rpms/grub2
6
0
Fork 0
Code Issues Pull Requests Releases Activity
835 Commits 20 Branches 167 Tags 13 MiB
0127cb7cb1
Commit Graph

835 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Frayer
0127cb7cb1 sbat: bump grub sbat for new shim release 
Resolves: #RHEL-91277
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-05-14 11:30:00 +02:00
Nicolas Frayer
81cae7e227 sbat: add new sbat entry for centos 
Resolves: #RHEL-91146
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-05-13 16:38:36 +02:00
Andrea Bolognani
bdb6399fe8 Fix riscv64 build 
Resolves: RHEL-85987

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
 2025-04-17 01:32:52 +02:00
Nicolas Frayer
d002e804dd ppc/mkimage: SBAT support on powerpc 
Resolves: #RHEL-87420
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-04-15 15:54:33 +02:00
Marta Lewandowska
5b54c60e8c 99-grub-mkconfig.install: Disable BLS and run grub2-mkconfig when GRUB_ENABLE_BLSCFG is disable 
Resolves: #RHEL-86261

Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Reviewed-by: Leo Sandoval <lsandova@redhat.com>
 2025-04-07 14:22:57 -06:00
Nicolas Frayer
d23765b1e8 ieee1275/ofnet: Fix grub_malloc() removed after added safe 
Related: #RHEL-80073
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-03-25 14:49:31 +01:00
Nicolas Frayer
5f77cf3173 powerpc: increase MIN RMA size for CAS negotiation 
Resolves: #RHEL-76429
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-03-18 14:43:02 +01:00
Leo Sandoval
95e08eb027 Remove NTFS attribute verification patch 
The removed patch was part of the CVE patches ported recently into RHEL but
is causing segfaults on dual boot (Windows & RHEL) systems when generating the
grub configuration with the grub2-mkconfig tool. At some point the same patch
will come back with the corresponding fix but for the time being, it is removed.

Related: RHEL-80686

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2025-03-11 10:29:02 -06:00
Nicolas Frayer
b621d47266 Bump release to trigger signing tools 
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-02-26 15:29:45 +01:00
Nicolas Frayer
0f8974ea55 fs/ext2: Rework out-of-bounds read for inline and external extents 
Related: #RHEL-80686
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-02-26 12:19:46 +01:00
Vitaly Kuznetsov
61e8038539 99-grub-mkconfig: Avoid disabling BLS usage for Xen HVM VMs 
Xen PV and PVH guest use direct kernel boot and may use 'pygrub' tool to
parse guest's grub config. The tool is incompatible with BLS and thus
99-grub-mkconfig.install disables it. The problem is observed with HVM
guests which are 'normal' VMs and don't require pygrub compatibility. E.g.
legacy AWS instance types are of this kind. Disabling BLS for them is
undesired and unjustified. Luckily, kernel driver for Xen provides
'/sys/hypervisor/guest_type' interface telling us which type of guest are
we running in.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
 2025-02-26 12:13:24 +01:00
Leo Sandoval
b9f070c2f2 Add Several CVE fixes 
Resolves: CVE-2024-45781 CVE-2024-45783 CVE-2024-45778
Resolves: CVE-2024-45775 CVE-2024-45780 CVE-2024-45774
Resolves: CVE-2025-0690 CVE-2025-1118 CVE-2024-45782
Resolves: CVE-2025-0624 CVE-2024-45779 CVE-2024-45776
Resolves: CVE-2025-0622 CVE-2025-0677
Resolves: #RHEL-80691
Resolves: #RHEL-80690
Resolves: #RHEL-80689
Resolves: #RHEL-80687
Resolves: #RHEL-80686

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-02-25 11:59:31 -06:00
Leo Sandoval
c17ad7254d fix pending SAST issues 
Resolves: #RHEL-50504

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2025-01-22 17:05:40 -06:00
Leo Sandoval
ff6d9c809c term/ns8250-spcr: return if redirection is disabled 
Compared to previous commit, this is a better approach to handle SPCR null base
address indicating no redirection, doing the null check on the caller instead of
the callee.

Resolves: #RHEL-68622
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2025-01-17 11:25:47 -06:00
Leo Sandoval
4052952894 term/ns8250: return in case of a null SPCR base addresses 
Resolves: #RHEL-68622
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2025-01-13 12:04:13 -06:00
Nicolas Frayer
6f919c8415 fs/xfs: fix large extent counters incompat feature support 
Resolves: #RHEL-68390
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2025-01-09 17:52:49 +01:00
Michal Sekletar
05eb032a32 Remove BLS fake config on kernel removal 
Resolves: #RHEL-59557
Signed-off-by: Michal Sekletar <msekleta@redhat.com>
Reviewed-by: Leo Sandoval <lsandova@redhat.com>
Reviewed-by: Marta Lewandowska <mlewando@redhat.com>
 2024-12-09 13:34:57 -06:00
Leo Sandoval
8812e31e42 acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() 
Resolves: #RHEL-68690
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-12-09 10:06:32 -06:00
Leo Sandoval
adaa841fca 10_linux.in: escape semicolon and ampersand on BLS upddate 
Resolves: #RHEL-68531
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-11-21 12:48:34 -06:00
Leo Sandoval
f9ffaac36e Rebased to release grub-2.12 
Resolves: #RHEL-15032

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-11-07 09:45:00 -06:00
Troy Dawson
d5c5bf4a63 Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:28:59 -07:00
Leo Sandoval
20db98c9e3 posttrans: condition EFI_HOME/grub.cfg cmds if stub is present 
Resolves: #RHEL-59796
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-09-23 11:19:04 -06:00
Nicolas Frayer
742532ab73 grub.cfg: Fix an issue when doing a major version upgrade 
Related: #RHEL-56733
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-09-23 14:33:04 +02:00
Nicolas Frayer
1022bec884 spec: Added more code for the previous CVE fix 
Related: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-09-23 14:31:55 +02:00
Nicolas Frayer
008b689173 aarch64/macros: Re-added flags that disappeared with previous commit 
Related: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-09-18 17:56:57 +02:00
Nicolas Frayer
c69e56f2af aarch64/macros: Build gnulib with -mbranch-protection=standard 
Resolves: #RHEL-58821
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-09-13 09:33:04 +02:00
Leo Sandoval
5e22405b1c grub.cfg: Fix rpm grub.cfg permission and verification issues 
Fix the rpm verificaton issues. On the other hand, 2.06-121 [1]
introduced a change on grub2-mkconfig where it prevents overwritting
`${EFI_HOME}/grub.cfg` with side effects on the `%posttrans`
scriptlet, where it tries to recreate it in case this file does not
exist but due to [1] the `${EFI}/grub.cfg` file would never be
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it.

[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-10-main&id=9c6e5cf6c8e597efbf6a10399371789fddafac12

Resolves: #RHEL-56918
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-09-03 16:14:28 -06:00
Nicolas Frayer
6fd4bccf50 Sync with rhel9 for critical patches 
Resolves: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-30 12:04:21 +02:00
Nicolas Frayer
7e8f0f0dcf grub-mkconfig dont overwrite BLS cmdline if BLSCFG 
Resolves: #RHEL-53848
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-28 12:51:29 +02:00
Peter Jones
91198fdd6c spec/macros: Modified spec and macros files for RHEL10 signing 
Related: #RHEL-51867
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-05 23:28:33 +02:00
Nicolas Frayer
824f4e8aa6 grub2-mkconfig: Remove mountpoint check 
Related: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-05 22:26:37 +02:00
Nicolas Frayer
1b7f195817 Use the set of macros provided by system-sb-certs for signing 
Resolves: #RHEL-51867
Resolves: #RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-01 19:04:23 +02:00
Andrew Lukoshko
72310e515d grub2-mkconfig: Simplify os_name detection 2024-07-31 17:05:13 +00:00
Nicolas Frayer
9c6e5cf6c8 grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub 
Resolves: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-07-16 11:36:09 +02:00
Nicolas Frayer
0bbba2c660 Added gating.yaml 
Resolves: #RHELMISC-3917
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-06-26 08:40:54 +00:00
Troy Dawson
f5a592b680 Bump release for June 2024 mass rebuild 2024-06-24 12:29:35 -07:00
Nicolas Frayer
59b43ff448 spec: bump release to use right keys to sign 
Relates: RHEL-25958
Relates: RHELBLD-15314
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-06-19 11:48:05 +02:00
Brian Stinson
41b6d9cafa Add the right certificate macros for CentOS Stream and RHEL 
Relates: RHEL-25958

Signed-off-by: Brian Stinson <bstinson@redhat.com>
 2024-02-20 20:44:11 -06:00
Leo Sandoval
29406ad333 xfs: include directory extent parsing patch 
Patch is required to boot XFS-formatted partitions created with
xfsprogs 6.5.0

Resolves: #2259266
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-01-23 12:02:27 -06:00
Nicolas Frayer
6cc927e76b Compiler flags: ignore incompatible types for now as it prevents 
CI builds

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-18 15:22:45 +01:00
Nicolas Frayer
d2d9f6012b grub-core/commands: add flag to only search root dev 
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-18 15:22:34 +01:00
Nicolas Frayer
ebd311ec52 xfs: Remove directory extent parsing patch 
Some bios systems can't boot with one of
the xfs upstream patches

Resolves: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-17 15:23:37 +01:00
Hector Martin
0c1c9228d2 Switch memdisk compression to lzop 
xz decompression is very slow and slows down boot by around 5 seconds on
aarch64/Apple M1 when using the default font. Switch to lzop, which
takes less than one second to uncompress.

This increases EFI core image size by around 11%.

Signed-off-by: Hector Martin <marcan@marcan.st>
 2024-01-13 08:19:34 +09:00
Daan De Meyer
a162c0412f Drop grub2-tools obsoletes for grub2-tools-minimal 
When installing grub2-tools grub2-tools-minimal is pulled in which
obsoletes grub2-tools causing grub2-tools to not get installed.
Remove the obsoletes so that grub2-tools can be installed again.

Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
 2024-01-11 19:10:34 +01:00
Nicolas Frayer
d11c8385d6 normal: fix prefix when loading modules 
Resolves: #2209435
Resolves: #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-04 11:29:35 +01:00
Leo Sandoval
4562b72afc chainloader: remove device path debug message 
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2023-12-14 09:31:59 -06:00
Nicolas Frayer
cadd7a1196 Migrate to SPDX license 
Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-12-01 17:09:13 +01:00
Nicolas Frayer
c4a49e5c9a fs/xfs: Add several fixes/improvements to xfs fs from upstream 
Resolves: #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-12-01 10:31:36 +01:00
Nicolas Frayer
7b857b827a Linker: added --no-warn-rwx-segments linker option 
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.

Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-11-15 15:30:41 +01:00
Nicolas Frayer
88924af554 Remove [Install] section from aux systemd units 
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-11-14 17:29:09 +01:00