grub2 security update

[2.02-156.0.1]

• Restore correct SBAT entries
• Replaced bugzilla.oracle.com references [Orabug: 35475894]
• efinet: Close and reopen card on failure [Orabug: 35126950]
• Fix CVE-2022-3775 [Orabug: 34867710]
• Bump SBAT metadata for grub to 3 [Orabug: 34871758]
• Enable signing on aarch64
• Don’t try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996]
• Enable back btrfs module by default [Orabug: 34377188]
• Backport upstream SNP protocol fixes [Orabug: 34195100]
• Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232]
• enable multiboot2 [Orabug: 34285558]
• backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462]
• backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462]
• Backport some better script logic for BTRFS support [Orabug: 32448171]
• Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
• Update Oracle SBAT data [Orabug: 32670033]
• Use new signing certificate [Orabug: 32670033]
• Fix various coverity issues [Orabug: 32530657]
• Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]
• Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]
• honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
• set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
• Update upstream references [Orabug: 26388226]
• Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
• fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
• Fix comparison in patch for 18504756
• Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
• Put ‘with’ in menuentry instead of ‘using’ [Orabug: 18504756]
• Use different titles for UEK and RHCK kernels [Orabug: 18504756]
  [2.02-156]
• fs/ntfs: OOB write fix
• (CVE-2023-4692)
• Resolves: #RHEL-11566
  [2.06-155]
• grub-set-bootflag: Fix for CVE-2024-1048
• (CVE-2024-1048)
• Resolves: #RHEL-20746
  [2.02-154]
• Missing install script for previous commit
• Related: #RHEL-4343
  [2.02-153]
• util: Enable default kernel for updates
• Resolves: #RHEL-4343
  [2.02-152]
• kern/ieee1275/init: ppc64: Restrict high memory in presence
  of fadump
• Resolves: #RHEL-14283
  [2.02-151]
• util: Regenerate kernelopts if missing on ppc
• Resolves: #2051889