Merge "grub2: fix CVE-2020-15707"
This commit is contained in:
commit
ad02943bb5
@ -3,7 +3,7 @@ cloud-init-0.7.9-24.el7.centos.1.src.rpm
|
|||||||
dhcp-4.2.5-68.el7.centos.1.src.rpm
|
dhcp-4.2.5-68.el7.centos.1.src.rpm
|
||||||
dnsmasq-2.76-7.el7.src.rpm
|
dnsmasq-2.76-7.el7.src.rpm
|
||||||
facter-2.4.4-4.el7.src.rpm
|
facter-2.4.4-4.el7.src.rpm
|
||||||
grub2-2.02-0.76.el7.centos.src.rpm
|
grub2-2.02-0.86.el7.centos.src.rpm
|
||||||
grubby-8.28-25.el7.src.rpm
|
grubby-8.28-25.el7.src.rpm
|
||||||
haproxy-1.5.18-8.el7.src.rpm
|
haproxy-1.5.18-8.el7.src.rpm
|
||||||
initscripts-9.49.46-1.el7.src.rpm
|
initscripts-9.49.46-1.el7.src.rpm
|
||||||
|
@ -15,8 +15,8 @@ index 12d34ad..88c6c09 100644
|
|||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.02
|
Version: 2.02
|
||||||
-Release: 0.76%{?dist}%{?buildid}
|
-Release: 0.86%{?dist}%{?buildid}
|
||||||
+Release: 0.76.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
+Release: 0.86.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
|
|
||||||
index 11f6b0e..613f2e1 100644
|
|
||||||
--- a/SPECS/grub2.spec
|
|
||||||
+++ b/SPECS/grub2.spec
|
|
||||||
@@ -49,11 +49,6 @@ BuildRequires: /usr/lib64/crt1.o glibc-static glibc-devel
|
|
||||||
BuildRequires: /usr/lib64/crt1.o glibc-static(x86-64) glibc-devel(x86-64)
|
|
||||||
# glibc32 is what will be in the buildroots, but glibc-static(x86-32) is what
|
|
||||||
# will be in an epel-7 (i.e. centos) mock root. I think.
|
|
||||||
-%if 0%{?centos}%{?mock}
|
|
||||||
-BuildRequires: /usr/lib/crt1.o glibc-static(x86-32) glibc-devel(x86-32)
|
|
||||||
-%else
|
|
||||||
-BuildRequires: /usr/lib/crt1.o glibc32
|
|
||||||
-%endif
|
|
||||||
%else
|
|
||||||
# ppc64 builds need the ppc crt1.o
|
|
||||||
BuildRequires: /usr/lib/crt1.o glibc-static glibc-devel
|
|
@ -11,10 +11,10 @@ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
|
|||||||
index bac4594..d7475f0 100644
|
index bac4594..d7475f0 100644
|
||||||
--- a/SOURCES/grub.patches
|
--- a/SOURCES/grub.patches
|
||||||
+++ b/SOURCES/grub.patches
|
+++ b/SOURCES/grub.patches
|
||||||
@@ -286,3 +286,4 @@ Patch0285: 0285-editenv-handle-relative-symlinks.patch
|
@@ -332,3 +332,4 @@ Patch0285: 0285-editenv-handle-relative-symlinks.patch
|
||||||
Patch0286: 0286-efinet-also-use-the-firmware-acceleration-for-http.patch
|
Patch0332: 0332-linux-loader-avoid-overflow-on-initrd-size-calculati.patch
|
||||||
Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch
|
Patch0333: 0333-linuxefi-fail-kernel-validation-without-shim-protoco.patch
|
||||||
Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch
|
Patch0334: 0334-linux-Fix-integer-overflows-in-initrd-size-handling.patch
|
||||||
+Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
+Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
||||||
--
|
--
|
||||||
2.7.4
|
2.7.4
|
||||||
|
@ -16,10 +16,10 @@ index 075727c..5581deb 100644
|
|||||||
%{desc} \
|
%{desc} \
|
||||||
This subpackage provides optional components of grub used with removeable media on %{1} systems.\
|
This subpackage provides optional components of grub used with removeable media on %{1} systems.\
|
||||||
+ \
|
+ \
|
||||||
+%package %{1}-unsigned \
|
+%{expand:%%package %{1}-unsigned} \
|
||||||
+Summary: Unsigned versions of GRUB EFI binaries \
|
+Summary: Unsigned versions of GRUB EFI binaries \
|
||||||
+ \
|
+ \
|
||||||
+%description %{1}-unsigned \
|
+%{expand:%%description %{1}-unsigned} \
|
||||||
+This package contains unsigned version of GRUB EFI binaries. \
|
+This package contains unsigned version of GRUB EFI binaries. \
|
||||||
+ \
|
+ \
|
||||||
%{nil}
|
%{nil}
|
||||||
@ -31,9 +31,9 @@ index 075727c..5581deb 100644
|
|||||||
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
|
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
|
||||||
+cp %{2}.orig %{2}.unsigned \
|
+cp %{2}.orig %{2}.unsigned \
|
||||||
+cp %{3}.orig %{3}.unsigned \
|
+cp %{3}.orig %{3}.unsigned \
|
||||||
%{expand:%%{pesign -s -i %{2}.orig -o %{2} -a %{5} -c %{6} -n %{7}}} \
|
%{expand:%%{pesign -s -i %{2}.orig -o %{2}.one -a %{5} -c %{6} -n %{7}}} \
|
||||||
%{expand:%%{pesign -s -i %{3}.orig -o %{3} -a %{5} -c %{6} -n %{7}}} \
|
%{expand:%%{pesign -s -i %{3}.orig -o %{3}.one -a %{5} -c %{6} -n %{7}}} \
|
||||||
%{nil}
|
%{expand:%%{pesign -s -i %{2}.one -o %{2} -a %{8} -c %{9} -n %{10}}} \
|
||||||
@@ -403,6 +412,8 @@ find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \
|
@@ -403,6 +412,8 @@ find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \
|
||||||
touch $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/grub.cfg \
|
touch $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/grub.cfg \
|
||||||
ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\
|
ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\
|
||||||
@ -45,8 +45,8 @@ index 075727c..5581deb 100644
|
|||||||
install -D -m 700 unicode.pf2 \\\
|
install -D -m 700 unicode.pf2 \\\
|
||||||
@@ -490,4 +501,8 @@ cd .. \
|
@@ -490,4 +501,8 @@ cd .. \
|
||||||
%defattr(-,root,root,-) \
|
%defattr(-,root,root,-) \
|
||||||
%attr(0700,root,root)/boot/efi/EFI/%{efidir}/%{3} \
|
%verify(not mtime) %attr(0700,root,root)/boot/efi/EFI/%{efidir}/%{3} \
|
||||||
%attr(0700,root,root)/boot/efi/EFI/%{efidir}/fonts \
|
%verify(not mtime) %attr(0700,root,root)/boot/efi/EFI/%{efidir}/fonts \
|
||||||
+ \
|
+ \
|
||||||
+%{expand:%%files %{1}-unsigned} \
|
+%{expand:%%files %{1}-unsigned} \
|
||||||
+/boot/efi/EFI/%{efidir}/%{grubefiname}.unsigned \
|
+/boot/efi/EFI/%{efidir}/%{grubefiname}.unsigned \
|
||||||
|
@ -12,13 +12,13 @@ index 5581deb..9ef91d6 100644
|
|||||||
--- a/SOURCES/grub.macros
|
--- a/SOURCES/grub.macros
|
||||||
+++ b/SOURCES/grub.macros
|
+++ b/SOURCES/grub.macros
|
||||||
@@ -242,6 +242,13 @@ Summary: Unsigned versions of GRUB EFI binaries \
|
@@ -242,6 +242,13 @@ Summary: Unsigned versions of GRUB EFI binaries \
|
||||||
%description %{1}-unsigned \
|
%{expand:%%description %{1}-unsigned} \
|
||||||
This package contains unsigned version of GRUB EFI binaries. \
|
This package contains unsigned version of GRUB EFI binaries. \
|
||||||
\
|
\
|
||||||
+%package %{1}-pxeboot \
|
+%{expand:%%package %{1}-pxeboot} \
|
||||||
+Summary: PXE bootable GRUB EFI binaries \
|
+Summary: PXE bootable GRUB EFI binaries \
|
||||||
+ \
|
+ \
|
||||||
+%description %{1}-pxeboot \
|
+%{expand:%%description %{1}-pxeboot} \
|
||||||
+This package contains the version of EFI GRUB that is served by the pxeboot \
|
+This package contains the version of EFI GRUB that is served by the pxeboot \
|
||||||
+server \
|
+server \
|
||||||
+ \
|
+ \
|
||||||
|
@ -28,16 +28,16 @@ index 9ef91d6..ffdd23c 100644
|
|||||||
video xfs" \
|
video xfs" \
|
||||||
GRUB_MODULES+=%{efi_modules} \
|
GRUB_MODULES+=%{efi_modules} \
|
||||||
+GRUB_MODULES+=%{wrs_modules} \
|
+GRUB_MODULES+=%{wrs_modules} \
|
||||||
%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7}}} \
|
%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7} %{8} %{9} %{10}}} \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
|
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
|
||||||
index d7475f0..e24bd8c 100644
|
index d7475f0..e24bd8c 100644
|
||||||
--- a/SOURCES/grub.patches
|
--- a/SOURCES/grub.patches
|
||||||
+++ b/SOURCES/grub.patches
|
+++ b/SOURCES/grub.patches
|
||||||
@@ -287,3 +287,4 @@ Patch0286: 0286-efinet-also-use-the-firmware-acceleration-for-http.patch
|
@@ -333,3 +334,4 @@ Patch0286: 0286-efinet-also-use-the-firmware-acceleration-for-http.patch
|
||||||
Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch
|
Patch0333: 0333-linuxefi-fail-kernel-validation-without-shim-protoco.patch
|
||||||
Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch
|
Patch0334: 0334-linux-Fix-integer-overflows-in-initrd-size-handling.patch
|
||||||
Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
||||||
+Patch1001: 1001-add-tboot.patch
|
+Patch1001: 1001-add-tboot.patch
|
||||||
--
|
--
|
||||||
|
@ -29,8 +29,8 @@ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
|
|||||||
index e24bd8c..73ccdee 100644
|
index e24bd8c..73ccdee 100644
|
||||||
--- a/SOURCES/grub.patches
|
--- a/SOURCES/grub.patches
|
||||||
+++ b/SOURCES/grub.patches
|
+++ b/SOURCES/grub.patches
|
||||||
@@ -288,3 +288,5 @@ Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch
|
@@ -334,3 +334,5 @@ Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch
|
||||||
Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch
|
Patch0334: 0334-linux-Fix-integer-overflows-in-initrd-size-handling.patch
|
||||||
Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
||||||
Patch1001: 1001-add-tboot.patch
|
Patch1001: 1001-add-tboot.patch
|
||||||
+Patch1002: 1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch
|
+Patch1002: 1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
0001-grub2-Update-package-versioning-for-TIS-format.patch
|
0001-grub2-Update-package-versioning-for-TIS-format.patch
|
||||||
0002-grub2-fix-cflags.patch
|
0002-grub2-fix-cflags.patch
|
||||||
0003-grub2-remove-debug-pkgs.patch
|
0003-grub2-remove-debug-pkgs.patch
|
||||||
0004-grub2-remove-32b-requirements.patch
|
|
||||||
0005-grub2-remove-32b-build.patch
|
0005-grub2-remove-32b-build.patch
|
||||||
0006-grub2-ship-lst-files.patch
|
0006-grub2-ship-lst-files.patch
|
||||||
0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch
|
||||||
|
@ -1 +1 @@
|
|||||||
mirror:Source/grub2-2.02-0.76.el7.centos.src.rpm
|
mirror:Source/grub2-2.02-0.86.el7.centos.src.rpm
|
||||||
|
Loading…
Reference in New Issue
Block a user