Commit Graph

340 Commits

Author SHA256 Message Date
67224eefc6 Accepting request 1121379 from home:michael-chang:branches:Base:System
- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) 
  * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch

OBS-URL: https://build.opensuse.org/request/show/1121379
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=473
2023-10-31 09:35:53 +00:00
247022017f Accepting request 1120450 from home:gary_lin:branches:Base:System
- Fix a potential error when appending multiple keys into the
  synthesized initrd
  * Fix-the-size-calculation-for-the-synthesized-initrd.patch

OBS-URL: https://build.opensuse.org/request/show/1120450
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=472
2023-10-26 06:43:26 +00:00
8c7387ac32 Accepting request 1120141 from home:michael-chang:branches:Base:System
- Fix Xen chainloding error of no matching file path found (bsc#1216081) 
  * grub2-efi-chainload-harder.patch

- Use grub-tpm2 token to unlock keyslots to make the unsealing process more
  efficient and secure.
  * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch

OBS-URL: https://build.opensuse.org/request/show/1120141
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=471
2023-10-25 07:31:37 +00:00
Michael Chang
891ae6ee6e Accepting request 1118237 from home:michael-chang:branches:Base:System
- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
  when signed image installation is specified (bsc#1216075) 
  * 0003-grub-install-support-prep-environment-block.patch
- grub2.spec: Add support to unlocking multiple encrypted disks in signed
  grub.elf image for logical disks

- Version bump to 2.12~rc1 (PED-5589)

OBS-URL: https://build.opensuse.org/request/show/1118237
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=469
2023-10-18 05:19:26 +00:00
Michael Chang
9222984490 Accepting request 1116881 from home:michael-chang:branches:Base:System
- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
  * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
  * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
  * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
  * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
  * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
  * 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4

OBS-URL: https://build.opensuse.org/request/show/1116881
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=468
2023-10-13 05:42:31 +00:00
Michael Chang
a64c498922 Accepting request 1115856 from home:favogt:businessasusual
- Add patch to fix reading files from btrfs with "implicit" holes:
  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch

OBS-URL: https://build.opensuse.org/request/show/1115856
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=467
2023-10-06 02:58:09 +00:00
Michael Chang
c4e530ea83 Accepting request 1115436 from home:gary_lin:branches:Base:System
- Update the TPM 2.0 patches to support more RSA and ECC algorithms
  * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
  * 0003-protectors-Add-TPM2-Key-Protector.patch
  * 0005-util-grub-protect-Add-new-tool.patch

- Remove build require for gcc-32bit, target platform didn't rely on libgcc
  function shipped with compiler but rather using functions supplied in grub
  directly.

OBS-URL: https://build.opensuse.org/request/show/1115436
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=466
2023-10-05 05:07:17 +00:00
Michael Chang
d81a5aab96 Accepting request 1114285 from home:favogt:branches:Base:System
- Add BuildIgnore to break cycle with the branding package

OBS-URL: https://build.opensuse.org/request/show/1114285
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=465
2023-10-05 00:55:59 +00:00
Michael Chang
cd35f7c278 Accepting request 1113901 from home:gary_lin:branches:Base:System
- Only build with fde-tpm-helper-rpm-macros for the architectures
  supporting the newer UEFI and TPM 2.0.
  * Also correct the location of %fde_tpm_update_requires

OBS-URL: https://build.opensuse.org/request/show/1113901
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=464
2023-09-28 03:04:29 +00:00
Michael Chang
0a700a1789 Accepting request 1112154 from home:gary_lin:branches:Base:System
- Add the new BuildRequires for EFI builds for the better FDE
  support: fde-tpm-helper-rpm-macros
  + Also add the the macros to %post and %posttrans

OBS-URL: https://build.opensuse.org/request/show/1112154
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=461
2023-09-20 07:35:35 +00:00
Michael Chang
71fc1bf8e1 Accepting request 1110320 from home:clin:branches:X13S
- Correct the type of allocated EFI pages for ARM64 kernel from EFI_LOADER_DATA to EFI_LOADER_CODE since some Qualcomm CPUs do not allow kernel code execution on EFI_LOADER_DATA pages. (bsc#1215151)

OBS-URL: https://build.opensuse.org/request/show/1110320
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=460
2023-09-12 02:11:11 +00:00
Michael Chang
71f10698a2 Accepting request 1108332 from openSUSE:Factory:RISCV
- grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig

OBS-URL: https://build.opensuse.org/request/show/1108332
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=459
2023-09-04 04:46:02 +00:00
Michael Chang
8ee92f5194 Accepting request 1105405 from home:michael-chang:grub:2.12rc1
- Implement NV index mode for TPM 2.0 key protector
  0001-protectors-Implement-NV-index.patch
- Fall back to passphrase mode when the key protector fails to
  unlock the disk
  0002-cryptodisk-Fallback-to-passphrase.patch
- Wipe out the cached key cleanly
  0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
- Make diskfiler to look up cryptodisk devices first
  0004-diskfilter-look-up-cryptodisk-devices-first.patch

- Version bump to 2.12~rc1
  * Added:
    - grub-2.12~rc1.tar.xz
  * Removed:
    - grub-2.06.tar.xz
  * Patch dropped merged by new version:
    - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
    - grub2-s390x-02-kexec-module-added-to-emu.patch
    - grub2-efi-chainloader-root.patch
    - grub2-Fix-incorrect-netmask-on-ppc64.patch
    - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
    - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
    - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
    - grub2-s390x-10-keep-network-at-kexec.patch
    - 0001-Fix-build-error-in-binutils-2.36.patch
    - 0001-emu-fix-executable-stack-marking.patch
    - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
    - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
    - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
    - 0001-Filter-out-POSIX-locale-for-translation.patch

OBS-URL: https://build.opensuse.org/request/show/1105405
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458
2023-08-24 03:25:56 +00:00
Gary Ching-Pang Lin
c0d19752a8 Accepting request 1102092 from home:gary_lin:branches:Base:System
- Change the bash-completion directory (bsc#1213855)
  * grub2-change-bash-completion-dir.patch

OBS-URL: https://build.opensuse.org/request/show/1102092
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=457
2023-08-03 05:55:03 +00:00
d7b8a8f31b - add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch,
0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch:
  * support more featureful extX filesystems (backport from
  upstream git)

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=455
2023-05-30 11:04:54 +00:00
Gary Ching-Pang Lin
05861f0e0c Accepting request 1082901 from home:gary_lin:branches:Base:System
- Exclude the deprecated EFI location, /usr/lib64/efi/, from Tumbleweed and ALP

OBS-URL: https://build.opensuse.org/request/show/1082901
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=453
2023-04-26 07:47:52 +00:00
Gary Ching-Pang Lin
03ce3384fd Accepting request 1082613 from home:gary_lin:branches:Base:System
- Update TPM 2.0 key unsealing patches

OBS-URL: https://build.opensuse.org/request/show/1082613
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=452
2023-04-26 03:19:58 +00:00
Michael Chang
5420dbe227 Accepting request 1081117 from home:michael-chang:branches:Base:System
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
  * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
  * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch

OBS-URL: https://build.opensuse.org/request/show/1081117
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=451
2023-04-21 08:21:27 +00:00
Michael Chang
d8eda11f25 Accepting request 1078546 from home:michael-chang:branches:Base:System
- Resolve some issues with OS boot failure on PPC NVMe-oF disks and made
  enhancements to PPC secure boot's root device discovery config (bsc#1207230)
- Ensure get_devargs and get_devname functions are consistent
  * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
- Fix regex for Open Firmware device specifier with encoded commas
  * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
  from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
  environment variables and ensure successful command execution.
  * 0004-Introduce-prep_load_env-command.patch
- Refreshed
  * 0005-export-environment-at-start-up.patch

OBS-URL: https://build.opensuse.org/request/show/1078546
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=448
2023-04-12 02:46:16 +00:00
Michael Chang
448b5a32b0 Accepting request 1073013 from home:michael-chang:branches:Base:System
- Restrict cryptsetup key file permission for better security (bsc#1207499)
  * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
  * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch

OBS-URL: https://build.opensuse.org/request/show/1073013
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=446
2023-03-22 02:43:43 +00:00
Michael Chang
3c4b4c1ff8 Accepting request 1072324 from home:frispete:Tumbleweed
- Meanwhile, memtest86+ gained EFI support, but using the grub
  command line to run it manually is quite tedious...
  Adapt 20_memtest86+ to provide a proper menu entry. Executing
  memtest requires to turn security off in BIOS: (Boot Mode: Other OS).

OBS-URL: https://build.opensuse.org/request/show/1072324
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=445
2023-03-20 02:50:55 +00:00
Michael Chang
7c44841cbf Accepting request 1071405 from home:rwill:branches:Base:System
Add support for UsrMerged kernels. (bsc#1184804)

OBS-URL: https://build.opensuse.org/request/show/1071405
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=444
2023-03-15 09:43:19 +00:00
Michael Chang
d9083613d3 Accepting request 1071066 from home:michael-chang:branches:Base:System
- Discard cached key from grub shell and editor mode
  * 0001-clean-up-crypttab-and-linux-modules-dependency.patch
  * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch

- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch

OBS-URL: https://build.opensuse.org/request/show/1071066
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=443
2023-03-13 10:05:13 +00:00
Michael Chang
f6a335c91f Accepting request 1068350 from home:michael-chang:branches:Base:System
- Fix riscv64 error for relocation 0x13 is not implemented yet
  * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch

OBS-URL: https://build.opensuse.org/request/show/1068350
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=442
2023-03-06 06:07:30 +00:00
Michael Chang
23aa9ce4c5 Accepting request 1067109 from home:michael-chang:branches:Base:System
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
  * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
  * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
  * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Rediff
  * safe_tpm_pcr_snapshot.patch
- Patch supersceded
  * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch

OBS-URL: https://build.opensuse.org/request/show/1067109
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=441
2023-02-24 05:42:16 +00:00
Michael Chang
e99fcd8544 Accepting request 1065383 from home:vlefebvre:unified
Patch to add some efi varibales needed for efi partition as for Unified Kernel Image

OBS-URL: https://build.opensuse.org/request/show/1065383
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=439
2023-02-14 07:57:34 +00:00
Gary Ching-Pang Lin
7ad3520153 Accepting request 1063960 from home:gary_lin:tpm2-unseal
- Amend the TPM2 stack and add authorized policy mode to tpm2_key_protector

OBS-URL: https://build.opensuse.org/request/show/1063960
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=438
2023-02-09 08:57:28 +00:00
Michael Chang
f461fa520e Accepting request 1063713 from home:michael-chang:branches:Base:System
- Fix nvmf boot device setup (bsc#1207811)
  * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch

OBS-URL: https://build.opensuse.org/request/show/1063713
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=437
2023-02-08 05:32:33 +00:00
Michael Chang
a7b06b9f1a Accepting request 1063542 from home:michael-chang:branches:Base:System
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch

- Fix GCC 13 build failure (bsc#1201089)
  * 0002-AUDIT-0-http-boot-tracker-bug.patch

OBS-URL: https://build.opensuse.org/request/show/1063542
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=436
2023-02-07 07:20:35 +00:00
Michael Chang
cb476353d0 Accepting request 1046402 from home:gary_lin:branches:Base:System
- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)

OBS-URL: https://build.opensuse.org/request/show/1046402
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=435
2023-01-06 02:48:00 +00:00
Michael Chang
ef0ef13ff0 Accepting request 1045798 from home:michael-chang:branches:Base:System
- Fix inappropriately including commented lines in crypttab (bsc#1206279)
  * 0010-templates-import-etc-crypttab-to-grub.cfg.patch

- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch

OBS-URL: https://build.opensuse.org/request/show/1045798
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=434
2023-01-03 02:35:16 +00:00
7db9c91d3c Accepting request 1043840 from home:michael-chang:branches:Base:System
- Setup multiple device paths for a nvmf boot device (bsc#1205666)
  * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch

OBS-URL: https://build.opensuse.org/request/show/1043840
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=433
2022-12-20 15:32:08 +00:00
Michael Chang
4f37c09e47 Accepting request 1043245 from home:gary_lin:bsc1206333
- Increase the path buffer in the crypttab command for the long
  volume name (bsc#1206333)
  * grub2-increase-crypttab-path-buffer.patch

OBS-URL: https://build.opensuse.org/request/show/1043245
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=432
2022-12-19 03:45:35 +00:00
Gary Ching-Pang Lin
56f10d0ce0 Accepting request 1042243 from Base:System
Revert the zfs change for now

OBS-URL: https://build.opensuse.org/request/show/1042243
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=431
2022-12-12 05:41:30 +00:00
Gary Ching-Pang Lin
7a7c298814 Accepting request 1041797 from home:gary_lin:branches:Base:System
Move unsupported zfs modules into 'extras' packages (bsc#1205554)

OBS-URL: https://build.opensuse.org/request/show/1041797
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=430
2022-12-09 08:55:31 +00:00
Michael Chang
b8a9f2473e Accepting request 1040499 from home:michael-chang:branches:Base:System
- Add tpm to signed grub.elf image (PED-1990) (bsc#1205912) 
- Increase initial heap size from 1/4 to 1/3
  * 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch

OBS-URL: https://build.opensuse.org/request/show/1040499
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=429
2022-12-06 07:49:23 +00:00
Michael Chang
46c0e0c8b7 Accepting request 1037548 from home:michael-chang:branches:Base:System
- Make full utilization of btrfs bootloader area (bsc#1161823)
  * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch
  * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch
- Patch removed
  * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch

OBS-URL: https://build.opensuse.org/request/show/1037548
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=428
2022-11-24 03:05:20 +00:00
Michael Chang
fd4fd3a935 Accepting request 1035936 from home:michael-chang:branches:Base:System
- Security fixes and hardenings
  * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
  * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
  * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
  * 0004-font-Remove-grub_font_dup_glyph.patch
  * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
  * 0006-font-Fix-integer-overflow-in-BMP-index.patch
  * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
  * 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
  * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
  * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
  * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
  * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3

OBS-URL: https://build.opensuse.org/request/show/1035936
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=426
2022-11-16 03:21:13 +00:00
Michael Chang
d3aabbf763 Accepting request 1035607 from home:michael-chang:branches:Base:System
- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported
  regression in some hardware being stuck in initrd loading (bsc#1205380)

- Fix password asked twice if third field in crypttab not present (bsc#1205312)
  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch

OBS-URL: https://build.opensuse.org/request/show/1035607
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=425
2022-11-14 10:33:06 +00:00
Michael Chang
61a62ea989 Accepting request 1032365 from home:michael-chang:15sp5
- NVMeoFC support on grub (jsc#PED-996)
  * 0001-ieee1275-add-support-for-NVMeoFC.patch
  * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
  * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch
  * 0004-ofpath-controller-name-update.patch
- TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265)
  * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
  * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
  * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
- Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) 
  * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
  * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Fix efi pcr snapshot related funtion is defined but not used on powerpc
  platform.
  * safe_tpm_pcr_snapshot.patch

OBS-URL: https://build.opensuse.org/request/show/1032365
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=424
2022-11-01 04:59:50 +00:00
eb7c39ad64 Accepting request 1030619 from home:michael-chang:ped:2150
- Include loopback into signed grub2 image (jsc#PED-2150)

OBS-URL: https://build.opensuse.org/request/show/1030619
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=423
2022-10-24 11:44:15 +00:00
Michael Chang
5912838326 Accepting request 1006353 from home:michael-chang:branches:Base:System
- Add patch to fix kernel relocation error in low memory
  * 0001-linux-fix-efi_relocate_kernel-failure.patch

OBS-URL: https://build.opensuse.org/request/show/1006353
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=420
2022-09-28 02:40:56 +00:00
Michael Chang
3e026f665c Accepting request 1004537 from home:gary_lin:branches:Base:System
- Add safety measure to pcr snapshot by checking platform and tpm status
  * safe_tpm_pcr_snapshot.patch

- Fix installation failure due to unavailable nvram device on
  ppc64le (bsc#1201361)
  * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch

- Add patches to dynamically allocate additional memory regions for
  EFI systems (bsc#1202438)
  * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
  * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
  * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
  * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
  * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
- Enlarge the default heap size and defer the disk cache
  invalidation (bsc#1202438)
  * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
  * 0002-mm-Defer-the-disk-cache-invalidation.patch

- Add patches for ALP FDE support
  * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
  * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
  * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
  * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
  * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
  * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
  * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
  * 0008-linuxefi-Use-common-grub_initrd_load.patch
  * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
  * 0010-templates-import-etc-crypttab-to-grub.cfg.patch

OBS-URL: https://build.opensuse.org/request/show/1004537
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=419
2022-09-19 06:10:23 +00:00
Michael Chang
761268d847 Accepting request 997708 from home:michael-chang:bsc:1202374
- Fix tpm error stop tumbleweed from booting (bsc#1202374)
  * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Patch Removed
  * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch

OBS-URL: https://build.opensuse.org/request/show/997708
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=418
2022-08-18 09:42:06 +00:00
Michael Chang
14793c1f96 Accepting request 992180 from home:michael-chang:branches:home:michael-chang:test:tpm
- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625)
- Make grub-tpm.efi a symlink to grub.efi
  * grub2.spec
- Log error when tpm event log is full and continue
  * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
- Patch superseded
  * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch

- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668)
  * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch
  * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch
  * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch
  * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch
  * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch
  * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch
  * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch
  * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch
  * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch
  * 0010-protectors-Add-key-protectors-framework.patch
  * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch
  * 0012-protectors-Add-TPM2-Key-Protector.patch
  * 0013-cryptodisk-Support-key-protectors.patch
  * 0014-util-grub-protect-Add-new-tool.patch
- Fix no disk unlocking happen (bsc#1196668)
  * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
- Fix build error
  * fix-tpm2-build.patch

OBS-URL: https://build.opensuse.org/request/show/992180
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=417
2022-08-11 10:30:46 +00:00
Michael Chang
e016790fe1 Accepting request 981228 from home:michael-chang:branches:Base:System
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
  * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
  * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0017-net-ip-Do-IP-fragment-maths-safely.patch
  * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0022-net-tftp-Avoid-a-trivial-UAF.patch
  * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch

OBS-URL: https://build.opensuse.org/request/show/981228
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=416
2022-06-08 03:04:17 +00:00
Michael Chang
2d223e0f89 Accepting request 980213 from home:michael-chang:branches:Base:System
- Use boot disks in OpenFirmware, fixing regression caused by
  0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
  the root LV is completely in the boot LUN (bsc#1197948)
  * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch

- Fix error message in displaying help on bootable snapshot (bsc#1199609)

OBS-URL: https://build.opensuse.org/request/show/980213
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=415
2022-06-01 06:10:34 +00:00
db2c247b25 Accepting request 978064 from home:michael-chang:branches:Base:System
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix ppc64le build error for new IEEE long double ABI
  * 0001-libc-config-merge-from-glibc.patch

OBS-URL: https://build.opensuse.org/request/show/978064
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=414
2022-05-23 06:31:10 +00:00
Michael Chang
14c89e54e6 Accepting request 972429 from home:michael-chang:branches:Base:System
- Fix Power10 LPAR error "The partition fails to activate as partition went
  into invalid state" (bsc#1198714)
  * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch

OBS-URL: https://build.opensuse.org/request/show/972429
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=413
2022-04-25 05:04:46 +00:00
Michael Chang
1583b449d8 Accepting request 971027 from home:lnussel:branches:Base:System
- use common SBAT values (boo#1193282)

OBS-URL: https://build.opensuse.org/request/show/971027
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=412
2022-04-21 03:49:55 +00:00