import grub2-2.02-90.el8

SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch

@@ -38,7 +38,7 @@ Aborted (core dumped)
 $ wc -c env
 0 grubenv
 
-Resolves: rhbz#1836196
+Resolves: rhbz#1761496
 
 Reported-by: Renaud Métrich <rmetrich@redhat.com>
 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>

SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch

@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 11 Aug 2020 13:16:39 +0200
+Subject: [PATCH] blscfg: Always look for BLS snippets in the root device
+
+The blscfg command trying to load the BLS snippets from different devices
+is a left over from when these where located in the ESP in the EFI case.
+
+But now that are always located in the /boot directory, the BLS snippets
+have to be loaded from the root device just like the other files that are
+in the /boot directory (kernel and initrd images).
+
+This only worked for legacy BIOS because the boot and root variables were
+set to the same value. But doesn't work when trying to use a common GRUB
+config file that could be shared between an EFI and legacy BIOS install.
+
+That kind of configuration is needed for example on hybrid images that are
+booted using either EFI or legacy BIOS firmwares.
+
+Resolves: rhbz#1850193
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/blscfg.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index c92e1c84543..70ce5c7bf6f 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -874,14 +874,12 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
+ 
+ #ifdef GRUB_MACHINE_EMU
+   devid = "host";
+-#elif defined(GRUB_MACHINE_EFI)
++#else
+   devid = grub_env_get ("root");
+-#else
+-  devid = grub_env_get ("boot");
+ #endif
+   if (!devid)
+     return grub_error (GRUB_ERR_FILE_NOT_FOUND,
+-		       N_("variable `%s' isn't set"), "boot");
++		       N_("variable `%s' isn't set"), "root");
+ 
+   grub_dprintf ("blscfg", "opening %s\n", devid);
+   dev = grub_device_open (devid);

SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch

@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 11 Aug 2020 13:16:45 +0200
+Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS
+ options field
+
+If the BLS fragments don't have an options field or if this was set to an
+environment variable that was not defined in the grubenv file, the blscfg
+module searches for a default_kernelopts variable that is defined in the
+grub.cfg file.
+
+But the blscfg module shouldn't hardcode fallbacks variables and instead
+this logic should be handled in the GRUB config file itself.
+
+Also, add a comment explaining where the kernelopts variable is supposed
+to be defined and what is the process for the user to change its value.
+
+Resolves: rhbz#1850193
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ util/grub.d/10_linux.in | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index 58d18504790..48857bb81d3 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -158,7 +158,17 @@ linux_entry ()
+     populate_header_warn
+ 
+     cat << EOF
+-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
++# entries populated from BootLoaderSpec files that use this variable work correctly even
++# without a grubenv file, define a fallback kernelopts variable if this has not been set.
++#
++# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
++# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
++# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
++# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
++if [ -z "\${kernelopts}" ]; then
++  set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
++fi
+ 
+ insmod blscfg
+ blscfg

SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch

@@ -0,0 +1,51 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 24 Aug 2020 14:46:27 +0200
+Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
+ packets
+
+The block number is a 16-bit counter which only allows to fetch
+files no bigger than 65535 * blksize. To avoid this limit, the
+counter is rolled over. This behavior isn't defined in RFC 1350
+but is handled by many TFTP servers and it's what GRUB was doing
+before implicitly due an overflow.
+
+Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
+data packets anymore for files with size bigger than the maximum
+mentioned above. Restore the old behavior to prevent this issue.
+
+Resolves: rhbz#1871034
+
+Suggested-by: Peter Jones <pjones@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/tftp.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
+index 2c52f692b25..4f38d7ef1f7 100644
+--- a/grub-core/net/tftp.c
++++ b/grub-core/net/tftp.c
+@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
+ 	  return GRUB_ERR_NONE;
+ 	}
+ 
+-      /* Ack old/retransmitted block. */
+-      if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
++      /*
++       * Ack old/retransmitted block.
++       *
++       * The block number is a 16-bit counter which only allows to fetch
++       * files no bigger than 65535 * blksize. To avoid this limit, the
++       * counter is rolled over. This behavior isn't defined in RFC 1350
++       * but is handled by many TFTP servers and it's what GRUB was doing
++       * before implicitly due an overflow.
++       *
++       * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
++       * data packets anymore for files with size bigger than the maximum
++       * mentioned above. Restore the old behavior to prevent this issue.
++       */
++      if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
+ 	ack (data, grub_be_to_cpu16 (tftph->u.data.block));
+       /* Ignore unexpected block. */
+       else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)

SOURCES/grub.patches

@@ -312,3 +312,6 @@ Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
 Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
 Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
 Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
+Patch0315: 0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch
+Patch0316: 0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
+Patch0317: 0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch

SPECS/grub2.spec

@@ -7,7 +7,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	87%{?dist}
+Release:	90%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@@ -500,7 +500,31 @@ fi
 %endif
 
 %changelog
-* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 2.02-87
+* Mon Aug 31 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-90
+- Roll over TFTP block counter to prevent timeouts with data packets
+  Resolves: rhbz#1871034
+
+* Fri Aug 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-89
+- Fix TFTP timeouts when trying to fetch files larger than 65535 KiB
+  Resolves: rhbz#1871034
+
+* Tue Aug 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-88
+- Fix a legacy BIOS boot issue when a using config file shared with EFI
+  Resolves: rhbz#1850193
+
+* Mon Jul 27 2020 Peter Jones <pjones@redhat.com> - 2.02-87
+- Couple more late fixes.
+  Resolves: CVE-2020-15705
+
+* Sun Jul 26 2020 Peter Jones <pjones@redhat.com> - 2.02-86
+- Couple more late fixes.
+  Resolves: CVE-2020-10713
+  Resolves: CVE-2020-14308
+  Resolves: CVE-2020-14309
+  Resolves: CVE-2020-14310
+  Resolves: CVE-2020-14311
+
+* Mon Jul 20 2020 Peter Jones <pjones@redhat.com> - 2.02-85
 - Fix several CVEs
   Resolves: CVE-2020-10713
   Resolves: CVE-2020-14308
@@ -508,9 +532,26 @@ fi
   Resolves: CVE-2020-14310
   Resolves: CVE-2020-14311
 
-* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82.el8_2.1
+* Tue May 19 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-84
+- Add fixes for greenboot support
+  Resolves: rhbz#1832336
+
+* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-83
 - Fix a segfault in grub2-editenv when attempting to shrink a variable
-  Resolves: rhbz#1836196
+  Resolves: rhbz#1761496
+
+* Mon Apr 27 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82
+- Drop "Disable multiboot, multiboot2, and linux16 modules on EFI builds"
+  Resolves: rhbz#1779480
+- efi/http: Export {fw,http}_path variables to make them global
+  Resolves: rhbz#1811561
+- efi/http: Enclose literal IPv6 addresses in square brackets
+- efi/net: Allow to specify a port number in addresses
+- efi/ip4_config: Improve check to detect literal IPv6 addresses
+- efi/net: Print a debug message if parsing the address fails
+  Resolves: rhbz#1811560
+- Set image base address before jumping to the PE/COFF entry point
+  Resolves: rhbz#1819624
 
 * Thu Dec 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-81
 - Another fix for blscfg variable expansion support