Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2025-07-02 12:07:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.7067 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2"
Wed Jul 2 12:07:32 2025 rev:364 rq:1289402 version:2.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2025-05-31
19:14:32.857007473 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.7067/grub2.changes 2025-07-02
12:07:54.634730490 +0200
@@ -1,0 +2,6 @@
+Fri Jun 6 09:46:55 UTC 2025 - Danilo Spinella <danilo.spine...@suse.com>
+
+- Fix bls_bumpcounter breaking FDE (bsc#1243842)
+ * grub2-blsbumpcounter-menu.patch
+
+-------------------------------------------------------------------
New:
----
grub2-blsbumpcounter-menu.patch
----------(New B)----------
New:- Fix bls_bumpcounter breaking FDE (bsc#1243842)
* grub2-blsbumpcounter-menu.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grub2.spec ++++++
--- /var/tmp/diff_new_pack.B5eoXy/_old 2025-07-02 12:08:02.311051227 +0200
+++ /var/tmp/diff_new_pack.B5eoXy/_new 2025-07-02 12:08:02.311051227 +0200
@@ -481,6 +481,7 @@
Patch310: 0004-Key-revocation-on-out-of-bound-file-access.patch
Patch311: grub2-bls-loader-entry-oneshot.patch
Patch312: 0001-mkconfig-Determine-GRUB_DISTRIBUTOR-from-etc-SUSE-br.patch
+Patch313: grub2-blsbumpcounter-menu.patch
%if 0%{?suse_version} < 1600
Requires: gettext-runtime
++++++ grub2-blsbumpcounter-menu.patch ++++++
Call the command bls_bumpcounter when an entry is executed. Adding the
bls_bumpcounter command in the list of commands generated by blscfg breaks FDE,
as each command is logged in the PCR. Do not unset `enable_blscfg` grub env var,
otherwise bls_bumpcounter would not be called.
Index: grub-2.12/grub-core/commands/blscfg.c
===================================================================
--- grub-2.12.orig/grub-core/commands/blscfg.c
+++ grub-2.12/grub-core/commands/blscfg.c
@@ -1049,19 +1049,6 @@ static void create_entry (struct bls_ent
grub_free(prefix);
}
- /* "bls_bumpcounter " + id + "\n" */
- int bumpcounter_size = sizeof("bls_bumpcounter ") + grub_strlen(id) + 1;
- bumpcounter = grub_malloc(bumpcounter_size);
- if (!bumpcounter)
- {
- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
- goto finish;
- }
- char *tmp = bumpcounter;
- tmp = grub_stpcpy(tmp, "bls_bumpcounter ");
- tmp = grub_stpcpy(tmp, id);
- tmp = grub_stpcpy(tmp, "\n");
-
grub_dprintf ("blscfg2", "devicetree %s for id:\"%s\"\n", dt, id);
const char *sdval = grub_env_get("save_default");
@@ -1074,7 +1061,7 @@ static void create_entry (struct bls_ent
"insmod gzio\n"
"linux %s%s%s%s\n"
#endif
- "%s%s%s",
+ "%s%s",
savedefault ? "savedefault\n" : "",
#ifdef GRUB_MACHINE_EMU
separate_boot ? GRUB_BOOT_DEVICE : "",
@@ -1082,8 +1069,7 @@ static void create_entry (struct bls_ent
bootdev,
#endif
clinux, options ? " " : "", options ? options : "",
- bumpcounter ? bumpcounter : "", initrd ? initrd : "",
- dt ? dt : "");
+ initrd ? initrd : "", dt ? dt : "");
grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL,
src, 0, 0, &index, entry);
grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id);
Index: grub-2.12/grub-core/normal/menu.c
===================================================================
--- grub-2.12.orig/grub-core/normal/menu.c
+++ grub-2.12/grub-core/normal/menu.c
@@ -331,6 +331,23 @@ grub_menu_execute_entry(grub_menu_entry_
grub_env_set ("default", ptr + 1);
else
grub_env_unset ("default");
+
+#ifdef GRUB_MACHINE_EFI
+ const char* val = grub_env_get ("enable_blscfg");
+ if (val && (val[0] == '1' || val[0] == 'y') && entry->bls != NULL)
+ {
+ char* id = grub_strdup (entry->bls->filename);
+ if (id == NULL)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ } else {
+ char* args[] = { id };
+ grub_command_execute ("bls_bumpcounter", 1, args);
+ }
+ }
+ grub_env_unset ("enable_blscfg");
+#endif
+
#ifdef GRUB_MACHINE_IEEE1275
char *cas_entry_id = NULL;
char *cas_entry_source;
Index: grub-2.12/grub-core/normal/main.c
===================================================================
--- grub-2.12.orig/grub-core/normal/main.c
+++ grub-2.12/grub-core/normal/main.c
@@ -356,7 +356,6 @@ grub_normal_execute (const char *config,
/* Ignore any error. */
grub_errno = GRUB_ERR_NONE;
/* unset to let configfile and source commands continue to work */
- grub_env_unset ("enable_blscfg");
goto check_batch;
}
#endif
