From d0cbb56535200d729ad45f48005f1c823476b118 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 06:49:37 -0500 Subject: [PATCH] import grub2-2.02-90.el8 --- ...r-overrun-when-attempting-to-shrink-.patch | 2 +- ...ok-for-BLS-snippets-in-the-root-devi.patch | 47 +++++++++++++++++ ...dcode-an-env-var-as-fallback-for-the.patch | 47 +++++++++++++++++ ...lock-counter-to-prevent-timeouts-wit.patch | 51 +++++++++++++++++++ SOURCES/grub.patches | 3 ++ SPECS/grub2.spec | 49 ++++++++++++++++-- 6 files changed, 194 insertions(+), 5 deletions(-) create mode 100644 SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch create mode 100644 SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch create mode 100644 SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch diff --git a/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch index 293500b..f8a73b7 100644 --- a/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch +++ b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch @@ -38,7 +38,7 @@ Aborted (core dumped) $ wc -c env 0 grubenv -Resolves: rhbz#1836196 +Resolves: rhbz#1761496 Reported-by: Renaud Métrich Signed-off-by: Javier Martinez Canillas diff --git a/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch new file mode 100644 index 0000000..e2e2e51 --- /dev/null +++ b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:39 +0200 +Subject: [PATCH] blscfg: Always look for BLS snippets in the root device + +The blscfg command trying to load the BLS snippets from different devices +is a left over from when these where located in the ESP in the EFI case. + +But now that are always located in the /boot directory, the BLS snippets +have to be loaded from the root device just like the other files that are +in the /boot directory (kernel and initrd images). + +This only worked for legacy BIOS because the boot and root variables were +set to the same value. But doesn't work when trying to use a common GRUB +config file that could be shared between an EFI and legacy BIOS install. + +That kind of configuration is needed for example on hybrid images that are +booted using either EFI or legacy BIOS firmwares. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c92e1c84543..70ce5c7bf6f 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -874,14 +874,12 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + + #ifdef GRUB_MACHINE_EMU + devid = "host"; +-#elif defined(GRUB_MACHINE_EFI) ++#else + devid = grub_env_get ("root"); +-#else +- devid = grub_env_get ("boot"); + #endif + if (!devid) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("variable `%s' isn't set"), "boot"); ++ N_("variable `%s' isn't set"), "root"); + + grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); diff --git a/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch new file mode 100644 index 0000000..30bbae3 --- /dev/null +++ b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:45 +0200 +Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS + options field + +If the BLS fragments don't have an options field or if this was set to an +environment variable that was not defined in the grubenv file, the blscfg +module searches for a default_kernelopts variable that is defined in the +grub.cfg file. + +But the blscfg module shouldn't hardcode fallbacks variables and instead +this logic should be handled in the GRUB config file itself. + +Also, add a comment explaining where the kernelopts variable is supposed +to be defined and what is the process for the user to change its value. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 58d18504790..48857bb81d3 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -158,7 +158,17 @@ linux_entry () + populate_header_warn + + cat << EOF +-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++# The kernelopts variable should be defined in the grubenv file. But to ensure that menu ++# entries populated from BootLoaderSpec files that use this variable work correctly even ++# without a grubenv file, define a fallback kernelopts variable if this has not been set. ++# ++# The kernelopts variable in the grubenv file can be modified using the grubby tool or by ++# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX ++# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both ++# the kernelopts variable in the grubenv file and the fallback kernelopts variable. ++if [ -z "\${kernelopts}" ]; then ++ set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++fi + + insmod blscfg + blscfg diff --git a/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch b/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch new file mode 100644 index 0000000..60e58b0 --- /dev/null +++ b/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 24 Aug 2020 14:46:27 +0200 +Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data + packets + +The block number is a 16-bit counter which only allows to fetch +files no bigger than 65535 * blksize. To avoid this limit, the +counter is rolled over. This behavior isn't defined in RFC 1350 +but is handled by many TFTP servers and it's what GRUB was doing +before implicitly due an overflow. + +Fixing that bug led to TFTP timeouts, since GRUB wasn't acking +data packets anymore for files with size bigger than the maximum +mentioned above. Restore the old behavior to prevent this issue. + +Resolves: rhbz#1871034 + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/tftp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 2c52f692b25..4f38d7ef1f7 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter which only allows to fetch ++ * files no bigger than 65535 * blksize. To avoid this limit, the ++ * counter is rolled over. This behavior isn't defined in RFC 1350 ++ * but is handled by many TFTP servers and it's what GRUB was doing ++ * before implicitly due an overflow. ++ * ++ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking ++ * data packets anymore for files with size bigger than the maximum ++ * mentioned above. Restore the old behavior to prevent this issue. ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu)) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ + else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 681d33d..70e5e54 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -312,3 +312,6 @@ Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch +Patch0315: 0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch +Patch0316: 0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch +Patch0317: 0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index ec045ab..52e8c9e 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 87%{?dist} +Release: 90%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -500,7 +500,31 @@ fi %endif %changelog -* Tue Jul 28 2020 Peter Jones - 2.02-87 +* Mon Aug 31 2020 Javier Martinez Canillas - 2.02-90 +- Roll over TFTP block counter to prevent timeouts with data packets + Resolves: rhbz#1871034 + +* Fri Aug 21 2020 Javier Martinez Canillas - 2.02-89 +- Fix TFTP timeouts when trying to fetch files larger than 65535 KiB + Resolves: rhbz#1871034 + +* Tue Aug 11 2020 Javier Martinez Canillas - 2.02-88 +- Fix a legacy BIOS boot issue when a using config file shared with EFI + Resolves: rhbz#1850193 + +* Mon Jul 27 2020 Peter Jones - 2.02-87 +- Couple more late fixes. + Resolves: CVE-2020-15705 + +* Sun Jul 26 2020 Peter Jones - 2.02-86 +- Couple more late fixes. + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 + +* Mon Jul 20 2020 Peter Jones - 2.02-85 - Fix several CVEs Resolves: CVE-2020-10713 Resolves: CVE-2020-14308 @@ -508,9 +532,26 @@ fi Resolves: CVE-2020-14310 Resolves: CVE-2020-14311 -* Mon May 18 2020 Javier Martinez Canillas - 2.02-82.el8_2.1 +* Tue May 19 2020 Javier Martinez Canillas - 2.02-84 +- Add fixes for greenboot support + Resolves: rhbz#1832336 + +* Mon May 18 2020 Javier Martinez Canillas - 2.02-83 - Fix a segfault in grub2-editenv when attempting to shrink a variable - Resolves: rhbz#1836196 + Resolves: rhbz#1761496 + +* Mon Apr 27 2020 Javier Martinez Canillas - 2.02-82 +- Drop "Disable multiboot, multiboot2, and linux16 modules on EFI builds" + Resolves: rhbz#1779480 +- efi/http: Export {fw,http}_path variables to make them global + Resolves: rhbz#1811561 +- efi/http: Enclose literal IPv6 addresses in square brackets +- efi/net: Allow to specify a port number in addresses +- efi/ip4_config: Improve check to detect literal IPv6 addresses +- efi/net: Print a debug message if parsing the address fails + Resolves: rhbz#1811560 +- Set image base address before jumping to the PE/COFF entry point + Resolves: rhbz#1819624 * Thu Dec 05 2019 Javier Martinez Canillas - 2.02-81 - Another fix for blscfg variable expansion support