commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2024-10-23 21:08:03 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.26871 (New) Package is "grub2" Wed Oct 23 21:08:03 2024 rev:337 rq:1217306 version:2.12 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-10-06 17:51:26.603786957 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.26871/grub2.changes 2024-10-23 21:08:08.565371435 +0200 @@ -1,0 +2,36 @@ +Wed Oct 23 06:17:54 UTC 2024 - Michael Chang + +- Fix error: /boot/grub2/x86_64-efi/bli.mod not found (bsc#1231591) + +--- +Tue Oct 22 07:34:04 UTC 2024 - Michael Chang + +- Keep grub packaging and dependencies in the SLE-12 and SLE-15 builds + +--- +Fri Oct 18 07:42:27 UTC 2024 - Michael Chang + +- Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) + * 0001-ieee1275-Platform-Keystore-PKS-Support.patch + * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch + * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch + * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch + * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch + * 0006-appendedsig-documentation.patch + * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch + * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch + * grub2.spec : Building signed grub.elf with SBAT metadata +- Support for NVMe multipath splitter (jsc#PED-10538) + * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch +- Deleted path (jsc#PED-10538) + * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch + * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch + +--- +Wed Oct 16 13:50:00 UTC 2024 - Michael Chang + +- Fix not a directory error from the minix filesystem, as leftover data on disk + may contain its magic header so it gets misdetected (bsc#1231604) + * grub2-install-fix-not-a-directory-error.patch + +--- Old: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch New: 0001-ieee1275-Platform-Keystore-PKS-Support.patch 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch 0006-appendedsig-documentation.patch 0007-mkimage-create-new-ELF-Note-for-SBAT.patch 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch BETA DEBUG BEGIN: Old:- Deleted path (jsc#PED-10538) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch Old: * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch BETA DEBUG END: BETA DEBUG BEGIN: New:- Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch New:- Support for NVMe multipath splitter (jsc#PED-10538) * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch - Deleted path (jsc#PED-10538) New: * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch New: * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch New: * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch New: * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch New: * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch New: * 0006-appendedsig-documentation.patch * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Not
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-07-24 15:32:57
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1869 (New)
Package is "grub2"
Wed Jul 24 15:32:57 2024 rev:333 rq:1188995 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-07-09
20:03:38.599922921 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1869/grub2.changes2024-07-25
11:51:58.648879846 +0200
@@ -1,0 +2,7 @@
+Fri Jul 19 09:59:15 UTC 2024 - Michael Chang
+
+- Fix error in grub-install when root is on tmpfs (bsc#1226100)
+ * 0001-grub-install-bailout-root-device-probing.patch
+- Fix incorrect Platform tag in rpm header (bsc#1217967)
+
+---
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.dWQPkZ/_old 2024-07-25 11:52:08.089259269 +0200
+++ /var/tmp/diff_new_pack.dWQPkZ/_new 2024-07-25 11:52:08.097259591 +0200
@@ -785,12 +785,6 @@
%if ! 0%{?only_efi:1}
cd build
-# 64-bit x86-64 machines use 32-bit boot loader
-# (We cannot just redefine _target_cpu, as we'd get i386.rpm packages then)
-%ifarch x86_64
-%define _target_platform i386-%{_vendor}-%{_target_os}%{?_gnu}
-%endif
-
%if "%{platform}" != "emu"
%define arch_specific --enable-device-mapper
TLFLAGS="-static"
++ 0001-grub-install-bailout-root-device-probing.patch ++
--- /var/tmp/diff_new_pack.dWQPkZ/_old 2024-07-25 11:52:08.201263771 +0200
+++ /var/tmp/diff_new_pack.dWQPkZ/_new 2024-07-25 11:52:08.205263931 +0200
@@ -1,4 +1,4 @@
-From 58dcf7985b20de876a6fc44a591aa377d0a0302c Mon Sep 17 00:00:00 2001
+From db67bd0800c69f94fa3696351e7387515464d30c Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Thu, 10 Feb 2022 22:16:58 +0800
Subject: [PATCH] grub-install: bailout root device probing
@@ -15,14 +15,26 @@
The command is also used by grub-mkconfig for the same purpose.
+v2:
+
+Test the root device first before probing to avoid encountering
+unexpected errors. If this test fails, the device is considered
+irrelevant and of no interest, as it is not useful.
+
+v2.1:
+Besides verifying that the target's canonical path can be resolved,
+ensure that the target is a block device file.
+
Signed-off-by: Michael Chang
---
- grub-core/osdep/basic/no_platform.c | 5 +
- grub-core/osdep/unix/platform.c | 34 +
- grub-core/osdep/windows/platform.c | 6 +
- include/grub/util/install.h | 3 +++
- util/grub-install.c | 31 ++
- 5 files changed, 70 insertions(+), 9 deletions(-)
+ grub-core/osdep/basic/no_platform.c | 5 +++
+ grub-core/osdep/unix/getroot.c | 67 +
+ grub-core/osdep/unix/platform.c | 34 +++
+ grub-core/osdep/windows/platform.c | 6 +++
+ include/grub/emu/getroot.h | 3 ++
+ include/grub/util/install.h | 3 ++
+ util/grub-install.c | 45 +++
+ 7 files changed, 154 insertions(+), 9 deletions(-)
--- a/grub-core/osdep/basic/no_platform.c
+++ b/grub-core/osdep/basic/no_platform.c
@@ -35,6 +47,82 @@
+{
+ return NULL;
+}
+--- a/grub-core/osdep/unix/getroot.c
b/grub-core/osdep/unix/getroot.c
+@@ -489,6 +489,73 @@
+ return 0;
+ }
+
++#ifdef __linux__
++int
++grub_can_guess_from_mountinfo (const char *dir_in)
++{
++ char **cur;
++ char **os_dev = NULL;
++ char *dir = grub_canonicalize_file_name (dir_in);
++ int ret = 0;
++
++ if (!dir)
++return 0;
++
++ os_dev = grub_find_root_devices_from_mountinfo (dir, NULL);
++
++ if (!os_dev)
++os_dev = find_root_devices_from_libzfs (dir);
++
++ if (!os_dev)
++{
++ free (dir);
++ return 0;
++}
++
++ for (cur = os_dev; *cur; cur++)
++{
++ if (strcmp (*cur, "/dev/root") == 0
++|| strncmp (*cur, "/dev/dm-", sizeof ("/dev/dm-") - 1) == 0)
++ /* Assume known and good names */
++ continue;
++ else
++ {
++struct stat st;
++
++char *tmp = grub_canonicalize_file_name (*cur);
++if (tmp == NULL)
++ break;
++
++if (strncmp (tmp, "/dev/dm-", sizeof ("/dev/dm-") - 1) == 0)
++ continue;
++
++if (lstat (tmp, &st) < 0)
++ {
++free (tmp);
++break;
++ }
++free (tmp);
++if (! S_ISBLK (st.st_mode))
++ /* only block device allowed */
++ break;
++ }
++}
++
++ if (*cur == NULL)
++/* no bogus device left, good */
++ret = 1;
++ else
++grub_util_info ("`%s' is not os device", *cur);
++
++ for (cur = os_dev; *cur; cur++)
++
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-07-09 20:03:20
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2080 (New)
Package is "grub2"
Tue Jul 9 20:03:20 2024 rev:332 rq:1186154 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-06-09
20:18:58.054877493 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.2080/grub2.changes2024-07-09
20:03:38.599922921 +0200
@@ -1,0 +2,9 @@
+Fri Jul 5 12:23:06 UTC 2024 - Michael Chang
+
+- Fix error if dash shell script is used (bsc#1226453)
+ * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
+ * 0009-10_linux-Some-refinement-for-BLS.patch
+- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
+ * 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
+
+---
New:
0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
BETA DEBUG BEGIN:
New:- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.dlOsEJ/_old 2024-07-09 20:03:41.588031662 +0200
+++ /var/tmp/diff_new_pack.dlOsEJ/_new 2024-07-09 20:03:41.592031808 +0200
@@ -404,6 +404,7 @@
Patch214: 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
Patch215: 0008-blscfg-reading-bls-fragments-if-boot-present.patch
Patch216: 0009-10_linux-Some-refinement-for-BLS.patch
+Patch217: 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch ++
>From d35ff22516b161f6d472f7f5371a89597b072d04 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Mon, 6 May 2024 10:34:22 +0800
Subject: [PATCH] net/drivers/ieee1275/ofnet: Remove 200 ms timeout in
get_card_packet() to reduce input latency
When GRUB image is netbooted on ppc64le, the keyboard input exhibits
significant latency, reports even say that characters are processed
about once per second. This issue makes interactively trying to debug
a ppc64le config very difficult.
It seems that the latency is largely caused by a 200 ms timeout in the
idle event loop, during which the network card interface is consistently
polled for incoming packets. Often, no packets arrive during this
period, so the timeout nearly always expires, which blocks the response
to key inputs.
Furthermore, this 200 ms timeout might not need to be enforced at this
basic layer, considering that GRUB performs synchronous reads and its
timeout management is actually handled by higher layers, not directly in
the card instance. Additionally, the idle polling, which reacts to
unsolicited packets like ICMP and SLAAC, would be fine at a less frequent
polling interval, rather than needing a timeout for receiving a response.
For these reasons, we believe the timeout in get_card_packet() should be
effectively removed. According to test results, the delay has disappeared,
and it is now much easier to use interactively.
Signed-Off-by: Michael Chang
Tested-by: Tony Jones
Reviewed-by: Daniel Kiper
---
grub-core/net/drivers/ieee1275/ofnet.c | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/grub-core/net/drivers/ieee1275/ofnet.c
b/grub-core/net/drivers/ieee1275/ofnet.c
index 78f03df8e..3bf48b3f0 100644
--- a/grub-core/net/drivers/ieee1275/ofnet.c
+++ b/grub-core/net/drivers/ieee1275/ofnet.c
@@ -82,15 +82,11 @@ get_card_packet (struct grub_net_card *dev)
grub_ssize_t actual;
int rc;
struct grub_ofnetcard_data *data = dev->data;
- grub_uint64_t start_time;
struct grub_net_buff *nb;
- start_time = grub_get_time_ms ();
- do
-rc = grub_ieee1275_read (data->handle, dev->rcvbuf, dev->rcvbufsize,
&actual);
- while ((actual <= 0 || rc < 0) && (grub_get_time_ms () - start_time < 200));
+ rc = grub_ieee1275_read (data->handle, dev->rcvbuf, dev->rcvbufsize,
&actual);
- if (actual <= 0)
+ if (actual <= 0 || rc < 0)
return NULL;
nb = grub_netbuff_alloc (actual + 2);
--
2.45.2
++ 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch ++
--- /var/tmp/diff_new_pack.dlOsEJ/_old 2024-07-09 20:03:41.896042871 +0200
+++ /var/tmp/diff_new_pack.dlOsEJ/_new 2024-07-09 20:03:41.900043017 +0200
@@ -1,4 +1,4 @@
-From 855b3e5cd4d672e961a366ff0f53e3a09a1ad0cc Mon Sep 17 00:00:00 2001
+From 96e5a28d120856057fe7fc9b281f11f8933063b7 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 30 Jun 2023 1
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-06-09 20:18:50
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.19518 (New)
Package is "grub2"
Sun Jun 9 20:18:50 2024 rev:331 rq:1179115 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-05-21
18:33:18.359532247 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.19518/grub2.changes 2024-06-09
20:18:58.054877493 +0200
@@ -1,0 +2,14 @@
+Fri Jun 7 02:13:08 UTC 2024 - Michael Chang
+
+- Add blscfg support
+ * 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
+ * 0002-Add-BLS-support-to-grub-mkconfig.patch
+ * 0003-Add-grub2-switch-to-blscfg.patch
+ * 0004-blscfg-Don-t-root-device-in-emu-builds.patch
+ * 0005-blscfg-check-for-mounted-boot-in-emu.patch
+ * 0006-Follow-the-device-where-blscfg-is-discovered.patch
+ * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
+ * 0008-blscfg-reading-bls-fragments-if-boot-present.patch
+ * 0009-10_linux-Some-refinement-for-BLS.patch
+
+---
New:
0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
0002-Add-BLS-support-to-grub-mkconfig.patch
0003-Add-grub2-switch-to-blscfg.patch
0004-blscfg-Don-t-root-device-in-emu-builds.patch
0005-blscfg-check-for-mounted-boot-in-emu.patch
0006-Follow-the-device-where-blscfg-is-discovered.patch
0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
0008-blscfg-reading-bls-fragments-if-boot-present.patch
0009-10_linux-Some-refinement-for-BLS.patch
BETA DEBUG BEGIN:
New:- Add blscfg support
* 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
* 0002-Add-BLS-support-to-grub-mkconfig.patch
New: * 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
* 0002-Add-BLS-support-to-grub-mkconfig.patch
* 0003-Add-grub2-switch-to-blscfg.patch
New: * 0002-Add-BLS-support-to-grub-mkconfig.patch
* 0003-Add-grub2-switch-to-blscfg.patch
* 0004-blscfg-Don-t-root-device-in-emu-builds.patch
New: * 0003-Add-grub2-switch-to-blscfg.patch
* 0004-blscfg-Don-t-root-device-in-emu-builds.patch
* 0005-blscfg-check-for-mounted-boot-in-emu.patch
New: * 0004-blscfg-Don-t-root-device-in-emu-builds.patch
* 0005-blscfg-check-for-mounted-boot-in-emu.patch
* 0006-Follow-the-device-where-blscfg-is-discovered.patch
New: * 0005-blscfg-check-for-mounted-boot-in-emu.patch
* 0006-Follow-the-device-where-blscfg-is-discovered.patch
* 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
New: * 0006-Follow-the-device-where-blscfg-is-discovered.patch
* 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
* 0008-blscfg-reading-bls-fragments-if-boot-present.patch
New: * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
* 0008-blscfg-reading-bls-fragments-if-boot-present.patch
* 0009-10_linux-Some-refinement-for-BLS.patch
New: * 0008-blscfg-reading-bls-fragments-if-boot-present.patch
* 0009-10_linux-Some-refinement-for-BLS.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.sYjgBs/_old 2024-06-09 20:19:01.210987588 +0200
+++ /var/tmp/diff_new_pack.sYjgBs/_new 2024-06-09 20:19:01.210987588 +0200
@@ -395,6 +395,15 @@
Patch205: 0001-10_linux-Ensure-persistence-of-root-file-system-moun.patch
Patch206: 0001-util-bash-completion-Fix-for-bash-completion-2.12.patch
Patch207: 0001-util-enable-grub-protect-only-for-EFI-systems.patch
+Patch208: 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
+Patch209: 0002-Add-BLS-support-to-grub-mkconfig.patch
+Patch210: 0003-Add-grub2-switch-to-blscfg.patch
+Patch211: 0004-blscfg-Don-t-root-device-in-emu-builds.patch
+Patch212: 0005-blscfg-check-for-mounted-boot-in-emu.patch
+Patch213: 0006-Follow-the-device-where-blscfg-is-discovered.patch
+Patch214: 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch
+Patch215: 0008-blscfg-reading-bls-fragments-if-boot-present.patch
+Patch216: 0009-10_linux-Some-refinement-for-BLS.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -697,7 +706,7 @@
PXE_MODULES="tftp http"
CRYPTO_MODULES="luks luks2 gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512
crypttab"
%ifarch %{efi}
-CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar
squash4 xzio"
+CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar
squash4 xzio blscfg"
PXE_MODULES="${PXE_MODULES} efinet"
%else
CD_MODULES="${CD_MODULES} net ofnet"
@@ -1180,6 +1189,7 @@
%{_sbindir}/%{name}-probe
%{_sbindir}/%{nam
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-05-21 18:33:13
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1880 (New)
Package is "grub2"
Tue May 21 18:33:13 2024 rev:330 rq:1175425 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-05-16
17:14:11.973800359 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1880/grub2.changes2024-05-21
18:33:18.359532247 +0200
@@ -1,0 +2,6 @@
+Mon May 20 07:22:09 UTC 2024 - Gary Ching-Pang Lin
+
+- Only enable grub-protect for EFI systems
+ * 0001-util-enable-grub-protect-only-for-EFI-systems.patch
+
+---
New:
0001-util-enable-grub-protect-only-for-EFI-systems.patch
BETA DEBUG BEGIN:
New:- Only enable grub-protect for EFI systems
* 0001-util-enable-grub-protect-only-for-EFI-systems.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.7Rrk2u/_old 2024-05-21 18:33:21.343640745 +0200
+++ /var/tmp/diff_new_pack.7Rrk2u/_new 2024-05-21 18:33:21.347640891 +0200
@@ -394,6 +394,7 @@
Patch204: 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch
Patch205: 0001-10_linux-Ensure-persistence-of-root-file-system-moun.patch
Patch206: 0001-util-bash-completion-Fix-for-bash-completion-2.12.patch
+Patch207: 0001-util-enable-grub-protect-only-for-EFI-systems.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -1223,7 +1224,6 @@
%{_mandir}/man1/%{name}-mkrelpath.1.*
%{_mandir}/man1/%{name}-mkrescue.1.*
%{_mandir}/man1/%{name}-mkstandalone.1.*
-%{_mandir}/man1/%{name}-protect.1.*
%{_mandir}/man1/%{name}-render-label.1.*
%{_mandir}/man1/%{name}-script-check.1.*
%{_mandir}/man1/%{name}-syslinux2cfg.1.*
@@ -1251,6 +1251,9 @@
%{_mandir}/man8/%{name}-ofpathname.8.*
%{_mandir}/man8/%{name}-sparc64-setup.8.*
%endif
+%ifarch %{efi}
+%{_mandir}/man1/%{name}-protect.1.*
+%endif
%files branding-upstream
%defattr(-,root,root,-)
++ 0001-util-enable-grub-protect-only-for-EFI-systems.patch ++
>From 6ce53d4db8430de5526ea4c48beac8139ba60925 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Mon, 20 May 2024 14:19:58 +0800
Subject: [PATCH] util: enable grub-protect only for EFI systems
Add 'enable = efi;' back to the grub-protect section to enable the
utility only for EFI systems.
The restriction was relaxed in the upstreaming patch to enable the
grub-emu TPM2 testcases. Since we already build the utility natively for
the architectures with EFI support, there is no need to build the
program again for grub-emu.
Signed-off-by: Gary Lin
---
Makefile.util.def | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile.util.def b/Makefile.util.def
index 90850125d..5085152b0 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -210,6 +210,7 @@ program = {
program = {
name = grub-protect;
mansection = 1;
+ enable = efi;
common = grub-core/kern/emu/argp_common.c;
common = grub-core/osdep/init.c;
--
2.35.3
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2024-05-16 17:13:05 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1880 (New) Package is "grub2" Thu May 16 17:13:05 2024 rev:329 rq:1174381 version:2.12 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-05-12 17:08:23.914953603 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.1880/grub2.changes2024-05-16 17:14:11.973800359 +0200 @@ -1,0 +2,35 @@ +Wed May 15 06:19:54 UTC 2024 - Gary Ching-Pang Lin + +- Update to the latest upstreaming TPM2 patches + * 0001-key_protector-Add-key-protectors-framework.patch +- Replace 0001-protectors-Add-key-protectors-framework.patch + * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch +- Merge other TSS patches + * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch + * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch + * 0003-tpm2-Implement-more-TPM2-commands.patch + * 0003-key_protector-Add-TPM2-Key-Protector.patch +- Replace 0003-protectors-Add-TPM2-Key-Protector.patch + * 0004-cryptodisk-Support-key-protectors.patch + * 0005-util-grub-protect-Add-new-tool.patch + * 0001-tpm2-Support-authorized-policy.patch +- Replace 0004-tpm2-Support-authorized-policy.patch + * 0001-tpm2-Add-extra-RSA-SRK-types.patch + * 0001-tpm2-Implement-NV-index.patch +- Replace 0001-protectors-Implement-NV-index.patch + * 0002-cryptodisk-Fallback-to-passphrase.patch + * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch + * 0004-diskfilter-look-up-cryptodisk-devices-first.patch +- Refresh affected patches + * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch + * grub2-bsc1220338-key_protector-implement-the-blocklist.patch +- New manpage for grub2-protect + +--- +Wed May 15 00:46:14 UTC 2024 - Michael Chang + +- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to + file_is_not_xen_garbage (bsc#1224226) + * grub2-fix-menu-in-xen-host-server.patch + +--- Old: 0001-protectors-Add-key-protectors-framework.patch 0001-protectors-Implement-NV-index.patch 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch 0002-tpm2-Add-more-marshal-unmarshal-functions.patch 0003-protectors-Add-TPM2-Key-Protector.patch 0003-tpm2-Implement-more-TPM2-commands.patch 0004-tpm2-Support-authorized-policy.patch New: 0001-key_protector-Add-key-protectors-framework.patch 0001-tpm2-Add-extra-RSA-SRK-types.patch 0001-tpm2-Implement-NV-index.patch 0001-tpm2-Support-authorized-policy.patch 0003-key_protector-Add-TPM2-Key-Protector.patch BETA DEBUG BEGIN: Old: * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch Old: * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch Old:- Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch Old: * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch Old: * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch Old: * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch Old: * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch BETA DEBUG END: BETA DEBUG BEGIN: New:- Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch New:- Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch New: * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch New: * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch New: * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-05-12 17:08:22
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1880 (New)
Package is "grub2"
Sun May 12 17:08:22 2024 rev:328 rq: version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-05-12
09:33:50.525409212 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1880/grub2.changes2024-05-12
17:08:23.914953603 +0200
@@ -1,0 +2,6 @@
+Thu May 2 07:48:30 UTC 2024 - Michael Chang
+
+- Fix gcc error with CFLAGS=-Og
+ * grub2-grubenv-in-btrfs-header.patch
+
+---
Other differences:
--
++ grub2-grubenv-in-btrfs-header.patch ++
--- /var/tmp/diff_new_pack.iN4Fzt/_old 2024-05-12 17:08:27.447081559 +0200
+++ /var/tmp/diff_new_pack.iN4Fzt/_new 2024-05-12 17:08:27.451081704 +0200
@@ -9,6 +9,17 @@
* Use xcalloc for overflow check and return NULL when it would
occur.
+v4:
+ * Fix gcc error with CFLAGS=-Og
+
+ ../util/grub-editenv.c: In function âread_envblk_fsâ:
+ ../util/grub-editenv.c:172:14: error: âszâ may be used uninitialized
[-Werror=maybe-uninitialized]
+172 | sz <<= GRUB_DISK_SECTOR_BITS;
+ ../util/grub-editenv.c:155:16: note: âszâ was declared here
+155 | int off, sz;
+|^~
+ cc1: all warnings being treated as errors
+
---
--- a/grub-core/kern/fs.c
+++ b/grub-core/kern/fs.c
@@ -49,7 +60,7 @@
#include
#include
-@@ -120,6 +123,140 @@
+@@ -120,6 +123,142 @@
NULL, help_filter, NULL
};
@@ -88,6 +99,8 @@
+ off = strtol (value, &p, 10);
+ if (*p == '+')
+ sz = strtol (p+1, &p, 10);
++ else
++ return 0;
+
+ if (*p == '\0')
+ {
@@ -190,7 +203,7 @@
static grub_envblk_t
open_envblk_file (const char *name)
{
-@@ -182,10 +319,17 @@
+@@ -182,10 +321,17 @@
list_variables (const char *name)
{
grub_envblk_t envblk;
@@ -208,7 +221,7 @@
}
static void
-@@ -209,6 +353,38 @@
+@@ -209,6 +355,38 @@
}
static void
@@ -247,7 +260,7 @@
set_variables (const char *name, int argc, char *argv[])
{
grub_envblk_t envblk;
-@@ -224,8 +400,27 @@
+@@ -224,8 +402,27 @@
*(p++) = 0;
@@ -277,7 +290,7 @@
argc--;
argv++;
-@@ -233,26 +428,158 @@
+@@ -233,26 +430,158 @@
write_envblk (name, envblk);
grub_envblk_close (envblk);
@@ -315,8 +328,8 @@
+ write_envblk_fs (envblk_fs);
+ grub_envblk_close (envblk_fs);
+}
-+}
-+
+ }
+
+int have_abstraction = 0;
+static void
+probe_abstraction (grub_disk_t disk)
@@ -329,8 +342,8 @@
+{
+ have_abstraction = 1;
+}
- }
-
++}
++
+static fs_envblk_t
+probe_fs_envblk (fs_envblk_spec_t spec)
+{
@@ -436,7 +449,7 @@
int
main (int argc, char *argv[])
{
-@@ -284,6 +611,9 @@
+@@ -284,6 +613,9 @@
command = argv[curindex++];
}
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-05-11 18:18:48
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1880 (New)
Package is "grub2"
Sat May 11 18:18:48 2024 rev:326 rq:1172867 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-04-24
15:13:29.899275327 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1880/grub2.changes2024-05-11
18:18:53.889189429 +0200
@@ -1,0 +2,6 @@
+Thu May 2 07:48:30 UTC 2024 - Michael Chang
+
+- Fix gcc error with CFLAGS=-Og
+ * grub2-grubenv-in-btrfs-header.patch
+
+---
Other differences:
--
++ grub2-grubenv-in-btrfs-header.patch ++
--- /var/tmp/diff_new_pack.Mx5qBK/_old 2024-05-11 18:18:57.905335674 +0200
+++ /var/tmp/diff_new_pack.Mx5qBK/_new 2024-05-11 18:18:57.905335674 +0200
@@ -9,6 +9,17 @@
* Use xcalloc for overflow check and return NULL when it would
occur.
+v4:
+ * Fix gcc error with CFLAGS=-Og
+
+ ../util/grub-editenv.c: In function âread_envblk_fsâ:
+ ../util/grub-editenv.c:172:14: error: âszâ may be used uninitialized
[-Werror=maybe-uninitialized]
+172 | sz <<= GRUB_DISK_SECTOR_BITS;
+ ../util/grub-editenv.c:155:16: note: âszâ was declared here
+155 | int off, sz;
+|^~
+ cc1: all warnings being treated as errors
+
---
--- a/grub-core/kern/fs.c
+++ b/grub-core/kern/fs.c
@@ -49,7 +60,7 @@
#include
#include
-@@ -120,6 +123,140 @@
+@@ -120,6 +123,142 @@
NULL, help_filter, NULL
};
@@ -88,6 +99,8 @@
+ off = strtol (value, &p, 10);
+ if (*p == '+')
+ sz = strtol (p+1, &p, 10);
++ else
++ return 0;
+
+ if (*p == '\0')
+ {
@@ -190,7 +203,7 @@
static grub_envblk_t
open_envblk_file (const char *name)
{
-@@ -182,10 +319,17 @@
+@@ -182,10 +321,17 @@
list_variables (const char *name)
{
grub_envblk_t envblk;
@@ -208,7 +221,7 @@
}
static void
-@@ -209,6 +353,38 @@
+@@ -209,6 +355,38 @@
}
static void
@@ -247,7 +260,7 @@
set_variables (const char *name, int argc, char *argv[])
{
grub_envblk_t envblk;
-@@ -224,8 +400,27 @@
+@@ -224,8 +402,27 @@
*(p++) = 0;
@@ -277,7 +290,7 @@
argc--;
argv++;
-@@ -233,26 +428,158 @@
+@@ -233,26 +430,158 @@
write_envblk (name, envblk);
grub_envblk_close (envblk);
@@ -315,8 +328,8 @@
+ write_envblk_fs (envblk_fs);
+ grub_envblk_close (envblk_fs);
+}
-+}
-+
+ }
+
+int have_abstraction = 0;
+static void
+probe_abstraction (grub_disk_t disk)
@@ -329,8 +342,8 @@
+{
+ have_abstraction = 1;
+}
- }
-
++}
++
+static fs_envblk_t
+probe_fs_envblk (fs_envblk_spec_t spec)
+{
@@ -436,7 +449,7 @@
int
main (int argc, char *argv[])
{
-@@ -284,6 +611,9 @@
+@@ -284,6 +613,9 @@
command = argv[curindex++];
}
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-04-24 15:13:15
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1880 (New)
Package is "grub2"
Wed Apr 24 15:13:15 2024 rev:325 rq:1169603 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-04-16
20:04:54.330790814 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1880/grub2.changes2024-04-24
15:13:29.899275327 +0200
@@ -1,0 +2,6 @@
+Fri Apr 19 21:50:53 UTC 2024 - Giacomo Comes
+
+- remove deprecated file 20_memtest86+
+ * a similar file is provided by the package memtest86+
+
+---
Old:
20_memtest86+
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.wNJbjh/_old 2024-04-24 15:13:33.175394482 +0200
+++ /var/tmp/diff_new_pack.wNJbjh/_new 2024-04-24 15:13:33.179394627 +0200
@@ -177,7 +177,6 @@
Source2:grub.default
Source4:grub2.rpmlintrc
Source6:grub2-once
-Source7:20_memtest86+
Source8:README.ibm3215
Source10: openSUSE-UEFI-CA-Certificate.crt
Source11: SLES-UEFI-CA-Certificate.crt
@@ -1009,9 +1008,6 @@
# Script that makes part of grub.cfg persist across updates
install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/grub.d/
-# Script to generate memtest86+ menu entry
-install -m 644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/grub.d/
-
# Ghost config file
install -d %{buildroot}/boot/%{name}
touch %{buildroot}/boot/%{name}/grub.cfg
@@ -1037,10 +1033,6 @@
%endif
R="%{buildroot}"
-%ifarch %{ix86} x86_64
-%else
-rm -f $R%{_sysconfdir}/grub.d/20_memtest86+
-%endif
%ifarch ppc ppc64 ppc64le
rm -f $R%{_sysconfdir}/grub.d/95_textmode
@@ -1174,9 +1166,6 @@
%ifnarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/95_textmode
%endif
-%ifarch %{ix86} x86_64
-%config(noreplace) %{_sysconfdir}/grub.d/20_memtest86+
-%endif
%ifarch ppc ppc64 ppc64le
%config(noreplace) %{_sysconfdir}/grub.d/20_ppc_terminfo
%endif
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-02-21 17:52:02
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1706 (New)
Package is "grub2"
Wed Feb 21 17:52:02 2024 rev:321 rq:1147685 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-02-16
21:49:14.540675962 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1706/grub2.changes2024-02-21
17:52:09.686063792 +0100
@@ -1,0 +2,8 @@
+Sat Feb 17 06:59:55 UTC 2024 - Michael Chang
+
+- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
+ SLE-15-SP2 (bsc#1217102)
+ * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
+ * add 0002-ofdisk-add-early_log-support.patch
+
+---
New:
0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
0002-ofdisk-add-early_log-support.patch
BETA DEBUG BEGIN:
New: SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
New: * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.XwucD0/_old 2024-02-21 17:52:12.274157467 +0100
+++ /var/tmp/diff_new_pack.XwucD0/_new 2024-02-21 17:52:12.278157612 +0100
@@ -390,6 +390,8 @@
Patch197: 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch
Patch198: 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
Patch199: 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch
+Patch200: 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
+Patch201: 0002-ofdisk-add-early_log-support.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch ++
>From b353ca96bf002a9262fdf74637f39615d003d069 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 8 Dec 2023 11:51:57 +0800
Subject: [PATCH 1/2] ofdisk: enhance boot time by focusing on boot disk
relevance
After a historical review, it's clear that a boot delay regression
coincided with the introduction of the fcp iterating patch. Reverting
this patch has shown promising signs in mitigating the issue. In order
to improve the efficiency, a more refined discovery process is proposed,
aiming to exclude device types differing from the boot disk to curtail
unnecessary iterations.
This patch extends prior efforts by exclusively targeting root device
discovery linked to the boot disk, verifying device types to prevent
process elongation.
It is worth noting that grub's opportunistic approach to assembling the
root device, seeking accessible results in parallel during iteration,
sometimes allows even a partially assembled RAID, albeit in a degraded
mode. However, delays stem from unrelated devices appearing before the
actual boot device.
To streamline the boot process, the patch utilizes parent nodes in
conjunction with block device nodes to extract essential boot-related
information. This refined identification method efficiently limits the
application's scope to devices connected to the chosen boot device,
notably optimizing subsequent device iteration. By adeptly filtering out
devices not linked to the same FCP (Fibre Channel Protocol) device, it
significantly enhances boot efficiency, ensuring a more streamlined and
efficient boot process.
Signed-off-by: Michael Chang
---
grub-core/disk/ieee1275/ofdisk.c | 136 +--
1 file changed, 131 insertions(+), 5 deletions(-)
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -31,6 +31,13 @@
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;
+#define IEEE1275_DISK_ALIAS "/disk@"
+#define IEEE1275_NVMEOF_DISK_ALIAS "/nvme-of/controller@"
+
+static char *boot_type;
+static char *boot_parent;
+static int is_boot_nvmeof;
+
struct ofdisk_hash_ent
{
char *devpath;
@@ -529,12 +536,21 @@
{
if (grub_strcmp (alias->type, "fcp") == 0)
{
- // Iterate disks
- dev_iterate_fcp_disks(alias);
-
- // Iterate NVMeoF
- dev_iterate_fcp_nvmeof(alias);
+if (boot_type &&
+ grub_strcmp (boot_type, alias->type) != 0)
+ {
+ grub_dprintf ("ofdisk", "Skipped device: %s, type %s did not match
boot_type %s\n",
+ alias->path, alias->type, boot_type);
+ goto iter_children;
+ }
+if (grub_strcmp (boot_parent, alias->path) == 0)
+ {
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-01-29 22:26:54
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1815 (New)
Package is "grub2"
Mon Jan 29 22:26:54 2024 rev:318 rq:1142178 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-01-25
18:39:43.151475906 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1815/grub2.changes2024-01-29
22:26:57.720978230 +0100
@@ -1,0 +2,6 @@
+Mon Jan 29 06:24:11 UTC 2024 - Michael Chang
+
+- Remove magic number header field check on arm64 (bsc#1218783)
+ * 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
+
+---
New:
0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
BETA DEBUG BEGIN:
New:- Remove magic number header field check on arm64 (bsc#1218783)
* 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.YRvPQQ/_old 2024-01-29 22:27:00.305071893 +0100
+++ /var/tmp/diff_new_pack.YRvPQQ/_new 2024-01-29 22:27:00.305071893 +0100
@@ -388,6 +388,7 @@
# Workaround for 2.12 tarball
Patch196: fix_no_extra_deps_in_release_tarball.patch
Patch197: 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch
+Patch198: 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch ++
>From d683bed5c76c54e6bc5c26eef2f8d7136a3c75c4 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel
Date: Thu, 11 Aug 2022 16:51:57 +0200
Subject: [PATCH] loader/arm64/efi/linux: Remove magic number header field
check
The "ARM\x64" magic number in the file header identifies an image as one
that implements the bare metal boot protocol, allowing the loader to
simply move the file to a suitably aligned address in memory, with
sufficient headroom for the trailing .bss segment (the required memory
size is described in the header as well).
Note of this matters for GRUB, as it only supports EFI boot. EFI does
not care about this magic number, and nor should GRUB: this prevents us
from booting other PE linux images, such as the generic EFI zboot
decompressor, which is a pure PE/COFF image, and does not implement the
bare metal boot protocol.
So drop the magic number check.
Signed-off-by: Ard Biesheuvel
Reviewed-by: Daniel Kiper
---
grub-core/loader/arm64/efi/linux.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/grub-core/loader/arm64/efi/linux.c
b/grub-core/loader/arm64/efi/linux.c
index 33df0e1fd..a9f5e05e4 100644
--- a/grub-core/loader/arm64/efi/linux.c
+++ b/grub-core/loader/arm64/efi/linux.c
@@ -57,9 +57,6 @@ static grub_addr_t initrd_end;
static grub_err_t
grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh)
{
- if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE)
-return grub_error(GRUB_ERR_BAD_OS, "invalid magic number");
-
if ((lh->code0 & 0x) != GRUB_PE32_MAGIC)
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
N_("plain image kernel not supported - rebuild with
CONFIG_(U)EFI_STUB enabled"));
--
2.43.0
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2024-01-23 09:12:54 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.16006 (New) Package is "grub2" Tue Jan 23 09:12:54 2024 rev:315 rq: version:2.12 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-01-22 20:30:58.282087837 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.16006/grub2.changes 2024-01-23 09:12:56.431622719 +0100 @@ -2,6 +1,0 @@ -Sat Jan 20 20:08:34 UTC 2024 - Giacomo Comes - -- allow to boot memtest86 if stored in /usr/lib/memtest86+ - * SR#1071109 can then work - Other differences: -- ++ 20_memtest86+ ++ --- /var/tmp/diff_new_pack.svoHey/_old 2024-01-23 09:12:59.663740628 +0100 +++ /var/tmp/diff_new_pack.svoHey/_new 2024-01-23 09:12:59.663740628 +0100 @@ -35,31 +35,17 @@ # memtest86+ comes in two flavours, one EFI and one suitable for x86 real mode. # The EFI module requires security disabled in BIOS (Boot Mode: Other OS) -if [ -d /sys/firmware/efi ]; then - if [ -f /boot/efi/EFI/memtest86/memtest.efi ]; then -memtest=/boot/efi/EFI/memtest86/memtest.efi - elif [ -f /usr/lib/memtest86+/memtest.efi ]; then -memtest=/usr/lib/memtest86+/memtest.efi - else -#memtest.efi not found -exit 0 - fi +if [ -d /sys/firmware/efi -a -f /boot/efi/EFI/memtest86/memtest.efi ]; then + memtest=/boot/efi/EFI/memtest86/memtest.efi loader='linux ' message="$(gettext_printf "Loading EFI memtest ...\n" | grub_quote)" + # locate the real EFI partition + GRUB_DEVICE_BOOT=$(grub2-probe -t device "$memtest") else - if [ -f /boot/memtest.bin ]; then -memtest=/boot/memtest.bin - elif [ -f /usr/lib/memtest86+/memtest.bin ]; then -memtest=/usr/lib/memtest86+/memtest.bin - else -#memtest.bin not found -exit 0 - fi + memtest=/boot/memtest.bin loader='linux16' message="$(gettext_printf "Loading x86 memtest ...\n" | grub_quote)" fi -# locate the real partition -GRUB_DEVICE_BOOT=$(grub2-probe -t device "$memtest") if grub_file_is_not_garbage "$memtest" ; then gettext_printf "Found memtest image: %s\n" "$memtest" >&2
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-01-17 22:15:41
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.16006 (New)
Package is "grub2"
Wed Jan 17 22:15:41 2024 rev:313 rq:1139339 version:2.12
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2024-01-11
21:05:02.530272175 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.16006/grub2.changes 2024-01-17
22:15:49.396149824 +0100
@@ -1,0 +2,7 @@
+Wed Jan 17 03:32:48 UTC 2024 - Michael Chang
+
+- Resolved XFS regression leading to the "not a correct XFS inode" error by
+ temporarily reverting the problematic commit (bsc#1218864)
+ * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
+
+---
New:
0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
BETA DEBUG BEGIN:
New: temporarily reverting the problematic commit (bsc#1218864)
* 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
BETA DEBUG END:
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.9rHZje/_old 2024-01-17 22:15:52.576266607 +0100
+++ /var/tmp/diff_new_pack.9rHZje/_new 2024-01-17 22:15:52.580266754 +0100
@@ -387,6 +387,7 @@
Patch195: 0004-Key-revocation-on-out-of-bound-file-access.patch
# Workaround for 2.12 tarball
Patch196: fix_no_extra_deps_in_release_tarball.patch
+Patch197: 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ++
>From 664a8569c5c8c101879b384dbdaa81dc38cf2f68 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Wed, 17 Jan 2024 11:23:35 +0800
Subject: [PATCH] Revert "fs/xfs: Fix XFS directory extent parsing"
This reverts commit 07318ee7e11a00b9c1dea4c6b4edf62af35a511a.
---
grub-core/fs/xfs.c | 52 +-
1 file changed, 14 insertions(+), 38 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index bc2224dbb..9dfe3a2fa 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -228,12 +228,6 @@ struct grub_xfs_inode
/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
-struct grub_xfs_dir_leaf_entry
-{
- grub_uint32_t hashval;
- grub_uint32_t address;
-} GRUB_PACKED;
-
struct grub_xfs_dirblock_tail
{
grub_uint32_t leaf_count;
@@ -900,8 +894,9 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
{
struct grub_xfs_dir2_entry *direntry =
grub_xfs_first_de(dir->data, dirblock);
- int entries = -1;
- char *end = dirblock + dirblk_size;
+ int entries;
+ struct grub_xfs_dirblock_tail *tail =
+ grub_xfs_dir_tail(dir->data, dirblock);
numread = grub_xfs_read_file (dir, 0, 0,
blk << dirblk_log2,
@@ -912,27 +907,14 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 0;
}
- /*
-* Leaf and tail information are only in the data block if the
number
-* of extents is 1.
-*/
- if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
- {
- struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail
(dir->data, dirblock);
-
- end = (char *) tail;
-
- /* Subtract the space used by leaf nodes. */
- end -= grub_be_to_cpu32 (tail->leaf_count) * sizeof (struct
grub_xfs_dir_leaf_entry);
+ entries = (grub_be_to_cpu32 (tail->leaf_count)
+ - grub_be_to_cpu32 (tail->leaf_stale));
- entries = grub_be_to_cpu32 (tail->leaf_count) -
grub_be_to_cpu32 (tail->leaf_stale);
-
- if (!entries)
- continue;
- }
+ if (!entries)
+ continue;
/* Iterate over all entries within this block. */
- while ((char *) direntry < (char *) end)
+ while ((char *)direntry < (char *)tail)
{
grub_uint8_t *freetag;
char *filename;
@@ -952,7 +934,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
}
filename = (char *)(direntry + 1);
- if (filename + direntry->len + 1 > (char *) end)
+ if (filename + direntry->len - 1 > (char *) tail)
return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2024-01-05 21:41:09
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.28375 (New)
Package is "grub2"
Fri Jan 5 21:41:09 2024 rev:311 rq:1136997 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-12-07
19:09:15.744728634 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.28375/grub2.changes 2024-01-05
21:42:16.148157627 +0100
@@ -1,0 +2,8 @@
+Wed Jan 3 10:05:50 UTC 2024 - Michael Chang
+
+- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
+ installation when secure boot is enabled (bsc#1217761)
+- Improved check for disk device when looking for PReP partition
+ * 0004-Introduce-prep_load_env-command.patch
+
+---
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.UFYL7j/_old 2024-01-05 21:42:18.832255770 +0100
+++ /var/tmp/diff_new_pack.UFYL7j/_new 2024-01-05 21:42:18.832255770 +0100
@@ -1,7 +1,7 @@
#
# spec file for package grub2
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -714,8 +714,8 @@
CD_MODULES="${CD_MODULES} chain efifwsetup efinet read tpm tpm2 memdisk tar
squash4 xzio"
PXE_MODULES="${PXE_MODULES} efinet"
%else
-CD_MODULES="${CD_MODULES} net"
-PXE_MODULES="${PXE_MODULES} net"
+CD_MODULES="${CD_MODULES} net ofnet"
+PXE_MODULES="${PXE_MODULES} net ofnet"
%endif
%ifarch x86_64
@@ -831,7 +831,13 @@
echo "bpart=$bpart"
echo "bpath=$bpath"
-if [ -z "$ENV_FS_UUID" ]; then
+if regexp '^(tftp|http)$' "$bdev"; then
+ if [ -z "$bpath" ]; then
+echo "network booting via $bdev but firmware didn't provide loaded path
from sever root"
+bpath="/boot/grub2/powerpc-ieee1275"
+echo "using bpath=$bpath as fallback path"
+ fi
+elif [ -z "$ENV_FS_UUID" ]; then
echo "Reading vars from ($bdev)"
prep_load_env "($bdev)"
fi
++ 0004-Introduce-prep_load_env-command.patch ++
--- /var/tmp/diff_new_pack.UFYL7j/_old 2024-01-05 21:42:19.024262791 +0100
+++ /var/tmp/diff_new_pack.UFYL7j/_new 2024-01-05 21:42:19.028262937 +0100
@@ -27,7 +27,7 @@
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
-@@ -2673,3 +2673,9 @@
+@@ -2679,3 +2679,9 @@
common = lib/libtasn1_wrap/tests/Test_strings.c;
common = lib/libtasn1_wrap/wrap_tests.c;
};
@@ -39,7 +39,7 @@
+};
--- /dev/null
+++ b/grub-core/commands/prep_loadenv.c
-@@ -0,0 +1,230 @@
+@@ -0,0 +1,237 @@
+#include
+#include
+#include
@@ -210,6 +210,13 @@
+ if (!dev)
+return grub_errno;
+
++ /* Only needed for disk device */
++ if (!dev->disk)
++{
++ err = GRUB_ERR_NONE;
++ goto out;
++}
++
+ ret = grub_partition_iterate (dev->disk, part_hook, prep);
+ if (ret == 1 && *prep)
+{
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-11-22 18:54:05
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.25432 (New)
Package is "grub2"
Wed Nov 22 18:54:05 2023 rev:308 rq:1127831 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-11-17
20:49:30.94503 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.25432/grub2.changes 2023-11-22
18:54:09.418581619 +0100
@@ -1,0 +2,9 @@
+Thu Nov 16 06:39:46 UTC 2023 - Gary Ching-Pang Lin
+
+- Update the TPM2 patches to skip the persistent SRK handle if not
+ specified and improve the error messages
+ + 0003-protectors-Add-TPM2-Key-Protector.patch
+ + 0005-util-grub-protect-Add-new-tool.patch
+ + 0004-tpm2-Support-authorized-policy.patch
+
+---
Other differences:
--
++ 0003-protectors-Add-TPM2-Key-Protector.patch ++
--- /var/tmp/diff_new_pack.vlU3tr/_old 2023-11-22 18:54:12.598698329 +0100
+++ /var/tmp/diff_new_pack.vlU3tr/_new 2023-11-22 18:54:12.598698329 +0100
@@ -1,7 +1,7 @@
-From 0ecf5ff31a89e061aef5e40ee68f8828e7b5eb81 Mon Sep 17 00:00:00 2001
+From 2a63876ca714d177f919b2392d8efa0e3bd3ebe2 Mon Sep 17 00:00:00 2001
From: Hernan Gatta
Date: Tue, 1 Feb 2022 05:02:55 -0800
-Subject: [PATCH v6 10/20] protectors: Add TPM2 Key Protector
+Subject: [PATCH v7 10/20] protectors: Add TPM2 Key Protector
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
@@ -111,20 +111,20 @@
Currently, there is only one supported policy command: TPM2_PolicyPCR.
The command set can be extended to support advanced features, such as
-as authorized policy, in the future.
+authorized policy, in the future.
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
---
grub-core/Makefile.core.def | 13 +
grub-core/tpm2/args.c | 177 +
- grub-core/tpm2/module.c | 1040 +
+ grub-core/tpm2/module.c | 1028 +
grub-core/tpm2/tpm2key.asn| 31 +
- grub-core/tpm2/tpm2key.c | 440
+ grub-core/tpm2/tpm2key.c | 447 +
grub-core/tpm2/tpm2key_asn1_tab.c | 41 ++
include/grub/tpm2/internal/args.h | 41 ++
include/grub/tpm2/tpm2key.h | 83 +++
- 8 files changed, 1866 insertions(+)
+ 8 files changed, 1861 insertions(+)
create mode 100644 grub-core/tpm2/args.c
create mode 100644 grub-core/tpm2/module.c
create mode 100644 grub-core/tpm2/tpm2key.asn
@@ -342,10 +342,10 @@
+}
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
new file mode 100644
-index 0..9605ddbc7
+index 0..df0727215
--- /dev/null
+++ b/grub-core/tpm2/module.c
-@@ -0,0 +1,1040 @@
+@@ -0,0 +1,1028 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2022 Microsoft Corporation
@@ -477,8 +477,7 @@
+ .arg = NULL,
+ .type = ARG_TYPE_STRING,
+ .doc =
-+ N_("In SRK mode, the SRK handle if the SRK is persistent "
-+ "(default is 0x8101)."),
++ N_("In SRK mode, the SRK handle if the SRK is persistent."),
+},
+{
+ .longarg = "asymmetric",
@@ -519,51 +518,58 @@
+ grub_off_t file_size;
+ void *read_buffer;
+ grub_off_t read_n;
++ grub_err_t err;
+
+ /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into
PCR9
+ * otherwise we'll never be able to predict the value of PCR9 at unseal
time */
+ file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
+ if (file == NULL)
+{
-+ grub_dprintf ("tpm2", "Could not open file: %s\n", filepath);
-+ /* grub_file_open sets grub_errno on error, and if we do no unset it,
-+ * future calls to grub_file_open will fail (and so will anybody up the
-+ * stack who checks the value, if any). */
-+ grub_errno = GRUB_ERR_NONE;
-+ return GRUB_ERR_FILE_NOT_FOUND;
++ /* Push errno from grub_file_open() into the error message stack */
++ grub_error_push();
++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND,
++ N_("Could not open file: %s\n"),
++ filepath);
++ goto error;
+}
+
+ file_size = grub_file_size (file);
+ if (file_size == 0)
+{
-+ grub_dprintf ("tpm2", "Could not read file size: %s\n", filepath);
-+ grub_file_close (file);
-+ return GRUB_ERR_OUT_OF_RANGE;
++ err = grub_error (GRUB_ERR_OUT_OF_RANGE,
++ N_("Could not read file size: %s"),
++
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-11-01 22:09:30
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.17445 (New)
Package is "grub2"
Wed Nov 1 22:09:30 2023 rev:306 rq:1121401 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-10-27
22:27:21.573680006 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.17445/grub2.changes 2023-11-01
22:09:37.830889542 +0100
@@ -1,0 +2,6 @@
+Mon Oct 30 07:15:17 UTC 2023 - Michael Chang
+
+- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
+ * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
+
+---
New:
0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.ol8BVB/_old 2023-11-01 22:09:40.318981713 +0100
+++ /var/tmp/diff_new_pack.ol8BVB/_new 2023-11-01 22:09:40.318981713 +0100
@@ -389,6 +389,7 @@
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
+Patch200: 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch ++
>From 4bcf6f747c3ab0b998c6f5a361804e38bc9c4334 Mon Sep 17 00:00:00 2001
From: Stefan Berger
Date: Wed, 4 Oct 2023 11:32:35 -0400
Subject: [PATCH] kern/ieee1275/init: Restrict high memory in presence of
fadump on ppc64
When a kernel dump is present then restrict the high memory regions to
avoid allocating memory where the kernel dump resides. Use the
ibm,kernel-dump node under /rtas to determine whether a kernel dump
exists and up to which limit GRUB can use available memory. Set the
upper_mem_limit to the size of the kernel dump section of type
REAL_MODE_REGION and therefore only allow GRUB's memory usage for high
addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can
use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit
and the kernel-dump memory regions above upper_mem_limit remain
untouched. This change has no effect on memory allocations below
linux_rmo_save (typically at 640MB).
Also, fall back to allocating below rmo_linux_save in case the chunk of
memory there would be larger than the chunk of memory above RMO_ADDR_MAX.
This can for example occur if a free memory area is found starting at 300MB
extending up to 1GB but a kernel dump is located at 768MB and therefore
does not allow the allocation of the high memory area but requiring to use
the chunk starting at 300MB to avoid an unnecessary out-of-memory condition.
Signed-off-by: Stefan Berger
Reviewed-by: Hari Bathini
Cc: Pavithra Prakash
Cc: Michael Ellerman
Cc: Carolyn Scherrer
Cc: Mahesh Salgaonkar
Cc: Sourabh Jain
Reviewed-by: Daniel Kiper
---
grub-core/kern/ieee1275/init.c | 144 -
1 file changed, 142 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index bd9a4804b..d6c9c9049 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -17,6 +17,8 @@
* along with GRUB. If not, see
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-10-27 22:27:14
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.17445 (New)
Package is "grub2"
Fri Oct 27 22:27:14 2023 rev:305 rq:1120471 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-10-18
21:25:15.939735325 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.17445/grub2.changes 2023-10-27
22:27:21.573680006 +0200
@@ -1,0 +2,20 @@
+Thu Oct 26 06:04:54 UTC 2023 - Gary Ching-Pang Lin
+
+- Fix a potential error when appending multiple keys into the
+ synthesized initrd
+ * Fix-the-size-calculation-for-the-synthesized-initrd.patch
+
+---
+Wed Oct 25 01:56:09 UTC 2023 - Michael Chang
+
+- Fix Xen chainloding error of no matching file path found (bsc#1216081)
+ * grub2-efi-chainload-harder.patch
+
+---
+Mon Oct 23 13:11:45 UTC 2023 - Michael Chang
+
+- Use grub-tpm2 token to unlock keyslots to make the unsealing process more
+ efficient and secure.
+ * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
+
+---
@@ -788 +808 @@
-- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668)
+- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668)
(jsc#PED-1276)
@@ -871 +891 @@
- (bsc#1187810)
+ (bsc#1187810) (bsc#1209667) (bsc#1209372)
New:
0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
Fix-the-size-calculation-for-the-synthesized-initrd.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.oOFGGT/_old 2023-10-27 22:27:24.673793706 +0200
+++ /var/tmp/diff_new_pack.oOFGGT/_new 2023-10-27 22:27:24.677793852 +0200
@@ -387,6 +387,8 @@
Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
+Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch
+Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch ++
>From 06af22d6c893b0249712e9a486e0cbae15160e5c Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Mon, 23 Oct 2023 16:11:53 +0800
Subject: [PATCH] luks2: Use grub-tpm2 token for TPM2-protected volume unlock
This commit enables the use of the grub-tpm2 token for unlocking LUKS2
volumes protected by TPM2. The token tracks keyslots associated with a
sealed key, making the unsealing process more efficient and secure.
Signed-Off-by Michael Chang
---
grub-core/disk/luks2.c | 81 --
1 file changed, 79 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index d5106402f..fe5ba777a 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -124,6 +124,14 @@ struct grub_luks2_digest
};
typedef struct grub_luks2_digest grub_luks2_digest_t;
+struct grub_luks2_token_tpm
+{
+ grub_uint64_t idx;
+ grub_uint64_t keyslots;
+ const char*timestamp;
+};
+typedef struct grub_luks2_token_tpm grub_luks2_token_tpm_t;
+
gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
grub_uint8_t * dst, grub_size_t blocksize,
grub_size_t blocknumbers);
@@ -257,6 +265,39 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
return GRUB_ERR_NONE;
}
+static grub_err_t
+luks2_parse_token_tpm (grub_luks2_token_tpm_t *out, const grub_json_t *token)
+{
+ grub_json_t keyslots, o;
+ grub_size_t i, size;
+ grub_uint64_t bit;
+ const char *type;
+
+ if (grub_json_getstring (&type, token, "type"))
+return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid token type");
+ else if (grub_strcmp (type, "grub-tpm2"))
+return GRUB_ERR_NONE;
+
+ if (grub_json_getvalue (&keyslots, token, "keyslots") ||
+ grub_json_getstring (&out->timestamp, token, "timestamp"))
+return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing token parameters");
+
+ if (grub_json_getsize (&size, &keyslots))
+return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "Token references no keyslots");
+
+ out->keyslots = 0;
+ for (i = 0; i < size; i++)
+{
+ if (grub_json_getchild (&o, &keyslots, i) ||
+ grub_json_getuint64 (&bit, &o, NULL))
+
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-10-18 21:25:13
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31755 (New)
Package is "grub2"
Wed Oct 18 21:25:13 2023 rev:304 rq:1118449 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-10-13
23:14:01.413606150 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.31755/grub2.changes 2023-10-18
21:25:15.939735325 +0200
@@ -1,0 +2,9 @@
+Mon Oct 16 08:05:03 UTC 2023 - Michael Chang
+
+- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
+ when signed image installation is specified (bsc#1216075)
+ * 0003-grub-install-support-prep-environment-block.patch
+- grub2.spec: Add support to unlocking multiple encrypted disks in signed
+ grub.elf image for logical disks
+
+---
@@ -93 +102 @@
-- Version bump to 2.12~rc1
+- Version bump to 2.12~rc1 (PED-5589)
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.tqq6Is/_old 2023-10-18 21:25:18.175816326 +0200
+++ /var/tmp/diff_new_pack.tqq6Is/_new 2023-10-18 21:25:18.179816471 +0200
@@ -827,6 +827,7 @@
echo "ENV_HINT=$ENV_HINT"
echo "ENV_GRUB_DIR=$ENV_GRUB_DIR"
echo "ENV_FS_UUID=$ENV_FS_UUID"
+echo "ENV_CRYPTO_UUID=$ENV_CRYPTO_UUID"
if [ "$btrfs_relative_path" = xy ]; then
btrfs_relative_path=1
@@ -861,9 +862,9 @@
set root=""
set cfg="grub.cfg"
-if [ "$ENV_CRYPTO_UUID" ]; then
- cryptomount -u "$ENV_CRYPTO_UUID"
-fi
+for uuid in $ENV_CRYPTO_UUID; do
+ cryptomount -u $uuid
+done
if [ "$ENV_FS_UUID" ]; then
echo "searching for $ENV_FS_UUID with $hints"
++ 0003-grub-install-support-prep-environment-block.patch ++
--- /var/tmp/diff_new_pack.tqq6Is/_old 2023-10-18 21:25:18.335822122 +0200
+++ /var/tmp/diff_new_pack.tqq6Is/_new 2023-10-18 21:25:18.339822267 +0200
@@ -9,13 +9,18 @@
are defined for this purpose:
ENV_FS_UUID - The filesystem uuid for the grub root device
-ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device
+ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device separated
+by space
ENV_GRUB_DIR - The path to grub prefix directory
ENV_HINT - The recommended hint string for searching root device
The size of environment block is defined in GRUB_ENVBLK_PREP_SIZE which
is 4096 bytes and can be extended in the future.
+v2: Improve detection of ENV_CRYPTO_UUID by traversing all members of
+the logical disk and utilize a space as a separator when multiple UUIDs
+are found (bsc#1216075).
+
Signed-off-by: Michael Chang
---
include/grub/lib/envblk.h | 3 +++
@@ -44,7 +49,49 @@
#include
-@@ -2138,6 +2139,43 @@
+@@ -609,6 +610,41 @@
+ }
+ }
+
++static char *
++cryptodisk_uuids (grub_disk_t disk, int in_recurse)
++{
++ grub_disk_memberlist_t list = NULL, tmp;
++ static char *ret;
++
++ if (!in_recurse)
++ret = NULL;
++
++ if (disk->dev->disk_memberlist)
++list = disk->dev->disk_memberlist (disk);
++
++ while (list)
++{
++ ret = cryptodisk_uuids (list->disk, 1);
++ tmp = list->next;
++ free (list);
++ list = tmp;
++}
++
++ if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
++{
++ if (!ret)
++ret = grub_strdup (grub_util_cryptodisk_get_uuid (disk));
++ else
++ {
++char *s = grub_xasprintf ("%s %s", grub_util_cryptodisk_get_uuid
(disk), ret);
++grub_free (ret);
++ret = s;
++ }
++}
++
++ return ret;
++}
++
+ static int
+ is_same_disk (const char *a, const char *b)
+ {
+@@ -2138,6 +2174,43 @@
if (write_to_disk (ins_dev, imgfile))
grub_util_error ("%s", _("failed to copy Grub to the PReP
partition"));
grub_set_install_backup_ponr ();
@@ -52,13 +99,13 @@
+if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode ==
SIGNED_GRUB_AUTO) && (ppc_sb_state > 0)))
+ {
+char *uuid = NULL;
-+const char *cryptouuid = NULL;
+grub_envblk_t envblk = NULL;
+char *buf;
++char *cryptouuid = NULL;
++
++if (grub_dev->disk)
++ cryptouuid = cryptodisk_uuids (grub_dev->disk, 0);
+
-+/* TODO: Add LVM/RAID on encrypted partitions */
-+if (grub_dev->disk && grub_dev->disk->dev->id ==
GRUB_DISK_DEVICE_CRYPTODISK_ID)
-+ cryptouuid = grub_util_cryptodisk_get_uuid (grub_dev->disk);
+if (grub_fs->fs_uuid && grub_fs->fs_uuid (grub_dev, &uuid))
+ {
+grub_print_error ();
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-10-13 23:13:52
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.20540 (New)
Package is "grub2"
Fri Oct 13 23:13:52 2023 rev:303 rq:1117564 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-10-06
21:12:57.380631972 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.20540/grub2.changes 2023-10-13
23:14:01.413606150 +0200
@@ -1,0 +2,13 @@
+Fri Oct 6 05:06:59 UTC 2023 - Michael Chang
+
+- Fix CVE-2023-4692 (bsc#1215935)
+- Fix CVE-2023-4693 (bsc#1215936)
+ * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
+ * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
+ * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
+ * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
+ * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
+ * 0006-fs-ntfs-Make-code-more-readable.patch
+- Bump upstream SBAT generation to 4
+
+---
New:
0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
0006-fs-ntfs-Make-code-more-readable.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.VlsbN4/_old 2023-10-13 23:14:05.205743693 +0200
+++ /var/tmp/diff_new_pack.VlsbN4/_new 2023-10-13 23:14:05.221744273 +0200
@@ -22,7 +22,7 @@
%if %{defined sbat_distro}
# SBAT metadata
%define sbat_generation 1
-%define sbat_generation_grub 3
+%define sbat_generation_grub 4
%else
%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
%endif
@@ -381,6 +381,12 @@
Patch189: grub2-mkconfig-riscv64.patch
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
+Patch192: 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
+Patch193: 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
+Patch194: 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
+Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
+Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
+Patch197: 0006-fs-ntfs-Make-code-more-readable.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch ++
>From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
From: Maxim Suhanov
Date: Mon, 28 Aug 2023 16:31:57 +0300
Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the
$ATTRIBUTE_LIST attribute for the $MFT file
When parsing an extremely fragmented $MFT file, i.e., the file described
using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
containing bytes read from the underlying drive to store sector numbers,
which are consumed later to read data from these sectors into another buffer.
These sectors numbers, two 32-bit integers, are always stored at predefined
offsets, 0x10 and 0x14, relative to first byte of the selected entry within
the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
However, when parsing a specially-crafted file system image, this may cause
the NTFS code to write these integers beyond the buffer boundary, likely
causing the GRUB memory allocator to misbehave or fail. These integers contain
values which are controlled by on-disk structures of the NTFS file system.
Such modification and resulting misbehavior may touch a memory range not
assigned to the GRUB and owned by firmware or another EFI application/driver.
This fix introduces checks to ensure that these sector numbers are never
written beyond the boundary.
Fixes: CVE-2023-4692
Reported-by: Maxim Suhanov
Signed-off-by: Maxim Suhanov
Reviewed-by: Daniel Kiper
---
grub-core/fs/ntfs.c | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index bbdbe24ad..c3c4db117 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
}
if (at->attr_end)
{
- grub_uint8_t *pa;
+ grub_uint8_t *pa, *pa_end;
at->emft_buf = grub_malloc (at->mft->data->mft_size <<
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-10-06 21:12:40
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.28202 (New)
Package is "grub2"
Fri Oct 6 21:12:40 2023 rev:302 rq:1115941 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-10-02
20:04:48.739235293 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.28202/grub2.changes 2023-10-06
21:12:57.380631972 +0200
@@ -1,0 +2,26 @@
+Thu Oct 5 09:49:54 UTC 2023 - Fabian Vogt
+
+- Add patch to fix reading files from btrfs with "implicit" holes:
+ * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
+
+---
+Mon Oct 2 14:30:49 UTC 2023 - Gary Ching-Pang Lin
+
+- Update the TPM 2.0 patches to support more RSA and ECC algorithms
+ * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
+ * 0003-protectors-Add-TPM2-Key-Protector.patch
+ * 0005-util-grub-protect-Add-new-tool.patch
+
+---
+Mon Oct 2 08:11:56 UTC 2023 - Michael Chang
+
+- Remove build require for gcc-32bit, target platform didn't rely on libgcc
+ function shipped with compiler but rather using functions supplied in grub
+ directly.
+
+---
+Fri Sep 29 08:38:13 UTC 2023 - Fabian Vogt
+
+- Add BuildIgnore to break cycle with the branding package
+
+---
New:
0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.elWAPU/_old 2023-10-06 21:13:11.913157002 +0200
+++ /var/tmp/diff_new_pack.elWAPU/_new 2023-10-06 21:13:11.913157002 +0200
@@ -28,14 +28,6 @@
%endif
Name: grub2
-%ifarch x86_64 ppc64
-BuildRequires: gcc-32bit
-BuildRequires: glibc-32bit
-BuildRequires: glibc-devel-32bit
-%else
-BuildRequires: gcc
-BuildRequires: glibc-devel
-%endif
BuildRequires: automake
BuildRequires: bison
BuildRequires: device-mapper-devel
@@ -43,6 +35,8 @@
BuildRequires: flex
BuildRequires: freetype2-devel
BuildRequires: fuse-devel
+BuildRequires: gcc
+BuildRequires: glibc-devel
%if 0%{?suse_version} >= 1140
BuildRequires: dejavu-fonts
BuildRequires: gnu-unifont
@@ -157,6 +151,9 @@
%endif
%ifarch %{efi}
+# The branding package requires grub2. It's not necessary here,
+# so break the dep to avoid a cycle.
+#!BuildIgnore: grub2
BuildRequires: grub2-branding
BuildRequires: squashfs
%endif
@@ -383,6 +380,7 @@
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch189: grub2-mkconfig-riscv64.patch
Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
+Patch191: 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch ++
>From f903b9a9adb64e733e581771d2a24efae7fbe529 Mon Sep 17 00:00:00 2001
From: Fabian Vogt
Date: Thu, 5 Oct 2023 11:02:25 +0200
Subject: [PATCH] fs/btrfs: Zero file data not backed by extents
Implicit holes in file data need to be zeroed explicitly, instead of
just leaving the data in the buffer uninitialized.
This led to kernels randomly failing to boot in "fun" ways when loaded
from btrfs with the no_holes feature enabled, because large blocks of
zeros in the kernel file contained random data instead.
Signed-off-by: Fabian Vogt
---
grub-core/fs/btrfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 19bff4610..ba0c58352 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1603,6 +1603,8 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
csize = grub_le_to_cpu64 (key_out.offset) - pos;
if (csize > len)
csize = len;
+
+ grub_memset (buf, 0, csize);
buf += csize;
pos += csize;
len -= csize;
--
2.42.0
++ 0002-tpm2-Add-TPM-Software-Stack-TSS.patch ++
--- /var/tmp/diff_new_pack.elWAPU/_old 2023-10-06 21:13:12.053162060 +0200
+++ /var/tmp/diff_new_pack.elWAPU/_new 2023-10-06 21:13:12.057162205 +0200
@@ -1,7 +1,7 @@
-From a4f5c4aa64e0484b08dcb9b7798395c55ca45ead Mon Sep 17 00:00:00 2001
+From c5a42cf3340aa740132bcdb8e8cee22c23306ef5 Mon Sep 17 00:00:00 2001
From: Hernan Gatta
Date: Tue, 1 Feb 2022 05:02:54 -0800
-Subject: [PATCH 2/5] tpm2: Add TPM Software Stack (TSS)
+Subject: [PATCH v6 09/20] tpm2: Add TPM Software Stack
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-10-02 20:04:15
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.28202 (New)
Package is "grub2"
Mon Oct 2 20:04:15 2023 rev:301 rq:1113952 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-09-06
18:55:31.713859208 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.28202/grub2.changes 2023-10-02
20:04:48.739235293 +0200
@@ -1,0 +2,26 @@
+Wed Sep 27 03:37:10 UTC 2023 - Gary Ching-Pang Lin
+
+- Only build with fde-tpm-helper-rpm-macros for the architectures
+ supporting the newer UEFI and TPM 2.0.
+ * Also correct the location of %fde_tpm_update_requires
+
+---
+Wed Sep 20 07:54:05 UTC 2023 - Michael Chang
+
+- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
+ * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+
+---
+Tue Sep 19 06:31:43 UTC 2023 - Gary Ching-Pang Lin
+
+- Add the new BuildRequires for EFI builds for the better FDE
+ support: fde-tpm-helper-rpm-macros
+ + Also add the the macros to %post and %posttrans
+
+---
+Mon Sep 11 13:17:20 UTC 2023 - Chester Lin
+
+- Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151)
+ * arm64-Use-proper-memory-type-for-kernel-allocation.patch
+
+---
New:
arm64-Use-proper-memory-type-for-kernel-allocation.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.gyFuTa/_old 2023-10-02 20:05:02.127716782 +0200
+++ /var/tmp/diff_new_pack.gyFuTa/_new 2023-10-02 20:05:02.131716926 +0200
@@ -161,6 +161,14 @@
BuildRequires: squashfs
%endif
+# For ALP and Tumbleweed
+%if 0%{?suse_version} >= 1600
+# Only include the macros for the architectures with the newer UEFI and TCG
protocol
+%ifarch x86_64 aarch64 riscv64
+BuildRequires: fde-tpm-helper-rpm-macros
+%endif
+%endif
+
Version:2.12~rc1
Release:0
Summary:Bootloader with support for Linux, Multiboot and more
@@ -374,6 +382,7 @@
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
Patch189: grub2-mkconfig-riscv64.patch
+Patch190: arm64-Use-proper-memory-type-for-kernel-allocation.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -497,6 +506,7 @@
Requires: perl-Bootloader >= 0.706
Requires(post): perl-Bootloader >= 0.706
%endif
+%{?fde_tpm_update_requires}
Provides: %{name}-efi = %{version}-%{release}
Obsoletes: %{name}-efi < %{version}-%{release}
@@ -1147,6 +1157,10 @@
%ifarch %{efi}
%post %{grubefiarch}
+%if 0%{?fde_tpm_update_post:1}
+%fde_tpm_update_post grub2-efi
+%endif
+
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
@@ -1182,6 +1196,7 @@
%posttrans %{grubefiarch}
%{?update_bootloader_posttrans}
+%{?fde_tpm_update_posttrans}
%endif
++ 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ++
--- /var/tmp/diff_new_pack.gyFuTa/_old 2023-10-02 20:05:02.255721385 +0200
+++ /var/tmp/diff_new_pack.gyFuTa/_new 2023-10-02 20:05:02.255721385 +0200
@@ -1,6 +1,6 @@
-From b99c45820f228ff5b881700eda95a017abf2e198 Mon Sep 17 00:00:00 2001
-From: Mukesh Kumar Chaurasiya
-Date: Wed, 1 Mar 2023 15:08:05 +0530
+From f4728ed5307b6be6377b7bdafcab55fd3676a761 Mon Sep 17 00:00:00 2001
+From: Mukesh Kumar Chaurasiya
+Date: Mon, 17 Jul 2023 16:02:34 +0530
Subject: [PATCH] ieee1275/ofdisk: retry on open and read failure
Sometimes, when booting from a very busy SAN, the access to the
@@ -8,15 +8,48 @@
This scenario is more frequent when deploying many machines at
the same time using the same SAN.
This patch aims to force the ofdisk module to retry the open or
-read function after it fails. We use MAX_RETRIES to specify the
-amount of times it will try to access the disk before it
-definitely fails.
+read function for network disks excluding after it fails. We use
+DEFAULT_RETRY_TIMEOUT, which is 15 seconds to specify the time it'll
+retry to access the disk before it definitely fails. The timeout can be
+changed by setting the environment variable ofdisk_retry_timeout.
+If the environment variable fails to read, grub will consider the
+default value of 15 seconds.
-Signed-off-by: Mukesh Kumar Chaurasiya
+Signed-off-by: Diego Domingos
+Signed-off
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-09-06 18:55:28
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1766 (New)
Package is "grub2"
Wed Sep 6 18:55:28 2023 rev:300 rq:1108747 version:2.12~rc1
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-08-31
13:42:21.305011385 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1766/grub2.changes2023-09-06
18:55:31.713859208 +0200
@@ -1,0 +2,5 @@
+Thu Aug 31 19:09:33 UTC 2023 - Andreas Schwab
+
+- grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig
+
+---
New:
grub2-mkconfig-riscv64.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.XkDSOY/_old 2023-09-06 18:55:46.322379973 +0200
+++ /var/tmp/diff_new_pack.XkDSOY/_new 2023-09-06 18:55:46.326380115 +0200
@@ -373,6 +373,7 @@
Patch186: 0002-cryptodisk-Fallback-to-passphrase.patch
Patch187: 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
Patch188: 0004-diskfilter-look-up-cryptodisk-devices-first.patch
+Patch189: grub2-mkconfig-riscv64.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ grub2-mkconfig-riscv64.patch ++
Index: grub-2.04/util/grub.d/10_linux.in
===
--- grub-2.04.orig/util/grub.d/10_linux.in
+++ grub-2.04/util/grub.d/10_linux.in
@@ -216,6 +216,7 @@ case "x$machine" in
xi?86 | xx86_64) klist="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ;;
xaarch64) klist="/boot/Image-* /Image-* /boot/kernel-*" ;;
xarm*) klist="/boot/zImage-* /zImage-* /boot/kernel-*" ;;
+xriscv64) klist="/boot/Image-* /Image-* /boot/kernel-*" ;;
xs390 | xs390x) klist="/boot/image-* /boot/kernel-*" ;;
*) klist="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* \
/boot/kernel-*" ;;
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-08-04 15:02:51
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.22712 (New)
Package is "grub2"
Fri Aug 4 15:02:51 2023 rev:298 rq:1102093 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-07-27
16:50:13.117614298 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.22712/grub2.changes 2023-08-04
15:02:55.076091508 +0200
@@ -1,0 +2,6 @@
+Thu Aug 3 03:24:41 UTC 2023 - Gary Ching-Pang Lin
+
+- Change the bash-completion directory (bsc#1213855)
+ * grub2-change-bash-completion-dir.patch
+
+---
New:
grub2-change-bash-completion-dir.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.ad7RZs/_old 2023-08-04 15:02:58.272111430 +0200
+++ /var/tmp/diff_new_pack.ad7RZs/_new 2023-08-04 15:02:58.276111455 +0200
@@ -508,6 +508,8 @@
Patch990: 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
Patch991: 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
+Patch992: grub2-change-bash-completion-dir.patch
+
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
%ifnarch s390x
@@ -1365,7 +1367,7 @@
%endif
%dir /boot/%{name}
%ghost %attr(600, root, root) /boot/%{name}/grub.cfg
-%{_sysconfdir}/bash_completion.d/grub
+%{_datadir}/bash-completion/completions/grub
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
%{_sysconfdir}/grub.d/README
++ grub2-change-bash-completion-dir.patch ++
diff --git a/util/bash-completion.d/Makefile.am
b/util/bash-completion.d/Makefile.am
index 136287c..2123a3c 100644
--- a/util/bash-completion.d/Makefile.am
+++ b/util/bash-completion.d/Makefile.am
@@ -6,7 +6,7 @@ EXTRA_DIST = $(bash_completion_source)
CLEANFILES = $(bash_completion_script) config.log
-bashcompletiondir = $(sysconfdir)/bash_completion.d
+bashcompletiondir = $(datadir)/bash-completion/completions
bashcompletion_DATA = $(bash_completion_script)
$(bash_completion_script): $(bash_completion_source)
$(top_builddir)/config.status
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-07-27 16:50:01
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.32662 (New)
Package is "grub2"
Thu Jul 27 16:50:01 2023 rev:297 rq:1100800 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-05-30
22:02:13.654934327 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.32662/grub2.changes 2023-07-27
16:50:13.117614298 +0200
@@ -1,0 +2,7 @@
+Wed Jul 26 03:04:25 UTC 2023 - Michael Chang
+
+- Fix error message "unknown command tpm_record_pcrs" with encrypted boot and
+ no tpm device present (bsc#1213547)
+ * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+
+---
Other differences:
--
++ 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch ++
--- /var/tmp/diff_new_pack.5GbQYI/_old 2023-07-27 16:50:18.441644378 +0200
+++ /var/tmp/diff_new_pack.5GbQYI/_new 2023-07-27 16:50:18.445644402 +0200
@@ -94,23 +94,28 @@
+}
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
-@@ -311,6 +311,8 @@
+@@ -311,16 +311,19 @@
GRUB_MOD_INIT (tpm)
{
+- grub_verifier_register (&grub_tpm_verifier);
+-
+ cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
+ N_("LIST_OF_PCRS"),
+ N_("Snapshot one or more PCR values and record
them in an EFI variable."),
+ grub_tpm_record_pcrs_options);
+ if (!grub_tpm_present())
+return;
- grub_verifier_register (&grub_tpm_verifier);
-
- cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
-@@ -321,6 +323,8 @@
++ grub_verifier_register (&grub_tpm_verifier);
+ }
GRUB_MOD_FINI (tpm)
{
+- grub_verifier_unregister (&grub_tpm_verifier);
+ grub_unregister_extcmd (cmd);
+ if (!grub_tpm_present())
+return;
- grub_verifier_unregister (&grub_tpm_verifier);
- grub_unregister_extcmd (cmd);
++ grub_verifier_unregister (&grub_tpm_verifier);
}
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-05-30 22:02:05
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1533 (New)
Package is "grub2"
Tue May 30 22:02:05 2023 rev:296 rq:1089792 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-05-12
20:32:20.500449901 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1533/grub2.changes2023-05-30
22:02:13.654934327 +0200
@@ -1,0 +2,8 @@
+Tue May 30 11:03:54 UTC 2023 - Dirk Müller
+
+- add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch,
+ 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch:
+ * support more featureful extX filesystems (backport from
+ upstream git)
+
+---
New:
0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.Amw0G7/_old 2023-05-30 22:02:16.270949745 +0200
+++ /var/tmp/diff_new_pack.Amw0G7/_new 2023-05-30 22:02:16.278949792 +0200
@@ -504,6 +504,9 @@
Patch980: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Patch981: 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
Patch982: 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
+# support newer extX filesystem defaults
+Patch990: 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
+Patch991: 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch ++
>From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas
Date: Fri, 11 Jun 2021 21:36:16 +0200
Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature
This incompat feature is used to denote that the filesystem stored its
metadata checksum seed in the superblock. This is used to allow tune2fs
changing the UUID on a mounted metdata_csum filesystem without having
to rewrite all the disk metadata. However, the GRUB doesn't use the
metadata checksum at all. So, it can just ignore this feature if it
is enabled. This is consistent with the GRUB filesystem code in general
which just does a best effort to access the filesystem's data.
The checksum seed incompat feature has to be removed from the ignore
list if the support for metadata checksum verification is added to the
GRUB ext2 driver later.
Suggested-by: Eric Sandeen
Suggested-by: Lukas Czerner
Signed-off-by: Javier Martinez Canillas
Reviewed-by: Lukas Czerner
Reviewed-by: Daniel Kiper
---
grub-core/fs/ext2.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e7dd78e66..4953a1591 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED0x2000
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x1
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp:Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * checksum seed: Not really back-incompatible - was added to allow tools
+ * such as tune2fs to change the UUID on a mounted metadata
+ * checksummed filesystem. Safe to ignore for now since the
+ * driver doesn't support checksum verification. However, it
+ * has to be removed from this list if the support is added
later.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
-| EXT4_FEATURE_INCOMPAT_MMP)
-
+| EXT4_FEATURE_INCOMPAT_MMP \
+| EXT4_FEATURE_INCOMPAT_CSUM_SEED)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
2.40.1
++ 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch ++
>From 2e9fa73a040462b81bfbfe56c0bc7ad2d30b446b Mon Sep 17 00:00:00 2001
From: Theodore Ts'o
Date: Tue, 30 Aug 2022 22:41:59 -0400
Subject: [PATCH] fs/ext2: Ignore the large_dir incompat feature
Recently, ext4 added the large_dir feature, which adds
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-05-12 20:32:17
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1533 (New)
Package is "grub2"
Fri May 12 20:32:17 2023 rev:295 rq:1086148 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-04-30
16:07:48.844166566 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1533/grub2.changes2023-05-12
20:32:20.500449901 +0200
@@ -1,0 +2,5 @@
+Thu May 4 06:58:12 UTC 2023 - Michael Chang
+
+- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
+
+---
Other differences:
--
++ grub2-once ++
--- /var/tmp/diff_new_pack.dKrJuF/_old 2023-05-12 20:32:24.756474331 +0200
+++ /var/tmp/diff_new_pack.dKrJuF/_new 2023-05-12 20:32:24.760474354 +0200
@@ -23,6 +23,12 @@
my ( $exp ) = @_;
dPrint( "?? '$exp' ");
+
+ # Don't test grub command return status from linux shell, this often results
+ # in command not found error. In such case the expression often has no
+ # opening bracket and just returning false here to signify -ENOCMD error.
+ return 0 if ( $exp =~ m{^\s*[^\[]});
+
$exp .= " ]" if ( $exp =~ m{^\[.*[^\]]\s*$} ); # gnaaa
#my $t = qx{set -x; $exp};
my $t = qx{$exp};
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2023-04-30 16:07:39 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1533 (New) Package is "grub2" Sun Apr 30 16:07:39 2023 rev:294 rq:1082902 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-04-22 21:57:36.604193973 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.1533/grub2.changes2023-04-30 16:07:48.844166566 +0200 @@ -1,0 +2,49 @@ +Wed Apr 26 07:22:03 UTC 2023 - Gary Ching-Pang Lin + +- Exclude the deprecated EFI location, /usr/lib64/efi/, from + Tumbleweed and ALP + +--- +Fri Apr 21 07:53:30 UTC 2023 - Gary Ching-Pang Lin + +- Update TPM 2.0 key unsealing patches + * Add the new upstreaming patches +0001-protectors-Add-key-protectors-framework.patch +0002-tpm2-Add-TPM-Software-Stack-TSS.patch +0003-protectors-Add-TPM2-Key-Protector.patch +0004-cryptodisk-Support-key-protectors.patch +0005-util-grub-protect-Add-new-tool.patch + * Add the authorized policy patches based on the upstreaming +patches +0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch +0002-tpm2-Add-more-marshal-unmarshal-functions.patch +0003-tpm2-Implement-more-TPM2-commands.patch +0004-tpm2-Support-authorized-policy.patch + * Drop the old patches +0010-protectors-Add-key-protectors-framework.patch +0011-tpm2-Add-TPM-Software-Stack-TSS.patch +0012-protectors-Add-TPM2-Key-Protector.patch +0013-cryptodisk-Support-key-protectors.patch +0014-util-grub-protect-Add-new-tool.patch +fix-tpm2-build.patch +tpm-protector-dont-measure-sealed-key.patch +tpm-protector-export-secret-key.patch +grub-unseal-debug.patch +0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch +0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch +0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch +0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch +0005-tpm2-add-more-marshal-unmarshal-functions.patch +0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch +0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch +0008-tpm2-allow-some-command-parameters-to-be-NULL.patch +0009-tpm2-remove-the-unnecessary-variables.patch +0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch +0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch +0012-tpm2-initialize-the-PCR-selection-list-early.patch +0013-tpm2-support-unsealing-key-with-authorized-policy.patch + * Refresh grub-read-pcr.patch + * Introduce a new build requirement: libtasn1-devel +- Only package grub2-protect for the architectures with EFI support + +--- Old: 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch 0005-tpm2-add-more-marshal-unmarshal-functions.patch 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch 0009-tpm2-remove-the-unnecessary-variables.patch 0010-protectors-Add-key-protectors-framework.patch 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch 0011-tpm2-Add-TPM-Software-Stack-TSS.patch 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch 0012-protectors-Add-TPM2-Key-Protector.patch 0012-tpm2-initialize-the-PCR-selection-list-early.patch 0013-cryptodisk-Support-key-protectors.patch 0013-tpm2-support-unsealing-key-with-authorized-policy.patch 0014-util-grub-protect-Add-new-tool.patch fix-tpm2-build.patch grub-unseal-debug.patch tpm-protector-dont-measure-sealed-key.patch tpm-protector-export-secret-key.patch New: 0001-protectors-Add-key-protectors-framework.patch 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch 0002-tpm2-Add-TPM-Software-Stack-TSS.patch 0002-tpm2-Add-more-marshal-unmarshal-functions.patch 0003-protectors-Add-TPM2-Key-Protector.patch 0003-tpm2-Implement-more-TPM2-commands.patch 0004-cryptodisk-Support-key-protectors.patch 0004-tpm2-Support-authorized-policy.patch 0005-util-grub-protect-Add-new-tool.patch Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.3qedkw/_old 2023-04-30 16:07:52.336187870 +0200 +++ /var/tmp/diff_new_pack.3qedkw/_new
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-04-22 21:57:07
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1533 (New)
Package is "grub2"
Sat Apr 22 21:57:07 2023 rev:293 rq:1081121 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-04-20
15:13:47.169767710 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1533/grub2.changes2023-04-22
21:57:36.604193973 +0200
@@ -1,0 +2,7 @@
+Fri Apr 21 04:53:54 UTC 2023 - Michael Chang
+
+- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
+ * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
+ * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
+
+---
New:
0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.bFtnJZ/_old 2023-04-22 21:57:40.092214826 +0200
+++ /var/tmp/diff_new_pack.bFtnJZ/_new 2023-04-22 21:57:40.096214850 +0200
@@ -507,6 +507,8 @@
Patch978: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
Patch979: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
Patch980: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
+Patch981: 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
+Patch982: 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch ++
>From 10f3a89078f9a6da7104e0978e385362e16af971 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan
Date: Mon, 27 Mar 2023 12:25:39 +0530
Subject: [PATCH 1/2] kern/ieee1275/init: Convert plain numbers to constants in
Vec5
This patch converts the plain numbers used in Vec5 properties to constants.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. CMO: Enables the Cooperative Memory Over-commitment Option.
4. MAX_CPU: Defines maximum number of CPUs supported.
Signed-off-by: Avnish Chouhan
Reviewed-by: Daniel Kiper
---
grub-core/kern/ieee1275/init.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index e1dbff86a..eaa25d0db 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -61,6 +61,12 @@ extern char _end[];
grub_addr_t grub_ieee1275_original_stack;
#endif
+#define LPAR 0x80
+#define SPLPAR 0x40
+#define BYTE2(LPAR | SPLPAR)
+#define CMO 0x80
+#define MAX_CPU 256
+
void
grub_exit (void)
{
@@ -378,7 +384,7 @@ grub_ieee1275_ibm_cas (void)
.vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
.vec5_size = 1 + sizeof (struct option_vector5) - 2,
.vec5 = {
- 0, 192, 0, 128, 0, 0, 0, 0, 256
+ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
}
};
--
2.39.2
++ 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch ++
>From 6c9a76053006f7532d9fb3e0e80eb11ebd80df98 Mon Sep 17 00:00:00 2001
From: Avnish Chouhan
Date: Mon, 27 Mar 2023 12:25:40 +0530
Subject: [PATCH 2/2] kern/ieee1275/init: Extended support in Vec5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch enables multiple options in Vec5 which are required and
solves the boot issues seen on some machines which are looking for
these specific options.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. DYN_RCON_MEM: Client program supports the
âibm,dynamic-reconfiguration-memoryâ property and it may be
presented in the device tree.
4. LARGE_PAGES: Client supports pages larger than 4 KB.
5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles.
6. PCI_EXP: Client supports PCI Express implementations
utilizing Message Signaled Interrupts (MSIs).
7. CMOC: Enables the Cooperative Memory Over-commitment Option.
8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option.
9. ASSOC_REF: Enables âibm,associativityâ and
âibm,associativity-reference-pointsâ properties.
10. AFFINITY: Enables Platform Resource Reassignment Notification.
11. NUMA: Supports NUMA Distance Lookup Table Option.
12. HOTPLUG_INTRPT: Supports Hotplug Interrupts.
13. HPT_RESIZE: Enable Hash Page Table Resi
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-04-20 15:13:28
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2023 (New)
Package is "grub2"
Thu Apr 20 15:13:28 2023 rev:292 rq:1080039 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-04-13
14:09:59.208034492 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.2023/grub2.changes2023-04-20
15:13:47.169767710 +0200
@@ -1,0 +2,12 @@
+Tue Apr 18 02:42:23 UTC 2023 - Michael Chang
+
+- Fix no prep partition error on non-PReP architectures by making the
+ prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489)
+ * 0004-Introduce-prep_load_env-command.patch
+- Fix the issue of freeing an uninitialized pointer
+ * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
+- Rediff
+ * 0005-export-environment-at-start-up.patch
+ * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+
+---
Other differences:
--
++ 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch ++
--- /var/tmp/diff_new_pack.AkAlEi/_old 2023-04-20 15:13:50.337782237 +0200
+++ /var/tmp/diff_new_pack.AkAlEi/_new 2023-04-20 15:13:50.341782254 +0200
@@ -20,13 +20,14 @@
handle the encoded comma in the Open Firmware device specifier, ensuring
that the correct boot device is identified and used.
+v2:
+Fix the issue of freeing an uninitialized pointer in early_prep_loadenv.
+
Signed-off-by: Michael Chang
---
grub-core/commands/prep_loadenv.c | 108 ++
1 file changed, 79 insertions(+), 29 deletions(-)
-diff --git a/grub-core/commands/prep_loadenv.c
b/grub-core/commands/prep_loadenv.c
-index de1b95689..c9797c50a 100644
--- a/grub-core/commands/prep_loadenv.c
+++ b/grub-core/commands/prep_loadenv.c
@@ -15,7 +15,7 @@
@@ -38,7 +39,7 @@
{
if (match->rm_so != -1)
{
-@@ -185,24 +185,18 @@ prep_partname (const char *devname, char **prep)
+@@ -185,24 +185,18 @@
return err;
}
@@ -67,7 +68,7 @@
if (ret)
goto fail;
-@@ -210,22 +204,11 @@ boot_disk_prep_partname (char **name)
+@@ -210,22 +204,11 @@
if (! matches)
goto fail;
@@ -94,7 +95,7 @@
}
fail:
-@@ -235,13 +218,58 @@ boot_disk_prep_partname (char **name)
+@@ -235,13 +218,60 @@
if (!comperr)
{
regfree (®ex);
@@ -117,6 +118,8 @@
+ grub_size_t nmatch;
+ char *devname = NULL;
+
++ *name = NULL;
++
+ if (varname)
+cmdpath = grub_env_get (varname);
+ else
@@ -155,7 +158,7 @@
}
static grub_err_t
-@@ -274,13 +302,31 @@ grub_cmd_prep_loadenv (grub_command_t cmd __attribute__
((unused)),
+@@ -274,13 +304,31 @@
return GRUB_ERR_NONE;
}
@@ -181,25 +184,23 @@
early_prep_loadenv (void)
{
grub_err_t err;
- char *prep;
+- char *prep;
++ char *prep = NULL;
- err = boot_disk_prep_partname (&prep);
+ err = boot_disk_prep_partname (NULL, &prep);
if (err == GRUB_ERR_NONE && prep)
err = prep_read_envblk (prep);
if (err == GRUB_ERR_BAD_FILE_TYPE || err == GRUB_ERR_FILE_NOT_FOUND)
-@@ -295,6 +341,10 @@ static grub_command_t cmd_prep_load;
- GRUB_MOD_INIT(prep_loadenv)
+@@ -296,6 +344,10 @@
{
early_env_hook = early_prep_loadenv;
-+ cmd_prep_load =
+ cmd_prep_load =
+grub_register_command("prep_partname", grub_cmd_prep_partname,
+"VARNAME",
+N_("Get partition name of PReP."));
- cmd_prep_load =
++ cmd_prep_load =
grub_register_command("prep_load_env", grub_cmd_prep_loadenv,
"DEVICE",
---
-2.39.2
-
+ N_("Load variables from environment block file."));
++ 0004-Introduce-prep_load_env-command.patch ++
--- /var/tmp/diff_new_pack.AkAlEi/_old 2023-04-20 15:13:50.389782475 +0200
+++ /var/tmp/diff_new_pack.AkAlEi/_new 2023-04-20 15:13:50.393782493 +0200
@@ -15,6 +15,9 @@
To avoid disrupting the boot process with errors, it's important to log
any errors that may occur and always return GRUB_ERR_NONE.
+v3:
+Making the new module powerpc_ieee1275 specific.
+
Signed-off-by: Michael Chang
---
grub-core/Makefile.core.def | 5 +
@@ -24,7 +27,7 @@
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
-@@ -2624,3 +2624,8 @@
+@@ -2624,3 +2624,9 @@
common = lib/libtasn1_wrap/tests/Test_strings.c;
common = lib/libtasn1_wrap/wrap_tests.c;
};
@@ -32,6 +35,7 @@
+module = {
+ name = prep_loadenv;
+ common = commands/prep_loadenv.c;
++ enable = powerpc_ieee1275;
+};
--- /dev/null
+++ b/grub-core/com
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-04-13 14:09:50
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.19717 (New)
Package is "grub2"
Thu Apr 13 14:09:50 2023 rev:291 rq:1078547 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-03-25
18:54:08.054280619 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.19717/grub2.changes 2023-04-13
14:09:59.208034492 +0200
@@ -1,0 +2,17 @@
+Tue Apr 11 11:13:26 UTC 2023 - Michael Chang
+
+- Resolve some issues with OS boot failure on PPC NVMe-oF disks and made
+ enhancements to PPC secure boot's root device discovery config (bsc#1207230)
+- Ensure get_devargs and get_devname functions are consistent
+ * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
+- Fix regex for Open Firmware device specifier with encoded commas
+ * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
+- Fix regular expression in PPC secure boot config to prevent escaped commas
+ from being treated as delimiters when retrieving partition substrings.
+- Use prep_load_env in PPC secure boot config to handle unset host-specific
+ environment variables and ensure successful command execution.
+ * 0004-Introduce-prep_load_env-command.patch
+- Refreshed
+ * 0005-export-environment-at-start-up.patch
+
+---
New:
0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.HbK0rV/_old 2023-04-13 14:10:03.056056587 +0200
+++ /var/tmp/diff_new_pack.HbK0rV/_new 2023-04-13 14:10:03.060056610 +0200
@@ -505,6 +505,8 @@
Patch976: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
Patch977: 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
Patch978: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
+Patch979: 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
+Patch980: 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -920,12 +922,22 @@
EOF
cat > ./grub.cfg <<'EOF'
-regexp --set 1:bdev --set 2:bpart --set 3:bpath '\(([^,]+)(,?.*)?\)(.*)'
"$cmdpath"
+regexp --set 1:bdev --set 2:bpath '\((.*)\)(.*)' "$cmdpath"
+regexp --set 1:bdev --set 2:bpart '(.*[^\])(,.*)' "$bdev"
echo "bdev=$bdev"
echo "bpart=$bpart"
echo "bpath=$bpath"
+if [ -z "$ENV_FS_UUID" ]; then
+ echo "Reading vars from ($bdev)"
+ prep_load_env "($bdev)"
+fi
+
+echo "ENV_HINT=$ENV_HINT"
+echo "ENV_GRUB_DIR=$ENV_GRUB_DIR"
+echo "ENV_FS_UUID=$ENV_FS_UUID"
+
if [ "$btrfs_relative_path" = xy ]; then
btrfs_relative_path=1
fi
++ 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch ++
>From 468628bdc39800341e7aa6ff7795cc0d93cfaf3f Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Tue, 11 Apr 2023 10:59:34 +0800
Subject: [PATCH 1/2] openfw: Ensure get_devargs and get_devname functions are
consistent
Commit 165c9b234 changed the logic of ieee1275_get_devargs() to use the
first or second occurrence of a colon as a separator between device name
and arguments. However, this didn't align with the complementary
function ieee1275_get_devname, which uses the first occurrence of a
colon after the namespace keyword as arguments for the nvme-of device.
This commit addresses the inconsistency by ensuring that both functions
follow a common logic. Now, get_devargs and get_devname functions are
consistent with each other, making it easier to understand and maintain
the codebase.
Signed-off-by: Michael Chang
---
grub-core/kern/ieee1275/openfw.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c
index e2ffec32d..3bbd07d95 100644
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -354,13 +354,16 @@ static char *
grub_ieee1275_get_devargs (const char *path)
{
char *colon = grub_strchr (path, ':');
- char *colon_check = colon;
- /* Find the last occurence of colon */
- while(colon_check){
-colon = colon_check;
-colon_check = grub_strchr (colon+1, ':');
- }
+ /* Use the same logic in grub_ieee1275_get_devname for nvme-of arguments */
+ if (grub_strstr(path, "nvme-of"))
+{
+ char *namespace_split = grub_strstr(path,"/namespace@");
+ if (namespace_split)
+ colon = grub_strchr (namespace_split, ':');
+ else
+ colon
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2023-03-25 18:54:05 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New) Package is "grub2" Sat Mar 25 18:54:05 2023 rev:290 rq:1073913 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-03-22 22:29:17.617786131 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-03-25 18:54:08.054280619 +0100 @@ -1,0 +2,7 @@ +Thu Mar 23 05:25:50 UTC 2023 - Michael Chang + +- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in + btrfs filesystem. (bsc#1209165) + * grub2-btrfs-05-grub2-mkconfig.patch + +--- Other differences: -- ++ grub2-btrfs-05-grub2-mkconfig.patch ++ --- /var/tmp/diff_new_pack.mxxllS/_old 2023-03-25 18:54:11.214297138 +0100 +++ /var/tmp/diff_new_pack.mxxllS/_new 2023-03-25 18:54:11.218297159 +0100 @@ -1,3 +1,7 @@ + +Always declare path specification in case of inconsistent declaration +elsewhere. (bsc#1209165) + --- util/grub-mkconfig.in |3 ++- util/grub-mkconfig_lib.in |4 @@ -22,7 +26,7 @@ is_path_readable_by_grub () --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in -@@ -27,6 +27,14 @@ +@@ -27,6 +27,21 @@ . "$pkgdatadir/grub-mkconfig_lib" @@ -32,12 +36,19 @@ +set btrfs_relative_path="y" +export btrfs_relative_path +EOF ++else ++# Always declare path specification in case of inconsistent declaration ++# elsewhere. (bsc#1209165) ++cat <
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-03-22 22:29:15
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New)
Package is "grub2"
Wed Mar 22 22:29:15 2023 rev:289 rq:1073668 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-03-17
17:02:39.957178526 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-03-22
22:29:17.617786131 +0100
@@ -1,0 +2,15 @@
+Mon Mar 20 05:02:01 UTC 2023 - Michael Chang
+
+- Restrict cryptsetup key file permission for better security (bsc#1207499)
+ * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
+ * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
+
+---
+Wed Mar 15 21:46:00 UTC 2023 - Hans-Peter Jansen
+
+- Meanwhile, memtest86+ gained EFI support, but using the grub
+ command line to run it manually is quite tedious...
+ Adapt 20_memtest86+ to provide a proper menu entry. Executing
+ memtest requires to turn security off in BIOS: (Boot Mode: Other OS).
+
+---
New:
0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.GA5tJj/_old 2023-03-22 22:29:20.697801630 +0100
+++ /var/tmp/diff_new_pack.GA5tJj/_new 2023-03-22 22:29:20.701801650 +0100
@@ -503,6 +503,8 @@
Patch975: 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
# Make grub more robust against storage race condition causing system boot
failures (bsc#1189036)
Patch976: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+Patch977: 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
+Patch978: 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -528,6 +530,10 @@
%ifarch ppc64 ppc64le
Requires: powerpc-utils
%endif
+%ifarch %{ix86}
+# meanwhile, memtest is available as EFI executable
+Recommends: memtest86+
+%endif
%if 0%{?only_x86_64:1}
ExclusiveArch: x86_64
++ 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch ++
>From 1dcab5bf3843abc997f7e7dba32e5dbcb9bf66b2 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Fri, 25 Nov 2022 15:37:35 +0800
Subject: [PATCH 1/2] loader/linux: Ensure the newc pathname is NULL-terminated
Per "man 5 cpio", the namesize in the cpio header includes the trailing
NUL byte of the pathname and the pathname is followed by NUL bytes, but
the current implementation ignores the trailing NUL byte when making
the newc header. Although make_header() tries to pad the pathname string,
the padding won't happen when strlen(name) + sizeof(struct newc_head)
is a multiple of 4, and the non-NULL-terminated pathname may lead to
unexpected results.
Assume that a file is created with 'echo -n > /boot/test12' and
loaded by grub2:
linux /boot/vmlinuz
initrd newc:test12:/boot/test12 /boot/initrd
The initrd command eventually invoked grub_initrd_load() and sent
't''e''s''t''1''2' to make_header() to generate the header:
0070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00|
0080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081A403E800|
0090 30 30 30 30 36 34 30 30 30 30 30 30 30 31 36 33 |64000163|
00a0 37 36 45 34 35 32 30 30 30 30 30 30 30 34 30 30 |76E452000400|
00b0 30 30 30 30 30 38 30 30 30 30 30 30 31 33 30 30 |08001300|
00c0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 ||
00d0 30 30 30 30 30 36 30 30 30 30 30 30 30 30 74 65 |06te|
^namesize
00e0 73 74 31 32 61 61 61 61 30 37 30 37 30 31 30 30 |st1207070100|
^^ end of the pathname
Since strlen("test12") + sizeof(struct newc_head) is 116 = 29 * 4,
make_header() didn't pad the pathname, and the file content followed
"test12" immediately. This violates the cpio format and may trigger such
error during linux boot:
Initramfs unpacking failed: ZSTD-compressed data is trunc
To avoid the potential problems, this commit counts the trailing NUL byte
in when calling make_header() and adjusts the initrd size accordingly.
Now the header becomes
0070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00|
0080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-03-17 17:02:16
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New)
Package is "grub2"
Fri Mar 17 17:02:16 2023 rev:288 rq:1072059 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-03-14
18:15:45.835449328 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-03-17
17:02:39.957178526 +0100
@@ -1,0 +2,6 @@
+Mon Mar 13 15:43:01 UTC 2023 - r...@suse.com
+
+- Tolerate kernel moved out of /boot. (bsc#1184804)
+ * grub2-s390x-12-zipl-setup-usrmerge.patch
+
+---
New:
grub2-s390x-12-zipl-setup-usrmerge.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.Pg64af/_old 2023-03-17 17:02:45.133205646 +0100
+++ /var/tmp/diff_new_pack.Pg64af/_new 2023-03-17 17:02:45.137205667 +0100
@@ -282,6 +282,7 @@
Patch430: grub2-mkconfig-default-entry-correction.patch
Patch431: grub2-s390x-10-keep-network-at-kexec.patch
Patch432: grub2-s390x-11-secureboot.patch
+Patch433: grub2-s390x-12-zipl-setup-usrmerge.patch
# Support for UEFI Secure Boot on AArch64 (FATE#326541)
Patch450: grub2-secureboot-install-signed-grub.patch
Patch501: grub2-btrfs-help-on-snapper-rollback.patch
++ grub2-s390x-12-zipl-setup-usrmerge.patch ++
---
util/s390x/zipl2grub.pl.in | 41 -
1 file changed, 28 insertions(+), 13 deletions(-)
Index: grub-2.06/util/s390x/zipl2grub.pl.in
===
--- grub-2.06.orig/util/s390x/zipl2grub.pl.in
+++ grub-2.06/util/s390x/zipl2grub.pl.in
@@ -101,20 +101,22 @@ sub ManagePrev($$$){
}
return $ret;
}
-sub BootCopy($$$) {
- my( $file, $dir, $tgt) = @_;
+sub BootCopy() {
+ my( $src, $file, $dir, $tgt) = @_;
my $curr = "$dir/$tgt";
- Info(4, "Copy /boot/$file $dir $tgt\n");
+ $src = "/boot/$src" unless ( -r $src );
+ Info(4, "Copy $src $dir $tgt\n");
if ( $tgt eq "image" && ManagePrev( $file, $dir, $tgt)) {
ManagePrev( $file, $dir, "initrd")
}
- cp( "/boot/$file", "$dir/$file");
+ cp( $src, "$dir/$file");
ln( $file, $curr);
}
sub MkInitrd($$$) {
my( $initrd, $dir, $version) = @_;
my @C = ( "dracut", "--hostonly", "--force");
my $uuid;
+ push @C, "--quiet" unless ($verbose > 1);
if ( exists( $fsdev{"/boot"}) ) {
chomp( $uuid = qx{grub2-probe --target=fs_uuid /boot});
my ($dev, $type) = ($fsdev{"/boot"}, $fstype{"/boot"});
@@ -429,18 +431,31 @@ if ( ! -r $Image ) {
}
Panic( 1, "$C: kernel '$Image' not readable!?\n") unless (-r $Image);
-if ( -l $Image ) {
- $Image = readlink( $Image);
-}
-my ($image, $version) = ($Image =~ m{^(?:/boot/)?([^-]+-(.+))$});
-if ( !defined($image) || !defined($version) || ! -r "/boot/$image" ) {
- Panic( 1, "$C: weird $Image. This should never happen!\n");
+my ($image, $version) = ($Image, undef);
+while ( !defined( $version) ) {
+ my ($i, $vr, $f) = ($image =~ m{^(?:/boot/)?([^-/]+)-([^/]+)-([^-/]+)$});
+ Info( 4, "image='$image': ");
+ if ( defined($i) && defined($vr) && defined( $f) && -r "/boot/$i-$vr-$f" ) {
+Info( 4, "matches pattern ('$vr'-'$f')\n");
+$version = "$vr-$f";
+last;
+ }
+ if ( -l $image ) {
+Info( 4, "readlink...\n");
+$image = readlink( $image);
+next;
+ }
+ Info( 4, "last resort: get_kernel_version from original '$Image'...\n");
+ chomp( $version = qx{get_kernel_version $Image});
+ Panic( 1, "$C: failed to get kernel version for '$Image'!\n")
+unless ( defined( $version) && $version );
}
my $initrd = "initrd-$version";
+$image = "image-$version";
if ( ! -r $ziplimage || ! -r $ziplinitrd || $refresh ) {
- BootCopy( $image, $zipldir, "image");
- BootCopy( $initrd, $zipldir, "initrd")
+ BootCopy( $Image, $image, $zipldir, "image");
+ BootCopy( $initrd, $initrd, $zipldir, "initrd")
if (-r "/boot/$initrd" && ! exists( $fsdev{"/boot"}));
}
if ( $refresh || ChkInitrd( $zipldir, "initrd") <= 0 ) {
@@ -463,7 +478,7 @@ if ( ! $debug ) {
}
# now: go for it!
-my @C = ( "/sbin/zipl", (($verbose) ? "-Vnc" : "-nc"), "$ziplconf" );
+my @C = ( "/sbin/zipl", (($verbose > 1) ? "-Vnc" : "-nc"), "$ziplconf" );
System( @C);
exit( $miss);
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-03-14 18:15:41
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New)
Package is "grub2"
Tue Mar 14 18:15:41 2023 rev:287 rq:1071093 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-03-07
16:48:36.469039403 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-03-14
18:15:45.835449328 +0100
@@ -1,0 +2,14 @@
+Mon Mar 6 06:31:09 UTC 2023 - Michael Chang
+
+- Discard cached key from grub shell and editor mode
+ * 0001-clean-up-crypttab-and-linux-modules-dependency.patch
+ * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
+
+---
+Fri Mar 3 07:48:56 UTC 2023 - Michael Chang
+
+- Make grub more robust against storage race condition causing system boot
+ failures (bsc#1189036)
+ * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
+
+---
New:
0001-clean-up-crypttab-and-linux-modules-dependency.patch
0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.BivJBg/_old 2023-03-14 18:15:49.719470089 +0100
+++ /var/tmp/diff_new_pack.BivJBg/_new 2023-03-14 18:15:49.727470133 +0100
@@ -498,6 +498,10 @@
Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Patch973: 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
+Patch974: 0001-clean-up-crypttab-and-linux-modules-dependency.patch
+Patch975: 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch
+# Make grub more robust against storage race condition causing system boot
failures (bsc#1189036)
+Patch976: 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-clean-up-crypttab-and-linux-modules-dependency.patch ++
>From e9422d6869f1b2d78a7cfbfcae1610953d87705b Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Thu, 16 Feb 2023 21:28:07 +0800
Subject: [PATCH 1/2] clean up crypttab and linux modules dependency
The linux module could have quite a few dependency to other modules, the
i386-pc build in particular has many.
linux: normal vbe video boot cmdline relocator mmap
That will be easy to cause loop dependency if one of these modules has
to require function from linux. To avoid falling into the pitfall in
future extension, we move away the key publish related function from
linux to crypttab module in that it is also a right thing to do.
Signed-off-by: Michael Chang
---
grub-core/commands/crypttab.c | 48 +-
grub-core/disk/cryptodisk.c | 2 +-
grub-core/loader/linux.c | 55 +--
include/grub/crypttab.h | 22 ++
include/grub/linux.h | 3 --
5 files changed, 71 insertions(+), 59 deletions(-)
create mode 100644 include/grub/crypttab.h
--- a/grub-core/commands/crypttab.c
+++ b/grub-core/commands/crypttab.c
@@ -3,10 +3,52 @@
#include
#include
#include
-#include
+#include
+#include
+#include
GRUB_MOD_LICENSE ("GPLv3+");
+struct grub_key_publisher *kpuber;
+
+grub_err_t
+grub_initrd_publish_key (const char *uuid, const char *key, grub_size_t
key_len, const char *path)
+{
+ struct grub_key_publisher *cur = grub_named_list_find (GRUB_AS_NAMED_LIST
(kpuber), uuid);
+
+ if (!cur)
+cur = grub_zalloc (sizeof (*cur));
+ if (!cur)
+return grub_errno;
+
+ if (key && key_len)
+{
+ grub_free (cur->key);
+ cur->key = grub_malloc (key_len);
+ if (!cur->key)
+ {
+ grub_free (cur);
+ return grub_errno;
+ }
+ grub_memcpy (cur->key, key, key_len);
+ cur->key_len = key_len;
+}
+
+ if (path)
+{
+ grub_free (cur->path);
+ cur->path = grub_strdup (path);
+}
+
+ if (!cur->name)
+{
+ cur->name = grub_strdup (uuid);
+ grub_list_push (GRUB_AS_LIST_P (&kpuber), GRUB_AS_LIST (cur));
+}
+
+ return GRUB_ERR_NONE;
+}
+
static grub_err_t
grub_cmd_crypttab_entry (grub_command_t cmd __attribute__ ((unused)),
int argc, char **argv)
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -31,7 +31,7 @@
#ifdef GRUB_UTIL
#include
#else
-#include
+#include
#endif
GRUB_MOD_LICENSE ("GPLv3+");
--- a/grub-core/loader/linux.c
+
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-03-07 16:48:29
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New)
Package is "grub2"
Tue Mar 7 16:48:29 2023 rev:286 rq:1069522 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-02-25
19:55:09.131281551 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-03-07
16:48:36.469039403 +0100
@@ -1,0 +2,6 @@
+Wed Mar 1 02:58:07 UTC 2023 - Michael Chang
+
+- Fix riscv64 error for relocation 0x13 is not implemented yet
+ * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
+
+---
New:
0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.WIRT4V/_old 2023-03-07 16:48:40.401060097 +0100
+++ /var/tmp/diff_new_pack.WIRT4V/_new 2023-03-07 16:48:40.405060118 +0100
@@ -497,6 +497,7 @@
# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+Patch973: 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch ++
>From 8a6489818b5d30524092b3b9524aabbfc172a882 Mon Sep 17 00:00:00 2001
From: Khem Raj
Date: Thu, 23 Feb 2023 13:15:08 -0800
Subject: [PATCH] RISC-V: Handle R_RISCV_CALL_PLT reloc
GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT
reloc for call in assembler [1], similarly LLVM does not make
distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2].
Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.".
[1]
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c
[2] https://reviews.llvm.org/D132530
Signed-off-by: Khem Raj
Reviewed-by: Daniel Kiper
---
grub-core/kern/riscv/dl.c | 1 +
util/grub-mkimagexx.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c
index f26b12aaa..896653bb4 100644
--- a/grub-core/kern/riscv/dl.c
+++ b/grub-core/kern/riscv/dl.c
@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
break;
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
{
grub_uint32_t *abs_place = place;
grub_ssize_t off = sym_addr - (grub_addr_t) place;
diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index 8ac9248d1..19cec945a 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -1331,6 +1331,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct
section_metadata *smd,
}
break;
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
{
grub_uint32_t hi20, lo12;
@@ -1763,6 +1764,7 @@ translate_relocation_pe (struct translate_context *ctx,
case R_RISCV_BRANCH:
case R_RISCV_JAL:
case R_RISCV_CALL:
+ case R_RISCV_CALL_PLT:
case R_RISCV_PCREL_HI20:
case R_RISCV_PCREL_LO12_I:
case R_RISCV_PCREL_LO12_S:
--
2.39.2
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-02-25 19:54:57
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31432 (New)
Package is "grub2"
Sat Feb 25 19:54:57 2023 rev:285 rq:1067492 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-02-16
16:55:29.754614054 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31432/grub2.changes 2023-02-25
19:55:09.131281551 +0100
@@ -1,0 +2,13 @@
+Wed Feb 22 07:08:44 UTC 2023 - Michael Chang
+
+- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
+ * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
+ * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+- Fix lpar got hung at grub after inactive migration (bsc#1207684)
+ * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
+- Rediff
+ * safe_tpm_pcr_snapshot.patch
+- Patch supersceded
+ * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
+
+---
Old:
0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
New:
0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.AJrUc3/_old 2023-02-25 19:55:12.719303663 +0100
+++ /var/tmp/diff_new_pack.AJrUc3/_new 2023-02-25 19:55:12.727303712 +0100
@@ -438,7 +438,6 @@
Patch916: grub-install-record-pcrs.patch
Patch917: grub-unseal-debug.patch
# efi mm
-Patch918: 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
@@ -495,6 +494,9 @@
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
Patch970: grub2-add-module-for-boot-loader-interface.patch
+# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
+Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
+Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch ++
>From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001
From: Wen Xiong
Date: Mon, 20 Feb 2023 15:58:14 -0500
Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from
1/3 to 1/2
The memory increase to 1/3 of 391MB (~127MB) was still insufficient
to boot the kernel and initrd of the SuSE distribution:
initrd2023-Jan-18 04:27114.9M
linux 2023-Jan-17 05:23 45.9M
Therefore, further increase the initially allocated heap to 1/2
of 391MB to ~191MB, which now allows to boot the system from an
ISO.
Signed-off-by: Stefan Berger
---
grub-core/kern/ieee1275/init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 2a2409d45..e1dbff86a 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -47,7 +47,7 @@
#include
/* The maximum heap size we're going to claim. Not used by sparc.
- We allocate 1/3 of the available memory under 4G, up to this limit. */
+ We allocate 1/2 of the available memory under 4G, up to this limit. */
#ifdef __i386__
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
#else // __powerpc__
@@ -417,7 +417,7 @@ grub_claim_heap (void)
grub_machine_mmap_iterate (heap_size, &total);
- total = total / 3;
+ total = total / 2;
if (total > HEAP_MAX_SIZE)
total = HEAP_MAX_SIZE;
--
2.39.1
++ 0002-ieee1275-implement-vec5-for-cas-negotiation.patch ++
--- /var/tmp/diff_new_pack.AJrUc3/_old 2023-02-25 19:55:12.919304895 +0100
+++ /var/tmp/diff_new_pack.AJrUc3/_new 2023-02-25 19:55:12.923304920 +0100
@@ -1,54 +1,62 @@
-From 6c7c4007ad621029295797b439158d36d0f62487 Mon Sep 17 00:00:00 2001
+From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001
From: Diego Domingos
Date: Thu, 25 Aug 2022 11:37:56 -0400
-Subject: [PATCH 2/2] ieee1275: implement vec5 for cas negotiation
+Subject: [PATCH] ieee1275: implement vec5 for cas negotiation
-As a legacy support, if the vector 5 is not implemented, Power
-Hypervisor will consider the max CPUs as 64 instead 25
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-02-16 16:55:21
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.22824 (New)
Package is "grub2"
Thu Feb 16 16:55:21 2023 rev:284 rq:1065947 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-02-14
16:44:28.278104003 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.22824/grub2.changes 2023-02-16
16:55:29.754614054 +0100
@@ -1,0 +2,6 @@
+Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin
+
+- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to
+ handle the TPM2 responseCode correctly.
+
+---
Other differences:
--
++ 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch ++
--- /var/tmp/diff_new_pack.prh0Jf/_old 2023-02-16 16:55:34.094631595 +0100
+++ /var/tmp/diff_new_pack.prh0Jf/_new 2023-02-16 16:55:34.098631611 +0100
@@ -1,4 +1,4 @@
-From 14a8c03f1a3b09250ea933f1a072dfdfef8c4a48 Mon Sep 17 00:00:00 2001
+From dcfb996d872a750fc42cb627627a5ac3f6d89a23 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Thu, 9 Feb 2023 14:56:05 +0800
Subject: [PATCH 03/13] tpm2: resend the command on TPM_RC_RETRY
@@ -13,7 +13,7 @@
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c
-index 5377ad2c7..1176d968b 100644
+index 5377ad2c7..083d59d02 100644
--- a/grub-core/tpm2/tpm2.c
+++ b/grub-core/tpm2/tpm2.c
@@ -25,11 +25,11 @@
@@ -51,7 +51,7 @@
+ do {
+err = grub_tpm2_submit_command_real (tag, commandCode, responseCode,
+ in, out);
-+if (err != TPM_RC_RETRY)
++if (*responseCode != TPM_RC_RETRY)
+ break;
+
+retry_cnt++;
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-02-14 16:44:21
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.27156 (New)
Package is "grub2"
Tue Feb 14 16:44:21 2023 rev:283 rq:1065672 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-02-10
14:33:38.189316823 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.27156/grub2.changes 2023-02-14
16:44:28.278104003 +0100
@@ -1,0 +2,7 @@
+Fri Feb 10 14:54:35 UTC 2023 - Valentin Lefebvre
+
+- Add module for boot loader interface. Needed for load Unified Kernel
+ Image (UKI)
+ * grub2-add-module-for-boot-loader-interface.patch
+
+---
New:
grub2-add-module-for-boot-loader-interface.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.7MbwsE/_old 2023-02-14 16:44:32.426128620 +0100
+++ /var/tmp/diff_new_pack.7MbwsE/_new 2023-02-14 16:44:32.430128643 +0100
@@ -493,6 +493,8 @@
Patch967: 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
+# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
+Patch970: grub2-add-module-for-boot-loader-interface.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ grub2-add-module-for-boot-loader-interface.patch ++
[PATCH v1 2/2] Add a module for the Boot Loader Interface
Add a new module named boot_loader_interface, which provides a command
with the same name. It implements a small but quite useful part of the
Boot Loader Interface [0]. This interface uses EFI variables for
communication between the boot loader and the operating system.
This module sets two EFI variables under the vendor GUID
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f:
- LoaderInfo: contains GRUB + .
This allows the running operating system to identify the boot loader
used during boot.
- LoaderDevicePartUUID: contains the partition UUID of the
EFI System Partition (ESP). This is used by
systemd-gpt-auto-generator [1] to find the root partitions (and others
too), via partition type IDs [2].
This module is only available on EFI platforms.
[0] https://systemd.io/BOOT_LOADER_INTERFACE/
[1]
https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html
[2]
https://uapi-group.org/specifications/specs/discoverable_partitions_specification/
Signed-off-by: Oliver Steffen
Edit to fit with build on SUSE repositories
by Valentin Lefebvre
---
grub-core/Makefile.core.def| 6 +
grub-core/commands/boot_loader_interface.c | 217 +
2 files changed, 223 insertions(+)
create mode 100644 grub-core/commands/boot_loader_interface.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index ba967aac8..23455fb71 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2643,3 +2643,9 @@ module = {
name = crypttab;
common = commands/crypttab.c;
};
+
+module = {
+ name = boot_loader_interface;
+ efi = commands/boot_loader_interface.c;
+ enable = efi;
+};
diff --git a/grub-core/commands/boot_loader_interface.c
b/grub-core/commands/boot_loader_interface.c
new file mode 100644
index 0..ccd7fa3d9
--- /dev/null
+++ b/grub-core/commands/boot_loader_interface.c
@@ -0,0 +1,217 @@
+/*-*- Mode: C; c-basic-offset: 2; indent-tabs-mode: t -*-*/
+
+/* boot_loader_interface.c - implementation of the boot loader interface
+ */
+
+/*
+ * GRUB -- GRand Unified Bootloader
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-02-10 14:33:37
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1848 (New)
Package is "grub2"
Fri Feb 10 14:33:37 2023 rev:282 rq:1063963 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-02-08
17:19:59.357853663 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1848/grub2.changes2023-02-10
14:33:38.189316823 +0100
@@ -1,0 +2,19 @@
+Thu Feb 9 08:42:26 UTC 2023 - Gary Ching-Pang Lin
+
+- Amend the TPM2 stack and add authorized policy mode to
+ tpm2_key_protector
+ * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
+ * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
+ * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
+ * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
+ * 0005-tpm2-add-more-marshal-unmarshal-functions.patch
+ * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
+ * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
+ * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
+ * 0009-tpm2-remove-the-unnecessary-variables.patch
+ * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
+ * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
+ * 0012-tpm2-initialize-the-PCR-selection-list-early.patch
+ * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
+
+---
New:
0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
0005-tpm2-add-more-marshal-unmarshal-functions.patch
0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
0009-tpm2-remove-the-unnecessary-variables.patch
0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
0012-tpm2-initialize-the-PCR-selection-list-early.patch
0013-tpm2-support-unsealing-key-with-authorized-policy.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.4U91Pl/_old 2023-02-10 14:33:40.521330758 +0100
+++ /var/tmp/diff_new_pack.4U91Pl/_new 2023-02-10 14:33:40.525330782 +0100
@@ -480,6 +480,19 @@
Patch954: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
Patch955: 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
Patch956: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
+Patch957: 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch
+Patch958: 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch
+Patch959: 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch
+Patch960: 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch
+Patch961: 0005-tpm2-add-more-marshal-unmarshal-functions.patch
+Patch962: 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch
+Patch963: 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch
+Patch964: 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch
+Patch965: 0009-tpm2-remove-the-unnecessary-variables.patch
+Patch966: 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch
+Patch967: 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch
+Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch
+Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch ++
>From bc5ecda21bb612f786f614623da782d7ad6d8325 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Tue, 7 Feb 2023 18:01:31 +0800
Subject: [PATCH 01/13] tpm2: adjust the input parameters of TPM2_EvictControl
Per "TCG TPM2 Part3 Commands", 'persistentHandle' of TPM2_EvictControl
is in the parameter area, i.e. after the authorization command. Adjust
the order of the arguments to match the spec definition.
Signed-off-by: Gary Lin
---
grub-core/tpm2/tpm2.c | 2 +-
include/grub/tpm2/internal/functions.h | 2 +-
util/grub-protect.c| 8
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c
index 2407a844d..1cd969d5d 100644
--- a/grub-co
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-02-08 17:19:53
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.4462 (New)
Package is "grub2"
Wed Feb 8 17:19:53 2023 rev:281 rq:1063714 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-01-07
17:16:18.516936867 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.4462/grub2.changes2023-02-08
17:19:59.357853663 +0100
@@ -1,0 +2,18 @@
+Wed Feb 8 02:24:16 UTC 2023 - Michael Chang
+
+- Fix nvmf boot device setup (bsc#1207811)
+ * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
+
+---
+Tue Feb 7 02:11:47 UTC 2023 - Michael Chang
+
+- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
+ * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
+
+---
+Sat Feb 4 05:57:02 UTC 2023 - Michael Chang
+
+- Fix GCC 13 build failure (bsc#1201089)
+ * 0002-AUDIT-0-http-boot-tracker-bug.patch
+
+---
New:
0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.t6BroP/_old 2023-02-08 17:20:03.513874064 +0100
+++ /var/tmp/diff_new_pack.t6BroP/_new 2023-02-08 17:20:03.537874182 +0100
@@ -478,6 +478,8 @@
Patch952: 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
Patch953: grub2-increase-crypttab-path-buffer.patch
Patch954: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
+Patch955: 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
+Patch956: 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch ++
>From 1eee02bbf2c11167e94f424846ce1de0b6e7fa8e Mon Sep 17 00:00:00 2001
From: Mukesh Kumar Chaurasiya
Date: Fri, 3 Feb 2023 10:10:43 +0530
Subject: [PATCH] grub-core: modify sector by sysfs as disk sector
The disk sector size provided by sysfs file system considers the
sector size of 512 irrespective of disk sector size, Thus
causing the read by grub to an incorrect offset from what was
originally intended.
Considering the 512 sector size of sysfs data the actual sector
needs to be modified corresponding to disk sector size.
Signed-off-by: Mukesh Kumar Chaurasiya
---
grub-core/osdep/linux/hostdisk.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/grub-core/osdep/linux/hostdisk.c
+++ b/grub-core/osdep/linux/hostdisk.c
@@ -199,8 +199,15 @@
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+static inline grub_disk_addr_t
+transform_sector (grub_disk_t disk, grub_disk_addr_t sector)
+{
+ return sector >> (disk->log_sector_size - GRUB_DISK_SECTOR_BITS);
+}
+
static int
-grub_hostdisk_linux_find_partition (char *dev, grub_disk_addr_t sector)
+grub_hostdisk_linux_find_partition (const grub_disk_t disk, char *dev,
+grub_disk_addr_t sector)
{
size_t len = strlen (dev);
const char *format;
@@ -265,7 +272,8 @@
if (fstat (fd, &st) < 0
|| !grub_util_device_is_mapped_stat (&st)
|| !grub_util_get_dm_node_linear_info (st.st_rdev, 0, 0, &start))
- start = grub_util_find_partition_start_os (real_dev);
+ start = transform_sector (disk,
+ grub_util_find_partition_start_os (real_dev));
/* We don't care about errors here. */
grub_errno = GRUB_ERR_NONE;
@@ -346,7 +354,8 @@
&& strncmp (dev, "/dev/", 5) == 0)
{
if (sector >= part_start)
- is_partition = grub_hostdisk_linux_find_partition (dev, part_start);
+ is_partition = grub_hostdisk_linux_find_partition (disk, dev,
+part_start);
else
*max = part_start - sector;
}
++ 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch ++
>From a59b58f6ae327a8f6949991cb5531db01e1ba14d Mon Sep 17 00:00:00 2001
From: Wen Xiong
Date: Tue, 7 Feb 2023 15:10:15 -0500
Subject: [PATCH] grub2: Can't setup a default boot device correctly on nvme
device in Beta3
The patch in Bug 200486 - SUSE1205666 - SLES15SP5 Beta1: Setup multiple dev path
for a nvmf boot device in grub2 caused the issue. That patch didn't consider
nvme devices carefully.
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-01-07 17:16:02
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1563 (New)
Package is "grub2"
Sat Jan 7 17:16:02 2023 rev:280 rq:1056307 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-01-04
17:51:23.905755719 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1563/grub2.changes2023-01-07
17:16:18.516936867 +0100
@@ -1,0 +2,6 @@
+Tue Jan 3 02:48:05 UTC 2023 - Gary Ching-Pang Lin
+
+- Move unsupported zfs modules into 'extras' packages
+ (bsc#1205554) (PED-2947)
+
+---
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.KXoXqI/_old 2023-01-07 17:16:21.444954335 +0100
+++ /var/tmp/diff_new_pack.KXoXqI/_new 2023-01-07 17:16:21.460954430 +0100
@@ -1,7 +1,7 @@
#
# spec file for package grub2
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -550,6 +550,18 @@
file systems, computer architectures and hardware devices. This subpackage
provides support for %{platform} systems.
+%package %{grubarch}-extras
+Summary:Unsupported modules for %{grubarch}
+Group: System/Boot
+BuildArch: noarch
+Requires: %{name}-%{grubarch} = %{version}
+Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfs.mod
+Provides:
%{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfscrypt.mod
+Provides: %{name}-%{grubarch}:%{_datadir}/%{name}/%{grubarch}/zfsinfo.mod
+
+%description %{grubarch}-extras
+Unsupported modules for %{name}-%{grubarch}
+
%package %{grubarch}-debug
Summary:Debug symbols for %{grubarch}
Group: System/Boot
@@ -594,6 +606,19 @@
file systems, computer architectures and hardware devices. This subpackage
provides support for EFI systems.
+%package %{grubefiarch}-extras
+
+Summary:Unsupported modules for %{grubefiarch}
+Group: System/Boot
+BuildArch: noarch
+Requires: %{name}-%{grubefiarch} = %{version}
+Provides:
%{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfs.mod
+Provides:
%{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfscrypt.mod
+Provides:
%{name}-%{grubefiarch}:%{_datadir}/%{name}/%{grubefiarch}/zfsinfo.mod
+
+%description %{grubefiarch}-extras
+Unsupported modules for %{name}-%{grubefiarch}
+
%package %{grubefiarch}-debug
Summary:Debug symbols for %{grubefiarch}
Group: System/Boot
@@ -626,6 +651,18 @@
file systems, computer architectures and hardware devices. This subpackage
provides support for XEN systems.
+%package %{grubxenarch}-extras
+Summary:Unsupported modules for %{grubxenarch}
+Group: System/Boot
+BuildArch: noarch
+Requires: %{name}-%{grubxenarch} = %{version}
+Provides:
%{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfs.mod
+Provides:
%{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfscrypt.mod
+Provides:
%{name}-%{grubxenarch}:%{_datadir}/%{name}/%{grubxenarch}/zfsinfo.mod
+
+%description %{grubxenarch}-extras
+Unsupported modules for %{name}-%{grubxenarch}
+
%endif
%package snapper-plugin
@@ -1102,6 +1139,25 @@
%else
%endif
+# bsc#1205554 move the zfs modules into extras packages
+# EXTRA_PATTERN='pattern1|pattern2|pattern3|...'
+EXTRA_PATTERN="zfs"
+%ifarch %{ix86} x86_64
+find %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/ -type f | sed
's,%{buildroot},,' > %{grubxenarch}-all.lst
+grep -v -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}.lst
+grep -E ${EXTRA_PATTERN} %{grubxenarch}-all.lst > %{grubxenarch}-extras.lst
+%endif
+
+%ifarch %{efi}
+find %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/ -name '*.mod' | sed
's,%{buildroot},,' > %{grubefiarch}-mod-all.lst
+grep -v -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst > %{grubefiarch}-mod.lst
+grep -E ${EXTRA_PATTERN} %{grubefiarch}-mod-all.lst >
%{grubefiarch}-mod-extras.lst
+%endif
+
+find %{buildroot}/%{_datadir}/%{name}/%{grubarch}/ -name '*.mod' | sed
's,%{buildroot},,' > %{grubarch}-mod-all.lst
+grep -v -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod.lst
+grep -E ${EXTRA_PATTERN} %{grubarch}-mod-all.lst > %{grubarch}-mod-extras.lst
+
%find_lang %{name}
%fdupes %buildroot%{_bindir}
%fdupes %buildroot%{_libdir}
@@ -1373,7 +1429,7 @@
%if ! 0%{?only_efi:1}
-%files %{grubarch}
+%files %{grubarch} -f %{grubarch}-mod.lst
%d
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2023-01-04 17:51:04
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1563 (New)
Package is "grub2"
Wed Jan 4 17:51:04 2023 rev:279 rq:1046400 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-12-20
20:20:10.337774765 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1563/grub2.changes2023-01-04
17:51:23.905755719 +0100
@@ -1,0 +2,20 @@
+Fri Dec 30 07:58:54 UTC 2022 - Michael Chang
+
+- Fix inappropriately including commented lines in crypttab (bsc#1206279)
+ * 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+
+---
+Fri Dec 23 09:50:42 UTC 2022 - Michael Chang
+
+- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
+- Removed patch linuxefi
+ * grub2-secureboot-provide-linuxefi-config.patch
+ * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
+ * grub2-secureboot-use-linuxefi-on-uefi.patch
+- Rediff
+ * grub2-btrfs-05-grub2-mkconfig.patch
+ * grub2-efi-xen-cmdline.patch
+ * grub2-s390x-05-grub2-mkconfig.patch
+ * grub2-suse-remove-linux-root-param.patch
+
+---
Old:
grub2-secureboot-provide-linuxefi-config.patch
grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
grub2-secureboot-use-linuxefi-on-uefi.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.tSAz94/_old 2023-01-04 17:51:26.385770337 +0100
+++ /var/tmp/diff_new_pack.tSAz94/_new 2023-01-04 17:51:26.389770360 +0100
@@ -193,11 +193,8 @@
Patch17:grub2-pass-corret-root-for-nfsroot.patch
Patch19:grub2-efi-HP-workaround.patch
Patch21:grub2-secureboot-add-linuxefi.patch
-Patch22:grub2-secureboot-use-linuxefi-on-uefi.patch
Patch23:grub2-secureboot-no-insmod-on-sb.patch
-Patch24:grub2-secureboot-provide-linuxefi-config.patch
Patch25:grub2-secureboot-chainloader.patch
-Patch26:grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
Patch27:grub2-linuxefi-fix-boot-params.patch
Patch35:grub2-linguas.sh-no-rsync.patch
Patch37:grub2-use-Unifont-for-starfield-theme-terminal.patch
++ 0010-templates-import-etc-crypttab-to-grub.cfg.patch ++
--- /var/tmp/diff_new_pack.tSAz94/_old 2023-01-04 17:51:26.717772293 +0100
+++ /var/tmp/diff_new_pack.tSAz94/_new 2023-01-04 17:51:26.721772317 +0100
@@ -18,7 +18,7 @@
--- a/Makefile.util.def
+++ b/Makefile.util.def
-@@ -477,6 +477,13 @@
+@@ -476,6 +476,13 @@
};
script = {
@@ -67,7 +67,7 @@
+
+if [ -r "$CRYPTTAB" ]; then
+ awk '
-+ $3 ~ /(^\/dev\/|^\/proc\/|^\/sys\/|:)/ { next }
++ /^\s*#/ || $3 ~ /(^\/dev\/|^\/proc\/|^\/sys\/|:)/ { next }
+ { key[0] = $3 }
+ $3 ~ /(^$|none|-)/ {
+key[0] = "/etc/cryptsetup-keys.d/" $1 ".key"
++ grub2-btrfs-05-grub2-mkconfig.patch ++
--- /var/tmp/diff_new_pack.tSAz94/_old 2023-01-04 17:51:26.961773731 +0100
+++ /var/tmp/diff_new_pack.tSAz94/_new 2023-01-04 17:51:26.965773755 +0100
@@ -6,11 +6,9 @@
util/grub.d/20_linux_xen.in |4
5 files changed, 42 insertions(+), 3 deletions(-)
-Index: grub-2.02~beta2/util/grub-mkconfig_lib.in
-===
grub-2.02~beta2.orig/util/grub-mkconfig_lib.in
-+++ grub-2.02~beta2/util/grub-mkconfig_lib.in
-@@ -49,7 +49,11 @@ grub_warn ()
+--- a/util/grub-mkconfig_lib.in
b/util/grub-mkconfig_lib.in
+@@ -49,7 +49,11 @@
make_system_path_relative_to_its_root ()
{
@@ -22,11 +20,9 @@
}
is_path_readable_by_grub ()
-Index: grub-2.02~beta2/util/grub.d/00_header.in
-===
grub-2.02~beta2.orig/util/grub.d/00_header.in
-+++ grub-2.02~beta2/util/grub.d/00_header.in
-@@ -27,6 +27,14 @@ export TEXTDOMAINDIR="@localedir@"
+--- a/util/grub.d/00_header.in
b/util/grub.d/00_header.in
+@@ -27,6 +27,14 @@
. "$pkgdatadir/grub-mkconfig_lib"
@@ -41,7 +37,7 @@
# Do this as early as possible, since other commands might depend on it.
# (e.g. the `loadfont' command might need lvm or raid modules)
for i in ${GRUB_PRELOAD_MODULES} ; do
-@@ -43,7 +51,9 @@ if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved
+@@ -43,7 +51,9 @@
if [ "x${GRUB_TIMEOUT_BUTTON}" = "x" ] ; then
GRUB_TIMEOUT_BUTTON="$GRUB_TIMEOUT" ; fi
cat << EOF
@@ -52,7 +48,7 @@
load_env
fi
-@@ -367,3 +377,15 @@ fi
+@@ -401,3 +411,15 @@
if [ "x${GRUB_BADRAM}" != "x" ] ; then
echo "badram ${GRUB_BADRAM}"
fi
@@ -68,25
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-12-20 20:19:59
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1835 (New)
Package is "grub2"
Tue Dec 20 20:19:59 2022 rev:278 rq:1043936 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-12-07
17:35:09.580603085 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1835/grub2.changes2022-12-20
20:20:10.337774765 +0100
@@ -1,0 +2,13 @@
+Mon Dec 19 08:39:05 UTC 2022 - Michael Chang
+
+- Setup multiple device paths for a nvmf boot device (bsc#1205666)
+ * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
+
+---
+Fri Dec 16 01:51:45 UTC 2022 - Gary Ching-Pang Lin
+
+- Increase the path buffer in the crypttab command for the long
+ volume name (bsc#1206333)
+ * grub2-increase-crypttab-path-buffer.patch
+
+---
New:
0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
grub2-increase-crypttab-path-buffer.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.Mcva2O/_old 2022-12-20 20:20:13.465791912 +0100
+++ /var/tmp/diff_new_pack.Mcva2O/_new 2022-12-20 20:20:13.469791934 +0100
@@ -479,6 +479,8 @@
Patch950: 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
Patch951: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
Patch952: 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
+Patch953: grub2-increase-crypttab-path-buffer.patch
+Patch954: 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch ++
>From 3e77c5494fd06f430588ae9c304fea370439d531 Mon Sep 17 00:00:00 2001
From: Wen Xiong
Date: Thu, 15 Dec 2022 21:33:41 -0500
Subject: [PATCH] grub2: Set multiple device path for a nvmf boot device
nvmf support native multipath(ANA) by default.
The patch added the support for setting multiple
device path for a nvmf boot device.
localhost:~ grub2-install -v /dev/nvme1n1p1
...
...
...
grub2-install: info: executing nvsetenv boot-device
/pci@8002132/fibre-channel@0,1/nvme-of/controller@5005076810193675,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0/nvme-of/controller@5005076810193675,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0/nvme-of/controller@50050768101935e5,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0,1/nvme-of/controller@50050768101935e5,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec.
Installation finished. No error reported.
localhost:~ # bootlist -m normal -o
nvme7n1
nvme5n1
nvme1n1
nvme4n1
localhost:~ # bootlist -m normal -r
/pci@8002132/fibre-channel@0,1/nvme-of/controller@5005076810193675,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0/nvme-of/controller@5005076810193675,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0/nvme-of/controller@50050768101935e5,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
/pci@8002132/fibre-channel@0,1/nvme-of/controller@50050768101935e5,:nqn=nqn.1986-03.com.ibm:nvme:2145.020420006CEA/namespace@ec
Signed-off-by: Wen Xiong
---
grub-core/osdep/linux/ofpath.c | 6 ++---
grub-core/osdep/unix/platform.c | 48 +
include/grub/util/install.h | 3 +++
include/grub/util/ofpath.h | 9 +++
4 files changed, 63 insertions(+), 3 deletions(-)
diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c
index 7d31cfd0f..7129099db 100644
--- a/grub-core/osdep/linux/ofpath.c
+++ b/grub-core/osdep/linux/ofpath.c
@@ -209,7 +209,7 @@ find_obppath (const char *sysfs_path_orig)
}
}
-static char *
+char *
xrealpath (const char *in)
{
char *out;
@@ -224,7 +224,7 @@ xrealpath (const char *in)
return out;
}
-static char *
+char *
block_device_get_sysfs_path_and_link(const char *devicenode)
{
char *rpath;
@@ -535,7 +535,7 @@ of_path_get_nvme_nsid(const char* devname)
}
-static char *
+char *
nvme_get_syspath(const char *nvmedev)
{
char *sysfs_path, *controller_node;
diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
index 1e2961e00..db8fa4b95 1
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-12-07 17:34:16
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1835 (New)
Package is "grub2"
Wed Dec 7 17:34:16 2022 rev:277 rq:1040523 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-11-25
13:11:17.891726429 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1835/grub2.changes2022-12-07
17:35:09.580603085 +0100
@@ -1,0 +2,7 @@
+Mon Dec 5 08:47:06 UTC 2022 - Michael Chang
+
+- Add tpm to signed grub.elf image (PED-1990) (bsc#1205912)
+- Increase initial heap size from 1/4 to 1/3
+ * 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
+
+---
New:
0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.uIrdmC/_old 2022-12-07 17:35:13.452624287 +0100
+++ /var/tmp/diff_new_pack.uIrdmC/_new 2022-12-07 17:35:13.456624309 +0100
@@ -478,6 +478,7 @@
Patch949: 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Patch950: 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
Patch951: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
+Patch952: 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -763,7 +764,7 @@
GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES}
mdraid09 mdraid1x lvm serial"
%ifarch ppc ppc64 ppc64le
-GRUB_MODULES="${GRUB_MODULES} appendedsig memdisk tar regexp prep_loadenv"
+GRUB_MODULES="${GRUB_MODULES} appendedsig memdisk tar regexp prep_loadenv tpm"
%endif
%ifarch %{efi}
++ 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch ++
>From 41965e194599af42e77bcf2462bd9c0db2823b16 Mon Sep 17 00:00:00 2001
From: Stefan Berger
Date: Tue, 1 Nov 2022 11:06:03 -0400
Subject: [PATCH] ieee1275: Increase initially allocated heap from 1/4 to 1/3
The patch 'ieee1275: claim more memory' (commit 910676645d) states:
"[...] This leaves us 381MB. 1/4 of 381MB is ~95MB. That should be enough
to verify a 30MB vmlinux and should eave plenty of space to load Linux
and the initrd."
As it turns out the memory limit of ~95MB is insufficient for the FADUMP
use case as described here:
https://bugzilla.redhat.com/show_bug.cgi?id=2139000#c1
Adjust the current memory limitation by increasing the allocation to
1/3 of 381 MB, so ~127MB.
Signed-off-by: Stefan Berger
---
grub-core/kern/ieee1275/init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 0bacc2348..f75a36493 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -47,7 +47,7 @@
#include
/* The maximum heap size we're going to claim. Not used by sparc.
- We allocate 1/4 of the available memory under 4G, up to this limit. */
+ We allocate 1/3 of the available memory under 4G, up to this limit. */
#ifdef __i386__
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
#else // __powerpc__
@@ -415,7 +415,7 @@ grub_claim_heap (void)
grub_machine_mmap_iterate (heap_size, &total);
- total = total / 4;
+ total = total / 3;
if (total > HEAP_MAX_SIZE)
total = HEAP_MAX_SIZE;
--
2.35.3
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-11-25 13:11:15
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1597 (New)
Package is "grub2"
Fri Nov 25 13:11:15 2022 rev:276 rq:1037800 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-11-23
09:47:43.210920548 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1597/grub2.changes2022-11-25
13:11:17.891726429 +0100
@@ -1,0 +2,9 @@
+Tue Nov 22 08:11:17 UTC 2022 - Michael Chang
+
+- Make full utilization of btrfs bootloader area (bsc#1161823)
+ * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
+ * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
+- Patch removed
+ * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
+
+---
Old:
0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
New:
0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.V6s5Vy/_old 2022-11-25 13:11:20.535741197 +0100
+++ /var/tmp/diff_new_pack.V6s5Vy/_new 2022-11-25 13:11:20.539741219 +0100
@@ -313,7 +313,6 @@
Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Patch789: 0001-Workaround-volatile-efi-boot-variable.patch
Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
-Patch791: 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
Patch794: 0001-Filter-out-POSIX-locale-for-translation.patch
@@ -477,6 +476,8 @@
Patch947: 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
Patch948: 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
Patch949: 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
+Patch950: 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
+Patch951: 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch ++
>From b78aca6e1c4f72a6491457e849b76c8e0af77765 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Mon, 13 Dec 2021 14:25:49 +0800
Subject: [PATCH 1/2] fs/btrfs: Use full btrfs bootloader area
Up to now GRUB can only embed to the first 64 KiB before primary
superblock of btrfs, effectively limiting the GRUB core size. That
could consequently pose restrictions to feature enablement like
advanced zstd compression.
This patch attempts to utilize full unused area reserved by btrfs for
the bootloader outlined in the document [1]:
The first 1MiB on each device is unused with the exception of primary
superblock that is on the offset 64KiB and spans 4KiB.
Apart from that, adjacent sectors to superblock and first block group
are not used for embedding in case of overflow and logged access to
adjacent sectors could be useful for tracing it up.
This patch has been tested to provide out of the box support for btrfs
zstd compression with which GRUB has been installed to the partition.
[1] https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT
Signed-off-by: Michael Chang
Reviewed-by: Daniel Kiper
---
grub-core/fs/btrfs.c | 90 +---
include/grub/disk.h | 2 +
2 files changed, 79 insertions(+), 13 deletions(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 7007463c6..979ba1b28 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -2537,6 +2537,33 @@ grub_btrfs_label (grub_device_t device, char **label)
}
#ifdef GRUB_UTIL
+
+struct embed_region {
+ unsigned int start;
+ unsigned int secs;
+};
+
+/*
+ * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT
+ * The first 1 MiB on each device is unused with the exception of primary
+ * superblock that is on the offset 64 KiB and spans 4 KiB.
+ */
+
+static const struct {
+ struct embed_region available;
+ struct embed_region used[6];
+} btrfs_head = {
+ .available = {0, GRUB_DISK_KiB_TO_SECTORS (1024)}, /* The first 1 MiB. */
+ .used = {
+{0, 1},/* boot.S.
*/
+{GRUB_DISK_KiB_TO_SECTORS (64) - 1, 1},/* Overflow
guard. */
+{GRUB_DISK_KiB_TO_SECTORS (64), GRUB_DISK_KiB_TO_SECTORS (4)}, /* 4 KiB
superblock
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-11-23 09:47:35
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1597 (New)
Package is "grub2"
Wed Nov 23 09:47:35 2022 rev:275 rq:1037229 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-11-16
15:42:44.979698229 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1597/grub2.changes2022-11-23
09:47:43.210920548 +0100
@@ -1,0 +2,7 @@
+Mon Nov 21 02:10:28 UTC 2022 - Michael Chang
+
+- Fix regression of reverting back to asking password twice when a keyfile is
+ already used (bsc#1205309)
+ * 0010-templates-import-etc-crypttab-to-grub.cfg.patch
+
+---
Other differences:
--
++ 0010-templates-import-etc-crypttab-to-grub.cfg.patch ++
--- /var/tmp/diff_new_pack.0EMga3/_old 2022-11-23 09:47:46.486937641 +0100
+++ /var/tmp/diff_new_pack.0EMga3/_new 2022-11-23 09:47:46.486937641 +0100
@@ -11,35 +11,30 @@
Signed-off-by: Michael Chang
---
- Makefile.util.def | 7 +++
- util/grub.d/05_crypttab.in | 36
- 2 files changed, 43 insertions(+)
+ Makefile.util.def |7 ++
+ util/grub.d/05_crypttab.in | 50
+
+ 2 files changed, 57 insertions(+)
create mode 100644 util/grub.d/05_crypttab.in
-diff --git a/Makefile.util.def b/Makefile.util.def
-index 08f681cd8b..5e0ba22f3d 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
-@@ -476,6 +476,13 @@ script = {
- installdir = grubconf;
+@@ -477,6 +477,13 @@
};
-+script = {
+ script = {
+ name = '05_crypttab';
+ common = util/grub.d/05_crypttab.in;
+ installdir = grubconf;
+ condition = COND_HOST_LINUX;
+};
+
- script = {
++script = {
name = '10_windows';
common = util/grub.d/10_windows.in;
-diff --git a/util/grub.d/05_crypttab.in b/util/grub.d/05_crypttab.in
-new file mode 100644
-index 00..c539bc061e
+ installdir = grubconf;
--- /dev/null
+++ b/util/grub.d/05_crypttab.in
-@@ -0,0 +1,36 @@
+@@ -0,0 +1,50 @@
+#! /bin/sh
+set -e
+
@@ -71,12 +66,23 @@
+CRYPTTAB=/etc/crypttab
+
+if [ -r "$CRYPTTAB" ]; then
-+ awk '/UUID=/ { sub(/UUID=/,"",$2); \
-+ gsub(/-/,"",$2); \
-+ printf("crypttab_entry %s %s %s\n",$1,$2,$3) \
-+ }' "$CRYPTTAB"
++ awk '
++ $3 ~ /(^\/dev\/|^\/proc\/|^\/sys\/|:)/ { next }
++ { key[0] = $3 }
++ $3 ~ /(^$|none|-)/ {
++key[0] = "/etc/cryptsetup-keys.d/" $1 ".key"
++key[1] = "/run/cryptsetup-keys.d/" $1 ".key"
++ }
++ {
++for (d in key)
++ if (system("test -f " key[d]) == 0)
++next
++ }
++ /UUID=/ {
++ sub(/UUID=/,"",$2);
++ gsub(/-/,"",$2);
++ printf("crypttab_entry %s %s %s\n",$1,$2,$3)
++ }
++ ' "$CRYPTTAB"
+fi
---
-2.34.1
-
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-11-16 15:42:37
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1597 (New)
Package is "grub2"
Wed Nov 16 15:42:37 2022 rev:274 rq:1035937 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-11-14
14:28:46.594904018 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1597/grub2.changes2022-11-16
15:42:44.979698229 +0100
@@ -1,0 +2,20 @@
+Wed Nov 16 02:36:23 UTC 2022 - Michael Chang
+
+- Security fixes and hardenings
+ * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
+ * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
+- Fix CVE-2022-2601 (bsc#1205178)
+ * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
+ * 0004-font-Remove-grub_font_dup_glyph.patch
+ * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
+ * 0006-font-Fix-integer-overflow-in-BMP-index.patch
+ * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
+ * 0008-fbutil-Fix-integer-overflow.patch
+- Fix CVE-2022-3775 (bsc#1205182)
+ * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
+ * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
+ * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
+ * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
+- Bump upstream SBAT generation to 3
+
+---
New:
0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
0004-font-Remove-grub_font_dup_glyph.patch
0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
0006-font-Fix-integer-overflow-in-BMP-index.patch
0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
0008-fbutil-Fix-integer-overflow.patch
0009-font-Fix-an-integer-underflow-in-blit_comb.patch
0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.19jcUF/_old 2022-11-16 15:42:48.899712440 +0100
+++ /var/tmp/diff_new_pack.19jcUF/_new 2022-11-16 15:42:48.903712455 +0100
@@ -22,7 +22,7 @@
%if %{defined sbat_distro}
# SBAT metadata
%define sbat_generation 1
-%define sbat_generation_grub 2
+%define sbat_generation_grub 3
%else
%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
%endif
@@ -465,6 +465,18 @@
# (PED-1990) GRUB2: Measure the kernel on POWER10 and extend TPM PCRs
Patch936: 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
Patch937: 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
+Patch938: 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
+Patch939: 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
+Patch940: 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
+Patch941: 0004-font-Remove-grub_font_dup_glyph.patch
+Patch942: 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
+Patch943: 0006-font-Fix-integer-overflow-in-BMP-index.patch
+Patch944: 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
+Patch945: 0008-fbutil-Fix-integer-overflow.patch
+Patch946: 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
+Patch947: 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
+Patch948: 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
+Patch949: 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch ++
>From a2606b0cb95f261288c79cafc7295927d868cb04 Mon Sep 17 00:00:00 2001
From: Zhang Boyang
Date: Wed, 3 Aug 2022 19:45:33 +0800
Subject: [PATCH 01/12] font: Reject glyphs exceeds font->max_glyph_width or
font->max_glyph_height
Check glyph's width and height against limits specified in font's
metadata. Reject the glyph (and font) if such limits are exceeded.
Signed-off-by: Zhang Boyang
Reviewed-by: Daniel Kiper
---
grub-core/font/font.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index d09bb38d8..2f09a4a55 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t f
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-11-14 14:28:44
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1597 (New)
Package is "grub2"
Mon Nov 14 14:28:44 2022 rev:273 rq:1035611 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-11-09
12:56:56.360180110 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1597/grub2.changes2022-11-14
14:28:46.594904018 +0100
@@ -1,0 +2,12 @@
+Mon Nov 14 09:54:16 UTC 2022 - Michael Chang
+
+- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported
+ regression in some hardware being stuck in initrd loading (bsc#1205380)
+
+---
+Mon Nov 14 03:03:35 UTC 2022 - Michael Chang
+
+- Fix password asked twice if third field in crypttab not present (bsc#1205312)
+ * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
+
+---
Old:
0001-linux-fix-efi_relocate_kernel-failure.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.ZZwEzL/_old 2022-11-14 14:28:50.054922116 +0100
+++ /var/tmp/diff_new_pack.ZZwEzL/_new 2022-11-14 14:28:50.062922158 +0100
@@ -453,7 +453,6 @@
# powerpc-ieee1275
Patch926:
0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
Patch927: safe_tpm_pcr_snapshot.patch
-Patch928: 0001-linux-fix-efi_relocate_kernel-failure.patch
# (PED-996) NVMeoFC support on Grub (grub2)
Patch929: 0001-ieee1275-add-support-for-NVMeoFC.patch
Patch930: 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
++ 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ++
--- /var/tmp/diff_new_pack.ZZwEzL/_old 2022-11-14 14:28:50.366923748 +0100
+++ /var/tmp/diff_new_pack.ZZwEzL/_new 2022-11-14 14:28:50.370923769 +0100
@@ -22,11 +22,11 @@
Signed-off-by: Michael Chang
---
grub-core/Makefile.core.def |5 +
- grub-core/commands/crypttab.c | 42
+ grub-core/commands/crypttab.c | 47 ++
grub-core/disk/cryptodisk.c |6 +
grub-core/loader/linux.c | 137
--
include/grub/linux.h |3
- 5 files changed, 188 insertions(+), 5 deletions(-)
+ 5 files changed, 193 insertions(+), 5 deletions(-)
create mode 100644 grub-core/commands/crypttab.c
--- a/grub-core/Makefile.core.def
@@ -42,7 +42,7 @@
+};
--- /dev/null
+++ b/grub-core/commands/crypttab.c
-@@ -0,0 +1,42 @@
+@@ -0,0 +1,47 @@
+
+#include
+#include
@@ -57,13 +57,18 @@
+ int argc, char **argv)
+{
+ char buf[64];
-+ const char *path = argv[2];
++ const char *path = NULL;
+
-+ if (argc != 3)
-+return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("three arguments expected"));
-+
-+ if (grub_strcmp (argv[2], "none") == 0
-+ || grub_strcmp (argv[2], "-") == 0)
++ if (argc == 2)
++path = NULL;
++ else if (argc == 3)
++path = argv[2];
++ else
++return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two or three arguments
expected"));
++
++ if (!path
++ || grub_strcmp (path, "none") == 0
++ || grub_strcmp (path, "-") == 0)
+{
+ grub_snprintf (buf, sizeof (buf), "/etc/cryptsetup-keys.d/%s.key",
argv[0]);
+ path = buf;
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2022-08-26 11:20:20 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.2083 (New) Package is "grub2" Fri Aug 26 11:20:20 2022 rev:271 rq: version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-08-19 17:54:22.251835330 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.2083/grub2.changes2022-08-26 11:20:21.638699595 +0200 @@ -2,42 +1,0 @@ -Thu Aug 18 02:47:28 UTC 2022 - Michael Chang - -- Fix tpm error stop tumbleweed from booting (bsc#1202374) - * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch -- Patch Removed - * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - -Wed Jun 8 03:25:26 UTC 2022 - Michael Chang - -- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) -- Make grub-tpm.efi a symlink to grub.efi - * grub2.spec -- Log error when tpm event log is full and continue - * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch -- Patch superseded - * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - -Wed Jun 8 03:17:29 UTC 2022 - Michael Chang - -- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) - * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch - * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch - * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch - * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch - * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch - * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch - * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch - * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch - * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch - * 0010-protectors-Add-key-protectors-framework.patch - * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch - * 0012-protectors-Add-TPM2-Key-Protector.patch - * 0013-cryptodisk-Support-key-protectors.patch - * 0014-util-grub-protect-Add-new-tool.patch -- Fix no disk unlocking happen (bsc#1196668) - * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch -- Fix build error - * fix-tpm2-build.patch - Old: 0001-crytodisk-fix-cryptodisk-module-looking-up.patch 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch 0002-cryptodisk-Refactor-to-discard-have_it-global.patch 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch 0005-cryptodisk-Improve-cryptomount-u-error-message.patch 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch 0010-protectors-Add-key-protectors-framework.patch 0011-tpm2-Add-TPM-Software-Stack-TSS.patch 0012-protectors-Add-TPM2-Key-Protector.patch 0013-cryptodisk-Support-key-protectors.patch 0014-util-grub-protect-Add-new-tool.patch fix-tpm2-build.patch Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.Zw4V3O/_old 2022-08-26 11:20:24.362704392 +0200 +++ /var/tmp/diff_new_pack.Zw4V3O/_new 2022-08-26 11:20:24.370704406 +0200 @@ -407,22 +407,6 @@ Patch882: 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch Patch883: 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch Patch884: 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch -Patch885: 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch -Patch886: 0002-cryptodisk-Refactor-to-discard-have_it-global.patch -Patch887: 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch -Patch888: 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch -Patch889: 0005-cryptodisk-Improve-cryptomount-u-error-message.patch -Patch890: 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch -Patch891: 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch -Patch892: 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch -Patch893: 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch -Patch894: 0010-protectors-Add-key-protectors-framework.patch -Patch895: 0011-tpm2-Add-TPM-Software-Stack-TSS.patch -Patch896:
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-08-19 17:53:16
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2083 (New)
Package is "grub2"
Fri Aug 19 17:53:16 2022 rev:270 rq:997711 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-08-12
17:46:21.218070773 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.2083/grub2.changes2022-08-19
17:54:22.251835330 +0200
@@ -1,0 +2,8 @@
+Thu Aug 18 02:47:28 UTC 2022 - Michael Chang
+
+- Fix tpm error stop tumbleweed from booting (bsc#1202374)
+ * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+- Patch Removed
+ * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
+
+---
Old:
0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
New:
0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.472I3Q/_old 2022-08-19 17:54:25.063841224 +0200
+++ /var/tmp/diff_new_pack.472I3Q/_new 2022-08-19 17:54:25.067841232 +0200
@@ -315,6 +315,7 @@
Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
Patch791: 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
+Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
Patch794: 0001-Filter-out-POSIX-locale-for-translation.patch
Patch795: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
Patch796: 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
@@ -422,7 +423,6 @@
Patch898: 0014-util-grub-protect-Add-new-tool.patch
Patch899: fix-tpm2-build.patch
Patch900: 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
-Patch901: 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch ++
>From 2cecb472ffba4dbc534f4ce3346a453762371c52 Mon Sep 17 00:00:00 2001
From: Mathieu Trudel-Lapierre
Date: Fri, 25 Oct 2019 10:27:54 -0400
Subject: [PATCH] tpm: Pass unknown error as non-fatal, but debug print the
error we got
Signed-off-by: Mathieu Trudel-Lapierre
Patch-Name: ubuntu-tpm-unknown-error-non-fatal.patch
---
grub-core/commands/efi/tpm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index a97d85368..1e399a964 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -145,7 +145,8 @@ grub_efi_log_event_status (grub_efi_status_t status)
case GRUB_EFI_NOT_FOUND:
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
default:
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status);
+ return 0;
}
}
--
2.31.1
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2022-08-12 17:46:18 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1521 (New) Package is "grub2" Fri Aug 12 17:46:18 2022 rev:269 rq:994511 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-06-09 14:09:24.364336047 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.1521/grub2.changes2022-08-12 17:46:21.218070773 +0200 @@ -1,0 +2,34 @@ +Wed Jun 8 03:25:26 UTC 2022 - Michael Chang + +- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) +- Make grub-tpm.efi a symlink to grub.efi + * grub2.spec +- Log error when tpm event log is full and continue + * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch +- Patch superseded + * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch + +--- +Wed Jun 8 03:17:29 UTC 2022 - Michael Chang + +- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) + * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch + * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch + * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch + * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch + * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch + * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch + * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch + * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch + * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch + * 0010-protectors-Add-key-protectors-framework.patch + * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch + * 0012-protectors-Add-TPM2-Key-Protector.patch + * 0013-cryptodisk-Support-key-protectors.patch + * 0014-util-grub-protect-Add-new-tool.patch +- Fix no disk unlocking happen (bsc#1196668) + * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch +- Fix build error + * fix-tpm2-build.patch + +--- Old: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch New: 0001-crytodisk-fix-cryptodisk-module-looking-up.patch 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch 0002-cryptodisk-Refactor-to-discard-have_it-global.patch 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch 0005-cryptodisk-Improve-cryptomount-u-error-message.patch 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch 0010-protectors-Add-key-protectors-framework.patch 0011-tpm2-Add-TPM-Software-Stack-TSS.patch 0012-protectors-Add-TPM2-Key-Protector.patch 0013-cryptodisk-Support-key-protectors.patch 0014-util-grub-protect-Add-new-tool.patch fix-tpm2-build.patch Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.mTVNnA/_old 2022-08-12 17:46:24.442078831 +0200 +++ /var/tmp/diff_new_pack.mTVNnA/_new 2022-08-12 17:46:24.450078851 +0200 @@ -315,7 +315,6 @@ Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch Patch791: 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch -Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch Patch794: 0001-Filter-out-POSIX-locale-for-translation.patch Patch795: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch Patch796: 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch @@ -407,6 +406,23 @@ Patch882: 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch Patch883: 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch Patch884: 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch +Patch885: 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch +Patch886: 0002-cryptodisk-Refactor-to-discard-have_it-global.patch +Patch887: 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch +Patch888: 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch +Patch889: 0005-cryptodisk-Improve-cryptomount-u-error-message.patch +Patch890: 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch +Patc
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2022-06-09 14:09:19 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1548 (New) Package is "grub2" Thu Jun 9 14:09:19 2022 rev:268 rq:981229 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-06-03 14:15:15.085206168 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.1548/grub2.changes2022-06-09 14:09:24.364336047 +0200 @@ -1,0 +2,46 @@ +Tue May 31 04:44:18 UTC 2022 - Michael Chang + +- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) + * 0001-video-Remove-trailing-whitespaces.patch + * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch + * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch +- Fix CVE-2022-28736 (bsc#1198496) + * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch +- Fix CVE-2022-28735 (bsc#1198495) + * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch + * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch + * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch + * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch +- Fix CVE-2021-3695 (bsc#1191184) + * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +- Fix CVE-2021-3696 (bsc#1191185) + * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch + * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch + * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch + * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch + * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +- Fix CVE-2021-3697 (bsc#1191186) + * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch + * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +- Fix CVE-2022-28733 (bsc#1198460) + * 0017-net-ip-Do-IP-fragment-maths-safely.patch + * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch + * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch + * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch + * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch + * 0022-net-tftp-Avoid-a-trivial-UAF.patch + * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +- Fix CVE-2022-28734 (bsc#1198493) + * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch +- Fix CVE-2022-28734 (bsc#1198493) + * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch + * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch + * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch + * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch + * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch + * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch + * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch + * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch +- Bump grub's SBAT generation to 2 + +--- New: 0001-video-Remove-trailing-whitespaces.patch 0002-loader-efi-chainloader-Simplify-the-loader-state.patch 0003-commands-boot-Add-API-to-pass-context-to-loader.patch 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch 0011-video-readers-png-Sanity-check-some-huffman-codes.patch 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch 0017-net-ip-Do-IP-fragment-maths-safely.patch 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch 0022-net-tftp-Avoid-a-trivial-UAF.patch 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch 0024-net-http-Fix-OOB-write-for-split-http-headers.patch 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch 0027-fs-f2fs-Do-not-read-past-the-e
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-06-03 14:15:13
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1548 (New)
Package is "grub2"
Fri Jun 3 14:15:13 2022 rev:267 rq:980226 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-05-24
20:30:47.77854 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1548/grub2.changes2022-06-03
14:15:15.085206168 +0200
@@ -1,0 +2,13 @@
+Tue May 31 04:41:44 UTC 2022 - Michael Chang
+
+- Use boot disks in OpenFirmware, fixing regression caused by
+ 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
+ the root LV is completely in the boot LUN (bsc#1197948)
+ * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
+
+---
+Thu May 26 10:10:56 UTC 2022 - Michael Chang
+
+- Fix error message in displaying help on bootable snapshot (bsc#1199609)
+
+---
New:
0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.Mr4vXb/_old 2022-06-03 14:15:17.177208886 +0200
+++ /var/tmp/diff_new_pack.Mr4vXb/_new 2022-06-03 14:15:17.181208892 +0200
@@ -374,6 +374,7 @@
Patch849: 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
Patch850: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
Patch851: 0001-libc-config-merge-from-glibc.patch
+Patch852: 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -644,7 +645,7 @@
PXE_MODULES="tftp http"
CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"
%ifarch %{efi}
-CD_MODULES="${CD_MODULES} chain efifwsetup efinet"
+CD_MODULES="${CD_MODULES} chain efifwsetup efinet read"
PXE_MODULES="${PXE_MODULES} efinet"
%else
CD_MODULES="${CD_MODULES} net"
++ 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch ++
>From b0f9dcabe96e5689ecfba9b6abcd27e685eabd48 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Wed, 11 May 2022 09:56:11 -0400
Subject: [PATCH] ofdisk: improve boot time by lookup boot disk first
While booting lvm, grub will try to build up logical volumes via hooks
to disk iteration where on-disk metadata can be read and parsed. However
the process can become very slow on multipath as reachable disks are
duplicated by multiple I/O paths and they all get inspected.
Fortunately grub allows lvm to be lazy binding and opportunistic that
root volume can be created when it's needed using a smaller set of
discovered disks. The disk iteration can also be controlled by pull
methods to only returning specified disks. That said we may be able to
take advantage of existing design to cause less overhead in lvm
construction.
This patch will return boot disks in OpenFirmware so they can be used
first. If lvm managed to create root volume out of those boot disks then
it is all very nice as they are readily available. Otherwise disk
scanning will be performed to present all discoverable disks to grub as
what it was done in the past. The result maybe again time consuming but
we have nothing to lose here.
Signed-off-by: Michael Chang
---
grub-core/disk/ieee1275/ofdisk.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 258a6e3891..410f4b849f 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -491,10 +491,11 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook,
void *hook_data,
{
unsigned i;
- if (pull != GRUB_DISK_PULL_NONE)
+ if (pull > GRUB_DISK_PULL_REMOVABLE)
return 0;
- scan ();
+ if (pull == GRUB_DISK_PULL_REMOVABLE)
+scan ();
for (i = 0; i < ARRAY_SIZE (ofdisk_hash); i++)
{
@@ -532,6 +533,12 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook,
void *hook_data,
if (!ent->is_boot && ent->is_removable)
continue;
+ if (pull == GRUB_DISK_PULL_NONE && !ent->is_boot)
+ continue;
+
+ if (pull == GRUB_DISK_PULL_REMOVABLE && ent->is_boot)
+ continue;
+
if (hook (ent->grub_shortest, hook_data))
return 1;
}
--
2.34.1
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-05-24 20:30:44
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2254 (New)
Package is "grub2"
Tue May 24 20:30:44 2022 rev:266 rq:978619 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-04-26
20:16:53.308696788 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.2254/grub2.changes2022-05-24
20:30:47.77854 +0200
@@ -1,0 +2,9 @@
+Tue May 17 10:46:38 UTC 2022 - Michael Chang
+
+- Fix installation over serial console ends up in infinite boot loop
+ (bsc#1187810)
+ * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
+- Fix ppc64le build error for new IEEE long double ABI
+ * 0001-libc-config-merge-from-glibc.patch
+
+---
New:
0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
0001-libc-config-merge-from-glibc.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.qcxyXo/_old 2022-05-24 20:30:50.754891510 +0200
+++ /var/tmp/diff_new_pack.qcxyXo/_new 2022-05-24 20:30:50.758891514 +0200
@@ -372,6 +372,8 @@
Patch847: 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
Patch848: 0001-grub-probe-Deduplicate-probed-partmap-output.patch
Patch849: 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
+Patch850: 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
+Patch851: 0001-libc-config-merge-from-glibc.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch ++
>From f76317d9dc35dbc576820ba6c2a6a8e41f5338b5 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Thu, 19 May 2022 13:08:12 +0800
Subject: [PATCH] Fix infinite boot loop on headless system in qemu
After finishing headless virtual machine installation via serial
console, the reboot fails in grub with infinte boot loop and also
keyboard input for serial console is unresponsive.
The cause of infinte loop boils down to legacy vga driver in grub
crashes when '-dispaly none' is used as qemu's display type described in
the manual as:
"Do not display video output. The guest will still see an emulated
graphics card, but its output will not be displayed tothe QEMU user.
This option differs from the -nographic option in that it only affects
what is done with video output; -nographic also changes the destination
of the serial and parallel port data."
Given there's no sensible way found to skip the emulated device from the
legacy vga module, we ended up removing it from all_video dependency so
it wouldn't be loaded by default. In any case, the vbe module remain
loaded and should fulfill the requirement of most hardwares even twenty
years old or more.
The unresponsive serial input is also fixed by ensuring that console
input is loaded via appended so that they won't fail altogether with
errors by other console device if specifying on the same list.
Signed-off-by: Michael Chang
---
grub-core/genmoddep.awk | 3 +++
util/grub.d/00_header.in | 10 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk
index 04c2863e5a..9b64f3ca93 100644
--- a/grub-core/genmoddep.awk
+++ b/grub-core/genmoddep.awk
@@ -96,6 +96,9 @@ END {
}
modlist = ""
while (getline <"video.lst") {
+ if ($1 == "vga") {
+ continue;
+ }
modlist = modlist " " $1;
}
printf "all_video:%s\n", modlist;
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index b21caa4bcb..23671838e9 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -280,7 +280,15 @@ case x${GRUB_TERMINAL_OUTPUT} in
;;
x*)
cat << EOF
-terminal_output ${GRUB_TERMINAL_OUTPUT}
+
+for i in ${GRUB_TERMINAL_OUTPUT}; do
+ if [ x\${use_append} = xtrue ]; then
+ terminal_output --append \$i
+ elif terminal_output \$i; then
+ use_append=true;
+ fi
+done
+
EOF
;;
esac
--
2.34.1
++ 0001-libc-config-merge-from-glibc.patch ++
>From 88d0ba220763f99c6c98e44918435cdceef56ed7 Mon Sep 17 00:00:00 2001
From: Paul Eggert
Date: Tue, 5 Jan 2021 13:12:39 -0800
Subject: [PATCH] libc-config: merge from glibc
Use a better way of keeping glibc and gnulib
lib/cdefs.h mostly in sync, by using lib/cdefs.h only on platforms
where does not work well enough for Gnulib.
* lib/cdefs.h: Go back to using _SYS_CDEFS_H rather than
_GL_DEFS_H as an include guard.
(__THROW, __THROWNL, __NTH, __NTHNL):
Define to noexcept for C++11 and later.
(__glibc_objsize, __glibc
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-04-26 20:14:54
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1538 (New)
Package is "grub2"
Tue Apr 26 20:14:54 2022 rev:265 rq:972431 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-04-23
00:25:07.683745521 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1538/grub2.changes2022-04-26
20:16:53.308696788 +0200
@@ -1,0 +2,7 @@
+Thu Apr 21 09:35:15 UTC 2022 - Michael Chang
+
+- Fix Power10 LPAR error "The partition fails to activate as partition went
+ into invalid state" (bsc#1198714)
+ * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
+
+---
New:
0001-powerpc-do-CAS-in-a-more-compatible-way.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.EmqUVo/_old 2022-04-26 20:16:55.492699430 +0200
+++ /var/tmp/diff_new_pack.EmqUVo/_new 2022-04-26 20:16:55.500699440 +0200
@@ -371,6 +371,7 @@
Patch846: 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
Patch847: 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
Patch848: 0001-grub-probe-Deduplicate-probed-partmap-output.patch
+Patch849: 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-powerpc-do-CAS-in-a-more-compatible-way.patch ++
>From 91c9ff5515821fa579961a4c3a411a29384fbfd6 Mon Sep 17 00:00:00 2001
From: Daniel Axtens
Date: Fri, 8 Apr 2022 12:35:28 +1000
Subject: [PATCH] powerpc: do CAS in a more compatible way
I wrongly assumed that the most compatible way to perform CAS
negotiation was to only set the minimum number of vectors required
to ask for more memory. It turns out that this messes up booting
if the minimum VP capacity would be less than the default 10% in
vector 4.
Linux configures the minimum capacity to be 1%, so copy it for that
and for vector 3 which we now need to specify as well.
Signed-off-by: Daniel Axtens
---
grub-core/kern/ieee1275/init.c | 54 +++---
1 file changed, 31 insertions(+), 23 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index d77d896043..7d7178d3e1 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -298,33 +298,37 @@ grub_ieee1275_total_mem (grub_uint64_t *total)
/* Based on linux - arch/powerpc/kernel/prom_init.c */
struct option_vector2 {
- grub_uint8_t byte1;
- grub_uint16_t reserved;
- grub_uint32_t real_base;
- grub_uint32_t real_size;
- grub_uint32_t virt_base;
- grub_uint32_t virt_size;
- grub_uint32_t load_base;
- grub_uint32_t min_rma;
- grub_uint32_t min_load;
- grub_uint8_t min_rma_percent;
- grub_uint8_t max_pft_size;
+ grub_uint8_t byte1;
+ grub_uint16_t reserved;
+ grub_uint32_t real_base;
+ grub_uint32_t real_size;
+ grub_uint32_t virt_base;
+ grub_uint32_t virt_size;
+ grub_uint32_t load_base;
+ grub_uint32_t min_rma;
+ grub_uint32_t min_load;
+ grub_uint8_t min_rma_percent;
+ grub_uint8_t max_pft_size;
} __attribute__((packed));
struct pvr_entry {
- grub_uint32_t mask;
- grub_uint32_t entry;
+ grub_uint32_t mask;
+ grub_uint32_t entry;
};
struct cas_vector {
-struct {
- struct pvr_entry terminal;
-} pvr_list;
-grub_uint8_t num_vecs;
-grub_uint8_t vec1_size;
-grub_uint8_t vec1;
-grub_uint8_t vec2_size;
-struct option_vector2 vec2;
+ struct {
+struct pvr_entry terminal;
+ } pvr_list;
+ grub_uint8_t num_vecs;
+ grub_uint8_t vec1_size;
+ grub_uint8_t vec1;
+ grub_uint8_t vec2_size;
+ struct option_vector2 vec2;
+ grub_uint8_t vec3_size;
+ grub_uint16_t vec3;
+ grub_uint8_t vec4_size;
+ grub_uint16_t vec4;
} __attribute__((packed));
/* Call ibm,client-architecture-support to try to get more RMA.
@@ -345,13 +349,17 @@ grub_ieee1275_ibm_cas (void)
} args;
struct cas_vector vector = {
.pvr_list = { { 0x, 0x } }, /* any processor */
-.num_vecs = 2 - 1,
+.num_vecs = 4 - 1,
.vec1_size = 0,
.vec1 = 0x80, /* ignore */
.vec2_size = 1 + sizeof(struct option_vector2) - 2,
.vec2 = {
0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48
},
+.vec3_size = 2 - 1,
+.vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
+.vec4_size = 2 - 1,
+.vec4 = 0x0001, // set required minimum capacity % to the lowest value
};
INIT_IEEE1275_COMMON (&args.common, "call-met
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-04-23 00:25:02
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1538 (New)
Package is "grub2"
Sat Apr 23 00:25:02 2022 rev:264 rq:971281 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-04-02
18:20:18.630430038 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1538/grub2.changes2022-04-23
00:25:07.683745521 +0200
@@ -1,0 +2,5 @@
+Mon Apr 11 11:50:04 UTC 2022 - Ludwig Nussel
+
+- use common SBAT values (boo#1193282)
+
+---
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.WOSkEI/_old 2022-04-23 00:25:10.827747196 +0200
+++ /var/tmp/diff_new_pack.WOSkEI/_new 2022-04-23 00:25:10.831747198 +0200
@@ -19,6 +19,14 @@
%define _binaries_in_noarch_package_terminate_build 0
+%if %{defined sbat_distro}
+# SBAT metadata
+%define sbat_generation 1
+%define sbat_generation_grub 1
+%else
+%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
+%endif
+
Name: grub2
%ifarch x86_64 ppc64
BuildRequires: gcc-32bit
@@ -663,24 +671,16 @@
--program-transform-name=s,grub,%{name},
make %{?_smp_mflags}
-# SBAT metadata
-%if 0%{?is_opensuse} == 1
-distro_id="opensuse"
-distro_name="The openSUSE Project"
-%else
-distro_id="sle"
-distro_name="SUSE Linux Enterprise"
-%endif
-upstream_sbat=1
-distro_sbat=1
+%if 0%{?sbat_generation}
echo "sbat,1,SBAT
Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md"; > sbat.csv
-echo "grub,${upstream_sbat},Free Software
Foundation,grub,%{version},https://www.gnu.org/software/grub/"; >> sbat.csv
-echo
"grub.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security-t...@suse.de"
>> sbat.csv
+echo "grub,%{sbat_generation_grub},Free Software
Foundation,grub,%{version},https://www.gnu.org/software/grub/"; >> sbat.csv
+echo
"grub.%{sbat_distro},%{sbat_generation},%{sbat_distro_summary},%{name},%{version},%{sbat_distro_url}"
>> sbat.csv
+%endif
-./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix= --sbat sbat.csv \
+./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix=
%{?sbat_generation:--sbat sbat.csv} \
-d grub-core ${GRUB_MODULES}
%ifarch x86_64
-./grub-mkimage -O %{grubefiarch} -o grub-tpm.efi --prefix= --sbat sbat.csv \
+./grub-mkimage -O %{grubefiarch} -o grub-tpm.efi --prefix=
%{?sbat_generation:--sbat sbat.csv} \
-d grub-core ${GRUB_MODULES} tpm
%endif
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-04-02 18:20:11
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1900 (New)
Package is "grub2"
Sat Apr 2 18:20:11 2022 rev:263 rq:965515 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-03-20
20:54:55.518472654 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1900/grub2.changes2022-04-02
18:20:18.630430038 +0200
@@ -1,0 +2,7 @@
+Fri Mar 25 03:46:55 UTC 2022 - Michael Chang
+
+- Fix wrong order in kernel sorting of listing rc before final release
+ (bsc#1197376)
+ * grub2-use-rpmsort-for-version-sorting.patch
+
+---
Other differences:
--
++ grub2-use-rpmsort-for-version-sorting.patch ++
--- /var/tmp/diff_new_pack.70t9uO/_old 2022-04-02 18:20:22.390387832 +0200
+++ /var/tmp/diff_new_pack.70t9uO/_new 2022-04-02 18:20:22.394387787 +0200
@@ -1,12 +1,28 @@
-diff -urN grub-2.02~beta2.old/util/grub-mkconfig_lib.in
grub-2.02~beta2/util/grub-mkconfig_lib.in
grub-2.02~beta2.old/util/grub-mkconfig_lib.in 2014-04-11
15:20:42.451394845 +0200
-+++ grub-2.02~beta2/util/grub-mkconfig_lib.in 2014-04-11 15:58:02.940618803
+0200
-@@ -229,7 +229,7 @@
+v2:
+Fix wrong sorting order if version contains "-" delimiter
+
+Index: grub-2.06/util/grub-mkconfig_lib.in
+===
+--- grub-2.06.orig/util/grub-mkconfig_lib.in
grub-2.06/util/grub-mkconfig_lib.in
+@@ -220,9 +220,9 @@ version_sort ()
+
+ version_test_numeric ()
+ {
+- version_test_numeric_a="$1"
++ version_test_numeric_a="`echo "$1" | sed -e 's/-\([^0-9]*\)$/\.\1/' -e
's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`"
+ version_test_numeric_cmp="$2"
+- version_test_numeric_b="$3"
++ version_test_numeric_b="`echo "$3" | sed -e 's/-\([^0-9]*\)$/\.\1/' -e
's/-/~/g' -e 's/~\([^~]*\)$/-\1/'`"
+ if [ "$version_test_numeric_a" = "$version_test_numeric_b" ] ; then
+ case "$version_test_numeric_cmp" in
+ ge|eq|le) return 0 ;;
+@@ -234,7 +234,7 @@ version_test_numeric ()
version_test_numeric_a="$version_test_numeric_b"
version_test_numeric_b="$version_test_numeric_c"
fi
- if (echo "$version_test_numeric_a" ; echo "$version_test_numeric_b") |
version_sort | head -n 1 | grep -qx "$version_test_numeric_b" ; then
-+ if [ "`printf '%s\n' "$version_test_gt_a" "$version_test_gt_b" |
/usr/lib/rpm/rpmsort -r | head -n1`" = "$version_test_gt_a" ] ; then
++ if [ "`printf '%s\n' "$version_test_numeric_a" "$version_test_numeric_b" |
/usr/lib/rpm/rpmsort -r | head -n1`" = "$version_test_numeric_a" ] ; then
return 0
else
return 1
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-03-20 20:54:43
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.25692 (New)
Package is "grub2"
Sun Mar 20 20:54:43 2022 rev:262 rq:962679 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-03-15
19:03:43.892899768 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.25692/grub2.changes 2022-03-20
20:54:55.518472654 +0100
@@ -1,0 +2,17 @@
+Fri Mar 18 09:10:07 UTC 2022 - Michael Chang
+
+- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
+ * 0001-grub-probe-Deduplicate-probed-partmap-output.patch
+
+---
+Wed Mar 16 14:57:02 UTC 2022 - Michael Chang
+
+- Fix GCC 12 build failure (bsc#1196546)
+ * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
+ * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
+ * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
+- Revised
+ * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
+ * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
+
+---
New:
0001-grub-probe-Deduplicate-probed-partmap-output.patch
0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.TYypfQ/_old 2022-03-20 20:54:57.874476043 +0100
+++ /var/tmp/diff_new_pack.TYypfQ/_new 2022-03-20 20:54:57.878476049 +0100
@@ -359,6 +359,10 @@
Patch842: 0001-grub-install-bailout-root-device-probing.patch
Patch843: 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
Patch844: 0001-install-fix-software-raid1-on-esp.patch
+Patch845: 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
+Patch846: 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
+Patch847: 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
+Patch848: 0001-grub-probe-Deduplicate-probed-partmap-output.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-grub-probe-Deduplicate-probed-partmap-output.patch ++
>From ed0ac581ad3866197fc05c7cf48e39419a51f606 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 18 Mar 2022 13:19:33 +0800
Subject: [PATCH] grub-probe: Deduplicate probed partmap output
If the target device being probed is staked on top of other physical or logical
devices, all containing device's partition map type will be printed once if
--target=partmap is used. This usually results in duplicated output as same
partition map type.
This in turn may clutter grub.cfg with many duplicated insmod part_[a-z]+ if
the /boot is RAIDed because --target=partmap output is used to producing
partmap modules required to access disk device.
Let's deduplicate that to make the grub.cfg looks better and disciplined.
Signed-off-by: Michael Chang
---
util/grub-probe.c | 59 +++
1 file changed, 55 insertions(+), 4 deletions(-)
diff --git a/util/grub-probe.c b/util/grub-probe.c
index c08e46bbb..fb94f28fd 100644
--- a/util/grub-probe.c
+++ b/util/grub-probe.c
@@ -153,6 +153,50 @@ do_print (const char *x, void *data)
grub_printf ("%s%c", x, delim);
}
+static int
+check_duplicate_partmap (const char *name)
+{
+ static int alloc, used;
+ static char **partmaps;
+ int i;
+
+ if (!name)
+{
+ if (partmaps)
+ {
+for (i= 0; i < used; ++i)
+ free (partmaps[i]);
+free (partmaps);
+partmaps = NULL;
+alloc = 0;
+used = 0;
+ }
+ return 1;
+}
+
+ for (i= 0; i < used; ++i)
+if (strcmp (partmaps[i], name) == 0)
+ return 1;
+
+ if (alloc <= used)
+{
+ alloc = (alloc) ? (alloc << 1) : 4;
+ partmaps = xrealloc (partmaps, alloc * sizeof (*partmaps));
+}
+
+ partmaps[used++] = strdup (name);
+ return 0;
+}
+
+static void
+do_print_partmap (const char *x, void *data)
+{
+ char delim = *(const char *) data;
+ if (check_duplicate_partmap (x) != 0)
+return;
+ grub_printf ("%s%c", x, delim);
+}
+
static void
probe_partmap (grub_disk_t disk, char delim)
{
@@ -165,10 +209,14 @@ probe_partmap (grub_disk_t disk, char delim)
}
for (part = disk->partition; part; part = part->parent)
-printf ("%s%c", part->partmap->name, delim);
+{
+ if (check_duplicate_partmap (part->partmap->name) != 0)
+ continue;
+
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-03-15 19:03:41
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.25692 (New)
Package is "grub2"
Tue Mar 15 19:03:41 2022 rev:261 rq:961558 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-03-11
11:43:55.418786429 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.25692/grub2.changes 2022-03-15
19:03:43.892899768 +0100
@@ -1,0 +2,20 @@
+Fri Mar 11 09:30:05 UTC 2022 - Michael Chang
+
+- Fix grub-install error when efi system partition is created as mdadm software
+ raid1 device (bsc#1179981) (bsc#1195204)
+ * 0001-install-fix-software-raid1-on-esp.patch
+
+---
+Thu Mar 10 09:10:23 UTC 2022 - Michael Chang
+
+- Fix riscv64 build error
+ * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
+
+---
+Thu Mar 10 07:08:52 UTC 2022 - Michael Chang
+
+- Fix error in grub-install when linux root device is on lvm thin volume
+ (bsc#1192622) (bsc#1191974)
+ * 0001-grub-install-bailout-root-device-probing.patch
+
+---
@@ -126 +146 @@
-- VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474)
+- VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474)
(CVE-2021-46705)
New:
0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
0001-grub-install-bailout-root-device-probing.patch
0001-install-fix-software-raid1-on-esp.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.wqUTz3/_old 2022-03-15 19:03:46.520901550 +0100
+++ /var/tmp/diff_new_pack.wqUTz3/_new 2022-03-15 19:03:46.528901556 +0100
@@ -356,6 +356,9 @@
Patch839: 0003-grub-install-support-prep-environment-block.patch
Patch840: 0004-Introduce-prep_load_env-command.patch
Patch841: 0005-export-environment-at-start-up.patch
+Patch842: 0001-grub-install-bailout-root-device-probing.patch
+Patch843: 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
+Patch844: 0001-install-fix-software-raid1-on-esp.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch ++
>From 4e7de0959f3e99824d4a688398958ea022a1d023 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt
Date: Sat, 29 Jan 2022 13:36:55 +0100
Subject: [PATCH] RISC-V: Adjust -march flags for binutils 2.38
As of version 2.38 binutils defaults to ISA specification version
2019-12-13. This version of the specification has has separated the
the csr read/write (csrr*/csrw*) instructions and the fence.i from
the I extension and put them into separate Zicsr and Zifencei
extensions.
This implies that we have to adjust the -march flag passed to the
compiler accordingly.
Signed-off-by: Heinrich Schuchardt
Reviewed-by: Daniel Kiper
---
configure.ac | 8
1 file changed, 8 insertions(+)
diff --git a/configure.ac b/configure.ac
index af8e2615ce..906eb1cedc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -866,11 +866,19 @@ if test x"$platform" != xemu ; then
CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv32imac
-mabi=ilp32"], [])
+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei
+ CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32
-Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+
[grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], [])
fi
if test "x$target_cpu" = xriscv64; then
CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv64imac
-mabi=lp64"], [])
+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei
+ CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64
-Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+
[grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], [])
fi
if test "x$target_cpu" = xia64; then
CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt
-Werror"
--
2.34.1
++ 0001-grub-install-bailout-root-device-probing.patch ++
>From 58dcf7985b20de876a6fc44a591aa377d0a0302c Mon Sep 17 00:00:00 2001
From: Mich
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-03-08 20:31:17
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2349 (New)
Package is "grub2"
Tue Mar 8 20:31:17 2022 rev:260 rq:959763 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-02-15
23:57:02.496172974 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2349/grub2.changes2022-03-11
11:43:55.418786429 +0100
@@ -1,0 +2,18 @@
+Fri Mar 4 03:37:40 UTC 2022 - Michael Chang
+
+- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
+ * 0001-Add-grub_envblk_buf-helper-function.patch
+ * 0002-Add-grub_disk_write_tail-helper-function.patch
+ * 0003-grub-install-support-prep-environment-block.patch
+ * 0004-Introduce-prep_load_env-command.patch
+ * 0005-export-environment-at-start-up.patch
+- Use enviroment variable in early boot config to looking up root device
+ * grub2.spec
+
+---
+Tue Mar 1 08:55:57 UTC 2022 - Michal Suchanek
+
+- Remove obsolete openSUSE 12.2 conditionals in spec file
+- Clean up powerpc certificate handling.
+
+---
New:
0001-Add-grub_envblk_buf-helper-function.patch
0002-Add-grub_disk_write_tail-helper-function.patch
0003-grub-install-support-prep-environment-block.patch
0004-Introduce-prep_load_env-command.patch
0005-export-environment-at-start-up.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.BGjWvK/_old 2022-03-11 11:43:57.490788753 +0100
+++ /var/tmp/diff_new_pack.BGjWvK/_new 2022-03-11 11:43:57.494788757 +0100
@@ -53,11 +53,9 @@
%endif
BuildRequires: xz-devel
%ifarch x86_64 aarch64 ppc ppc64 ppc64le
-%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign-obs-integration
%endif
-%endif
%if 0%{?suse_version} >= 1210
# Package systemd services files grub2-once.service
BuildRequires: systemd-rpm-macros
@@ -353,6 +351,11 @@
Patch834: 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
Patch835: 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
Patch836: 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
+Patch837: 0001-Add-grub_envblk_buf-helper-function.patch
+Patch838: 0002-Add-grub_disk_write_tail-helper-function.patch
+Patch839: 0003-grub-install-support-prep-environment-block.patch
+Patch840: 0004-Introduce-prep_load_env-command.patch
+Patch841: 0005-export-environment-at-start-up.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -638,7 +641,7 @@
GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES}
mdraid09 mdraid1x lvm serial"
%ifarch ppc ppc64 ppc64le
-GRUB_MODULES="${GRUB_MODULES} appendedsig memdisk tar regexp"
+GRUB_MODULES="${GRUB_MODULES} appendedsig memdisk tar regexp prep_loadenv"
%endif
%ifarch %{efi}
@@ -675,7 +678,6 @@
%endif
%ifarch x86_64 aarch64
-%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
if test -e %{_sourcedir}/_projectcert.crt ; then
prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout
-subject_hash)
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout
-issuer_hash)
@@ -698,7 +700,6 @@
openssl x509 -in $cert -outform DER -out grub.der
%endif
-%endif
cd ..
%endif
@@ -729,8 +730,11 @@
make %{?_smp_mflags}
if [ "%{platform}" = "ieee1275" ]; then
-cert="%{_sourcedir}/_projectcert.crt"
-openssl x509 -in "$cert" -outform DER -out grub.der
+# So far neither OpenFirmware nor grub support CA chain, only
certificate pinning
+# Use project certificate always in the shipped informational file and
+# for kernel verification
+projectcert="%{_sourcedir}/_projectcert.crt"
+openssl x509 -in "$projectcert" -outform DER -out grub.der
cat > %{platform}-config <<'EOF'
set root=memdisk
set prefix=($root)/
@@ -744,39 +748,76 @@
echo "bpart=$bpart"
echo "bpath=$bpath"
+if [ "$btrfs_relative_path" = xy ]; then
+ btrfs_relative_path=1
+fi
+
if [ "$bdev" -a "$bpart" -a "$bpath" ]; then
- hints="--hint $bdev$bpart"
- cfg_dir="$bpath"
+ set hints="--hint $bdev$bpart"
+ set cfg_dir="$bpath"
elif [ "$bdev" -a "$bpart" ]; then
- hints="--hint $bdev$bpart"
- cfg_dir="/boot/grub2 /grub2"
+ set hints="--hint $bdev$bpart"
+ set cfg_dir="/boot/grub2 /grub2"
+ set btrfs_relative_path=1
elif [ "$bdev" ]; then
- hints="--hint ${bdev},"
- cfg_dir="/boot/grub2
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2022-02-15 23:56:59 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1956 (New) Package is "grub2" Tue Feb 15 23:56:59 2022 rev:259 rq:954138 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-01-27 23:16:16.523264817 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.1956/grub2.changes2022-02-15 23:57:02.496172974 +0100 @@ -1,0 +2,7 @@ +Thu Feb 10 16:20:24 UTC 2022 - Bj??rn Lie + +- Set grub2-check-default shebang to "#!/bin/bash", as the the code + uses many instructions which are undefined for a POSIX sh. + (boo#1195794). + +--- Other differences: -- ++ grub2-check-default.sh ++ --- /var/tmp/diff_new_pack.QcGxRE/_old 2022-02-15 23:57:04.836179435 +0100 +++ /var/tmp/diff_new_pack.QcGxRE/_new 2022-02-15 23:57:04.840179446 +0100 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2022-01-27 23:16:15
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1898 (New)
Package is "grub2"
Thu Jan 27 23:16:15 2022 rev:258 rq:948537 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2022-01-14
23:13:57.738659704 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1898/grub2.changes2022-01-27
23:16:16.523264817 +0100
@@ -8,0 +9,6 @@
+Thu Jan 13 06:36:44 UTC 2022 - Michael Chang
+
+- Fix wrong default entry when booting snapshot (bsc#1159205)
+ * grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
+
+---
Other differences:
--
++ grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch ++
--- /var/tmp/diff_new_pack.vftVhe/_old 2022-01-27 23:16:20.219239282 +0100
+++ /var/tmp/diff_new_pack.vftVhe/_new 2022-01-27 23:16:20.223239254 +0100
@@ -1,8 +1,11 @@
-Index: grub-2.02~beta2/grub-core/normal/menu.c
+
+v2: Add menuentry "Help on bootable snapshot" to be excluded as default entry.
+
+Index: grub-2.06/grub-core/normal/menu.c
===
grub-2.02~beta2.orig/grub-core/normal/menu.c
-+++ grub-2.02~beta2/grub-core/normal/menu.c
-@@ -575,6 +575,44 @@ print_countdown (struct grub_term_coordi
+--- grub-2.06.orig/grub-core/normal/menu.c
grub-2.06/grub-core/normal/menu.c
+@@ -574,6 +574,43 @@ print_countdown (struct grub_term_coordi
grub_refresh ();
}
@@ -15,10 +18,9 @@
+workaround_snapshot_menu_default_entry (grub_menu_t menu, const char *name,
int *default_entry)
+{
+ grub_menu_entry_t entry;
-+
-+ if ((entry = grub_menu_get_entry (menu, 0))
-+ && entry->submenu
-+ && grub_strncmp (entry->title, "Bootable snapshot", sizeof("Bootable
snapshot") - 1) == 0)
++ if ((entry = grub_menu_get_entry (menu, 0)) &&
++ ((entry->submenu && grub_strncmp (entry->title, "Bootable snapshot",
sizeof("Bootable snapshot") - 1) == 0) ||
++ (!entry->submenu && grub_strncmp (entry->title, "Help on bootable
snapshot", sizeof("Help on bootable snapshot") - 1) == 0)))
+{
+ const char *val;
+
@@ -47,7 +49,7 @@
#define GRUB_MENU_PAGE_SIZE 10
/* Show the menu and handle menu entry selection. Returns the menu entry
-@@ -593,6 +631,8 @@ run_menu (grub_menu_t menu, int nested,
+@@ -592,6 +629,8 @@ run_menu (grub_menu_t menu, int nested,
default_entry = get_entry_number (menu, "default");
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2022-01-14 23:12:59 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1892 (New) Package is "grub2" Fri Jan 14 23:12:59 2022 rev:257 rq:946360 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-12-28 12:26:09.052462769 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.1892/grub2.changes2022-01-14 23:13:57.738659704 +0100 @@ -1,0 +2,45 @@ +Fri Jan 14 08:39:36 UTC 2022 - Michael Chang + +- Power guest secure boot with static keys: GRUB2 signing portion + (jsc#SLE-18271) (bsc#1192764) + * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch + +--- +Tue Jan 11 03:49:15 UTC 2022 - Michael Chang + +- Power guest secure boot with static keys: GRUB2 signing portion + (jsc#SLE-18271) (bsc#1192764) + * grub2.spec +- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) + (bsc#1192686) + * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch + * 0002-ieee1275-claim-more-memory.patch + * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch + * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch + * 0005-docs-grub-Document-signing-grub-under-UEFI.patch + * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch + * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch + * 0008-pgp-factor-out-rsa_pad.patch + * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch + * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch + * 0011-libtasn1-import-libtasn1-4.18.0.patch + * 0012-libtasn1-disable-code-not-needed-in-grub.patch + * 0013-libtasn1-changes-for-grub-compatibility.patch + * 0014-libtasn1-compile-into-asn1-module.patch + * 0015-test_asn1-test-module-for-libtasn1.patch + * 0016-grub-install-support-embedding-x509-certificates.patch + * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch + * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch + * 0019-appended-signatures-support-verifying-appended-signa.patch + * 0020-appended-signatures-verification-tests.patch + * 0021-appended-signatures-documentation.patch + * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch + * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch + +--- +Mon Jan 10 09:38:46 UTC 2022 - Michael Chang + +- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) + * grub2-systemd-sleep-plugin + +--- New: 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch 0002-ieee1275-claim-more-memory.patch 0003-ieee1275-request-memory-with-ibm-client-architecture.patch 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch 0005-docs-grub-Document-signing-grub-under-UEFI.patch 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch 0008-pgp-factor-out-rsa_pad.patch 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch 0011-libtasn1-import-libtasn1-4.18.0.patch 0012-libtasn1-disable-code-not-needed-in-grub.patch 0013-libtasn1-changes-for-grub-compatibility.patch 0014-libtasn1-compile-into-asn1-module.patch 0015-test_asn1-test-module-for-libtasn1.patch 0016-grub-install-support-embedding-x509-certificates.patch 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch 0019-appended-signatures-support-verifying-appended-signa.patch 0020-appended-signatures-verification-tests.patch 0021-appended-signatures-documentation.patch 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.d9XIXO/_old 2022-01-14 23:13:59.402660777 +0100 +++ /var/tmp/diff_new_pack.d9XIXO/_new 2022-01-14 23:13:59.406660779 +0100 @@ -1,7 +1,7 @@ # # spec file for package grub2 # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,7 +52,7 @@ BuildRequires: python %endif BuildRequires: xz-devel -%ifarch x86_64 a
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-12-28 12:26:04
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2520 (New)
Package is "grub2"
Tue Dec 28 12:26:04 2021 rev:256 rq:942700 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-12-13
20:46:45.528502442 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2520/grub2.changes2021-12-28
12:26:09.052462769 +0100
@@ -1,0 +2,22 @@
+Tue Dec 21 03:03:47 UTC 2021 - Michael Chang
+
+- Fix CVE-2021-3981 (bsc#1189644)
+ * 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
+
+---
+Fri Dec 17 10:42:33 UTC 2021 - Michael Chang
+
+- Fix can't allocate initrd error (bsc#1191378)
+ * 0001-Factor-out-grub_efi_linux_boot.patch
+ * 0002-Fix-race-in-EFI-validation.patch
+ * 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
+ * 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
+ * 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
+ * 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
+ * 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
+ * 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
+ * 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
+ * 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
+ * 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
+
+---
New:
0001-Factor-out-grub_efi_linux_boot.patch
0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
0002-Fix-race-in-EFI-validation.patch
0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.hhl549/_old 2021-12-28 12:26:10.668463992 +0100
+++ /var/tmp/diff_new_pack.hhl549/_new 2021-12-28 12:26:10.672463995 +0100
@@ -316,6 +316,18 @@
Patch798: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
Patch799: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Patch800: 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
+Patch801: 0001-Factor-out-grub_efi_linux_boot.patch
+Patch802: 0002-Fix-race-in-EFI-validation.patch
+Patch803: 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
+Patch804: 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
+Patch805: 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
+Patch806: 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
+Patch807: 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
+Patch808: 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
+Patch809: 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
+Patch810: 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
+Patch811: 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
+Patch812: 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -1006,7 +1018,7 @@
%doc README.ibm3215
%endif
%dir /boot/%{name}
-%ghost /boot/%{name}/grub.cfg
+%ghost %attr(600, root, root) /boot/%{name}/grub.cfg
%{_sysconfdir}/bash_completion.d/grub
%config(noreplace) %{_sysconfdir}/default/grub
%dir %{_sysconfdir}/grub.d
++ 0001-Factor-out-grub_efi_linux_boot.patch ++
>From 82d95254ca0496c8843113665bb9a99876101025 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 8 Oct 2021 13:36:45 +0800
Subject: [PATCH 01/11] Factor out grub_efi_linux_boot
Both x86 and arm64 on efi are using handover protocol to boot linux
kernel. To enable better code reuse, factor out grub_efi_linux_boot from
arm64 so that it can be shared with x86 platform for the common fixes.
Signed-off-by: Michael Chang
---
grub-core/Makefile.core.def| 1 +
grub-core/loader/arm64/efi/linux.c | 35 +-
grub-core/loader/efi/linux.c | 58 ++
grub-core/loader/i386/efi/linux.c | 13 ++--
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-12-13 20:42:04
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2520 (New)
Package is "grub2"
Mon Dec 13 20:42:04 2021 rev:255 rq:937401 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-12-08
22:08:34.274851753 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2520/grub2.changes2021-12-13
20:46:45.528502442 +0100
@@ -1,0 +2,6 @@
+Wed Dec 8 14:16:58 UTC 2021 - Michal Suchanek
+
+- Add support for simplefb (boo#1193532).
+ + grub2-simplefb.patch
+
+---
New:
grub2-simplefb.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.nAEvId/_old 2021-12-13 20:46:47.356502666 +0100
+++ /var/tmp/diff_new_pack.nAEvId/_new 2021-12-13 20:46:47.360502666 +0100
@@ -176,6 +176,7 @@
Patch2: grub2-linux.patch
Patch3: use-grub2-as-a-package-name.patch
Patch4: info-dir-entry.patch
+Patch5: grub2-simplefb.patch
Patch6: grub2-iterate-and-hook-for-extended-partition.patch
Patch8: grub2-ppc-terminfo.patch
Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
++ grub2-simplefb.patch ++
--- grub-2.06/util/grub.d/10_linux.in 2021-12-08 14:57:02.381591797 +0100
+++ grub-2.06/util/grub.d/10_linux.in 2021-12-08 15:09:08.563593340 +0100
@@ -149,7 +149,7 @@
# FIXME: We need an interface to select vesafb in case efifb can't be used.
if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
echo " load_video" | sed "s/^/$submenu_indentation/"
- if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \
+ if grep -qx "CONFIG_\(FB_EFI\|SYSFB_SIMPLEFB\)=y" "${config}" 2>
/dev/null \
&& grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2>
/dev/null; then
echo "set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
fi
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-12-08 22:08:26
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.31177 (New)
Package is "grub2"
Wed Dec 8 22:08:26 2021 rev:254 rq:935871 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-11-18
10:33:17.879877497 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.31177/grub2.changes 2021-12-08
22:08:34.274851753 +0100
@@ -1,0 +2,6 @@
+Mon Dec 6 01:21:07 UTC 2021 - Michael Chang
+
+- Fix extent not found when initramfs contains shared extents (bsc#1190982)
+ * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
+
+---
New:
0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.DVjMa0/_old 2021-12-08 22:08:36.746852913 +0100
+++ /var/tmp/diff_new_pack.DVjMa0/_new 2021-12-08 22:08:36.750852915 +0100
@@ -314,6 +314,7 @@
Patch797: 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
Patch798: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
Patch799: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
+Patch800: 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch ++
>From 149df8b7bb86401693e1f064859de0a8906d97b7 Mon Sep 17 00:00:00 2001
From: Qu Wenruo
Date: Thu, 28 Oct 2021 17:44:57 +0800
Subject: [PATCH] fs/btrfs: Make extent item iteration to handle gaps
[BUG]
Grub btrfs implementation can't handle two very basic btrfs file
layouts:
1. Mixed inline/regualr extents
# mkfs.btrfs -f test.img
# mount test.img /mnt/btrfs
# xfs_io -f -c "pwrite 0 1k" -c "sync" -c "falloc 0 4k" \
-c "pwrite 4k 4k" /mnt/btrfs/file
# umount /mnt/btrfs
# ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file"
Such mixed inline/regular extents case is not recommended layout,
but all existing tools and kernel can handle it without problem
2. NO_HOLES feature
# mkfs.btrfs -f test.img -O no_holes
# mount test.img /mnt/btrfs
# xfs_io -f -c "pwrite 0 4k" -c "pwrite 8k 4k" /mnt/btrfs/file
# umount /mnt/btrfs
# ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file"
NO_HOLES feature is going to be the default mkfs feature in the incoming
v5.15 release, and kernel has support for it since v4.0.
[CAUSE]
The way GRUB btrfs code iterates through file extents relies on no gap
between extents.
If any gap is hit, then grub btrfs will error out, without any proper
reason to help debug the bug.
This is a bad assumption, since a long long time ago btrfs has a new
feature called NO_HOLES to allow btrfs to skip the padding hole extent
to reduce metadata usage.
The NO_HOLES feature is already stable since kernel v4.0 and is going to
be the default mkfs feature in the incoming v5.15 btrfs-progs release.
[FIX]
When there is a extent gap, instead of error out, just try next item.
This is still not ideal, as kernel/progs/U-boot all do the iteration
item by item, not relying on the file offset continuity.
But it will be way more time consuming to correct the whole behavior
than starting from scratch to build a proper designed btrfs module for GRUB.
Signed-off-by: Qu Wenruo
Reviewed-by: Daniel Kiper
---
grub-core/fs/btrfs.c | 35 ---
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 9625bdf16..b8625197b 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1506,6 +1506,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
grub_size_t csize;
grub_err_t err;
grub_off_t extoff;
+ struct grub_btrfs_leaf_descriptor desc;
if (!data->extent || data->extstart > pos || data->extino != ino
|| data->exttree != tree || data->extend <= pos)
{
@@ -1518,7 +1519,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
key_in.type = GRUB_BTRFS_ITEM_TYPE_EXTENT_ITEM;
key_in.offset = grub_cpu_to_le64 (pos);
err = lower_bound (data, &key_in, &key_out, tree,
-&elemaddr, &elemsize, NULL, 0);
+&elemaddr, &elemsize, &desc, 0);
if (err)
return -1;
if (key_out.object_id != ino
@@ -1557,10 +1558,38 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
PRIxGRUB_UI
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-11-18 10:33:04
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1895 (New)
Package is "grub2"
Thu Nov 18 10:33:04 2021 rev:253 rq:931640 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-11-08
17:24:08.332691515 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.1895/grub2.changes2021-11-18
10:33:17.879877497 +0100
@@ -1,0 +2,7 @@
+Thu Nov 11 07:45:11 UTC 2021 - Michael Chang
+
+- Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522)
+ * 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
+ * 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
+
+---
New:
0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.rsUDt3/_old 2021-11-18 10:33:19.891879370 +0100
+++ /var/tmp/diff_new_pack.rsUDt3/_new 2021-11-18 10:33:19.891879370 +0100
@@ -312,6 +312,8 @@
Patch795: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
Patch796: 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
Patch797: 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
+Patch798: 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
+Patch799: 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -329,8 +331,8 @@
%ifarch s390x
# required utilities by grub2-s390x-04-grub2-install.patch
# use 'showconsole' to determine console device. (bnc#876743)
-Requires: (/sbin/showconsole or /usr/sbin/showconsole)
Requires: kexec-tools
+Requires: (/sbin/showconsole or /usr/sbin/showconsole)
# for /sbin/zipl used by grub2-zipl-setup
Requires: s390-tools
%endif
++ 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch ++
>From 10d0f70ac194931c63f2cbd6fdebd6697abae992 Mon Sep 17 00:00:00 2001
From: Benjamin Herrenschmidt
Date: Mon, 2 Aug 2021 23:10:01 +1000
Subject: [PATCH 1/2] arm64: Fix EFI loader kernel image allocation
We are currently allocating just enough memory for the file size,
which means that the kernel BSS is in limbo (and not even zeroed).
We are also not honoring the alignment specified in the image
PE header.
This makes us use the PE optional header in which the kernel puts the
actual size it needs, including BSS, and make sure we clear it, and
honors the specified alignment for the image.
Signed-off-by: Benjamin Herrenschmidt
---
grub-core/loader/arm64/efi/linux.c | 92 --
1 file changed, 63 insertions(+), 29 deletions(-)
diff --git a/grub-core/loader/arm64/efi/linux.c
b/grub-core/loader/arm64/efi/linux.c
index b73105347..4da49a182 100644
--- a/grub-core/loader/arm64/efi/linux.c
+++ b/grub-core/loader/arm64/efi/linux.c
@@ -39,6 +39,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
static int loaded;
+static void *kernel_alloc_addr;
+static grub_uint32_t kernel_alloc_pages;
static void *kernel_addr;
static grub_uint64_t kernel_size;
static grub_uint32_t handover_offset;
@@ -258,9 +260,8 @@ grub_linux_unload (void)
GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start));
initrd_start = initrd_end = 0;
grub_free (linux_args);
- if (kernel_addr)
-grub_efi_free_pages ((grub_addr_t) kernel_addr,
-GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ if (kernel_alloc_addr)
+grub_efi_free_pages ((grub_addr_t) kernel_alloc_addr, kernel_alloc_pages);
grub_fdt_unload ();
return GRUB_ERR_NONE;
}
@@ -365,14 +366,35 @@ grub_cmd_initrd (grub_command_t cmd __attribute__
((unused)),
return grub_errno;
}
+static grub_err_t
+parse_pe_header (void *kernel, grub_uint64_t *total_size,
+grub_uint32_t *entry_offset,
+grub_uint32_t *alignment)
+{
+ struct linux_arch_kernel_header *lh = kernel;
+ struct grub_armxx_linux_pe_header *pe;
+
+ pe = (void *)((unsigned long)kernel + lh->hdr_offset);
+
+ if (pe->opt.magic != GRUB_PE32_PE64_MAGIC)
+return grub_error(GRUB_ERR_BAD_OS, "Invalid PE optional header magic");
+
+ *total_size = pe->opt.image_size;
+ *entry_offset = pe->opt.entry_addr;
+ *alignment= pe->opt.section_alignment;
+
+ return GRUB_ERR_NONE;
+}
+
static grub_err_t
grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
{
grub_file_t file = 0;
- struct linux_arch_ke
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-11-08 17:23:53
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1890 (New)
Package is "grub2"
Mon Nov 8 17:23:53 2021 rev:252 rq:928660 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-10-25
15:17:51.821691774 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1890/grub2.changes2021-11-08
17:24:08.332691515 +0100
@@ -1,0 +2,24 @@
+Thu Oct 21 12:51:46 UTC 2021 - Michael Chang
+
+- Remove openSUSE Tumbleweed specific handling for default grub
+ distributor (bsc#1191198)
+- Use /usr/lib/os-release as fallback (bsc#1191196)
+ * grub2-default-distributor.patch
+ * grub2-check-default.sh
+- VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474)
+ * grub2-once
+ * grub2-once.service
+- Fix unknown TPM error on buggy uefi firmware (bsc#1191504)
+ * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
+ * 0001-Filter-out-POSIX-locale-for-translation.patch
+- Fix error lvmid disk cannot be found after second disk added to the root
+ volume group (bsc#1189874) (bsc#1071559)
+ * 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
+- Fix error in grub installation due to unnecessary requirement to support
+ excessive device for the root logical volume (bsc#1184135)
+ * 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
+- Fix regression in reading xfs v4
+ *0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
+
+---
New:
0001-Filter-out-POSIX-locale-for-translation.patch
0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.0eHYPj/_old 2021-11-08 17:24:10.240692768 +0100
+++ /var/tmp/diff_new_pack.0eHYPj/_new 2021-11-08 17:24:10.244692770 +0100
@@ -307,6 +307,11 @@
Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
Patch791: 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
+Patch793: 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
+Patch794: 0001-Filter-out-POSIX-locale-for-translation.patch
+Patch795: 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
+Patch796: 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
+Patch797: 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
++ 0001-Filter-out-POSIX-locale-for-translation.patch ++
>From 87b01d35b4db56778e2d9f99d18656026f818bab Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Tue, 26 Oct 2021 13:31:24 +0800
Subject: [PATCH] Filter out POSIX locale for translation
The POSIX locale is default or native operating system's locale
identical to the C locale, so no translation to human speaking languages
provided.
For this reason we should filter out LANG=POSIX as well as LANG=C upon
generating grub.cfg to avoid looking up for it's gettext's message
catalogs that will consequently result in the unpleasant message.
error: file `/boot/grub/locale/POSIX.gmo' not found
Signed-off-by: Michael Chang
---
util/grub.d/00_header.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index 57a35a14a..b21caa4bc 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -250,7 +250,7 @@ EOF
EOF
# Gettext variables and module
-if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "x" ]; then
+if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "xPOSIX" ] && [ "x${LANG}" != "x"
]; then
cat << EOF
set locale_dir=\$prefix/locale
set lang=${grub_lang}
--
2.31.1
++ 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch ++
>From 5cc00eac24c7019d9696a859f69b587e11f1621e Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Mon, 27 Sep 2021 17:39:56 +0800
Subject: [PATCH] disk/diskfilter: Use nodes in logical volume's segment as
member device
Currently the grub_diskfilter_memberlist() function returns all physical
volumes added to a volume group to which a logical volume (LV) belongs.
However, this is suboptimal as it doesn't fit the intended behavior of
return
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2021-10-25 15:17:14 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.1890 (New) Package is "grub2" Mon Oct 25 15:17:14 2021 rev:251 rq:926751 version:2.06 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-09-26 21:49:03.566803984 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.1890/grub2.changes2021-10-25 15:17:51.821691774 +0200 @@ -1,0 +2,5 @@ +Tue Oct 19 08:26:50 UTC 2021 - Fabian Vogt + +- Fix installation on usrmerged s390x + +--- Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.0k9ifp/_old 2021-10-25 15:17:53.581692875 +0200 +++ /var/tmp/diff_new_pack.0k9ifp/_new 2021-10-25 15:17:53.585692877 +0200 @@ -324,7 +324,7 @@ %ifarch s390x # required utilities by grub2-s390x-04-grub2-install.patch # use 'showconsole' to determine console device. (bnc#876743) -Requires: /sbin/showconsole +Requires: (/sbin/showconsole or /usr/sbin/showconsole) Requires: kexec-tools # for /sbin/zipl used by grub2-zipl-setup Requires: s390-tools
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-09-26 21:48:25
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1899 (New)
Package is "grub2"
Sun Sep 26 21:48:25 2021 rev:250 rq:921189 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-09-08
21:36:50.429904188 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1899/grub2.changes2021-09-26
21:49:03.566803984 +0200
@@ -1,0 +2,7 @@
+Wed Sep 22 14:29:12 UTC 2021 - r...@suse.com
+
+- Improve support for SLE Micro 5.1 on s390x. (bsc#1190395)
+ * amend grub2-s390x-04-grub2-install.patch
+ * refresh grub2-s390x-11-secureboot.patch
+
+---
Other differences:
--
++ grub2-s390x-04-grub2-install.patch ++
--- /var/tmp/diff_new_pack.LAQRoC/_old 2021-09-26 21:49:05.578806227 +0200
+++ /var/tmp/diff_new_pack.LAQRoC/_new 2021-09-26 21:49:05.578806227 +0200
@@ -53,6 +53,9 @@
to an emergency shell otherwise
V19:
* dracut-grub2.sh: use 'grep -P' instead of '-E'. [bsc#1136970]
+V20:
+ * dracut-grub2.sh: add support for '/boot/writable'. [bsc#1190395]
+
---
Makefile.util.def | 46 +++
@@ -64,17 +67,15 @@
include/grub/util/install.h|4
util/grub-install-common.c |1
util/grub-install.c| 43 +++
- util/s390x/dracut-grub2.sh.in | 126 +
+ util/s390x/dracut-grub2.sh.in | 141 +++
util/s390x/dracut-module-setup.sh.in | 19 +
util/s390x/dracut-zipl-refresh.sh.in | 183 ++
util/s390x/zipl2grub.conf.in | 26 ++
util/s390x/zipl2grub.pl.in | 423
+
- 14 files changed, 908 insertions(+), 3 deletions(-)
+ 14 files changed, 923 insertions(+), 3 deletions(-)
-Index: grub-2.06~rc1/Makefile.util.def
-===
grub-2.06~rc1.orig/Makefile.util.def
-+++ grub-2.06~rc1/Makefile.util.def
+--- a/Makefile.util.def
b/Makefile.util.def
@@ -374,6 +374,7 @@ program = {
ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR)
$(LIBGEOM)';
@@ -170,10 +171,8 @@
};
program = {
-Index: grub-2.06~rc1/configure.ac
-===
grub-2.06~rc1.orig/configure.ac
-+++ grub-2.06~rc1/configure.ac
+--- a/configure.ac
b/configure.ac
@@ -206,9 +206,9 @@ if test x$platform != xemu ; then
esac
fi
@@ -197,10 +196,8 @@
AM_CONDITIONAL([COND_HOST_HURD], [test x$host_kernel = xhurd])
AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux])
-Index: grub-2.06~rc1/grub-core/Makefile.core.def
-===
grub-2.06~rc1.orig/grub-core/Makefile.core.def
-+++ grub-2.06~rc1/grub-core/Makefile.core.def
+--- a/grub-core/Makefile.core.def
b/grub-core/Makefile.core.def
@@ -1147,6 +1147,7 @@ module = {
module = {
name = videotest;
@@ -217,7 +214,7 @@
};
module = {
-@@ -2030,11 +2032,13 @@ module = {
+@@ -2029,11 +2031,13 @@ module = {
name = gfxterm;
common = term/gfxterm.c;
enable = videomodules;
@@ -231,7 +228,7 @@
};
module = {
-@@ -2155,6 +2159,7 @@ module = {
+@@ -2154,6 +2158,7 @@ module = {
enable = x86_64_efi;
enable = emu;
enable = xen;
@@ -239,7 +236,7 @@
};
module = {
-@@ -2201,6 +2206,7 @@ module = {
+@@ -2200,6 +2205,7 @@ module = {
module = {
name = gfxterm_menu;
common = tests/gfxterm_menu.c;
@@ -247,7 +244,7 @@
};
module = {
-@@ -2354,6 +2360,7 @@ module = {
+@@ -2353,6 +2359,7 @@ module = {
enable = x86_64_efi;
enable = emu;
enable = xen;
@@ -255,10 +252,8 @@
};
module = {
-Index: grub-2.06~rc1/grub-core/osdep/basic/no_platform.c
-===
grub-2.06~rc1.orig/grub-core/osdep/basic/no_platform.c
-+++ grub-2.06~rc1/grub-core/osdep/basic/no_platform.c
+--- a/grub-core/osdep/basic/no_platform.c
b/grub-core/osdep/basic/no_platform.c
@@ -44,3 +44,10 @@ grub_install_sgi_setup (const char *inst
{
grub_util_error ("%s", _("no SGI routines are available for your
platform"));
@@ -270,10 +265,8 @@
+ grub_util_error ("%s", _("no zIPL routines are available for your
platform"));
+}
+
-Index: grub-2.06~rc1/grub-core/osdep/unix/platform.c
-===
grub-2.06~rc1.orig/grub-core/osdep/unix/platform.c
-+++ grub-2.06~rc1/gr
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-09-08 21:36:34
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1899 (New)
Package is "grub2"
Wed Sep 8 21:36:34 2021 rev:249 rq:917187 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-08-24
10:54:55.844316347 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1899/grub2.changes2021-09-08
21:36:50.429904188 +0200
@@ -1,0 +2,22 @@
+Tue Sep 7 02:32:30 UTC 2021 - Michael Chang
+
+- Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061)
+ * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
+
+---
+Wed Sep 1 05:49:47 UTC 2021 - Michael Chang
+
+- Add btrfs zstd compression on i386-pc and also make sure it won't break
+ existing grub installations (bsc#1161823)
+ * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch
+ * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
+
+---
+Tue Aug 31 05:56:56 UTC 2021 - Petr Vorel
+
+- Delete the author list from %description (the %description section is
+ literally for package descriptions (only) these days, encoding was also
+ problematic).
+- Add %doc AUTHORS to get packaged that info
+
+---
Old:
0001-btrfs-disable-zstd-support-for-i386-pc.patch
New:
0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.F9CBxG/_old 2021-09-08 21:36:52.341906427 +0200
+++ /var/tmp/diff_new_pack.F9CBxG/_new 2021-09-08 21:36:52.341906427 +0200
@@ -235,7 +235,6 @@
Patch108: grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
Patch109: grub2-btrfs-09-get-default-subvolume.patch
Patch110: grub2-btrfs-10-config-directory.patch
-Patch111: 0001-btrfs-disable-zstd-support-for-i386-pc.patch
# Support EFI xen loader
Patch120: grub2-efi-xen-chainload.patch
Patch121: grub2-efi-chainloader-root.patch
@@ -306,6 +305,8 @@
Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Patch789: 0001-Workaround-volatile-efi-boot-variable.patch
Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
+Patch791: 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
+Patch792: 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -348,17 +349,6 @@
This package includes user space utlities to manage GRUB on your system.
-
-Authors:
-
-Gordon Matzigkeit
-Yoshinori K. Okuji
-Colin Watson
-Colin D. Bennett
-Vesa Jskel??inen
-Robert Millan
-Carles Pina
-
%package branding-upstream
Summary:Upstream branding for GRUB2's graphical console
@@ -999,6 +989,7 @@
%else
%license COPYING
%endif
+%doc AUTHORS
%doc NEWS README
%doc THANKS TODO ChangeLog
%doc docs/autoiso.cfg docs/osdetect.cfg
++ 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch ++
>From e7fe15db1736e038a7705973424708d3151fde99 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Thu, 12 Aug 2021 21:43:22 +0800
Subject: [PATCH] i386-pc: build btrfs zstd support into separate module
The zstd support in btrfs brings significant size increment to the
on-disk image that it can no longer fit into btrfs bootloader area and
short mbr gap.
In order to support grub update on outstanding i386-pc setup with these
size constraints remain in place, here we build the zstd suppprt of
btrfs into a separate module, named btrfs_zstd, to alleviate the size
change. Please note this only makes it's way to i386-pc, other
architecture is not affected.
Therefore if the system has enough space of embedding area for grub then
zstd support for btrfs will be enabled automatically in the process of
running grub-install through inserting btrfs_zstd module to the on-disk
image, otherwise a warning will be logged on screen to indicate user
that zstd support for btrfs is disabled due to the size limit.
Signed-off-by: Michael Chang
---
Makefile.util.def | 1 +
grub-core/Makefile.core.def | 11
grub-core/fs/btrfs.c| 114 +---
grub-core/fs/btrfs_zstd.c | 36 +++
grub-core/lib/zstd.c| 126
include/grub/btrfs.h|
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-08-24 10:54:14
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1899 (New)
Package is "grub2"
Tue Aug 24 10:54:14 2021 rev:248 rq:913229 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-08-19
10:00:39.531290184 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1899/grub2.changes2021-08-24
10:54:55.844316347 +0200
@@ -8,0 +9,5 @@
+Wed Aug 4 08:36:25 UTC 2021 - Fabian Vogt
+
+- Use %autosetup
+
+---
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.JZlOQv/_old 2021-08-24 10:54:57.728313851 +0200
+++ /var/tmp/diff_new_pack.JZlOQv/_new 2021-08-24 10:54:57.732313846 +0200
@@ -498,124 +498,7 @@
%prep
# We create (if we build for efi) two copies of the sources in the Builddir
-%setup -q -n grub-%{version}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch6 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch12 -p1
-%patch15 -p1
-%patch17 -p1
-%patch19 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch35 -p1
-%patch37 -p1
-%patch38 -p1
-%patch39 -p1
-%patch40 -p1
-%patch41 -p1
-%patch42 -p1
-%patch43 -p1
-%patch53 -p1
-%patch56 -p1
-%patch58 -p1
-%patch59 -p1
-%patch61 -p1
-%patch64 -p1
-%patch65 -p1
-%patch70 -p1
-%patch71 -p1
-%patch72 -p1
-%patch75 -p1
-%patch76 -p1
-%patch77 -p1
-%patch78 -p1
-%patch79 -p1
-%patch80 -p1
-%patch81 -p1
-%patch82 -p1
-%patch84 -p1
-%patch85 -p1
-%patch92 -p1
-%patch93 -p1
-%patch94 -p1
-%patch96 -p1
-%patch97 -p1
-%patch101 -p1
-%patch102 -p1
-%patch103 -p1
-%patch104 -p1
-%patch105 -p1
-%patch106 -p1
-%patch107 -p1
-%patch108 -p1
-%patch109 -p1
-%patch110 -p1
-%patch111 -p1
-%patch120 -p1
-%patch121 -p1
-%patch122 -p1
-%patch123 -p1
-%patch124 -p1
-%patch140 -p1
-%patch141 -p1
-%patch163 -p1
-%patch164 -p1
-%patch205 -p1
-%patch207 -p1
-%patch211 -p1
-%patch212 -p1
-%patch213 -p1
-%patch215 -p1
-%patch218 -p1
-%patch233 -p1
-%patch234 -p1
-%patch236 -p1
-%patch281 -p1
-%patch282 -p1
-%patch283 -p1
-%patch284 -p1
-%patch285 -p1
-%patch286 -p1
-%patch287 -p1
-%patch411 -p1
-%patch420 -p1
-%patch421 -p1
-%patch430 -p1
-%patch431 -p1
-%patch432 -p1
-%patch450 -p1
-%patch501 -p1
-%patch510 -p1
-%patch511 -p1
-%patch714 -p1
-%patch716 -p1
-%patch717 -p1
-%patch718 -p1
-%patch719 -p1
-%patch721 -p1
-%patch730 -p1
-%patch731 -p1
-%patch732 -p1
-%patch733 -p1
-%patch735 -p1
-%patch739 -p1
-%patch740 -p1
-%patch784 -p1
-%patch786 -p1
-%patch788 -p1
-%patch789 -p1
-%patch790 -p1
+%autosetup -p1 -n grub-%{version}
%build
# collect evidence to debug spurious build failure on SLE15
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-08-19 10:00:38
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1899 (New)
Package is "grub2"
Thu Aug 19 10:00:38 2021 rev:247 rq:912247 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-08-06
22:44:24.486110274 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1899/grub2.changes2021-08-19
10:00:39.531290184 +0200
@@ -1,0 +2,7 @@
+Wed Aug 4 10:28:49 UTC 2021 - Stefan Seyfried
+
+- update grub2-systemd-sleep.sh to fix hibernation by avoiding the
+ error "no kernelfile matching the running kernel found" on
+ usrmerged setup
+
+---
Other differences:
--
++ grub2-systemd-sleep.sh ++
--- /var/tmp/diff_new_pack.URgZnb/_old 2021-08-19 10:00:42.847286154 +0200
+++ /var/tmp/diff_new_pack.URgZnb/_new 2021-08-19 10:00:42.847286154 +0200
@@ -121,6 +121,8 @@
# We need this, if more than one kernel is installed. This works reasonably
# well with grub, if all kernels are named "vmlinuz-`uname -r`" and are
# located in /boot. If they are not, good luck ;-)
+# for 2021-style usrmerged kernels, the location in /usr/lib/modules/ \
+# `uname -r`/vmlinuz is resolved to match...
find-kernel-entry()
{
NEXT_BOOT=""
@@ -128,9 +130,14 @@
# DEBUG "running kernel: $RUNNING" DIAG
while [ -n "${KERNELS[$I]}" ]; do
BOOTING="${KERNELS[$I]}"
- if IMAGE=`readlink /boot/$BOOTING` && [ -e "/boot/${IMAGE##*/}"
]; then
- # DEBUG "Found kernel symlink $BOOTING => $IMAGE" INFO
- BOOTING=$IMAGE
+ if IMAGE=$(readlink /boot/"$BOOTING"); then
+ if [[ $IMAGE == */vmlinuz ]]; then # new usrmerged setup
+ BOOTING=${IMAGE%/vmlinuz} # the directory name
is what counts
+ BOOTING=${BOOTING##*/}
+ elif [ -e "/boot/${IMAGE##*/}" ]; then
+ # DEBUG "Found kernel symlink $BOOTING =>
$IMAGE" INFO
+ BOOTING=$IMAGE
+ fi
fi
BOOTING="${BOOTING#*${VMLINUZ}-}"
if [ "$RUNNING" == "$BOOTING" -a -n "${MENU_ENTRIES[$I]}" ];
then
@@ -169,8 +176,13 @@
# if there is no default entry (no menu.lst?) we fall back to
# the default of /boot/${VMLINUZ}.
[ -z "$BOOTING" ] && BOOTING="${VMLINUZ}"
- if IMAGE=`readlink /boot/$BOOTING` && [ -e "/boot/${IMAGE##*/}"
]; then
- BOOTING=$IMAGE
+ if IMAGE=$(readlink /boot/"$BOOTING"); then
+ if [[ $IMAGE == */vmlinuz ]]; then # new usrmerged setup
+ BOOTING=${IMAGE%/vmlinuz} # the directory name
is what counts
+ BOOTING=${BOOTING##*/}
+ elif [ -e "/boot/${IMAGE##*/}" ]; then
+ BOOTING=$IMAGE
+ fi
fi
BOOTING="${BOOTING#*${VMLINUZ}-}"
echo "running kernel: '$RUNNING', probably booting kernel:
'$BOOTING'"
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-08-06 22:44:23
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1899 (New)
Package is "grub2"
Fri Aug 6 22:44:23 2021 rev:246 rq:910196 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-07-18
23:44:49.455103712 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1899/grub2.changes2021-08-06
22:44:24.486110274 +0200
@@ -1,0 +2,9 @@
+Thu Jul 22 16:43:20 UTC 2021 - Petr Vorel
+
+- Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and
+
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
+ with upstream backport:
+ 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and
+ 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch.
+
+---
Old:
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch
New:
0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.gw5V9P/_old 2021-08-06 22:44:26.302107052 +0200
+++ /var/tmp/diff_new_pack.gw5V9P/_new 2021-08-06 22:44:26.302107052 +0200
@@ -257,8 +257,8 @@
Patch213: grub2-Fix-incorrect-netmask-on-ppc64.patch
Patch215: grub2-ppc64-cas-new-scope.patch
Patch218: grub2-ppc64-cas-fix-double-free.patch
-Patch233: grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch
-Patch234:
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
+Patch233: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
+Patch234: 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
Patch236: grub2-efi_gop-avoid-low-resolution.patch
# Support HTTP Boot IPv4 and IPv6 (fate#320129)
Patch281: 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
++ 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch ++
>From e94b4f23277f7572aacbbeae50b8927e03be148a Mon Sep 17 00:00:00 2001
From: Petr Vorel
Date: Thu, 15 Jul 2021 17:35:27 +0200
Subject: [PATCH 1/2] osdep: Introduce include/grub/osdep/major.h and use it
... to factor out fix for glibc 2.25 introduced in 7a5b301e3 (build: Use
AC_HEADER_MAJOR to find device macros).
Note: Once glibc 2.25 is old enough and this fix is not needed also
AC_HEADER_MAJOR in configure.ac should be removed.
Signed-off-by: Petr Vorel
Reviewed-by: Daniel Kiper
[ upstream status: e94b4f232 ("osdep: Introduce include/grub/osdep/major.h and
use it") ]
---
configure.ac | 2 +-
grub-core/osdep/devmapper/getroot.c | 7 +-
grub-core/osdep/devmapper/hostdisk.c | 7 +-
grub-core/osdep/linux/getroot.c | 7 +-
grub-core/osdep/unix/getroot.c | 7 +-
include/grub/osdep/major.h | 33
6 files changed, 38 insertions(+), 25 deletions(-)
create mode 100644 include/grub/osdep/major.h
diff --git a/configure.ac b/configure.ac
index b025e1e84..bee28dbeb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -424,7 +424,7 @@ AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h
limits.h)
# glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits
deprecation
# warning which causes compilation failure later with -Werror. So use -Werror
here
-# as well to force proper sys/sysmacros.h detection.
+# as well to force proper sys/sysmacros.h detection. Used in
include/grub/osdep/major.h.
SAVED_CFLAGS="$CFLAGS"
CFLAGS="$HOST_CFLAGS -Werror"
AC_HEADER_MAJOR
diff --git a/grub-core/osdep/devmapper/getroot.c
b/grub-core/osdep/devmapper/getroot.c
index a13a39c96..9ba5c9865 100644
--- a/grub-core/osdep/devmapper/getroot.c
+++ b/grub-core/osdep/devmapper/getroot.c
@@ -40,12 +40,7 @@
#include
#endif
-#if defined(MAJOR_IN_MKDEV)
-#include
-#elif defined(MAJOR_IN_SYSMACROS)
-#include
-#endif
-
+#include
#include
#include
diff --git a/grub-core/osdep/devmapper/hostdisk.c
b/grub-core/osdep/devmapper/hostdisk.c
index a8afc0c94..c8053728b 100644
--- a/grub-core/osdep/devmapper/hostdisk.c
+++ b/grub-core/osdep/devmapper/hostdisk.c
@@ -11,6 +11,7 @@
#include
#include
#include
+#include
#include
#include
@@ -24,12 +25,6 @@
#include
#include
-#if defined(MAJOR_IN_MKDEV)
-#include
-#elif defined(MAJOR_IN_SYSMACROS)
-#include
-#endif
-
#ifdef HAVE_DEVICE_MAPPER
# include
diff --git a/grub-
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-07-18 23:44:48
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2632 (New)
Package is "grub2"
Sun Jul 18 23:44:48 2021 rev:245 rq:906626 version:2.06
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-07-12
01:24:52.077309102 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.2632/grub2.changes2021-07-18
23:44:49.455103712 +0200
@@ -1,0 +2,21 @@
+Mon Jun 28 10:14:26 UTC 2021 - Michael Chang
+
+- Fix error not a btrfs filesystem on s390x (bsc#1187645)
+ * 80_suse_btrfs_snapshot
+
+---
+Wed Jun 23 07:41:57 UTC 2021 - Michael Chang
+
+- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
+ * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
+
+---
+Mon Jun 21 10:45:40 UTC 2021 - Michael Chang
+
+- Fix boot failure after kdump due to the content of grub.cfg is not
+ completed with pending modificaton in xfs journal (bsc#1186975)
+ * grub-install-force-journal-draining-to-ensure-data-i.patch
+- Patch refreshed
+ * grub2-mkconfig-default-entry-correction.patch
+
+---
Other differences:
--
++ 80_suse_btrfs_snapshot ++
--- /var/tmp/diff_new_pack.UG5Z20/_old 2021-07-18 23:44:51.087091158 +0200
+++ /var/tmp/diff_new_pack.UG5Z20/_new 2021-07-18 23:44:51.087091158 +0200
@@ -4,16 +4,22 @@
if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] &&
[ "x${GRUB_FS}" = "xbtrfs" ] &&
[ -d "${SNAPSHOTS}" ]; then
- SNAPSHOT_RID=`btrfs inspect-internal rootid ${SNAPSHOTS}`
- ROOT_RID=`btrfs inspect-internal rootid /`
- if [ -n "${SNAPSHOT_RID}" -a "${SNAPSHOT_RID}" != "${ROOT_RID}" ]; then
-SNAPSHOT_SUBVOL=`btrfs inspect-internal subvolid-resolve ${SNAPSHOT_RID} /`
-ROOT_SUBVOL=`btrfs inspect-internal subvolid-resolve ${ROOT_RID} /`
-INODE=`stat -c '%i' ${SNAPSHOTS}`
-if [ "x${INODE}" = "x256" -a "x${ROOT_SUBVOL}${SNAPSHOTS}" !=
"x${SNAPSHOT_SUBVOL}" ]; then
- echo "btrfs-mount-subvol (\$root) ${SNAPSHOTS} ${SNAPSHOT_SUBVOL}"
+ machine=`uname -m`
+ case "x$machine" in
+xs390 | xs390x) : ;;
+*)
+SNAPSHOT_RID=`btrfs inspect-internal rootid ${SNAPSHOTS}`
+ROOT_RID=`btrfs inspect-internal rootid /`
+if [ -n "${SNAPSHOT_RID}" -a "${SNAPSHOT_RID}" != "${ROOT_RID}" ]; then
+ SNAPSHOT_SUBVOL=`btrfs inspect-internal subvolid-resolve ${SNAPSHOT_RID}
/`
+ ROOT_SUBVOL=`btrfs inspect-internal subvolid-resolve ${ROOT_RID} /`
+ INODE=`stat -c '%i' ${SNAPSHOTS}`
+ if [ "x${INODE}" = "x256" -a "x${ROOT_SUBVOL}${SNAPSHOTS}" !=
"x${SNAPSHOT_SUBVOL}" ]; then
+echo "btrfs-mount-subvol (\$root) ${SNAPSHOTS} ${SNAPSHOT_SUBVOL}"
+ fi
fi
- fi
+;;
+ esac
cat <
---
Makefile.util.def| 1 +
@@ -196,3 +200,31 @@
/*
* Either there are no platform specific code, or it didn't raise
* ponr. Raise it here, because usually this is already past point
+Index: grub-2.06/util/grub-mkconfig.in
+===
+--- grub-2.06.orig/util/grub-mkconfig.in
grub-2.06/util/grub-mkconfig.in
+@@ -328,6 +328,15 @@ for i in "${grub_mkconfig_dir}"/* ; do
+ esac
+ done
+
++sync_fs_journal () {
++ if test "x$GRUB_DEVICE" = "x$GRUB_DEVICE_BOOT" &&
++ test "x$GRUB_FS" = "xxfs" -o "x$GRUB_FS" = "xext2" &&
++ test "x${grub_cfg}" != "x" -a "x`make_system_path_relative_to_its_root
$grub_cfg`" = "x/boot/grub2/grub.cfg" &&
++ test -x /usr/sbin/fsfreeze; then
++/usr/sbin/fsfreeze --freeze / && /usr/sbin/fsfreeze --unfreeze /
++ fi
++} >&2
++
+ if test "x${grub_cfg}" != "x" ; then
+ if ! ${grub_script_check} ${grub_cfg}.new; then
+ # TRANSLATORS: %s is replaced by filename
+@@ -341,6 +350,7 @@ and /etc/grub.d/* files or please file a
+ # none of the children aborted with error, install the new grub.cfg
+ cat ${grub_cfg}.new > ${grub_cfg}
+ rm -f ${grub_cfg}.new
++sync_fs_journal || true
+ fi
+ fi
+
++ grub2-fix-error-terminal-gfxterm-isn-t-found.patch ++
--- /var/tmp/diff_new_pack.UG5Z20/_old 2021-07-18 23:44:51.223090112 +0200
+++ /var/tmp/diff_new_pack.UG5Z20/_new 2021-07-18 23:44:51.223090112 +0200
@@ -10,24 +10,25 @@
'gfxterm' isn't found" will be logged to screen. This is caused
by GRUB_TERMINAL_INPUT erroneously set to gfxterm. This patch
fixes the issue by not setting it.
+
+v2:
+Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
+
---
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-06-13 23:05:27
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.32437 (New)
Package is "grub2"
Sun Jun 13 23:05:27 2021 rev:243 rq:898234 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-06-04
22:42:53.755085082 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.32437/grub2.changes 2021-06-13
23:05:30.395599516 +0200
@@ -1,0 +2,8 @@
+Mon May 31 07:18:56 UTC 2021 - Michael Chang
+
+- Fix running grub2-once leads to failure of starting systemd service in the
+ boot sequence (bsc#1169460)
+ * grub2-once
+ * grub2-once.service
+
+---
Other differences:
--
++ grub2-once ++
--- /var/tmp/diff_new_pack.4xa0nH/_old 2021-06-13 23:05:33.467605070 +0200
+++ /var/tmp/diff_new_pack.4xa0nH/_new 2021-06-13 23:05:33.471605078 +0200
@@ -177,11 +177,14 @@
# work and function properly on lvm, md and s390.
sub enable_restore_grubenv_service {
-my $systemctl="/usr/bin/systemctl";
+my $systemctl = "/usr/bin/systemctl";
+my $cleanup = "/var/tmp/grub2-cleanup-once";
-if (-x $systemctl) {
- system "$systemctl --no-reload enable grub2-once >/dev/null 2>&1";
-}
+open(my $fh, ">", $cleanup) or die "open: $cleanup $!\n";
+close($fh);
+
+return 0 if (system("$systemctl --quiet is-enabled grub2-once") == 0);
+system "$systemctl --no-reload enable grub2-once >/dev/null 2>&1";
}
$id_name = "";
++ grub2-once.service ++
--- /var/tmp/diff_new_pack.4xa0nH/_old 2021-06-13 23:05:33.487605107 +0200
+++ /var/tmp/diff_new_pack.4xa0nH/_new 2021-06-13 23:05:33.491605114 +0200
@@ -5,11 +5,12 @@
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
ConditionPathIsReadWrite=/boot/grub2/grubenv
+ConditionPathExists=/var/tmp/grub2-cleanup-once
[Service]
Type=oneshot
ExecStart=-/usr/bin/grub2-editenv /boot/grub2/grubenv unset next_entry
-ExecStartPost=-/usr/bin/systemctl disable grub2-once.service
+ExecStartPost=-/usr/bin/rm -f /var/tmp/grub2-cleanup-once
StandardOutput=journal
[Install]
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-06-04 22:42:44
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.1898 (New)
Package is "grub2"
Fri Jun 4 22:42:44 2021 rev:242 rq:896904 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-05-15
23:16:57.088557092 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.1898/grub2.changes2021-06-04
22:42:53.755085082 +0200
@@ -1,0 +2,6 @@
+Fri May 28 15:16:37 UTC 2021 - Michael Chang
+
+- Fix crash in launching gfxmenu without theme file (bsc#1186481)
+ * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
+
+---
Other differences:
--
++ grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch ++
--- /var/tmp/diff_new_pack.uWtGU3/_old 2021-06-04 22:42:55.803087342 +0200
+++ /var/tmp/diff_new_pack.uWtGU3/_new 2021-06-04 22:42:55.803087342 +0200
@@ -144,7 +144,15 @@
static void
init_terminal (grub_gfxmenu_view_t view);
-@@ -142,6 +143,7 @@ grub_gfxmenu_view_destroy (grub_gfxmenu_
+@@ -103,6 +104,7 @@ grub_gfxmenu_view_new (const char *theme
+ view->title_text = grub_strdup (_("GRUB Boot Menu"));
+ view->progress_message_text = 0;
+ view->theme_path = 0;
++ view->menu_title_offset = 0;
+
+ /* Set the timeout bar's frame. */
+ view->progress_message_frame.width = view->screen.width * 4 / 5;
+@@ -142,6 +144,7 @@ grub_gfxmenu_view_destroy (grub_gfxmenu_
grub_free (view->title_text);
grub_free (view->progress_message_text);
grub_free (view->theme_path);
@@ -152,7 +160,7 @@
if (view->canvas)
view->canvas->component.ops->destroy (view->canvas);
grub_free (view);
-@@ -410,6 +412,52 @@ grub_gfxmenu_set_chosen_entry (int entry
+@@ -410,6 +413,52 @@ grub_gfxmenu_set_chosen_entry (int entry
grub_gfxmenu_redraw_menu (view);
}
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2021-05-15 23:15:55 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.2988 (New) Package is "grub2" Sat May 15 23:15:55 2021 rev:241 rq:892656 version:2.04 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-04-26 16:39:03.526021621 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.2988/grub2.changes2021-05-15 23:16:57.088557092 +0200 @@ -1,0 +2,6 @@ +Tue May 11 02:14:06 UTC 2021 - Michael Chang + +- Fix plaintext password in grub config didn't work to unlock menu entry if + enabling secure boot in UEFI (bsc#1181892) + +--- Other differences: -- ++ grub2.spec ++ --- /var/tmp/diff_new_pack.bCnwtp/_old 2021-05-15 23:16:59.208548814 +0200 +++ /var/tmp/diff_new_pack.bCnwtp/_new 2021-05-15 23:16:59.212548798 +0200 @@ -874,7 +874,7 @@ CD_MODULES=" all_video boot cat chain configfile echo true \ efinet font gfxmenu gfxterm gzio halt iso9660 \ jpeg minicmd normal part_apple part_msdos part_gpt \ - password_pbkdf2 png reboot search search_fs_uuid \ + password password_pbkdf2 png reboot search search_fs_uuid \ search_fs_file search_label sleep test video fat loadenv" PXE_MODULES="efinet tftp http" CRYPTO_MODULES="luks gcry_rijndael gcry_sha1 gcry_sha256"
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2021-04-26 16:38:50 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.12324 (New) Package is "grub2" Mon Apr 26 16:38:50 2021 rev:240 rq:887911 version:2.04 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-04-22 18:03:41.434481173 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new.12324/grub2.changes 2021-04-26 16:39:03.526021621 +0200 @@ -1,0 +2,7 @@ +Fri Apr 23 03:27:37 UTC 2021 - Michael Chang + +- Fix obsolete syslog in systemd unit file and updating to use journal as + StandardOutput (bsc#1185149) + * grub2-once.service + +--- Other differences: -- ++ grub2.spec ++ +++ empty output from diff against grub2.spec ++ grub2-once.service ++ --- /var/tmp/diff_new_pack.G0dDSx/_old 2021-04-26 16:39:06.794026823 +0200 +++ /var/tmp/diff_new_pack.G0dDSx/_new 2021-04-26 16:39:06.794026823 +0200 @@ -10,7 +10,7 @@ Type=oneshot ExecStart=-/usr/bin/grub2-editenv /boot/grub2/grubenv unset next_entry ExecStartPost=-/usr/bin/systemctl disable grub2-once.service -StandardOutput=syslog +StandardOutput=journal [Install] WantedBy=sysinit.target
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-04-22 18:03:27
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.12324 (New)
Package is "grub2"
Thu Apr 22 18:03:27 2021 rev:239 rq:887246 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-03-17
20:15:12.482928219 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.12324/grub2.changes 2021-04-22
18:03:41.434481173 +0200
@@ -1,0 +2,12 @@
+Mon Apr 19 09:53:43 UTC 2021 - Michael Chang
+
+- Fix build error on armv6/armv7 (bsc#1184712)
+ * 0001-emu-fix-executable-stack-marking.patch
+
+---
+Thu Apr 8 12:32:52 UTC 2021 - Michael Chang
+
+- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
+ * 0001-Workaround-volatile-efi-boot-variable.patch
+
+---
New:
0001-Workaround-volatile-efi-boot-variable.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.O8V1dc/_old 2021-04-22 18:03:43.562484464 +0200
+++ /var/tmp/diff_new_pack.O8V1dc/_new 2021-04-22 18:03:43.566484470 +0200
@@ -392,6 +392,7 @@
Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
Patch787: 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
+Patch789: 0001-Workaround-volatile-efi-boot-variable.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -773,6 +774,7 @@
%patch786 -p1
%patch787 -p1
%patch788 -p1
+%patch789 -p1
%build
# collect evidence to debug spurious build failure on SLE15
++ 0001-Workaround-volatile-efi-boot-variable.patch ++
>From 71575829c303fe8522b46fc96b1f99f1aa4178e7 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 19 Mar 2021 22:58:45 +0800
Subject: [PATCH] Workaround volatile efi boot variable
The efi variable in Microsoft Azure virtual machine is volatile that it cannot
persist across power cycling. If we use efi variable to communicate with efi
boot manager for booting a distribution, the process would silently fail as the
default loader in the efi system partition will start to take over the process
whenever the efi variable evaporated.
That will lead to undefined symbol error one day as the default path didn't
receive any grub update so it cannot keep up with new ABI requirement by
updated grub modules.
The patch will try to workaround the problem by providing grub update to the
default path along with the distribution specific one. To avoid negative side
effects of inadvertently overwritting other loader intended in default path,
care must be taken to ensure that:
1. The workaround only takes place on detected Azure virtual machine
2. The default path is not in use by shim for the secure boot
---
Makefile.util.def | 1 +
.../osdep/basic/efi_removable_fallback.c | 26 +++
grub-core/osdep/efi_removable_fallback.c | 5 +
.../osdep/linux/efi_removable_fallback.c | 151 ++
include/grub/util/install.h | 3 +
util/grub-install.c | 19 +++
6 files changed, 205 insertions(+)
create mode 100644 grub-core/osdep/basic/efi_removable_fallback.c
create mode 100644 grub-core/osdep/efi_removable_fallback.c
create mode 100644 grub-core/osdep/linux/efi_removable_fallback.c
diff --git a/Makefile.util.def b/Makefile.util.def
index 2eaa3ff68..018874ab5 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -652,6 +652,7 @@ program = {
common = grub-core/kern/emu/argp_common.c;
common = grub-core/osdep/init.c;
common = grub-core/osdep/journaled_fs.c;
+ common = grub-core/osdep/efi_removable_fallback.c;
ldadd = '$(LIBLZMA)';
ldadd = libgrubmods.a;
diff --git a/grub-core/osdep/basic/efi_removable_fallback.c
b/grub-core/osdep/basic/efi_removable_fallback.c
new file mode 100644
index 0..3f782f764
--- /dev/null
+++ b/grub-core/osdep/basic/efi_removable_fallback.c
@@ -0,0 +1,26 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2013 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-03-17 20:14:00
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2401 (New)
Package is "grub2"
Wed Mar 17 20:14:00 2021 rev:238 rq:879336 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-03-15
10:53:40.537104975 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2401/grub2.changes2021-03-17
20:15:12.482928219 +0100
@@ -1,0 +2,7 @@
+Tue Mar 16 02:57:12 UTC 2021 - Michael Chang
+
+- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of
+ nvme namespace (bsc#1177751)
+ 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
+
+---
New:
0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.xvAFNm/_old 2021-03-17 20:15:15.390932194 +0100
+++ /var/tmp/diff_new_pack.xvAFNm/_new 2021-03-17 20:15:15.390932194 +0100
@@ -391,6 +391,7 @@
Patch785: 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
Patch787: 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
+Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -771,6 +772,7 @@
%patch785 -p1
%patch786 -p1
%patch787 -p1
+%patch788 -p1
%build
# collect evidence to debug spurious build failure on SLE15
++ 0001-ieee1275-Avoiding-many-unecessary-open-close.patch ++
>From e9d3202d5cffb89223ff61ac93de86a0cac1b50c Mon Sep 17 00:00:00 2001
From: Diego Domingos
Date: Thu, 19 Nov 2020 10:47:25 -0300
Subject: [PATCH] ieee1275: Avoiding many unecessary open/close
This patch aims to change the grub_ofdisk_open and grub_ofdisk_close behaviors.
Since some devices (Fibre Channel and NVMe) can have a long time for shutdown
notification, we should avoid open and close the disks as much as we can.
So, we are changing how those functions works. The grub_ofdisk_close will take
care of just changing the disk element status, by doing a soft close, i.e, the
firmware will not be called. On the other hand, the grub_ofdisk_open will take
care of closing the current disk opened only if the disk requested in the
current call is different from the current one. This close will be responsible
to request the firmware to actually close the disk.
Yet, this patch modifies the grub_ofdisk_get_block_size function, avoiding open
and close calls inside of it.
Thank you Michael Chang (mch...@suse.com) for all support.
Signed-off-by: Diego Domingos
---
grub-core/disk/ieee1275/ofdisk.c | 64 +---
1 file changed, 35 insertions(+), 29 deletions(-)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 03674cb47..ea7f78ac7 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -44,7 +44,7 @@ struct ofdisk_hash_ent
};
static grub_err_t
-grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size,
+grub_ofdisk_get_block_size (grub_uint32_t *block_size,
struct ofdisk_hash_ent *op);
#define OFDISK_HASH_SZ 8
@@ -461,6 +461,7 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
grub_ssize_t actual;
grub_uint32_t block_size = 0;
grub_err_t err;
+ struct ofdisk_hash_ent *op;
if (grub_strncmp (name, "ieee1275/", sizeof ("ieee1275/") - 1) != 0)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
@@ -471,6 +472,35 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
grub_dprintf ("disk", "Opening `%s'.\n", devpath);
+ op = ofdisk_hash_find (devpath);
+ if (!op)
+op = ofdisk_hash_add (devpath, NULL);
+ if (!op)
+{
+ grub_free (devpath);
+ return grub_errno;
+}
+
+ /* Check if the call to open is the same to the last disk already opened */
+ if (last_devpath && !grub_strcmp(op->open_path,last_devpath))
+ {
+ goto finish;
+ }
+
+ /* If not, we need to close the previous disk and open the new one */
+ else {
+if (last_ihandle){
+grub_ieee1275_close (last_ihandle);
+}
+last_ihandle = 0;
+last_devpath = NULL;
+
+grub_ieee1275_open (op->open_path, &last_ihandle);
+if (! last_ihandle)
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
+last_devpath = op->open_path;
+ }
+
if (grub_ieee1275_finddevice (devpath, &dev))
{
grub_free (devpath);
@@ -491,25 +521,18 @@ grub_ofdisk_open (con
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2021-03-05 16:52:16 Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.2378 (New) Package is "grub2" Fri Mar 5 16:52:16 2021 rev:236 rq:877254 version:2.04 Changes: --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-03-05 13:47:06.751722342 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.2378/grub2.changes2021-03-05 16:52:18.968447593 +0100 @@ -2,70 +1,0 @@ -Fri Mar 5 09:41:07 UTC 2021 - Michael Chang - -- Fix chainloading windows on dual boot machine (bsc#1183073) - * 0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch - -Fri Feb 26 06:52:18 UTC 2021 - Michael Chang - -- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) - * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch - * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch - * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch - * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch - * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch - * 0036-util-mkimage-Improve-data_size-value-calculation.patch - * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch - * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - * 0039-grub-install-common-Add-sbat-option.patch -- Fix CVE-2021-20225 (bsc#1182262) - * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch -- Fix CVE-2020-27749 (bsc#1179264) - * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch - * 0025-kern-parser-Fix-a-memory-leak.patch - * 0026-kern-parser-Introduce-process_char-helper.patch - * 0027-kern-parser-Introduce-terminate_arg-helper.patch - * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch - * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch - * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch -- Fix CVE-2021-20233 (bsc#1182263) - * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch -- Fix CVE-2020-25647 (bsc#1177883) - * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch -- Fix CVE-2020-25632 (bsc#1176711) - * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch -- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) - * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch - * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch - * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch - * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch - * 0005-efi-Add-secure-boot-detection.patch - * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch - * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch - * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch - * 0009-kern-Add-lockdown-support.patch - * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch - * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch - * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch - * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch - * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch - * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch - * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch - * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch - * 0018-gdb-Restrict-GDB-access-when-locked-down.patch - * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch - * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch - * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch - * 0042-squash-grub2-efi-chainload-harder.patch - * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch - * 0044-squash-kern-Add-lockdown-support.patch - * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch - * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch -- Drop patch supersceded by the new backport - * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch - * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch - * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch -- Add SBAT metadata section to grub.efi -- Drop shim_lock module as it is part of core of grub.efi - * grub2.spec - Old: 0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch 0004-efi-Add-a-
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-03-05 13:45:52
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2378 (New)
Package is "grub2"
Fri Mar 5 13:45:52 2021 rev:235 rq:876987 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-03-03
18:33:41.319326009 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2378/grub2.changes2021-03-05
13:47:06.751722342 +0100
@@ -1,0 +2,6 @@
+Fri Mar 5 09:41:07 UTC 2021 - Michael Chang
+
+- Fix chainloading windows on dual boot machine (bsc#1183073)
+ * 0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch
+
+---
New:
0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.oyImfa/_old 2021-03-05 13:47:09.079724458 +0100
+++ /var/tmp/diff_new_pack.oyImfa/_new 2021-03-05 13:47:09.079724458 +0100
@@ -390,6 +390,7 @@
Patch784: 0044-squash-kern-Add-lockdown-support.patch
Patch785: 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
+Patch787: 0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -769,6 +770,7 @@
%patch784 -p1
%patch785 -p1
%patch786 -p1
+%patch787 -p1
%build
# collect evidence to debug spurious build failure on SLE15
++ 0001-Add-chainloaded-image-as-shim-s-verifiable-object.patch ++
>From eaed36ac87c3f8edeea67bf333700819e80ac732 Mon Sep 17 00:00:00 2001
From: Michael Chang
Date: Fri, 5 Mar 2021 17:33:17 +0800
Subject: [PATCH] Add chainloaded image as shim's verifiable object
This fixed error in dual booting Microsoft Windows
error ../../grub-core/kern/verifiers.c:119:verification requested but
nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi.
---
grub-core/kern/efi/sb.c | 1 +
grub-core/kern/lockdown.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 41dadcd14..96d237722 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -129,6 +129,7 @@ shim_lock_verifier_init (grub_file_t io __attribute__
((unused)),
case GRUB_FILE_TYPE_BSD_KERNEL:
case GRUB_FILE_TYPE_XNU_KERNEL:
case GRUB_FILE_TYPE_PLAN9_KERNEL:
+case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
*flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
/* Fall through. */
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
index 0bc70fd42..e1fd1c1e2 100644
--- a/grub-core/kern/lockdown.c
+++ b/grub-core/kern/lockdown.c
@@ -48,7 +48,6 @@ lockdown_verifier_init (grub_file_t io __attribute__
((unused)),
case GRUB_FILE_TYPE_PXECHAINLOADER:
case GRUB_FILE_TYPE_PCCHAINLOADER:
case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER:
-case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
case GRUB_FILE_TYPE_ACPI_TABLE:
case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
*flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
--
2.26.2
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-02-23 20:18:02
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.2378 (New)
Package is "grub2"
Tue Feb 23 20:18:02 2021 rev:233 rq:874453 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2021-02-07
15:13:54.721379579 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.2378/grub2.changes2021-02-23
20:19:43.263619427 +0100
@@ -1,0 +2,16 @@
+Mon Feb 22 12:49:48 UTC 2021 - Michael Chang
+
+- Fix build error in binutils 2.36 (bsc#1181741)
+ * 0001-Fix-build-error-in-binutils-2.36.patch
+- Fix executable stack in grub-emu (bsc#1181696)
+ * 0001-emu-fix-executable-stack-marking.patch
+
+---
+Thu Feb 18 05:21:29 UTC 2021 - Michael Chang
+
+- Restore compatibilty sym-links
+ * grub2.spec
+- Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044)
+ * grub2.rpmlintrc
+
+---
New:
0001-Fix-build-error-in-binutils-2.36.patch
0001-emu-fix-executable-stack-marking.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.73QH9m/_old 2021-02-23 20:19:45.427621341 +0100
+++ /var/tmp/diff_new_pack.73QH9m/_new 2021-02-23 20:19:45.431621344 +0100
@@ -346,6 +346,8 @@
Patch736: 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
Patch738: 0009-squash-Add-support-for-linuxefi.patch
+Patch739: 0001-Fix-build-error-in-binutils-2.36.patch
+Patch740: 0001-emu-fix-executable-stack-marking.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -468,10 +470,6 @@
%endif
Provides: %{name}-efi = %{version}-%{release}
Obsoletes: %{name}-efi < %{version}-%{release}
-%ifarch x86_64
-Conflicts: python2-kiwi < 9.17.12
-Conflicts: python3-kiwi < 9.17.12
-%endif
%description %{grubefiarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -504,7 +502,6 @@
Provides: %{name}-xen = %{version}-%{release}
Obsoletes: %{name}-xen < %{version}-%{release}
BuildArch: noarch
-Conflicts: xen < 4.12.0_03
%description %{grubxenarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -685,6 +682,8 @@
%patch736 -p1
%patch737 -p1
%patch738 -p1
+%patch739 -p1
+%patch740 -p1
%build
# collect evidence to debug spurious build failure on SLE15
@@ -866,6 +865,14 @@
cd build-xen
%make_install
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarch}/.
+# provide compatibility sym-link for VM definitions pointing to old location
+install -d %{buildroot}%{_libdir}/%{name}/%{grubxenarch}
+ln -srf %{buildroot}%{_datadir}/%{name}/%{grubxenarch}/grub.xen
%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/grub.xen
+cat <<-EoM >%{buildroot}%{_libdir}/%{name}/%{grubxenarch}/DEPRECATED
+ This directory and its contents was moved to
%{_datadir}/%{name}/%{grubxenarch}.
+ Individual symbolic links are provided for a smooth transition.
+ Please update your VM definition files to use the new location!
+EoM
cd ..
%endif
@@ -883,6 +890,16 @@
%define sysefidir %{sysefibasedir}/%{_target_cpu}
install -d %{buildroot}/%{sysefidir}
ln -sr %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi
%{buildroot}%{sysefidir}/grub.efi
+%ifarch x86_64
+# provide compatibility sym-link for previous shim-install and the like
+install -d %{buildroot}/usr/lib64/efi
+ln -srf %{buildroot}/%{_datadir}/%{name}/%{grubefiarch}/grub.efi
%{buildroot}/usr/lib64/efi/grub.efi
+cat <<-EoM >%{buildroot}/usr/lib64/efi/DEPRECATED
+ This directory and its contents was moved to %{_datadir}/efi/x86_64.
+ Individual symbolic links are provided for a smooth transition and
+ may vanish at any point in time. Please use the new location!
+EoM
+%endif
%ifarch x86_64 aarch64
%if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
@@ -1310,6 +1327,12 @@
%dir %{sysefidir}
%{sysefidir}/grub.efi
%if 0%{?suse_version} < 1600
+%ifarch x86_64
+# provide compatibility sym-link for previous shim-install and kiwi
+%dir /usr/lib64/efi
+/usr/lib64/efi/DEPRECATED
+/usr/lib64/efi/grub.efi
+%endif
%endif
%ifarch x86_64 aarch64
@@ -1338,6 +1361,9 @@
%defattr(-,root,root,-)
%dir %{_datadir}/%{name}/%{grubxenarch}
%{_datadir}/%{name}/%{grubxenarch}/*
+# provide compatibility sym-link for VM definitions pointing to old location
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/%{grubx
commit grub2 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2021-02-07 15:13:52
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.28504 (New)
Package is "grub2"
Sun Feb 7 15:13:52 2021 rev:232 rq:868322 version:2.04
Changes:
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2020-11-05
21:53:10.404419783 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.28504/grub2.changes 2021-02-07
15:13:54.721379579 +0100
@@ -1,0 +2,23 @@
+Wed Jan 27 04:13:32 UTC 2021 - Michael Chang
+
+- Complete Secure Boot support on aarch64 (jsc#SLE-15020)
+ * 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
+ * 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
+ * 0003-Make-grub_error-more-verbose.patch
+ * 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+ * 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
+ * 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
+ * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
+ * 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
+ * 0009-squash-Add-support-for-linuxefi.patch
+
+---
+Thu Jan 21 07:59:39 UTC 2021 - Michael Chang
+
+- Fix rpmlint 2.0 error for having arch specific path in noarch package aiming
+ for compatibility with old package (bsc#1179044)
+ * grub2.spec
+- Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091)
+ * grub2-check-default.sh
+
+---
New:
0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
0003-Make-grub_error-more-verbose.patch
0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
0009-squash-Add-support-for-linuxefi.patch
Other differences:
--
++ grub2.spec ++
--- /var/tmp/diff_new_pack.DGEa6R/_old 2021-02-07 15:13:56.677381670 +0100
+++ /var/tmp/diff_new_pack.DGEa6R/_new 2021-02-07 15:13:56.681381675 +0100
@@ -1,7 +1,7 @@
#
# spec file for package grub2
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -336,6 +336,16 @@
# (bsc#1176062)
Patch722: 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
Patch723: 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
+# Secure Boot support in GRUB on aarch64 (jsc#SLE-15864)
+Patch730: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
+Patch731: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
+Patch732: 0003-Make-grub_error-more-verbose.patch
+Patch733: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+Patch734: 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
+Patch735: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
+Patch736: 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
+Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
+Patch738: 0009-squash-Add-support-for-linuxefi.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140
@@ -458,6 +468,10 @@
%endif
Provides: %{name}-efi = %{version}-%{release}
Obsoletes: %{name}-efi < %{version}-%{release}
+%ifarch x86_64
+Conflicts: python2-kiwi < 9.17.12
+Conflicts: python3-kiwi < 9.17.12
+%endif
%description %{grubefiarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -490,6 +504,7 @@
Provides: %{name}-xen = %{version}-%{release}
Obsoletes: %{name}-xen < %{version}-%{release}
BuildArch: noarch
+Conflicts: xen < 4.12.0_03
%description %{grubxenarch}
The GRand Unified Bootloader (GRUB) is a highly configurable and customizable
@@ -661,6 +676,15 @@
%patch721 -p1
%patch722 -p1
%patch723 -p1
+%patch730 -p1
+%patch731 -p1
+%patch732 -p1
+%patch733 -p1
+%patch734 -p1
+%patch735 -p1
+%patch736 -p1
+%patch737 -p1
+%patch738 -p1
%build
# collect evidence to debug spurious build failure on SLE15
@@ -842,14 +866,6 @@
cd build-xen
%make_install
install -m 644 grub.xen %{buildroot}/%{_datadir}/%{name}/%{grubxenarc
