Nicolas Frayer
00c60d83a8
grub-set-bootflag: Fix for CVE-2024-1048
...
(CVE-2024-1048)
Resolves : #2256678
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-07 18:30:54 +01:00
Nicolas Frayer
56543c8d51
grub-core/commands: add flag to only search root dev
...
Resolves : #2223437
Resolves : #2224951
Resolves : #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 16:54:10 +01:00
Hector Martin
17fb8b14fe
Switch memdisk compression to lzop
...
xz decompression is very slow and slows down boot by around 5 seconds on
aarch64/Apple M1 when using the default font. Switch to lzop, which
takes less than one second to uncompress.
This increases EFI core image size by around 11%.
Signed-off-by: Hector Martin <marcan@marcan.st>
2024-01-16 11:04:17 +01:00
Daan De Meyer
9391bdea15
Drop grub2-tools obsoletes for grub2-tools-minimal
...
When installing grub2-tools grub2-tools-minimal is pulled in which
obsoletes grub2-tools causing grub2-tools to not get installed.
Remove the obsoletes so that grub2-tools can be installed again.
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-01-16 11:02:57 +01:00
Nicolas Frayer
422d802108
xfs: Remove directory extent parsing patch
...
Some bios systems with /boot partition created with
xfsprog < 6.5.0 can't boot with one of the xfs upstream patches
Resolves : #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-11 19:07:35 +01:00
Nicolas Frayer
8dde55b253
normal: fix prefix when loading modules
...
Resolves : #2209435
Resolves : #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-09 18:08:53 +01:00
Leo Sandoval
9e1a57b86b
chainloader: remove device path debug message
...
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2023-12-14 12:03:37 -06:00
Nicolas Frayer
49be87a39f
fs/xfs: Add several fixes/improvements to xfs fs from upstream
...
Resolves : #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 15:31:43 +01:00
Nicolas Frayer
78e11c07a3
Linker: added --no-warn-rwx-segments linker option
...
added --no-warn-rwx-segments as build will fail after
ld.bfd default options have been changed.
Please refer:
https://fedoraproject.org/wiki/Changes/Linker_Error_On_Security_Issues
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 17:19:06 +01:00
Nicolas Frayer
eb693b140f
Remove [Install] section from aux systemd units
...
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 14:46:35 +01:00
Hans de Goede
9d0e3e4392
spec: Fix enablement of grub services and timer
...
Fix enablement of grub services and timer:
- Switch back to static enablement for grub services in tools package
- Add %%triggerpostun to apply grub-boot-success.timer preset
when upgrading from older versions where this was not a preset
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2247635
Signed-off-by: Christian Glombek <cglombek@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2023-11-15 14:43:47 +01:00
Nicolas Frayer
161028239c
util: grub-install on EFI if forced
...
Resolves : #1917213
Resolves : #2240994
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-15 14:43:44 +01:00
Nicolas Frayer
ec7b4e6602
kern/ieee1275/init: ppc64: Restrict high memory in presence
...
of fadump
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 21:31:40 +01:00
Vitaly Kuznetsov
d483971ab1
Don't run 20-grub.install for UKIs
...
When kernel-install is called for a UKI, 20-grub.install copies it to /boot
which is totally unneeded, UKIs are now handled by the standard systemd's
90-uki-copy.install (systemd-253+) correctly which places them to the ESP.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
2023-10-04 13:10:24 +02:00
Nicolas Frayer
f61d34d3a1
ofdisk: Fix missing #include in ofdisk.c
...
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-04 13:10:24 +02:00
Christian Glombek
be69b5dd4d
spec: Fix grub2-systemd-integration.service name
...
Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-10-04 13:10:24 +02:00
Nicolas Frayer
e2ad70b182
arm64: Use proper memory type for kernel allocation
...
Resolves : #2149020
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-15 13:07:32 +02:00
Nicolas Frayer
8d3b281ccc
spec: Use systemd presets and macros for units in tools package
...
Resolves : #2230575
Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-15 13:07:26 +02:00
Nicolas Frayer
9f841e56f3
spec: Modified posttrans to harden grub config detection
...
Resolves : #2235692
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-01 11:54:19 +02:00
Nicolas Frayer
6d1f9f4a80
efi/http: change uint32_t to uintn_t
...
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:25:39 +02:00
Nicolas Frayer
5184f7bcf1
util: Enable default kernel for updates
...
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:14:44 +02:00
Robbie Harwood
dc5c4e3f52
Add switch-root support to grub-emu
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-12 15:23:39 +00:00
Robbie Harwood
e6b8f35a69
Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-10 16:44:09 +00:00
Robbie Harwood
ab62564e2f
tmp
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 17:47:53 -04:00
Chris Adams
9d4d1e919c
Provide a legacy PXE boot core.0
...
This enables PXE booting with grub2 rather than syslinux.
Signed-off-by: Chris Adams <linux@cmadams.net>
[rharwood: bump spec, fix commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-31 15:59:22 -04:00
Robbie Harwood
dc0bc06560
Disable the tpm verifier if the TPM device is not present
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae
ppc64le: more cas vec5 shenanigans
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d
emu: work around systemctl bad behavior
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00
Robbie Harwood
48cf39de05
emu: handle BLS /boot weirdness
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-09 16:48:40 +00:00
Robbie Harwood
4db0050f31
Update rpminspect configuration
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-21 10:54:07 -05:00
Robbie Harwood
5c83f50804
Update mm fixes from upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 16:49:18 +00:00
Robbie Harwood
b86fd390b8
Fix disk sector size computation
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 14:24:30 +00:00
Robbie Harwood
63b29f783e
Override the linker and force nonexecutable stacks
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-10 21:50:45 +00:00
Robbie Harwood
851216d61a
ppc64le: sync cas/tpm patchset with upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:07:44 +00:00
Robbie Harwood
ed1787d5fc
emu: support newer kexec syscall
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 22:43:11 +00:00
Robbie Harwood
a5299c3192
ppc64le: cas5, take 3
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:29:49 +00:00
Robbie Harwood
3a3516d360
Fix implicit function declaration warnings
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 18:54:15 +00:00
Javier Martinez Canillas
22838ae9d7
20-grub-install: Explicitly check '+debug' suffix for debug kernels
...
The kernel-install script is also used to install kernels when built from
source using the `make install` target.
And if this source contains modifications, a '+' is added as suffix by the
scripts/setlocalversion if no LOCALVERSION was set in the kernel config.
This confuses the grub2 kernel-install plugin, since it currently assumes
that any kernel that contain a version with a '+' suffix is a debug kernel.
But the match is too greedy, just having '+debug' should be enough to check
whether the kernel to install is a debug kernel or not.
Resolves : #2148351
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2023-02-01 23:09:10 +01:00
Robbie Harwood
1163f8ebfd
Bump to re-run signing
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-01 20:54:24 +00:00
Robbie Harwood
e4be65856a
Disable mdraid < 1.1 on ppc64le
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-31 16:09:55 -05:00
Robbie Harwood
f8f88e1235
Fix grub2-probe issue with previous commit
...
Resolves : #2165136
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 20:42:56 +00:00
Robbie Harwood
3ce59ed7e1
ppc64le: update signed media fixes
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 14:04:12 -05:00
Robbie Harwood
ac206cb17b
ppc64le: fix issues using core.elf on boot media
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:28:48 +00:00
Robbie Harwood
7be2bf00c3
Pull allocator improvements from upstream
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 18:57:23 +00:00
Robbie Harwood
217ae25d88
Fix previous commit for non-x64
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 11:00:47 -05:00
Robbie Harwood
b84b21f7a2
Apply more hardening to host binaries
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 15:40:17 +00:00
Robbie Harwood
d2ad09e81a
Allow internal grub allocations over 4GB
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-10 19:49:15 +00:00
Robbie Harwood
9e46a970c6
Fix prefix setting with memdisk creation for network boot
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-21 22:35:22 +00:00
Robbie Harwood
55921d8655
Attempt to fix eln build
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-19 14:36:15 -05:00
Robbie Harwood
fa48146e4c
ppc64le: fix lpar cas5
...
Resolves : #2152547
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:30:52 +00:00