISION"; then
         git clone -h 2>&1 | grep -- --depth > /dev/null && shallow='--depth 2'
+        git clone $shallow ${GNULIB_URL:-$default_gnulib_url} "$gnulib_path" \
+          || cleanup_gnulib
+      else
+        git fetch -h 2>&1 | grep -- --depth > /dev/null && shallow='--depth 2'
+        mkdir -p "$gnulib_path"
+        # Only want a shallow checkout of $GNULIB_REVISION, but git does not
+        # support cloning by commit hash. So attempt a shallow fetch by commit
+        # hash to minimize the amount of data downloaded and changes needed to
+        # be processed, which can drastically reduce download and processing
+        # time for checkout. If the fetch by commit fails, a shallow fetch can
+        # not be performed because we do not know what the depth of the commit
+        # is without fetching all commits. So fallback to fetching all commits.
+        git -C "$gnulib_path" init
+        git -C "$gnulib_path" remote add origin ${GNULIB_URL:-$default_gnulib_url}
+        git -C "$gnulib_path" fetch $shallow origin "$GNULIB_REVISION" \
+          || git -C "$gnulib_path" fetch origin \
+          || cleanup_gnulib
+        git -C "$gnulib_path" reset --hard FETCH_HEAD
       fi
-      git clone $shallow ${GNULIB_URL:-$default_gnulib_url} "$gnulib_path" \
-        || cleanup_gnulib
 
       trap - 1 2 13 15
     fi
@@ -784,75 +898,6 @@ case $SKIP_PO in
   fi;;
 esac
 
-symlink_to_dir()
-{
-  src=$1/$2
-  dst=${3-$2}
-
-  test -f "$src" && {
-
-    # If the destination directory doesn't exist, create it.
-    # This is required at least for "lib/uniwidth/cjk.h".
-    dst_dir=$(dirname "$dst")
-    if ! test -d "$dst_dir"; then
-      mkdir -p "$dst_dir"
-
-      # If we've just created a directory like lib/uniwidth,
-      # tell version control system(s) it's ignorable.
-      # FIXME: for now, this does only one level
-      parent=$(dirname "$dst_dir")
-      for dot_ig in x $vc_ignore; do
-        test $dot_ig = x && continue
-        ig=$parent/$dot_ig
-        insert_vc_ignore $ig "${dst_dir##*/}"
-      done
-    fi
-
-    if $copy; then
-      {
-        test ! -h "$dst" || {
-          echo "$me: rm -f $dst" &&
-          rm -f "$dst"
-        }
-      } &&
-      test -f "$dst" &&
-      cmp -s "$src" "$dst" || {
-        echo "$me: cp -fp $src $dst" &&
-        cp -fp "$src" "$dst"
-      }
-    else
-      # Leave any existing symlink alone, if it already points to the source,
-      # so that broken build tools that care about symlink times
-      # aren't confused into doing unnecessary builds.  Conversely, if the
-      # existing symlink's timestamp is older than the source, make it afresh,
-      # so that broken tools aren't confused into skipping needed builds.  See
-      # <https://lists.gnu.org/r/bug-gnulib/2011-05/msg00326.html>.
-      test -h "$dst" &&
-      src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 &&
-      dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 &&
-      test "$src_i" = "$dst_i" &&
-      both_ls=$(ls -dt "$src" "$dst") &&
-      test "X$both_ls" = "X$dst$nl$src" || {
-        dot_dots=
-        case $src in
-        /*) ;;
-        *)
-          case /$dst/ in
-          *//* | */../* | */./* | /*/*/*/*/*/)
-             die "invalid symlink calculation: $src -> $dst";;
-          /*/*/*/*/)    dot_dots=../../../;;
-          /*/*/*/)      dot_dots=../../;;
-          /*/*/)        dot_dots=../;;
-          esac;;
-        esac
-
-        echo "$me: ln -fs $dot_dots$src $dst" &&
-        ln -fs "$dot_dots$src" "$dst"
-      }
-    fi
-  }
-}
-
 version_controlled_file() {
   parent=$1
   file=$2
@@ -970,7 +1015,7 @@ bootstrap_post_import_hook \
 # Uninitialized submodules are listed with an initial dash.
 if $use_git && git submodule | grep '^-' >/dev/null; then
   die "some git submodules are not initialized. "     \
-      "Run 'git submodule init' and bootstrap again."
+      "Run 'git submodule update --init' and bootstrap again."
 fi
 
 # Remove any dangling symlink matching "*.m4" or "*.[ch]" in some
@@ -1064,7 +1109,7 @@ bootstrap_epilogue
 
 echo "$0: done.  Now you can run './configure'."
 
-# Local variables:
+# Local Variables:
 # eval: (add-hook 'before-save-hook 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
diff --git a/bootstrap.conf b/bootstrap.conf
index 71ce943c7d..e4e5f3750a 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -1,6 +1,6 @@
 # Bootstrap configuration.
 
-# Copyright (C) 2006-2019 Free Software Foundation, Inc.
+# Copyright (C) 2006-2022 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,11 +16,10 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
+GNULIB_REVISION=9f48fb992a3d7e96610c4ce8be969cff2d61a01b
 
 # gnulib modules used by this package.
-# mbswidth is used by gnulib-fix-width.diff's changes to argp rather than
-# directly.
+# mbswidth is used by fix-width.diff's changes to argp rather than directly.
 gnulib_modules="
   argp
   base64
@@ -67,8 +66,8 @@ SKIP_PO=t
 
 # Build prerequisites
 buildreq="\
-autoconf   2.63
-automake   1.11
+autoconf   2.64
+automake   1.14
 gettext    0.18.3
 git        1.5.5
 tar        -
@@ -80,11 +79,12 @@ cp -a INSTALL INSTALL.grub
 
 bootstrap_post_import_hook () {
   set -e
-  for patchname in fix-null-deref fix-null-state-deref fix-regcomp-uninit-token \
-      fix-regexec-null-deref fix-uninit-structure fix-unused-value fix-width; do
-    patch -d grub-core/lib/gnulib -p2 \
-      < "grub-core/lib/gnulib-patches/$patchname.patch"
-  done
+
+  # Instead of patching our gnulib and therefore maintaining a fork, submit
+  # changes to gnulib and update the hash above when they've merged.  Do not
+  # add new patches here.
+  patch -d grub-core/lib/gnulib -p2 < grub-core/lib/gnulib-patches/fix-width.patch
+
   for patchname in \
       0001-Support-POTFILES-shell \
       0002-Handle-gettext_printf-shell-function \
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index 5eef708338..26ac8765e3 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -31,12 +31,6 @@ EXTRA_DIST += grub-core/gensymlist.sh
 EXTRA_DIST += grub-core/genemuinit.sh
 EXTRA_DIST += grub-core/genemuinitheader.sh
 
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
 
 EXTRA_DIST += grub-core/lib/libgcrypt
diff --git a/config.h.in b/config.h.in
index c3134309c6..512d1bbe13 100644
--- a/config.h.in
+++ b/config.h.in
@@ -67,10 +67,78 @@
 #  define _GNU_SOURCE 1
 
 #  ifndef _GL_INLINE_HEADER_BEGIN
+/* gnulib gets configured against the host, not the target, and the rest of
+ * our buildsystem works around that.  This is difficult to avoid as gnulib's
+ * detection requires a more capable system than our target.  Instead, we
+ * reach in and set values appropriately - intentionally setting more than the
+ * bare minimum.  If, when updating gnulib, something breaks, there's probably
+ * a change needed here or in grub-core/Makefile.core.def. */
+#    define SIZE_MAX ((size_t) -1)
+#    define _GL_ATTRIBUTE_ALLOC_SIZE(args) \
+    __attribute__ ((__alloc_size__ args))
+#    define _GL_ATTRIBUTE_ALWAYS_INLINE __attribute__ ((__always_inline__))
+#    define _GL_ATTRIBUTE_ARTIFICIAL __attribute__ ((__artificial__))
+#    define _GL_ATTRIBUTE_COLD __attribute__ ((cold))
 #    define _GL_ATTRIBUTE_CONST __attribute__ ((const))
+#    define _GL_ATTRIBUTE_DEALLOC(f, i) __attribute ((__malloc__ (f, i)))
+#    define _GL_ATTRIBUTE_DEALLOC_FREE _GL_ATTRIBUTE_DEALLOC (free, 1)
+#    define _GL_ATTRIBUTE_DEPRECATED __attribute__ ((__deprecated__))
+#    define _GL_ATTRIBUTE_ERROR(msg) __attribute__ ((__error__ (msg)))
+#    define _GL_ATTRIBUTE_EXTERNALLY_VISIBLE \
+    __attribute__ ((externally_visible))
+#    define _GL_ATTRIBUTE_FORMAT(spec) __attribute__ ((__format__ spec))
+#    define _GL_ATTRIBUTE_LEAF __attribute__ ((__leaf__))
+#    define _GL_ATTRIBUTE_MALLOC __attribute__ ((malloc))
+#    define _GL_ATTRIBUTE_MAYBE_UNUSED _GL_ATTRIBUTE_UNUSED
+#    define _GL_ATTRIBUTE_MAY_ALIAS __attribute__ ((__may_alias__))
+#    define _GL_ATTRIBUTE_NODISCARD __attribute__ ((__warn_unused_result__))
+#    define _GL_ATTRIBUTE_NOINLINE __attribute__ ((__noinline__))
+#    define _GL_ATTRIBUTE_NONNULL(args) __attribute__ ((__nonnull__ args))
+#    define _GL_ATTRIBUTE_NONSTRING __attribute__ ((__nonstring__))
+#    define _GL_ATTRIBUTE_PACKED __attribute__ ((__packed__))
+#    define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__))
+#    define _GL_ATTRIBUTE_RETURNS_NONNULL \
+    __attribute__ ((__returns_nonnull__))
+#    define _GL_ATTRIBUTE_SENTINEL(pos) __attribute__ ((__sentinel__ pos))
+#    define _GL_ATTRIBUTE_UNUSED __attribute__ ((__unused__))
+#    define _GL_ATTRIBUTE_WARNING(msg) __attribute__ ((__warning__ (msg)))
+#    define _GL_CMP(n1, n2) (((n1) > (n2)) - ((n1) < (n2)))
+#    define _GL_GNUC_PREREQ GNUC_PREREQ
+#    define _GL_INLINE inline
+#    define _GL_UNUSED_LABEL _GL_ATTRIBUTE_UNUSED
+
+/* We can't use __has_attribute for these because gcc-5.1 is too old for
+ * that.  Everything above is present in that version, though. */
+#    if __GNUC__ >= 7
+#      define _GL_ATTRIBUTE_FALLTHROUGH __attribute__ ((fallthrough))
+#    else
+#      define _GL_ATTRIBUTE_FALLTHROUGH /* empty */
+#    endif
+
+#    ifndef ASM_FILE
+typedef __INT_FAST32_TYPE__ int_fast32_t;
+typedef __UINT_FAST32_TYPE__ uint_fast32_t;
+#    endif
+
+/* Ensure ialloc nests static/non-static inline properly. */
+#    define IALLOC_INLINE static inline
+
+/* gnulib uses these for blocking out warnings they can't/won't fix.  gnulib
+ * also makes the decision about whether to provide a declaration for
+ * reallocarray() at compile-time, so this is a convenient place to override -
+ * it's used by the ialloc module, which is used by base64. */
+#    define _GL_INLINE_HEADER_BEGIN _Pragma ("GCC diagnostic push")	\
+    void *								\
+    reallocarray (void *ptr, unsigned int nmemb, unsigned int size);
+#    define _GL_INLINE_HEADER_END   _Pragma ("GCC diagnostic pop")
 
 /* We don't have an abort() for gnulib to call in regexp. */
 #    define abort __builtin_unreachable
 #  endif /* !_GL_INLINE_HEADER_BEGIN */
 
+/* gnulib doesn't build cleanly with older compilers. */
+#  if __GNUC__ < 11
+_Pragma ("GCC diagnostic ignored \"-Wtype-limits\"")
+#  endif
+
 #endif
diff --git a/grub-core/lib/gnulib-patches/fix-null-deref.patch b/grub-core/lib/gnulib-patches/fix-null-deref.patch
deleted file mode 100644
index 8fafa153a4..0000000000
--- a/grub-core/lib/gnulib-patches/fix-null-deref.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/lib/argp-parse.c b/lib/argp-parse.c
-index 6dec57310..900adad54 100644
---- a/lib/argp-parse.c
-+++ b/lib/argp-parse.c
-@@ -940,7 +940,7 @@ weak_alias (__argp_parse, argp_parse)
- void *
- __argp_input (const struct argp *argp, const struct argp_state *state)
- {
--  if (state)
-+  if (state && state->pstate)
-     {
-       struct group *group;
-       struct parser *parser = state->pstate;
diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
deleted file mode 100644
index 813ec09c8a..0000000000
--- a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/lib/argp-help.c	2020-10-28 14:32:19.189215988 +0000
-+++ b/lib/argp-help.c	2020-10-28 14:38:21.204673940 +0000
-@@ -145,7 +145,8 @@
-       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
-         {
-           __argp_failure (state, 0, 0,
--                          dgettext (state->root_argp->argp_domain,
-+                          dgettext (state == NULL ? NULL
-+                                    : state->root_argp->argp_domain,
-                                     "\
- ARGP_HELP_FMT: %s value is less than or equal to %s"),
-                           "rmargin", up->name);
diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
deleted file mode 100644
index 02e06315df..0000000000
--- a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/lib/regcomp.c	2020-11-24 17:06:08.159223858 +0000
-+++ b/lib/regcomp.c	2020-11-24 17:06:15.630253923 +0000
-@@ -3808,11 +3808,7 @@
- create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
- 	     re_token_type_t type)
- {
--  re_token_t t;
--#if defined GCC_LINT || defined lint
--  memset (&t, 0, sizeof t);
--#endif
--  t.type = type;
-+  re_token_t t = { .type = type };
-   return create_token_tree (dfa, left, right, &t);
- }
- 
diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
deleted file mode 100644
index db6dac9c9e..0000000000
--- a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
-+++ b/lib/regexec.c	2020-11-05 10:55:09.621542984 +0000
-@@ -1692,6 +1692,9 @@
- {
-   Idx top = mctx->state_log_top;
-
-+  if (mctx->state_log == NULL)
-+    return REG_NOERROR;
-+
-   if ((next_state_log_idx >= mctx->input.bufs_len
-        && mctx->input.bufs_len < mctx->input.len)
-       || (next_state_log_idx >= mctx->input.valid_len
diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
deleted file mode 100644
index 7b4d9f67af..0000000000
--- a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/regcomp.c	2020-10-22 13:49:06.770168928 +0000
-+++ b/lib/regcomp.c	2020-10-22 13:50:37.026528298 +0000
-@@ -3662,7 +3662,7 @@
-   Idx alloc = 0;
- #endif /* not RE_ENABLE_I18N */
-   reg_errcode_t ret;
--  re_token_t br_token;
-+  re_token_t br_token = {0};
-   bin_tree_t *tree;
- 
-   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch
deleted file mode 100644
index ba51f1bf22..0000000000
--- a/grub-core/lib/gnulib-patches/fix-unused-value.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
-+++ b/lib/regexec.c	2020-10-21 14:32:07.961765604 +0000
-@@ -828,7 +828,11 @@
- 		    break;
- 		  if (__glibc_unlikely (err != REG_NOMATCH))
- 		    goto free_return;
-+#ifdef DEBUG
-+		  /* Only used for assertion below when DEBUG is set, otherwise
-+		     it will be over-written when we loop around.  */
- 		  match_last = -1;
-+#endif
- 		}
- 	      else
- 		break; /* We found a match.  */