Nicolas Frayer
0127cb7cb1
sbat: bump grub sbat for new shim release
...
Resolves: #RHEL-91277
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-05-14 11:30:00 +02:00
Nicolas Frayer
81cae7e227
sbat: add new sbat entry for centos
...
Resolves: #RHEL-91146
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-05-13 16:38:36 +02:00
Andrea Bolognani
bdb6399fe8
Fix riscv64 build
...
Resolves: RHEL-85987
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2025-04-17 01:32:52 +02:00
Nicolas Frayer
d002e804dd
ppc/mkimage: SBAT support on powerpc
...
Resolves: #RHEL-87420
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-04-15 15:54:33 +02:00
Marta Lewandowska
5b54c60e8c
99-grub-mkconfig.install: Disable BLS and run grub2-mkconfig when GRUB_ENABLE_BLSCFG is disable
...
Resolves: #RHEL-86261
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Reviewed-by: Leo Sandoval <lsandova@redhat.com>
2025-04-07 14:22:57 -06:00
Nicolas Frayer
d23765b1e8
ieee1275/ofnet: Fix grub_malloc() removed after added safe
...
Related: #RHEL-80073
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-03-25 14:49:31 +01:00
Nicolas Frayer
5f77cf3173
powerpc: increase MIN RMA size for CAS negotiation
...
Resolves: #RHEL-76429
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-03-18 14:43:02 +01:00
Leo Sandoval
95e08eb027
Remove NTFS attribute verification patch
...
The removed patch was part of the CVE patches ported recently into RHEL but
is causing segfaults on dual boot (Windows & RHEL) systems when generating the
grub configuration with the grub2-mkconfig tool. At some point the same patch
will come back with the corresponding fix but for the time being, it is removed.
Related: RHEL-80686
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2025-03-11 10:29:02 -06:00
Nicolas Frayer
b621d47266
Bump release to trigger signing tools
...
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-02-26 15:29:45 +01:00
Nicolas Frayer
0f8974ea55
fs/ext2: Rework out-of-bounds read for inline and external extents
...
Related: #RHEL-80686
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-02-26 12:19:46 +01:00
Vitaly Kuznetsov
61e8038539
99-grub-mkconfig: Avoid disabling BLS usage for Xen HVM VMs
...
Xen PV and PVH guest use direct kernel boot and may use 'pygrub' tool to
parse guest's grub config. The tool is incompatible with BLS and thus
99-grub-mkconfig.install disables it. The problem is observed with HVM
guests which are 'normal' VMs and don't require pygrub compatibility. E.g.
legacy AWS instance types are of this kind. Disabling BLS for them is
undesired and unjustified. Luckily, kernel driver for Xen provides
'/sys/hypervisor/guest_type' interface telling us which type of guest are
we running in.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
2025-02-26 12:13:24 +01:00
Leo Sandoval
b9f070c2f2
Add Several CVE fixes
...
Resolves: CVE-2024-45781 CVE-2024-45783 CVE-2024-45778
Resolves: CVE-2024-45775 CVE-2024-45780 CVE-2024-45774
Resolves: CVE-2025-0690 CVE-2025-1118 CVE-2024-45782
Resolves: CVE-2025-0624 CVE-2024-45779 CVE-2024-45776
Resolves: CVE-2025-0622 CVE-2025-0677
Resolves: #RHEL-80691
Resolves: #RHEL-80690
Resolves: #RHEL-80689
Resolves: #RHEL-80687
Resolves: #RHEL-80686
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-02-25 11:59:31 -06:00
Leo Sandoval
c17ad7254d
fix pending SAST issues
...
Resolves: #RHEL-50504
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2025-01-22 17:05:40 -06:00
Leo Sandoval
ff6d9c809c
term/ns8250-spcr: return if redirection is disabled
...
Compared to previous commit, this is a better approach to handle SPCR null base
address indicating no redirection, doing the null check on the caller instead of
the callee.
Resolves: #RHEL-68622
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2025-01-17 11:25:47 -06:00
Leo Sandoval
4052952894
term/ns8250: return in case of a null SPCR base addresses
...
Resolves: #RHEL-68622
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2025-01-13 12:04:13 -06:00
Nicolas Frayer
6f919c8415
fs/xfs: fix large extent counters incompat feature support
...
Resolves: #RHEL-68390
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-01-09 17:52:49 +01:00
Michal Sekletar
05eb032a32
Remove BLS fake config on kernel removal
...
Resolves: #RHEL-59557
Signed-off-by: Michal Sekletar <msekleta@redhat.com>
Reviewed-by: Leo Sandoval <lsandova@redhat.com>
Reviewed-by: Marta Lewandowska <mlewando@redhat.com>
2024-12-09 13:34:57 -06:00
Leo Sandoval
8812e31e42
acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
...
Resolves: #RHEL-68690
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-12-09 10:06:32 -06:00
Leo Sandoval
adaa841fca
10_linux.in: escape semicolon and ampersand on BLS upddate
...
Resolves: #RHEL-68531
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-11-21 12:48:34 -06:00
Leo Sandoval
f9ffaac36e
Rebased to release grub-2.12
...
Resolves: #RHEL-15032
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-11-07 09:45:00 -06:00
Troy Dawson
d5c5bf4a63
Bump release for October 2024 mass rebuild:
...
Resolves: RHEL-64018
2024-10-29 08:28:59 -07:00
Leo Sandoval
20db98c9e3
posttrans: condition EFI_HOME/grub.cfg cmds if stub is present
...
Resolves: #RHEL-59796
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-09-23 11:19:04 -06:00
Nicolas Frayer
742532ab73
grub.cfg: Fix an issue when doing a major version upgrade
...
Related: #RHEL-56733
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-23 14:33:04 +02:00
Nicolas Frayer
1022bec884
spec: Added more code for the previous CVE fix
...
Related: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-23 14:31:55 +02:00
Nicolas Frayer
008b689173
aarch64/macros: Re-added flags that disappeared with previous commit
...
Related: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-18 17:56:57 +02:00
Nicolas Frayer
c69e56f2af
aarch64/macros: Build gnulib with -mbranch-protection=standard
...
Resolves: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-13 09:33:04 +02:00
Leo Sandoval
5e22405b1c
grub.cfg: Fix rpm grub.cfg permission and verification issues
...
Fix the rpm verificaton issues. On the other hand, 2.06-121 [1]
introduced a change on grub2-mkconfig where it prevents overwritting
`${EFI_HOME}/grub.cfg` with side effects on the `%posttrans`
scriptlet, where it tries to recreate it in case this file does not
exist but due to [1] the `${EFI}/grub.cfg` file would never be
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it.
[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-10-main&id=9c6e5cf6c8e597efbf6a10399371789fddafac12
Resolves: #RHEL-56918
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-09-03 16:14:28 -06:00
Nicolas Frayer
6fd4bccf50
Sync with rhel9 for critical patches
...
Resolves: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-30 12:04:21 +02:00
Nicolas Frayer
7e8f0f0dcf
grub-mkconfig dont overwrite BLS cmdline if BLSCFG
...
Resolves: #RHEL-53848
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-28 12:51:29 +02:00
Peter Jones
91198fdd6c
spec/macros: Modified spec and macros files for RHEL10 signing
...
Related: #RHEL-51867
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-05 23:28:33 +02:00
Nicolas Frayer
824f4e8aa6
grub2-mkconfig: Remove mountpoint check
...
Related: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-05 22:26:37 +02:00
Nicolas Frayer
1b7f195817
Use the set of macros provided by system-sb-certs for signing
...
Resolves: #RHEL-51867
Resolves: #RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-01 19:04:23 +02:00
72310e515d
grub2-mkconfig: Simplify os_name detection
2024-07-31 17:05:13 +00:00
Nicolas Frayer
9c6e5cf6c8
grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub
...
Resolves: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-16 11:36:09 +02:00
Nicolas Frayer
0bbba2c660
Added gating.yaml
...
Resolves: #RHELMISC-3917
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-26 08:40:54 +00:00
Troy Dawson
f5a592b680
Bump release for June 2024 mass rebuild
2024-06-24 12:29:35 -07:00
Nicolas Frayer
59b43ff448
spec: bump release to use right keys to sign
...
Relates: RHEL-25958
Relates: RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-19 11:48:05 +02:00
Brian Stinson
41b6d9cafa
Add the right certificate macros for CentOS Stream and RHEL
...
Relates: RHEL-25958
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2024-02-20 20:44:11 -06:00
Leo Sandoval
29406ad333
xfs: include directory extent parsing patch
...
Patch is required to boot XFS-formatted partitions created with
xfsprogs 6.5.0
Resolves : #2259266
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-01-23 12:02:27 -06:00
Nicolas Frayer
6cc927e76b
Compiler flags: ignore incompatible types for now as it prevents
...
CI builds
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:45 +01:00
Nicolas Frayer
d2d9f6012b
grub-core/commands: add flag to only search root dev
...
Resolves : #2223437
Resolves : #2224951
Resolves : #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:34 +01:00
Nicolas Frayer
ebd311ec52
xfs: Remove directory extent parsing patch
...
Some bios systems can't boot with one of
the xfs upstream patches
Resolves : #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-17 15:23:37 +01:00
Hector Martin
0c1c9228d2
Switch memdisk compression to lzop
...
xz decompression is very slow and slows down boot by around 5 seconds on
aarch64/Apple M1 when using the default font. Switch to lzop, which
takes less than one second to uncompress.
This increases EFI core image size by around 11%.
Signed-off-by: Hector Martin <marcan@marcan.st>
2024-01-13 08:19:34 +09:00
Daan De Meyer
a162c0412f
Drop grub2-tools obsoletes for grub2-tools-minimal
...
When installing grub2-tools grub2-tools-minimal is pulled in which
obsoletes grub2-tools causing grub2-tools to not get installed.
Remove the obsoletes so that grub2-tools can be installed again.
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-01-11 19:10:34 +01:00
Nicolas Frayer
d11c8385d6
normal: fix prefix when loading modules
...
Resolves : #2209435
Resolves : #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-04 11:29:35 +01:00
Leo Sandoval
4562b72afc
chainloader: remove device path debug message
...
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2023-12-14 09:31:59 -06:00
Nicolas Frayer
cadd7a1196
Migrate to SPDX license
...
Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 17:09:13 +01:00
Nicolas Frayer
c4a49e5c9a
fs/xfs: Add several fixes/improvements to xfs fs from upstream
...
Resolves : #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 10:31:36 +01:00
Nicolas Frayer
7b857b827a
Linker: added --no-warn-rwx-segments linker option
...
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.
Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 15:30:41 +01:00
Nicolas Frayer
88924af554
Remove [Install] section from aux systemd units
...
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 17:29:09 +01:00