From eefaf6472169a60a118359d62f08d5862852eac4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 21 2020 23:28:36 +0000 Subject: import grub2-2.02-81.el8 --- diff --git a/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch new file mode 100644 index 0000000..2ea8828 --- /dev/null +++ b/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 19 Jun 2019 15:57:17 +0200 +Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a + Petitboot bug + +The GRUB menuentry command allows to separate the arguments for options +using either a '=' or a ' '. The latter is the convention used when the +menu entries are defined in the GRUB config file, but this is currently +not supported by Petitboot. + +So as a workaround define the menu entries using '--id=${bls}' instead. + +Resolves: rhbz#1721815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 175bedd0763..8e07a79322b 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch new file mode 100644 index 0000000..5b5ecdc --- /dev/null +++ b/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Mar 2019 16:34:42 +0100 +Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu + entries + +The generated menu entries have a --users $grub_users option but this will +fail on old versions of GRUB, since it expects the --users option argument +to either be a constant or a variable that has been set. + +The latest GRUB version fix this but the GRUB core isn't updated on a GRUB +package update, so this will cause the entries to not be shown in the menu +after a system upgrade. + +Since can cause issues and because the entries that weren't generated from +the BLS snippets didn't have the --users option either, just don't add it. + +Resolves: rhbz#1755815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8e07a79322b..855dbdd190b 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch new file mode 100644 index 0000000..e1fb2b5 --- /dev/null +++ b/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 13 Nov 2019 12:15:43 +0100 +Subject: [PATCH] grub-set-bootflag: Update comment about running as root + through pkexec + +We have stopped using pkexec for grub-set-bootflag, instead it is now +installed suid root, update the comment accordingly. + +Signed-off-by: Hans de Goede +--- + util/grub-set-bootflag.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index f8dc310909a..32f1c104a2b 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -18,7 +18,7 @@ + */ + + /* +- * NOTE this gets run by users as root (through pkexec), so this does not ++ * NOTE this gets run by users as root (its suid root), so this does not + * use any grub library / util functions to allow for easy auditing. + * The grub headers are only included to get certain defines. + */ diff --git a/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch new file mode 100644 index 0000000..32e07d5 --- /dev/null +++ b/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch @@ -0,0 +1,152 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 22 Nov 2019 11:54:27 +0100 +Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename + +Make the grubenv writing code in grub-set-bootflag more robust by +writing the modified grubenv to a tmpfile first and then renaming the +tmpfile over the old grubenv (following symlinks). + +Signed-off-by: Hans de Goede +--- + util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 78 insertions(+), 9 deletions(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index 32f1c104a2b..d3b80a0d204 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -26,7 +26,9 @@ + #include /* For *_DIR_NAME defines */ + #include + #include /* For GRUB_ENVBLK_DEFCFG define */ ++#include + #include ++#include + #include + #include + +@@ -52,8 +54,10 @@ int main(int argc, char *argv[]) + { + /* NOTE buf must be at least the longest bootflag length + 4 bytes */ + char env[GRUBENV_SIZE + 1], buf[64], *s; ++ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ ++ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; + const char *bootflag; +- int i, len, ret; ++ int i, fd, len, ret; + FILE *f; + + if (argc != 2) +@@ -75,7 +79,32 @@ int main(int argc, char *argv[]) + bootflag = bootflags[i]; + len = strlen (bootflag); + +- f = fopen (GRUBENV, "r"); ++ /* ++ * Really become root. setuid avoids an user killing us, possibly leaking ++ * the tmpfile. setgid avoids the new grubenv's gid being that of the user. ++ */ ++ ret = setuid(0); ++ if (ret) ++ { ++ perror ("Error setuid(0) failed"); ++ return 1; ++ } ++ ++ ret = setgid(0); ++ if (ret) ++ { ++ perror ("Error setgid(0) failed"); ++ return 1; ++ } ++ ++ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */ ++ if (!realpath(GRUBENV, env_filename)) ++ { ++ perror ("Error canonicalizing " GRUBENV " filename"); ++ return 1; ++ } ++ ++ f = fopen (env_filename, "r"); + if (!f) + { + perror ("Error opening " GRUBENV " for reading"); +@@ -129,30 +158,70 @@ int main(int argc, char *argv[]) + snprintf(buf, sizeof(buf), "%s=1\n", bootflag); + memcpy(s, buf, len + 3); + +- /* "r+", don't truncate so that the diskspace stays reserved */ +- f = fopen (GRUBENV, "r+"); ++ ++ /* ++ * Create a tempfile for writing the new env. Use the canonicalized filename ++ * for the template so that the tmpfile is in the same dir / on same fs. ++ */ ++ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); ++ fd = mkstemp(tmp_filename); ++ if (fd == -1) ++ { ++ perror ("Creating tmpfile failed"); ++ return 1; ++ } ++ ++ f = fdopen (fd, "w"); + if (!f) + { +- perror ("Error opening " GRUBENV " for writing"); ++ perror ("Error fdopen of tmpfile failed"); ++ unlink(tmp_filename); + return 1; + } + + ret = fwrite (env, 1, GRUBENV_SIZE, f); + if (ret != GRUBENV_SIZE) + { +- perror ("Error writing to " GRUBENV); ++ perror ("Error writing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + + ret = fflush (f); + if (ret) + { +- perror ("Error flushing " GRUBENV); ++ perror ("Error flushing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + +- fsync (fileno (f)); +- fclose (f); ++ ret = fsync (fileno (f)); ++ if (ret) ++ { ++ perror ("Error syncing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ ret = fclose (f); ++ if (ret) ++ { ++ perror ("Error closing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ /* ++ * And finally rename the tmpfile with the new env over the old env, the ++ * linux kernel guarantees that this is atomic (from a syscall pov). ++ */ ++ ret = rename(tmp_filename, env_filename); ++ if (ret) ++ { ++ perror ("Error renaming tmpfile to " GRUBENV " failed"); ++ unlink(tmp_filename); ++ return 1; ++ } + + return 0; + } diff --git a/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch new file mode 100644 index 0000000..fd71d99 --- /dev/null +++ b/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Nov 2019 13:23:59 +0100 +Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition + +The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8 +since in that case the grub_efi_status_t is a grub_int32_t typedef. This +leads to the following covscan warnings: + +grub-2.02/include/grub/dl.h:29: included_from: Included from here. +grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf' +grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=] +grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf' + +Related: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + include/grub/efi/api.h | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index b337e1a193d..6c440c61316 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t; + typedef grub_efi_intn_t grub_efi_status_t; + /* Make grub_efi_status_t reasonably printable. */ + #if GRUB_CPU_SIZEOF_VOID_P == 8 +-#define PRIxGRUB_EFI_STATUS "lx" +-#define PRIdGRUB_EFI_STATUS "ld" ++# if GRUB_CPU_SIZEOF_LONG == 8 ++# define PRIxGRUB_EFI_STATUS "lx" ++# define PRIdGRUB_EFI_STATUS "ld" ++# else ++# define PRIxGRUB_EFI_STATUS "llx" ++# define PRIdGRUB_EFI_STATUS "lld" ++# endif + #else +-#define PRIxGRUB_EFI_STATUS "llx" +-#define PRIdGRUB_EFI_STATUS "lld" ++# define PRIxGRUB_EFI_STATUS "x" ++# define PRIdGRUB_EFI_STATUS "d" + #endif + + #define GRUB_EFI_ERROR_CODE(value) \ diff --git a/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch new file mode 100644 index 0000000..45dd94b --- /dev/null +++ b/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 16 Oct 2019 15:32:04 +0200 +Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of + error + +If the calls to EFI services to do TPM measuraments fail, currently error +messages are printed. But this is not a fatal error and just pollutes the +output, so instead just print them as debug messages. + +Resolves: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++----------------------- + 1 file changed, 30 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +index 0d3ebe22e57..5dc90865242 100644 +--- a/grub-core/kern/efi/tpm.c ++++ b/grub-core/kern/efi/tpm.c +@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + } + } + ++static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status) ++{ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_IO; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_NOT_FOUND: ++ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ default: ++ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++} ++ + static grub_err_t + grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, +@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + (unsigned long) buf, (grub_uint64_t) size, + algorithm, event, &eventnum, &lastevent); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + static grub_err_t +@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf, + (grub_uint64_t) size, event); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + grub_err_t diff --git a/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch new file mode 100644 index 0000000..8044070 --- /dev/null +++ b/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paul Menzel +Date: Tue, 23 Oct 2018 15:00:13 +0200 +Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on + UEFI system +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On a UEFI system, were no boot entry *grub* is present, currently, +`grub-install` fails with an error. + + $ efibootmgr + BootCurrent: 0000 + Timeout: 0 seconds + BootOrder: 0001,0006,0003,0004,0005 + Boot0001 Diskette Drive + Boot0003* USB Storage Device + Boot0004* CD/DVD/CD-RW Drive + Boot0005 Onboard NIC + Boot0006* WDC WD2500AAKX-75U6AA0 + $ sudo grub-install /dev/sda + Installing for x86_64-efi platform. + grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020. + +The error code is always different, and the error message (incorrectly) +points to efibootmgr. + +But, the error is in GRUB’s function +`grub_install_remove_efi_entries_by_distributor()`, where the variable +`rc` for the return value, is uninitialized and never set, when no boot +entry for the distributor is found. + +The content of that uninitialized variable is then returned as the error +code of efibootmgr. + +Set the variable to 0, so that success is returned, when no entry needs +to be deleted. + +Tested on Dell OptiPlex 7010 with firmware A28. + + $ sudo ./grub-install /dev/sda + Installing for x86_64-efi platform. + Installation finished. No error reported. + +[1]: https://github.com/rhboot/efibootmgr/issues/100 + +Signed-off-by: Paul Menzel +Reviewed-by: Daniel Kiper +--- + grub-core/osdep/unix/platform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index ca448bc11a0..55b8f401624 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); + char *line = NULL; + size_t len = 0; +- int rc; ++ int rc = 0; + + if (!pid) + { diff --git a/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch new file mode 100644 index 0000000..80225c2 --- /dev/null +++ b/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] blscfg: add a space char when appending fields for variable + expansion + +The GRUB variables are expanded and replaced by their values before adding +menu entries, but they didn't include space characters after the values so +the result was not correct. + +For the common case this wasn't a problem but it is if there are variables +that are part of the values of other variables. + +Resolves: rhbz#1669252 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 11cc82b6f31..c92e1c84543 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) + + static char *field_append(bool is_var, char *buffer, char *start, char *end) + { +- char *temp = grub_strndup(start, end - start + 1); +- const char *field = temp; ++ char *tmp = grub_strndup(start, end - start + 1); ++ const char *field = tmp; ++ int term = is_var ? 2 : 1; + + if (is_var) { +- field = grub_env_get (temp); ++ field = grub_env_get (tmp); + if (!field) + return buffer; + } + +- if (!buffer) { +- buffer = grub_strdup(field); +- if (!buffer) +- return NULL; +- } else { +- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); +- if (!buffer) +- return NULL; ++ if (!buffer) ++ buffer = grub_zalloc (grub_strlen(field) + term); ++ else ++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term); + +- grub_stpcpy (buffer + grub_strlen(buffer), field); +- } ++ if (!buffer) ++ return NULL; ++ ++ tmp = buffer + grub_strlen(buffer); ++ tmp = grub_stpcpy (tmp, field); ++ ++ if (is_var) ++ tmp = grub_stpcpy (tmp, " "); + + return buffer; + } +@@ -646,6 +649,8 @@ static char *expand_val(char *value) + buffer = field_append(is_var, buffer, start, end); + is_var = false; + start = value; ++ if (*start == ' ') ++ start++; + } + } + diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 9462870..1e3705f 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -392,7 +392,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\ mdraid09 mdraid1x minicmd net \\\ normal part_apple part_msdos part_gpt \\\ password_pbkdf2 png reboot \\\ - search search_fs_uuid search_fs_file \\\ + regexp search search_fs_uuid search_fs_file \\\ search_label serial sleep syslinuxcfg test tftp \\\ video xfs" \ GRUB_MODULES+=%{platform_modules} \ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 8829464..ea7ecf6 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -261,3 +261,11 @@ Patch0260: 0260-Don-t-duplicate-net-name-string-if-not-needed.patch Patch0261: 0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch +Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch +Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch +Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch +Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch +Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch +Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch +Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 8f32032..844c1fc 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 74%{?dist} +Release: 81%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -25,7 +25,7 @@ Source8: strtoull_test.c Source9: 20-grub.install Source12: 99-grub-mkconfig.install Source13: securebootca.cer -#(source removed) +Source14: secureboot.cer %include %{SOURCE1} @@ -498,8 +498,35 @@ fi %endif %changelog -* Wed Jul 31 2019 CentOS Sources - 2.02-74.el8.centos -- Apply debranding changes +* Thu Dec 05 2019 Javier Martinez Canillas - 2.02-81 +- Another fix for blscfg variable expansion support + Related: rhbz#1669252 + +* Thu Nov 28 2019 Javier Martinez Canillas - 2.02-80 +- Fix PRIxGRUB_EFI_STATUS definition + Related: rhbz#1761811 +- TPM: Print messages if measuraments fail as debug instead of error + Resolves: rhbz#1761811 +- unix/platform: Initialize variable to fix grub-install on UEFI system + Resolves: rhbz#1768689 +- blscfg: add a space char when appending fields for variable expansion + Resolves: rhbz#1669252 + +* Fri Nov 22 2019 Javier Martinez Canillas - 2.02-79 +- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede) + Resolves: CVE-2019-14865 + +* Thu Sep 26 2019 Javier Martinez Canillas - 2.02-77 +- 10_linux_bls: don't add --users option to generated menu entries + Resolves: rhbz#1755815 + +* Fri Aug 09 2019 Javier Martinez Canillas - 2.02-76 +- Include regexp module in EFI builds + Resolves: rhbz#1737670 + +* Wed Jun 19 2019 Javier Martinez Canillas - 2.02-75 +- Fix setting default entry on ppc64le when using OPAL + Resolves: rhbz#1721815 * Tue Jun 04 2019 Sergio Durigan Junior - 2.02-74 - Use '-g' instead of '-g3' when compiling grub2.