From a374078d6951a592a47b4148db28b0d54d02412e Mon Sep 17 00:00:00 2001
From: rockyautomation <rockyautomation@rockylinux.org>
Date: Tue, 8 Aug 2023 19:22:27 +0000
Subject: [PATCH] import grub2-2.02-148.el8_8.1
---
.grub2.checksum | 1 +
.grub2.metadata | 12 +-
...uint32_t-to-uintn_t-for-grub_efi_htt.patch | 30 +++++
...ing-plain-numbers-to-constants-in-Ve.patch | 46 +++++++
...-extended-support-in-options-vector5.patch | 125 ++++++++++++++++++
SOURCES/grub.patches | 3 +
SOURCES/redhatsecureboot301.cer | Bin 839 -> 0 bytes
SOURCES/redhatsecureboot502.cer | Bin 964 -> 0 bytes
SOURCES/redhatsecureboot601.cer | Bin 916 -> 0 bytes
SOURCES/redhatsecureboot701.cer | Bin 916 -> 0 bytes
SOURCES/redhatsecurebootca3.cer | Bin 977 -> 0 bytes
SOURCES/redhatsecurebootca5.cer | Bin 920 -> 0 bytes
SPECS/grub2.spec | 8 +-
13 files changed, 220 insertions(+), 5 deletions(-)
create mode 100644 .grub2.checksum
create mode 100644 SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
create mode 100644 SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
create mode 100644 SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch
delete mode 100644 SOURCES/redhatsecureboot301.cer
delete mode 100644 SOURCES/redhatsecureboot502.cer
delete mode 100644 SOURCES/redhatsecureboot601.cer
delete mode 100644 SOURCES/redhatsecureboot701.cer
delete mode 100644 SOURCES/redhatsecurebootca3.cer
delete mode 100644 SOURCES/redhatsecurebootca5.cer
diff --git a/.grub2.checksum b/.grub2.checksum
new file mode 100644
index 0000000..37febd3
--- /dev/null
+++ b/.grub2.checksum
@@ -0,0 +1 @@
+f8f13ebd0564656ed6cee3cbe152952e083325c8b9201b5e87f6abad1c2fc3b3
diff --git a/.grub2.metadata b/.grub2.metadata
index 3bb3b94..1cf5135 100644
--- a/.grub2.metadata
+++ b/.grub2.metadata
@@ -1,3 +1,9 @@
-3d7eb6eaab28b88cb969ba9ab24af959f4d1b178 SOURCES/grub-2.02.tar.xz
-cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2
-87f8600ba24e521b5d20bdf6c4b71af8ae861e3a SOURCES/unifont-5.1.20080820.pcf.gz
+c6d43c94bcbc73c81df3026bc201a88886b8ceebe98188cdb69bdd61bd6be287 SOURCES/redhatsecureboot701.cer
+9996c73616ee42f13396c9abfb4b646b538c3c80940474b710afdbe53bf17d32 SOURCES/redhatsecurebootca3.cer
+810b3798d316394f94096ec2797909dbf23c858e48f7b3830826b8daa06b7b0f SOURCES/grub-2.02.tar.xz
+40175d4c7c5ab4bd753a493f47952f1d8dcf1c219b836968a693e48bd4766135 SOURCES/redhatsecurebootca5.cer
+1fddd06b4854598a18ff3742c472c6a5c609929ce1ab74ec9901812aaf30be02 SOURCES/theme.tar.bz2
+122b9c470f29b70223b0e07404a6dfa7f339fcfa6ae74c024f478945af7a9a63 SOURCES/unifont-5.1.20080820.pcf.gz
+224f7059328df355810fee105e79af2e9fc7e520504f9f545c08ca4e32e8c200 SOURCES/redhatsecureboot301.cer
+3f564ef41227562f9ea45c3fd8f96bea9ab8205247ef72dd025fdcd728373a00 SOURCES/redhatsecureboot502.cer
+8f435a96261e571ed557f9243e7fe7db5b93bc8f7eefcfc5b0c154d5d29292fb SOURCES/redhatsecureboot601.cer
diff --git a/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch b/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
new file mode 100644
index 0000000..65ac476
--- /dev/null
+++ b/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Matt Hsiao <matt.hsiao@hpe.com>
+Date: Mon, 24 Apr 2023 13:39:05 +0800
+Subject: [PATCH] efi/http: change uint32_t to uintn_t for
+ grub_efi_http_message_t
+
+Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to be UEFI 2.9 compliant.
+
+Signed-off-by: Matt Hsiao <matt.hsiao@hpe.com>
+Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
+---
+ include/grub/efi/http.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h
+index c5e9a89f5050..ad164ba1913d 100644
+--- a/include/grub/efi/http.h
++++ b/include/grub/efi/http.h
+@@ -171,9 +171,9 @@ typedef struct {
+ grub_efi_http_request_data_t *request;
+ grub_efi_http_response_data_t *response;
+ } data;
+- grub_efi_uint32_t header_count;
++ grub_efi_uintn_t header_count;
+ grub_efi_http_header_t *headers;
+- grub_efi_uint32_t body_length;
++ grub_efi_uintn_t body_length;
+ void *body;
+ } grub_efi_http_message_t;
+
diff --git a/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch b/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
new file mode 100644
index 0000000..ce3e113
--- /dev/null
+++ b/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
@@ -0,0 +1,46 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
+Date: Thu, 23 Mar 2023 08:16:25 -0400
+Subject: [PATCH] ieee1275 : Converting plain numbers to constants in Vec5
+
+This patch converts the plain numbers used in Vec5 properties to
+constants.
+
+1. LPAR : Client program supports logical partitioning and
+ associated hcall()s.
+2. SPLPAR : Client program supports the Shared
+ Processor LPAR Option.
+3. CMO : Enables the Cooperative Memory Over-commitment Option.
+4. MAX_CPU : Defines maximum number of CPUs supported.
+
+Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
+---
+ grub-core/kern/ieee1275/init.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
+index 3ea9b73b2a59..2516e02091cb 100644
+--- a/grub-core/kern/ieee1275/init.c
++++ b/grub-core/kern/ieee1275/init.c
+@@ -56,6 +56,12 @@ extern char _end[];
+ grub_addr_t grub_ieee1275_original_stack;
+ #endif
+
++#define LPAR 0x80
++#define SPLPAR 0x40
++#define BYTE2 (LPAR | SPLPAR)
++#define CMO 0x80
++#define MAX_CPU 256
++
+ void
+ grub_exit (int rc __attribute__((unused)))
+ {
+@@ -372,7 +378,7 @@ grub_ieee1275_ibm_cas (void)
+ .vec4 = 0x0001, // set required minimum capacity % to the lowest value
+ .vec5_size = 1 + sizeof(struct option_vector5) - 2,
+ .vec5 = {
+- 0, 192, 0, 128, 0, 0, 0, 0, 256
++ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
+ }
+ };
+
diff --git a/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch b/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch
new file mode 100644
index 0000000..48b224c
--- /dev/null
+++ b/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch
@@ -0,0 +1,125 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
+Date: Thu, 23 Mar 2023 08:33:12 -0400
+Subject: [PATCH] ieee1275 : extended support in options vector5
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch enables the multiple options in Options Vector5 which are
+required and solves the boot issue seen on some machines which are looking for these specific options.
+
+1. LPAR : Client program supports logical partitioning and
+ associated hcall()s.
+2. SPLPAR : Client program supports the Shared
+ Processor LPAR Option.
+3. DYN_RCON_MEM : Client program supports the
+ “ibm,dynamic-reconfiguration-memory†property and it may be
+ presented in the device tree.
+4. LARGE_PAGES : Client supports pages larger than 4 KB.
+5. DONATE_DCPU_CLS : Client supports donating dedicated processor cycles.
+6. PCI_EXP : Client supports PCI Express implementations
+ utilizing Message Signaled Interrupts (MSIs).
+
+7. CMOC : Enables the Cooperative Memory Over-commitment Option.
+8. EXT_CMO : Enables the Extended Cooperative Memory Over-commit
+ Option.
+
+9. ASSOC_REF : Enables “ibm,associativity†and
+ “ibm,associativity-reference-points†properties.
+10. AFFINITY : Enables Platform Resource Reassignment Notification.
+11. NUMA : Supports NUMA Distance Lookup Table Option.
+
+12. HOTPLUG_INTRPT : Supports Hotplug Interrupts.
+13. HPT_RESIZE : Enable Hash Page Table Resize Option.
+
+14. MAX_CPU : Defines maximum number of CPUs supported.
+
+15. PFO_HWRNG : Supports Random Number Generator.
+16. PFO_HW_COMP : Supports Compression Engine.
+17. PFO_ENCRYPT : Supports Encryption Engine.
+
+18. SUB_PROCESSORS : Supports Sub-Processors.
+
+19. DY_MEM_V2 : Client program supports the “ibm,dynamic-memory-v2†property in the
+ “ibm,dynamic-reconfiguration-memory†node and it may be presented in the device tree.
+20. DRC_INFO : Client program supports the “ibm,drc-info†property definition and it may be
+ presented in the device tree.
+
+Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
+---
+ grub-core/kern/ieee1275/init.c | 47 ++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 41 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
+index 2516e02091cb..1fae84440403 100644
+--- a/grub-core/kern/ieee1275/init.c
++++ b/grub-core/kern/ieee1275/init.c
+@@ -56,11 +56,41 @@ extern char _end[];
+ grub_addr_t grub_ieee1275_original_stack;
+ #endif
+
+-#define LPAR 0x80
+-#define SPLPAR 0x40
+-#define BYTE2 (LPAR | SPLPAR)
+-#define CMO 0x80
+-#define MAX_CPU 256
++/* Options vector5 properties */
++
++#define LPAR 0x80
++#define SPLPAR 0x40
++#define DYN_RCON_MEM 0x20
++#define LARGE_PAGES 0x10
++#define DONATE_DCPU_CLS 0x02
++#define PCI_EXP 0x01
++#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP)
++
++#define CMOC 0x80
++#define EXT_CMO 0x40
++#define CMO (CMOC | EXT_CMO)
++
++#define ASSOC_REF 0x80
++#define AFFINITY 0x40
++#define NUMA 0x20
++#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA)
++
++#define HOTPLUG_INTRPT 0x04
++#define HPT_RESIZE 0x01
++#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE)
++
++#define MAX_CPU 256
++
++#define PFO_HWRNG 0x80000000
++#define PFO_HW_COMP 0x40000000
++#define PFO_ENCRYPT 0x20000000
++#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT)
++
++#define SUB_PROCESSORS 1
++
++#define DY_MEM_V2 0x80
++#define DRC_INFO 0x40
++#define BYTE22 (DY_MEM_V2 | DRC_INFO)
+
+ void
+ grub_exit (int rc __attribute__((unused)))
+@@ -323,6 +353,11 @@ struct option_vector5 {
+ grub_uint8_t micro_checkpoint;
+ grub_uint8_t reserved0;
+ grub_uint32_t max_cpus;
++ grub_uint16_t base_PAPR;
++ grub_uint16_t mem_reference;
++ grub_uint32_t platform_facilities;
++ grub_uint8_t sub_processors;
++ grub_uint8_t byte22;
+ } __attribute__((packed));
+
+ struct pvr_entry {
+@@ -378,7 +413,7 @@ grub_ieee1275_ibm_cas (void)
+ .vec4 = 0x0001, // set required minimum capacity % to the lowest value
+ .vec5_size = 1 + sizeof(struct option_vector5) - 2,
+ .vec5 = {
+- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
++ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22
+ }
+ };
+
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
index 3eacbac..3bb7067 100644
--- a/SOURCES/grub.patches
+++ b/SOURCES/grub.patches
@@ -573,3 +573,6 @@ Patch0572: 0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
Patch0573: 0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Patch0574: 0574-Enable-TDX-measurement-to-RTMR-register.patch
Patch0575: 0575-Enable-shared-processor-mode-in-vector-5.patch
+Patch0576: 0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
+Patch0577: 0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
+Patch0578: 0578-ieee1275-extended-support-in-options-vector5.patch
diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
deleted file mode 100644
index 4ff8b79e6736e566dbf39603e0887a53345aa4e4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 839
zcmXqLVs<uYV$xo~%*4pV#L4h}zvyHQr&Ia{ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(A3<>AWEFq*xbO#zzobaj4}u^)G^S4Sf`BDy5h|A
zyv)3GQtWJER6_O@BP#=Q6C*!^K@%evQxhX2!zT5vqmx`?o`(oz{$eeCezR_cLPyl%
zHpef<Z?c)s9bV+G*2GY{zUlen&--<nt5(QI#He!|D#@MA6@S7f!DrgWI=@zC&C^a<
zS^NJVseCT_+kC+hmfzF#Tx_$BdDsQaxH<oTd&Lst*YdY!eYroouj_1-&+(6kqHpHi
znY}t@nRQ&w=1_h6OY<eQl|Q`<JrTM7n!i`t_o#KdW$w9@pD!~JJ80ql!v4;Yj`D4+
zCJ#<$T1i;hJiEmZa%<xJ%U=UFoRVA<Io&opOJuT!pLNleeH**jw6<(2uj!q8$Hi$^
z<>qUbuO&%O^nA}y6#9BjM%~U7Q(5kw6_YN1epR)|xb9Elg4_B`%!~|-ixmyz4P=2K
zFU!Xw#v&5#_@80Rp3FS`6#W&an$HJBb(91l2O=<O00WVcA<H>d+v%~@6}B_2%&Mg`
zDvt6_STWb-ZhXD^RgaJz3Cq5o4B43+oEZD&XVQnj{jXOGHfUJJB>qmC?A`ut>Ahpw
zdM-|DZzz7Yc^I3-u|J*vqdKqQ`kIF?LJd~2r8XOg&f%Z+Yj((@r{(*;Y?_w8rSDJJ
zntk_K74NJ(drfx5hIZaKImf>p{fSPd=}qfHlV8OA-0dHz$M#&#on!XF_3NjY{(Hxy
zbKN4k{8NvC{Y9;Yo!51>R!)l5n2-{5CgAUe(k!NLc|1u*B2w==ttY-NzWb+N=75O&
zzv2uf{%c3S9%5x`<-dQv`g=w9>l=;D-vz#WO}UeuefPU1`=|Tw9$I=mIi&>vg+x|L
diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer
deleted file mode 100644
index be0b5e211ccf8ad7ba74c88841c921cfdbad5a70..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 964
zcmXqLVm@Hd#I#}oGZP~d6DPygP|MB7r^(JU;AP{~YV&CO&dbQi&B|a9ZzyIU!p0oR
z!o|ZIl$xU8kyxUm;F*`KXQ*f(4-#kQk${RT1g9pK7NsgU<>!|uI6Eqs8Y&qmz)j<1
z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1gFf*_;G%zqQGL91GHMTG?G_-(n4bpHr
zK*K-{;sAMU4hYUn&&$k9S1>g&BFY_2j7rFUXJlnyZerwTFlb`rVrpV!WVlw+5~fxp
zlC4%={*<NvQsus-r~Yg1@p5qqe79!uk<)fOw;HVKIWJya>?v=&XRBAh?w3|ekJhoz
zKe*}Ss+-Dp3y#N}_#^e|W8doa9aT(wxO?y2p89Cbu3Q!=zP!k}$2XsU9VoV!m$7=u
zaXE&jl}!J>*zj`9usQhLT4_#)+wqRaoS&{Uz0p%LI=p$>w%yj@jOK-#m#OZnogtKa
zXx0-|7pa7a%Pt;nc|B=yqk7|#ij=DjlCF{bKHcw(tDZ=IoA@v;?(+N1K5vh6$0wbX
zowLen&AF!%E3#rkR^7F4a=E#$<Lte~;r6-RonPi2D4h6yj=rCI?f0!$LzQJ-3qP4|
zcsb2Co{5=}fpKw#L74#$Fw|v*85#exFc~ly@PT;zARY@d6MKV!7>KV5;`11Av2kd#
zF|x9<Gcy~=g2ee)#8^ZYxED2D?Ra@q|J(Po({}JK7pj{P3r<V2$}AEFVhti^@|Ql>
z$k^rSH+lBn4DN|8WwYk@BgYLeT>|5Vkzw{Ng<BH>ZMQ5DIkiD~`h}y9{<=D~#ILx2
z<i|-9w!N!%#admPn;Oaa^dKXfa;PP<#mXIDPKxSHZoFH(ZcE?=o#X7jLGH8j&MMv4
zek|8}`lJ3n-xq=#{eDgKyXxP$$z^u_-&+i-{^y#G)Y?p5DKcZVULmK^Y~$&2lQ)<g
zWUBly_fP9_rTDPTks+z7l}iGDnH+g_H;*q{maXmk9J{YdV%a`7Cb1`<c3o;UG2iuT
z;OtXrfpc69HdVi7U3z(mDCdEBS4}w9cRw@AdN_OA>!|e$CoGxy;)T!q_Y)P}vi)7|
puC*wrU@|^yJWH`pNJ3}E-0bhMGuf{5G|c)nwXm(hxVvuYUH~CAajXCU
diff --git a/SOURCES/redhatsecureboot601.cer b/SOURCES/redhatsecureboot601.cer
deleted file mode 100644
index c92b96b4e0d360b90333361ea61f565f196ea20e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 916
zcmXqLVxC~o#8k0>nTe5!iId^-97p53+3_w0ylk9WZ60mkc^MhGSs4u64HXUK*_cCF
zn0X|EQd1N>5=#_<Q<F=JQWc!?^Gg(*9Tm(Bl?)W%x;Podgo{&?6LV6FN*sz(Q!)}u
z^pf*)4dldmjSLNp3{4G<O)X6fqr`cQEes3|&7oWaKSK=zHHby>*enXpOwY^AOII)h
zY9hwICPpP>zc8{gFgG#sGZ-{6axpbAGBQki!xdZoCRX_S>dV}-BbKHWadCWS=ictf
zX!LID`KNZP*Y{*9L|<Gk!r8nosN0qMt=8J-5BS8F)UdvO(^wi?{A?-DrAkkZBRReX
zilHCg{uJ^pwEE1O*W0^-(WLv<9lJF9S97ADG8BKQ{@|Fb(A50whvmn+X&bUko@<Em
zF)r-3-u6J$U;FJFqYpB3V|)5_@2~DlUikM@o)!D5v+J#vELV|=uhrlAEt2VC%guj&
zNiQ;trx|**OcL1jd!`286otR+&$jt0ws!Q#H=p_?`g`rpx9{^fwtkR2X?-op#iKEO
zo7$64u4=o4R06_k{yJS;9`#L4Y(u1SZ1=}UM<YLZUNz=qVrFDuTwGyLX21gsby;CX
z#{Vo#1`Gy#ARa%6$HL6S-e4dG;;VxAJO*5B9NKJ*tgP(J%m%U`aXuC?77>}%3_emT
z=3e&*+PO}C!>cFT-x<CDrx{sg76}8f29Xz8GOKkwekPbL`cU0>Y3>#+jTtA9;|7?{
zfN{gfkisa`?6XkHTKh%6xuB-@a@A8u|2@AV?)Y1R|85iijb|M5C)`>v`vA}W<Uon^
z%+qX<>wb4kOkuKYkrH2^@l99De!}lh|79J&NCf?#_qJr(?s~t*IWParC|#~@c<c1d
zaO>mCKBc#uW$e87pz^*}ZFcLToW*~c?muOF`th~C<fVn4-;e#aGMV<!P3qyv+W!qJ
z7kg}t-kE*0y6MG)&gws#A6m5hanj0RSbD5k?}uo~riOa=eW}sgU!L4QMRke(zZ1_c
zANRK1HbuJP_QTC;kL-iDr#!s3>a6;MkH0u8E;ZRmJw4GFuw<f!riA3C9%b*}88=1j
Vi+z1RJ`H>Hdd(wk|9y*>0095ZYghmP
diff --git a/SOURCES/redhatsecureboot701.cer b/SOURCES/redhatsecureboot701.cer
deleted file mode 100644
index 25e3743e47c3c1f06da0124a1d99e99e4920f6e7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 916
zcmXqLVxC~o#8k0>nTe5!iId@pypfsK<ZNjJUN%mxHjlRNyo`+8tPBS3hKdIAY|No7
z%sdi7sVNE`i6sibsmY~9sR~Z{`6UX@jtb_6N(KsWU7U<!!o{h{i8-l7B@RWYDH(|+
zddc~@26E!OMn(o^1{Ov}rWU4_QR2MD76yif=1{JIpP`0<8pI-bY!(G)rsrkmr7M^N
zH4$T96QdHcUl>^#n41{+84Q{jxtN+585ynxiti9Hzr++{YFiX}{@nDZ%!WV8j3UD8
zZ+!lKjZO1y#-iirm+g-*`lJ<_aM|wiv%8TJnzQ!ssVaZm*kb4QPDg$M*B3_rD>p7%
z?kp3_`l%Ar=Hn_UygBpZEbi)Ej8jc|c~`Do@=M>(-s$x6M<p|AoHlHUd@3q)J0W<3
z@x6A}r!FPiZlp#mndq6t@&4V(bqDqf9xDEP@{+30^|UFx37XB<=U>`x*I82hq3^kj
zzuK$&zt%X$xEUWcHLYq&I>7dM`!bUmYMbq*C9;>wz4$bJrJ2L!EH9x2*$dfwGPGu!
z{Wi>7Cb@4_kMxc`jGwn$@9lan`0s9L(CJAVx;#y9x!n46o{5=}fpKw#L74#$Fw|v*
z85#exFc~ly@PT;zARY@d6MKV!7>KV5;`11Av2kd#F|x9<Gcy~=g2ee)#8^aF|27G2
zyLq`nd*><szu)(19b0$%4mi!oDziu!h&6~DaT4ag=M(TttZny)Og+0jDPM2fA;%3c
zodM&9ks++ETD5BXrl5B2+g4&9xJni7r8!M5n!@mFsc8kL;r{MzT;hp&9Twu(I&V!Y
zyJlso$$fLNPlZmmf7evyLgg){B3mMJu1$EpN1;?H;5fIO$La}<OiOD1zI)ZM^hUGT
zic?Aj`s;l!dR1%=J`~^BQuFjllgXmLOHZG+IrF^xoZ*U~8L3CK53p{ZQo6o#<ArJM
z*K1R1Q?yNIOw>z^TJke=Yf+TuQImK*!64p6$GYbw=2q@m%cdpg{kMBT+r(Ch*_zS5
zA5Nx}NPA6rc(7rbaoFblPiE%v-1)WHp{F9M%kPns%89$*zq+znD|%ZCrmwr|cKX<|
Tt1h>T)0Nk#SZ8pFAMXMHU|?Vk
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
deleted file mode 100644
index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 977
zcmXqLVm@oo#I$t*GZP~d6DPykKFO2}lmD>>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq
zXkz4IYGPz$nC+~<?2{)QQnbB!-tOilfvp!W+5DVoSG#L+<>vi6EDouC4!V-;tv&JA
zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV`
z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0-
zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK
z6&c%&T=rzVyKuJ1S>c?R<K#PxtGGq~?cMg~=gYe$SJ$!S^;`(O<ep~wX+Qso!rIJ(
zZL23GL@b?{ZqYAz@%i~&roT+gj0}v68`m2&t}&1W#<DCQix`WDgIJ50%Q>q?77kYS
zv==`X%}M<cV^9l{R%R(PC~3f|U}4}Ae=0{`6H>C|0a-81!fL?G$oL;QPJxLO7^jR3
zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g
zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L
z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<<d&TsQv+iB;vWxkm>i|1QMhsQHT
z<L>4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw>
zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6
NnfI|Q%N6m!6aeL$dME$@
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284954861282d1a0ce16c8c5cdc71c27659f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 920
zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k
zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW<?}
zm~e4wa$-(uQHeuQYDz|8iC%Jku7R95uaSX)nSrH&g`ugjS(G@hv4w%5p#_vndj~Wz
zDj|ECk(GhDiIJbdpox)-sfm%1;oPoQj^Z+n3p+UXFTAqySFqmPd3*j?Ys@hSTEP8<
zf#2*zv*WjwCq+F|Q?70*n-_6VPwv(E$rjn}*LF=h`h($l`O@&r`;HrrOo-N1I9RfZ
zxvgQ_lF0WfJ6z&|9Ilj$E@Ww)^ZxU(`JeguueG>6NxP$#b?ru1p1aqn$3D)YB{Qqo
zjCvjz?|=HkE#3AN-xTZpws*U~)f@D<hHx*rr)(NEvzYZp!}C-TDRu*$;<gRCi<g-#
z^KFcsxIBILE9>Z{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({
zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOF<JVRuW=00a#lZ%F2C~5TmgQp+V-Y!%
zzx26A#x764$+P!na8Gn8n>D{5oE&78StJa^8n7$i2k94PWc<&<YQPMnkb@nV)_}pz
z$RPVX&M7PHOp)E}n3L-lp9;}?o3i@APVs%}E9D|KM%wramRy`J6~x-Y+I90o>xr*#
z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx
zk5XXYstAL9d+iK-w@u$FES<YPN5Z<$i*sS8`10oxUvmRDUKTjPckPLhB$Kz)rb~A;
z7pqN`Wn_C2lv%-c*}%nRLuvV$khM?pl$8F*{-4ao^K*vP9Lw!IjTb)uU|-JJoj<4R
z;o3irGXj>ybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw}
Pd!}BnFF!b8N6JS4>O*3Z
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index ec803ee..a1b649f 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
-Release: 148%{?dist}.rocky.0.3
+Release: 148%{?dist}.1.rocky.0.3
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
@@ -508,7 +508,7 @@ fi
%endif
%changelog
-* Tue May 16 2023 Release Engineering <releng@rockylinux.org> - 2.02-148.rocky.0.3
+* Tue Aug 08 2023 Release Engineering <releng@rockylinux.org> - 2.02-148.rocky.0.3
- Removing redhat old cert sources entries (Sherif Nagy)
- Preserving rhel8 sbat entry based on shim-review feedback ticket no. 194
- Adding prod cert
@@ -517,6 +517,10 @@ fi
- Cleaning up grup.macro extra signing certs
- Adding Rocky testing CA, CERT and sbat files
+* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-148.el8_8.1
+- Sync with 8.9 (actually 2.02-150)
+- Resolves: #2207972
+
* Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
- ppc64le: cas5, take 3
- Resolves: #2139508
--
GitLab