ELBA-2023-1699
- ULN >
- Oracle Linux Errata repository >
- ELBA-2023-1699
ELBA-2023-1699 - grub2 bug fix and enhancement update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2023-11-16 |
Description
[2.06-46.0.4.5]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
[2.06-46.el9_1.5]
- Sync (actually 2.06-61)
- Resolves: #2181506
[2.06-46.el9_1.4]
- Sync with 9.2 (actually 2.06-58)
- Resolves: #2156419
[2.06-46.el9_1.3]
- Give up on redhat-sb-certs
- Resolves: CVE-2022-2601
[2.06-46.el9_1.2]
- CVE update (actually 2.06-49)
- Resolves: CVE-2022-2601
[2.06-46]
- Sync /etc/kernel/cmdline generation with 2.06-52.fc38
- Resolves: #1969362
[2.06-45]
- ieee1275: implement vec5 for cas negotiation
- Resolves: #2121192
[2.06-44]
- Skip rpm mtime verification on likely-vfat filesystems
- Resolves: #2047979
[2.06-43]
- Generate BLS snippets during mkconfig
- Resolves: #1969362
[2.06-42]
- Rest of kernel allocator fixups
- Resolves: #2108456
[2.06-41]
- Kernel allocator fixups
- Resolves: #2108456
[2.06-40]
- Rebuild against new ppc64le key
- Resolves: #2074761
[2.06-38]
- Bless the TPM module on ppc64le
- Resolves: #2051314
[2.06-37]
- CVE fixes for 2022-06-07
- CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
- CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
- Resolves: #2070688
[2.06-32]
- ppc64le: make ofdisk_retries optional
- Resolves: #2070725
[2.06-30]
- ppc64le: CAS improvements, prefix detection, and vTPM support
- Resolves: #2068281
- Resolves: #2051314
- Resolves: #2076798
[2.06-29]
- Fix rpm verification report on grub.cfg permissions
- Resolves: #2076322
[2.06-28]
- First 9.1 build; no changes from 9.0
- Resolves: #2062874
[2.06-27]
- Fix initialization on efidisk patch
[2.06-26]
- Re-run signing with updated redhat-release
[2.06-25]
- Enable connectefi module
- Resolves: #2049219
[2.06-24]
- Add efidisk/connectefi patches
- Resolves: #2049219
- Resolves: #2049220
[2.06-23]
- Re-arm GRUB_ENABLE_BLSCFG=false
- Resolves: #2018331
[2.06-22]
- Stop building unsupported 32-bit UEFI stuff
- Resolves: #2038401
[2.06-21]
- Require Secure Boot certs based on architecture
- Resolves: #2049214
[2.06-20]
- Conditionalize Secure Boot settings per architecture
- Resolves: #2049214
[2.06-19]
- Attempt to fix ppc64le signing bugs in previous change
- Resolves: #2049214
[2.06-18]
- Switch to single-signing and use certs from package (bstinson)
- Resolves: #2049214
[2.06-17]
- CVE-2021-3981 (Incorrect read permission in grub.cfg)
- Resolves: rhbz#2030724
[2.06-16]
- Stop having this problem and just copy over the beta tree
- Resolves: rhbz#2006784
* Mon Oct 25 2021 Robbie Harwood
- powerpc-ieee1275: load grub at 4MB, not 2MB
Related: rhbz#1873860
* Tue Oct 12 2021 Robbie Harwood
- Print out module name on license check failure
Related: rhbz#1873860
* Thu Oct 07 2021 pjones
- Hopefully make 'grub2-mkimage --appended-signature-size=' actually work.
Related: rhbz#1873860
[2.06-8]
- Attempt once more to fix signatures on ppc64le
Related: rhbz#1873860
[2.06-7]
- Fix signatures on ppc64le
Related: rhbz#1951104
[2.06-6]
- Fix booting with XFSv4 partitions
Resolves: rhbz#2006993
[2.06-5]
- Rebuild for correct signatures once more.
Resolves: rhbz#1976771
[2.06-4]
- Rebuild for correct signatures
Resolves: rhbz#1976771
[2.06-3]
- Rebuild for gating + rpminspect
Resolves: rhbz#1976771
[2.06-2]
- Rebuild because our CI infrastructure doesn't work right
Resolves: rhbz#1976771
[2.06-1]
- Update to 2.06 final release and ton of fixes
Resolves: rhbz#1976771
[2.06~rc1-9]
- Fix kernel cmdline params getting overwritten on ppc64le
Resolves: rhbz#1973564
[2.06~rc1-8]
- Add XFS needsrepair support
Resolves: rhbz#1940165
[2.06~rc1-7]
- Find and claim more memory for ieee1275 (dja)
Resolves: rhbz#1873860
[2.06~rc1-6]
- Add XFS bigtime support (cmaiolino)
Resolves: rhbz#1940165
[2.06~rc1-5]
- Use RHEL distro SBAT data also for CentOS Stream
Related: rhbz#1947696
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | grub2-2.06-46.0.4.el9_1.5.src.rpm | d4b724bb1e995b5367b7c621e370e5d2 | - | ol9_aarch64_baseos_latest |
| grub2-common-2.06-46.0.4.el9_1.5.noarch.rpm | c8f9a197f69572f64281c71d58c1224d | - | ol9_aarch64_baseos_latest | |
| grub2-efi-aa64-2.06-46.0.4.el9_1.5.aarch64.rpm | 99e14aed95d84fd74917517d9adaed39 | - | ol9_aarch64_baseos_latest | |
| grub2-efi-aa64-cdboot-2.06-46.0.4.el9_1.5.aarch64.rpm | 443ef4fa3abbca1f88515617cdbf64cd | - | ol9_aarch64_baseos_latest | |
| grub2-efi-aa64-modules-2.06-46.0.4.el9_1.5.noarch.rpm | dd22ccf506e983ee22389b1a9587441c | - | ol9_aarch64_baseos_latest | |
| grub2-efi-x64-modules-2.06-46.0.4.el9_1.5.noarch.rpm | faf7ea72d728a52e113ec5aca2fc4c27 | - | ol9_aarch64_baseos_latest | |
| grub2-tools-2.06-46.0.4.el9_1.5.aarch64.rpm | 8c928639ad82366fee365b2aac95ea93 | - | ol9_aarch64_baseos_latest | |
| grub2-tools-extra-2.06-46.0.4.el9_1.5.aarch64.rpm | a83d80b7d46b78090ffa674d32562501 | - | ol9_aarch64_baseos_latest | |
| grub2-tools-minimal-2.06-46.0.4.el9_1.5.aarch64.rpm | 1635585c628d545c49cb7a9e2bd8e920 | - | ol9_aarch64_baseos_latest | |
| Oracle Linux 9 (x86_64) | grub2-2.06-46.0.4.el9_1.5.src.rpm | d4b724bb1e995b5367b7c621e370e5d2 | - | ol9_x86_64_baseos_latest |
| grub2-common-2.06-46.0.4.el9_1.5.noarch.rpm | c8f9a197f69572f64281c71d58c1224d | - | ol9_x86_64_baseos_latest | |
| grub2-efi-aa64-modules-2.06-46.0.4.el9_1.5.noarch.rpm | dd22ccf506e983ee22389b1a9587441c | - | ol9_x86_64_baseos_latest | |
| grub2-efi-x64-2.06-46.0.4.el9_1.5.x86_64.rpm | 6ce10460c2abe81f3fcb239dc4251e1e | - | ol9_x86_64_baseos_latest | |
| grub2-efi-x64-cdboot-2.06-46.0.4.el9_1.5.x86_64.rpm | 2adb65b2989c92b99063719c396eb6e8 | - | ol9_x86_64_baseos_latest | |
| grub2-efi-x64-modules-2.06-46.0.4.el9_1.5.noarch.rpm | faf7ea72d728a52e113ec5aca2fc4c27 | - | ol9_x86_64_baseos_latest | |
| grub2-pc-2.06-46.0.4.el9_1.5.x86_64.rpm | 287f99a02ed1185aafde199c9fdb390e | - | ol9_x86_64_baseos_latest | |
| grub2-pc-modules-2.06-46.0.4.el9_1.5.noarch.rpm | a5042a15b0ad74ef4376d3f1f0a6b138 | - | ol9_x86_64_baseos_latest | |
| grub2-tools-2.06-46.0.4.el9_1.5.x86_64.rpm | 5af8840b60f7b89e6b74d5edf8f20b74 | - | ol9_x86_64_baseos_latest | |
| grub2-tools-efi-2.06-46.0.4.el9_1.5.x86_64.rpm | a2e67eab226065998c4246ec071fd807 | - | ol9_x86_64_baseos_latest | |
| grub2-tools-extra-2.06-46.0.4.el9_1.5.x86_64.rpm | d97133a8a0dbadb2338ccaf88293a165 | - | ol9_x86_64_baseos_latest | |
| grub2-tools-minimal-2.06-46.0.4.el9_1.5.x86_64.rpm | b2c0d9ad2e8dea6d93714fca97f13796 | - | ol9_x86_64_baseos_latest | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
