diff --git a/0063-Add-friendly-grub2-password-config-tool-985962.patch b/0063-Add-friendly-grub2-password-config-tool-985962.patch index f7cbd0a352ecc51fb5b4c4c6e365323c6b636651..0bb4b8739f00aec105630992d89c69acdf85d6f1 100644 --- a/0063-Add-friendly-grub2-password-config-tool-985962.patch +++ b/0063-Add-friendly-grub2-password-config-tool-985962.patch @@ -158,7 +158,7 @@ index 000000000..dd76f00fc +$0 prompts the user to set a password on the grub bootloader. The password +is written to a file named user.cfg. + -+Report bugs at https://bugzilla.redhat.com. ++Report bugs at https://bugs.cclinux.org. +EOF +} + diff --git a/0069-Clean-up-grub-setpassword-documentation-1290799.patch b/0069-Clean-up-grub-setpassword-documentation-1290799.patch index 65460befff66a43d0673e7ae11445f6ecdbd59ea..8cd8c738ae3a4bb761ffa1880ebc42de503d69e6 100644 --- a/0069-Clean-up-grub-setpassword-documentation-1290799.patch +++ b/0069-Clean-up-grub-setpassword-documentation-1290799.patch @@ -51,5 +51,5 @@ index fb9d3a3b6..c8c0fa419 100644 + -v, --version print the version information and exit + -o, --output_path put user.cfg in a user-selected directory - Report bugs at https://bugzilla.redhat.com. + Report bugs at https://bugs.cclinux.org. EOF diff --git a/circle-boot-ca-cert.der b/circle-boot-ca-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..7dd70ff1fdb34fc6317486b72d86f6a0dc995d98 Binary files /dev/null and b/circle-boot-ca-cert.der differ diff --git a/circle-boot-signing-cert.der b/circle-boot-signing-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..576ac380e35b1a3bcf639ec50626e3a19a996e5e Binary files /dev/null and b/circle-boot-signing-cert.der differ diff --git a/dist b/dist index 535c6900412d365bb0ff6de8d1f27110833b3ae3..9c0e36ec42a2d9bfefacb21ac6354c9ddd910533 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8_7 +an8 diff --git a/grub.macros b/grub.macros index cc84169cf7c464cefd8d48dcc0719bf54cee9ab8..c54a44aac2f7899ea8f87f490cec50a32b9b23a7 100644 --- a/grub.macros +++ b/grub.macros @@ -409,10 +409,8 @@ done \ -p /EFI/BOOT -d grub-core \\\ --sbat %{4}./sbat.csv \\\ ${GRUB_MODULES} \ -%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}} \ -%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}} \ -%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}} \ -%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}} \ +%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \ %{nil} %else %define efi_mkimage() \ diff --git a/grub2.spec b/grub2.spec index d3dc765bf563f13e088728b581da2ff063848118..8bb01b363cab9bf6a48f0bd8c8906c9b8ffef949 100644 --- a/grub2.spec +++ b/grub2.spec @@ -12,7 +12,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 142%{anolis_release}%{?dist}.3 +Release: 148%{anolis_release}%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -29,12 +29,8 @@ Source6: gitignore Source8: strtoull_test.c Source9: 20-grub.install Source12: 99-grub-mkconfig.install -Source13: redhatsecurebootca3.cer -Source14: redhatsecureboot301.cer -Source15: redhatsecurebootca5.cer -Source16: redhatsecureboot502.cer -Source17: redhatsecureboot601.cer -Source18: redhatsecureboot701.cer +Source13: circle-boot-ca-cert.der +Source14: circle-boot-signing-cert.der Source19: sbat.csv.in %include %{SOURCE1} @@ -42,16 +38,16 @@ Source19: sbat.csv.in %if 0%{with_efi_arch} %define old_sb_ca %{SOURCE13} %define old_sb_cer %{SOURCE14} -%define old_sb_key redhatsecureboot301 -%define sb_ca %{SOURCE15} -%define sb_cer %{SOURCE16} -%define sb_key redhatsecureboot502 +%define old_sb_key circlebootsigningcert +%define sb_ca %{SOURCE13} +%define sb_cer %{SOURCE14} +%define sb_key circlebootsigningcert %endif %ifarch ppc64le -%define old_sb_cer %{SOURCE17} -%define sb_cer %{SOURCE18} -%define sb_key redhatsecureboot702 +%define old_sb_cer %{SOURCE13} +%define sb_cer %{SOURCE14} +%define sb_key circlebootsigningcert %endif # generate with do-rebase @@ -523,7 +519,7 @@ fi %endif %changelog -* Wed Feb 22 2023 Bo Ren - 2.02-142.0.1.3 +* Wed Jul 05 2023 Bo Ren - 2.02-148.0.1 - Build pc-modules package on x86_64 (geliwei@openanolis.org) - Add loongarch64 base support (zhangwenlong@loongson.cn)(chenguoqi@loongson.cn) - Fix a bug in bls_make_list, blscfg. (zhonglingh@linux.alibaba.com) @@ -532,21 +528,30 @@ fi - LoongArch64 support fdt and phy-addr BIOS(yangqiming@loongson.cn) - Remove dtb dir with correct argument (Liwei Ge) -* Mon Feb 06 2023 Robbie Harwood - 2.02-142.el8_7.3 -- Sync with 8.8 (actually 2.02-148) +* Mon Feb 06 2023 Robbie Harwood - 2.02-148 +- ppc64le: cas5, take 3 - Resolves: #2139508 -* Thu Jan 19 2023 Robbie Harwood - 2.02-142.el8_7.2 -- Sync with 8.8 (actually 2.02-147) -- Resolves: #2162411 +* Tue Jan 10 2023 Robbie Harwood - 2.02-147 +- Enable TDX measurement to RTMR register +- Resolves: #1981485 -* Thu Nov 08 2022 Robbie Harwood - 2.02-142.el8_7.1 -- Sync with 8.8 (actually 2.02-145) +* Wed Dec 14 2022 Robbie Harwood - 2.02-146 +- ppc64le: fix lpar cas5 +- Resolves: #2139508 + +* Tue Nov 08 2022 Robbie Harwood - 1:2.02-145 +- Font CVE fixes - Resolves: CVE-2022-2601 -* Thu Sep 08 2022 Robbie Harwood - 2.02-142 -- Drop the arena size changes -- Resolves: #2118896 +* Tue Oct 18 2022 Robbie Harwood - 2.02-144 +- blscfg: don't assume newline at end of cfg +- Resolves: #2121132 + +* Wed Oct 12 2022 Robbie Harwood - 2.02-143 +- x86-efi: Fix an incorrect array size in kernel allocation +- Also merge with 8.7 +- Resolves: #2031288 * Thu Aug 25 2022 Robbie Harwood - 2.02-141 - Implement vec5 for cas negotiation diff --git a/redhatsecureboot301.cer b/redhatsecureboot301.cer deleted file mode 100644 index 4ff8b79e6736e566dbf39603e0887a53345aa4e4..0000000000000000000000000000000000000000 Binary files a/redhatsecureboot301.cer and /dev/null differ diff --git a/redhatsecureboot502.cer b/redhatsecureboot502.cer deleted file mode 100644 index be0b5e211ccf8ad7ba74c88841c921cfdbad5a70..0000000000000000000000000000000000000000 Binary files a/redhatsecureboot502.cer and /dev/null differ diff --git a/redhatsecureboot601.cer b/redhatsecureboot601.cer deleted file mode 100644 index c92b96b4e0d360b90333361ea61f565f196ea20e..0000000000000000000000000000000000000000 Binary files a/redhatsecureboot601.cer and /dev/null differ diff --git a/redhatsecureboot701.cer b/redhatsecureboot701.cer deleted file mode 100644 index 25e3743e47c3c1f06da0124a1d99e99e4920f6e7..0000000000000000000000000000000000000000 Binary files a/redhatsecureboot701.cer and /dev/null differ diff --git a/redhatsecurebootca3.cer b/redhatsecurebootca3.cer deleted file mode 100644 index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000 Binary files a/redhatsecurebootca3.cer and /dev/null differ diff --git a/redhatsecurebootca5.cer b/redhatsecurebootca5.cer deleted file mode 100644 index dfb0284954861282d1a0ce16c8c5cdc71c27659f..0000000000000000000000000000000000000000 Binary files a/redhatsecurebootca5.cer and /dev/null differ diff --git a/sbat.csv.in b/sbat.csv.in index b338b5f58cb646e4d1892e941b4ba8c667d8a2c0..59a00611beb925b5ce305df8db67bfe50d06d026 100755 --- a/sbat.csv.in +++ b/sbat.csv.in @@ -1,3 +1,4 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ -grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com +grub,1,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/ +grub.rhel8,1,Red Hat Enterprise Linux 8,grub2,@@VERSION@@,mail:secalert@redhat.com +grub.circle8,1,Circle Linux 8,grub2,@@VERSION@@,mail:security@cclinux.org