Commit graph

191 commits

Author SHA1 Message Date
Nicolas Frayer
dd5f2023b0 mkconfig: More hardening to prevent overwriting grub cfg stub
Simplified os detection and remove mountpoint to accommodate
hybrid VMs

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-08-06 12:39:13 +02:00
Leo Sandoval
ab7ed2db6e Rebased to release grub2-2.12 for fedora-41
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-08-05 19:08:59 -06:00
Nicolas Frayer
f28d50ee44 grub2-mkconfig: Prevent mkconfig from overwriting grub cfg stub
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-16 15:19:37 +02:00
Nicolas Frayer
ce0dd8c056 KVM/PowerVM: Add support for KVM on PowerVM
Resolved: #2294883
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-07-02 10:17:51 +02:00
Leo Sandoval
a137559e71 grub-mkconfig.in: turn off executable owner bit
Resolves: #2281464
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-05-28 11:47:20 -06:00
Nicolas Frayer
92efc5d3cd cmd/search: Rework of CVE-2023-4001 fix
Related: #2224951
Resolved: #2263369
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-05-23 18:17:33 +02:00
Nicolas Frayer
3e8a581288 fs/xfs: Handle non-continuous data blocks in directory extents
Related: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-04-15 11:05:24 +02:00
Nicolas Frayer
d2fcd91e36 GRUB2 NTFS driver vulnerabilities
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Resolves: #2241976
Resolves: #2238343
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-03-12 14:59:34 +01:00
Nicolas Frayer
de8520b84a grub-set-bootflag: Fix for CVE-2024-1048
(CVE-2024-1048)

Resolves: #2256678
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-02-07 10:40:35 +01:00
Leo Sandoval
29406ad333 xfs: include directory extent parsing patch
Patch is required to boot XFS-formatted partitions created with
xfsprogs 6.5.0

Resolves: #2259266
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-01-23 12:02:27 -06:00
Nicolas Frayer
6cc927e76b Compiler flags: ignore incompatible types for now as it prevents
CI builds

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:45 +01:00
Nicolas Frayer
d2d9f6012b grub-core/commands: add flag to only search root dev
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-18 15:22:34 +01:00
Nicolas Frayer
ebd311ec52 xfs: Remove directory extent parsing patch
Some bios systems can't boot with one of
the xfs upstream patches

Resolves: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-17 15:23:37 +01:00
Nicolas Frayer
d11c8385d6 normal: fix prefix when loading modules
Resolves: #2209435
Resolves: #2173015
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-01-04 11:29:35 +01:00
Leo Sandoval
4562b72afc chainloader: remove device path debug message
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2023-12-14 09:31:59 -06:00
Nicolas Frayer
c4a49e5c9a fs/xfs: Add several fixes/improvements to xfs fs from upstream
Resolves: #2247926
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-01 10:31:36 +01:00
Nicolas Frayer
88924af554 Remove [Install] section from aux systemd units
Related: #2247635
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-14 17:29:09 +01:00
Nicolas Frayer
8a9297c431 util: grub-install on EFI if forced
Resolves: #1917213
Resolves: #2240994
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-11-06 18:10:09 +01:00
Nicolas Frayer
07412b4a97 kern/ieee1275/init: ppc64: Restrict high memory in presence
of fadump

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-10-20 18:11:41 +02:00
Nicolas Frayer
aa936e7b0c ofdisk: Fix missing #include in ofdisk.c
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-29 18:06:49 +02:00
Nicolas Frayer
52d23fe6f6 arm64: Use proper memory type for kernel allocation
Resolves: #2149020
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-09-14 18:26:26 +02:00
Nicolas Frayer
d161705351 spec: Use systemd presets and macros for units in tools package
Resolves: #2230575

Signed-off-by: Christian Glombek <cglombek@redhat.com>
2023-09-14 18:26:07 +02:00
Nicolas Frayer
6d1f9f4a80 efi/http: change uint32_t to uintn_t
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:25:39 +02:00
Nicolas Frayer
5184f7bcf1 util: Enable default kernel for updates
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-08-22 14:14:44 +02:00
Robbie Harwood
dc5c4e3f52 Add switch-root support to grub-emu
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-12 15:23:39 +00:00
Robbie Harwood
e6b8f35a69 Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-04-10 16:44:09 +00:00
Robbie Harwood
dc0bc06560 Disable the tpm verifier if the TPM device is not present
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:47:20 +00:00
Robbie Harwood
ecd22580ae ppc64le: more cas vec5 shenanigans
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-30 12:31:37 +00:00
Robbie Harwood
6a9365c88d emu: work around systemctl bad behavior
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-22 18:39:56 +00:00
Robbie Harwood
48cf39de05 emu: handle BLS /boot weirdness
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-03-09 16:48:40 +00:00
Robbie Harwood
5c83f50804 Update mm fixes from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-20 16:49:18 +00:00
Robbie Harwood
b86fd390b8 Fix disk sector size computation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-16 14:24:30 +00:00
Robbie Harwood
851216d61a ppc64le: sync cas/tpm patchset with upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-08 20:07:44 +00:00
Robbie Harwood
ed1787d5fc emu: support newer kexec syscall
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 22:43:11 +00:00
Robbie Harwood
a5299c3192 ppc64le: cas5, take 3
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 20:29:49 +00:00
Robbie Harwood
3a3516d360 Fix implicit function declaration warnings
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-02-06 18:54:15 +00:00
Robbie Harwood
3ce59ed7e1 ppc64le: update signed media fixes
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-27 14:04:12 -05:00
Robbie Harwood
ac206cb17b ppc64le: fix issues using core.elf on boot media
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-13 20:28:48 +00:00
Robbie Harwood
7be2bf00c3 Pull allocator improvements from upstream
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-11 18:57:23 +00:00
Robbie Harwood
d2ad09e81a Allow internal grub allocations over 4GB
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-10 19:49:15 +00:00
Robbie Harwood
fa48146e4c ppc64le: fix lpar cas5
Resolves: #2152547
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-14 19:30:52 +00:00
Robbie Harwood
85cfe6dd30 Fix error handling in grub_file_open()
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-12-06 15:57:14 +00:00
Robbie Harwood
0ccadff7a2 Bundle unicode.pf2 with images
Resolves: #2143725
Resolves: #2144113
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-22 17:56:56 -05:00
Robbie Harwood
3972172d4d Font fixes (CVE-2022-2601 batch)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:00:57 -05:00
Robbie Harwood
3d407d2111 Try dropping custom sort again
See-also: https://github.com/rpm-software-management/rpm/pull/2249
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-01 13:58:37 -04:00
Robbie Harwood
bc32a76bab TDX measurements to RTMR
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 16:58:27 +00:00
Robbie Harwood
fdd5c6f423 x86-efi: Fix an incorrect array size in kernel allocation
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 18:08:53 +00:00
Robbie Harwood
4fa957c61c Flush instruction cache before starting aa64 kernel
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-04 19:42:56 +00:00
Robbie Harwood
c50cc54b88 aa64: support pe/coff decompressor
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-08 20:17:42 +00:00
Robbie Harwood
db229abffb Revert patches to claim more memory for the arena
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-09-07 23:51:40 +00:00