ELBA-2023-1699

ELBA-2023-1699 - grub2 bug fix and enhancement update

Type:BUG
Impact:NA
Release Date:2023-11-16

Description


[2.06-46.0.4.5]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.06-46.el9_1.5]
- Sync (actually 2.06-61)
- Resolves: #2181506

[2.06-46.el9_1.4]
- Sync with 9.2 (actually 2.06-58)
- Resolves: #2156419

[2.06-46.el9_1.3]
- Give up on redhat-sb-certs
- Resolves: CVE-2022-2601

[2.06-46.el9_1.2]
- CVE update (actually 2.06-49)
- Resolves: CVE-2022-2601

[2.06-46]
- Sync /etc/kernel/cmdline generation with 2.06-52.fc38
- Resolves: #1969362

[2.06-45]
- ieee1275: implement vec5 for cas negotiation
- Resolves: #2121192

[2.06-44]
- Skip rpm mtime verification on likely-vfat filesystems
- Resolves: #2047979

[2.06-43]
- Generate BLS snippets during mkconfig
- Resolves: #1969362

[2.06-42]
- Rest of kernel allocator fixups
- Resolves: #2108456

[2.06-41]
- Kernel allocator fixups
- Resolves: #2108456

[2.06-40]
- Rebuild against new ppc64le key
- Resolves: #2074761

[2.06-38]
- Bless the TPM module on ppc64le
- Resolves: #2051314

[2.06-37]
- CVE fixes for 2022-06-07
- CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
- CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
- Resolves: #2070688

[2.06-32]
- ppc64le: make ofdisk_retries optional
- Resolves: #2070725

[2.06-30]
- ppc64le: CAS improvements, prefix detection, and vTPM support
- Resolves: #2068281
- Resolves: #2051314
- Resolves: #2076798

[2.06-29]
- Fix rpm verification report on grub.cfg permissions
- Resolves: #2076322

[2.06-28]
- First 9.1 build; no changes from 9.0
- Resolves: #2062874

[2.06-27]
- Fix initialization on efidisk patch

[2.06-26]
- Re-run signing with updated redhat-release

[2.06-25]
- Enable connectefi module
- Resolves: #2049219

[2.06-24]
- Add efidisk/connectefi patches
- Resolves: #2049219
- Resolves: #2049220

[2.06-23]
- Re-arm GRUB_ENABLE_BLSCFG=false
- Resolves: #2018331

[2.06-22]
- Stop building unsupported 32-bit UEFI stuff
- Resolves: #2038401

[2.06-21]
- Require Secure Boot certs based on architecture
- Resolves: #2049214

[2.06-20]
- Conditionalize Secure Boot settings per architecture
- Resolves: #2049214

[2.06-19]
- Attempt to fix ppc64le signing bugs in previous change
- Resolves: #2049214

[2.06-18]
- Switch to single-signing and use certs from package (bstinson)
- Resolves: #2049214

[2.06-17]
- CVE-2021-3981 (Incorrect read permission in grub.cfg)
- Resolves: rhbz#2030724

[2.06-16]
- Stop having this problem and just copy over the beta tree
- Resolves: rhbz#2006784

* Mon Oct 25 2021 Robbie Harwood
- powerpc-ieee1275: load grub at 4MB, not 2MB
Related: rhbz#1873860

* Tue Oct 12 2021 Robbie Harwood
- Print out module name on license check failure
Related: rhbz#1873860

* Thu Oct 07 2021 pjones
- Hopefully make 'grub2-mkimage --appended-signature-size=' actually work.
Related: rhbz#1873860

[2.06-8]
- Attempt once more to fix signatures on ppc64le
Related: rhbz#1873860

[2.06-7]
- Fix signatures on ppc64le
Related: rhbz#1951104

[2.06-6]
- Fix booting with XFSv4 partitions
Resolves: rhbz#2006993

[2.06-5]
- Rebuild for correct signatures once more.
Resolves: rhbz#1976771

[2.06-4]
- Rebuild for correct signatures
Resolves: rhbz#1976771

[2.06-3]
- Rebuild for gating + rpminspect
Resolves: rhbz#1976771

[2.06-2]
- Rebuild because our CI infrastructure doesn't work right
Resolves: rhbz#1976771

[2.06-1]
- Update to 2.06 final release and ton of fixes
Resolves: rhbz#1976771

[2.06~rc1-9]
- Fix kernel cmdline params getting overwritten on ppc64le
Resolves: rhbz#1973564

[2.06~rc1-8]
- Add XFS needsrepair support
Resolves: rhbz#1940165

[2.06~rc1-7]
- Find and claim more memory for ieee1275 (dja)
Resolves: rhbz#1873860

[2.06~rc1-6]
- Add XFS bigtime support (cmaiolino)
Resolves: rhbz#1940165

[2.06~rc1-5]
- Use RHEL distro SBAT data also for CentOS Stream
Related: rhbz#1947696




Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) grub2-2.06-46.0.4.el9_1.5.src.rpm291061a20a7d76427675506ee69405760d6b17669216f8a99f01169c5635e026-ol9_aarch64_baseos_latest
grub2-common-2.06-46.0.4.el9_1.5.noarch.rpma561300ce664e97d27943425b324f7e82682bc215deb832645345a94480be955-ol9_aarch64_baseos_latest
grub2-efi-aa64-2.06-46.0.4.el9_1.5.aarch64.rpm054d98ca577ea0cb2156e2b41e7badc7dac044e5f56829830ef214f2d6640f63-ol9_aarch64_baseos_latest
grub2-efi-aa64-cdboot-2.06-46.0.4.el9_1.5.aarch64.rpm172002ac0ef03baf90b51e5109355d4c5b4309f301ab6c8e9845a1d7bc5c72dc-ol9_aarch64_baseos_latest
grub2-efi-aa64-modules-2.06-46.0.4.el9_1.5.noarch.rpm07db054ce9084b99675a26fb720ede04f9b5e7c9acd1a65dee3564b28733863f-ol9_aarch64_baseos_latest
grub2-efi-x64-modules-2.06-46.0.4.el9_1.5.noarch.rpma8e572beceb79ed081e9e231c0422e5253f8e3f26646bf9f682190612153cbe5-ol9_aarch64_baseos_latest
grub2-tools-2.06-46.0.4.el9_1.5.aarch64.rpm94a266c050378121f5b8514af7f80ab621a6734020ae953e25d63be082f9a062-ol9_aarch64_baseos_latest
grub2-tools-extra-2.06-46.0.4.el9_1.5.aarch64.rpmbbd2501d1bc7547d832835e65b5de212d08dcfa39a5338f49a345e0f46d6f3da-ol9_aarch64_baseos_latest
grub2-tools-minimal-2.06-46.0.4.el9_1.5.aarch64.rpmbd2730ca3ecedfd2a77b45cbe70afb37236f119902c4097c1b8d704238c6a331-ol9_aarch64_baseos_latest
Oracle Linux 9 (x86_64) grub2-2.06-46.0.4.el9_1.5.src.rpm291061a20a7d76427675506ee69405760d6b17669216f8a99f01169c5635e026-ol9_x86_64_baseos_latest
grub2-common-2.06-46.0.4.el9_1.5.noarch.rpma561300ce664e97d27943425b324f7e82682bc215deb832645345a94480be955-ol9_x86_64_baseos_latest
grub2-efi-aa64-modules-2.06-46.0.4.el9_1.5.noarch.rpm07db054ce9084b99675a26fb720ede04f9b5e7c9acd1a65dee3564b28733863f-ol9_x86_64_baseos_latest
grub2-efi-x64-2.06-46.0.4.el9_1.5.x86_64.rpm90d9377363d4a7cdb4ab198549e56b60038dc865c216606b2c705671789fe76e-ol9_x86_64_baseos_latest
grub2-efi-x64-cdboot-2.06-46.0.4.el9_1.5.x86_64.rpm4376a24caa5fa9414f266a67ac9a38915d3e996754368317e4b821e1d603dce8-ol9_x86_64_baseos_latest
grub2-efi-x64-modules-2.06-46.0.4.el9_1.5.noarch.rpma8e572beceb79ed081e9e231c0422e5253f8e3f26646bf9f682190612153cbe5-ol9_x86_64_baseos_latest
grub2-pc-2.06-46.0.4.el9_1.5.x86_64.rpm4f109c42732428aa61fba9cebbf0acb100e7ca94c07269c37d55aaaab86ff0f1-ol9_x86_64_baseos_latest
grub2-pc-modules-2.06-46.0.4.el9_1.5.noarch.rpma28db13feabdf5314dcfdc322497b1067bfbf286c63c7c7c3ef3252ff06ae14b-ol9_x86_64_baseos_latest
grub2-tools-2.06-46.0.4.el9_1.5.x86_64.rpm08f41b6cabd9d47a2a6180162e638294c51662b3f7ee1dd50b9935574f9d09db-ol9_x86_64_baseos_latest
grub2-tools-efi-2.06-46.0.4.el9_1.5.x86_64.rpmacaef06205c32779c6238efb90207cbbe677ce824a227c3d2de8e2ffcabda876-ol9_x86_64_baseos_latest
grub2-tools-extra-2.06-46.0.4.el9_1.5.x86_64.rpm4a457ba2cd8dfac6ad8e0e6b6d129c919239acee0dae135e8df6116dc09d22db-ol9_x86_64_baseos_latest
grub2-tools-minimal-2.06-46.0.4.el9_1.5.x86_64.rpm26d61b0be513b0054ec88fac2424ad0dea25b63b5a11e6a1ee002b3ee3b051c3-ol9_x86_64_baseos_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete