Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: grub2-snapper-plugin | Distribution: openSUSE Tumbleweed |
Version: 2.12 | Vendor: openSUSE |
Release: 65.1 | Build date: Fri Sep 26 09:53:25 2025 |
Group: System/Fhs | Build host: reproducible |
Size: 8280 | Source RPM: grub2-2.12-65.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: http://www.gnu.org/software/grub/ | |
Summary: Grub2's snapper plugin |
Grub2's snapper plugin for advanced btrfs snapshot boot menu management
GPL-3.0-or-later
* Fri Sep 26 2025 Radoslav Kolev <radoslav.kolev@suse.com> - make grub plugin compatible with snapper's plugin API (bsc#1246172) - clean up some unused code * Tue Sep 23 2025 Steffen Winterfeldt <snwint@suse.com> - turn off page flipping for i386-pc using VBE video backend (bsc#1245636) * grub2-i386-pc-no-pageflipping.patch * Mon Sep 22 2025 Michael Chang <mchang@suse.com> - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) * 0001-term-ns8250-spcr-Return-if-redirection-is-disabled.patch * Tue Sep 09 2025 Danilo Spinella <danilo.spinella@suse.com> - Add support for `LoaderEntryDefault` EFI variable * grub2-bls-loader-entry-default.patch * Tue Sep 02 2025 Gary Ching-Pang Lin <glin@suse.com> - Optimize PBKDF2 to reduce the decryption time * 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch * Mon Aug 11 2025 Michael Chang <mchang@suse.com> - UEFI NX support and NX Linux loader using shim loader protocol (bsc#1205588) (jsc#PED-13361) * 0001-modules-Make-.module_license-read-only.patch * 0002-modules-Strip-.llvm_addrsig-sections-and-similar.patch * 0003-modules-Don-t-allocate-space-for-non-allocable-secti.patch * 0004-modules-Load-module-sections-at-page-aligned-address.patch * 0005-nx-Add-memory-attribute-get-set-API.patch * 0006-nx-Set-page-permissions-for-loaded-modules.patch * 0007-nx-Set-the-NX-compatible-flag-for-the-GRUB-EFI-image.patch * 0008-efi-Provide-wrappers-for-load_image-start_image-and-.patch * 0009-efi-sb-Add-support-for-the-shim-loader-protocol.patch * 0010-efi-sb-Add-API-for-retrieving-shim-loader-image-hand.patch * 0011-loader-efi-chainloader-Use-shim-loader-image-handle-.patch * 0012-loader-efi-linux-Use-shim-loader-image-handle-where-.patch * 0013-nx-Rename-GRUB_DL_ALIGN-to-DL_ALIGN.patch - Fallback for legacy shim lock protocol while secure boot is enabled * 0001-linux-fallback-to-EFI-handover-on-x86_64.patch * 0002-linux-fallback-to-direct-PE-entry-boot-on-arm64.patch * 0003-efi-chainloader-fallback-to-direct-image-execution.patch * 0004-efi-chainloader-fix-missing-file_path-in-loaded_imag.patch - Removed patch * 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch * Thu Aug 07 2025 Michael Chang <mchang@suse.com> - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) * 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch * Mon Aug 04 2025 Michael Chang <mchang@suse.com> - Skip mount point in grub_find_device function (bsc#1246231) * 0001-getroot-Skip-mount-points-in-grub_find_device.patch * Fri Jul 25 2025 Gary Ching-Pang Lin <glin@suse.com> - Fix CVE-2024-56738: side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) * grub2-constant-time-grub_crypto_memcmp.patch * Wed Jul 16 2025 Michael Chang <mchang@suse.com> - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157) (bsc#1246237) * 0001-test-Fix-f-test-on-files-over-network.patch * 0002-http-Return-HTTP-status-code-in-http_establish.patch * 0003-docs-Clarify-test-for-files-on-TFTP-and-HTTP.patch * 0004-tftp-Fix-hang-when-file-is-a-directory.patch * Fri Jul 11 2025 Michael Chang <mchang@suse.com> - Enable loongarch64 build (bsc#1234248) * Tue Jul 08 2025 Gary Ching-Pang Lin <glin@suse.com> - Backport upstream disk password retry (bsc#1245545) * 0001-disk-cryptodisk-Allow-user-to-retry-failed-passphras.patch * Fri Jun 06 2025 Danilo Spinella <danilo.spinella@suse.com> - Fix bls_bumpcounter breaking FDE (bsc#1243842) * grub2-blsbumpcounter-menu.patch * Thu May 29 2025 Michael Chang <mchang@suse.com> - Use /etc/SUSE-brand to display OS label (bsc#1239169) * 0001-mkconfig-Determine-GRUB_DISTRIBUTOR-from-etc-SUSE-br.patch * Sun May 25 2025 Danilo Spinella <danilo.spinella@suse.com> - Add support for LoaderEntryOneshot * grub2-bls-loader-entry-oneshot.patch * Tue May 20 2025 Michael Chang <mchang@suse.com> - Fix product name missing in snapshot list (bsc#1243162) * grub2-snapper-plugin.sh * Tue May 20 2025 Michael Chang <mchang@suse.com> - Fix incorrect nvme disks and boot order in bootlist output (bsc#1237174) * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch * Mon May 05 2025 Michael Chang <mchang@suse.com> - Fix CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971) * 0001-kern-rescue_reader-Block-the-rescue-mode-until-the-C.patch * 0002-commands-search-Introduce-the-cryptodisk-only-argume.patch * 0003-disk-diskfilter-Introduce-the-cryptocheck-command.patch * 0004-commands-search-Add-the-diskfilter-support.patch * 0005-docs-Document-available-crypto-disks-checks.patch * 0006-disk-cryptodisk-Add-the-erase-secrets-function.patch * 0007-disk-cryptodisk-Wipe-the-passphrase-from-memory.patch * 0008-cryptocheck-Add-quiet-option.patch - patch rebased * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * 0004-Key-revocation-on-out-of-bound-file-access.patch - patch refrehed * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch * Fri Apr 25 2025 Andreas Stieger <andreas.stieger@gmx.de> - grub2-common: use fuse3 * Wed Apr 23 2025 Danilo Spinella <danilo.spinella@suse.com> - Add support for boot assessment, needed by health-checker * grub2-bls-boot-counting.patch * grub2-bls-boot-assessment.patch * grub2-bls-boot-show-snapshot.patch * grub2-blscfg-fix-hang.patch * grub2-blscfg-set-efivars.patch * Wed Apr 23 2025 Michael Chang <mchang@suse.com> - Fix reading bls fragments in file-system dependent order that is not predictable (bsc#1241046) * 0001-blscfg-read-fragments-in-order.patch * Wed Apr 23 2025 Michael Chang <mchang@suse.com> - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch * Sun Apr 13 2025 Friedrich Haubensak <hsk17@mail.de> - add grub2-string-initializer.patch, part of upstream gnulib patch, to fix gcc15 compile time error (bsc#1239884) * Fri Apr 11 2025 Gary Ching-Pang Lin <glin@suse.com> - Measure the envblk used by pre_loadenv * 0001-prep_loadenv-Measure-the-environment-block-into-PCR-.patch - Enable PowerPC 64 support for tss2 and tpm2_key_protector * 0001-tpm2_key_protector-Add-grub-emu-support.patch * 0001-tss2-Adjust-bit-fields-for-big-endian-targets.patch * 0002-term-ieee1275-serial-Cast-0-to-proper-type.patch * 0003-ieee1275-Consolidate-repeated-definitions-of-IEEE127.patch * 0004-ieee1275-ibmvpm-Move-TPM-initialization-functions-to.patch * 0005-ieee1275-tcg2-Refactor-grub_ieee1275_tpm_init.patch * 0006-ieee1275-tcg2-Add-TCG2-driver-for-ieee1275-PowerPC-f.patch * 0007-tpm2_key_protector-Enable-build-for-powerpc_ieee1275.patch - Dump PCRs when TPM unsealing fails * 0001-tpm2_key_protector-Dump-PCRs-on-policy-fail.patch * 0002-tpm2_key_protector-Add-tpm2_dump_pcr-command.patch - Add 'NV index' handle support to tpm2_key_protector * 0003-tss2-Fix-the-missing-authCommand.patch * 0004-tss2-Add-TPM-2.0-NV-index-commands.patch * 0005-tpm2_key_protector-Unseal-key-from-a-buffer.patch * 0006-tpm2_key_protector-Support-NV-index-handles.patch * 0007-util-grub-protect-Support-NV-index-mode.patch * Tue Apr 01 2025 Thomas Zimmermann <tzimmermann@suse.com> - Add grub2-provide-edid.patch: Grub2 already retrieves the EDID from video adapters. Copy the raw data into the Linux kernel boot parameters, so that Linux can use this information. The necessary fields have been present in the boot parameters since at least commit f8eeaaf41803 ("[PATCH] Make the bzImage format self-terminating"), but never used. Within the kernel, the EDID data will be propagated to graphics drivers and finally to user space. (bsc#1240624) * Thu Mar 27 2025 Michael Chang <mchang@suse.com> - Fix grub-bls has broken builtin theme for SLE (bsc#1240090) * Fri Mar 21 2025 Gary Ching-Pang Lin <glin@suse.com> - Filter out the non-subvolume btrfs mount points when creating the relative path (bsc#1239674) * grub2-btrfs-filter-non-subvol-mount.patch * Mon Mar 17 2025 Michael Chang <mchang@suse.com> - Refresh PPC NVMEoF ofpath related patches to newer revision * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch - Patch refreshed * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch - Patch obseleted * 0004-ofpath-controller-name-update.patch * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) * 0001-ofpath-Add-error-check-in-NVMEoF-device-translation.patch * Thu Mar 13 2025 Gary Ching-Pang Lin <glin@suse.com> - Update the patch to fix "SRK not matched" errors when unsealing the key (bsc#1232411) (bsc#1247242) * 0001-tpm2-Add-extra-RSA-SRK-types.patch * Tue Mar 11 2025 Michael Chang <mchang@suse.com> - Update patches for Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) * 0001-ieee1275-adding-failure-check-condition-on-ibm-secur.patch * 0002-ieee1275-Platform-Keystore-PKS-Support.patch * 0003-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0004-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0005-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0006-powerpc_ieee1275-set-use_static_keys-flag.patch * 0007-appendedsig-Reads-the-default-DB-keys-from-ELF-Note.patch * 0008-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0009-appendedsig-documentation.patch - Remove patches * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch * Fri Mar 07 2025 Michael Chang <mchang@suse.com> - Pass through PAES cipher as AES on s390x-emu (jsc#PED-10950) * 0001-s390x-emu-Pass-through-PAES-cipher-as-AES.patch * Fri Mar 07 2025 Michael Chang <mchang@suse.com> - Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865) * 0001-autofs-Ignore-zfs-not-found.patch * Mon Mar 03 2025 Michael Chang <mchang@suse.com> - Cherry-pick upstream XFS fixes * 0001-fs-xfs-Add-new-superblock-features-added-in-Linux-6..patch * 0002-fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case.patch - Fix "attempt to read of write outside of partition" error message (bsc#1237844) * 0003-fs-xfs-fix-large-extent-counters-incompat-feature-su.patch * Tue Feb 25 2025 Michael Chang <mchang@suse.com> - Make SLFO/SLE-16 and openSUSE have identical package structures - Provide grub2-<CPUARCH>-efi-bls for SLFO/SLE-16 * Wed Feb 19 2025 Michael Chang <mchang@suse.com> - Fix grub-bls does not rollback via setting new default (bsc#1237198) * 0001-bls-Accept-.conf-suffix-in-setting-default-entry.patch * Fri Feb 14 2025 Michael Chang <mchang@suse.com> - Security fixes for 2024 * 0001-misc-Implement-grub_strlcpy.patch - Fix CVE-2024-45781 (bsc#1233617) * 0002-fs-ufs-Fix-a-heap-OOB-write.patch - Fix CVE-2024-56737 (bsc#1234958) - Fix CVE-2024-45782 (bsc#1233615) * 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch - Fix CVE-2024-45780 (bsc#1233614) * 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch - Fix CVE-2024-45783 (bsc#1233616) * 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch * 0006-kern-file-Ensure-file-data-is-set.patch * 0007-kern-file-Implement-filesystem-reference-counting.patch - Fix CVE-2025-0624 (bsc#1236316) * 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch - Fix CVE-2024-45774 (bsc#1233609) * 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch - Fix CVE-2024-45775 (bsc#1233610) * 0010-commands-extcmd-Missing-check-for-failed-allocation.patch - Fix CVE-2025-0622 (bsc#1236317) * 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch - Fix CVE-2025-0622 (bsc#1236317) * 0012-normal-Remove-variables-hooks-on-module-unload.patch - Fix CVE-2025-0622 (bsc#1236317) * 0013-gettext-Remove-variables-hooks-on-module-unload.patch - Fix CVE-2024-45776 (bsc#1233612) * 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch - Fix CVE-2024-45777 (bsc#1233613) * 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch - Fix CVE-2025-0690 (bsc#1237012) * 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch - Fix CVE-2025-1118 (bsc#1237013) * 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch - Fix CVE-2024-45778 (bsc#1233606) - Fix CVE-2024-45779 (bsc#1233608) * 0018-fs-bfs-Disable-under-lockdown.patch - Fix CVE-2025-0677 (bsc#1237002) - Fix CVE-2025-0684 (bsc#1237008) - Fix CVE-2025-0685 (bsc#1237009) - Fix CVE-2025-0686 (bsc#1237010) - Fix CVE-2025-0689 (bsc#1237011) * 0019-fs-Disable-many-filesystems-under-lockdown.patch - Fix CVE-2025-1125 (bsc#1237014) - Fix CVE-2025-0678 (bsc#1237006) * 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch - Updated to upstream version * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch - Bump upstream SBAT generation to 5 * Thu Feb 13 2025 Michael Chang <mchang@suse.com> - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744) * 0001-powerpc-increase-MIN-RMA-size-for-CAS-negotiation.patch * Sun Dec 08 2024 Michael Chang <mchang@suse.com> - Update PowerPC SBAT patches to upstream (bsc#1233730) * 0007-grub-mkimage-Create-new-ELF-note-for-SBAT.patch * 0008-grub-mkimage-Add-SBAT-metadata-into-ELF-note-for-Pow.patch - Replaced patches * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch * Fri Dec 06 2024 Michael Chang <mchang@suse.com> - Fix missing requires in SLE package (bsc#1234264) (bsc#1234272) * Tue Dec 03 2024 Gary Ching-Pang Lin <glin@suse.com> - Update the TPM2 patches to the upstream final version * Update 0001-key_protector-Add-key-protectors-framework.patch * Replace 0002-tpm2-Add-TPM-Software-Stack-TSS.patch with grub2-add-tss2-support.patch * Replace 0003-key_protector-Add-TPM2-Key-Protector.patch with 0001-key_protector-Add-TPM2-Key-Protector.patch * Replace 0005-util-grub-protect-Add-new-tool.patch with 0001-util-grub-protect-Add-new-tool.patch * Replace 0001-tpm2-Implement-NV-index.patch with 0001-tpm2_key_protector-Implement-NV-index.patch * Replace 0001-tpm2-Support-authorized-policy.patch with 0001-tpm2_key_protector-Support-authorized-policy.patch - Refresh the TPM2 related patches * grub-read-pcr.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch * safe_tpm_pcr_snapshot.patch * tpm-record-pcrs.patch * Fri Nov 29 2024 Gary Ching-Pang Lin <glin@suse.com> - Support s390x Secure Execution (jsc#PED-9531) * grub2-s390x-secure-execution-support.patch - Update grub2-s390x-set-hostonly.patch to add the patch header and the description * Wed Nov 13 2024 Michael Chang <mchang@suse.com> - Revert the patches related to BLS support in grub2-mkconfig, as they are not relevant to the current BLS integration and cause issues in older KIWI versions, which actively force it to be enabled by default (bsc#1233196) * 0002-Add-BLS-support-to-grub-mkconfig.patch * 0003-Add-grub2-switch-to-blscfg.patch * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0008-blscfg-reading-bls-fragments-if-boot-present.patch * 0009-10_linux-Some-refinement-for-BLS.patch * 0001-10_linux-Do-not-enable-BLSCFG-on-s390-emu.patch * Fri Nov 08 2024 Michael Chang <mchang@suse.com> - Fix previous change as the variable has to be set earlier * 0001-10_linux-Do-not-enable-BLSCFG-on-s390-emu.patch * Fri Nov 08 2024 Michael Chang <mchang@suse.com> - Do not enable blscfg on s390-emu * 0001-10_linux-Do-not-enable-BLSCFG-on-s390-emu.patch * Wed Nov 06 2024 Michael Chang <mchang@suse.com> - Fix xen package contains debug_info files with the .module suffix by moving them to a separate xen-debug subpackage (bsc#1232573) * Fri Nov 01 2024 Michael Chang <mchang@suse.com> - Fix grub.cfg is loaded from an unexpected fallback directory instead of the root directory during PXE boot when grub is loaded from the tftp root directory (bsc#1232391) * 0001-kern-main-Fix-cmdpath-in-root-directory.patch * grub2.spec: Refine PPC grub.elf early config to derive root from cmdpath directly, avoiding the unneeded search * Wed Oct 30 2024 Michael Chang <mchang@suse.com> - Fix CVE-2024-49504 (bsc#1229163) (bsc#1229164) - Restrict CLI access if the encrypted root device is automatically unlocked by the TPM. LUKS password authentication is required for access to be granted * 0001-cli_lock-Add-build-option-to-block-command-line-inte.patch * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch - Obsolete, as CLI access is now locked and granted access no longer requires the previous restrictions * 0002-Restrict-file-access-on-cryptodisk-print.patch * 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch - Rediff * 0004-Key-revocation-on-out-of-bound-file-access.patch * Wed Oct 30 2024 Michael Chang <mchang@suse.com> - Enable support of Radix, Xive and Radix_gtse on Power (jsc#PED-9881) * 0001-kern-ieee1275-init-Add-IEEE-1275-Radix-support-for-K.patch * Wed Oct 23 2024 Michael Chang <mchang@suse.com> - Fix error: /boot/grub2/x86_64-efi/bli.mod not found (bsc#1231591) * Tue Oct 22 2024 Michael Chang <mchang@suse.com> - Keep grub packaging and dependencies in the SLE-12 and SLE-15 builds * Fri Oct 18 2024 Michael Chang <mchang@suse.com> - Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch * grub2.spec : Building signed grub.elf with SBAT metadata - Support for NVMe multipath splitter (jsc#PED-10538) * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch - Deleted path (jsc#PED-10538) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch * Wed Oct 16 2024 Michael Chang <mchang@suse.com> - Fix not a directory error from the minix filesystem, as leftover data on disk may contain its magic header so it gets misdetected (bsc#1231604) * grub2-install-fix-not-a-directory-error.patch * Fri Oct 04 2024 Michael Chang <mchang@suse.com> - Fix missng menu entry "Start bootloader from a read-only snapshot" by ensuring grub2-snapper-plugin is installed when both snapper and grub2-common are installed (bsc#1231271) * Fri Oct 04 2024 Michael Chang <mchang@suse.com> - Fix OOM error in loading loopback file (bsc#1230840) * 0001-tpm-Skip-loopback-image-measurement.patch * Fri Oct 04 2024 Michael Chang <mchang@suse.com> - Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263) * 0001-efinet-Skip-virtual-VLAN-devices-during-card-enumera.patch * Thu Oct 03 2024 Michael Chang <mchang@suse.com> - Fix grub screen is filled with artifects from earlier post menu (bsc#1224465) * grub2-SUSE-Add-the-t-hotkey.patch * 0001-fix-grub-screen-filled-with-post-screen-artifects.patch * Tue Aug 13 2024 Michael Chang <mchang@suse.com> - Introduces a new package, grub2-x86_64-efi-bls, which includes a straightforward grubbls.efi file. This file can be copied to the EFI System Partition (ESP) along with boot fragments in the Boot Loader Specification (BLS) format * 0001-Streamline-BLS-and-improve-PCR-stability.patch - Fix crash in bli module (bsc#1226497) * 0001-bli-Fix-crash-in-get_part_uuid.patch * Tue Aug 13 2024 Michael Chang <mchang@suse.com> - Rework package dependencies: grub2-common now includes common userland utilities and is required by grub2 platform packages. grub2 is now a meta package that pulls in the default platform package. * Fri Aug 02 2024 Michael Chang <mchang@suse.com> - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) * grub2-btrfs-06-subvol-mount.patch - Rediff * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch * Fri Aug 02 2024 Gary Ching-Pang Lin <glin@suse.com> - Switch to '--no-hostonly' when creating the ZIPL initrd in the KIWI build environment to avoid some potential issues due to the missing modules * grub2-s390x-set-hostonly.patch * Fri Jul 19 2024 Michael Chang <mchang@suse.com> - Fix error in grub-install when root is on tmpfs (bsc#1226100) * 0001-grub-install-bailout-root-device-probing.patch - Fix incorrect Platform tag in rpm header (bsc#1217967) * Fri Jul 05 2024 Michael Chang <mchang@suse.com> - Fix error if dash shell script is used (bsc#1226453) * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0009-10_linux-Some-refinement-for-BLS.patch - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) * 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch * Fri Jun 07 2024 Michael Chang <mchang@suse.com> - Add blscfg support * 0001-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch * 0002-Add-BLS-support-to-grub-mkconfig.patch * 0003-Add-grub2-switch-to-blscfg.patch * 0004-blscfg-Don-t-root-device-in-emu-builds.patch * 0005-blscfg-check-for-mounted-boot-in-emu.patch * 0006-Follow-the-device-where-blscfg-is-discovered.patch * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0008-blscfg-reading-bls-fragments-if-boot-present.patch * 0009-10_linux-Some-refinement-for-BLS.patch * Mon May 20 2024 Gary Ching-Pang Lin <glin@suse.com> - Only enable grub-protect for EFI systems * 0001-util-enable-grub-protect-only-for-EFI-systems.patch * Wed May 15 2024 Gary Ching-Pang Lin <glin@suse.com> - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect * Wed May 15 2024 Michael Chang <mchang@suse.com> - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch * Thu May 02 2024 Michael Chang <mchang@suse.com> - Fix gcc error with CFLAGS=-Og * grub2-grubenv-in-btrfs-header.patch * Fri Apr 19 2024 Giacomo Comes <gcomes.obs@gmail.com> - remove deprecated file 20_memtest86+ * a similar file is provided by the package memtest86+ * Thu Apr 11 2024 Gary Ching-Pang Lin <glin@suse.com> - Fix the compatibility issue with bash-completion 2.12 (bsc#1221849) * 0001-util-bash-completion-Fix-for-bash-completion-2.12.patch * Fri Mar 29 2024 Michael Chang <mchang@suse.com> - Fix os name is used for root file system mount (bsc#1220949) * 0001-10_linux-Ensure-persistence-of-root-file-system-moun.patch * Wed Mar 27 2024 Michael Chang <mchang@suse.com> - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) * 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch * Mon Mar 25 2024 Michael Chang <mchang@suse.com> - Correct the erroneous sequence in determining GRUB_FS and GRUB_DEVICE (bsc#1221904) * grub2-pass-corret-root-for-nfsroot.patch * Fri Mar 22 2024 Michael Chang <mchang@suse.com> - Fix memdisk becomes the default boot entry, resolving no graphic display device error in guest vnc console (bsc#1221779) * grub2-xen-pv-firmware.cfg * Wed Mar 20 2024 Michael Chang <mchang@suse.com> - Cleanup spec file to adhere to update-bootloader-rpm-macros definition entirely (bsc#1218241) * Tue Mar 19 2024 Gary Ching-Pang Lin <glin@suse.com> - Add grub2-bsc1220338-key_protector-implement-the-blocklist.patch to implement a blocklist in the key protector and check the unwanted UEFI variables (bsc#1220338) * Mon Mar 04 2024 Gary Ching-Pang Lin <glin@suse.com> - Update grub2-change-bash-completion-dir.patch to support bash completion correctly (bsc#1218875) - Drop grub2-bash-completion-2.12.patch since the have() function is not used in those scripts anymore * Fri Mar 01 2024 Giacomo Comes <gcomes.obs@gmail.com> - disable the file 20_memtest86+ * added a deprecation note in the header * Thu Feb 29 2024 Dr. Werner Fink <werner@suse.de> - Add patch grub2-bash-completion-2.12.patch The shell function have() had become deprecated with 2.11 and had been removed from 2.12 which is now providing the shell function _comp_have_command() (boo#1220626) * Thu Feb 22 2024 Michael Chang <mchang@suse.com> - Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg (bsc#1219248) (bsc#1181762) * grub2-xen-pv-firmware.cfg * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch * Sat Feb 17 2024 Michael Chang <mchang@suse.com> - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch * add 0002-ofdisk-add-early_log-support.patch * Wed Feb 07 2024 Bernhard Wiedemann <bwiedemann@suse.com> - Sort tar file order for reproducible builds * Tue Feb 06 2024 Michael Chang <mchang@suse.com> - Fix build error on gcc-14 (bsc#1218949) * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch * Mon Jan 29 2024 Michael Chang <mchang@suse.com> - Remove magic number header field check on arm64 (bsc#1218783) * 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch * Tue Jan 23 2024 Michael Chang <mchang@suse.com> - Reinstate the verification for a non-zero total entry count to skip unmapped data blocks (bsc#1218864) * 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch - Removed temporary fix as reverting it will cause a different XFS parser bug * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch * Sat Jan 20 2024 Giacomo Comes <gcomes.obs@gmail.com> - allow to boot memtest86 if stored in /usr/lib/memtest86+ * SR#1071109 can then work * Wed Jan 17 2024 Michael Chang <mchang@suse.com> - Resolved XFS regression leading to the "not a correct XFS inode" error by temporarily reverting the problematic commit (bsc#1218864) * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch * Wed Jan 10 2024 Michael Chang <mchang@suse.com> - Version bump to 2.12 (PED-5589) * Added: - grub-2.12.tar.xz - fix_no_extra_deps_in_release_tarball.patch * Removed: - grub-2.12~rc1.tar.xz * Patch dropped as it merged into new version: - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch - 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch - 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch - 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch - 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch - 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch - 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch - 0006-fs-ntfs-Make-code-more-readable.patch - 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch - 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch - 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch - 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch - 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch - 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch * Patch adjusted for the updated base version: - use-grub2-as-a-package-name.patch - grub2-s390x-04-grub2-install.patch - grub2-btrfs-04-grub2-install.patch - grub2-ppc64le-disable-video.patch - 0002-AUDIT-0-http-boot-tracker-bug.patch - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch - 0016-grub-install-support-embedding-x509-certificates.patch - 0021-appended-signatures-documentation.patch - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch - safe_tpm_pcr_snapshot.patch * Wed Jan 03 2024 Michael Chang <mchang@suse.com> - grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot installation when secure boot is enabled (bsc#1217761) - Improved check for disk device when looking for PReP partition * 0004-Introduce-prep_load_env-command.patch * Thu Nov 30 2023 Michael Chang <mchang@suse.com> - Fix reproducible build for grub.xen (bsc#1217619) * 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch * 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch * Wed Nov 22 2023 Michael Chang <mchang@suse.com> - Fix unattended boot with TPM2 allows downgrading kernel and rootfs, also enhancing the overall security posture (bsc#1216680) * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * 0002-Restrict-file-access-on-cryptodisk-print.patch * 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch * 0004-Key-revocation-on-out-of-bound-file-access.patch * Tue Nov 21 2023 Michael Chang <mchang@suse.com> - grub2.spec: Fix openQA test failure in SLE-15-SP6 due to missing font in memdisk * Thu Nov 16 2023 Gary Ching-Pang Lin <glin@suse.com> - Update the TPM2 patches to skip the persistent SRK handle if not specified and improve the error messages + 0003-protectors-Add-TPM2-Key-Protector.patch + 0005-util-grub-protect-Add-new-tool.patch + 0004-tpm2-Support-authorized-policy.patch * Tue Nov 14 2023 Michael Chang <mchang@suse.com> - Fix XFS regression in 2.12~rc1 and support large extent counters * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch * Mon Oct 30 2023 Michael Chang <mchang@suse.com> - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch * Thu Oct 26 2023 Gary Ching-Pang Lin <glin@suse.com> - Fix a potential error when appending multiple keys into the synthesized initrd * Fix-the-size-calculation-for-the-synthesized-initrd.patch * Wed Oct 25 2023 Michael Chang <mchang@suse.com> - Fix Xen chainloding error of no matching file path found (bsc#1216081) * grub2-efi-chainload-harder.patch * Mon Oct 23 2023 Michael Chang <mchang@suse.com> - Use grub-tpm2 token to unlock keyslots to make the unsealing process more efficient and secure. * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch * Mon Oct 16 2023 Michael Chang <mchang@suse.com> - Fix detection of encrypted disk's uuid in powerpc to cope with logical disks when signed image installation is specified (bsc#1216075) * 0003-grub-install-support-prep-environment-block.patch - grub2.spec: Add support to unlocking multiple encrypted disks in signed grub.elf image for logical disks * Fri Oct 06 2023 Michael Chang <mchang@suse.com> - Fix CVE-2023-4692 (bsc#1215935) - Fix CVE-2023-4693 (bsc#1215936) * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch * 0006-fs-ntfs-Make-code-more-readable.patch - Bump upstream SBAT generation to 4 * Thu Oct 05 2023 Fabian Vogt <fvogt@suse.com> - Add patch to fix reading files from btrfs with "implicit" holes: * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch * Mon Oct 02 2023 Gary Ching-Pang Lin <glin@suse.com> - Update the TPM 2.0 patches to support more RSA and ECC algorithms * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch * 0003-protectors-Add-TPM2-Key-Protector.patch * 0005-util-grub-protect-Add-new-tool.patch * Mon Oct 02 2023 Michael Chang <mchang@suse.com> - Remove build require for gcc-32bit, target platform didn't rely on libgcc function shipped with compiler but rather using functions supplied in grub directly. * Fri Sep 29 2023 Fabian Vogt <fvogt@suse.com> - Add BuildIgnore to break cycle with the branding package * Wed Sep 27 2023 Gary Ching-Pang Lin <glin@suse.com> - Only build with fde-tpm-helper-rpm-macros for the architectures supporting the newer UEFI and TPM 2.0. * Also correct the location of %fde_tpm_update_requires * Wed Sep 20 2023 Michael Chang <mchang@suse.com> - Fix a boot delay regression in PowerPC PXE boot (bsc#1201300) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch * Tue Sep 19 2023 Gary Ching-Pang Lin <glin@suse.com> - Add the new BuildRequires for EFI builds for the better FDE support: fde-tpm-helper-rpm-macros + Also add the the macros to %post and %posttrans * Mon Sep 11 2023 Chester Lin <clin@suse.com> - Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151) * arm64-Use-proper-memory-type-for-kernel-allocation.patch * Thu Aug 31 2023 Andreas Schwab <schwab@suse.de> - grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig * Wed Aug 16 2023 Gary Ching-Pang Lin <glin@suse.com> - Implement NV index mode for TPM 2.0 key protector 0001-protectors-Implement-NV-index.patch - Fall back to passphrase mode when the key protector fails to unlock the disk 0002-cryptodisk-Fallback-to-passphrase.patch - Wipe out the cached key cleanly 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch - Make diskfiler to look up cryptodisk devices first 0004-diskfilter-look-up-cryptodisk-devices-first.patch * Thu Aug 03 2023 Gary Ching-Pang Lin <glin@suse.com> - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch * Thu Jul 27 2023 Michael Chang <mchang@suse.com> - Version bump to 2.12~rc1 (PED-5589) * Added: - grub-2.12~rc1.tar.xz * Removed: - grub-2.06.tar.xz * Patch dropped merged by new version: - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-efi-chainloader-root.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - grub2-s390x-10-keep-network-at-kexec.patch - 0001-Fix-build-error-in-binutils-2.36.patch - 0001-emu-fix-executable-stack-marking.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - 0001-Filter-out-POSIX-locale-for-translation.patch - 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch - 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch - 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch - 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch - 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch - 0002-ieee1275-claim-more-memory.patch - 0003-ieee1275-request-memory-with-ibm-client-architecture.patch - 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch - 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch - 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - 0001-powerpc-do-CAS-in-a-more-compatible-way.patch - 0001-libc-config-merge-from-glibc.patch - 0001-video-Remove-trailing-whitespaces.patch - 0002-loader-efi-chainloader-Simplify-the-loader-state.patch - 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch - 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch - 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch - 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch - 0011-video-readers-png-Sanity-check-some-huffman-codes.patch - 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch - 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch - 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch - 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - 0017-net-ip-Do-IP-fragment-maths-safely.patch - 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch - 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch - 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch - 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch - 0022-net-tftp-Avoid-a-trivial-UAF.patch - 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch - 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch - 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch - 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch - 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch - 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch - 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch - 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch - 0002-cryptodisk-Refactor-to-discard-have_it-global.patch - 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch - 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch - 0005-cryptodisk-Improve-cryptomount-u-error-message.patch - 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch - 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch - 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch - 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch - 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch - 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch - 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch - 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch - 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch - 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch - 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch - efi-set-variable-with-attrs.patch - 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch - 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch - 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch - 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch - 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch - 0002-mm-Defer-the-disk-cache-invalidation.patch - 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch - 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch - 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch - 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch - 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch - 0004-font-Remove-grub_font_dup_glyph.patch - 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch - 0006-font-Fix-integer-overflow-in-BMP-index.patch - 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch - 0008-fbutil-Fix-integer-overflow.patch - 0009-font-Fix-an-integer-underflow-in-blit_comb.patch - 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch - 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch - 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch - 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch - 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch - grub2-add-module-for-boot-loader-interface.patch - 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch - 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch - 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch - 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch - 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch - 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch - 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch * Patch modified to new base version: - use-grub2-as-a-package-name.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-chainloader.patch - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-use-rpmsort-for-version-sorting.patch - grub2-getroot-treat-mdadm-ddf-as-simple-device.patch - grub2-grubenv-in-btrfs-header.patch - grub2-commands-introduce-read_file-subcommand.patch - grub2-efi-chainload-harder.patch - grub2-emu-4-all.patch - grub2-util-30_os-prober-multiple-initrd.patch - grub2-install-fix-not-a-directory-error.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-btrfs-04-grub2-install.patch - grub2-btrfs-05-grub2-mkconfig.patch - grub2-btrfs-06-subvol-mount.patch - grub2-efi-xen-chainload.patch - grub2-efi-xen-cmdline.patch - grub2-efi-xen-removable.patch - grub2-suse-remove-linux-root-param.patch - grub2-ppc64le-disable-video.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - 0004-efinet-UEFI-IPv6-PXE-support.patch - 0007-efinet-Setting-network-from-UEFI-device-path.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0001-add-support-for-UEFI-network-protocols.patch - grub2-mkconfig-default-entry-correction.patch - grub2-s390x-11-secureboot.patch - grub2-secureboot-install-signed-grub.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - 0002-cmdline-Provide-cmdline-functions-as-module.patch - 0001-efi-linux-provide-linux-command.patch - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch - 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch - 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch - 0001-Factor-out-grub_efi_linux_boot.patch - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch - 0015-test_asn1-test-module-for-libtasn1.patch - 0021-appended-signatures-documentation.patch - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch - 0003-grub-install-support-prep-environment-block.patch - 0004-Introduce-prep_load_env-command.patch - 0001-grub-install-bailout-root-device-probing.patch - 0001-install-fix-software-raid1-on-esp.patch - 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch - 0001-protectors-Add-key-protectors-framework.patch - 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - 0004-cryptodisk-Support-key-protectors.patch - 0008-linuxefi-Use-common-grub_initrd_load.patch - 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch - grub-read-pcr.patch - tpm-record-pcrs.patch - 0001-clean-up-crypttab-and-linux-modules-dependency.patch * Patch refreshed: - rename-grub-info-file-to-grub2.patch - grub2-linux.patch - grub2-simplefb.patch - grub2-ppc-terminfo.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-efi-HP-workaround.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-linuxefi-fix-boot-params.patch - grub2-s390x-05-grub2-mkconfig.patch - grub2-xen-linux16.patch - grub2-efi-disable-video-cirrus-and-bochus.patch - grub2-vbe-blacklist-preferred-1440x900x32.patch - grub2-mkconfig-aarch64.patch - grub2-menu-unrestricted.patch - grub2-mkconfig-arm.patch - grub2-s390x-06-loadparm.patch - grub2-s390x-07-add-image-param-for-zipl-setup.patch - grub2-s390x-08-workaround-part-to-disk.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-getroot-support-nvdimm.patch - grub2-s390x-skip-zfcpdump-image.patch - grub2-btrfs-02-export-subvolume-envvars.patch - grub2-btrfs-03-follow_default.patch - grub2-btrfs-07-subvol-fallback.patch - grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch - grub2-btrfs-09-get-default-subvolume.patch - grub2-btrfs-10-config-directory.patch - grub2-efi-xen-cfg-unquote.patch - grub2-Add-hidden-menu-entries.patch - grub2-SUSE-Add-the-t-hotkey.patch - grub2-ppc64le-memory-map.patch - grub2-ppc64-cas-reboot-support.patch - grub2-ppc64-cas-new-scope.patch - grub2-ppc64-cas-fix-double-free.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0012-tpm-Build-tpm-as-module.patch - 0002-AUDIT-0-http-boot-tracker-bug.patch - grub2-btrfs-help-on-snapper-rollback.patch - grub2-video-limit-the-resolution-for-fixed-bimap-font.patch - 0001-kern-mm.c-Make-grub_calloc-inline.patch - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch - 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch - 0003-Make-grub_error-more-verbose.patch - 0001-ieee1275-Avoiding-many-unecessary-open-close.patch - 0001-Workaround-volatile-efi-boot-variable.patch - 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch - 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch - 0005-docs-grub-Document-signing-grub-under-UEFI.patch - 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch - 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch - 0008-pgp-factor-out-rsa_pad.patch - 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch - 0011-libtasn1-import-libtasn1-4.18.0.patch - 0014-libtasn1-compile-into-asn1-module.patch - 0016-grub-install-support-embedding-x509-certificates.patch - 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch - 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch - 0019-appended-signatures-support-verifying-appended-signa.patch - 0020-appended-signatures-verification-tests.patch - 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch - 0002-Add-grub_disk_write_tail-helper-function.patch - 0005-export-environment-at-start-up.patch - 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - 0003-protectors-Add-TPM2-Key-Protector.patch - 0005-util-grub-protect-Add-new-tool.patch - 0010-templates-import-etc-crypttab-to-grub.cfg.patch - grub-install-record-pcrs.patch - safe_tpm_pcr_snapshot.patch - 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch - 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch - 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch - 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch - 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch * New: - 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch - 0001-font-Try-memdisk-fonts-with-the-same-name.patch - 0001-Make-grub.cfg-compatible-to-old-binaries.patch - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch * Embedding fonts in the grub.efi to get signed for secure boot * Wed Jul 26 2023 Michael Chang <mchang@suse.com> - Fix error message "unknown command tpm_record_pcrs" with encrypted boot and no tpm device present (bsc#1213547) * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Tue May 30 2023 Dirk Müller <dmueller@suse.com> - add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch, 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch: * support more featureful extX filesystems (backport from upstream git) * Thu May 04 2023 Michael Chang <mchang@suse.com> - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) * Wed Apr 26 2023 Gary Ching-Pang Lin <glin@suse.com> - Exclude the deprecated EFI location, /usr/lib64/efi/, from Tumbleweed and ALP * Fri Apr 21 2023 Gary Ching-Pang Lin <glin@suse.com> - Update TPM 2.0 key unsealing patches * Add the new upstreaming patches 0001-protectors-Add-key-protectors-framework.patch 0002-tpm2-Add-TPM-Software-Stack-TSS.patch 0003-protectors-Add-TPM2-Key-Protector.patch 0004-cryptodisk-Support-key-protectors.patch 0005-util-grub-protect-Add-new-tool.patch * Add the authorized policy patches based on the upstreaming patches 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch 0002-tpm2-Add-more-marshal-unmarshal-functions.patch 0003-tpm2-Implement-more-TPM2-commands.patch 0004-tpm2-Support-authorized-policy.patch * Drop the old patches 0010-protectors-Add-key-protectors-framework.patch 0011-tpm2-Add-TPM-Software-Stack-TSS.patch 0012-protectors-Add-TPM2-Key-Protector.patch 0013-cryptodisk-Support-key-protectors.patch 0014-util-grub-protect-Add-new-tool.patch fix-tpm2-build.patch tpm-protector-dont-measure-sealed-key.patch tpm-protector-export-secret-key.patch grub-unseal-debug.patch 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch 0005-tpm2-add-more-marshal-unmarshal-functions.patch 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch 0009-tpm2-remove-the-unnecessary-variables.patch 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch 0012-tpm2-initialize-the-PCR-selection-list-early.patch 0013-tpm2-support-unsealing-key-with-authorized-policy.patch * Refresh grub-read-pcr.patch * Introduce a new build requirement: libtasn1-devel - Only package grub2-protect for the architectures with EFI support * Fri Apr 21 2023 Michael Chang <mchang@suse.com> - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch * Tue Apr 18 2023 Michael Chang <mchang@suse.com> - Fix no prep partition error on non-PReP architectures by making the prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489) * 0004-Introduce-prep_load_env-command.patch - Fix the issue of freeing an uninitialized pointer * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Rediff * 0005-export-environment-at-start-up.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Tue Apr 11 2023 Michael Chang <mchang@suse.com> - Resolve some issues with OS boot failure on PPC NVMe-oF disks and made enhancements to PPC secure boot's root device discovery config (bsc#1207230) - Ensure get_devargs and get_devname functions are consistent * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch - Fix regex for Open Firmware device specifier with encoded commas * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings. - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution. * 0004-Introduce-prep_load_env-command.patch - Refreshed * 0005-export-environment-at-start-up.patch * Thu Mar 23 2023 Michael Chang <mchang@suse.com> - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch * Mon Mar 20 2023 Michael Chang <mchang@suse.com> - Restrict cryptsetup key file permission for better security (bsc#1207499) * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch * Wed Mar 15 2023 Hans-Peter Jansen <hpj@urpla.net> - Meanwhile, memtest86+ gained EFI support, but using the grub command line to run it manually is quite tedious... Adapt 20_memtest86+ to provide a proper menu entry. Executing memtest requires to turn security off in BIOS: (Boot Mode: Other OS). * Mon Mar 13 2023 rw@suse.com - Tolerate kernel moved out of /boot. (bsc#1184804) * grub2-s390x-12-zipl-setup-usrmerge.patch * Mon Mar 06 2023 Michael Chang <mchang@suse.com> - Discard cached key from grub shell and editor mode * 0001-clean-up-crypttab-and-linux-modules-dependency.patch * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch * Fri Mar 03 2023 Michael Chang <mchang@suse.com> - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch * Wed Mar 01 2023 Michael Chang <mchang@suse.com> - Fix riscv64 error for relocation 0x13 is not implemented yet * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch * Wed Feb 22 2023 Michael Chang <mchang@suse.com> - Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Rediff * safe_tpm_pcr_snapshot.patch - Patch supersceded * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Wed Feb 15 2023 Gary Ching-Pang Lin <glin@suse.com> - Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to handle the TPM2 responseCode correctly. * Fri Feb 10 2023 Valentin Lefebvre <valentin.lefebvre@suse.com> - Add module for boot loader interface. Needed for load Unified Kernel Image (UKI) * grub2-add-module-for-boot-loader-interface.patch * Thu Feb 09 2023 Gary Ching-Pang Lin <glin@suse.com> - Amend the TPM2 stack and add authorized policy mode to tpm2_key_protector * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch * 0005-tpm2-add-more-marshal-unmarshal-functions.patch * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch * 0009-tpm2-remove-the-unnecessary-variables.patch * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch * 0012-tpm2-initialize-the-PCR-selection-list-early.patch * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch * Wed Feb 08 2023 Michael Chang <mchang@suse.com> - Fix nvmf boot device setup (bsc#1207811) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * Tue Feb 07 2023 Michael Chang <mchang@suse.com> - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch * Sat Feb 04 2023 Michael Chang <mchang@suse.com> - Fix GCC 13 build failure (bsc#1201089) * 0002-AUDIT-0-http-boot-tracker-bug.patch * Tue Jan 03 2023 Gary Ching-Pang Lin <glin@suse.com> - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) * Fri Dec 30 2022 Michael Chang <mchang@suse.com> - Fix inappropriately including commented lines in crypttab (bsc#1206279) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * Fri Dec 23 2022 Michael Chang <mchang@suse.com> - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) - Removed patch linuxefi * grub2-secureboot-provide-linuxefi-config.patch * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch * grub2-secureboot-use-linuxefi-on-uefi.patch - Rediff * grub2-btrfs-05-grub2-mkconfig.patch * grub2-efi-xen-cmdline.patch * grub2-s390x-05-grub2-mkconfig.patch * grub2-suse-remove-linux-root-param.patch * Mon Dec 19 2022 Michael Chang <mchang@suse.com> - Setup multiple device paths for a nvmf boot device (bsc#1205666) * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch * Fri Dec 16 2022 Gary Ching-Pang Lin <glin@suse.com> - Increase the path buffer in the crypttab command for the long volume name (bsc#1206333) * grub2-increase-crypttab-path-buffer.patch * Mon Dec 05 2022 Michael Chang <mchang@suse.com> - Add tpm to signed grub.elf image (PED-1990) (bsc#1205912) - Increase initial heap size from 1/4 to 1/3 * 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch * Tue Nov 22 2022 Michael Chang <mchang@suse.com> - Make full utilization of btrfs bootloader area (bsc#1161823) * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch - Patch removed * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch * Mon Nov 21 2022 Michael Chang <mchang@suse.com> - Fix regression of reverting back to asking password twice when a keyfile is already used (bsc#1205309) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * Wed Nov 16 2022 Michael Chang <mchang@suse.com> - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 * Mon Nov 14 2022 Michael Chang <mchang@suse.com> - Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported regression in some hardware being stuck in initrd loading (bsc#1205380) * Mon Nov 14 2022 Michael Chang <mchang@suse.com> - Fix password asked twice if third field in crypttab not present (bsc#1205312) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Fri Oct 28 2022 Michael Chang <mchang@suse.com> - NVMeoFC support on grub (jsc#PED-996) * 0001-ieee1275-add-support-for-NVMeoFC.patch * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch * 0004-ofpath-controller-name-update.patch - TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265) * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Fix efi pcr snapshot related funtion is defined but not used on powerpc platform. * safe_tpm_pcr_snapshot.patch * Mon Oct 24 2022 Michael Chang <mchang@suse.com> - Include loopback into signed grub2 image (jsc#PED-2150) * Thu Oct 06 2022 Michael Chang <mchang@suse.com> - Fix firmware oops after disk decrypting failure (bsc#1204037) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * Fri Sep 23 2022 Michael Chang <mchang@suse.com> - Add patch to fix kernel relocation error in low memory * 0001-linux-fix-efi_relocate_kernel-failure.patch * Mon Sep 19 2022 Michael Chang <mchang@suse.com> - Add safety measure to pcr snapshot by checking platform and tpm status * safe_tpm_pcr_snapshot.patch * Fri Sep 16 2022 Michael Chang <mchang@suse.com> - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch * Fri Sep 16 2022 Gary Ching-Pang Lin <glin@suse.com> - Add patches to dynamically allocate additional memory regions for EFI systems (bsc#1202438) * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - Enlarge the default heap size and defer the disk cache invalidation (bsc#1202438) * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch * 0002-mm-Defer-the-disk-cache-invalidation.patch * Thu Sep 15 2022 Michael Chang <mchang@suse.com> - Add patches for ALP FDE support * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch * 0008-linuxefi-Use-common-grub_initrd_load.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * grub-read-pcr.patch * efi-set-variable-with-attrs.patch * tpm-record-pcrs.patch * tpm-protector-dont-measure-sealed-key.patch * tpm-protector-export-secret-key.patch * grub-install-record-pcrs.patch * grub-unseal-debug.patch * Mon Aug 29 2022 Michael Chang <mchang@suse.com> - Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch * Thu Aug 18 2022 Michael Chang <mchang@suse.com> - Fix tpm error stop tumbleweed from booting (bsc#1202374) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Patch Removed * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch * Wed Jun 08 2022 Michael Chang <mchang@suse.com> - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch * Wed Jun 08 2022 Michael Chang <mchang@suse.com> - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) (jsc#PED-1276) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch * Tue May 31 2022 Michael Chang <mchang@suse.com> - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Bump grub's SBAT generation to 2 * Tue May 31 2022 Michael Chang <mchang@suse.com> - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch * Thu May 26 2022 Michael Chang <mchang@suse.com> - Fix error message in displaying help on bootable snapshot (bsc#1199609) * Tue May 17 2022 Michael Chang <mchang@suse.com> - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix ppc64le build error for new IEEE long double ABI * 0001-libc-config-merge-from-glibc.patch * Thu Apr 21 2022 Michael Chang <mchang@suse.com> - Fix Power10 LPAR error "The partition fails to activate as partition went into invalid state" (bsc#1198714) * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch * Mon Apr 11 2022 Ludwig Nussel <lnussel@suse.de> - use common SBAT values (boo#1193282) * Fri Mar 25 2022 Michael Chang <mchang@suse.com> - Fix wrong order in kernel sorting of listing rc before final release (bsc#1197376) * grub2-use-rpmsort-for-version-sorting.patch * Fri Mar 18 2022 Michael Chang <mchang@suse.com> - Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) * 0001-grub-probe-Deduplicate-probed-partmap-output.patch * Wed Mar 16 2022 Michael Chang <mchang@suse.com> - Fix GCC 12 build failure (bsc#1196546) * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - Revised * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch * Fri Mar 11 2022 Michael Chang <mchang@suse.com> - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch * Thu Mar 10 2022 Michael Chang <mchang@suse.com> - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch * Thu Mar 10 2022 Michael Chang <mchang@suse.com> - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch * Fri Mar 04 2022 Michael Chang <mchang@suse.com> - Support saving grub environment for POWER signed grub images (jsc#SLE-23854) * 0001-Add-grub_envblk_buf-helper-function.patch * 0002-Add-grub_disk_write_tail-helper-function.patch * 0003-grub-install-support-prep-environment-block.patch * 0004-Introduce-prep_load_env-command.patch * 0005-export-environment-at-start-up.patch - Use enviroment variable in early boot config to looking up root device * grub2.spec * Tue Mar 01 2022 Michal Suchanek <msuchanek@suse.com> - Remove obsolete openSUSE 12.2 conditionals in spec file - Clean up powerpc certificate handling. * Thu Feb 10 2022 Bjørn Lie <bjorn.lie@gmail.com> - Set grub2-check-default shebang to "#!/bin/bash", as the the code uses many instructions which are undefined for a POSIX sh. (boo#1195794). * Fri Jan 14 2022 Michael Chang <mchang@suse.com> - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch * Thu Jan 13 2022 Michael Chang <mchang@suse.com> - Fix wrong default entry when booting snapshot (bsc#1159205) * grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch * Tue Jan 11 2022 Michael Chang <mchang@suse.com> - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch * Mon Jan 10 2022 Michael Chang <mchang@suse.com> - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin
/etc/grub.d/80_suse_btrfs_snapshot /usr/lib/snapper /usr/lib/snapper/plugins /usr/lib/snapper/plugins/00-grub
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Oct 22 22:25:06 2025