Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
staging
rpms
grub2
Commits
3de3cfd0
Commit
3de3cfd0
authored
Feb 22, 2021
by
Rocky Automation
📺
Browse files
import grub2-2.02-90.el8
parent
465c8e37
Changes
6
Hide whitespace changes
Inline
Side-by-side
SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
View file @
3de3cfd0
...
...
@@ -38,7 +38,7 @@ Aborted (core dumped)
$ wc -c env
0 grubenv
Resolves: rhbz#1
83
6196
Resolves: rhbz#1
7
61
4
96
Reported-by: Renaud Métrich <rmetrich@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
...
...
SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch
0 → 100644
View file @
3de3cfd0
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 11 Aug 2020 13:16:39 +0200
Subject: [PATCH] blscfg: Always look for BLS snippets in the root device
The blscfg command trying to load the BLS snippets from different devices
is a left over from when these where located in the ESP in the EFI case.
But now that are always located in the /boot directory, the BLS snippets
have to be loaded from the root device just like the other files that are
in the /boot directory (kernel and initrd images).
This only worked for legacy BIOS because the boot and root variables were
set to the same value. But doesn't work when trying to use a common GRUB
config file that could be shared between an EFI and legacy BIOS install.
That kind of configuration is needed for example on hybrid images that are
booted using either EFI or legacy BIOS firmwares.
Resolves: rhbz#1850193
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/commands/blscfg.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index c92e1c84543..70ce5c7bf6f 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -874,14 +874,12 @@
grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
#ifdef GRUB_MACHINE_EMU
devid = "host";
-#elif defined(GRUB_MACHINE_EFI)
+#else
devid = grub_env_get ("root");
-#else
- devid = grub_env_get ("boot");
#endif
if (!devid)
return grub_error (GRUB_ERR_FILE_NOT_FOUND,
- N_("variable `%s' isn't set"), "boot");
+ N_("variable `%s' isn't set"), "root");
grub_dprintf ("blscfg", "opening %s\n", devid);
dev = grub_device_open (devid);
SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
0 → 100644
View file @
3de3cfd0
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 11 Aug 2020 13:16:45 +0200
Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS
options field
If the BLS fragments don't have an options field or if this was set to an
environment variable that was not defined in the grubenv file, the blscfg
module searches for a default_kernelopts variable that is defined in the
grub.cfg file.
But the blscfg module shouldn't hardcode fallbacks variables and instead
this logic should be handled in the GRUB config file itself.
Also, add a comment explaining where the kernelopts variable is supposed
to be defined and what is the process for the user to change its value.
Resolves: rhbz#1850193
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub.d/10_linux.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 58d18504790..48857bb81d3 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -158,7 +158,17 @@
linux_entry ()
populate_header_warn
cat << EOF
-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
+# entries populated from BootLoaderSpec files that use this variable work correctly even
+# without a grubenv file, define a fallback kernelopts variable if this has not been set.
+#
+# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
+# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
+# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
+# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
+if [ -z "\${kernelopts}" ]; then
+ set kernelopts="root=${linux_root_device_thisversion} ro ${args}"
+fi
insmod blscfg
blscfg
SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch
0 → 100644
View file @
3de3cfd0
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Mon, 24 Aug 2020 14:46:27 +0200
Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
packets
The block number is a 16-bit counter which only allows to fetch
files no bigger than 65535 * blksize. To avoid this limit, the
counter is rolled over. This behavior isn't defined in RFC 1350
but is handled by many TFTP servers and it's what GRUB was doing
before implicitly due an overflow.
Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
data packets anymore for files with size bigger than the maximum
mentioned above. Restore the old behavior to prevent this issue.
Resolves: rhbz#1871034
Suggested-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/net/tftp.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
index 2c52f692b25..4f38d7ef1f7 100644
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@@ -183,8 +183,20 @@
tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
return GRUB_ERR_NONE;
}
- /* Ack old/retransmitted block. */
- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
+ /*
+ * Ack old/retransmitted block.
+ *
+ * The block number is a 16-bit counter which only allows to fetch
+ * files no bigger than 65535 * blksize. To avoid this limit, the
+ * counter is rolled over. This behavior isn't defined in RFC 1350
+ * but is handled by many TFTP servers and it's what GRUB was doing
+ * before implicitly due an overflow.
+ *
+ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
+ * data packets anymore for files with size bigger than the maximum
+ * mentioned above. Restore the old behavior to prevent this issue.
+ */
+ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
ack (data, grub_be_to_cpu16 (tftph->u.data.block));
/* Ignore unexpected block. */
else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
SOURCES/grub.patches
View file @
3de3cfd0
...
...
@@ -312,3 +312,6 @@ Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch
Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Patch0315: 0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch
Patch0316: 0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
Patch0317: 0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch
SPECS/grub2.spec
View file @
3de3cfd0
...
...
@@ -7,7 +7,7 @@
Name
:
grub2
Epoch
:
1
Version
:
2.02
Release
:
87
%{?
dist
}
Release
:
90
%{?
dist
}
Summary
:
Bootloader
with
support
for
Linux
,
Multiboot
and
more
Group
:
System
Environment
/
Base
License
:
GPLv3
+
...
...
@@ -500,7 +500,31 @@ fi
%
endif
%
changelog
*
Tue
Jul
28
2020
Peter
Jones
<
pjones
@
redhat
.
com
>
-
2.02
-
87
*
Mon
Aug
31
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
90
-
Roll
over
TFTP
block
counter
to
prevent
timeouts
with
data
packets
Resolves
:
rhbz
#
1871034
*
Fri
Aug
21
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
89
-
Fix
TFTP
timeouts
when
trying
to
fetch
files
larger
than
65535
KiB
Resolves
:
rhbz
#
1871034
*
Tue
Aug
11
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
88
-
Fix
a
legacy
BIOS
boot
issue
when
a
using
config
file
shared
with
EFI
Resolves
:
rhbz
#
1850193
*
Mon
Jul
27
2020
Peter
Jones
<
pjones
@
redhat
.
com
>
-
2.02
-
87
-
Couple
more
late
fixes
.
Resolves
:
CVE
-
2020
-
15705
*
Sun
Jul
26
2020
Peter
Jones
<
pjones
@
redhat
.
com
>
-
2.02
-
86
-
Couple
more
late
fixes
.
Resolves
:
CVE
-
2020
-
10713
Resolves
:
CVE
-
2020
-
14308
Resolves
:
CVE
-
2020
-
14309
Resolves
:
CVE
-
2020
-
14310
Resolves
:
CVE
-
2020
-
14311
*
Mon
Jul
20
2020
Peter
Jones
<
pjones
@
redhat
.
com
>
-
2.02
-
85
-
Fix
several
CVEs
Resolves
:
CVE
-
2020
-
10713
Resolves
:
CVE
-
2020
-
14308
...
...
@@ -508,9 +532,26 @@ fi
Resolves
:
CVE
-
2020
-
14310
Resolves
:
CVE
-
2020
-
14311
*
Mon
May
18
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
82.
el8_2
.1
*
Tue
May
19
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
84
-
Add
fixes
for
greenboot
support
Resolves
:
rhbz
#
1832336
*
Mon
May
18
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
83
-
Fix
a
segfault
in
grub2
-
editenv
when
attempting
to
shrink
a
variable
Resolves
:
rhbz
#
1836196
Resolves
:
rhbz
#
1761496
*
Mon
Apr
27
2020
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
82
-
Drop
"Disable multiboot, multiboot2, and linux16 modules on EFI builds"
Resolves
:
rhbz
#
1779480
-
efi
/
http
:
Export
{
fw
,
http
}
_path
variables
to
make
them
global
Resolves
:
rhbz
#
1811561
-
efi
/
http
:
Enclose
literal
IPv6
addresses
in
square
brackets
-
efi
/
net
:
Allow
to
specify
a
port
number
in
addresses
-
efi
/
ip4_config
:
Improve
check
to
detect
literal
IPv6
addresses
-
efi
/
net
:
Print
a
debug
message
if
parsing
the
address
fails
Resolves
:
rhbz
#
1811560
-
Set
image
base
address
before
jumping
to
the
PE
/
COFF
entry
point
Resolves
:
rhbz
#
1819624
*
Thu
Dec
05
2019
Javier
Martinez
Canillas
<
javierm
@
redhat
.
com
>
-
2.02
-
81
-
Another
fix
for
blscfg
variable
expansion
support
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment