Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: grub2 | Distribution: openSUSE Tumbleweed |
Version: 2.12 | Vendor: openSUSE |
Release: 23.1 | Build date: Fri Aug 2 10:44:40 2024 |
Group: System/Boot | Build host: reproducible |
Size: 28383175 | Source RPM: grub2-2.12-23.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: http://www.gnu.org/software/grub/ | |
Summary: Bootloader with support for Linux, Multiboot and more |
This is the second version of the GRUB (Grand Unified Bootloader), a highly configurable and customizable bootloader with modular architecture. It support rich scale of kernel formats, file systems, computer architectures and hardware devices. This package includes user space utlities to manage GRUB on your system.
GPL-3.0-or-later
* Fri Aug 02 2024 Michael Chang <mchang@suse.com> - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) * grub2-btrfs-06-subvol-mount.patch - Rediff * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch * Fri Aug 02 2024 Gary Ching-Pang Lin <glin@suse.com> - Switch to '--no-hostonly' when creating the ZIPL initrd in the KIWI build environment to avoid some potential issues due to the missing modules * grub2-s390x-set-hostonly.patch * Fri Jul 19 2024 Michael Chang <mchang@suse.com> - Fix error in grub-install when root is on tmpfs (bsc#1226100) * 0001-grub-install-bailout-root-device-probing.patch - Fix incorrect Platform tag in rpm header (bsc#1217967) * Fri Jul 05 2024 Michael Chang <mchang@suse.com> - Fix error if dash shell script is used (bsc#1226453) * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0009-10_linux-Some-refinement-for-BLS.patch - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) * 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch * Fri Jun 07 2024 Michael Chang <mchang@suse.com> - Add blscfg support * 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch * 0002-Add-BLS-support-to-grub-mkconfig.patch * 0003-Add-grub2-switch-to-blscfg.patch * 0004-blscfg-Don-t-root-device-in-emu-builds.patch * 0005-blscfg-check-for-mounted-boot-in-emu.patch * 0006-Follow-the-device-where-blscfg-is-discovered.patch * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0008-blscfg-reading-bls-fragments-if-boot-present.patch * 0009-10_linux-Some-refinement-for-BLS.patch * Mon May 20 2024 Gary Ching-Pang Lin <glin@suse.com> - Only enable grub-protect for EFI systems * 0001-util-enable-grub-protect-only-for-EFI-systems.patch * Wed May 15 2024 Gary Ching-Pang Lin <glin@suse.com> - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect * Wed May 15 2024 Michael Chang <mchang@suse.com> - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch * Thu May 02 2024 Michael Chang <mchang@suse.com> - Fix gcc error with CFLAGS=-Og * grub2-grubenv-in-btrfs-header.patch * Fri Apr 19 2024 Giacomo Comes <gcomes.obs@gmail.com> - remove deprecated file 20_memtest86+ * a similar file is provided by the package memtest86+ * Thu Apr 11 2024 Gary Ching-Pang Lin <glin@suse.com> - Fix the compatibility issue with bash-completion 2.12 (bsc#1221849) * 0001-util-bash-completion-Fix-for-bash-completion-2.12.patch * Fri Mar 29 2024 Michael Chang <mchang@suse.com> - Fix os name is used for root file system mount (bsc#1220949) * 0001-10_linux-Ensure-persistence-of-root-file-system-moun.patch * Wed Mar 27 2024 Michael Chang <mchang@suse.com> - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) * 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch * Mon Mar 25 2024 Michael Chang <mchang@suse.com> - Correct the erroneous sequence in determining GRUB_FS and GRUB_DEVICE (bsc#1221904) * grub2-pass-corret-root-for-nfsroot.patch * Fri Mar 22 2024 Michael Chang <mchang@suse.com> - Fix memdisk becomes the default boot entry, resolving no graphic display device error in guest vnc console (bsc#1221779) * grub2-xen-pv-firmware.cfg * Wed Mar 20 2024 Michael Chang <mchang@suse.com> - Cleanup spec file to adhere to update-bootloader-rpm-macros definition entirely (bsc#1218241) * Tue Mar 19 2024 Gary Ching-Pang Lin <glin@suse.com> - Add grub2-bsc1220338-key_protector-implement-the-blocklist.patch to implement a blocklist in the key protector and check the unwanted UEFI variables (bsc#1220338) * Mon Mar 04 2024 Gary Ching-Pang Lin <glin@suse.com> - Update grub2-change-bash-completion-dir.patch to support bash completion correctly (bsc#1218875) - Drop grub2-bash-completion-2.12.patch since the have() function is not used in those scripts anymore * Fri Mar 01 2024 Giacomo Comes <gcomes.obs@gmail.com> - disable the file 20_memtest86+ * added a deprecation note in the header * Thu Feb 29 2024 Dr. Werner Fink <werner@suse.de> - Add patch grub2-bash-completion-2.12.patch The shell function have() had become deprecated with 2.11 and had been removed from 2.12 which is now providing the shell function _comp_have_command() (boo#1220626) * Thu Feb 22 2024 Michael Chang <mchang@suse.com> - Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg (bsc#1219248) (bsc#1181762) * grub2-xen-pv-firmware.cfg * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch * Sat Feb 17 2024 Michael Chang <mchang@suse.com> - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch * add 0002-ofdisk-add-early_log-support.patch * Wed Feb 07 2024 Bernhard Wiedemann <bwiedemann@suse.com> - Sort tar file order for reproducible builds * Tue Feb 06 2024 Michael Chang <mchang@suse.com> - Fix build error on gcc-14 (bsc#1218949) * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch * Mon Jan 29 2024 Michael Chang <mchang@suse.com> - Remove magic number header field check on arm64 (bsc#1218783) * 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch * Tue Jan 23 2024 Michael Chang <mchang@suse.com> - Reinstate the verification for a non-zero total entry count to skip unmapped data blocks (bsc#1218864) * 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch - Removed temporary fix as reverting it will cause a different XFS parser bug * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch * Sat Jan 20 2024 Giacomo Comes <gcomes.obs@gmail.com> - allow to boot memtest86 if stored in /usr/lib/memtest86+ * SR#1071109 can then work * Wed Jan 17 2024 Michael Chang <mchang@suse.com> - Resolved XFS regression leading to the "not a correct XFS inode" error by temporarily reverting the problematic commit (bsc#1218864) * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch * Wed Jan 10 2024 Michael Chang <mchang@suse.com> - Version bump to 2.12 (PED-5589) * Added: - grub-2.12.tar.xz - fix_no_extra_deps_in_release_tarball.patch * Removed: - grub-2.12~rc1.tar.xz * Patch dropped as it merged into new version: - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch - 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch - 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch - 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch - 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch - 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch - 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch - 0006-fs-ntfs-Make-code-more-readable.patch - 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch - 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch - 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch - 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch - 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch - 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch * Patch adjusted for the updated base version: - use-grub2-as-a-package-name.patch - grub2-s390x-04-grub2-install.patch - grub2-btrfs-04-grub2-install.patch - grub2-ppc64le-disable-video.patch - 0002-AUDIT-0-http-boot-tracker-bug.patch - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch - 0016-grub-install-support-embedding-x509-certificates.patch - 0021-appended-signatures-documentation.patch - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch - safe_tpm_pcr_snapshot.patch * Wed Jan 03 2024 Michael Chang <mchang@suse.com> - grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot installation when secure boot is enabled (bsc#1217761) - Improved check for disk device when looking for PReP partition * 0004-Introduce-prep_load_env-command.patch * Thu Nov 30 2023 Michael Chang <mchang@suse.com> - Fix reproducible build for grub.xen (bsc#1217619) * 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch * 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch * Wed Nov 22 2023 Michael Chang <mchang@suse.com> - Fix unattended boot with TPM2 allows downgrading kernel and rootfs, also enhancing the overall security posture (bsc#1216680) * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * 0002-Restrict-file-access-on-cryptodisk-print.patch * 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch * 0004-Key-revocation-on-out-of-bound-file-access.patch * Tue Nov 21 2023 Michael Chang <mchang@suse.com> - grub2.spec: Fix openQA test failure in SLE-15-SP6 due to missing font in memdisk * Thu Nov 16 2023 Gary Ching-Pang Lin <glin@suse.com> - Update the TPM2 patches to skip the persistent SRK handle if not specified and improve the error messages + 0003-protectors-Add-TPM2-Key-Protector.patch + 0005-util-grub-protect-Add-new-tool.patch + 0004-tpm2-Support-authorized-policy.patch * Tue Nov 14 2023 Michael Chang <mchang@suse.com> - Fix XFS regression in 2.12~rc1 and support large extent counters * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch * Mon Oct 30 2023 Michael Chang <mchang@suse.com> - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch * Thu Oct 26 2023 Gary Ching-Pang Lin <glin@suse.com> - Fix a potential error when appending multiple keys into the synthesized initrd * Fix-the-size-calculation-for-the-synthesized-initrd.patch * Wed Oct 25 2023 Michael Chang <mchang@suse.com> - Fix Xen chainloding error of no matching file path found (bsc#1216081) * grub2-efi-chainload-harder.patch * Mon Oct 23 2023 Michael Chang <mchang@suse.com> - Use grub-tpm2 token to unlock keyslots to make the unsealing process more efficient and secure. * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch * Mon Oct 16 2023 Michael Chang <mchang@suse.com> - Fix detection of encrypted disk's uuid in powerpc to cope with logical disks when signed image installation is specified (bsc#1216075) * 0003-grub-install-support-prep-environment-block.patch - grub2.spec: Add support to unlocking multiple encrypted disks in signed grub.elf image for logical disks * Fri Oct 06 2023 Michael Chang <mchang@suse.com> - Fix CVE-2023-4692 (bsc#1215935) - Fix CVE-2023-4693 (bsc#1215936) * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch * 0006-fs-ntfs-Make-code-more-readable.patch - Bump upstream SBAT generation to 4 * Thu Oct 05 2023 Fabian Vogt <fvogt@suse.com> - Add patch to fix reading files from btrfs with "implicit" holes: * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch * Mon Oct 02 2023 Gary Ching-Pang Lin <glin@suse.com> - Update the TPM 2.0 patches to support more RSA and ECC algorithms * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch * 0003-protectors-Add-TPM2-Key-Protector.patch * 0005-util-grub-protect-Add-new-tool.patch * Mon Oct 02 2023 Michael Chang <mchang@suse.com> - Remove build require for gcc-32bit, target platform didn't rely on libgcc function shipped with compiler but rather using functions supplied in grub directly. * Fri Sep 29 2023 Fabian Vogt <fvogt@suse.com> - Add BuildIgnore to break cycle with the branding package * Wed Sep 27 2023 Gary Ching-Pang Lin <glin@suse.com> - Only build with fde-tpm-helper-rpm-macros for the architectures supporting the newer UEFI and TPM 2.0. * Also correct the location of %fde_tpm_update_requires * Wed Sep 20 2023 Michael Chang <mchang@suse.com> - Fix a boot delay regression in PowerPC PXE boot (bsc#1201300) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch * Tue Sep 19 2023 Gary Ching-Pang Lin <glin@suse.com> - Add the new BuildRequires for EFI builds for the better FDE support: fde-tpm-helper-rpm-macros + Also add the the macros to %post and %posttrans * Mon Sep 11 2023 Chester Lin <clin@suse.com> - Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151) * arm64-Use-proper-memory-type-for-kernel-allocation.patch * Thu Aug 31 2023 Andreas Schwab <schwab@suse.de> - grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig * Wed Aug 16 2023 Gary Ching-Pang Lin <glin@suse.com> - Implement NV index mode for TPM 2.0 key protector 0001-protectors-Implement-NV-index.patch - Fall back to passphrase mode when the key protector fails to unlock the disk 0002-cryptodisk-Fallback-to-passphrase.patch - Wipe out the cached key cleanly 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch - Make diskfiler to look up cryptodisk devices first 0004-diskfilter-look-up-cryptodisk-devices-first.patch * Thu Aug 03 2023 Gary Ching-Pang Lin <glin@suse.com> - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch * Thu Jul 27 2023 Michael Chang <mchang@suse.com> - Version bump to 2.12~rc1 (PED-5589) * Added: - grub-2.12~rc1.tar.xz * Removed: - grub-2.06.tar.xz * Patch dropped merged by new version: - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-efi-chainloader-root.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - grub2-s390x-10-keep-network-at-kexec.patch - 0001-Fix-build-error-in-binutils-2.36.patch - 0001-emu-fix-executable-stack-marking.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - 0001-Filter-out-POSIX-locale-for-translation.patch - 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch - 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch - 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch - 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch - 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch - 0002-ieee1275-claim-more-memory.patch - 0003-ieee1275-request-memory-with-ibm-client-architecture.patch - 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch - 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch - 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - 0001-powerpc-do-CAS-in-a-more-compatible-way.patch - 0001-libc-config-merge-from-glibc.patch - 0001-video-Remove-trailing-whitespaces.patch - 0002-loader-efi-chainloader-Simplify-the-loader-state.patch - 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch - 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch - 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch - 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch - 0011-video-readers-png-Sanity-check-some-huffman-codes.patch - 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch - 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch - 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch - 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - 0017-net-ip-Do-IP-fragment-maths-safely.patch - 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch - 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch - 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch - 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch - 0022-net-tftp-Avoid-a-trivial-UAF.patch - 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch - 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch - 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch - 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch - 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch - 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch - 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch - 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch - 0002-cryptodisk-Refactor-to-discard-have_it-global.patch - 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch - 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch - 0005-cryptodisk-Improve-cryptomount-u-error-message.patch - 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch - 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch - 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch - 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch - 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch - 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch - 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch - 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch - 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch - 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch - 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch - efi-set-variable-with-attrs.patch - 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch - 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch - 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch - 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch - 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch - 0002-mm-Defer-the-disk-cache-invalidation.patch - 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch - 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch - 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch - 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch - 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch - 0004-font-Remove-grub_font_dup_glyph.patch - 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch - 0006-font-Fix-integer-overflow-in-BMP-index.patch - 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch - 0008-fbutil-Fix-integer-overflow.patch - 0009-font-Fix-an-integer-underflow-in-blit_comb.patch - 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch - 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch - 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch - 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch - 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch - grub2-add-module-for-boot-loader-interface.patch - 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch - 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch - 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch - 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch - 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch - 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch - 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch * Patch modified to new base version: - use-grub2-as-a-package-name.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-chainloader.patch - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-use-rpmsort-for-version-sorting.patch - grub2-getroot-treat-mdadm-ddf-as-simple-device.patch - grub2-grubenv-in-btrfs-header.patch - grub2-commands-introduce-read_file-subcommand.patch - grub2-efi-chainload-harder.patch - grub2-emu-4-all.patch - grub2-util-30_os-prober-multiple-initrd.patch - grub2-install-fix-not-a-directory-error.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-btrfs-04-grub2-install.patch - grub2-btrfs-05-grub2-mkconfig.patch - grub2-btrfs-06-subvol-mount.patch - grub2-efi-xen-chainload.patch - grub2-efi-xen-cmdline.patch - grub2-efi-xen-removable.patch - grub2-suse-remove-linux-root-param.patch - grub2-ppc64le-disable-video.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - 0004-efinet-UEFI-IPv6-PXE-support.patch - 0007-efinet-Setting-network-from-UEFI-device-path.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0001-add-support-for-UEFI-network-protocols.patch - grub2-mkconfig-default-entry-correction.patch - grub2-s390x-11-secureboot.patch - grub2-secureboot-install-signed-grub.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - 0002-cmdline-Provide-cmdline-functions-as-module.patch - 0001-efi-linux-provide-linux-command.patch - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch - 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch - 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch - 0001-Factor-out-grub_efi_linux_boot.patch - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - 0015-test_asn1-test-module-for-libtasn1.patch - 0021-appended-signatures-documentation.patch - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch - 0003-grub-install-support-prep-environment-block.patch - 0004-Introduce-prep_load_env-command.patch - 0001-grub-install-bailout-root-device-probing.patch - 0001-install-fix-software-raid1-on-esp.patch - 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch - 0001-protectors-Add-key-protectors-framework.patch - 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - 0004-cryptodisk-Support-key-protectors.patch - 0008-linuxefi-Use-common-grub_initrd_load.patch - 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch - grub-read-pcr.patch - tpm-record-pcrs.patch - 0001-clean-up-crypttab-and-linux-modules-dependency.patch * Patch refreshed: - rename-grub-info-file-to-grub2.patch - grub2-linux.patch - grub2-simplefb.patch - grub2-ppc-terminfo.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-efi-HP-workaround.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-linuxefi-fix-boot-params.patch - grub2-s390x-05-grub2-mkconfig.patch - grub2-xen-linux16.patch - grub2-efi-disable-video-cirrus-and-bochus.patch - grub2-vbe-blacklist-preferred-1440x900x32.patch - grub2-mkconfig-aarch64.patch - grub2-menu-unrestricted.patch - grub2-mkconfig-arm.patch - grub2-s390x-06-loadparm.patch - grub2-s390x-07-add-image-param-for-zipl-setup.patch - grub2-s390x-08-workaround-part-to-disk.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-getroot-support-nvdimm.patch - grub2-s390x-skip-zfcpdump-image.patch - grub2-btrfs-02-export-subvolume-envvars.patch - grub2-btrfs-03-follow_default.patch - grub2-btrfs-07-subvol-fallback.patch - grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch - grub2-btrfs-09-get-default-subvolume.patch - grub2-btrfs-10-config-directory.patch - grub2-efi-xen-cfg-unquote.patch - grub2-Add-hidden-menu-entries.patch - grub2-SUSE-Add-the-t-hotkey.patch - grub2-ppc64le-memory-map.patch - grub2-ppc64-cas-reboot-support.patch - grub2-ppc64-cas-new-scope.patch - grub2-ppc64-cas-fix-double-free.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0012-tpm-Build-tpm-as-module.patch - 0002-AUDIT-0-http-boot-tracker-bug.patch - grub2-btrfs-help-on-snapper-rollback.patch - grub2-video-limit-the-resolution-for-fixed-bimap-font.patch - 0001-kern-mm.c-Make-grub_calloc-inline.patch - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch - 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch - 0003-Make-grub_error-more-verbose.patch - 0001-ieee1275-Avoiding-many-unecessary-open-close.patch - 0001-Workaround-volatile-efi-boot-variable.patch - 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch - 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch - 0005-docs-grub-Document-signing-grub-under-UEFI.patch - 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch - 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch - 0008-pgp-factor-out-rsa_pad.patch - 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch - 0011-libtasn1-import-libtasn1-4.18.0.patch - 0014-libtasn1-compile-into-asn1-module.patch - 0016-grub-install-support-embedding-x509-certificates.patch - 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch - 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch - 0019-appended-signatures-support-verifying-appended-signa.patch - 0020-appended-signatures-verification-tests.patch - 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch - 0002-Add-grub_disk_write_tail-helper-function.patch - 0005-export-environment-at-start-up.patch - 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - 0003-protectors-Add-TPM2-Key-Protector.patch - 0005-util-grub-protect-Add-new-tool.patch - 0010-templates-import-etc-crypttab-to-grub.cfg.patch - grub-install-record-pcrs.patch - safe_tpm_pcr_snapshot.patch - 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch - 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch - 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch - 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch - 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch * New: - 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch - 0001-font-Try-memdisk-fonts-with-the-same-name.patch - 0001-Make-grub.cfg-compatible-to-old-binaries.patch - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch * Embedding fonts in the grub.efi to get signed for secure boot * Wed Jul 26 2023 Michael Chang <mchang@suse.com> - Fix error message "unknown command tpm_record_pcrs" with encrypted boot and no tpm device present (bsc#1213547) * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Tue May 30 2023 Dirk Müller <dmueller@suse.com> - add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch, 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch: * support more featureful extX filesystems (backport from upstream git) * Thu May 04 2023 Michael Chang <mchang@suse.com> - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) * Wed Apr 26 2023 Gary Ching-Pang Lin <glin@suse.com> - Exclude the deprecated EFI location, /usr/lib64/efi/, from Tumbleweed and ALP * Fri Apr 21 2023 Gary Ching-Pang Lin <glin@suse.com> - Update TPM 2.0 key unsealing patches * Add the new upstreaming patches 0001-protectors-Add-key-protectors-framework.patch 0002-tpm2-Add-TPM-Software-Stack-TSS.patch 0003-protectors-Add-TPM2-Key-Protector.patch 0004-cryptodisk-Support-key-protectors.patch 0005-util-grub-protect-Add-new-tool.patch * Add the authorized policy patches based on the upstreaming patches 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch 0002-tpm2-Add-more-marshal-unmarshal-functions.patch 0003-tpm2-Implement-more-TPM2-commands.patch 0004-tpm2-Support-authorized-policy.patch * Drop the old patches 0010-protectors-Add-key-protectors-framework.patch 0011-tpm2-Add-TPM-Software-Stack-TSS.patch 0012-protectors-Add-TPM2-Key-Protector.patch 0013-cryptodisk-Support-key-protectors.patch 0014-util-grub-protect-Add-new-tool.patch fix-tpm2-build.patch tpm-protector-dont-measure-sealed-key.patch tpm-protector-export-secret-key.patch grub-unseal-debug.patch 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch 0005-tpm2-add-more-marshal-unmarshal-functions.patch 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch 0009-tpm2-remove-the-unnecessary-variables.patch 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch 0012-tpm2-initialize-the-PCR-selection-list-early.patch 0013-tpm2-support-unsealing-key-with-authorized-policy.patch * Refresh grub-read-pcr.patch * Introduce a new build requirement: libtasn1-devel - Only package grub2-protect for the architectures with EFI support * Fri Apr 21 2023 Michael Chang <mchang@suse.com> - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch * Tue Apr 18 2023 Michael Chang <mchang@suse.com> - Fix no prep partition error on non-PReP architectures by making the prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489) * 0004-Introduce-prep_load_env-command.patch - Fix the issue of freeing an uninitialized pointer * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Rediff * 0005-export-environment-at-start-up.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Tue Apr 11 2023 Michael Chang <mchang@suse.com> - Resolve some issues with OS boot failure on PPC NVMe-oF disks and made enhancements to PPC secure boot's root device discovery config (bsc#1207230) - Ensure get_devargs and get_devname functions are consistent * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch - Fix regex for Open Firmware device specifier with encoded commas * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings. - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution. * 0004-Introduce-prep_load_env-command.patch - Refreshed * 0005-export-environment-at-start-up.patch * Thu Mar 23 2023 Michael Chang <mchang@suse.com> - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch * Mon Mar 20 2023 Michael Chang <mchang@suse.com> - Restrict cryptsetup key file permission for better security (bsc#1207499) * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch * Wed Mar 15 2023 Hans-Peter Jansen <hpj@urpla.net> - Meanwhile, memtest86+ gained EFI support, but using the grub command line to run it manually is quite tedious... Adapt 20_memtest86+ to provide a proper menu entry. Executing memtest requires to turn security off in BIOS: (Boot Mode: Other OS). * Mon Mar 13 2023 rw@suse.com - Tolerate kernel moved out of /boot. (bsc#1184804) * grub2-s390x-12-zipl-setup-usrmerge.patch * Mon Mar 06 2023 Michael Chang <mchang@suse.com> - Discard cached key from grub shell and editor mode * 0001-clean-up-crypttab-and-linux-modules-dependency.patch * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch * Fri Mar 03 2023 Michael Chang <mchang@suse.com> - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch * Wed Mar 01 2023 Michael Chang <mchang@suse.com> - Fix riscv64 error for relocation 0x13 is not implemented yet * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch * Wed Feb 22 2023 Michael Chang <mchang@suse.com> - Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Rediff * safe_tpm_pcr_snapshot.patch - Patch supersceded * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Wed Feb 15 2023 Gary Ching-Pang Lin <glin@suse.com> - Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to handle the TPM2 responseCode correctly. * Fri Feb 10 2023 Valentin Lefebvre <valentin.lefebvre@suse.com> - Add module for boot loader interface. Needed for load Unified Kernel Image (UKI) * grub2-add-module-for-boot-loader-interface.patch * Thu Feb 09 2023 Gary Ching-Pang Lin <glin@suse.com> - Amend the TPM2 stack and add authorized policy mode to tpm2_key_protector * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch * 0005-tpm2-add-more-marshal-unmarshal-functions.patch * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch * 0009-tpm2-remove-the-unnecessary-variables.patch * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch * 0012-tpm2-initialize-the-PCR-selection-list-early.patch * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch * Wed Feb 08 2023 Michael Chang <mchang@suse.com> - Fix nvmf boot device setup (bsc#1207811) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * Tue Feb 07 2023 Michael Chang <mchang@suse.com> - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch * Sat Feb 04 2023 Michael Chang <mchang@suse.com> - Fix GCC 13 build failure (bsc#1201089) * 0002-AUDIT-0-http-boot-tracker-bug.patch * Tue Jan 03 2023 Gary Ching-Pang Lin <glin@suse.com> - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) * Fri Dec 30 2022 Michael Chang <mchang@suse.com> - Fix inappropriately including commented lines in crypttab (bsc#1206279) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * Fri Dec 23 2022 Michael Chang <mchang@suse.com> - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) - Removed patch linuxefi * grub2-secureboot-provide-linuxefi-config.patch * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch * grub2-secureboot-use-linuxefi-on-uefi.patch - Rediff * grub2-btrfs-05-grub2-mkconfig.patch * grub2-efi-xen-cmdline.patch * grub2-s390x-05-grub2-mkconfig.patch * grub2-suse-remove-linux-root-param.patch * Mon Dec 19 2022 Michael Chang <mchang@suse.com> - Setup multiple device paths for a nvmf boot device (bsc#1205666) * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch * Fri Dec 16 2022 Gary Ching-Pang Lin <glin@suse.com> - Increase the path buffer in the crypttab command for the long volume name (bsc#1206333) * grub2-increase-crypttab-path-buffer.patch * Mon Dec 05 2022 Michael Chang <mchang@suse.com> - Add tpm to signed grub.elf image (PED-1990) (bsc#1205912) - Increase initial heap size from 1/4 to 1/3 * 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch * Tue Nov 22 2022 Michael Chang <mchang@suse.com> - Make full utilization of btrfs bootloader area (bsc#1161823) * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch - Patch removed * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch * Mon Nov 21 2022 Michael Chang <mchang@suse.com> - Fix regression of reverting back to asking password twice when a keyfile is already used (bsc#1205309) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * Wed Nov 16 2022 Michael Chang <mchang@suse.com> - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 * Mon Nov 14 2022 Michael Chang <mchang@suse.com> - Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported regression in some hardware being stuck in initrd loading (bsc#1205380) * Mon Nov 14 2022 Michael Chang <mchang@suse.com> - Fix password asked twice if third field in crypttab not present (bsc#1205312) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Fri Oct 28 2022 Michael Chang <mchang@suse.com> - NVMeoFC support on grub (jsc#PED-996) * 0001-ieee1275-add-support-for-NVMeoFC.patch * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch * 0004-ofpath-controller-name-update.patch - TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265) * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Fix efi pcr snapshot related funtion is defined but not used on powerpc platform. * safe_tpm_pcr_snapshot.patch * Mon Oct 24 2022 Michael Chang <mchang@suse.com> - Include loopback into signed grub2 image (jsc#PED-2150) * Thu Oct 06 2022 Michael Chang <mchang@suse.com> - Fix firmware oops after disk decrypting failure (bsc#1204037) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Fri Sep 23 2022 Michael Chang <mchang@suse.com> - Add patch to fix kernel relocation error in low memory * 0001-linux-fix-efi_relocate_kernel-failure.patch * Mon Sep 19 2022 Michael Chang <mchang@suse.com> - Add safety measure to pcr snapshot by checking platform and tpm status * safe_tpm_pcr_snapshot.patch * Fri Sep 16 2022 Michael Chang <mchang@suse.com> - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch * Fri Sep 16 2022 Gary Ching-Pang Lin <glin@suse.com> - Add patches to dynamically allocate additional memory regions for EFI systems (bsc#1202438) * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - Enlarge the default heap size and defer the disk cache invalidation (bsc#1202438) * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch * 0002-mm-Defer-the-disk-cache-invalidation.patch * Thu Sep 15 2022 Michael Chang <mchang@suse.com> - Add patches for ALP FDE support * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch * 0008-linuxefi-Use-common-grub_initrd_load.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * grub-read-pcr.patch * efi-set-variable-with-attrs.patch * tpm-record-pcrs.patch * tpm-protector-dont-measure-sealed-key.patch * tpm-protector-export-secret-key.patch * grub-install-record-pcrs.patch * grub-unseal-debug.patch * Mon Aug 29 2022 Michael Chang <mchang@suse.com> - Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Thu Aug 18 2022 Michael Chang <mchang@suse.com> - Fix tpm error stop tumbleweed from booting (bsc#1202374) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Patch Removed * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch * Wed Jun 08 2022 Michael Chang <mchang@suse.com> - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch * Wed Jun 08 2022 Michael Chang <mchang@suse.com> - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) (jsc#PED-1276) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch * Tue May 31 2022 Michael Chang <mchang@suse.com> - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Bump grub's SBAT generation to 2 * Tue May 31 2022 Michael Chang <mchang@suse.com> - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch * Thu May 26 2022 Michael Chang <mchang@suse.com> - Fix error message in displaying help on bootable snapshot (bsc#1199609) * Tue May 17 2022 Michael Chang <mchang@suse.com> - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix ppc64le build error for new IEEE long double ABI * 0001-libc-config-merge-from-glibc.patch * Thu Apr 21 2022 Michael Chang <mchang@suse.com> - Fix Power10 LPAR error "The partition fails to activate as partition went into invalid state" (bsc#1198714) * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch * Mon Apr 11 2022 Ludwig Nussel <lnussel@suse.de> - use common SBAT values (boo#1193282) * Fri Mar 25 2022 Michael Chang <mchang@suse.com> - Fix wrong order in kernel sorting of listing rc before final release (bsc#1197376) * grub2-use-rpmsort-for-version-sorting.patch * Fri Mar 18 2022 Michael Chang <mchang@suse.com> - Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) * 0001-grub-probe-Deduplicate-probed-partmap-output.patch * Wed Mar 16 2022 Michael Chang <mchang@suse.com> - Fix GCC 12 build failure (bsc#1196546) * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - Revised * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch * Fri Mar 11 2022 Michael Chang <mchang@suse.com> - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch * Thu Mar 10 2022 Michael Chang <mchang@suse.com> - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch * Thu Mar 10 2022 Michael Chang <mchang@suse.com> - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch * Fri Mar 04 2022 Michael Chang <mchang@suse.com> - Support saving grub environment for POWER signed grub images (jsc#SLE-23854) * 0001-Add-grub_envblk_buf-helper-function.patch * 0002-Add-grub_disk_write_tail-helper-function.patch * 0003-grub-install-support-prep-environment-block.patch * 0004-Introduce-prep_load_env-command.patch * 0005-export-environment-at-start-up.patch - Use enviroment variable in early boot config to looking up root device * grub2.spec * Tue Mar 01 2022 Michal Suchanek <msuchanek@suse.com> - Remove obsolete openSUSE 12.2 conditionals in spec file - Clean up powerpc certificate handling. * Thu Feb 10 2022 Bjørn Lie <bjorn.lie@gmail.com> - Set grub2-check-default shebang to "#!/bin/bash", as the the code uses many instructions which are undefined for a POSIX sh. (boo#1195794). * Fri Jan 14 2022 Michael Chang <mchang@suse.com> - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch * Thu Jan 13 2022 Michael Chang <mchang@suse.com> - Fix wrong default entry when booting snapshot (bsc#1159205) * grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch * Tue Jan 11 2022 Michael Chang <mchang@suse.com> - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch * Mon Jan 10 2022 Michael Chang <mchang@suse.com> - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin * Tue Dec 21 2021 Michael Chang <mchang@suse.com> - Fix CVE-2021-3981 (bsc#1189644) * 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch * Fri Dec 17 2021 Michael Chang <mchang@suse.com> - Fix can't allocate initrd error (bsc#1191378) * 0001-Factor-out-grub_efi_linux_boot.patch * 0002-Fix-race-in-EFI-validation.patch * 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch * 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch * 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch * 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch * 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch * 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch * 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch * 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch * 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch * Wed Dec 08 2021 Michal Suchanek <msuchanek@suse.com> - Add support for simplefb (boo#1193532). + grub2-simplefb.patch * Mon Dec 06 2021 Michael Chang <mchang@suse.com> - Fix extent not found when initramfs contains shared extents (bsc#1190982) * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch * Thu Nov 11 2021 Michael Chang <mchang@suse.com> - Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522) * 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch * 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch * Thu Oct 21 2021 Michael Chang <mchang@suse.com> - Remove openSUSE Tumbleweed specific handling for default grub distributor (bsc#1191198) - Use /usr/lib/os-release as fallback (bsc#1191196) * grub2-default-distributor.patch * grub2-check-default.sh - VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474) (CVE-2021-46705) * grub2-once * grub2-once.service - Fix unknown TPM error on buggy uefi firmware (bsc#1191504) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769) * 0001-Filter-out-POSIX-locale-for-translation.patch - Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559) * 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch - Fix error in grub installation due to unnecessary requirement to support excessive device for the root logical volume (bsc#1184135) * 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch - Fix regression in reading xfs v4 * 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch * Tue Oct 19 2021 Fabian Vogt <fvogt@suse.com> - Fix installation on usrmerged s390x * Wed Sep 22 2021 rw@suse.com - Improve support for SLE Micro 5.1 on s390x. (bsc#1190395) * amend grub2-s390x-04-grub2-install.patch * refresh grub2-s390x-11-secureboot.patch * Tue Sep 07 2021 Michael Chang <mchang@suse.com> - Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061) * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch * Wed Sep 01 2021 Michael Chang <mchang@suse.com> - Add btrfs zstd compression on i386-pc and also make sure it won't break existing grub installations (bsc#1161823) * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch * Tue Aug 31 2021 Petr Vorel <pvorel@suse.cz> - Delete the author list from %description (the %description section is literally for package descriptions (only) these days, encoding was also problematic). - Add %doc AUTHORS to get packaged that info * Wed Aug 04 2021 Stefan Seyfried <seife+obs@b1-systems.com> - update grub2-systemd-sleep.sh to fix hibernation by avoiding the error "no kernelfile matching the running kernel found" on usrmerged setup * Wed Aug 04 2021 Fabian Vogt <fvogt@suse.com> - Use %autosetup * Thu Jul 22 2021 Petr Vorel <pvorel@suse.cz> - Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch with upstream backport: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch. * Mon Jun 28 2021 Michael Chang <mchang@suse.com> - Fix error not a btrfs filesystem on s390x (bsc#1187645) * 80_suse_btrfs_snapshot * Wed Jun 23 2021 Michael Chang <mchang@suse.com> - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) * grub2-fix-error-terminal-gfxterm-isn-t-found.patch * Mon Jun 21 2021 Michael Chang <mchang@suse.com> - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) * grub-install-force-journal-draining-to-ensure-data-i.patch - Patch refreshed * grub2-mkconfig-default-entry-correction.patch * Thu Jun 03 2021 Michael Chang <mchang@suse.com> - Version bump to 2.06 * rediff - 0001-add-support-for-UEFI-network-protocols.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - 0003-Make-grub_error-more-verbose.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-efi-HP-workaround.patch - grub2-efi-xen-cfg-unquote.patch - grub2-efi-xen-chainload.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch - grub2-mkconfig-default-entry-correction.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-secureboot-install-signed-grub.patch - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - use-grub2-as-a-package-name.patch * update by patch squashed: - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch - grub2-efi-chainload-harder.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-chainloader.patch - grub2-secureboot-add-linuxefi.patch * remove squashed patches: - 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch - 0009-squash-Add-support-for-linuxefi.patch - 0041-squash-Add-secureboot-support-on-efi-chainloader.patch - 0042-squash-grub2-efi-chainload-harder.patch - 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch - 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * drop upstream patches: - 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch - 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch - 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch - 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch - 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch - 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch - 0002-kern-Add-X-option-to-printf-functions.patch - 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch - 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch - 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch - 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch - 0003-normal-main-Search-for-specific-config-files-for-net.patch - 0004-calloc-Use-calloc-at-most-places.patch - 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch - 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch - 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch - 0005-efi-Add-secure-boot-detection.patch - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch - 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch - 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch - 0007-font-Do-not-load-more-than-one-NAME-section.patch - 0007-verifiers-Move-verifiers-API-to-kernel-image.patch - 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch - 0008-script-Remove-unused-fields-from-grub_script_functio.patch - 0009-kern-Add-lockdown-support.patch - 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch - 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch - 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch - 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch - 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch - 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch - 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch - 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch - 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch - 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch - 0018-gdb-Restrict-GDB-access-when-locked-down.patch - 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch - 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - 0024-kern-parser-Fix-resource-leak-if-argc-0.patch - 0025-kern-parser-Fix-a-memory-leak.patch - 0026-kern-parser-Introduce-process_char-helper.patch - 0027-kern-parser-Introduce-terminate_arg-helper.patch - 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch - 0029-kern-buffer-Add-variable-sized-heap-buffer.patch - 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch - 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch - 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch - 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch - 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch - 0036-util-mkimage-Improve-data_size-value-calculation.patch - 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch - 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - 0039-grub-install-common-Add-sbat-option.patch - 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch - grub-install-define-default-platform-for-risc-v.patch - grub2-editenv-add-warning-message.patch - grub2-efi-gop-add-blt.patch - grub2-efi-uga-64bit-fb.patch - grub2-verifiers-fix-system-freeze-if-verify-failed.patch - risc-v-add-clzdi2-symbol.patch - risc-v-fix-computation-of-pc-relative-relocation-offset.patch - Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to use disk devie if grub has been installed to it - Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix detection of efi fwsetup support * Mon May 31 2021 Michael Chang <mchang@suse.com> - Fix running grub2-once leads to failure of starting systemd service in the boot sequence (bsc#1169460) * grub2-once * grub2-once.service * Fri May 28 2021 Michael Chang <mchang@suse.com> - Fix crash in launching gfxmenu without theme file (bsc#1186481) * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch * Tue May 11 2021 Michael Chang <mchang@suse.com> - Fix plaintext password in grub config didn't work to unlock menu entry if enabling secure boot in UEFI (bsc#1181892) * Fri Apr 23 2021 Michael Chang <mchang@suse.com> - Fix obsolete syslog in systemd unit file and updating to use journal as StandardOutput (bsc#1185149) * grub2-once.service * Mon Apr 19 2021 Michael Chang <mchang@suse.com> - Fix build error on armv6/armv7 (bsc#1184712) * 0001-emu-fix-executable-stack-marking.patch * Thu Apr 08 2021 Michael Chang <mchang@suse.com> - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch * Tue Mar 16 2021 Michael Chang <mchang@suse.com> - Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751) 0001-ieee1275-Avoiding-many-unecessary-open-close.patch * Thu Mar 11 2021 Michael Chang <mchang@suse.com> - Fix chainloading windows on dual boot machine (bsc#1183073) * 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch * Fri Feb 26 2021 Michael Chang <mchang@suse.com> - VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch * 0005-efi-Add-secure-boot-detection.patch * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch * 0009-kern-Add-lockdown-support.patch * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch * 0018-gdb-Restrict-GDB-access-when-locked-down.patch * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch * 0042-squash-grub2-efi-chainload-harder.patch * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch * 0044-squash-kern-Add-lockdown-support.patch * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - Drop patch supersceded by the new backport * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch - Add SBAT metadata section to grub.efi - Drop shim_lock module as it is part of core of grub.efi * grub2.spec * Mon Feb 22 2021 Michael Chang <mchang@suse.com> - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch * Thu Feb 18 2021 Michael Chang <mchang@suse.com> - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc * Wed Jan 27 2021 Michael Chang <mchang@suse.com> - Complete Secure Boot support on aarch64 (jsc#SLE-15020) * 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch * 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch * 0003-Make-grub_error-more-verbose.patch * 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch * 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch * 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0009-squash-Add-support-for-linuxefi.patch * Thu Jan 21 2021 Michael Chang <mchang@suse.com> - Fix rpmlint 2.0 error for having arch specific path in noarch package aiming for compatibility with old package (bsc#1179044) * grub2.spec - Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091) * grub2-check-default.sh
/boot/grub2 /boot/grub2/grub.cfg /etc/default/grub /etc/grub.d /etc/grub.d/00_header /etc/grub.d/05_crypttab /etc/grub.d/10_linux /etc/grub.d/20_linux_xen /etc/grub.d/25_bli /etc/grub.d/30_os-prober /etc/grub.d/30_uefi-firmware /etc/grub.d/40_custom /etc/grub.d/41_custom /etc/grub.d/90_persistent /etc/grub.d/95_textmode /etc/grub.d/README /usr/bin/grub2-editenv /usr/bin/grub2-emu /usr/bin/grub2-file /usr/bin/grub2-fstest /usr/bin/grub2-glue-efi /usr/bin/grub2-kbdcomp /usr/bin/grub2-menulst2cfg /usr/bin/grub2-mkfont /usr/bin/grub2-mkimage /usr/bin/grub2-mklayout /usr/bin/grub2-mknetdir /usr/bin/grub2-mkpasswd-pbkdf2 /usr/bin/grub2-mkrelpath /usr/bin/grub2-mkrescue /usr/bin/grub2-mkstandalone /usr/bin/grub2-mount /usr/bin/grub2-protect /usr/bin/grub2-render-label /usr/bin/grub2-script-check /usr/bin/grub2-syslinux2cfg /usr/lib/systemd/system/grub2-once.service /usr/sbin/grub2-bios-setup /usr/sbin/grub2-check-default /usr/sbin/grub2-install /usr/sbin/grub2-macbless /usr/sbin/grub2-mkconfig /usr/sbin/grub2-ofpathname /usr/sbin/grub2-once /usr/sbin/grub2-probe /usr/sbin/grub2-reboot /usr/sbin/grub2-set-default /usr/sbin/grub2-sparc64-setup /usr/sbin/grub2-switch-to-blscfg /usr/share/bash-completion/completions/grub /usr/share/bash-completion/completions/grub2-bios-setup /usr/share/bash-completion/completions/grub2-editenv /usr/share/bash-completion/completions/grub2-install /usr/share/bash-completion/completions/grub2-mkconfig /usr/share/bash-completion/completions/grub2-mkfont /usr/share/bash-completion/completions/grub2-mkimage /usr/share/bash-completion/completions/grub2-mkpasswd-pbkdf2 /usr/share/bash-completion/completions/grub2-probe /usr/share/bash-completion/completions/grub2-reboot /usr/share/bash-completion/completions/grub2-script-check /usr/share/bash-completion/completions/grub2-set-default /usr/share/bash-completion/completions/grub2-sparc64-setup /usr/share/doc/packages/grub2 /usr/share/doc/packages/grub2/AUTHORS /usr/share/doc/packages/grub2/ChangeLog /usr/share/doc/packages/grub2/NEWS /usr/share/doc/packages/grub2/README /usr/share/doc/packages/grub2/THANKS /usr/share/doc/packages/grub2/TODO /usr/share/doc/packages/grub2/autoiso.cfg /usr/share/doc/packages/grub2/osdetect.cfg /usr/share/grub2 /usr/share/grub2/ascii.pf2 /usr/share/grub2/euro.pf2 /usr/share/grub2/grub-mkconfig_lib /usr/share/grub2/themes /usr/share/grub2/unicode.pf2 /usr/share/info/grub-dev.info.gz /usr/share/info/grub2.info-1.gz /usr/share/info/grub2.info-2.gz /usr/share/info/grub2.info.gz /usr/share/licenses/grub2 /usr/share/licenses/grub2/COPYING /usr/share/locale/ast/LC_MESSAGES/grub2.mo /usr/share/locale/ca/LC_MESSAGES/grub2.mo /usr/share/locale/da/LC_MESSAGES/grub2.mo /usr/share/locale/de/LC_MESSAGES/grub2.mo /usr/share/locale/de_CH/LC_MESSAGES/grub2.mo /usr/share/locale/en@quot/LC_MESSAGES/grub2.mo /usr/share/locale/eo/LC_MESSAGES/grub2.mo /usr/share/locale/es/LC_MESSAGES/grub2.mo /usr/share/locale/fi/LC_MESSAGES/grub2.mo /usr/share/locale/fr/LC_MESSAGES/grub2.mo /usr/share/locale/gl/LC_MESSAGES/grub2.mo /usr/share/locale/he/LC_MESSAGES/grub2.mo /usr/share/locale/hr/LC_MESSAGES/grub2.mo /usr/share/locale/hu/LC_MESSAGES/grub2.mo /usr/share/locale/id/LC_MESSAGES/grub2.mo /usr/share/locale/it/LC_MESSAGES/grub2.mo /usr/share/locale/ja/LC_MESSAGES/grub2.mo /usr/share/locale/ka/LC_MESSAGES/grub2.mo /usr/share/locale/ko/LC_MESSAGES/grub2.mo /usr/share/locale/lt/LC_MESSAGES/grub2.mo /usr/share/locale/nb/LC_MESSAGES/grub2.mo /usr/share/locale/nl/LC_MESSAGES/grub2.mo /usr/share/locale/pa/LC_MESSAGES/grub2.mo /usr/share/locale/pl/LC_MESSAGES/grub2.mo /usr/share/locale/pt/LC_MESSAGES/grub2.mo /usr/share/locale/pt_BR/LC_MESSAGES/grub2.mo /usr/share/locale/ro/LC_MESSAGES/grub2.mo /usr/share/locale/ru/LC_MESSAGES/grub2.mo /usr/share/locale/sl/LC_MESSAGES/grub2.mo /usr/share/locale/sr/LC_MESSAGES/grub2.mo /usr/share/locale/sv/LC_MESSAGES/grub2.mo /usr/share/locale/tr/LC_MESSAGES/grub2.mo /usr/share/locale/uk/LC_MESSAGES/grub2.mo /usr/share/locale/vi/LC_MESSAGES/grub2.mo /usr/share/locale/zh_CN/LC_MESSAGES/grub2.mo /usr/share/locale/zh_TW/LC_MESSAGES/grub2.mo /usr/share/man/man1/grub2-editenv.1.gz /usr/share/man/man1/grub2-emu.1.gz /usr/share/man/man1/grub2-file.1.gz /usr/share/man/man1/grub2-fstest.1.gz /usr/share/man/man1/grub2-glue-efi.1.gz /usr/share/man/man1/grub2-kbdcomp.1.gz /usr/share/man/man1/grub2-menulst2cfg.1.gz /usr/share/man/man1/grub2-mkfont.1.gz /usr/share/man/man1/grub2-mkimage.1.gz /usr/share/man/man1/grub2-mklayout.1.gz /usr/share/man/man1/grub2-mknetdir.1.gz /usr/share/man/man1/grub2-mkpasswd-pbkdf2.1.gz /usr/share/man/man1/grub2-mkrelpath.1.gz /usr/share/man/man1/grub2-mkrescue.1.gz /usr/share/man/man1/grub2-mkstandalone.1.gz /usr/share/man/man1/grub2-mount.1.gz /usr/share/man/man1/grub2-protect.1.gz /usr/share/man/man1/grub2-render-label.1.gz /usr/share/man/man1/grub2-script-check.1.gz /usr/share/man/man1/grub2-syslinux2cfg.1.gz /usr/share/man/man8/grub2-bios-setup.8.gz /usr/share/man/man8/grub2-install.8.gz /usr/share/man/man8/grub2-macbless.8.gz /usr/share/man/man8/grub2-mkconfig.8.gz /usr/share/man/man8/grub2-ofpathname.8.gz /usr/share/man/man8/grub2-probe.8.gz /usr/share/man/man8/grub2-reboot.8.gz /usr/share/man/man8/grub2-set-default.8.gz /usr/share/man/man8/grub2-sparc64-setup.8.gz /usr/share/man/man8/grub2-switch-to-blscfg.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 3 00:59:21 2024