From da16a774580887dcf56c496ff5895a2346e09eb5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 13 2020 18:28:24 +0000 Subject: import grub2-2.02-88.el8 --- diff --git a/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch new file mode 100644 index 0000000..e2e2e51 --- /dev/null +++ b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:39 +0200 +Subject: [PATCH] blscfg: Always look for BLS snippets in the root device + +The blscfg command trying to load the BLS snippets from different devices +is a left over from when these where located in the ESP in the EFI case. + +But now that are always located in the /boot directory, the BLS snippets +have to be loaded from the root device just like the other files that are +in the /boot directory (kernel and initrd images). + +This only worked for legacy BIOS because the boot and root variables were +set to the same value. But doesn't work when trying to use a common GRUB +config file that could be shared between an EFI and legacy BIOS install. + +That kind of configuration is needed for example on hybrid images that are +booted using either EFI or legacy BIOS firmwares. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c92e1c84543..70ce5c7bf6f 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -874,14 +874,12 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + + #ifdef GRUB_MACHINE_EMU + devid = "host"; +-#elif defined(GRUB_MACHINE_EFI) ++#else + devid = grub_env_get ("root"); +-#else +- devid = grub_env_get ("boot"); + #endif + if (!devid) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("variable `%s' isn't set"), "boot"); ++ N_("variable `%s' isn't set"), "root"); + + grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); diff --git a/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch new file mode 100644 index 0000000..30bbae3 --- /dev/null +++ b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:45 +0200 +Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS + options field + +If the BLS fragments don't have an options field or if this was set to an +environment variable that was not defined in the grubenv file, the blscfg +module searches for a default_kernelopts variable that is defined in the +grub.cfg file. + +But the blscfg module shouldn't hardcode fallbacks variables and instead +this logic should be handled in the GRUB config file itself. + +Also, add a comment explaining where the kernelopts variable is supposed +to be defined and what is the process for the user to change its value. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 58d18504790..48857bb81d3 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -158,7 +158,17 @@ linux_entry () + populate_header_warn + + cat << EOF +-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++# The kernelopts variable should be defined in the grubenv file. But to ensure that menu ++# entries populated from BootLoaderSpec files that use this variable work correctly even ++# without a grubenv file, define a fallback kernelopts variable if this has not been set. ++# ++# The kernelopts variable in the grubenv file can be modified using the grubby tool or by ++# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX ++# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both ++# the kernelopts variable in the grubenv file and the fallback kernelopts variable. ++if [ -z "\${kernelopts}" ]; then ++ set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++fi + + insmod blscfg + blscfg diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 681d33d..bc1c8c7 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -312,3 +312,5 @@ Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch +Patch0315: 0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch +Patch0316: 0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 170ee60..25f40f4 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 87%{?dist} +Release: 88%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -500,6 +500,10 @@ fi %endif %changelog +* Tue Aug 11 2020 Javier Martinez Canillas - 2.02-88 +- Fix a legacy BIOS boot issue when a using config file shared with EFI + Resolves: rhbz#1850193 + * Mon Jul 27 2020 Peter Jones - 2.02-87 - Couple more late fixes. Resolves: CVE-2020-15705