rpms/grub2
7
0
Fork 0
Code Issues Pull Requests Releases Activity
105 Commits 16 Branches 100 Tags 16 MiB
0e73191379
Commit Graph

105 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Frayer
0e73191379 cmd/search: Fix a possible NULL ptr dereference 
Resolves: #RHEL-61263
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-10-17 12:06:22 +02:00
Nicolas Frayer
ec05bd1b7c arm64/linux: Allocate memory for kernel with EFI_LOADER_CODE type 
Resolves: #RHEL-49868
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-13 20:21:40 +02:00
Leo Sandoval
d5d341df5d grub2.spec: Conditionally set grub config stub to 0600 mode 
When upgrading from <=2.06-90 to newer versions, the grub config stub
may have different mode than 0600, so set the latter if this is the case.

Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-08-02 12:11:11 -06:00
Nicolas Frayer
93795b8bea grub2-mkconfig: Remove mountpoint check 
Related: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-08-02 11:26:39 +02:00
Leo Sandoval
17192e412c grub2.spec: bump release number 
Previous commit did not bump the release from 87 to 88, so bump it
this time.

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-08-01 16:11:28 -06:00
Leo Sandoval
73fed98a8a grub.cfg: Fix rpm grub.cfg permission and verification issues 
Fix the rpm verificaton issues (see NOTE below) introduced in 2.06-83 [1].
On the other hand, 2.06-85 [2] introduced a change on grub2-mkconfig where
it prevents overwritting `${EFI_HOME}/grub.cfg` with side effects on the
`%posttrans` scriptlet, where it tries to recreate it in case this
file does not exist but due to [2] the `${EFI}/grub.cfg` file is never
created. Fix the `%posttrans` code with the logic but applied to
${GRUB_HOME}/grub.cfg. On the same scriplet, make sure
${EFI_HOME}/grub.cfg is present before grepping into it. The changes also
fix the issue reported on RHEL-45870 where now /boot/grub2/grub.cfg
conf file has the right permission (-rw-------).

NOTE: With 2.06-83 release, the grub.cfg configuration files regressed on
file's mode (M) verification

    [root@localhost ~]# rpm -Va
    S.5....T.  c /etc/ssh/sshd_config
    .M.......  c /boot/efi/EFI/redhat/grub.cfg
    .M.......  c /boot/grub2/grub.cfg

The following change fixes the issues above as seen in log

    [root@localhost ~]# rpm -Va
    S.5....T.  c /etc/ssh/sshd_config

[1] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=694ab652e3443719e3876e3d183e59b2f9e055fd
[2] https://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-9-main&id=0185426fb4d693307cda0c7740e9dcf9907cc146

Resolves: #RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-08-01 10:38:19 -06:00
Andrew Lukoshko
032b849f1c grub2-mkconfig: Simplify os_name detection 2024-07-31 16:56:13 +00:00
Nicolas Frayer
9ad3caa95f changelog: fix version for previous commit 
Related: #RHEL-4380
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-07-16 14:54:48 +02:00
Nicolas Frayer
d9c75f0368 chainloader: Remove unexpected "/EndEntire" 
Resolves: #RHEL-4380
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-07-16 13:51:45 +02:00
Nicolas Frayer
0185426fb4 grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub 
Resolves: #RHEL-32099
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-07-16 11:18:07 +02:00
Nicolas Frayer
9d1022b4b4 install/ppc64le: run grub2-mkconfig regardless of petitboot version 
Resolves: #RHEL-45161
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-07-11 13:11:46 +02:00
Leo Sandoval
694ab652e3 grub-mkconfig.in: turn off executable owner bit 
Resolves: RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
 2024-07-02 18:11:03 +02:00
Nicolas Frayer
038570df6f mkconfig/install: Remove BLS handling for XEN 
Resolves: #RHEL-4386
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-06-27 14:57:23 +02:00
Nicolas Frayer
f6a3fef432 grub.cfg: Fix an issue when doing a major version upgrade 
Resolves: #RHEL-45008
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-06-25 18:43:10 +02:00
Nicolas Frayer
9813a8aa32 spec: Added more code for the previous CVE fix 
Related: #RHEL-36249
Related: #RHEL-36186
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-05-28 15:17:32 +02:00
Nicolas Frayer
e4e452562c cmd/search: Rework of CVE-2023-4001 fix 
Resolves: #RHEL-36249
Resolves: #RHEL-36186
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-05-28 12:13:38 +02:00
Nicolas Frayer
6c0546793a util: grub-install on EFI if forced 
Resolves: #RHEL-20443
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-02-22 13:33:26 +01:00
Nicolas Frayer
dfbe55e237 kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes 
Resolves: #RHEL-26322
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-02-22 10:01:04 +01:00
Nicolas Frayer
50a93da15d fs/ntfs: OOB write fix 
(CVE-2023-4692)

Resolves: #RHEL-11567
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-02-20 12:40:47 +01:00
Nicolas Frayer
624933c2c9 grub-set-bootflag: Fix for CVE-2024-1048 
(CVE-2024-1048)

Resolves: #RHEL-20747
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-02-08 10:54:24 +01:00
Vitaly Kuznetsov
dc354eb1d9 Don't run 20-grub.install for UKIs 
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.

Resolves: #RHEL-21368
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-02-05 16:25:59 +01:00
Nicolas Frayer
af60250e69 search command: add flag to only search root dev 
Resolves: #RHEL-20526
Resolves: #2224953
Resolves: #CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-05 11:57:05 +01:00
Nicolas Frayer
490f527bca normal: Remove grub_env_set prefix in grub_try_normal_prefix 
Resolves: #RHEL-1601
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2024-01-04 16:55:36 +01:00
Nicolas Frayer
64902f6ea1 kern/ieee1275/init: ppc64: Restrict high memory in presence 
of fadump

Resolves: #RHEL-14282
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-10-19 18:30:12 +02:00
Nicolas Frayer
efe1183890 grub2-mkconfig: Pass all boot params when used by anaconda 
Resolves: #RHEL-2185
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-09-05 18:33:08 +02:00
Nicolas Frayer
6fc00a514b grub2-mkconfig: dont overwrite BLS cmdline if BLSCFG is true 
This is an updated version of commit 8378a93e60

Resolves: #2203203
Resolves: #2212320
Resolves: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-08-24 18:21:11 +02:00
Nicolas Frayer
0bfb1c72a4 Revert previous patch as it breaks install 
Related: #2203203
Related: #2212320
Related: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-08-02 16:40:00 +02:00
Nicolas Frayer
8378a93e60 grub2-mkconfig: don't overwrite BLS cmdline if BLSCFG is true 
Resolves: #2203203
Resolves: #2212320
Resolves: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-07-25 12:02:43 +02:00
Nicolas Frayer
5dc4855520 build with baseline ISA flags 
Resolves: #2215860
Signed-off-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-07-20 17:03:44 +02:00
Nicolas Frayer
baa6c11af8 efi/http: change uint32_t to uintn_t 
Resolves: #2207851
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-06-08 11:10:00 +02:00
Nicolas Frayer
8bb1eea054 kern/ieee1275/init: sync vec5 patchset with upstream 
Resolves: #2183939
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-06-01 09:29:57 +02:00
Nicolas Frayer
b9c80be152 util: Enable default kernel for updates 
Resolves: #2184069
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
 2023-05-30 18:10:51 +02:00
Javier Martinez Canillas
f2e9faa56a 20-grub-install: Explicitly check '+debug' suffix for debug kernels 
The kernel-install script is also used to install kernels when built from
source using the `make install` target.

And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.

This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.

But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.

Related: #2184069
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
 2023-05-30 18:09:45 +02:00
Robbie Harwood
05b99a3203 rpminspect: fix ignore syntax and migrate 
Resolves: #2026579
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-21 10:53:03 -05:00
Robbie Harwood
36401863be ppc64le sysfs and mm update 
Resolves: #2026579
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-20 17:22:34 +00:00
Robbie Harwood
611ca8bf3e rpminspect: add a reduced elf ignorelist 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-16 13:16:45 -05:00
Robbie Harwood
861fb30b3e Sync patches with Fedora 
Resolves: #2007427
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-16 09:51:24 -05:00
Robbie Harwood
5ad247ff66 ppc64le: sync cas/tpm patchset with upstream 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-08 20:08:58 +00:00
Robbie Harwood
d3f33bc682 rpminspect: ignore debuginfo 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-06 18:17:32 -05:00
Robbie Harwood
1149c5b9c8 ppc64le: cas5, take 3 
Resolves: #2153071
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-06 20:31:54 +00:00
Robbie Harwood
433335e50c Pull in allocator fixes from upstream 
Resolves: #2156419
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-02-01 19:51:45 +00:00
Robbie Harwood
501956fdc0 ppc64le: disable mdraid < 1.1 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-01-31 21:13:28 +00:00
Robbie Harwood
fcdb04c11c Fix grub-probe isuses in previous commit 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-01-27 20:52:00 +00:00
Robbie Harwood
9c7afa3d14 ppc64le: update signed media fixes 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-01-27 19:19:39 +00:00
Robbie Harwood
80718e98fa ppc64le: fix issues using core.elf on boot media 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2023-01-13 20:30:06 +00:00
Robbie Harwood
1395eb50d1 ppc64le: fix lpar cas5 
Resolves: #2153071
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2022-12-14 19:37:46 +00:00
Robbie Harwood
77d588fe51 Bless the ofnet module down in ppc64le 
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2022-11-21 20:24:50 +00:00
Robbie Harwood
3bdba954d6 Bump SBAT 
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2022-11-08 11:21:19 -05:00
Robbie Harwood
f2a26f5bbb Font CVE fixes 
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2022-11-03 19:34:00 +00:00
Robbie Harwood
525d9dc867 gating: re-enable all tests 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 2022-11-01 14:22:57 -04:00