rpms/grub2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import OL grub2-2.06-105.0.1.el9_6

Browse Source
This commit is contained in:
eabdullin 2025-11-03 06:48:03 +00:00
parent 207ae4eba5
commit b93c7a62d3
15 changed files with 830 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/0465-10_linux.in-escape-kernel-option-characters-properly.patch Normal file
View File

@ -0,0 +1,45 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Wed, 7 May 2025 13:23:37 -0600
Subject: [PATCH] 10_linux.in: escape kernel option characters properly
This handles cases where kernel options, specifically the values,
contain special characters, in this case ';', '&' and '$'.
For example, the user defines the following GRUB_CMDLINE_LINUX on the
default grub file /etc/default/grub, note the dolar sign on the 'memmap'
option
GRUB_CMDLINE_LINUX="console=ttyS0 memmap=32g\\\$0x2000000000"
then regenerating the grub cfg and BLS options line with the
grub2-mkconfig command, resulting into
options root=UUID=6baedf23-2510-499a-815d-48b58cf6e619 ro
rootflags=subvol=root console=ttyS0 memmap=32g\$0x2000000000
without this patch, we would end up with
options root=UUID=6baedf23-2510-499a-815d-48b58cf6e619 ro
rootflags=subvol=root console=ttyS0 memmap=32g$0x2000000000
Note the missing '\' which is required to escape the '$', otherwise
it would be consider a variable by blscfg parser which is not the case.
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
util/grub.d/10_linux.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index fafdfbc4d3..4276d5e240 100755
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -180,6 +180,7 @@ update_bls_cmdline()
options="$(echo "${options}" | sed -e 's/\//\\\//g')"
options="$(echo "${options}" | sed -e 's/\;/\\\;/g')"
options="$(echo "${options}" | sed -e 's/\\&/\\\\&/g')"
+ options="$(echo "${options}" | sed -e 's/\$/\\\$/g')"
sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf"
done
}

26
SOURCES/0466-blscfg-check-if-variable-is-escaped-before-consideri.patch Normal file
View File

@ -0,0 +1,26 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Wed, 7 May 2025 13:49:47 -0600
Subject: [PATCH] blscfg: check if variable is escaped before considering one
Otherwise escaped variables are considered real variables.
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
grub-core/commands/blscfg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 6e398fc175..5d931b0c9b 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -695,7 +695,8 @@ static char *expand_val(const char *value)
return NULL;
while (*value) {
- if (*value == '$') {
+ /* It's a variable only when *value is '$' and it is not escaped with '\'*/
+ if (*value == '$' && *end != '\\') {
if (start != end) {
buffer = field_append(is_var, buffer, start, end);
if (!buffer)

18
SOURCES/20-grub.install
View File

@ -6,6 +6,7 @@ fi
[[ -f /etc/default/grub ]] && . /etc/default/grub
[[ -f /etc/os-release ]] && . /etc/os-release
[[ -f /etc/sysconfig/kernel ]] && . /etc/sysconfig/kernel
COMMAND="$1"
KERNEL_VERSION="$2"
@ -41,8 +42,14 @@ mkbls() {
fi
fi
if [[ $kernelver =~ uek ]]; then
local ver_stanza="$kernelver with Unbreakable Enterprise Kernel"
else
local ver_stanza="$kernelver"
fi
cat <<EOF
title ${NAME} (${kernelver}) ${VERSION}${debugname}
title ${NAME} (${ver_stanza}) ${VERSION}${debugname}
version ${kernelver}${debugid}
linux /vmlinuz-${kernelver}
initrd /initramfs-${kernelver}.img
@ -104,6 +111,7 @@ case "$COMMAND" in
done
fi
KERNEL_NAME="$(rpm -q --queryformat %{NAME} $(rpm -qf $KERNEL_IMAGE))"
eval "$(grub2-get-kernel-settings)" || true
[[ -d "$BLS_DIR" ]] || mkdir -m 0700 -p "$BLS_DIR"
BLS_ID="${MACHINE_ID}-${KERNEL_VERSION}"
@ -129,11 +137,7 @@ case "$COMMAND" in
sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}"
fi
if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \
[ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \
( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \
[ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \
( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then
if [[ "$KERNEL_VERSION" == *\+* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then
GRUB_UPDATE_DEFAULT_KERNEL=false
fi
@ -152,7 +156,7 @@ case "$COMMAND" in
NEWDEFAULT="${BLS_DEBUG_ID}"
fi
fi
if [ -n "$NEWDEFAULT" ]; then
if [ -n "$NEWDEFAULT" ] && [ "$DEFAULTKERNEL" = "$KERNEL_NAME" ]; then
grub2-editenv - set "saved_entry=${NEWDEFAULT}"
fi

30
SOURCES/bug18504756-use-different-title-for-UEK.patch Normal file
View File

@ -0,0 +1,30 @@
From fd04ca689f52d8bbef13413b4d285c9ba4d0f038 Mon Sep 17 00:00:00 2001
From: build team <natalya.naumova@oracle.com>
Date: Tue, 18 Dec 2018 13:22:12 -0800
Subject: [PATCH 1/1] Use different menuentries for UEK kernel
---
util/grub.d/10_linux.in | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index b54d277..fe8b20f 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -173,7 +173,12 @@ EOF
fi
if [ x$type != xsimple ] ; then
- title=$(mktitle "$type" "$version")
+ if echo "$version" | grep -q uek; then
+ kernel_type_text="with Unbreakable Enterprise Kernel"
+ else
+ kernel_type_text="with Linux"
+ fi
+ title=$(mktitle "$type" "$version $kernel_type_text")
if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
--
1.8.3.1

25
SOURCES/bug26388226-update-redhat-references.patch Normal file
View File

@ -0,0 +1,25 @@
From aba9976ce324fdf845b04b326f7426566a676335 Mon Sep 17 00:00:00 2001
From: "livy.ge" <livy.ge@oracle.com>
Date: Wed, 5 Jul 2017 03:53:48 -0700
Subject: [PATCH] update bug url
---
util/grub-set-password.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-set-password.in b/util/grub-set-password.in
index 6553eaa..03731d5 100644
--- a/util/grub-set-password.in
+++ b/util/grub-set-password.in
@@ -21,7 +21,7 @@ located by default at ${grubdir}.
-v, --version print the version information and exit
-o, --output_path <DIRECTORY> put user.cfg in a user-selected directory
-Report bugs at https://bugzilla.redhat.com.
+Report bugs at https://github.com/oracle/oracle-linux .
EOF
}
--
2.43.5

47
SOURCES/bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch Normal file
View File

@ -0,0 +1,47 @@
From 88d7b6dcb0b3a08776377f9150bb555c6677b7d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Fri, 28 Apr 2023 13:05:37 +0200
Subject: [PATCH] net/dns: Fix removal of DNS server
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When deleting the DNS server, we get the following error message:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
error: ../../grub-core/net/dns.c:646:no DNS reply received.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens because the implementation is broken, it does a "add"
internally instead of a "delete".
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/dns.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index 17961a9..e9edf5d 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -765,11 +765,14 @@ grub_cmd_del_dns (struct grub_command *cmd __attribute__ ((unused)),
if (argc != 1)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
- err = grub_net_resolve_address (args[1], &server);
+
+ err = grub_net_resolve_address (args[0], &server);
if (err)
return err;
- return grub_net_add_dns_server (&server);
+ grub_net_remove_dns_server (&server);
+
+ return GRUB_ERR_NONE;
}
static grub_command_t cmd, cmd_add, cmd_del, cmd_list;
--
2.43.5

143
SOURCES/bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch Normal file
View File

@ -0,0 +1,143 @@
From 47a171178809d67996a5dc470622ab6d3760cfa6 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 28 Jan 2025 15:27:16 +0000
Subject: [PATCH 1/3] net/dns: Simplify error handling of recv_hook() function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Orabug: 37539625
Modified-by: Alex Burmashev <alexander.burmashev@oracle.com>
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
---
grub-core/net/dns.c | 51 +++++++++++++++------------------------------
1 file changed, 17 insertions(+), 34 deletions(-)
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index e9edf5d..8ba4e54 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -262,42 +262,27 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
We may get multiple responses due to network condition, so check here
and quit early. */
if (*data->addresses)
- {
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
- }
+ goto out;
head = (struct dns_header *) nb->data;
ptr = (grub_uint8_t *) (head + 1);
if (ptr >= nb->tail)
- {
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
- }
-
+ goto out;
+
if (head->id != data->id)
- {
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
- }
+ goto out;
if (!(head->flags & FLAGS_RESPONSE) || (head->flags & FLAGS_OPCODE))
- {
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
- }
+ goto out;
if (head->ra_z_r_code & ERRCODE_MASK)
{
data->dns_err = 1;
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
+ goto out;
}
+
for (i = 0; i < grub_be_to_cpu16 (head->qdcount); i++)
{
if (ptr >= nb->tail)
- {
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
- }
+ goto out;
while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
ptr += *ptr + 1;
if (ptr < nb->tail && (*ptr & 0xc0))
@@ -310,8 +295,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
if (!*data->addresses)
{
grub_errno = GRUB_ERR_NONE;
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
+ goto out;
}
reparse_ptr = ptr;
reparse:
@@ -325,7 +309,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
{
if (!*data->naddresses)
grub_free (*data->addresses);
- return GRUB_ERR_NONE;
+ goto out;
}
ignored = !check_name (ptr, nb->data, nb->tail, data->name);
while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
@@ -337,8 +321,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
{
if (!*data->naddresses)
grub_free (*data->addresses);
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
+ goto out;
}
if (*ptr++ != 0)
ignored = 1;
@@ -358,8 +341,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
{
if (!*data->naddresses)
grub_free (*data->addresses);
- grub_netbuff_free (nb);
- return GRUB_ERR_NONE;
+ goto out;
}
if (!ignored)
{
@@ -400,15 +382,14 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
if (!data->name)
{
data->dns_err = 1;
- grub_errno = 0;
- return GRUB_ERR_NONE;
+ grub_errno = GRUB_ERR_NONE;
+ goto out;
}
grub_dprintf ("dns", "CNAME %s\n", data->name);
if (grub_strcmp (redirect_save, data->name) == 0)
{
data->dns_err = 1;
- grub_free (redirect_save);
- return GRUB_ERR_NONE;
+ goto out;
}
goto reparse;
}
@@ -440,6 +421,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
*data->naddresses
* sizeof (dns_cache[h].addresses[0]));
}
+
+ out:
grub_netbuff_free (nb);
grub_free (redirect_save);
return GRUB_ERR_NONE;
--
2.43.5

39
SOURCES/bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch Normal file
View File

@ -0,0 +1,39 @@
From fef2ea032f8c552f4723e617f1abea4e27f5b02a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Wed, 3 May 2023 12:21:30 +0200
Subject: [PATCH 2/3] net/dns: Add debugging messages in recv_hook() function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/dns.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index 8ba4e54..6bb237d 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -356,6 +356,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
= GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4;
grub_memcpy (&(*data->addresses)[*data->naddresses].ipv4,
ptr, 4);
+ grub_dprintf ("dns", "got A 0x%x\n", (*data->addresses)[*data->naddresses].ipv4);
(*data->naddresses)++;
data->stop = 1;
break;
@@ -366,6 +367,9 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
= GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6;
grub_memcpy (&(*data->addresses)[*data->naddresses].ipv6,
ptr, 16);
+ grub_dprintf ("dns", "got AAAA 0x%" PRIxGRUB_UINT64_T "%" PRIxGRUB_UINT64_T "\n",
+ (*data->addresses)[*data->naddresses].ipv6[0],
+ (*data->addresses)[*data->naddresses].ipv6[1]);
(*data->naddresses)++;
data->stop = 1;
break;
--
2.43.5

100
SOURCES/bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch Normal file
View File

@ -0,0 +1,100 @@
From 0f996f5ac661098fc12b8458de0f8fd3f038ddea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Wed, 3 May 2023 12:21:31 +0200
Subject: [PATCH 3/3] net/dns: Fix lookup error when no IPv6 is returned
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When trying to resolve DNS names into IP addresses, the DNS code fails
from time to time with the following error:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
error: ../../grub-core/net/dns.c:688:no DNS record found.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens when both IPv4 and IPv6 queries are performed against the
DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as
shown below:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
grub> net_add_dns 8.8.8.8
grub> net_nslookup ipv4.test-ipv6.com
error: ../../grub-core/net/dns.c:688:no DNS record found.
grub> net_nslookup ipv4.test-ipv6.com
216.218.228.115
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
The root cause is the code exiting prematurely when the data->addresses
buffer has been allocated in recv_hook(), even if there was no address
returned last time recv_hook() executed.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/dns.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index 6bb237d..01f3804 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -261,7 +261,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
/* Code apparently assumed that only one packet is received as response.
We may get multiple responses due to network condition, so check here
and quit early. */
- if (*data->addresses)
+ if (*data->naddresses)
goto out;
head = (struct dns_header *) nb->data;
@@ -306,11 +306,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
grub_uint32_t ttl = 0;
grub_uint16_t length;
if (ptr >= nb->tail)
- {
- if (!*data->naddresses)
- grub_free (*data->addresses);
- goto out;
- }
+ goto out;
ignored = !check_name (ptr, nb->data, nb->tail, data->name);
while (ptr < nb->tail && !((*ptr & 0xc0) || *ptr == 0))
ptr += *ptr + 1;
@@ -318,11 +314,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
ptr++;
ptr++;
if (ptr + 10 >= nb->tail)
- {
- if (!*data->naddresses)
- grub_free (*data->addresses);
- goto out;
- }
+ goto out;
if (*ptr++ != 0)
ignored = 1;
class = *ptr++;
@@ -338,11 +330,7 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
length = *ptr++ << 8;
length |= *ptr++;
if (ptr + length > nb->tail)
- {
- if (!*data->naddresses)
- grub_free (*data->addresses);
- goto out;
- }
+ goto out;
if (!ignored)
{
if (ttl_all > ttl)
@@ -429,6 +417,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)),
out:
grub_netbuff_free (nb);
grub_free (redirect_save);
+ if (!*data->naddresses)
+ grub_free (*data->addresses);
return GRUB_ERR_NONE;
}
--
2.43.5

185
SOURCES/bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch Normal file
View File

@ -0,0 +1,185 @@
From 9f0274170a9aa123f12b995fbe613051439c8a03 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 25 Mar 2025 17:31:59 +0000
Subject: [PATCH 1/2] efinet: Close and reopen card on failure
There are some known bugs with network adapter firmware implementations,
that may lead to intermittent problem of network adapter link being down, despite network
being set up.
Ultimate fix of this issue should be done on firmware side, but as for now we try to close
and reopen network adapter and retransmit packet in case we see failures.
Without this fix certain amount of PXE boots fails with inability to transmit packet, with this fix,
such failures are not seen.
Orabug: 35126950
Orabug: 37747175
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
---
grub-core/net/drivers/efi/efinet.c | 143 +++++++++++++++++------------
1 file changed, 82 insertions(+), 61 deletions(-)
diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c
index 1a24f38..a8a1bfa 100644
--- a/grub-core/net/drivers/efi/efinet.c
+++ b/grub-core/net/drivers/efi/efinet.c
@@ -37,67 +37,6 @@ static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID;
static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID;
static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID;
-static grub_err_t
-send_card_buffer (struct grub_net_card *dev,
- struct grub_net_buff *pack)
-{
- grub_efi_status_t st;
- grub_efi_simple_network_t *net = dev->efi_net;
- grub_uint64_t limit_time = grub_get_time_ms () + 4000;
- void *txbuf;
-
- if (dev->txbusy)
- while (1)
- {
- txbuf = NULL;
- st = efi_call_3 (net->get_status, net, 0, &txbuf);
- if (st != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_IO,
- N_("couldn't send network packet"));
- /*
- Some buggy firmware could return an arbitrary address instead of the
- txbuf address we trasmitted, so just check that txbuf is non NULL
- for success. This is ok because we open the SNP protocol in
- exclusive mode so we know we're the only ones transmitting on this
- box and since we only transmit one packet at a time we know our
- transmit was successfull.
- */
- if (txbuf)
- {
- dev->txbusy = 0;
- break;
- }
- if (limit_time < grub_get_time_ms ())
- return grub_error (GRUB_ERR_TIMEOUT,
- N_("couldn't send network packet"));
- }
-
- dev->last_pkt_size = (pack->tail - pack->data);
- if (dev->last_pkt_size > dev->mtu)
- dev->last_pkt_size = dev->mtu;
-
- grub_memcpy (dev->txbuf, pack->data, dev->last_pkt_size);
-
- st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size,
- dev->txbuf, NULL, NULL, NULL);
- if (st != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_IO, N_("couldn't send network packet"));
-
- /*
- The card may have sent out the packet immediately - set txbusy
- to 0 in this case.
- Cases were observed where checking txbuf at the next call
- of send_card_buffer() is too late: 0 is returned in txbuf and
- we run in the GRUB_ERR_TIMEOUT case above.
- Perhaps a timeout in the FW has discarded the recycle buffer.
- */
- txbuf = NULL;
- st = efi_call_3 (net->get_status, net, 0, &txbuf);
- dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf);
-
- return GRUB_ERR_NONE;
-}
-
static struct grub_net_buff *
get_card_packet (struct grub_net_card *dev)
{
@@ -219,6 +158,88 @@ close_card (struct grub_net_card *dev)
grub_efi_image_handle, dev->efi_handle);
}
+static grub_err_t
+send_card_buffer (struct grub_net_card *dev,
+ struct grub_net_buff *pack)
+{
+ grub_efi_status_t st;
+ grub_efi_simple_network_t *net = dev->efi_net;
+ grub_uint64_t limit_time = grub_get_time_ms () + 4000;
+ void *txbuf;
+ grub_err_t ret;
+ int retry = 0;
+
+ if (dev->txbusy)
+ while (1)
+ {
+ txbuf = NULL;
+ st = efi_call_3 (net->get_status, net, 0, &txbuf);
+ if (st != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_IO,
+ N_("couldn't send network packet"));
+ /*
+ Some buggy firmware could return an arbitrary address instead of the
+ txbuf address we trasmitted, so just check that txbuf is non NULL
+ for success. This is ok because we open the SNP protocol in
+ exclusive mode so we know we're the only ones transmitting on this
+ box and since we only transmit one packet at a time we know our
+ transmit was successfull.
+ */
+ if (txbuf)
+ {
+ dev->txbusy = 0;
+ break;
+ }
+ if (limit_time < grub_get_time_ms ())
+ {
+ if (!retry)
+ {
+ close_card (dev);
+ grub_millisleep (100);
+ ret = open_card (dev);
+ if (ret != GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_IO,
+ N_("couldn't open card"));
+ st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size,
+ dev->txbuf, NULL, NULL, NULL);
+ if (st != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_IO,
+ N_("couldn't send network packet"));
+ retry = 1;
+ grub_uint64_t limit_time = grub_get_time_ms () + 10000;
+ break;
+ }
+ return grub_error (GRUB_ERR_TIMEOUT,
+ N_("couldn't send network packet"));
+ }
+ }
+
+ dev->last_pkt_size = (pack->tail - pack->data);
+ if (dev->last_pkt_size > dev->mtu)
+ dev->last_pkt_size = dev->mtu;
+
+ grub_memcpy (dev->txbuf, pack->data, dev->last_pkt_size);
+
+ st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size,
+ dev->txbuf, NULL, NULL, NULL);
+ if (st != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_IO, N_("couldn't send network packet"));
+
+ /*
+ The card may have sent out the packet immediately - set txbusy
+ to 0 in this case.
+ Cases were observed where checking txbuf at the next call
+ of send_card_buffer() is too late: 0 is returned in txbuf and
+ we run in the GRUB_ERR_TIMEOUT case above.
+ Perhaps a timeout in the FW has discarded the recycle buffer.
+ */
+ txbuf = NULL;
+ st = efi_call_3 (net->get_status, net, 0, &txbuf);
+ dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf);
+
+ return GRUB_ERR_NONE;
+}
+
static struct grub_net_card_driver efidriver =
{
.name = "efinet",
--
2.43.5

109
SOURCES/bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch Normal file
View File

@ -0,0 +1,109 @@
From a6e7b87e0c7c721a35016d7a1136b3c53cc8f981 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <grub2-owner@fedoraproject.org>
Date: Tue, 25 Mar 2025 18:43:28 +0000
Subject: [PATCH 2/2] efinet: Correct closing of SNP protocol
In the context of the implementation of the EFI_LOAD_FILE2_PROTOCOL for the initial ramdisk it
was observed that opening the SNP protocol failed.
https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00020.html This is
due to an incorrect call to CloseProtocol().
The first parameter of CloseProtocol() is the handle, not the interface.
We call OpenProtocol() with ControllerHandle == NULL. Hence we must also
call CloseProtcol() with ControllerHandel == NULL.
Each call of OpenProtocol() for the same network card handle is expected to
return the same interface pointer. If we want to close the protocol which
we opened non-exclusively when searching for a card, we have to do this
before opening the protocol exclusively.
As there is no guarantee that we successfully open the protocol add checks
in the transmit and receive functions.
Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Orabug: 34195100
Orabug: 37747175
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
---
grub-core/net/drivers/efi/efinet.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c
index a8a1bfa..c1759cd 100644
--- a/grub-core/net/drivers/efi/efinet.c
+++ b/grub-core/net/drivers/efi/efinet.c
@@ -47,6 +47,9 @@ get_card_packet (struct grub_net_card *dev)
struct grub_net_buff *nb;
int i;
+ if (net == NULL)
+ return NULL;
+
for (i = 0; i < 2; i++)
{
if (!dev->rcvbuf)
@@ -94,12 +97,19 @@ open_card (struct grub_net_card *dev)
{
grub_efi_simple_network_t *net;
+ if (dev->efi_net != NULL)
+ {
+ efi_call_4 (grub_efi_system_table->boot_services->close_protocol,
+ dev->efi_handle, &net_io_guid,
+ grub_efi_image_handle, NULL);
+ dev->efi_net = NULL;
+ }
/* Try to reopen SNP exlusively to close any active MNP protocol instance
that may compete for packet polling
*/
net = grub_efi_open_protocol (dev->efi_handle, &net_io_guid,
GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE);
- if (net)
+ if (net != NULL)
{
if (net->mode->state == GRUB_EFI_NETWORK_STOPPED
&& efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS)
@@ -138,13 +148,12 @@ open_card (struct grub_net_card *dev)
efi_call_6 (net->receive_filters, net, filters, 0, 0, 0, NULL);
}
- efi_call_4 (grub_efi_system_table->boot_services->close_protocol,
- dev->efi_net, &net_io_guid,
- grub_efi_image_handle, dev->efi_handle);
dev->efi_net = net;
+ } else {
+ return grub_error (GRUB_ERR_NET_NO_CARD, "%s: can't open protocol",
+ dev->name);
}
- /* If it failed we just try to run as best as we can */
return GRUB_ERR_NONE;
}
@@ -154,8 +163,8 @@ close_card (struct grub_net_card *dev)
efi_call_1 (dev->efi_net->shutdown, dev->efi_net);
efi_call_1 (dev->efi_net->stop, dev->efi_net);
efi_call_4 (grub_efi_system_table->boot_services->close_protocol,
- dev->efi_net, &net_io_guid,
- grub_efi_image_handle, dev->efi_handle);
+ dev->efi_handle, &net_io_guid,
+ grub_efi_image_handle, 0);
}
static grub_err_t
@@ -169,6 +178,9 @@ send_card_buffer (struct grub_net_card *dev,
grub_err_t ret;
int retry = 0;
+ if (net == NULL)
+ return grub_error (GRUB_ERR_IO,
+ N_("network protocol not available, can't send packet"));
if (dev->txbusy)
while (1)
{
--
2.43.5

13
SOURCES/grub.macros
View File

@ -216,7 +216,7 @@
%ifarch x86_64
%global with_efi_common 1
%global with_legacy_modules 0
%global with_legacy_modules 1
%global with_legacy_common 0
%else
%global with_efi_common 0
@ -274,6 +274,13 @@ Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal >= %{evr} \
Requires: %{name}-tools = %{evr} \
Provides: %{name}-efi = %{evr} \
Provides: oracle(grub2-sig-key) = 202502 \
%{expand:%%ifarch x86_64 \
Conflicts: shim-x64 < 15.8-1.0.4 \
%%endif} \
%{expand:%%ifarch aarch64 \
Conflicts: shim-aa64 < 15.8-1.0.4 \
%%endif} \
%{?legacy_provides:Provides: %{name} = %{evr}} \
%{-o:Obsoletes: %{name}-efi < %{evr}} \
\
@ -372,7 +379,7 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
rm -f %{1}.conf \
%{nil}
%global grub_modules " all_video boot blscfg \\\
%global grub_modules " all_video boot blscfg btrfs \\\
cat configfile cryptodisk \\\
echo ext2 f2fs fat font \\\
gcry_rijndael gcry_rsa gcry_serpent \\\
@ -387,7 +394,7 @@ rm -f %{1}.conf \
search_label serial sleep syslinuxcfg \\\
test tftp version video xfs zstd " \
%ifarch x86_64 aarch64 %{arm} riscv64
%ifarch x86_64 aarch64 %{arm}
%define efi_mkimage() \
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
-p /EFI/%{efi_vendor} -d grub-core \\\

10
SOURCES/grub.patches
View File

@ -461,3 +461,13 @@ Patch0461: 0461-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Patch0462: 0462-fs-xfs-Add-large-extent-counters-incompat-feature-su.patch
Patch0463: 0463-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch
Patch0464: 0464-fs-xfs-fix-large-extent-counters-incompat-feature-su.patch
Patch0465: 0465-10_linux.in-escape-kernel-option-characters-properly.patch
Patch0466: 0466-blscfg-check-if-variable-is-escaped-before-consideri.patch
Patch1000: bug18504756-use-different-title-for-UEK.patch
Patch1001: bug26388226-update-redhat-references.patch
Patch1002: bug37747175-0001-efinet-Close-and-reopen-card-on-failure.patch
Patch1003: bug37747175-0002-efinet-Correct-closing-of-SNP-protocol.patch
Patch1004: bug37539625-0001-net-dns-Fix-removal-of-DNS-server.patch
Patch1005: bug37539625-0002-net-dns-Simplify-error-handling-of-recv_hook-functio.patch
Patch1006: bug37539625-0003-net-dns-Add-debugging-messages-in-recv_hook-function.patch
Patch1007: bug37539625-0004-net-dns-Fix-lookup-error-when-no-IPv6-is-returned.patch

3
SOURCES/sbat.csv.in
View File

@ -1,3 +1,4 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
grub,3,Free Software Foundation,grub,@@VERSION@@,https://www.gnu.org/software/grub/
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.ol9,3,Oracle Linux,grub2,@@VERSION@@,mail:secalert_us@oracle.com

54
SPECS/grub2.spec
View File

@ -16,7 +16,7 @@
Name: grub2
Epoch: 1
Version: 2.06
Release: 104%{?dist}
Release: 105.0.1%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -38,21 +38,21 @@ Source12: sbat.csv.in
%include %{SOURCE1}
%ifarch x86_64 aarch64 ppc64le
%define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
%define sb_ca %{SOURCE14}
%define sb_cer %{SOURCE14}
%endif
%if 0%{?centos}
%ifarch x86_64 aarch64 ppc64le
%define sb_key centossecureboot202
%define sb_key OracleLinuxSecureBootKey1
%endif
%else
%ifarch x86_64 aarch64
%define sb_key redhatsecureboot502
%define sb_key OracleLinuxSecureBootKey1
%endif
%ifarch ppc64le
%define sb_key redhatsecureboot702
%define sb_key OracleLinuxSecureBootKey1
%endif
%endif
@ -547,6 +547,48 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif
%changelog
* Fri Oct 31 2025 Alex Burmashev <alexander.burmashev@oracle.com> - 2.06-105.0.1
- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
- Fix typo in SBAT metadata [Orabug: 37693946]
- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
- net/dns: Fix removal of DNS server [Orabug: 37539625]
- net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625]
- net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625]
- net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625]
- efinet: close and reopen network card on failure [Orabug: 35126950], [Orabug: 37747175]
- efinet: Correct closing of SNP protocol [Orabug: 35126950], [Orabug: 37747175]
- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
- Restore correct order of processing config files [Orabug: 36758359]
- Support setting custom kernels as default kernels [Orabug: 36043978]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
* Wed Sep 03 2025 Leo Sandoval <lsandova@redhat.com> 2.06-105
- Handle special kernel parameter characters properly
- Resolves: #RHEL-111748
* Thu Apr 3 2025 Nicolas Frayer <nfrayer@redhat.com> 2.06-104
- fs/xfs: Sync with latest xfs upstream
- Resolves: #RHEL-85960