import grub2-2.02-84.el8

SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch

@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 11 Jul 2018 13:48:48 -0400
-Subject: [PATCH] Disable multiboot, multiboot2, and linux16 modules on EFI
- builds.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- grub-core/Makefile.core.def | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index aa44d66aca4..d3e3bfd4d7a 100644
---- a/grub-core/Makefile.core.def
-+++ b/grub-core/Makefile.core.def
-@@ -1680,7 +1680,7 @@ module = {
- 
-   common = loader/multiboot.c;
-   common = loader/multiboot_mbi2.c;
--  enable = x86;
-+  enable = i386_pc;
-   enable = mips;
- };
- 
-@@ -1689,7 +1689,7 @@ module = {
-   common = loader/multiboot.c;
-   x86 = loader/i386/multiboot_mbi.c;
-   extra_dist = loader/multiboot_elfxx.c;
--  enable = x86;
-+  enable = i386_pc;
- };
- 
- module = {

SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch

@@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
  1 file changed, 6 deletions(-)
 
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index d3e3bfd4d7a..715d3a3ec02 100644
+index aa44d66aca4..e35217b8668 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
 @@ -2186,12 +2186,6 @@ module = {

SOURCES/0223-Rework-how-the-fdt-command-builds.patch

@@ -22,7 +22,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
  5 files changed, 9 insertions(+), 5 deletions(-)
 
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 715d3a3ec02..203584fb00b 100644
+index e35217b8668..cf3d549d212 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
 @@ -166,7 +166,6 @@ kernel = {

SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch

@@ -38,7 +38,7 @@ Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
  delete mode 100644 grub-core/kern/i386/pc/tpm.c
 
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 203584fb00b..01c5f9ae351 100644
+index cf3d549d212..fb0a1e0babb 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
 @@ -246,7 +246,6 @@ kernel = {

SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch

@@ -27,7 +27,7 @@ Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
  rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%)
 
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index 01c5f9ae351..f99fc994f6b 100644
+index fb0a1e0babb..3346d1be658 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
 @@ -129,7 +129,6 @@ kernel = {

SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch

@@ -14,7 +14,7 @@ Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index f99fc994f6b..5b4841e1f00 100644
+index 3346d1be658..6864e780fd4 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
 @@ -782,6 +782,7 @@ module = {

SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch

@@ -0,0 +1,50 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 5 Mar 2020 16:21:47 +0100
+Subject: [PATCH] efi/http: Export {fw,http}_path variables to make them global
+
+The fw_path environment variable is used by http_configure() function to
+determine the HTTP path that should be used as prefix when using relative
+HTTP paths. And this is stored in the http_path environment variable.
+
+Later, that variable is looked up by grub_efihttp_open() to generate the
+complete path to be used in the HTTP request.
+
+But these variables are not exported, which means that are not global and
+so are only found in the initial context.
+
+This can cause commands like configfile that create a new context to fail
+because the fw_path and http_path variables will not be found.
+
+Resolves: rhbz#1811561
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/kern/main.c    | 1 +
+ grub-core/net/efi/http.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
+index dcf48726d54..9bf6a8b231a 100644
+--- a/grub-core/kern/main.c
++++ b/grub-core/kern/main.c
+@@ -142,6 +142,7 @@ grub_set_prefix_and_root (void)
+       if (fw_path)
+ 	{
+ 	  grub_env_set ("fw_path", fw_path);
++	  grub_env_export ("fw_path");
+ 	  grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path);
+ 	  grub_free (fw_path);
+ 	}
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index de351b2cd03..755b7a6d054 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6)
+ 	  http_path++;
+ 	  grub_env_unset ("http_path");
+ 	  grub_env_set ("http_path", http_path);
++	  grub_env_export ("http_path");
+ 	}
+     }
+ 

SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch

@@ -0,0 +1,114 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 5 Mar 2020 16:21:58 +0100
+Subject: [PATCH] efi/http: Enclose literal IPv6 addresses in square brackets
+
+According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6
+addresses must be enclosed in square brackets. But GRUB currently does not
+do this and is causing HTTP servers to send Bad Request (400) responses.
+
+For example, the following is the HTTP stream when fetching a config file:
+
+HEAD /EFI/BOOT/grub.cfg HTTP/1.1
+Host: 2000:dead:beef:a::1
+Accept: */*
+User-Agent: UefiHttpBoot/1.0
+
+HTTP/1.1 400 Bad Request
+Date: Thu, 05 Mar 2020 14:46:02 GMT
+Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d
+Connection: close
+Content-Type: text/html; charset=iso-8859-1
+
+and after enclosing the IPv6 address the HTTP request is successful:
+
+HEAD /EFI/BOOT/grub.cfg HTTP/1.1
+Host: [2000:dead:beef:a::1]
+Accept: */*
+User-Agent: UefiHttpBoot/1.0
+
+HTTP/1.1 200 OK
+Date: Thu, 05 Mar 2020 14:48:04 GMT
+Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d
+Last-Modified: Thu, 27 Feb 2020 17:45:58 GMT
+ETag: "206-59f924b24b1da"
+Accept-Ranges: bytes
+Content-Length: 518
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++---------
+ 1 file changed, 28 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
+index 755b7a6d054..fc8cb25ae0a 100644
+--- a/grub-core/net/efi/http.c
++++ b/grub-core/net/efi/http.c
+@@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+   grub_efi_status_t status;
+   grub_efi_boot_services_t *b = grub_efi_system_table->boot_services;
+   char *url = NULL;
+-
+-  request_headers[0].field_name = (grub_efi_char8_t *)"Host";
+-  request_headers[0].field_value = (grub_efi_char8_t *)server;
+-  request_headers[1].field_name = (grub_efi_char8_t *)"Accept";
+-  request_headers[1].field_value = (grub_efi_char8_t *)"*/*";
+-  request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent";
+-  request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0";
++  char *hostname = NULL;
+ 
+   {
+     grub_efi_ipv6_address_t address;
+@@ -174,9 +168,24 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+     const char *protocol = (use_https == 1) ? "https" : "http";
+ 
+     if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0)
+-      url = grub_xasprintf ("%s://[%s]%s", protocol, server, name);
++      {
++        hostname = grub_xasprintf ("[%s]", server);
++        if (!hostname)
++          return GRUB_ERR_OUT_OF_MEMORY;
++
++        server = hostname;
++
++        url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++        if (!url)
++          {
++            grub_free (hostname);
++            return GRUB_ERR_OUT_OF_MEMORY;
++          }
++      }
+     else
+-      url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++      {
++        url = grub_xasprintf ("%s://%s%s", protocol, server, name);
++      }
+ 
+     if (!url)
+       {
+@@ -199,6 +208,13 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+     request_data.url = ucs2_url;
+   }
+ 
++  request_headers[0].field_name = (grub_efi_char8_t *)"Host";
++  request_headers[0].field_value = (grub_efi_char8_t *)server;
++  request_headers[1].field_name = (grub_efi_char8_t *)"Accept";
++  request_headers[1].field_value = (grub_efi_char8_t *)"*/*";
++  request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent";
++  request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0";
++
+   request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET;
+ 
+   request_message.data.request = &request_data;
+@@ -228,6 +244,9 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
+ 
+   status = efi_call_2 (http->request, http, &request_token);
+ 
++  if (hostname)
++    grub_free (hostname);
++
+   if (status != GRUB_EFI_SUCCESS)
+     {
+       efi_call_1 (b->close_event, request_token.event);

SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch

@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 9 Mar 2020 15:29:45 +0100
+Subject: [PATCH] efi/net: Allow to specify a port number in addresses
+
+The grub_efi_net_parse_address() function is not covering the case where a
+port number is specified in an IPv4 or IPv6 address, so will fail to parse
+the network address.
+
+For most cases the issue is harmless, because the function is only used to
+match an address with a network interface and if fails the default is used.
+
+But still is a bug that has to be fixed and it causes error messages to be
+printed like the following:
+
+error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080'
+
+error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080'
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/net.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
+index 4c70fc4da2a..c74854a82b7 100644
+--- a/grub-core/net/efi/net.c
++++ b/grub-core/net/efi/net.c
+@@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address,
+ 	      return GRUB_ERR_NONE;
+ 	    }
+ 	}
+-      else if (*rest == 0)
++      else if (*rest == 0 || *rest == ':')
+ 	{
+ 	  grub_uint32_t subnet_mask = 0xffffffffU;
+ 	  grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask));
+@@ -768,7 +768,7 @@ grub_efi_net_parse_address (const char *address,
+ 	      return GRUB_ERR_NONE;
+ 	    }
+ 	}
+-      else if (*rest == 0)
++      else if (*rest == 0 || *rest == ':')
+ 	{
+ 	  ip6->prefix_length = 128;
+ 	  ip6->is_anycast = 0;

SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch

@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 9 Mar 2020 15:30:05 +0100
+Subject: [PATCH] efi/ip4_config: Improve check to detect literal IPv6
+ addresses
+
+The grub_efi_string_to_ip4_address() function wrongly assumes that an IPv6
+address is an IPv4 address, because it doesn't take into account the case
+of a caller passing an IPv6 address as a string.
+
+This leads to the grub_efi_net_parse_address() function to fail and print
+the following error message:
+
+error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1'
+
+Resolves: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/ip4_config.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
+index 38e2a04747a..6117e60ab12 100644
+--- a/grub-core/net/efi/ip4_config.c
++++ b/grub-core/net/efi/ip4_config.c
+@@ -56,9 +56,20 @@ int
+ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest)
+ {
+   grub_uint32_t newip = 0;
+-  int i;
++  int i, ncolon = 0;
+   const char *ptr = val;
+ 
++  /* Check that is not an IPv6 address */
++  for (i = 0; i < grub_strlen(ptr); i++)
++    {
++      if (ptr[i] == '[' && i == 0)
++        return 0;
++
++      if (ptr[i] == ':')
++          if (i == 0 || ++ncolon == 2)
++            return 0;
++    }
++
+   for (i = 0; i < 4; i++)
+     {
+       unsigned long t;

SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch

@@ -0,0 +1,68 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 10 Mar 2020 11:23:49 +0100
+Subject: [PATCH] efi/net: Print a debug message if parsing the address fails
+
+Currently if parsing the address fails an error message is printed. But in
+most cases this isn't a fatal error since the grub_efi_net_parse_address()
+function is only used to match an address with a network interface to use.
+
+And if this fails, the default interface is used which is good enough for
+most cases. So instead of printing an error that would pollute the console
+just print a debug message if the address is not parsed correctly.
+
+A user can enable debug messages for the efinet driver to have information
+about the failure and the fact that the default interface is being used.
+
+Related: rhbz#1811560
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/net/efi/net.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
+index c74854a82b7..3ae1fbbe3c8 100644
+--- a/grub-core/net/efi/net.c
++++ b/grub-core/net/efi/net.c
+@@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address,
+ 	}
+     }
+ 
+-  return grub_error (GRUB_ERR_NET_BAD_ADDRESS,
+-		   N_("unrecognised network address `%s'"),
+-		   address);
++  grub_dprintf ("efinet", "unrecognised network address '%s'\n", address);
++
++  return GRUB_ERR_NET_BAD_ADDRESS;
+ }
+ 
+ static grub_efi_net_interface_t *
+@@ -795,10 +795,7 @@ match_route (const char *server)
+   err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0);
+ 
+   if (err)
+-    {
+-      grub_print_error ();
+       return NULL;
+-    }
+ 
+   if (is_ip6)
+     {
+@@ -1233,8 +1230,15 @@ grub_net_open_real (const char *name __attribute__ ((unused)))
+   /*FIXME: Use DNS translate name to address */
+   net_interface = match_route (server);
+ 
++  if (!net_interface && net_default_interface)
++    {
++      net_interface = net_default_interface;
++      grub_dprintf ("efinet", "interface lookup failed, using default '%s'\n",
++                    net_interface->name);
++    }
++
+   /*XXX: should we check device with default gateway ? */
+-  if (!net_interface && !(net_interface = net_default_interface))
++  if (!net_interface)
+     {
+       grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"),
+ 		  name);

SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch

@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 23 Apr 2020 15:06:46 +0200
+Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF
+ entry point
+
+Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
+kernel. But our custom EFI loader that supports Secure Boot instead uses
+the EFI handover protocol (for x86) or jumping directly to the PE/COFF
+entry point (for aarch64).
+
+This is done to allow the bootloader to verify the images using the shim
+lock protocol to avoid booting untrusted binaries.
+
+Since the bootloader loads the kernel from the boot media instead of using
+LoadImage(), it is responsible to set the Loaded Image base address before
+booting the kernel.
+
+Otherwise the kernel EFI stub will complain that it was not set correctly
+and print the following warning message:
+
+EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
+
+Resolves: rhbz#1819624
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/loader/efi/linux.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
+index b56ea0bc041..e09f824862b 100644
+--- a/grub-core/loader/efi/linux.c
++++ b/grub-core/loader/efi/linux.c
+@@ -72,6 +72,7 @@ grub_err_t
+ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
+ 		     void *kernel_params)
+ {
++  grub_efi_loaded_image_t *loaded_image = NULL;
+   handover_func hf;
+   int offset = 0;
+ 
+@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
+   offset = 512;
+ #endif
+ 
++  /*
++   * Since the EFI loader is not calling the LoadImage() and StartImage()
++   * services for loading the kernel and booting respectively, it has to
++   * set the Loaded Image base address.
++   */
++  loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
++  if (loaded_image)
++    loaded_image->image_base = kernel_addr;
++  else
++    grub_dprintf ("linux", "Loaded Image base address could not be set\n");
++
+   grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
+ 		kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
+   hf = (handover_func)((char *)kernel_addr + handover_offset + offset);

SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch

@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 12 May 2020 01:00:51 +0200
+Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a
+ variable value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If an existing variable is set with a value whose length is smaller than
+the current value, a memory corruption can happen due copying padding '#'
+characters outside of the environment block buffer.
+
+This is caused by a wrong calculation of the previous free space position
+after moving backward the characters that followed the old variable value.
+
+That position is calculated to fill the remaining of the buffer with the
+padding '#' characters. But since isn't calculated correctly, it can lead
+to copies outside of the buffer.
+
+The issue can be reproduced by creating a variable with a large value and
+then try to set a new value that is much smaller:
+
+$ grub2-editenv --version
+grub2-editenv (GRUB) 2.04
+
+$ grub2-editenv env create
+
+$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)"
+
+$ wc -c env
+1024 grubenv
+
+$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)"
+malloc(): corrupted top size
+Aborted (core dumped)
+
+$ wc -c env
+0 grubenv
+
+Resolves: rhbz#1761496
+
+Reported-by: Renaud Métrich <rmetrich@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Patch-cc: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/envblk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
+index 230e0e9d9ab..2e4e78b132d 100644
+--- a/grub-core/lib/envblk.c
++++ b/grub-core/lib/envblk.c
+@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value)
+               /* Move the following characters backward, and fill the new
+                  space with harmless characters.  */
+               grub_memmove (p + vl, p + len, pend - (p + len));
+-              grub_memset (space + len - vl, '#', len - vl);
++              grub_memset (space - (len - vl), '#', len - vl);
+             }
+           else
+             /* Move the following characters forward.  */

SOURCES/0278-Reimplement-boot_counter.patch

@@ -0,0 +1,196 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 4 Oct 2018 14:22:09 -0400
+Subject: [PATCH] Reimplement boot_counter
+
+This adds "increment" and "decrement" commands, and uses them to maintain our
+variables in 01_fallback_counter.  It also simplifies the counter logic, so
+that there are no nested tests that conflict with each other.
+
+Apparently, this *really* wasn't tested well enough.
+
+Resolves: rhbz#1614637
+Signed-off-by: Peter Jones <pjones@redhat.com>
+[lorbus: add comments and revert logic changes in 01_fallback_counting]
+Signed-off-by: Christian Glombek <lorbus@fedoraproject.org>
+---
+ Makefile.util.def                   |   6 +++
+ grub-core/Makefile.core.def         |   5 ++
+ grub-core/commands/increment.c      | 105 ++++++++++++++++++++++++++++++++++++
+ util/grub.d/01_fallback_counting.in |  22 ++++++++
+ 4 files changed, 138 insertions(+)
+ create mode 100644 grub-core/commands/increment.c
+ create mode 100644 util/grub.d/01_fallback_counting.in
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index 08cc98ddb8b..eca3dfa753f 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -448,6 +448,12 @@ script = {
+   installdir = grubconf;
+ };
+ 
++script = {
++  name = '01_fallback_counting';
++  common = util/grub.d/01_fallback_counting.in;
++  installdir = grubconf;
++};
++
+ script = {
+   name = '01_menu_auto_hide';
+   common = util/grub.d/01_menu_auto_hide.in;
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 6864e780fd4..c8a50b4fcfa 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -362,6 +362,11 @@ kernel = {
+   extra_dist = kern/mips/cache_flush.S;
+ };
+ 
++module = {
++  name = increment;
++  common = commands/increment.c;
++};
++
+ program = {
+   name = grub-emu;
+   mansection = 1;
+diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c
+new file mode 100644
+index 00000000000..79cf137656c
+--- /dev/null
++++ b/grub-core/commands/increment.c
+@@ -0,0 +1,105 @@
++/* increment.c - Commands to increment and decrement variables. */
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2006,2007,2008  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <grub/dl.h>
++#include <grub/term.h>
++#include <grub/time.h>
++#include <grub/types.h>
++#include <grub/misc.h>
++#include <grub/extcmd.h>
++#include <grub/i18n.h>
++#include <grub/env.h>
++
++GRUB_MOD_LICENSE ("GPLv3+");
++
++typedef enum {
++    INCREMENT,
++    DECREMENT,
++} operation;
++
++static grub_err_t
++incr_decr(operation op, int argc, char **args)
++{
++  const char *old;
++  char *new;
++  long value;
++
++  if (argc < 1)
++    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified"));
++  if (argc > 1)
++    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments"));
++
++  old = grub_env_get (*args);
++  if (!old)
++    return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""),
++		       *args);
++
++  value = grub_strtol (old, NULL, 0);
++  if (grub_errno != GRUB_ERR_NONE)
++    return grub_errno;
++
++  switch (op)
++    {
++    case INCREMENT:
++      value += 1;
++      break;
++    case DECREMENT:
++      value -= 1;
++      break;
++    }
++
++  new = grub_xasprintf ("%ld", value);
++  if (!new)
++    return grub_errno;
++
++  grub_env_set (*args, new);
++  grub_free (new);
++
++  return GRUB_ERR_NONE;
++}
++
++static grub_err_t
++grub_cmd_incr(struct grub_command *cmd UNUSED,
++              int argc, char **args)
++{
++  return incr_decr(INCREMENT, argc, args);
++}
++
++static grub_err_t
++grub_cmd_decr(struct grub_command *cmd UNUSED,
++              int argc, char **args)
++{
++  return incr_decr(DECREMENT, argc, args);
++}
++
++static grub_command_t cmd_incr, cmd_decr;
++
++GRUB_MOD_INIT(increment)
++{
++  cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"),
++                                    N_("increment VARIABLE"));
++  cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"),
++                                    N_("decrement VARIABLE"));
++}
++
++GRUB_MOD_FINI(increment)
++{
++  grub_unregister_command (cmd_incr);
++  grub_unregister_command (cmd_decr);
++}
+diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in
+new file mode 100644
+index 00000000000..be0e770ea82
+--- /dev/null
++++ b/util/grub.d/01_fallback_counting.in
+@@ -0,0 +1,22 @@
++#! /bin/sh -e
++
++# Boot Counting
++# The boot_counter env var can be used to count down boot attempts after an
++# OSTree upgrade and choose the rollback deployment when 0 is reached.  Both
++# boot_counter and boot_success need to be (re-)set from userspace.
++cat << EOF
++insmod increment
++# Check if boot_counter exists and boot_success=0 to activate this behaviour.
++if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
++  # if countdown has ended, choose to boot rollback deployment (default=1 on
++  # OSTree-based systems)
++  if  [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
++    set default=1
++    set boot_counter=-1
++  # otherwise decrement boot_counter
++  else
++    decrement boot_counter
++  fi
++  save_env boot_counter
++fi
++EOF

SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch

@@ -0,0 +1,165 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Glombek <lorbus@fedoraproject.org>
+Date: Tue, 2 Apr 2019 16:22:21 +0200
+Subject: [PATCH] grub.d: Split out boot success reset from menu auto hide
+ script
+
+Also rename fallback and menu auto hide script to be executed
+before and after boot success reset script.
+In menu auto hide script, rename last_boot_ok var to menu_hide_ok
+---
+ Makefile.util.def                                  | 14 ++++++++----
+ ...allback_counting.in => 08_fallback_counting.in} | 14 ++++++------
+ util/grub.d/10_reset_boot_success.in               | 25 ++++++++++++++++++++++
+ .../{01_menu_auto_hide.in => 12_menu_auto_hide.in} | 23 +++++---------------
+ 4 files changed, 48 insertions(+), 28 deletions(-)
+ rename util/grub.d/{01_fallback_counting.in => 08_fallback_counting.in} (65%)
+ create mode 100644 util/grub.d/10_reset_boot_success.in
+ rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%)
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index eca3dfa753f..5062a0e50fa 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -449,14 +449,14 @@ script = {
+ };
+ 
+ script = {
+-  name = '01_fallback_counting';
+-  common = util/grub.d/01_fallback_counting.in;
++  name = '08_fallback_counting';
++  common = util/grub.d/08_fallback_counting.in;
+   installdir = grubconf;
+ };
+ 
+ script = {
+-  name = '01_menu_auto_hide';
+-  common = util/grub.d/01_menu_auto_hide.in;
++  name = '12_menu_auto_hide';
++  common = util/grub.d/12_menu_auto_hide.in;
+   installdir = grubconf;
+ };
+ 
+@@ -515,6 +515,12 @@ script = {
+   condition = COND_HOST_LINUX;
+ };
+ 
++script = {
++  name = '10_reset_boot_success';
++  common = util/grub.d/10_reset_boot_success.in;
++  installdir = grubconf;
++};
++
+ script = {
+   name = '10_xnu';
+   common = util/grub.d/10_xnu.in;
+diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_counting.in
+similarity index 65%
+rename from util/grub.d/01_fallback_counting.in
+rename to util/grub.d/08_fallback_counting.in
+index be0e770ea82..2e2c3ff7d31 100644
+--- a/util/grub.d/01_fallback_counting.in
++++ b/util/grub.d/08_fallback_counting.in
+@@ -1,15 +1,17 @@
+ #! /bin/sh -e
+-
+-# Boot Counting
++# Fallback Countdown
++#
++# This snippet depends on 10_reset_boot_success and needs to be kept in sync.
++#
+ # The boot_counter env var can be used to count down boot attempts after an
+-# OSTree upgrade and choose the rollback deployment when 0 is reached.  Both
+-# boot_counter and boot_success need to be (re-)set from userspace.
++# OSTree upgrade and choose the rollback deployment when 0 is reached.
++# Both boot_counter=X and boot_success=1 need to be set from userspace.
+ cat << EOF
+ insmod increment
+ # Check if boot_counter exists and boot_success=0 to activate this behaviour.
+ if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
+-  # if countdown has ended, choose to boot rollback deployment (default=1 on
+-  # OSTree-based systems)
++  # if countdown has ended, choose to boot rollback deployment,
++  # i.e. default=1 on OSTree-based systems.
+   if  [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
+     set default=1
+     set boot_counter=-1
+diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
+new file mode 100644
+index 00000000000..6c88d933dde
+--- /dev/null
++++ b/util/grub.d/10_reset_boot_success.in
+@@ -0,0 +1,25 @@
++#! /bin/sh -e
++# Reset Boot Success
++#
++# The 08_fallback_counting and 12_menu_auto_hide snippets rely on this one
++# and need to be kept in sync.
++#
++# The boot_success var needs to be set to 1 from userspace to mark a boot successful.
++cat << EOF
++insmod increment
++# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
++  set menu_hide_ok=1
++else
++  set menu_hide_ok=0 
++fi
++# Reset boot_indeterminate after a successful boot, increment otherwise
++if [ "\${boot_success}" = "1" ] ; then
++  set boot_indeterminate=0
++else
++  increment boot_indeterminate
++fi
++# Reset boot_success for current boot 
++set boot_success=0
++save_env boot_success boot_indeterminate
++EOF
+diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in
+similarity index 58%
+rename from util/grub.d/01_menu_auto_hide.in
+rename to util/grub.d/12_menu_auto_hide.in
+index ad175870a54..6a7c0fa0d43 100644
+--- a/util/grub.d/01_menu_auto_hide.in
++++ b/util/grub.d/12_menu_auto_hide.in
+@@ -1,5 +1,8 @@
+ #! /bin/sh
+-
++# Menu Auto Hide
++#
++# This snippet depends on 10_reset_boot_success and needs to be kept in sync.
++#
+ # Disable / skip generating menu-auto-hide config parts on serial terminals
+ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
+   case "$x" in
+@@ -10,29 +13,13 @@ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
+ done
+ 
+ cat << EOF
+-if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
+-  set last_boot_ok=1
+-else
+-  set last_boot_ok=0
+-fi
+-
+-# Reset boot_indeterminate after a successful boot
+-if [ "\${boot_success}" = "1" ] ; then
+-  set boot_indeterminate=0
+-# Avoid boot_indeterminate causing the menu to be hidden more then once
+-elif [ "\${boot_indeterminate}" = "1" ]; then
+-  set boot_indeterminate=2
+-fi
+-set boot_success=0
+-save_env boot_success boot_indeterminate
+-
+ if [ x\$feature_timeout_style = xy ] ; then
+   if [ "\${menu_show_once}" ]; then
+     unset menu_show_once
+     save_env menu_show_once
+     set timeout_style=menu
+     set timeout=60
+-  elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then
++  elif [ "\${menu_auto_hide}" -a "\${menu_hide_ok}" = "1" ]; then
+     set orig_timeout_style=\${timeout_style}
+     set orig_timeout=\${timeout}
+     if [ "\${fastboot}" = "1" ]; then

SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch

@@ -0,0 +1,75 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 26 Nov 2019 09:51:41 +0100
+Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0
+ boot
+
+The "grub.d: Split out boot success reset from menu auto hide script"
+not only moved the code to clear boot_success and boot_indeterminate
+but for some reason also mixed in some broken changes to the
+boot_indeterminate handling.
+
+The boot_indeterminate var is meant to suppress the boot menu after
+a reboot from either a selinux-relabel or offline-updates. These
+2 special boot scenarios do not set boot_success since there is no
+successfull interaction with the user. Instead they increment
+boot_indeterminate, and if it is 1 and only when it is 1, so the
+first reboot after a "special" boot we suppress the menu.
+
+To ensure that we do show the menu if we somehow get stuck in a
+"special" boot loop where we do special-boots without them
+incrementing boot_indeterminate, the code before the
+"grub.d: Split out boot success reset from menu auto hide script"
+commit would increment boot_indeterminate once when it is 1, so that
+even if the "special" boot reboot-loop immediately we would show the
+menu on the next boot.
+
+That commit broke this however, because it not only moves the code,
+it also changes it from only "incrementing" boot_indeterminate once to
+always incrementing it, except when boot_success == 1 (and we reset it).
+
+This broken behavior causes the following problem:
+
+1. Boot a broken kernel, system hangs, power-cycle
+2. boot_success now != 1, so we increment boot_indeterminate from 0
+   (unset!) to 1. User either simply tries again, or makes some changes
+   but the end-result still is a system hang, power-cycle
+3. Now boot_indeterminate==1 so we do not show the menu even though the
+   previous boot failed -> BAD
+
+This commit fixes this by restoring the behavior of setting
+boot_indeterminate to 2 when it was 1 before.
+
+Fixes: "grub.d: Split out boot success reset from menu auto hide script"
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub.d/10_reset_boot_success.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
+index 6c88d933dde..737e1ae5b68 100644
+--- a/util/grub.d/10_reset_boot_success.in
++++ b/util/grub.d/10_reset_boot_success.in
+@@ -6,18 +6,18 @@
+ #
+ # The boot_success var needs to be set to 1 from userspace to mark a boot successful.
+ cat << EOF
+-insmod increment
+ # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
+ if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
+   set menu_hide_ok=1
+ else
+   set menu_hide_ok=0 
+ fi
+-# Reset boot_indeterminate after a successful boot, increment otherwise
++# Reset boot_indeterminate after a successful boot
+ if [ "\${boot_success}" = "1" ] ; then
+   set boot_indeterminate=0
+-else
+-  increment boot_indeterminate
++# Avoid boot_indeterminate causing the menu to be hidden more then once
++elif [ "\${boot_indeterminate}" = "1" ]; then
++  set boot_indeterminate=2
+ fi
+ # Reset boot_success for current boot 
+ set boot_success=0

SOURCES/grub.macros

@@ -387,7 +387,7 @@ GRUB_MODULES="	all_video boot blscfg btrfs			\\\
 		cat configfile					\\\
 		echo efi_netfs efifwsetup efinet ext2		\\\
 		fat font gfxmenu gfxterm gzio			\\\
-		halt hfsplus http iso9660 jpeg			\\\
+		halt hfsplus http increment iso9660 jpeg	\\\
 		loadenv loopback linux lvm lsefi lsefimmap	\\\
 		mdraid09 mdraid1x minicmd net			\\\
 		normal part_apple part_msdos part_gpt		\\\

SOURCES/grub.patches

@@ -213,59 +213,68 @@ Patch0212: 0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch
 Patch0213: 0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch
 Patch0214: 0214-efinet-also-use-the-firmware-acceleration-for-http.patch
 Patch0215: 0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch
-Patch0216: 0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch
-Patch0217: 0217-Force-everything-to-use-python3.patch
-Patch0218: 0218-Fix-an-8-year-old-typo.patch
-Patch0219: 0219-autogen-don-t-run-autoreconf-in-the-topdir.patch
-Patch0220: 0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
-Patch0221: 0221-module-verifier-make-it-possible-to-run-checkers-on-.patch
-Patch0222: 0222-grub-module-verifier-report-the-filename-or-modname-.patch
-Patch0223: 0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
-Patch0224: 0224-Rework-how-the-fdt-command-builds.patch
-Patch0225: 0225-Disable-non-wordsize-allocations-on-arm.patch
-Patch0226: 0226-strip-R-.note.gnu.property-at-more-places.patch
-Patch0227: 0227-Prepend-prefix-when-HTTP-path-is-relative.patch
-Patch0228: 0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
-Patch0229: 0229-Mark-some-unused-stuff-unused.patch
-Patch0230: 0230-Make-grub_error-more-verbose.patch
-Patch0231: 0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch
-Patch0232: 0232-drop-TPM-support-for-legacy-BIOS.patch
-Patch0233: 0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
-Patch0234: 0234-Include-blscfg-module-for-powerpc-ieee1275.patch
-Patch0235: 0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
-Patch0236: 0236-Fix-getroot.c-s-trampolines.patch
-Patch0237: 0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
-Patch0238: 0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
-Patch0239: 0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
-Patch0240: 0240-grub-get-kernel-settings-expose-some-more-config-var.patch
-Patch0241: 0241-blscfg-sort-everything-with-rpm-package-comparison.patch
-Patch0242: 0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
-Patch0243: 0243-don-t-set-saved_entry-on-grub2-mkconfig.patch
-Patch0244: 0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
-Patch0245: 0245-Make-blscfg-debug-messages-more-useful.patch
-Patch0246: 0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
-Patch0247: 0247-Fix-menu-entry-selection-based-on-ID-and-title.patch
-Patch0248: 0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
-Patch0249: 0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
-Patch0250: 0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch
-Patch0251: 0251-10_linux_bls-add-missing-menu-entries-options.patch
-Patch0252: 0252-Fix-menu-entry-selection-based-on-title.patch
-Patch0253: 0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
-Patch0254: 0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
-Patch0255: 0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
-Patch0256: 0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
-Patch0257: 0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
-Patch0258: 0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
-Patch0259: 0259-HTTP-boot-strncmp-returns-0-on-equal.patch
-Patch0260: 0260-Don-t-duplicate-net-name-string-if-not-needed.patch
-Patch0261: 0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
-Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
-Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
-Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
-Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
-Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
-Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
-Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
-Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
-Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
-Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch
+Patch0216: 0216-Force-everything-to-use-python3.patch
+Patch0217: 0217-Fix-an-8-year-old-typo.patch
+Patch0218: 0218-autogen-don-t-run-autoreconf-in-the-topdir.patch
+Patch0219: 0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch
+Patch0220: 0220-module-verifier-make-it-possible-to-run-checkers-on-.patch
+Patch0221: 0221-grub-module-verifier-report-the-filename-or-modname-.patch
+Patch0222: 0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch
+Patch0223: 0223-Rework-how-the-fdt-command-builds.patch
+Patch0224: 0224-Disable-non-wordsize-allocations-on-arm.patch
+Patch0225: 0225-strip-R-.note.gnu.property-at-more-places.patch
+Patch0226: 0226-Prepend-prefix-when-HTTP-path-is-relative.patch
+Patch0227: 0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
+Patch0228: 0228-Mark-some-unused-stuff-unused.patch
+Patch0229: 0229-Make-grub_error-more-verbose.patch
+Patch0230: 0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch
+Patch0231: 0231-drop-TPM-support-for-legacy-BIOS.patch
+Patch0232: 0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
+Patch0233: 0233-Include-blscfg-module-for-powerpc-ieee1275.patch
+Patch0234: 0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
+Patch0235: 0235-Fix-getroot.c-s-trampolines.patch
+Patch0236: 0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch
+Patch0237: 0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch
+Patch0238: 0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch
+Patch0239: 0239-grub-get-kernel-settings-expose-some-more-config-var.patch
+Patch0240: 0240-blscfg-sort-everything-with-rpm-package-comparison.patch
+Patch0241: 0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch
+Patch0242: 0242-don-t-set-saved_entry-on-grub2-mkconfig.patch
+Patch0243: 0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch
+Patch0244: 0244-Make-blscfg-debug-messages-more-useful.patch
+Patch0245: 0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch
+Patch0246: 0246-Fix-menu-entry-selection-based-on-ID-and-title.patch
+Patch0247: 0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch
+Patch0248: 0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch
+Patch0249: 0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch
+Patch0250: 0250-10_linux_bls-add-missing-menu-entries-options.patch
+Patch0251: 0251-Fix-menu-entry-selection-based-on-title.patch
+Patch0252: 0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch
+Patch0253: 0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch
+Patch0254: 0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch
+Patch0255: 0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch
+Patch0256: 0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
+Patch0257: 0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch
+Patch0258: 0258-HTTP-boot-strncmp-returns-0-on-equal.patch
+Patch0259: 0259-Don-t-duplicate-net-name-string-if-not-needed.patch
+Patch0260: 0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch
+Patch0261: 0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
+Patch0262: 0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
+Patch0263: 0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
+Patch0264: 0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch
+Patch0265: 0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch
+Patch0266: 0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
+Patch0267: 0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch
+Patch0268: 0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
+Patch0269: 0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch
+Patch0270: 0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch
+Patch0271: 0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch
+Patch0272: 0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch
+Patch0273: 0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch
+Patch0274: 0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch
+Patch0275: 0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch
+Patch0276: 0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
+Patch0277: 0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch
+Patch0278: 0278-Reimplement-boot_counter.patch
+Patch0279: 0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch
+Patch0280: 0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch

SPECS/grub2.spec

@@ -7,7 +7,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	81%{?dist}
+Release:	84%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@@ -498,6 +498,27 @@ fi
 %endif
 
 %changelog
+* Tue May 19 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-84
+- Add fixes for greenboot support
+  Resolves: rhbz#1832336
+
+* Mon May 18 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-83
+- Fix a segfault in grub2-editenv when attempting to shrink a variable
+  Resolves: rhbz#1761496
+
+* Mon Apr 27 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.02-82
+- Drop "Disable multiboot, multiboot2, and linux16 modules on EFI builds"
+  Resolves: rhbz#1779480
+- efi/http: Export {fw,http}_path variables to make them global
+  Resolves: rhbz#1811561
+- efi/http: Enclose literal IPv6 addresses in square brackets
+- efi/net: Allow to specify a port number in addresses
+- efi/ip4_config: Improve check to detect literal IPv6 addresses
+- efi/net: Print a debug message if parsing the address fails
+  Resolves: rhbz#1811560
+- Set image base address before jumping to the PE/COFF entry point
+  Resolves: rhbz#1819624
+
 * Thu Dec 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-81
 - Another fix for blscfg variable expansion support
   Related: rhbz#1669252