Commit Graph

630 Commits

Author SHA1 Message Date
Nicolas Frayer
0a3394ca4b cmd/search: Fix a possible NULL ptr dereference
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-10-23 12:15:08 +02:00
Nicolas Frayer
7b0d0e6fb5 acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
Resolves: #2317048
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-10-17 09:29:05 +02:00
Nicolas Frayer
e42444fde3 Stop grub.efi from always printing "dynamic_load_symbols %p\n" during boot
Resolves: #2316279
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-10-03 15:10:19 +02:00
Nicolas Frayer
d0e3049f97 NX: efi/loader, add a call to grub_efi_check_nx_required()
nx_required was initialized to 0 but was never assigned
a value. Call grub_efi_check_nx_required() to solve this.

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-25 17:25:18 +02:00
Nicolas Frayer
19dcf163e6 aarch64/macros: Build gnulib with -mbranch-protection=standard
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-09-17 20:14:15 +02:00
Leo Sandoval
3a9809b30e load EFI commands inside test expressions
Resolves: #2305291
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-09-05 12:37:59 -06:00
Leo Sandoval
e3f47a4834 Fix netbooting regressions introduced at 2.12-1
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-08-29 12:22:20 -06:00
Peter Robinson
863039eee2 Build using fuse3 2024-08-08 13:08:37 +01:00
Leo Sandoval
5c315b462c Remove 'efi: Use shim's loader protocol for EFI image verification'
Although this patch is correct and at some point it will be
re-introduced, currently shim does not support the loader protocol so
drop it in the meanwhile.

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-08-06 14:30:42 -06:00
Nicolas Frayer
dd5f2023b0 mkconfig: More hardening to prevent overwriting grub cfg stub
Simplified os detection and remove mountpoint to accommodate
hybrid VMs

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-06 12:39:13 +02:00
Leo Sandoval
ab7ed2db6e Rebased to release grub2-2.12 for fedora-41
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-08-05 19:08:59 -06:00
Leo Sandoval
f9093b2645 grub2.spec: Conditionally set grub config stub to 0600 mode
When upgrading from <=2.06-126 to newer versions, the grub config stub
may have different mode than 0600, so set the latter if this is the case.

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-08-02 11:34:29 -06:00
Leo Sandoval
7b5da77f73 grub.cfg: Fix rpm grub.cfg verification issues
Fix the rpm verificaton issues (see below) introduced in 2.06.123 [1].
On the other hand, 2.06.125 [2] introduced a change on grub2-mkconfig where
it prevents overwritting {EFI_HOME}/grub.cfg with side effects on the
%posttrans spec script, where it tries to recreate it in case this
file does not exist but due to [2] the {EFI}/grub.cfg file is never
created. Fix the %posttrans code with the logic but applied to
{GRUB_HOME}/grub.cfg.

Issue detected on RHEL CI but also reproduced on fedora since
2.06.123, where this change fixes it.

    $ rpm -Vqa
    .
    .
    .M.......  c /boot/grub2/grub.cfg
    .M.......  c /boot/efi/EFI/fedora/grub.cfg
    .M.......  c /boot/grub2/grub.cfg
    .M.......  c /boot/efi/EFI/fedora/grub.cfg
    .M.......  c /boot/grub2/grub.cfg

[1] a137559e71
[2] f28d50ee44

Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-07-29 08:48:44 -06:00
Nicolas Frayer
f28d50ee44 grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-16 15:19:37 +02:00
Nicolas Frayer
ce0dd8c056 KVM/PowerVM: Add support for KVM on PowerVM
Resolved: #2294883
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-02 10:17:51 +02:00
Leo Sandoval
a137559e71 grub-mkconfig.in: turn off executable owner bit
Resolves: #2281464
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-05-28 11:47:20 -06:00
Nicolas Frayer
92efc5d3cd cmd/search: Rework of CVE-2023-4001 fix
Related: #2224951
Resolved: #2263369
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-05-23 18:17:33 +02:00
Zbigniew Jędrzejewski-Szmek
434cc479bc Fix build when %_bindir==%_sbindir
Preparation for https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin.

Also remove duplicate listing in %files.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2024-04-17 15:14:28 +02:00
Nicolas Frayer
3e8a581288 fs/xfs: Handle non-continuous data blocks in directory extents
Related: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-04-15 11:05:24 +02:00
Nicolas Frayer
d2fcd91e36 GRUB2 NTFS driver vulnerabilities
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Resolves: #2241976
Resolves: #2238343
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-03-12 14:59:34 +01:00
Nicolas Frayer
de8520b84a grub-set-bootflag: Fix for CVE-2024-1048
(CVE-2024-1048)

Resolves: #2256678
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-07 10:40:35 +01:00
Leo Sandoval
29406ad333 xfs: include directory extent parsing patch
Patch is required to boot XFS-formatted partitions created with
xfsprogs 6.5.0

Resolves: #2259266
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-01-23 12:02:27 -06:00
Nicolas Frayer
6cc927e76b Compiler flags: ignore incompatible types for now as it prevents
CI builds

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:45 +01:00
Nicolas Frayer
d2d9f6012b grub-core/commands: add flag to only search root dev
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:34 +01:00
Nicolas Frayer
ebd311ec52 xfs: Remove directory extent parsing patch
Some bios systems can't boot with one of
the xfs upstream patches

Resolves: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-17 15:23:37 +01:00
Hector Martin
0c1c9228d2 Switch memdisk compression to lzop
xz decompression is very slow and slows down boot by around 5 seconds on
aarch64/Apple M1 when using the default font. Switch to lzop, which
takes less than one second to uncompress.

This increases EFI core image size by around 11%.

Signed-off-by: Hector Martin <marcan@marcan.st>
2024-01-13 08:19:34 +09:00
Daan De Meyer
a162c0412f Drop grub2-tools obsoletes for grub2-tools-minimal
When installing grub2-tools grub2-tools-minimal is pulled in which
obsoletes grub2-tools causing grub2-tools to not get installed.
Remove the obsoletes so that grub2-tools can be installed again.

Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-01-11 19:10:34 +01:00
Nicolas Frayer
d11c8385d6 normal: fix prefix when loading modules
Resolves: #2209435
Resolves: #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-04 11:29:35 +01:00
Leo Sandoval
4562b72afc chainloader: remove device path debug message
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2023-12-14 09:31:59 -06:00
Nicolas Frayer
cadd7a1196 Migrate to SPDX license
Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 17:09:13 +01:00
Nicolas Frayer
c4a49e5c9a fs/xfs: Add several fixes/improvements to xfs fs from upstream
Resolves: #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 10:31:36 +01:00
Nicolas Frayer
7b857b827a Linker: added --no-warn-rwx-segments linker option
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.

Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 15:30:41 +01:00
Nicolas Frayer
88924af554 Remove [Install] section from aux systemd units
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 17:29:09 +01:00
Hans de Goede
94ecc476ab spec: Fix enablement of grub services and timer
Fix enablement of grub services and timer:
- Switch back to static enablement for grub services in tools package
- Add %%triggerpostun to apply grub-boot-success.timer preset
  when upgrading from older versions where this was not a preset

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2247635
Signed-off-by: Christian Glombek <cglombek@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2023-11-14 13:18:59 +01:00
Nicolas Frayer
8a9297c431 util: grub-install on EFI if forced
Resolves: #1917213
Resolves: #2240994
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-06 18:10:09 +01:00
Nicolas Frayer
07412b4a97 kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-20 18:11:41 +02:00
Janne Grunau
62027d5ee3 20-grub.install: Copy device-tree directory recursively
8800efcb0b replaced '-a' with '--preserve=timestamps' to avoid
preserving ownership information on non vfat file systems. This breaks
copying of the 'dtb' directory on aarch64 systems since '-a' implies
'-r'. Add '-r' to the single place where 'dtb/' is copied to /boot.

Resolves: #2243060
Fixes: 8800efcb0b ("Do not preserve ownership or xattrs on copied files")
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-11 12:23:55 +02:00
Zbigniew Jędrzejewski-Szmek
af4f1536b6 Rename installed kernel to match name used in boot entry
The mkbls() function would write 'linux /vmlinuz-${kernelver}' into the boot
loader entry. But the code that actually copies the file would use the original
file name with a version suffix ('cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"').
In case of a local kernel build calling /sbin/installkernel this file name was
e.g. 'bzImage', so we would end up with '/bzImage-${KERNEL_VERSION}', which of
course doesn't match '/vmlinuz-*'. The script would later call 'grub2-mkrel'
on the name taken from the boot entry which would fail because the file does not
exist. Rename the argument to "vmlinuz", so that both parts match.

Tested by doing a local kernel build with 'sudo make install' at the end.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2023-10-03 17:12:39 +02:00
Nicolas Frayer
aa936e7b0c ofdisk: Fix missing #include in ofdisk.c
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-29 18:06:49 +02:00
Christian Glombek
6c038d7d02 spec: Fix grub2-systemd-integration.service name
Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-28 19:09:26 +02:00
Nicolas Frayer
52d23fe6f6 arm64: Use proper memory type for kernel allocation
Resolves: #2149020
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-14 18:26:26 +02:00
Nicolas Frayer
d161705351 spec: Use systemd presets and macros for units in tools package
Resolves: #2230575

Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-14 18:26:07 +02:00
Nicolas Frayer
5c4529ecac spec: Modified posttrans to harden grub config detection
Resolves: #2235692
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-01 11:12:53 +02:00
Nicolas Frayer
6d1f9f4a80 efi/http: change uint32_t to uintn_t
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:25:39 +02:00
Nicolas Frayer
5184f7bcf1 util: Enable default kernel for updates
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:14:44 +02:00
Robbie Harwood
dc5c4e3f52 Add switch-root support to grub-emu
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-12 15:23:39 +00:00
Robbie Harwood
e6b8f35a69 Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-10 16:44:09 +00:00
Chris Adams
9d4d1e919c Provide a legacy PXE boot core.0
This enables PXE booting with grub2 rather than syslinux.

Signed-off-by: Chris Adams <linux@cmadams.net>
[rharwood: bump spec, fix commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 15:59:22 -04:00
Robbie Harwood
dc0bc06560 Disable the tpm verifier if the TPM device is not present
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae ppc64le: more cas vec5 shenanigans
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00