Commit Graph

86 Commits

Author SHA1 Message Date
Nicolas Frayer
9d1022b4b4 install/ppc64le: run grub2-mkconfig regardless of petitboot version
Resolves: #RHEL-45161
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-11 13:11:46 +02:00
Leo Sandoval
694ab652e3 grub-mkconfig.in: turn off executable owner bit
Resolves: RHEL-45870
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-07-02 18:11:03 +02:00
Nicolas Frayer
038570df6f mkconfig/install: Remove BLS handling for XEN
Resolves: #RHEL-4386
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-27 14:57:23 +02:00
Nicolas Frayer
f6a3fef432 grub.cfg: Fix an issue when doing a major version upgrade
Resolves: #RHEL-45008
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-06-25 18:43:10 +02:00
Nicolas Frayer
9813a8aa32 spec: Added more code for the previous CVE fix
Related: #RHEL-36249
Related: #RHEL-36186
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-05-28 15:17:32 +02:00
Nicolas Frayer
e4e452562c cmd/search: Rework of CVE-2023-4001 fix
Resolves: #RHEL-36249
Resolves: #RHEL-36186
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-05-28 12:13:38 +02:00
Nicolas Frayer
6c0546793a util: grub-install on EFI if forced
Resolves: #RHEL-20443
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-22 13:33:26 +01:00
Nicolas Frayer
dfbe55e237 kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes
Resolves: #RHEL-26322
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-22 10:01:04 +01:00
Nicolas Frayer
50a93da15d fs/ntfs: OOB write fix
(CVE-2023-4692)

Resolves: #RHEL-11567
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-20 12:40:47 +01:00
Nicolas Frayer
624933c2c9 grub-set-bootflag: Fix for CVE-2024-1048
(CVE-2024-1048)

Resolves: #RHEL-20747
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-08 10:54:24 +01:00
Vitaly Kuznetsov
dc354eb1d9 Don't run 20-grub.install for UKIs
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.

Resolves: #RHEL-21368
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-05 16:25:59 +01:00
Nicolas Frayer
af60250e69 search command: add flag to only search root dev
Resolves: #RHEL-20526
Resolves: #2224953
Resolves: #CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-05 11:57:05 +01:00
Nicolas Frayer
490f527bca normal: Remove grub_env_set prefix in grub_try_normal_prefix
Resolves: #RHEL-1601
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-04 16:55:36 +01:00
Nicolas Frayer
64902f6ea1 kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump

Resolves: #RHEL-14282
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-19 18:30:12 +02:00
Nicolas Frayer
efe1183890 grub2-mkconfig: Pass all boot params when used by anaconda
Resolves: #RHEL-2185
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-05 18:33:08 +02:00
Nicolas Frayer
6fc00a514b grub2-mkconfig: dont overwrite BLS cmdline if BLSCFG is true
This is an updated version of commit 8378a93e60

Resolves: #2203203
Resolves: #2212320
Resolves: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-24 18:21:11 +02:00
Nicolas Frayer
0bfb1c72a4 Revert previous patch as it breaks install
Related: #2203203
Related: #2212320
Related: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-02 16:40:00 +02:00
Nicolas Frayer
8378a93e60 grub2-mkconfig: don't overwrite BLS cmdline if BLSCFG is true
Resolves: #2203203
Resolves: #2212320
Resolves: #2221543
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-07-25 12:02:43 +02:00
Nicolas Frayer
5dc4855520 build with baseline ISA flags
Resolves: #2215860
Signed-off-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-07-20 17:03:44 +02:00
Nicolas Frayer
baa6c11af8 efi/http: change uint32_t to uintn_t
Resolves: #2207851
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-06-08 11:10:00 +02:00
Nicolas Frayer
8bb1eea054 kern/ieee1275/init: sync vec5 patchset with upstream
Resolves: #2183939
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-06-01 09:29:57 +02:00
Nicolas Frayer
b9c80be152 util: Enable default kernel for updates
Resolves: #2184069
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-05-30 18:10:51 +02:00
Javier Martinez Canillas
f2e9faa56a 20-grub-install: Explicitly check '+debug' suffix for debug kernels
The kernel-install script is also used to install kernels when built from
source using the `make install` target.

And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.

This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.

But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.

Related: #2184069
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2023-05-30 18:09:45 +02:00
Robbie Harwood
36401863be ppc64le sysfs and mm update
Resolves: #2026579
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 17:22:34 +00:00
Robbie Harwood
861fb30b3e Sync patches with Fedora
Resolves: #2007427
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 09:51:24 -05:00
Robbie Harwood
5ad247ff66 ppc64le: sync cas/tpm patchset with upstream
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:08:58 +00:00
Robbie Harwood
1149c5b9c8 ppc64le: cas5, take 3
Resolves: #2153071
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:31:54 +00:00
Robbie Harwood
433335e50c Pull in allocator fixes from upstream
Resolves: #2156419
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-01 19:51:45 +00:00
Robbie Harwood
501956fdc0 ppc64le: disable mdraid < 1.1
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-31 21:13:28 +00:00
Robbie Harwood
fcdb04c11c Fix grub-probe isuses in previous commit
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 20:52:00 +00:00
Robbie Harwood
9c7afa3d14 ppc64le: update signed media fixes
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 19:19:39 +00:00
Robbie Harwood
80718e98fa ppc64le: fix issues using core.elf on boot media
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:30:06 +00:00
Robbie Harwood
1395eb50d1 ppc64le: fix lpar cas5
Resolves: #2153071
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:37:46 +00:00
Robbie Harwood
77d588fe51 Bless the ofnet module down in ppc64le
Resolves: #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-21 20:24:50 +00:00
Robbie Harwood
3bdba954d6 Bump SBAT
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:21:19 -05:00
Robbie Harwood
f2a26f5bbb Font CVE fixes
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-03 19:34:00 +00:00
Robbie Harwood
f6015fa651 TDX measurement to RTMR
Resolves: #1981487
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 13:06:11 -04:00
Robbie Harwood
1db6b68958 x86-efi: Fix an incorrect array size in kernel allocation
Resolves: #2031289
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 19:44:29 +00:00
Robbie Harwood
c1ebf6e8ba Sync /etc/kernel/cmdline generation with 2.06-52.fc38
Resolves: #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 17:31:05 +00:00
Robbie Harwood
5af1faa717 ieee1275: implement vec5 for cas negotiation
Resolves: #2121192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 15:41:57 +00:00
Robbie Harwood
d449759abf Skip rpm mtime verification on likely-vfat filesystems
Resolves: #2047979
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 21:04:30 +00:00
Robbie Harwood
b3aed40f50 Generate BLS snippets during mkconfig
Resolves: #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-11 16:26:51 +00:00
Robbie Harwood
8f1a5b9955 Rest of kernel allocator fixups
Resolves: #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 14:42:02 +00:00
Robbie Harwood
217d6ad6ef Kernel allocator fixups
Resolves: #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 13:48:57 +00:00
Robbie Harwood
d938855e21 Rebuild against new ppc64le key
Resolves: #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:44:56 +00:00
Robbie Harwood
836032bc4e Rebuild against new ppc64le key
Resolves: #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:03:10 +00:00
Robbie Harwood
49f16a61fd Bump release
Resolves: #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 19:08:57 -04:00
Robbie Harwood
d1284519d3 Bless the TPM module on ppc64le
Resolves: #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 22:48:20 +00:00
Robbie Harwood
42b3050a74 CVE fixes for 2022-05-24
CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Resolves: #2070688

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 14:09:47 -04:00
Robbie Harwood
1b83bb93b8 ppc64le: make ofdisk_retries optional
Resolves: #2070725
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-17 16:54:01 +00:00