| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: grub2 | Distribution: openSUSE:Factory:zSystems |
| Version: 2.12~rc1 | Vendor: openSUSE |
| Release: 13.1 | Build date: Fri Jan 5 21:53:05 2024 |
| Group: System/Boot | Build host: s390zl22 |
| Size: 22470112 | Source RPM: grub2-2.12~rc1-13.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.gnu.org/software/grub/ | |
| Summary: Bootloader with support for Linux, Multiboot and more | |
This is the second version of the GRUB (Grand Unified Bootloader), a highly configurable and customizable bootloader with modular architecture. It support rich scale of kernel formats, file systems, computer architectures and hardware devices. This package includes user space utlities to manage GRUB on your system.
GPL-3.0-or-later
* Wed Jan 03 2024 Michael Chang <mchang@suse.com>
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
* Thu Nov 30 2023 Michael Chang <mchang@suse.com>
- Fix reproducible build for grub.xen (bsc#1217619)
* 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
* 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
* Wed Nov 22 2023 Michael Chang <mchang@suse.com>
- Fix unattended boot with TPM2 allows downgrading kernel and rootfs, also
enhancing the overall security posture (bsc#1216680)
* 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
* 0002-Restrict-file-access-on-cryptodisk-print.patch
* 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
* 0004-Key-revocation-on-out-of-bound-file-access.patch
* Tue Nov 21 2023 Michael Chang <mchang@suse.com>
- grub2.spec: Fix openQA test failure in SLE-15-SP6 due to missing
font in memdisk
* Thu Nov 16 2023 Gary Ching-Pang Lin <glin@suse.com>
- Update the TPM2 patches to skip the persistent SRK handle if not
specified and improve the error messages
+ 0003-protectors-Add-TPM2-Key-Protector.patch
+ 0005-util-grub-protect-Add-new-tool.patch
+ 0004-tpm2-Support-authorized-policy.patch
* Tue Nov 14 2023 Michael Chang <mchang@suse.com>
- Fix XFS regression in 2.12~rc1 and support large extent counters
* 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch
* 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch
* 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch
* Mon Oct 30 2023 Michael Chang <mchang@suse.com>
- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
* 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
* Thu Oct 26 2023 Gary Ching-Pang Lin <glin@suse.com>
- Fix a potential error when appending multiple keys into the
synthesized initrd
* Fix-the-size-calculation-for-the-synthesized-initrd.patch
* Wed Oct 25 2023 Michael Chang <mchang@suse.com>
- Fix Xen chainloding error of no matching file path found (bsc#1216081)
* grub2-efi-chainload-harder.patch
* Mon Oct 23 2023 Michael Chang <mchang@suse.com>
- Use grub-tpm2 token to unlock keyslots to make the unsealing process more
efficient and secure.
* 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
* Mon Oct 16 2023 Michael Chang <mchang@suse.com>
- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
when signed image installation is specified (bsc#1216075)
* 0003-grub-install-support-prep-environment-block.patch
- grub2.spec: Add support to unlocking multiple encrypted disks in signed
grub.elf image for logical disks
* Fri Oct 06 2023 Michael Chang <mchang@suse.com>
- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
* 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
* 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
* 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
* 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
* 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
* 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4
* Thu Oct 05 2023 Fabian Vogt <fvogt@suse.com>
- Add patch to fix reading files from btrfs with "implicit" holes:
* 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
* Mon Oct 02 2023 Gary Ching-Pang Lin <glin@suse.com>
- Update the TPM 2.0 patches to support more RSA and ECC algorithms
* 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
* 0003-protectors-Add-TPM2-Key-Protector.patch
* 0005-util-grub-protect-Add-new-tool.patch
* Mon Oct 02 2023 Michael Chang <mchang@suse.com>
- Remove build require for gcc-32bit, target platform didn't rely on libgcc
function shipped with compiler but rather using functions supplied in grub
directly.
* Fri Sep 29 2023 Fabian Vogt <fvogt@suse.com>
- Add BuildIgnore to break cycle with the branding package
* Wed Sep 27 2023 Gary Ching-Pang Lin <glin@suse.com>
- Only build with fde-tpm-helper-rpm-macros for the architectures
supporting the newer UEFI and TPM 2.0.
* Also correct the location of %fde_tpm_update_requires
* Wed Sep 20 2023 Michael Chang <mchang@suse.com>
- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
* 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
* Tue Sep 19 2023 Gary Ching-Pang Lin <glin@suse.com>
- Add the new BuildRequires for EFI builds for the better FDE
support: fde-tpm-helper-rpm-macros
+ Also add the the macros to %post and %posttrans
* Mon Sep 11 2023 Chester Lin <clin@suse.com>
- Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151)
* arm64-Use-proper-memory-type-for-kernel-allocation.patch
* Thu Aug 31 2023 Andreas Schwab <schwab@suse.de>
- grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig
* Wed Aug 16 2023 Gary Ching-Pang Lin <glin@suse.com>
- Implement NV index mode for TPM 2.0 key protector
0001-protectors-Implement-NV-index.patch
- Fall back to passphrase mode when the key protector fails to
unlock the disk
0002-cryptodisk-Fallback-to-passphrase.patch
- Wipe out the cached key cleanly
0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
- Make diskfiler to look up cryptodisk devices first
0004-diskfilter-look-up-cryptodisk-devices-first.patch
* Thu Aug 03 2023 Gary Ching-Pang Lin <glin@suse.com>
- Change the bash-completion directory (bsc#1213855)
* grub2-change-bash-completion-dir.patch
* Thu Jul 27 2023 Michael Chang <mchang@suse.com>
- Version bump to 2.12~rc1 (PED-5589)
* Added:
- grub-2.12~rc1.tar.xz
* Removed:
- grub-2.06.tar.xz
* Patch dropped merged by new version:
- grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
- grub2-s390x-02-kexec-module-added-to-emu.patch
- grub2-efi-chainloader-root.patch
- grub2-Fix-incorrect-netmask-on-ppc64.patch
- 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
- 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- grub2-s390x-10-keep-network-at-kexec.patch
- 0001-Fix-build-error-in-binutils-2.36.patch
- 0001-emu-fix-executable-stack-marking.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
- 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- 0001-Filter-out-POSIX-locale-for-translation.patch
- 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
- 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
- 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
- 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
- 0002-ieee1275-claim-more-memory.patch
- 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
- 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
- 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
- 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
- 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
- 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
- 0001-libc-config-merge-from-glibc.patch
- 0001-video-Remove-trailing-whitespaces.patch
- 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
- 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
- 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
- 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
- 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
- 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
- 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
- 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
- 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
- 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- 0017-net-ip-Do-IP-fragment-maths-safely.patch
- 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
- 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
- 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
- 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
- 0022-net-tftp-Avoid-a-trivial-UAF.patch
- 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- 0024-net-http-Fix-OOB-write-for-split-http-headers.patch
- 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch
- 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
- 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
- 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
- 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
- 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
- 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
- 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch
- 0002-cryptodisk-Refactor-to-discard-have_it-global.patch
- 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch
- 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch
- 0005-cryptodisk-Improve-cryptomount-u-error-message.patch
- 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch
- 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch
- 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch
- 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch
- 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
- 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
- 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
- 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
- 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
- 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
- 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
- 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
- efi-set-variable-with-attrs.patch
- 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
- 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
- 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
- 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
- 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
- 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
- 0002-mm-Defer-the-disk-cache-invalidation.patch
- 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
- 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
- 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
- 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
- 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
- 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
- 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
- 0004-font-Remove-grub_font_dup_glyph.patch
- 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
- 0006-font-Fix-integer-overflow-in-BMP-index.patch
- 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
- 0008-fbutil-Fix-integer-overflow.patch
- 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
- 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
- 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
- 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
- 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- grub2-add-module-for-boot-loader-interface.patch
- 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
- 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
- 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
- 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
- 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
- 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
- 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
- 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
* Patch modified to new base version:
- use-grub2-as-a-package-name.patch
- grub2-fix-menu-in-xen-host-server.patch
- grub2-secureboot-add-linuxefi.patch
- grub2-secureboot-chainloader.patch
- grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
- grub2-s390x-03-output-7-bit-ascii.patch
- grub2-s390x-04-grub2-install.patch
- grub2-use-rpmsort-for-version-sorting.patch
- grub2-getroot-treat-mdadm-ddf-as-simple-device.patch
- grub2-grubenv-in-btrfs-header.patch
- grub2-commands-introduce-read_file-subcommand.patch
- grub2-efi-chainload-harder.patch
- grub2-emu-4-all.patch
- grub2-util-30_os-prober-multiple-initrd.patch
- grub2-install-fix-not-a-directory-error.patch
- grub-install-force-journal-draining-to-ensure-data-i.patch
- grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
- grub2-btrfs-04-grub2-install.patch
- grub2-btrfs-05-grub2-mkconfig.patch
- grub2-btrfs-06-subvol-mount.patch
- grub2-efi-xen-chainload.patch
- grub2-efi-xen-cmdline.patch
- grub2-efi-xen-removable.patch
- grub2-suse-remove-linux-root-param.patch
- grub2-ppc64le-disable-video.patch
- grub2-install-remove-useless-check-PReP-partition-is-empty.patch
- 0004-efinet-UEFI-IPv6-PXE-support.patch
- 0007-efinet-Setting-network-from-UEFI-device-path.patch
- 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
- 0001-add-support-for-UEFI-network-protocols.patch
- grub2-mkconfig-default-entry-correction.patch
- grub2-s390x-11-secureboot.patch
- grub2-secureboot-install-signed-grub.patch
- grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
- 0002-cmdline-Provide-cmdline-functions-as-module.patch
- 0001-efi-linux-provide-linux-command.patch
- 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
- 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
- 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
- 0001-Factor-out-grub_efi_linux_boot.patch
- 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
- 0015-test_asn1-test-module-for-libtasn1.patch
- 0021-appended-signatures-documentation.patch
- 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
- 0003-grub-install-support-prep-environment-block.patch
- 0004-Introduce-prep_load_env-command.patch
- 0001-grub-install-bailout-root-device-probing.patch
- 0001-install-fix-software-raid1-on-esp.patch
- 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
- 0001-protectors-Add-key-protectors-framework.patch
- 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
- 0004-cryptodisk-Support-key-protectors.patch
- 0008-linuxefi-Use-common-grub_initrd_load.patch
- 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
- grub-read-pcr.patch
- tpm-record-pcrs.patch
- 0001-clean-up-crypttab-and-linux-modules-dependency.patch
* Patch refreshed:
- rename-grub-info-file-to-grub2.patch
- grub2-linux.patch
- grub2-simplefb.patch
- grub2-ppc-terminfo.patch
- grub2-pass-corret-root-for-nfsroot.patch
- grub2-efi-HP-workaround.patch
- grub2-secureboot-no-insmod-on-sb.patch
- grub2-linuxefi-fix-boot-params.patch
- grub2-s390x-05-grub2-mkconfig.patch
- grub2-xen-linux16.patch
- grub2-efi-disable-video-cirrus-and-bochus.patch
- grub2-vbe-blacklist-preferred-1440x900x32.patch
- grub2-mkconfig-aarch64.patch
- grub2-menu-unrestricted.patch
- grub2-mkconfig-arm.patch
- grub2-s390x-06-loadparm.patch
- grub2-s390x-07-add-image-param-for-zipl-setup.patch
- grub2-s390x-08-workaround-part-to-disk.patch
- grub2-diskfilter-support-pv-without-metadatacopies.patch
- grub2-getroot-support-nvdimm.patch
- grub2-s390x-skip-zfcpdump-image.patch
- grub2-btrfs-02-export-subvolume-envvars.patch
- grub2-btrfs-03-follow_default.patch
- grub2-btrfs-07-subvol-fallback.patch
- grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
- grub2-btrfs-09-get-default-subvolume.patch
- grub2-btrfs-10-config-directory.patch
- grub2-efi-xen-cfg-unquote.patch
- grub2-Add-hidden-menu-entries.patch
- grub2-SUSE-Add-the-t-hotkey.patch
- grub2-ppc64le-memory-map.patch
- grub2-ppc64-cas-reboot-support.patch
- grub2-ppc64-cas-new-scope.patch
- grub2-ppc64-cas-fix-double-free.patch
- 0003-bootp-New-net_bootp6-command.patch
- 0005-grub.texi-Add-net_bootp6-doument.patch
- 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
- 0012-tpm-Build-tpm-as-module.patch
- 0002-AUDIT-0-http-boot-tracker-bug.patch
- grub2-btrfs-help-on-snapper-rollback.patch
- grub2-video-limit-the-resolution-for-fixed-bimap-font.patch
- 0001-kern-mm.c-Make-grub_calloc-inline.patch
- 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
- 0003-Make-grub_error-more-verbose.patch
- 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
- 0001-Workaround-volatile-efi-boot-variable.patch
- 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
- 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
- 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
- 0005-docs-grub-Document-signing-grub-under-UEFI.patch
- 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
- 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
- 0008-pgp-factor-out-rsa_pad.patch
- 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
- 0011-libtasn1-import-libtasn1-4.18.0.patch
- 0014-libtasn1-compile-into-asn1-module.patch
- 0016-grub-install-support-embedding-x509-certificates.patch
- 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
- 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
- 0019-appended-signatures-support-verifying-appended-signa.patch
- 0020-appended-signatures-verification-tests.patch
- 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
- 0002-Add-grub_disk_write_tail-helper-function.patch
- 0005-export-environment-at-start-up.patch
- 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- 0003-protectors-Add-TPM2-Key-Protector.patch
- 0005-util-grub-protect-Add-new-tool.patch
- 0010-templates-import-etc-crypttab-to-grub.cfg.patch
- grub-install-record-pcrs.patch
- safe_tpm_pcr_snapshot.patch
- 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
- 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
- 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
- 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
- 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
* New:
- 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch
- 0001-font-Try-memdisk-fonts-with-the-same-name.patch
- 0001-Make-grub.cfg-compatible-to-old-binaries.patch
- 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch
* Embedding fonts in the grub.efi to get signed for secure boot
* Wed Jul 26 2023 Michael Chang <mchang@suse.com>
- Fix error message "unknown command tpm_record_pcrs" with encrypted boot and
no tpm device present (bsc#1213547)
* 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
* Tue May 30 2023 Dirk Müller <dmueller@suse.com>
- add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch,
0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch:
* support more featureful extX filesystems (backport from
upstream git)
* Thu May 04 2023 Michael Chang <mchang@suse.com>
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
* Wed Apr 26 2023 Gary Ching-Pang Lin <glin@suse.com>
- Exclude the deprecated EFI location, /usr/lib64/efi/, from
Tumbleweed and ALP
* Fri Apr 21 2023 Gary Ching-Pang Lin <glin@suse.com>
- Update TPM 2.0 key unsealing patches
* Add the new upstreaming patches
0001-protectors-Add-key-protectors-framework.patch
0002-tpm2-Add-TPM-Software-Stack-TSS.patch
0003-protectors-Add-TPM2-Key-Protector.patch
0004-cryptodisk-Support-key-protectors.patch
0005-util-grub-protect-Add-new-tool.patch
* Add the authorized policy patches based on the upstreaming
patches
0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
0002-tpm2-Add-more-marshal-unmarshal-functions.patch
0003-tpm2-Implement-more-TPM2-commands.patch
0004-tpm2-Support-authorized-policy.patch
* Drop the old patches
0010-protectors-Add-key-protectors-framework.patch
0011-tpm2-Add-TPM-Software-Stack-TSS.patch
0012-protectors-Add-TPM2-Key-Protector.patch
0013-cryptodisk-Support-key-protectors.patch
0014-util-grub-protect-Add-new-tool.patch
fix-tpm2-build.patch
tpm-protector-dont-measure-sealed-key.patch
tpm-protector-export-secret-key.patch
grub-unseal-debug.patch
0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
0005-tpm2-add-more-marshal-unmarshal-functions.patch
0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
0009-tpm2-remove-the-unnecessary-variables.patch
0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
0012-tpm2-initialize-the-PCR-selection-list-early.patch
0013-tpm2-support-unsealing-key-with-authorized-policy.patch
* Refresh grub-read-pcr.patch
* Introduce a new build requirement: libtasn1-devel
- Only package grub2-protect for the architectures with EFI support
* Fri Apr 21 2023 Michael Chang <mchang@suse.com>
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
* 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
* 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
* Tue Apr 18 2023 Michael Chang <mchang@suse.com>
- Fix no prep partition error on non-PReP architectures by making the
prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489)
* 0004-Introduce-prep_load_env-command.patch
- Fix the issue of freeing an uninitialized pointer
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Rediff
* 0005-export-environment-at-start-up.patch
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
* Tue Apr 11 2023 Michael Chang <mchang@suse.com>
- Resolve some issues with OS boot failure on PPC NVMe-oF disks and made
enhancements to PPC secure boot's root device discovery config (bsc#1207230)
- Ensure get_devargs and get_devname functions are consistent
* 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
- Fix regex for Open Firmware device specifier with encoded commas
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution.
* 0004-Introduce-prep_load_env-command.patch
- Refreshed
* 0005-export-environment-at-start-up.patch
* Thu Mar 23 2023 Michael Chang <mchang@suse.com>
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
btrfs filesystem. (bsc#1209165)
* grub2-btrfs-05-grub2-mkconfig.patch
* Mon Mar 20 2023 Michael Chang <mchang@suse.com>
- Restrict cryptsetup key file permission for better security (bsc#1207499)
* 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
* 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
* Wed Mar 15 2023 Hans-Peter Jansen <hpj@urpla.net>
- Meanwhile, memtest86+ gained EFI support, but using the grub
command line to run it manually is quite tedious...
Adapt 20_memtest86+ to provide a proper menu entry. Executing
memtest requires to turn security off in BIOS: (Boot Mode: Other OS).
* Mon Mar 13 2023 rw@suse.com
- Tolerate kernel moved out of /boot. (bsc#1184804)
* grub2-s390x-12-zipl-setup-usrmerge.patch
* Mon Mar 06 2023 Michael Chang <mchang@suse.com>
- Discard cached key from grub shell and editor mode
* 0001-clean-up-crypttab-and-linux-modules-dependency.patch
* 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
* Fri Mar 03 2023 Michael Chang <mchang@suse.com>
- Make grub more robust against storage race condition causing system boot
failures (bsc#1189036)
* 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
* Wed Mar 01 2023 Michael Chang <mchang@suse.com>
- Fix riscv64 error for relocation 0x13 is not implemented yet
* 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
* Wed Feb 22 2023 Michael Chang <mchang@suse.com>
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
* 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
* 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Rediff
* safe_tpm_pcr_snapshot.patch
- Patch supersceded
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
* Wed Feb 15 2023 Gary Ching-Pang Lin <glin@suse.com>
- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to
handle the TPM2 responseCode correctly.
* Fri Feb 10 2023 Valentin Lefebvre <valentin.lefebvre@suse.com>
- Add module for boot loader interface. Needed for load Unified Kernel
Image (UKI)
* grub2-add-module-for-boot-loader-interface.patch
* Thu Feb 09 2023 Gary Ching-Pang Lin <glin@suse.com>
- Amend the TPM2 stack and add authorized policy mode to
tpm2_key_protector
* 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
* 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
* 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
* 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
* 0005-tpm2-add-more-marshal-unmarshal-functions.patch
* 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
* 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
* 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
* 0009-tpm2-remove-the-unnecessary-variables.patch
* 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
* 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
* 0012-tpm2-initialize-the-PCR-selection-list-early.patch
* 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
* Wed Feb 08 2023 Michael Chang <mchang@suse.com>
- Fix nvmf boot device setup (bsc#1207811)
* 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
* Tue Feb 07 2023 Michael Chang <mchang@suse.com>
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
* 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
* Sat Feb 04 2023 Michael Chang <mchang@suse.com>
- Fix GCC 13 build failure (bsc#1201089)
* 0002-AUDIT-0-http-boot-tracker-bug.patch
* Tue Jan 03 2023 Gary Ching-Pang Lin <glin@suse.com>
- Move unsupported zfs modules into 'extras' packages
(bsc#1205554) (PED-2947)
* Fri Dec 30 2022 Michael Chang <mchang@suse.com>
- Fix inappropriately including commented lines in crypttab (bsc#1206279)
* 0010-templates-import-etc-crypttab-to-grub.cfg.patch
* Fri Dec 23 2022 Michael Chang <mchang@suse.com>
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
* Mon Dec 19 2022 Michael Chang <mchang@suse.com>
- Setup multiple device paths for a nvmf boot device (bsc#1205666)
* 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
* Fri Dec 16 2022 Gary Ching-Pang Lin <glin@suse.com>
- Increase the path buffer in the crypttab command for the long
volume name (bsc#1206333)
* grub2-increase-crypttab-path-buffer.patch
* Mon Dec 05 2022 Michael Chang <mchang@suse.com>
- Add tpm to signed grub.elf image (PED-1990) (bsc#1205912)
- Increase initial heap size from 1/4 to 1/3
* 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
* Tue Nov 22 2022 Michael Chang <mchang@suse.com>
- Make full utilization of btrfs bootloader area (bsc#1161823)
* 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
* 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
- Patch removed
* 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
* Mon Nov 21 2022 Michael Chang <mchang@suse.com>
- Fix regression of reverting back to asking password twice when a keyfile is
already used (bsc#1205309)
* 0010-templates-import-etc-crypttab-to-grub.cfg.patch
* Wed Nov 16 2022 Michael Chang <mchang@suse.com>
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
* Mon Nov 14 2022 Michael Chang <mchang@suse.com>
- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported
regression in some hardware being stuck in initrd loading (bsc#1205380)
* Mon Nov 14 2022 Michael Chang <mchang@suse.com>
- Fix password asked twice if third field in crypttab not present (bsc#1205312)
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
* Fri Oct 28 2022 Michael Chang <mchang@suse.com>
- NVMeoFC support on grub (jsc#PED-996)
* 0001-ieee1275-add-support-for-NVMeoFC.patch
* 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
* 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch
* 0004-ofpath-controller-name-update.patch
- TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265)
* 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
* 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
* 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
- Measure the kernel on POWER10 and extend TPM PCRs (PED-1990)
* 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Fix efi pcr snapshot related funtion is defined but not used on powerpc
platform.
* safe_tpm_pcr_snapshot.patch
* Mon Oct 24 2022 Michael Chang <mchang@suse.com>
- Include loopback into signed grub2 image (jsc#PED-2150)
* Thu Oct 06 2022 Michael Chang <mchang@suse.com>
- Fix firmware oops after disk decrypting failure (bsc#1204037)
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
* Fri Sep 23 2022 Michael Chang <mchang@suse.com>
- Add patch to fix kernel relocation error in low memory
* 0001-linux-fix-efi_relocate_kernel-failure.patch
* Mon Sep 19 2022 Michael Chang <mchang@suse.com>
- Add safety measure to pcr snapshot by checking platform and tpm status
* safe_tpm_pcr_snapshot.patch
* Fri Sep 16 2022 Michael Chang <mchang@suse.com>
- Fix installation failure due to unavailable nvram device on
ppc64le (bsc#1201361)
* 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
* Fri Sep 16 2022 Gary Ching-Pang Lin <glin@suse.com>
- Add patches to dynamically allocate additional memory regions for
EFI systems (bsc#1202438)
* 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
* 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
* 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
* 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
* 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
- Enlarge the default heap size and defer the disk cache
invalidation (bsc#1202438)
* 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
* 0002-mm-Defer-the-disk-cache-invalidation.patch
* Thu Sep 15 2022 Michael Chang <mchang@suse.com>
- Add patches for ALP FDE support
* 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
* 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
* 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
* 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
* 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
* 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
* 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
* 0008-linuxefi-Use-common-grub_initrd_load.patch
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
* 0010-templates-import-etc-crypttab-to-grub.cfg.patch
* grub-read-pcr.patch
* efi-set-variable-with-attrs.patch
* tpm-record-pcrs.patch
* tpm-protector-dont-measure-sealed-key.patch
* tpm-protector-export-secret-key.patch
* grub-install-record-pcrs.patch
* grub-unseal-debug.patch
* Mon Aug 29 2022 Michael Chang <mchang@suse.com>
- Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438)
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
* Thu Aug 18 2022 Michael Chang <mchang@suse.com>
- Fix tpm error stop tumbleweed from booting (bsc#1202374)
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Patch Removed
* 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
* Wed Jun 08 2022 Michael Chang <mchang@suse.com>
- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625)
- Make grub-tpm.efi a symlink to grub.efi
* grub2.spec
- Log error when tpm event log is full and continue
* 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
- Patch superseded
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
* Wed Jun 08 2022 Michael Chang <mchang@suse.com>
- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) (jsc#PED-1276)
* 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch
* 0002-cryptodisk-Refactor-to-discard-have_it-global.patch
* 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch
* 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch
* 0005-cryptodisk-Improve-cryptomount-u-error-message.patch
* 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch
* 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch
* 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch
* 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch
* 0010-protectors-Add-key-protectors-framework.patch
* 0011-tpm2-Add-TPM-Software-Stack-TSS.patch
* 0012-protectors-Add-TPM2-Key-Protector.patch
* 0013-cryptodisk-Support-key-protectors.patch
* 0014-util-grub-protect-Add-new-tool.patch
- Fix no disk unlocking happen (bsc#1196668)
* 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
- Fix build error
* fix-tpm2-build.patch
* Tue May 31 2022 Michael Chang <mchang@suse.com>
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
* 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
* 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0017-net-ip-Do-IP-fragment-maths-safely.patch
* 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0022-net-tftp-Avoid-a-trivial-UAF.patch
* 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0024-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch
* 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
* 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
* 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
* 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
* 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
* 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
* 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Bump grub's SBAT generation to 2
* Tue May 31 2022 Michael Chang <mchang@suse.com>
- Use boot disks in OpenFirmware, fixing regression caused by
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
the root LV is completely in the boot LUN (bsc#1197948)
* 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
* Thu May 26 2022 Michael Chang <mchang@suse.com>
- Fix error message in displaying help on bootable snapshot (bsc#1199609)
* Tue May 17 2022 Michael Chang <mchang@suse.com>
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810) (bsc#1209667) (bsc#1209372)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix ppc64le build error for new IEEE long double ABI
* 0001-libc-config-merge-from-glibc.patch
* Thu Apr 21 2022 Michael Chang <mchang@suse.com>
- Fix Power10 LPAR error "The partition fails to activate as partition went
into invalid state" (bsc#1198714)
* 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
* Mon Apr 11 2022 Ludwig Nussel <lnussel@suse.de>
- use common SBAT values (boo#1193282)
* Fri Mar 25 2022 Michael Chang <mchang@suse.com>
- Fix wrong order in kernel sorting of listing rc before final release
(bsc#1197376)
* grub2-use-rpmsort-for-version-sorting.patch
* Fri Mar 18 2022 Michael Chang <mchang@suse.com>
- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
* 0001-grub-probe-Deduplicate-probed-partmap-output.patch
* Wed Mar 16 2022 Michael Chang <mchang@suse.com>
- Fix GCC 12 build failure (bsc#1196546)
* 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
* 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
* 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
- Revised
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
* Fri Mar 11 2022 Michael Chang <mchang@suse.com>
- Fix grub-install error when efi system partition is created as mdadm software
raid1 device (bsc#1179981) (bsc#1195204)
* 0001-install-fix-software-raid1-on-esp.patch
* Thu Mar 10 2022 Michael Chang <mchang@suse.com>
- Fix riscv64 build error
* 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
* Thu Mar 10 2022 Michael Chang <mchang@suse.com>
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
* 0001-grub-install-bailout-root-device-probing.patch
* Fri Mar 04 2022 Michael Chang <mchang@suse.com>
- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
* 0001-Add-grub_envblk_buf-helper-function.patch
* 0002-Add-grub_disk_write_tail-helper-function.patch
* 0003-grub-install-support-prep-environment-block.patch
* 0004-Introduce-prep_load_env-command.patch
* 0005-export-environment-at-start-up.patch
- Use enviroment variable in early boot config to looking up root device
* grub2.spec
* Tue Mar 01 2022 Michal Suchanek <msuchanek@suse.com>
- Remove obsolete openSUSE 12.2 conditionals in spec file
- Clean up powerpc certificate handling.
* Thu Feb 10 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Set grub2-check-default shebang to "#!/bin/bash", as the the code
uses many instructions which are undefined for a POSIX sh.
(boo#1195794).
* Fri Jan 14 2022 Michael Chang <mchang@suse.com>
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
* Thu Jan 13 2022 Michael Chang <mchang@suse.com>
- Fix wrong default entry when booting snapshot (bsc#1159205)
* grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
* Tue Jan 11 2022 Michael Chang <mchang@suse.com>
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
(bsc#1192686)
* 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
* 0002-ieee1275-claim-more-memory.patch
* 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
* 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
* 0005-docs-grub-Document-signing-grub-under-UEFI.patch
* 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
* 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
* 0008-pgp-factor-out-rsa_pad.patch
* 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
* 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
* 0011-libtasn1-import-libtasn1-4.18.0.patch
* 0012-libtasn1-disable-code-not-needed-in-grub.patch
* 0013-libtasn1-changes-for-grub-compatibility.patch
* 0014-libtasn1-compile-into-asn1-module.patch
* 0015-test_asn1-test-module-for-libtasn1.patch
* 0016-grub-install-support-embedding-x509-certificates.patch
* 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
* 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
* 0019-appended-signatures-support-verifying-appended-signa.patch
* 0020-appended-signatures-verification-tests.patch
* 0021-appended-signatures-documentation.patch
* 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
* 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
* Mon Jan 10 2022 Michael Chang <mchang@suse.com>
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
* grub2-systemd-sleep-plugin
* Tue Dec 21 2021 Michael Chang <mchang@suse.com>
- Fix CVE-2021-3981 (bsc#1189644)
* 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
* Fri Dec 17 2021 Michael Chang <mchang@suse.com>
- Fix can't allocate initrd error (bsc#1191378)
* 0001-Factor-out-grub_efi_linux_boot.patch
* 0002-Fix-race-in-EFI-validation.patch
* 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
* 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
* 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
* 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
* 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
* 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
* 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
* 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
* 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
* Wed Dec 08 2021 Michal Suchanek <msuchanek@suse.com>
- Add support for simplefb (boo#1193532).
+ grub2-simplefb.patch
* Mon Dec 06 2021 Michael Chang <mchang@suse.com>
- Fix extent not found when initramfs contains shared extents (bsc#1190982)
* 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
* Thu Nov 11 2021 Michael Chang <mchang@suse.com>
- Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522)
* 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
* 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
* Thu Oct 21 2021 Michael Chang <mchang@suse.com>
- Remove openSUSE Tumbleweed specific handling for default grub
distributor (bsc#1191198)
- Use /usr/lib/os-release as fallback (bsc#1191196)
* grub2-default-distributor.patch
* grub2-check-default.sh
- VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474) (CVE-2021-46705)
* grub2-once
* grub2-once.service
- Fix unknown TPM error on buggy uefi firmware (bsc#1191504)
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
* 0001-Filter-out-POSIX-locale-for-translation.patch
- Fix error lvmid disk cannot be found after second disk added to the root
volume group (bsc#1189874) (bsc#1071559)
* 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
- Fix error in grub installation due to unnecessary requirement to support
excessive device for the root logical volume (bsc#1184135)
* 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
- Fix regression in reading xfs v4
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
* Tue Oct 19 2021 Fabian Vogt <fvogt@suse.com>
- Fix installation on usrmerged s390x
* Wed Sep 22 2021 rw@suse.com
- Improve support for SLE Micro 5.1 on s390x. (bsc#1190395)
* amend grub2-s390x-04-grub2-install.patch
* refresh grub2-s390x-11-secureboot.patch
* Tue Sep 07 2021 Michael Chang <mchang@suse.com>
- Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061)
* 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
* Wed Sep 01 2021 Michael Chang <mchang@suse.com>
- Add btrfs zstd compression on i386-pc and also make sure it won't break
existing grub installations (bsc#1161823)
* deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch
* added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
* Tue Aug 31 2021 Petr Vorel <pvorel@suse.cz>
- Delete the author list from %description (the %description section is
literally for package descriptions (only) these days, encoding was also
problematic).
- Add %doc AUTHORS to get packaged that info
* Wed Aug 04 2021 Stefan Seyfried <seife+obs@b1-systems.com>
- update grub2-systemd-sleep.sh to fix hibernation by avoiding the
error "no kernelfile matching the running kernel found" on
usrmerged setup
* Wed Aug 04 2021 Fabian Vogt <fvogt@suse.com>
- Use %autosetup
* Thu Jul 22 2021 Petr Vorel <pvorel@suse.cz>
- Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
with upstream backport:
0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and
0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch.
* Mon Jun 28 2021 Michael Chang <mchang@suse.com>
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
* 80_suse_btrfs_snapshot
* Wed Jun 23 2021 Michael Chang <mchang@suse.com>
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
* grub2-fix-error-terminal-gfxterm-isn-t-found.patch
* Mon Jun 21 2021 Michael Chang <mchang@suse.com>
- Fix boot failure after kdump due to the content of grub.cfg is not
completed with pending modificaton in xfs journal (bsc#1186975)
* grub-install-force-journal-draining-to-ensure-data-i.patch
- Patch refreshed
* grub2-mkconfig-default-entry-correction.patch
* Thu Jun 03 2021 Michael Chang <mchang@suse.com>
- Version bump to 2.06
* rediff
- 0001-add-support-for-UEFI-network-protocols.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- 0003-Make-grub_error-more-verbose.patch
- 0003-bootp-New-net_bootp6-command.patch
- 0005-grub.texi-Add-net_bootp6-doument.patch
- 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
- 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
- 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- grub-install-force-journal-draining-to-ensure-data-i.patch
- grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
- grub2-diskfilter-support-pv-without-metadatacopies.patch
- grub2-efi-HP-workaround.patch
- grub2-efi-xen-cfg-unquote.patch
- grub2-efi-xen-chainload.patch
- grub2-fix-menu-in-xen-host-server.patch
- grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
- grub2-install-remove-useless-check-PReP-partition-is-empty.patch
- grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
- grub2-mkconfig-default-entry-correction.patch
- grub2-pass-corret-root-for-nfsroot.patch
- grub2-s390x-03-output-7-bit-ascii.patch
- grub2-s390x-04-grub2-install.patch
- grub2-secureboot-install-signed-grub.patch
- grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
- use-grub2-as-a-package-name.patch
* update by patch squashed:
- 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
- grub2-efi-chainload-harder.patch
- grub2-secureboot-no-insmod-on-sb.patch
- grub2-secureboot-chainloader.patch
- grub2-secureboot-add-linuxefi.patch
* remove squashed patches:
- 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
- 0009-squash-Add-support-for-linuxefi.patch
- 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
- 0042-squash-grub2-efi-chainload-harder.patch
- 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
- 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* drop upstream patches:
- 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
- 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
- 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
- 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
- 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
- 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
- 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
- 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
- 0002-kern-Add-X-option-to-printf-functions.patch
- 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
- 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
- 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
- 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
- 0003-normal-main-Search-for-specific-config-files-for-net.patch
- 0004-calloc-Use-calloc-at-most-places.patch
- 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
- 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
- 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
- 0005-efi-Add-secure-boot-detection.patch
- 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
- 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
- 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
- 0007-font-Do-not-load-more-than-one-NAME-section.patch
- 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
- 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
- 0008-script-Remove-unused-fields-from-grub_script_functio.patch
- 0009-kern-Add-lockdown-support.patch
- 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
- 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
- 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
- 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
- 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
- 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
- 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
- 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
- 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
- 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
- 0018-gdb-Restrict-GDB-access-when-locked-down.patch
- 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
- 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
- 0025-kern-parser-Fix-a-memory-leak.patch
- 0026-kern-parser-Introduce-process_char-helper.patch
- 0027-kern-parser-Introduce-terminate_arg-helper.patch
- 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
- 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
- 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
- 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
- 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
- 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
- 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
- 0036-util-mkimage-Improve-data_size-value-calculation.patch
- 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
- 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
- 0039-grub-install-common-Add-sbat-option.patch
- 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
- grub-install-define-default-platform-for-risc-v.patch
- grub2-editenv-add-warning-message.patch
- grub2-efi-gop-add-blt.patch
- grub2-efi-uga-64bit-fb.patch
- grub2-verifiers-fix-system-freeze-if-verify-failed.patch
- risc-v-add-clzdi2-symbol.patch
- risc-v-fix-computation-of-pc-relative-relocation-offset.patch
- Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to
use disk devie if grub has been installed to it
- Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix
detection of efi fwsetup support
* Mon May 31 2021 Michael Chang <mchang@suse.com>
- Fix running grub2-once leads to failure of starting systemd service in the
boot sequence (bsc#1169460)
* grub2-once
* grub2-once.service
* Fri May 28 2021 Michael Chang <mchang@suse.com>
- Fix crash in launching gfxmenu without theme file (bsc#1186481)
* grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
* Tue May 11 2021 Michael Chang <mchang@suse.com>
- Fix plaintext password in grub config didn't work to unlock menu entry if
enabling secure boot in UEFI (bsc#1181892)
* Fri Apr 23 2021 Michael Chang <mchang@suse.com>
- Fix obsolete syslog in systemd unit file and updating to use journal as
StandardOutput (bsc#1185149)
* grub2-once.service
* Mon Apr 19 2021 Michael Chang <mchang@suse.com>
- Fix build error on armv6/armv7 (bsc#1184712)
* 0001-emu-fix-executable-stack-marking.patch
* Thu Apr 08 2021 Michael Chang <mchang@suse.com>
- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
* 0001-Workaround-volatile-efi-boot-variable.patch
* Tue Mar 16 2021 Michael Chang <mchang@suse.com>
- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of
nvme namespace (bsc#1177751)
0001-ieee1275-Avoiding-many-unecessary-open-close.patch
* Thu Mar 11 2021 Michael Chang <mchang@suse.com>
- Fix chainloading windows on dual boot machine (bsc#1183073)
* 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
* Fri Feb 26 2021 Michael Chang <mchang@suse.com>
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
* 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
* 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
* 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
* 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
* 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
* 0036-util-mkimage-Improve-data_size-value-calculation.patch
* 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
* 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
* 0039-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
* 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
* 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
* 0025-kern-parser-Fix-a-memory-leak.patch
* 0026-kern-parser-Introduce-process_char-helper.patch
* 0027-kern-parser-Introduce-terminate_arg-helper.patch
* 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
* 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
* 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
* 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
* 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
* 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
* 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
* 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
* 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
* 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
* 0005-efi-Add-secure-boot-detection.patch
* 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
* 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
* 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
* 0009-kern-Add-lockdown-support.patch
* 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
* 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
* 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
* 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
* 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
* 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
* 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
* 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
* 0018-gdb-Restrict-GDB-access-when-locked-down.patch
* 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
* 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
* 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
* 0042-squash-grub2-efi-chainload-harder.patch
* 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
* 0044-squash-kern-Add-lockdown-support.patch
* 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- Drop patch supersceded by the new backport
* 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch
* 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch
* 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
- Add SBAT metadata section to grub.efi
- Drop shim_lock module as it is part of core of grub.efi
* grub2.spec
* Mon Feb 22 2021 Michael Chang <mchang@suse.com>
- Fix build error in binutils 2.36 (bsc#1181741)
* 0001-Fix-build-error-in-binutils-2.36.patch
- Fix executable stack in grub-emu (bsc#1181696)
* 0001-emu-fix-executable-stack-marking.patch
* Thu Feb 18 2021 Michael Chang <mchang@suse.com>
- Restore compatibilty sym-links
* grub2.spec
- Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044)
* grub2.rpmlintrc
* Wed Jan 27 2021 Michael Chang <mchang@suse.com>
- Complete Secure Boot support on aarch64 (jsc#SLE-15020)
* 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
* 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
* 0003-Make-grub_error-more-verbose.patch
* 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
* 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
* 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
* 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
* 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* 0009-squash-Add-support-for-linuxefi.patch
* Thu Jan 21 2021 Michael Chang <mchang@suse.com>
- Fix rpmlint 2.0 error for having arch specific path in noarch package aiming
for compatibility with old package (bsc#1179044)
* grub2.spec
- Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091)
* grub2-check-default.sh
* Mon Nov 02 2020 Michael Chang <mchang@suse.com>
- Fix boot failure in blocklist installation (bsc#1178278)
* Modified 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
* Thu Oct 22 2020 Michael Chang <mchang@suse.com>
- Fix grub2-install error with "failed to get canonical path of
`/boot/grub2/i386-pc'." (bsc#1177957)
* Modified 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
* Wed Oct 14 2020 Michael Chang <mchang@suse.com>
- Fix https boot interrupted by unrecognised network address error message
(bsc#1172952)
* 0001-add-support-for-UEFI-network-protocols.patch
* Tue Oct 13 2020 Michael Chang <mchang@suse.com>
- grub2.spec: Fix bare words used as string in expression which is no longer
allowed in rpm 4.16
* Fri Sep 25 2020 Michael Chang <mchang@suse.com>
- Improve the error handling when grub2-install fails with short mbr gap
(bsc#1176062)
* 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
* 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
* Wed Sep 09 2020 Michael Chang <mchang@suse.com>
- Make efi hand off the default entry point of the linux command (bsc#1176134)
* 0001-efi-linux-provide-linux-command.patch
* Thu Aug 27 2020 Michael Chang <mchang@suse.com>
- Fix verification requested but nobody cares error when loading external
module in secure boot off (bsc#1175766)
* 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch
* Sat Aug 22 2020 Michael Chang <mchang@suse.com>
- Make consistent check to enable relative path on btrfs (bsc#1174567)
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
* Fri Aug 21 2020 Michael Chang <mchang@suse.com>
- Add fibre channel device's ofpath support to grub-ofpathname and search hint
to speed up root device discovery (bsc#1172745)
* 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch
* 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
* Tue Aug 18 2020 Michael Chang <mchang@suse.com>
- Fix for CVE-2020-15705 (bsc#1174421)
* 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch
* 0002-cmdline-Provide-cmdline-functions-as-module.patch
* Thu Aug 13 2020 Michael Chang <mchang@suse.com>
- Make grub-calloc inline to avoid symbol not found error as the system may not
use updated grub to boot the system (bsc#1174782) (bsc#1175060) (bsc#1175036)
* 0001-kern-mm.c-Make-grub_calloc-inline.patch
* Mon Jul 27 2020 Michael Chang <mchang@suse.com>
- Fix for CVE-2020-10713 (bsc#1168994)
* 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
(bsc#1173812)
* 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
* 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
* 0004-calloc-Use-calloc-at-most-places.patch
* 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
* 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
* 0007-font-Do-not-load-more-than-one-NAME-section.patch
- Fix CVE-2020-15706 (bsc#1174463)
* 0008-script-Remove-unused-fields-from-grub_script_functio.patch
* 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
- Fix CVE-2020-15707 (bsc#1174570)
* 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
- Use overflow checking primitives where the arithmetic expression for buffer
allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur
* 0001-add-support-for-UEFI-network-protocols.patch
* 0003-bootp-New-net_bootp6-command.patch
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
* grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
* grub2-grubenv-in-btrfs-header.patch
* Thu Jul 16 2020 Michel Normand <normand@linux.vnet.ibm.com>
- No 95_textmode for PowerPC (boo#1174166)
* Mon May 18 2020 Michael Chang <mchang@suse.com>
- Skip zfcpdump kernel from the grub boot menu (bsc#1166513)
* grub2-s390x-skip-zfcpdump-image.patch
* Tue May 05 2020 Michael Chang <mchang@suse.com>
- Fix boot failure as journaled data not get drained due to abrupt power
off after grub-install (bsc#1167756)
* grub-install-force-journal-draining-to-ensure-data-i.patch
* Thu Apr 16 2020 Michael Chang <mchang@suse.com>
- Fix executable stack in grub-probe and other grub utility (bsc#1169137)
* grub2-btrfs-06-subvol-mount.patch
* Tue Mar 24 2020 Michael Chang <mchang@suse.com>
- Fix GCC 10 build fail (bsc#1158189)
* 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
* 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
* Fri Mar 20 2020 Michael Chang <mchang@suse.com>
- Backport to support searching for specific config files for netboot
(bsc#1166409)
* 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
* 0002-kern-Add-X-option-to-printf-functions.patch
* 0003-normal-main-Search-for-specific-config-files-for-net.patch
* 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
* Mon Mar 16 2020 Ludwig Nussel <lnussel@suse.de>
- move *.module files to separate -debug subpackage (boo#1166578)
* Thu Mar 12 2020 Fabian Vogt <fvogt@suse.com>
- Fix EFI console detection to make it a runtime decision (bsc#1164385)
* grub2-SUSE-Add-the-t-hotkey.patch
* Tue Mar 10 2020 Ludwig Nussel <lnussel@suse.de>
- Downgrade mtools to Suggests for consistency with xorriso (boo#1165839)
- remove info requirements, file triggers are used now (boo#1152105)
* Fri Feb 28 2020 rw@suse.com
- Add secure boot support for s390x. (jsc#SLE-9425)
* grub2-s390x-11-secureboot.patch
* Tue Feb 18 2020 Michael Chang <mchang@suse.com>
- Fix grub hangs after loading rogue image without valid signature for uefi
secure boot (bsc#1159102)
* grub2-verifiers-fix-system-freeze-if-verify-failed.patch
* Tue Feb 04 2020 Michael Chang <mchang@suse.com>
- From Stefan Seyfried <seife@novell.slipkontur.de> : Fix grub2-install fails
with "not a directory" error (boo#1161641, bsc#1162403)
* grub2-install-fix-not-a-directory-error.patch
/boot/grub2 /boot/grub2/grub.cfg /etc/default/grub /etc/default/zipl2grub.conf.in /etc/grub.d /etc/grub.d/00_header /etc/grub.d/05_crypttab /etc/grub.d/10_linux /etc/grub.d/20_linux_xen /etc/grub.d/25_bli /etc/grub.d/30_uefi-firmware /etc/grub.d/40_custom /etc/grub.d/41_custom /etc/grub.d/90_persistent /etc/grub.d/95_textmode /etc/grub.d/README /usr/bin/grub2-editenv /usr/bin/grub2-emu /usr/bin/grub2-file /usr/bin/grub2-fstest /usr/bin/grub2-kbdcomp /usr/bin/grub2-menulst2cfg /usr/bin/grub2-mkfont /usr/bin/grub2-mkimage /usr/bin/grub2-mklayout /usr/bin/grub2-mknetdir /usr/bin/grub2-mkpasswd-pbkdf2 /usr/bin/grub2-mkrelpath /usr/bin/grub2-mkrescue /usr/bin/grub2-mkstandalone /usr/bin/grub2-render-label /usr/bin/grub2-script-check /usr/bin/grub2-syslinux2cfg /usr/lib/dracut /usr/lib/dracut/modules.d /usr/lib/dracut/modules.d/99grub2 /usr/lib/dracut/modules.d/99grub2/grub2.sh /usr/lib/dracut/modules.d/99grub2/module-setup.sh /usr/lib/systemd/system/grub2-once.service /usr/sbin/grub2-check-default /usr/sbin/grub2-install /usr/sbin/grub2-mkconfig /usr/sbin/grub2-once /usr/sbin/grub2-probe /usr/sbin/grub2-reboot /usr/sbin/grub2-set-default /usr/sbin/grub2-zipl-setup /usr/share/bash-completion/completions/grub /usr/share/doc/packages/grub2 /usr/share/doc/packages/grub2/AUTHORS /usr/share/doc/packages/grub2/ChangeLog /usr/share/doc/packages/grub2/NEWS /usr/share/doc/packages/grub2/README /usr/share/doc/packages/grub2/README.ibm3215 /usr/share/doc/packages/grub2/THANKS /usr/share/doc/packages/grub2/TODO /usr/share/doc/packages/grub2/autoiso.cfg /usr/share/doc/packages/grub2/osdetect.cfg /usr/share/grub2 /usr/share/grub2/ascii.pf2 /usr/share/grub2/euro.pf2 /usr/share/grub2/grub-mkconfig_lib /usr/share/grub2/themes /usr/share/grub2/unicode.pf2 /usr/share/grub2/zipl-refresh /usr/share/info/grub-dev.info.gz /usr/share/info/grub2.info-1.gz /usr/share/info/grub2.info-2.gz /usr/share/info/grub2.info.gz /usr/share/licenses/grub2 /usr/share/licenses/grub2/COPYING /usr/share/locale/ast/LC_MESSAGES/grub2.mo /usr/share/locale/ca/LC_MESSAGES/grub2.mo /usr/share/locale/da/LC_MESSAGES/grub2.mo /usr/share/locale/de/LC_MESSAGES/grub2.mo /usr/share/locale/de_CH/LC_MESSAGES/grub2.mo /usr/share/locale/en@quot/LC_MESSAGES/grub2.mo /usr/share/locale/eo/LC_MESSAGES/grub2.mo /usr/share/locale/es/LC_MESSAGES/grub2.mo /usr/share/locale/fi/LC_MESSAGES/grub2.mo /usr/share/locale/fr/LC_MESSAGES/grub2.mo /usr/share/locale/gl/LC_MESSAGES/grub2.mo /usr/share/locale/hr/LC_MESSAGES/grub2.mo /usr/share/locale/hu/LC_MESSAGES/grub2.mo /usr/share/locale/id/LC_MESSAGES/grub2.mo /usr/share/locale/it/LC_MESSAGES/grub2.mo /usr/share/locale/ja/LC_MESSAGES/grub2.mo /usr/share/locale/ka/LC_MESSAGES/grub2.mo /usr/share/locale/ko/LC_MESSAGES/grub2.mo /usr/share/locale/lt/LC_MESSAGES/grub2.mo /usr/share/locale/nb/LC_MESSAGES/grub2.mo /usr/share/locale/nl/LC_MESSAGES/grub2.mo /usr/share/locale/pa/LC_MESSAGES/grub2.mo /usr/share/locale/pl/LC_MESSAGES/grub2.mo /usr/share/locale/pt/LC_MESSAGES/grub2.mo /usr/share/locale/pt_BR/LC_MESSAGES/grub2.mo /usr/share/locale/ro/LC_MESSAGES/grub2.mo /usr/share/locale/ru/LC_MESSAGES/grub2.mo /usr/share/locale/sl/LC_MESSAGES/grub2.mo /usr/share/locale/sr/LC_MESSAGES/grub2.mo /usr/share/locale/sv/LC_MESSAGES/grub2.mo /usr/share/locale/tr/LC_MESSAGES/grub2.mo /usr/share/locale/uk/LC_MESSAGES/grub2.mo /usr/share/locale/vi/LC_MESSAGES/grub2.mo /usr/share/locale/zh_CN/LC_MESSAGES/grub2.mo /usr/share/locale/zh_TW/LC_MESSAGES/grub2.mo /usr/share/man/man1/grub2-editenv.1.gz /usr/share/man/man1/grub2-emu.1.gz /usr/share/man/man1/grub2-file.1.gz /usr/share/man/man1/grub2-fstest.1.gz /usr/share/man/man1/grub2-kbdcomp.1.gz /usr/share/man/man1/grub2-menulst2cfg.1.gz /usr/share/man/man1/grub2-mkfont.1.gz /usr/share/man/man1/grub2-mkimage.1.gz /usr/share/man/man1/grub2-mklayout.1.gz /usr/share/man/man1/grub2-mknetdir.1.gz /usr/share/man/man1/grub2-mkpasswd-pbkdf2.1.gz /usr/share/man/man1/grub2-mkrelpath.1.gz /usr/share/man/man1/grub2-mkrescue.1.gz /usr/share/man/man1/grub2-mkstandalone.1.gz /usr/share/man/man1/grub2-render-label.1.gz /usr/share/man/man1/grub2-script-check.1.gz /usr/share/man/man1/grub2-syslinux2cfg.1.gz /usr/share/man/man8/grub2-install.8.gz /usr/share/man/man8/grub2-mkconfig.8.gz /usr/share/man/man8/grub2-probe.8.gz /usr/share/man/man8/grub2-reboot.8.gz /usr/share/man/man8/grub2-set-default.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024