diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/0291-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SOURCES/0291-efi-http-Export-fw-http-_path-variables-to-make-them.patch index 8095fd1..e1fad33 100644 --- a/SOURCES/0291-efi-http-Export-fw-http-_path-variables-to-make-them.patch +++ b/SOURCES/0291-efi-http-Export-fw-http-_path-variables-to-make-them.patch @@ -17,6 +17,8 @@ so are only found in the initial context. This can cause commands like configfile that create a new context to fail because the fw_path and http_path variables will not be found. +Resolves: rhbz#1616395 + Signed-off-by: Javier Martinez Canillas --- grub-core/kern/main.c | 1 + diff --git a/SOURCES/0292-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SOURCES/0292-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch index b83d6e3..aa51d9a 100644 --- a/SOURCES/0292-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch +++ b/SOURCES/0292-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch @@ -36,6 +36,8 @@ ETag: "206-59f924b24b1da" Accept-Ranges: bytes Content-Length: 518 +Resolves: rhbz#1732765 + Signed-off-by: Javier Martinez Canillas --- grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++--------- diff --git a/SOURCES/0293-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SOURCES/0293-efi-net-Allow-to-specify-a-port-number-in-addresses.patch index 28c54d5..9c20c5e 100644 --- a/SOURCES/0293-efi-net-Allow-to-specify-a-port-number-in-addresses.patch +++ b/SOURCES/0293-efi-net-Allow-to-specify-a-port-number-in-addresses.patch @@ -17,6 +17,8 @@ error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080' error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080' +Resolves: rhbz#1732765 + Signed-off-by: Javier Martinez Canillas --- grub-core/net/efi/net.c | 4 ++-- diff --git a/SOURCES/0294-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SOURCES/0294-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch index 1808a93..f0a71e7 100644 --- a/SOURCES/0294-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch +++ b/SOURCES/0294-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch @@ -13,6 +13,8 @@ the following error message: error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1' +Resolves: rhbz#1732765 + Signed-off-by: Javier Martinez Canillas --- grub-core/net/efi/ip4_config.c | 13 ++++++++++++- diff --git a/SOURCES/0295-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SOURCES/0295-efi-net-Print-a-debug-message-if-parsing-the-address.patch index 5893e7e..8bcb8f8 100644 --- a/SOURCES/0295-efi-net-Print-a-debug-message-if-parsing-the-address.patch +++ b/SOURCES/0295-efi-net-Print-a-debug-message-if-parsing-the-address.patch @@ -15,6 +15,8 @@ just print a debug message if the address is not parsed correctly. A user can enable debug messages for the efinet driver to have information about the failure and the fact that the default interface is being used. +Related: rhbz#1732765 + Signed-off-by: Javier Martinez Canillas --- grub-core/net/efi/net.c | 18 +++++++++++------- diff --git a/SOURCES/0335-tftp-roll-over-block-counter-to-prevent-timeouts-with.patch b/SOURCES/0335-tftp-roll-over-block-counter-to-prevent-timeouts-with.patch new file mode 100644 index 0000000..cbff5b2 --- /dev/null +++ b/SOURCES/0335-tftp-roll-over-block-counter-to-prevent-timeouts-with.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 24 Aug 2020 14:46:27 +0200 +Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data + packets + +The block number is a 16-bit counter which only allows to fetch +files no bigger than 65535 * blksize. To avoid this limit, the +counter is rolled over. This behavior isn't defined in RFC 1350 +but is handled by many TFTP servers and it's what GRUB was doing +before implicitly due an overflow. + +Fixing that bug led to TFTP timeouts, since GRUB wasn't acking +data packets anymore for files with size bigger than the maximum +mentioned above. Restore the old behavior to prevent this issue. + +Resolves: rhbz#1869987 + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/tftp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 79c16f9b041..84162e6f1bd 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter which only allows to fetch ++ * files no bigger than 65535 * blksize. To avoid this limit, the ++ * counter is rolled over. This behavior isn't defined in RFC 1350 ++ * but is handled by many TFTP servers and it's what GRUB was doing ++ * before implicitly due an overflow. ++ * ++ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking ++ * data packets anymore for files with size bigger than the maximum ++ * mentioned above. Restore the old behavior to prevent this issue. ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu)) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ + else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 9d0ffd1..b523951 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -332,3 +332,4 @@ Patch0331: 0331-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch Patch0332: 0332-linux-loader-avoid-overflow-on-initrd-size-calculati.patch Patch0333: 0333-linuxefi-fail-kernel-validation-without-shim-protoco.patch Patch0334: 0334-linux-Fix-integer-overflows-in-initrd-size-handling.patch +Patch0335: 0335-tftp-roll-over-block-counter-to-prevent-timeouts-with.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index f198c72..a71ec6b 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -6,7 +6,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 0.86%{?dist}%{?buildid} +Release: 0.87%{?dist}%{?buildid} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -466,7 +466,32 @@ fi %endif %changelog -* Tue Jul 28 2020 Peter Jones - 2.02-0.86 +* Mon Aug 24 2020 Javier Martinez Canillas - 2.02-0.87 +- Fix TFTP timeouts when trying to fetch files larger than 65535 KiB + Resolves: rhbz#1869987 + +* Mon Jul 27 2020 Peter Jones - 2.02-0.86 +- Fix a mis-merge + Related: CVE-2020-15705 + +* Mon Jul 27 2020 Peter Jones - 2.02-0.85 +- Couple more late fixes. + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 + Resolves: CVE-2020-15705 + +* Sun Jul 26 2020 Peter Jones - 2.02-0.84 +- Couple more late fixes. + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 + +* Mon Jul 20 2020 Peter Jones - 2.02-0.83 - Fix several CVEs: Resolves: CVE-2020-10713 Resolves: CVE-2020-14308 @@ -477,10 +502,12 @@ fi * Mon Mar 23 2020 Javier Martinez Canillas - 2.02-0.82 - Prepend prefix when HTTP path is relative - efi/http: Export {fw,http}_path variables to make them global + Resolves: rhbz#1616395 - efi/http: Enclose literal IPv6 addresses in square brackets - efi/net: Allow to specify a port number in addresses - efi/ip4_config: Improve check to detect literal IPv6 addresses - efi/net: Print a debug message if parsing the address fails + Resolves: rhbz#1732765 * Fri Sep 13 2019 Javier Martinez Canillas - 2.02-0.81 - Only make grub2-tools Obsoletes and Provides grub2-tools-efi for x86_64