From 2e4537373dd7ffcbc89691fd69ab432a6bf77dfb Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 3 Nov 2025 07:48:05 +0000 Subject: [PATCH] Revert OL modifications --- SOURCES/20-grub.install | 18 +- ...18504756-use-different-title-for-UEK.patch | 30 --- ...bug26388226-update-redhat-references.patch | 25 --- ...01-net-dns-Fix-removal-of-DNS-server.patch | 47 ----- ...-error-handling-of-recv_hook-functio.patch | 143 -------------- ...gging-messages-in-recv_hook-function.patch | 39 ---- ...ookup-error-when-no-IPv6-is-returned.patch | 100 ---------- ...net-Close-and-reopen-card-on-failure.patch | 185 ------------------ ...inet-Correct-closing-of-SNP-protocol.patch | 109 ----------- SOURCES/grub.macros | 13 +- SOURCES/grub.patches | 8 - SOURCES/sbat.csv.in | 3 +- SPECS/grub2.spec | 77 +++----- 13 files changed, 36 insertions(+), 761 deletions(-) delete mode 100644 SOURCES/bug18504756-use-different-title-for-UEK.patch delete mode 100644 SOURCES/bug26388226-update-redhat-references.patch delete mode 100644 SOURCES/bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch delete mode 100644 SOURCES/bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch delete mode 100644 SOURCES/bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch delete mode 100644 SOURCES/bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch delete mode 100644 SOURCES/bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch delete mode 100644 SOURCES/bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch diff --git a/SOURCES/20-grub.install b/SOURCES/20-grub.install index 67d6895..a3f1b18 100755 --- a/SOURCES/20-grub.install +++ b/SOURCES/20-grub.install @@ -6,7 +6,6 @@ fi [[ -f /etc/default/grub ]] && . /etc/default/grub [[ -f /etc/os-release ]] && . /etc/os-release -[[ -f /etc/sysconfig/kernel ]] && . /etc/sysconfig/kernel COMMAND="$1" KERNEL_VERSION="$2" @@ -42,14 +41,8 @@ mkbls() { fi fi - if [[ $kernelver =~ uek ]]; then - local ver_stanza="$kernelver with Unbreakable Enterprise Kernel" - else - local ver_stanza="$kernelver" - fi - cat < -Date: Tue, 18 Dec 2018 13:22:12 -0800 -Subject: [PATCH 1/1] Use different menuentries for UEK kernel - ---- - util/grub.d/10_linux.in | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index b54d277..fe8b20f 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -173,7 +173,12 @@ EOF - fi - - if [ x$type != xsimple ] ; then -- title=$(mktitle "$type" "$version") -+ if echo "$version" | grep -q uek; then -+ kernel_type_text="with Unbreakable Enterprise Kernel" -+ else -+ kernel_type_text="with Linux" -+ fi -+ title=$(mktitle "$type" "$version $kernel_type_text") - if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then - replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" - quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" --- -1.8.3.1 - diff --git a/SOURCES/bug26388226-update-redhat-references.patch b/SOURCES/bug26388226-update-redhat-references.patch deleted file mode 100644 index 8e90b0b..0000000 --- a/SOURCES/bug26388226-update-redhat-references.patch +++ /dev/null @@ -1,25 +0,0 @@ -From aba9976ce324fdf845b04b326f7426566a676335 Mon Sep 17 00:00:00 2001 -From: "livy.ge" -Date: Wed, 5 Jul 2017 03:53:48 -0700 -Subject: [PATCH] update bug url - ---- - util/grub-set-password.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub-set-password.in b/util/grub-set-password.in -index 6553eaa..03731d5 100644 ---- a/util/grub-set-password.in -+++ b/util/grub-set-password.in -@@ -21,7 +21,7 @@ located by default at ${grubdir}. - -v, --version print the version information and exit - -o, --output_path put user.cfg in a user-selected directory - --Report bugs at https://bugzilla.redhat.com. -+Report bugs at https://github.com/oracle/oracle-linux . - EOF - } - --- -2.43.5 - diff --git a/SOURCES/bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch b/SOURCES/bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch deleted file mode 100644 index 07577e9..0000000 --- a/SOURCES/bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 88d7b6dcb0b3a08776377f9150bb555c6677b7d4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Fri, 28 Apr 2023 13:05:37 +0200 -Subject: [PATCH] net/dns: Fix removal of DNS server -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When deleting the DNS server, we get the following error message: --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- -grub> net_del_dns 192.168.122.1 -error: ../../grub-core/net/dns.c:646:no DNS reply received. --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- - -This happens because the implementation is broken, it does a "add" -internally instead of a "delete". - -Signed-off-by: Renaud Métrich -Reviewed-by: Daniel Kiper ---- - grub-core/net/dns.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 17961a9..e9edf5d 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -765,11 +765,14 @@ grub_cmd_del_dns (struct grub_command *cmd __attribute__ ((unused)), - - if (argc != 1) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); -- err = grub_net_resolve_address (args[1], &server); -+ -+ err = grub_net_resolve_address (args[0], &server); - if (err) - return err; - -- return grub_net_add_dns_server (&server); -+ grub_net_remove_dns_server (&server); -+ -+ return GRUB_ERR_NONE; - } - - static grub_command_t cmd, cmd_add, cmd_del, cmd_list; --- -2.43.5 - diff --git a/SOURCES/bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch b/SOURCES/bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch deleted file mode 100644 index 2bb05ee..0000000 --- a/SOURCES/bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 47a171178809d67996a5dc470622ab6d3760cfa6 Mon Sep 17 00:00:00 2001 -From: Fedora Ninjas -Date: Tue, 28 Jan 2025 15:27:16 +0000 -Subject: [PATCH 1/3] net/dns: Simplify error handling of recv_hook() function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich -Reviewed-by: Daniel Kiper - -Orabug: 37539625 -Modified-by: Alex Burmashev -Signed-off-by: Alex Burmashev ---- - grub-core/net/dns.c | 51 +++++++++++++++------------------------------ - 1 file changed, 17 insertions(+), 34 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index e9edf5d..8ba4e54 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -262,42 +262,27 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - We may get multiple responses due to network condition, so check here - and quit early. */ - if (*data->addresses) -- { -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -- } -+ goto out; - - head = (struct dns_header *) nb->data; - ptr = (grub_uint8_t *) (head + 1); - if (ptr >= nb->tail) -- { -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -- } -- -+ goto out; -+ - if (head->id != data->id) -- { -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -- } -+ goto out; - if (!(head->flags & FLAGS_RESPONSE) || (head->flags & FLAGS_OPCODE)) -- { -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -- } -+ goto out; - if (head->ra_z_r_code & ERRCODE_MASK) - { - data->dns_err = 1; -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -+ goto out; - } -+ - for (i = 0; i < grub_be_to_cpu16 (head->qdcount); i++) - { - if (ptr >= nb->tail) -- { -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -- } -+ goto out; - while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0)) - ptr += *ptr + 1; - if (ptr < nb->tail && (*ptr & 0xc0)) -@@ -310,8 +295,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - if (!*data->addresses) - { - grub_errno = GRUB_ERR_NONE; -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -+ goto out; - } - reparse_ptr = ptr; - reparse: -@@ -325,7 +309,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - { - if (!*data->naddresses) - grub_free (*data->addresses); -- return GRUB_ERR_NONE; -+ goto out; - } - ignored = !check_name (ptr, nb->data, nb->tail, data->name); - while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0)) -@@ -337,8 +321,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - { - if (!*data->naddresses) - grub_free (*data->addresses); -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -+ goto out; - } - if (*ptr++ != 0) - ignored = 1; -@@ -358,8 +341,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - { - if (!*data->naddresses) - grub_free (*data->addresses); -- grub_netbuff_free (nb); -- return GRUB_ERR_NONE; -+ goto out; - } - if (!ignored) - { -@@ -400,15 +382,14 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - if (!data->name) - { - data->dns_err = 1; -- grub_errno = 0; -- return GRUB_ERR_NONE; -+ grub_errno = GRUB_ERR_NONE; -+ goto out; - } - grub_dprintf ("dns", "CNAME %s\n", data->name); - if (grub_strcmp (redirect_save, data->name) == 0) - { - data->dns_err = 1; -- grub_free (redirect_save); -- return GRUB_ERR_NONE; -+ goto out; - } - goto reparse; - } -@@ -440,6 +421,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - *data->naddresses - * sizeof (dns_cache[h].addresses[0])); - } -+ -+ out: - grub_netbuff_free (nb); - grub_free (redirect_save); - return GRUB_ERR_NONE; --- -2.43.5 - diff --git a/SOURCES/bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch b/SOURCES/bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch deleted file mode 100644 index 0b69ea4..0000000 --- a/SOURCES/bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch +++ /dev/null @@ -1,39 +0,0 @@ -From fef2ea032f8c552f4723e617f1abea4e27f5b02a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Wed, 3 May 2023 12:21:30 +0200 -Subject: [PATCH 2/3] net/dns: Add debugging messages in recv_hook() function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich -Reviewed-by: Daniel Kiper ---- - grub-core/net/dns.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 8ba4e54..6bb237d 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -356,6 +356,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; - grub_memcpy (&(*data->addresses)[*data->naddresses].ipv4, - ptr, 4); -+ grub_dprintf ("dns", "got A 0x%x\n", (*data->addresses)[*data->naddresses].ipv4); - (*data->naddresses)++; - data->stop = 1; - break; -@@ -366,6 +367,9 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; - grub_memcpy (&(*data->addresses)[*data->naddresses].ipv6, - ptr, 16); -+ grub_dprintf ("dns", "got AAAA 0x%" PRIxGRUB_UINT64_T "%" PRIxGRUB_UINT64_T "\n", -+ (*data->addresses)[*data->naddresses].ipv6[0], -+ (*data->addresses)[*data->naddresses].ipv6[1]); - (*data->naddresses)++; - data->stop = 1; - break; --- -2.43.5 - diff --git a/SOURCES/bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch b/SOURCES/bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch deleted file mode 100644 index 6920e4e..0000000 --- a/SOURCES/bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0f996f5ac661098fc12b8458de0f8fd3f038ddea Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Wed, 3 May 2023 12:21:31 +0200 -Subject: [PATCH 3/3] net/dns: Fix lookup error when no IPv6 is returned -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When trying to resolve DNS names into IP addresses, the DNS code fails -from time to time with the following error: --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- -error: ../../grub-core/net/dns.c:688:no DNS record found. --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- - -This happens when both IPv4 and IPv6 queries are performed against the -DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as -shown below: --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- -grub> net_del_dns 192.168.122.1 -grub> net_add_dns 8.8.8.8 -grub> net_nslookup ipv4.test-ipv6.com -error: ../../grub-core/net/dns.c:688:no DNS record found. -grub> net_nslookup ipv4.test-ipv6.com -216.218.228.115 --------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- - -The root cause is the code exiting prematurely when the data->addresses -buffer has been allocated in recv_hook(), even if there was no address -returned last time recv_hook() executed. - -Signed-off-by: Renaud Métrich -Reviewed-by: Daniel Kiper ---- - grub-core/net/dns.c | 22 ++++++---------------- - 1 file changed, 6 insertions(+), 16 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 6bb237d..01f3804 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -261,7 +261,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - /* Code apparently assumed that only one packet is received as response. - We may get multiple responses due to network condition, so check here - and quit early. */ -- if (*data->addresses) -+ if (*data->naddresses) - goto out; - - head = (struct dns_header *) nb->data; -@@ -306,11 +306,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - grub_uint32_t ttl = 0; - grub_uint16_t length; - if (ptr >= nb->tail) -- { -- if (!*data->naddresses) -- grub_free (*data->addresses); -- goto out; -- } -+ goto out; - ignored = !check_name (ptr, nb->data, nb->tail, data->name); - while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0)) - ptr += *ptr + 1; -@@ -318,11 +314,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - ptr++; - ptr++; - if (ptr + 10 >= nb->tail) -- { -- if (!*data->naddresses) -- grub_free (*data->addresses); -- goto out; -- } -+ goto out; - if (*ptr++ != 0) - ignored = 1; - class = *ptr++; -@@ -338,11 +330,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - length = *ptr++ << 8; - length |= *ptr++; - if (ptr + length > nb->tail) -- { -- if (!*data->naddresses) -- grub_free (*data->addresses); -- goto out; -- } -+ goto out; - if (!ignored) - { - if (ttl_all > ttl) -@@ -429,6 +417,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - out: - grub_netbuff_free (nb); - grub_free (redirect_save); -+ if (!*data->naddresses) -+ grub_free (*data->addresses); - return GRUB_ERR_NONE; - } - --- -2.43.5 - diff --git a/SOURCES/bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch b/SOURCES/bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch deleted file mode 100644 index 4a2d706..0000000 --- a/SOURCES/bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 9f0274170a9aa123f12b995fbe613051439c8a03 Mon Sep 17 00:00:00 2001 -From: Fedora Ninjas -Date: Tue, 25 Mar 2025 17:31:59 +0000 -Subject: [PATCH 1/2] efinet: Close and reopen card on failure - -There are some known bugs with network adapter firmware implementations, -that may lead to intermittent problem of network adapter link being down, despite network -being set up. -Ultimate fix of this issue should be done on firmware side, but as for now we try to close -and reopen network adapter and retransmit packet in case we see failures. - -Without this fix certain amount of PXE boots fails with inability to transmit packet, with this fix, -such failures are not seen. - -Orabug: 35126950 -Orabug: 37747175 -Signed-off-by: Alex Burmashev ---- - grub-core/net/drivers/efi/efinet.c | 143 +++++++++++++++++------------ - 1 file changed, 82 insertions(+), 61 deletions(-) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 1a24f38..a8a1bfa 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -37,67 +37,6 @@ static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; - static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; - static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; - --static grub_err_t --send_card_buffer (struct grub_net_card *dev, -- struct grub_net_buff *pack) --{ -- grub_efi_status_t st; -- grub_efi_simple_network_t *net = dev->efi_net; -- grub_uint64_t limit_time = grub_get_time_ms () + 4000; -- void *txbuf; -- -- if (dev->txbusy) -- while (1) -- { -- txbuf = NULL; -- st = efi_call_3 (net->get_status, net, 0, &txbuf); -- if (st != GRUB_EFI_SUCCESS) -- return grub_error (GRUB_ERR_IO, -- N_("couldn't send network packet")); -- /* -- Some buggy firmware could return an arbitrary address instead of the -- txbuf address we trasmitted, so just check that txbuf is non NULL -- for success. This is ok because we open the SNP protocol in -- exclusive mode so we know we're the only ones transmitting on this -- box and since we only transmit one packet at a time we know our -- transmit was successfull. -- */ -- if (txbuf) -- { -- dev->txbusy = 0; -- break; -- } -- if (limit_time < grub_get_time_ms ()) -- return grub_error (GRUB_ERR_TIMEOUT, -- N_("couldn't send network packet")); -- } -- -- dev->last_pkt_size = (pack->tail - pack->data); -- if (dev->last_pkt_size > dev->mtu) -- dev->last_pkt_size = dev->mtu; -- -- grub_memcpy (dev->txbuf, pack->data, dev->last_pkt_size); -- -- st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size, -- dev->txbuf, NULL, NULL, NULL); -- if (st != GRUB_EFI_SUCCESS) -- return grub_error (GRUB_ERR_IO, N_("couldn't send network packet")); -- -- /* -- The card may have sent out the packet immediately - set txbusy -- to 0 in this case. -- Cases were observed where checking txbuf at the next call -- of send_card_buffer() is too late: 0 is returned in txbuf and -- we run in the GRUB_ERR_TIMEOUT case above. -- Perhaps a timeout in the FW has discarded the recycle buffer. -- */ -- txbuf = NULL; -- st = efi_call_3 (net->get_status, net, 0, &txbuf); -- dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf); -- -- return GRUB_ERR_NONE; --} -- - static struct grub_net_buff * - get_card_packet (struct grub_net_card *dev) - { -@@ -219,6 +158,88 @@ close_card (struct grub_net_card *dev) - grub_efi_image_handle, dev->efi_handle); - } - -+static grub_err_t -+send_card_buffer (struct grub_net_card *dev, -+ struct grub_net_buff *pack) -+{ -+ grub_efi_status_t st; -+ grub_efi_simple_network_t *net = dev->efi_net; -+ grub_uint64_t limit_time = grub_get_time_ms () + 4000; -+ void *txbuf; -+ grub_err_t ret; -+ int retry = 0; -+ -+ if (dev->txbusy) -+ while (1) -+ { -+ txbuf = NULL; -+ st = efi_call_3 (net->get_status, net, 0, &txbuf); -+ if (st != GRUB_EFI_SUCCESS) -+ return grub_error (GRUB_ERR_IO, -+ N_("couldn't send network packet")); -+ /* -+ Some buggy firmware could return an arbitrary address instead of the -+ txbuf address we trasmitted, so just check that txbuf is non NULL -+ for success. This is ok because we open the SNP protocol in -+ exclusive mode so we know we're the only ones transmitting on this -+ box and since we only transmit one packet at a time we know our -+ transmit was successfull. -+ */ -+ if (txbuf) -+ { -+ dev->txbusy = 0; -+ break; -+ } -+ if (limit_time < grub_get_time_ms ()) -+ { -+ if (!retry) -+ { -+ close_card (dev); -+ grub_millisleep (100); -+ ret = open_card (dev); -+ if (ret != GRUB_ERR_NONE) -+ return grub_error (GRUB_ERR_IO, -+ N_("couldn't open card")); -+ st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size, -+ dev->txbuf, NULL, NULL, NULL); -+ if (st != GRUB_EFI_SUCCESS) -+ return grub_error (GRUB_ERR_IO, -+ N_("couldn't send network packet")); -+ retry = 1; -+ grub_uint64_t limit_time = grub_get_time_ms () + 10000; -+ break; -+ } -+ return grub_error (GRUB_ERR_TIMEOUT, -+ N_("couldn't send network packet")); -+ } -+ } -+ -+ dev->last_pkt_size = (pack->tail - pack->data); -+ if (dev->last_pkt_size > dev->mtu) -+ dev->last_pkt_size = dev->mtu; -+ -+ grub_memcpy (dev->txbuf, pack->data, dev->last_pkt_size); -+ -+ st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size, -+ dev->txbuf, NULL, NULL, NULL); -+ if (st != GRUB_EFI_SUCCESS) -+ return grub_error (GRUB_ERR_IO, N_("couldn't send network packet")); -+ -+ /* -+ The card may have sent out the packet immediately - set txbusy -+ to 0 in this case. -+ Cases were observed where checking txbuf at the next call -+ of send_card_buffer() is too late: 0 is returned in txbuf and -+ we run in the GRUB_ERR_TIMEOUT case above. -+ Perhaps a timeout in the FW has discarded the recycle buffer. -+ */ -+ txbuf = NULL; -+ st = efi_call_3 (net->get_status, net, 0, &txbuf); -+ dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf); -+ -+ return GRUB_ERR_NONE; -+} -+ - static struct grub_net_card_driver efidriver = - { - .name = "efinet", --- -2.43.5 - diff --git a/SOURCES/bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch b/SOURCES/bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch deleted file mode 100644 index 7c67025..0000000 --- a/SOURCES/bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch +++ /dev/null @@ -1,109 +0,0 @@ -From a6e7b87e0c7c721a35016d7a1136b3c53cc8f981 Mon Sep 17 00:00:00 2001 -From: Fedora Ninjas -Date: Tue, 25 Mar 2025 18:43:28 +0000 -Subject: [PATCH 2/2] efinet: Correct closing of SNP protocol - - In the context of the implementation of the EFI_LOAD_FILE2_PROTOCOL for the initial ramdisk it - was observed that opening the SNP protocol failed. - https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00020.html This is - due to an incorrect call to CloseProtocol(). - -The first parameter of CloseProtocol() is the handle, not the interface. - -We call OpenProtocol() with ControllerHandle == NULL. Hence we must also -call CloseProtcol() with ControllerHandel == NULL. - -Each call of OpenProtocol() for the same network card handle is expected to -return the same interface pointer. If we want to close the protocol which -we opened non-exclusively when searching for a card, we have to do this -before opening the protocol exclusively. - -As there is no guarantee that we successfully open the protocol add checks -in the transmit and receive functions. - -Reported-by: Andreas Schwab -Signed-off-by: Heinrich Schuchardt -Reviewed-by: Daniel Kiper -Orabug: 34195100 -Orabug: 37747175 -Signed-off-by: Alex Burmashev ---- - grub-core/net/drivers/efi/efinet.c | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index a8a1bfa..c1759cd 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -47,6 +47,9 @@ get_card_packet (struct grub_net_card *dev) - struct grub_net_buff *nb; - int i; - -+ if (net == NULL) -+ return NULL; -+ - for (i = 0; i < 2; i++) - { - if (!dev->rcvbuf) -@@ -94,12 +97,19 @@ open_card (struct grub_net_card *dev) - { - grub_efi_simple_network_t *net; - -+ if (dev->efi_net != NULL) -+ { -+ efi_call_4 (grub_efi_system_table->boot_services->close_protocol, -+ dev->efi_handle, &net_io_guid, -+ grub_efi_image_handle, NULL); -+ dev->efi_net = NULL; -+ } - /* Try to reopen SNP exlusively to close any active MNP protocol instance - that may compete for packet polling - */ - net = grub_efi_open_protocol (dev->efi_handle, &net_io_guid, - GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); -- if (net) -+ if (net != NULL) - { - if (net->mode->state == GRUB_EFI_NETWORK_STOPPED - && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) -@@ -138,13 +148,12 @@ open_card (struct grub_net_card *dev) - efi_call_6 (net->receive_filters, net, filters, 0, 0, 0, NULL); - } - -- efi_call_4 (grub_efi_system_table->boot_services->close_protocol, -- dev->efi_net, &net_io_guid, -- grub_efi_image_handle, dev->efi_handle); - dev->efi_net = net; -+ } else { -+ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: can't open protocol", -+ dev->name); - } - -- /* If it failed we just try to run as best as we can */ - return GRUB_ERR_NONE; - } - -@@ -154,8 +163,8 @@ close_card (struct grub_net_card *dev) - efi_call_1 (dev->efi_net->shutdown, dev->efi_net); - efi_call_1 (dev->efi_net->stop, dev->efi_net); - efi_call_4 (grub_efi_system_table->boot_services->close_protocol, -- dev->efi_net, &net_io_guid, -- grub_efi_image_handle, dev->efi_handle); -+ dev->efi_handle, &net_io_guid, -+ grub_efi_image_handle, 0); - } - - static grub_err_t -@@ -169,6 +178,9 @@ send_card_buffer (struct grub_net_card *dev, - grub_err_t ret; - int retry = 0; - -+ if (net == NULL) -+ return grub_error (GRUB_ERR_IO, -+ N_("network protocol not available, can't send packet")); - if (dev->txbusy) - while (1) - { --- -2.43.5 - diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 71e2fdb..966c079 100755 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -216,7 +216,7 @@ %ifarch x86_64 %global with_efi_common 1 -%global with_legacy_modules 1 +%global with_legacy_modules 0 %global with_legacy_common 0 %else %global with_efi_common 0 @@ -274,13 +274,6 @@ Requires: %{name}-common = %{evr} \ Requires: %{name}-tools-minimal >= %{evr} \ Requires: %{name}-tools = %{evr} \ Provides: %{name}-efi = %{evr} \ -Provides: oracle(grub2-sig-key) = 202502 \ -%{expand:%%ifarch x86_64 \ -Conflicts: shim-x64 < 15.8-1.0.4 \ -%%endif} \ -%{expand:%%ifarch aarch64 \ -Conflicts: shim-aa64 < 15.8-1.0.4 \ -%%endif} \ %{?legacy_provides:Provides: %{name} = %{evr}} \ %{-o:Obsoletes: %{name}-efi < %{evr}} \ \ @@ -379,7 +372,7 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \ rm -f %{1}.conf \ %{nil} -%global grub_modules " all_video boot blscfg btrfs \\\ +%global grub_modules " all_video boot blscfg \\\ cat configfile cryptodisk \\\ echo ext2 f2fs fat font \\\ gcry_rijndael gcry_rsa gcry_serpent \\\ @@ -394,7 +387,7 @@ rm -f %{1}.conf \ search_label serial sleep syslinuxcfg \\\ test tftp version video xfs zstd " \ -%ifarch x86_64 aarch64 %{arm} +%ifarch x86_64 aarch64 %{arm} riscv64 %define efi_mkimage() \ %{4}./grub-mkimage -O %{1} -o %{2}.orig \\\ -p /EFI/%{efi_vendor} -d grub-core \\\ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 4703062..e365919 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -463,11 +463,3 @@ Patch0463: 0463-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch Patch0464: 0464-fs-xfs-fix-large-extent-counters-incompat-feature-su.patch Patch0465: 0465-10_linux.in-escape-kernel-option-characters-properly.patch Patch0466: 0466-blscfg-check-if-variable-is-escaped-before-consideri.patch -Patch1000: bug18504756-use-different-title-for-UEK.patch -Patch1001: bug26388226-update-redhat-references.patch -Patch1002: bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch -Patch1003: bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch -Patch1004: bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch -Patch1005: bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch -Patch1006: bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch -Patch1007: bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch \ No newline at end of file diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in index 0ed2d67..b338b5f 100755 --- a/SOURCES/sbat.csv.in +++ b/SOURCES/sbat.csv.in @@ -1,4 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -grub,3,Free Software Foundation,grub,@@VERSION@@,https://www.gnu.org/software/grub/ +grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com -grub.ol9,3,Oracle Linux,grub2,@@VERSION@@,mail:secalert_us@oracle.com diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 183c076..4093823 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -16,7 +16,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 105.0.1%{?dist} +Release: 105%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -38,21 +38,21 @@ Source12: sbat.csv.in %include %{SOURCE1} %ifarch x86_64 aarch64 ppc64le -%define sb_ca %{SOURCE14} -%define sb_cer %{SOURCE14} +%define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer +%define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer %endif %if 0%{?centos} %ifarch x86_64 aarch64 ppc64le -%define sb_key OracleLinuxSecureBootKey1 +%define sb_key centossecureboot202 %endif %else %ifarch x86_64 aarch64 -%define sb_key OracleLinuxSecureBootKey1 +%define sb_key redhatsecureboot502 %endif %ifarch ppc64le -%define sb_key OracleLinuxSecureBootKey1 +%define sb_key redhatsecureboot702 %endif %endif @@ -547,66 +547,39 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog -* Fri Oct 31 2025 Alex Burmashev - 2.06-105.0.1 -- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761] -- Fix typo in SBAT metadata [Orabug: 37693946] -- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946] -- net/dns: Fix removal of DNS server [Orabug: 37539625] -- net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625] -- net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625] -- net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625] -- efinet: close and reopen network card on failure [Orabug: 35126950], [Orabug: 37747175] -- efinet: Correct closing of SNP protocol [Orabug: 35126950], [Orabug: 37747175] -- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566] -- Restore correct order of processing config files [Orabug: 36758359] -- Support setting custom kernels as default kernels [Orabug: 36043978] -- Bump SBAT metadata for grub to 3 [Orabug: 34872719] -- Fix CVE-2022-3775 [Orabug: 34871953] -- Enable signing for aarch64 EFI -- Fix signing certificate names -- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] -- Replaced bugzilla.oracle.com references [Orabug: 34202300] -- Update provided certificate version to 202204 [JIRA: OLDIS-16371] -- Various coverity fixes [JIRA: OLDIS-16371] -- bump SBAT generation -- Update bug url [Orabug: 34202300] -- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] -- Update signing certificate [JIRA: OLDIS-16371] -- fix SBAT data [JIRA: OLDIS-16371] -- Update requires [JIRA: OLDIS-16371] -- Rebuild for SecureBoot signatures [Orabug: 33801813] -- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] -- Update Oracle SBAT data [Orabug: 32670033] -- Use new signing certificate [Orabug: 32670033] -- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] -- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] -- Update upstream references [Orabug: 26388226] -- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] -- Put "with" in menuentry instead of "using" [Orabug: 18504756] -- Use different titles for UEK and RHCK kernels [Orabug: 18504756] - * Wed Sep 03 2025 Leo Sandoval 2.06-105 - Handle special kernel parameter characters properly - Resolves: #RHEL-111748 -* Thu Apr 3 2025 Nicolas Frayer 2.06-104 +* Fri Apr 4 2025 Nicolas Frayer 2.06-104 +- Bump NVR to sign the build +- Related: #RHEL-85961 + +* Tue Apr 1 2025 Nicolas Frayer 2.06-103 - fs/xfs: Sync with latest xfs upstream -- Resolves: #RHEL-85960 -- (NVR bump to catch up with zstream) +- Resolves: #RHEL-85961 -* Tue Mar 25 2025 Nicolas Frayer 2.06-100 +* Tue Mar 25 2025 Nicolas Frayer 2.06-102 - ieee1275/ofnet: Fix grub_malloc() removed after added safe -- Resolves: #RHEL-83117 +- Related: #RHEL-79846 -* Mon Mar 17 2025 Nicolas Frayer 2.06-99 +* Mon Mar 17 2025 Nicolas Frayer 2.06-101 - Added the following 2 commits to optimize memory consumption - tpm: Disable the tpm verifier if the TPM device is not present - powerpc: increase MIN RMA size for CAS negotiation - Resolves: #RHEL-76558 -* Mon Mar 10 2025 Leo Sandoval 2.06-98 +* Wed Mar 12 2025 Nicolas Frayer 2.06-100 +- Bump release for correct build tag +- Related: RHEL-79857 + +* Mon Mar 10 2025 Leo Sandoval 2.06-99 - Remove 'fs/ntfs: Implement attribute verification' patch -- Related: RHEL-83117 +- Related: RHEL-79857 + +* Fri Mar 7 2025 Nicolas Frayer - 2.06-98 +- Bump release for tagging +- Related: #RHEL-79846 * Wed Feb 26 2025 Nicolas Frayer - 2.06-97 - fs/ext2: Rework out-of-bounds read for inline and external extents