Commit 3de3cfd0 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import grub2-2.02-90.el8

parent 465c8e37
......@@ -38,7 +38,7 @@ Aborted (core dumped)
$ wc -c env
0 grubenv
Resolves: rhbz#1836196
Resolves: rhbz#1761496
Reported-by: Renaud Métrich <rmetrich@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
......
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 11 Aug 2020 13:16:39 +0200
Subject: [PATCH] blscfg: Always look for BLS snippets in the root device
The blscfg command trying to load the BLS snippets from different devices
is a left over from when these where located in the ESP in the EFI case.
But now that are always located in the /boot directory, the BLS snippets
have to be loaded from the root device just like the other files that are
in the /boot directory (kernel and initrd images).
This only worked for legacy BIOS because the boot and root variables were
set to the same value. But doesn't work when trying to use a common GRUB
config file that could be shared between an EFI and legacy BIOS install.
That kind of configuration is needed for example on hybrid images that are
booted using either EFI or legacy BIOS firmwares.
Resolves: rhbz#1850193
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/commands/blscfg.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index c92e1c84543..70ce5c7bf6f 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -874,14 +874,12 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
#ifdef GRUB_MACHINE_EMU
devid = "host";
-#elif defined(GRUB_MACHINE_EFI)
+#else
devid = grub_env_get ("root");
-#else
- devid = grub_env_get ("boot");
#endif
if (!devid)
return grub_error (GRUB_ERR_FILE_NOT_FOUND,
- N_("variable `%s' isn't set"), "boot");
+ N_("variable `%s' isn't set"), "root");
grub_dprintf ("blscfg", "opening %s\n", devid);
dev = grub_device_open (devid);
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 11 Aug 2020 13:16:45 +0200
Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS
options field
If the BLS fragments don't have an options field or if this was set to an
environment variable that was not defined in the grubenv file, the blscfg
module searches for a default_kernelopts variable that is defined in the
grub.cfg file.
But the blscfg module shouldn't hardcode fallbacks variables and instead
this logic should be handled in the GRUB config file itself.
Also, add a comment explaining where the kernelopts variable is supposed
to be defined and what is the process for the user to change its value.
Resolves: rhbz#1850193
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub.d/10_linux.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 58d18504790..48857bb81d3 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -158,7 +158,17 @@ linux_entry ()
populate_header_warn
cat << EOF
-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
+# entries populated from BootLoaderSpec files that use this variable work correctly even
+# without a grubenv file, define a fallback kernelopts variable if this has not been set.
+#
+# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
+# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
+# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
+# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
+if [ -z "\${kernelopts}" ]; then
+ set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+fi
insmod blscfg
blscfg
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Mon, 24 Aug 2020 14:46:27 +0200
Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
packets
The block number is a 16-bit counter which only allows to fetch
files no bigger than 65535 * blksize. To avoid this limit, the
counter is rolled over. This behavior isn't defined in RFC 1350
but is handled by many TFTP servers and it's what GRUB was doing
before implicitly due an overflow.
Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
data packets anymore for files with size bigger than the maximum
mentioned above. Restore the old behavior to prevent this issue.
Resolves: rhbz#1871034
Suggested-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/net/tftp.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
index 2c52f692b25..4f38d7ef1f7 100644
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
return GRUB_ERR_NONE;
}
- /* Ack old/retransmitted block. */
- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
+ /*
+ * Ack old/retransmitted block.
+ *
+ * The block number is a 16-bit counter which only allows to fetch
+ * files no bigger than 65535 * blksize. To avoid this limit, the
+ * counter is rolled over. This behavior isn't defined in RFC 1350
+ * but is handled by many TFTP servers and it's what GRUB was doing
+ * before implicitly due an overflow.
+ *
+ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
+ * data packets anymore for files with size bigger than the maximum
+ * mentioned above. Restore the old behavior to prevent this issue.
+ */
+ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
ack (data, grub_be_to_cpu16 (tftph->u.data.block));
/* Ignore unexpected block. */
else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
......@@ -312,3 +312,6 @@ Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Patch0315: 0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch
Patch0316: 0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
Patch0317: 0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch
......@@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
Release: 87%{?dist}
Release: 90%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
......@@ -500,7 +500,31 @@ fi
%endif
%changelog
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 2.02-87
* Mon Aug 31 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-90
- Roll over TFTP block counter to prevent timeouts with data packets
Resolves: rhbz#1871034
* Fri Aug 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-89
- Fix TFTP timeouts when trying to fetch files larger than 65535 KiB
Resolves: rhbz#1871034
* Tue Aug 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-88
- Fix a legacy BIOS boot issue when a using config file shared with EFI
Resolves: rhbz#1850193
* Mon Jul 27 2020 Peter Jones <pjones@redhat.com> - 2.02-87
- Couple more late fixes.
Resolves: CVE-2020-15705
* Sun Jul 26 2020 Peter Jones <pjones@redhat.com> - 2.02-86
- Couple more late fixes.
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
Resolves: CVE-2020-14309
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
* Mon Jul 20 2020 Peter Jones <pjones@redhat.com> - 2.02-85
- Fix several CVEs
Resolves: CVE-2020-10713
Resolves: CVE-2020-14308
......@@ -508,9 +532,26 @@ fi
Resolves: CVE-2020-14310
Resolves: CVE-2020-14311
* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82.el8_2.1
* Tue May 19 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-84
- Add fixes for greenboot support
Resolves: rhbz#1832336
* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-83
- Fix a segfault in grub2-editenv when attempting to shrink a variable
Resolves: rhbz#1836196
Resolves: rhbz#1761496
* Mon Apr 27 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82
- Drop "Disable multiboot, multiboot2, and linux16 modules on EFI builds"
Resolves: rhbz#1779480
- efi/http: Export {fw,http}_path variables to make them global
Resolves: rhbz#1811561
- efi/http: Enclose literal IPv6 addresses in square brackets
- efi/net: Allow to specify a port number in addresses
- efi/ip4_config: Improve check to detect literal IPv6 addresses
- efi/net: Print a debug message if parsing the address fails
Resolves: rhbz#1811560
- Set image base address before jumping to the PE/COFF entry point
Resolves: rhbz#1819624
* Thu Dec 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-81
- Another fix for blscfg variable expansion support
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment