[ubuntu/focal-security] grub2-unsigned 2.06-2ubuntu14.1 (Accepted)

Mark Esler mark.esler at canonical.com
Thu Sep 7 21:04:15 UTC 2023

grub2-unsigned (2.06-2ubuntu14.1) kinetic; urgency=medium

  * Cherry-pick all memory patches from rhboot
    - Allocate initrd > 4 GB (LP: #1842320)
    - Allocate kernels as code, not data (needed for newer firmware)
  * ubuntu: Fix casts on i386-efi target
  * Cherry-pick all the 2.12 memory management changes (LP: #1842320)
  * Allocate executables as CODE, not DATA in chainloader and arm64

grub2 (2.06-2ubuntu14) kinetic; urgency=medium

  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Enforce verification of fonts when secure boot is enabled:
    - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
  * Fix LP: #1997006 - add support for performing measurements to RTMRs
    - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
    - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
    - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
  * Fix the squashfs tests during the build
    - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
    - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in

grub2 (2.06-2ubuntu13) kinetic; urgency=medium

  * Try to pick better locations for kernel and initrd (LP: #1989446)
  * x86-efi: Use bounce buffers for reading to addresses > 4GB (enhances
    firmware compatibility of previous change)

grub2 (2.06-2ubuntu12) kinetic; urgency=medium

  * ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143)

grub2 (2.06-2ubuntu11) kinetic; urgency=medium

  [ Mauricio Faria de Oliveira ]
  * linux_xen: Properly handle multiple initrd files (LP: #1987567)
    - d/p/linux_xen-Properly-load-multiple-initrd-files.patch
    - d/p/linux_xen-Properly-order-multiple-initrd-files.patch
  * Fix for ZFS snapshots without etc directory.
    Thanks to Adam R Bell <a_0x07 at protonmail.ch> (LP: #1965983)

  [ Heinrich Schuchardt ]
  * efi/peimage: fix typos in code comments

  [ dann frazier ]
  * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924)
    - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch

grub2 (2.06-2ubuntu10) kinetic; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
    write in heap.
    - 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
      video/readers/png: Drop greyscale support to fix heap out-of-bounds write
    - CVE-2021-3695
  * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
    huffman table handling.
    - 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
      video/readers/png: Avoid heap OOB R/W inserting huff table items
    - CVE-2021-3696
  * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
    the heap.
    - 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
      video/readers/jpeg: Block int underflow -> wild pointer write
    - CVE-2021-3697
  * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
    - 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
      maths safely
    - CVE-2022-28733
  * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
    - 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
      OOB write for split http headers
    - CVE-2022-28734
  * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
    - 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
      kern/efi/sb: Reject non-kernel files in the shim_lock verifier
    - CVE-2022-28735
  * SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
    - 0130-loader-efi-chainloader-simplify-the-loader-state.patch:
      loader/efi/chainloader: simplify the loader state
    - 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
      Add API to pass context to loader
    - 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
      loader/efi/chainloader: Use grub_loader_set_ex
    - 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
      loader/i386/efi/linux: Use grub_loader_set_ex
  * Various fixes as a result of fuzzing and static analysis:
    - 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch:
      loader/efi/chainloader: grub_load_and_start_image doesn't load and start
    - 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch:
      loader/i386/efi/linux: Fix a memory leak in the initrd command
    - 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
      kern/file: Do not leak device_name on error in grub_file_open()
    - 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
      video/readers/png: Abort sooner if a read operation fails
    - 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
      video/readers/png: Refuse to handle multiple image headers
    - 0141-video-readers-png-Sanity-check-some-huffman-codes.patch:
      video/readers/png: Sanity check some huffman codes
    - 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
      video/readers/jpeg: Abort sooner if a read operation fails
    - 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
      video/readers/jpeg: Do not reallocate a given huff table
    - 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
      video/readers/jpeg: Refuse to handle multiple start of streams
    - 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
      normal/charset: Fix array out-of-bounds formatting unicode for display
    - 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch:
      net/netbuff: Block overly large netbuff allocs
    - 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
      net/dns: Fix double-free addresses on corrupt DNS response
    - 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
      net/dns: Don't read past the end of the string we're checking against
    - 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
      net/tftp: Prevent a UAF and double-free from a failed seek
    - 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
    - 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
      net/http: Do not tear down socket if it's already been torn down
    - 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch:
      net/http: Error out on headers with LF without CR
    - 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
      fs/f2fs: Do not read past the end of nat journal entries
    - 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
      fs/f2fs: Do not read past the end of nat bitmap
    - 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
      fs/f2fs: Do not copy file names that are too long
    - 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
      fs/btrfs: Fix several fuzz issues with invalid dir item sizing
    - 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
      fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
    - 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
      fs/btrfs: Fix more fuzz issues related to chunks
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in
  * Make the grub2/no_efi_extra_removable setting work correctly
    - update debian/postinst.in
  * Build grub2-unsigned packages with xz compression for compatibility
    with xenial dpkg
    - update debian/rules

  [ Steve Langasek ]
  * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for
    necessary arm relocation support.  LP: #1926748.
  * debian/postinst.in: Unconditionally call grub-install with
    --force-extra-removable on xenial and bionic, so that the \EFI\BOOT
    removable path as used in cloud images receives the updates.  LP: #1930742.

grub2 (2.06-2ubuntu7) jammy; urgency=medium

  [ Heinrich Schuchardt ]
  * Disable LOAD FILE2 protocol for initrd on ARM (LP: #1967562)

grub2 (2.06-2ubuntu6) jammy; urgency=medium

  [ Heinrich Schuchardt ]
  * efivar: check that efivarfs is writeable (LP: #1965288)

  [ Dimitri John Ledkov ]
  * Do not validate kernels twice. (LP: #1964943)

  [ Heinrich Schuchardt ]
  * efi: EFI Device Tree Fixup Protocol (LP: #1965796)
  * fdt: add debug output to devicetree command

grub2 (2.06-2ubuntu5) jammy; urgency=medium

  [ Julian Andres Klode ]
  * Free correct size when freeing params, rather than 16 Ki (LP: #1958623)
  * Build with FUSE3 (LP: #1935659)
  * Only run os-prober on first run and if it previously found other OS
    (LP: #1955109)

  [ Heinrich Schuchardt ]
  * Rename grub-core/loader/efi/linux.c
  * Add patches for GRUB on RISC-V
  * fat: fix listing the root directory
  * Enable building for RISC-V (LP: #1876620)

  [ Julian Andres Klode ]
  * Re-enable peimage code on other archs outside secure boot; this
    fixes LP: #1947046 when not booting in secure boot mode (secure
    boot pending security review of the code)

grub2 (2.06-2ubuntu4) jammy; urgency=medium

  * UBUNTU: Move verifiers after decompressors (LP: #1954683)
  * grub-check-signatures: Support gzip compressed kernels (LP: #1954683)

grub2 (2.06-2ubuntu3) jammy; urgency=medium

  * Cherry-pick the missing hunk back that changes parameter loading
    in grub-core/loader/i386/linux.c, this should fix booting on
    BIOS systems.
  * Fix the fallback for kernel addresses on amd64 EFI, if the kernel
    could not be allocated at the preferred address, reset errno such
    that if the 2nd allocation succeeds, we do not fail erroneously.

grub2 (2.06-2ubuntu2) jammy; urgency=medium

  * Restore still relevant patches lost in rebase.
    They got lost in a first rebase, when we did not include
    ubuntu-linuxefi.patch as they modify code in there.
    - no-devicetree-if-secure-boot.patch
    - 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch
    - 0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch
    - 0099-chainloader-Avoid-a-double-free-when-validation-fail.patch
    - 0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch

grub2 (2.06-2ubuntu1) jammy; urgency=medium

  * Merge from Debian unstable; remaining changes:
    - Build without lto
    - Add Ubuntu sbat data
    - Make prebuilt netboot image look for MAAS grub.cfg
    - build-efi-images: add smbios module to the prebuilt signed EFI images
      (LP: 1856424)
    - build-efi-images: do not produce -installer.efi.signed. LP: 1863994
    - build-efi-images: Add http to netboot images
    - grub-common: Install canonical-uefi-ca.crt
    - Check signatures
    - minilzo: built using the distribution's minilzo
    - Support installing to multiple ESP (LP: 1871821)
    - Disable various bits on i386
    - Split out unsigned artefacts into grub2-unsigned
    - Vcs-Git: Point to ubuntu packaging branch
    - Relax dependencies on grub-common and grub2-common
    - grub-pc: Avoid the possibility of breaking grub on SRU update due
      to ABI change
    - UBUNTU: Default timeout changes
    - Disable os-prober for ppc64el on the PowerNV platform (for Petitboot)
    - dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar)
    - Link grub-efi-{amd64,arm64}-bin docs directory
    - grub-common.service: port init.d script to systemd unit. Add warning
      message, when initrdless boot fails triggering fallback. LP: 1901553
    - Removed patches:
      - grub-install-extra-removable.patch
      - grub-install-removable-shim.patch
    - Added patches:
      + ubuntu-grub-install-extra-removable.patch
      + ubuntu-zfs-enhance-support.patch
      + ubuntu-zfs-gfxpayload-keep-default.patch
      + ubuntu-zfs-mkconfig-ubuntu-distributor.patch
      + ubuntu-zfs-mkconfig-signed-kernel.patch
      + ubuntu-zfs-maybe-quiet.patch
      + ubuntu-zfs-quick-boot.patch
      + ubuntu-zfs-gfxpayload-dynamic.patch
      + ubuntu-zfs-vt-handoff.patch
      + ubuntu-zfs-mkconfig-recovery-title.patch
      + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
      + ubuntu-support-initrd-less-boot.patch
      + ubuntu-shorter-version-info.patch
      + ubuntu-add-initrd-less-boot-fallback.patch
      + ubuntu-mkconfig-leave-breadcrumbs.patch
      + ubuntu-fix-lzma-decompressor-objcopy.patch
      + ubuntu-temp-keep-auto-nvram.patch
      + ubuntu-add-devicetree-command-support.patch
      + ubuntu-boot-from-multipath-dependent-symlink.patch
      + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch
      + ubuntu-efi-allow-loopmount-chainload.patch
      + 0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch
      + ubuntu-resilient-boot-ignore-alternative-esps.patch
      + ubuntu-resilient-boot-boot-order.patch
      + ubuntu-speed-zsys-history.patch
      + ubuntu-flavour-order.patch
      + ubuntu-dont-verify-loopback-images.patch
      + ubuntu-recovery-dis_ucode_ldr.patch
      + ubuntu-linuxefi-arm64.patch
      + ubuntu-add-initrd-less-boot-messages.patch
      + ubuntu-fix-reproducible-squashfs-test.patch
      + rhboot-f34-make-exit-take-a-return-code.patch
      + rhboot-f34-dont-use-int-for-efi-status.patch
      + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch
      + suse-add-support-for-UEFI-network-protocols.patch
      + suse-AUDIT-0-http-boot-tracker-bug.patch
      + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch
      + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch
  * Dropped changes:
    - Remove obsolete dependencies on dh-autoreconf and automake
    - Remove explicit --with systemd in debhelper invocation
    - Remove debian/gettext-patches; they do not seem to be necessary anymore
    - Remove inadvertent change to debian/signing-template.json.in, we do not
      use that file anyway.
    - Merged upstream:
      + merged: 0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch
      + merged: 0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch
      + merged security patches 0081-0105, and 0128-0240
      + various cherry picks: cherry-* and cherrypick-*.patch
      + grub-install-backup-and-restore.patch
      + uefi-firmware-setup.patch
      + sleep-shift.patch
      + vsnprintf-upper-case-hex.patch
      + rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch
      + suse-search-for-specific-config-files-for-netboot.patch
      + tftp-rollover-block-counter.patch
      + ubuntu-efi-console-set-text-mode-as-needed.patch
    - Merged in Debian:
      + install-efi-ubuntu-flavours.patch
      + ubuntu-dejavu-font-path.patch
      + ubuntu-tpm-unknown-error-non-fatal.patch
    - Not applicable:
      + 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch: The
        check has been removed.
  * Fix zstd build on s390x
  * Cherry-pick two upstream fixes to fix closing of SNP protocol in EFI
    networking stack
  * Build with -O1 on s390x to avoid build failure due to gcc optimization
    failure causing it to wrongly assume variables as uninitialized.
  * Revert integration of jfs and f2fs modules into signed images, we do not
    support these file systems on /boot.

grub2 (2.06-2) unstable; urgency=medium

  * Update to minilzo-2.10, fixing build failures on armel, mips64el,
    mipsel, and ppc64el.

grub2 (2.06-1) unstable; urgency=medium

  * Use "command -v" in maintainer scripts rather than "which".
  * New upstream release.
    - Switch to the upstream shim_lock verifier, dropping several more
      manual checks for UEFI Secure Boot.
  * Cherry-pick from upstream:
    - fs/xfs: Fix unreadable filesystem with v4 superblock
    - tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd"
      (closes: #997100)
  * Remove dir_to_symlink maintainer script code, which was only needed for
    upgrades from before jessie.

grub2 (2.04-20) unstable; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * tpm: Pass unknown error as non-fatal, but debug print the error we got
    (closes: #940911, LP: #1848892).

grub2 (2.04-19) unstable; urgency=medium

  * Resync grub-install backup and restore patches from upstream, fixing
    problems that left the system unbootable after certain kinds of failure
    (closes: #983435).

grub2 (2.04-18) unstable; urgency=medium

  [ Steve McIntyre ]
  * Enable the shim_lock and tpm modules for i386-efi too. Ensure that
    tpm is included in our EFI images.
  * List the modules we include the EFI images - make it easier to
    debug things.
  * Add debug to display what's going on with verifiers

  [ Colin Watson ]
  * util/mkimage: Some fixes to PE binaries section size calculation
    (closes: #987103).

grub2 (2.04-17) unstable; urgency=medium

  * Pass --sbat when building the d-i netboot image as well.
  * i386-pc: build verifiers API as module (thanks, Michael Chang; closes:
    #984488, #985374).

grub2 (2.04-16) unstable; urgency=medium

  * Fix broken advice in message when the postinst has to bail out (thanks
    to Daniel Leidert for pointing out the problem).
  * Backport security patch series from upstream:
    - verifiers: Move verifiers API to kernel image
    - kern: Add lockdown support
    - kern/lockdown: Set a variable if the GRUB is locked down
    - efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
    - efi: Use grub_is_lockdown() instead of hardcoding a disabled modules
    - CVE-2020-14372: acpi: Don't register the acpi command when locked down
    - CVE-2020-27779: mmap: Don't register cutmem and badram commands when
      lockdown is enforced
    - commands: Restrict commands that can load BIOS or DT blobs when locked
    - commands/setpci: Restrict setpci command when locked down
    - commands/hdparm: Restrict hdparm command when locked down
    - gdb: Restrict GDB access when locked down
    - loader/xnu: Don't allow loading extension and packages when locked
    - docs: Document the cutmem command
    - CVE-2020-25632: dl: Only allow unloading modules that are not
    - CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by
      malicious devices
    - mmap: Fix memory leak when iterating over mapped memory
    - net/net: Fix possible dereference to of a NULL pointer
    - net/tftp: Fix dangling memory pointer
    - kern/parser: Fix resource leak if argc == 0
    - kern/efi: Fix memory leak on failure
    - kern/efi/mm: Fix possible NULL pointer dereference
    - gnulib/regexec: Resolve unused variable
    - gnulib/regcomp: Fix uninitialized token structure
    - gnulib/argp-help: Fix dereference of a possibly NULL state
    - gnulib/regexec: Fix possible null-dereference
    - gnulib/regcomp: Fix uninitialized re_token
    - io/lzopio: Resolve unnecessary self-assignment errors
    - zstd: Initialize seq_t structure fully
    - kern/partition: Check for NULL before dereferencing input string
    - disk/ldm: Make sure comp data is freed before exiting from make_vg()
    - disk/ldm: If failed then free vg variable too
    - disk/ldm: Fix memory leak on uninserted lv references
    - disk/cryptodisk: Fix potential integer overflow
    - hfsplus: Check that the volume name length is valid
    - zfs: Fix possible negative shift operation
    - zfs: Fix resource leaks while constructing path
    - zfs: Fix possible integer overflows
    - zfsinfo: Correct a check for error allocating memory
    - affs: Fix memory leaks
    - libgcrypt/mpi: Fix possible unintended sign extension
    - libgcrypt/mpi: Fix possible NULL dereference
    - syslinux: Fix memory leak while parsing
    - normal/completion: Fix leaking of memory when processing a completion
    - commands/hashsum: Fix a memory leak
    - video/efi_gop: Remove unnecessary return value of
    - video/fb/fbfill: Fix potential integer overflow
    - video/fb/video_fb: Fix multiple integer overflows
    - video/fb/video_fb: Fix possible integer overflow
    - video/readers/jpeg: Test for an invalid next marker reference from a
      jpeg file
    - gfxmenu/gui_list: Remove code that coverity is flagging as dead
    - loader/bsd: Check for NULL arg up-front
    - loader/xnu: Fix memory leak
    - loader/xnu: Free driverkey data when an error is detected in
    - loader/xnu: Check if pointer is NULL before using it
    - util/grub-install: Fix NULL pointer dereferences
    - util/grub-editenv: Fix incorrect casting of a signed value
    - util/glue-efi: Fix incorrect use of a possibly negative value
    - script/execute: Fix NULL dereference in grub_script_execute_cmdline()
    - commands/ls: Require device_name is not NULL before printing
    - script/execute: Avoid crash when using "$#" outside a function scope
    - CVE-2021-20225: lib/arg: Block repeated short options that require an
    - script/execute: Don't crash on a "for" loop with no items
    - CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix()
    - kern/misc: Always set *end in grub_strtoull()
    - video/readers/jpeg: Catch files with unsupported quantization or
      Huffman tables
    - video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du()
    - video/readers/jpeg: Don't decode data before start of stream
    - term/gfxterm: Don't set up a font with glyphs that are too big
    - fs/fshelp: Catch impermissibly large block sizes in read helper
    - fs/hfsplus: Don't fetch a key beyond the end of the node
    - fs/hfsplus: Don't use uninitialized data on corrupt filesystems
    - fs/hfs: Disable under lockdown
    - fs/sfs: Fix over-read of root object name
    - fs/jfs: Do not move to leaf level if name length is negative
    - fs/jfs: Limit the extents that getblk() can consider
    - fs/jfs: Catch infinite recursion
    - fs/nilfs2: Reject too-large keys
    - fs/nilfs2: Don't search children if provided number is too large
    - fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup()
    - io/gzio: Bail if gzio->tl/td is NULL
    - io/gzio: Add init_dynamic_block() clean up if unpacking codes fails
    - io/gzio: Catch missing values in huft_build() and bail
    - io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build()
    - disk/lvm: Don't go beyond the end of the data we read from disk
    - disk/lvm: Don't blast past the end of the circular metadata buffer
    - disk/lvm: Bail on missing PV list
    - disk/lvm: Do not crash if an expected string is not found
    - disk/lvm: Do not overread metadata
    - disk/lvm: Sanitize rlocn->offset to prevent wild read
    - disk/lvm: Do not allow a LV to be it's own segment's node's LV
    - fs/btrfs: Validate the number of stripes/parities in RAID5/6
    - fs/btrfs: Squash some uninitialized reads
    - kern/parser: Fix a memory leak
    - kern/parser: Introduce process_char() helper
    - kern/parser: Introduce terminate_arg() helper
    - kern/parser: Refactor grub_parser_split_cmdline() cleanup
    - kern/buffer: Add variable sized heap buffer
    - CVE-2020-27749: kern/parser: Fix a stack buffer overflow
    - kern/efi: Add initial stack protector implementation
    - util/mkimage: Remove unused code to add BSS section
    - util/mkimage: Use grub_host_to_target32() instead of
    - util/mkimage: Always use grub_host_to_target32() to initialize PE
      stack and heap stuff
    - util/mkimage: Unify more of the PE32 and PE32+ header set-up
    - util/mkimage: Reorder PE optional header fields set-up
    - util/mkimage: Improve data_size value calculation
    - util/mkimage: Refactor section setup to use a helper
    - util/mkimage: Add an option to import SBAT metadata into a .sbat
    - grub-install-common: Add --sbat option
    - kern/misc: Split parse_printf_args() into format parsing and va_list
    - kern/misc: Add STRING type for internal printf() format handling
    - kern/misc: Add function to check printf() format against expected
    - gfxmenu/gui: Check printf() format in the gui_progress_bar and
    - kern/mm: Fix grub_debug_calloc() compilation error
  * Add SBAT section (thanks, Chris Coulson).

grub2 (2.04-15) unstable; urgency=medium

  * Demote grub-common → mtools dependency to Suggests, to go with xorriso;
    explain the situation in the package description (closes: #982313).

grub2 (2.04-14) unstable; urgency=medium

  [ Raphaël Hertzog ]
  * Extend grub-efi to also cover arm64/ia64/arm (closes: #981819).

  [ Colin Watson ]
  * Cherry-pick from upstream:
    - grub-install: Fix inverted test for NLS enabled when copying locales
      (closes: #979754).
  * Fix handling of trailing commas in grub-pc/install_devices (closes:
  * Make grub-firmware-qemu Recommend/Enhance qemu-system-x86, not qemu
    (closes: #966243).
  * Make grub-common depend on mtools on EFI platforms, for grub-mkrescue
    (closes: #774910).

grub2 (2.04-13) unstable; urgency=medium

  [ Steve McIntyre ]
  * Switch to using the efivarfs interface for detecting "system setup"
    (Closes: #979299)

grub2 (2.04-12) unstable; urgency=medium

  * Cherry-pick from upstream:
    - mdraid1x_linux: Fix gcc10 error -Werror=array-bounds
    - zfs: Fix gcc10 error -Werror=zero-length-bounds
  * Build with GCC 10 (closes: #978515).

grub2 (2.04-11) unstable; urgency=medium

  * grub-install: Fix backup restoration on i386 (closes: #976671).

grub2 (2.04-10) unstable; urgency=medium

  [ Ian Campbell ]
  * Remove myself from uploaders.

  [ Colin Watson ]
  * When upgrading grub-pc noninteractively, bail out if grub-install fails.
    It's better to fail the upgrade than to produce a possibly-unbootable
  * Explicitly check whether the target device exists before running
    grub-install, since grub-install copies modules to /boot/grub/ before
    installing the core image, and the new modules might be incompatible
    with the old core image (closes: #966575).
  * Cherry-pick from upstream:
    - tftp: Roll-over block counter to prevent data packets timeouts
      (LP: #1892290).

  [ Dimitri John Ledkov ]
  * grub-install: Add backup and restore.
  * Don't call grub-install on fresh install of grub-pc.  It's the job of
    installers to do that after a fresh install.

grub2 (2.04-9) unstable; urgency=high

  * Backport security patch series from upstream:
    - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal
    - safemath: Add some arithmetic primitives that check for overflow
    - calloc: Make sure we always have an overflow-checking calloc()
    - CVE-2020-14308: calloc: Use calloc() at most places
    - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow
      checking primitives where we do complex allocations
    - iso9660: Don't leak memory on realloc() failures
    - font: Do not load more than one NAME section
    - gfxmenu: Fix double free in load_image()
    - xnu: Fix double free in grub_xnu_devprop_add_property()
    - lzma: Make sure we don't dereference past array
    - term: Fix overflow on user inputs
    - udf: Fix memory leak
    - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
    - tftp: Do not use priority queue
    - relocator: Protect grub_relocator_alloc_chunk_addr() input args
      against integer underflow/overflow
    - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against
      integer underflow
    - script: Remove unused fields from grub_script_function struct
    - CVE-2020-15706: script: Avoid a use-after-free when redefining a
      function during execution
    - relocator: Fix grub_relocator_alloc_chunk_align() top memory
    - hfsplus: fix two more overflows
    - lvm: fix two more potential data-dependent alloc overflows
    - emu: make grub_free(NULL) safe
    - efi: fix some malformed device path arithmetic errors
    - Fix a regression caused by "efi: fix some malformed device path
      arithmetic errors"
    - update safemath with fallback code for gcc older than 5.1
    - efi: Fix use-after-free in halt/reboot path
    - linux loader: avoid overflow on initrd size calculation
  * CVE-2020-15707: linux: Fix integer overflows in initrd size handling
  * Apply overflow checking to allocations in Debian patches:
    - bootp: Fix integer overflow in parse_dhcp6_option
    - unix/config: Fix integer overflow in grub_util_load_config
    - deviceiter: Fix integer overflow in grub_util_iterate_devices

grub2 (2.04-8) unstable; urgency=medium

  [ Vincent Lefevre ]
  * Fix typos in /etc/grub.d/05_debian_theme. Closes: #959484

  [ Fabian Greffrath ]
  * Change font dependency to fonts-dejavu-core. Closes: #912846

  [ Colin Watson ]
  * Cherry-pick from upstream:
    - templates/20_linux_xen: Ignore xenpolicy and config files too.
    - templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK).

  [ Ian Jackson ]
  * 20_linux_xen: Do not load XSM policy in non-XSM options (closes:

grub2 (2.04-7) unstable; urgency=medium

  [ Christian Göttsche ]
  * Create grub default configuration with default SELinux context.

  [ Steve McIntyre ]
  * In the signed packages, change the version dependency on
    grub-common to be >= and not =. This will allow for installation
    in unstable to still work in the window while we wait for the
    template package to do its second trip through the archive.
  * Tweak the build-dep architecture listing for libefiboot-dev and
    libefivar-dev. The linux-* wildcards don't work in the way
    expected, and were missing out (at least) armhf and armel.
    Closes: #958461

grub2 (2.04-6) unstable; urgency=medium

  [ Romain Perier ]
  * Add f2fs module to signed UEFI images

  [ Steve McIntyre ]
  * Add jfs module to signed UEFI images. Closes: #950959

  [ Colin Watson ]
  * Drop mkconfig-mid-upgrade.patch; it was only needed for upgrades from
    GRUB 1.99 (now a long time ago) and can inappropriately hide problems
    when /etc/grub.d/00_header should have been updated but wasn't (closes:
  * Cherry-pick from upstream:
    - btrfs: Add support for new RAID1C34 profiles (closes: #958236).

grub2 (2.04-5) unstable; urgency=medium

  * Cherry-pick from upstream:
    - verifiers: Blocklist fallout cleanup (this was one cause of a build
      failure on hurd-i386, though may not be the only one).
  * Only recommend grub-efi-*-signed on the architectures where they exist.

grub2 (2.04-4) unstable; urgency=medium

  [ Thomas Gaugler ]
  * Add leading / to prefix of network boot image for d-i.

  [ Martin von Wittich ]
  * upgrade-from-grub-legacy: Set DPKG_MAINTSCRIPT_NAME and
    DPKG_MAINTSCRIPT_PACKAGE when calling grub-pc.postinst manually (closes:

  [ Colin Watson ]
  * Use policy-compliant architecture wildcards in libefiboot-dev and
    libefivar-dev build-dependencies.
  * Build with GCC 9 (closes: #944166).

grub2 (2.04-3) unstable; urgency=medium

  * Apply patch from James Clarke to fix BIOS Boot Partition support on
    sparc64 (closes: #931969).
  * Fix UEFI installation for Devuan (thanks, Ivan J.; closes: #932966).
  * Add probe module to signed UEFI images (closes: #936082).

grub2 (2.04-2) unstable; urgency=medium

  [ James Clarke ]
  * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux
    architectures, since they're Linux-only.

  [ Colin Watson ]
  * Use debhelper-compat instead of debian/compat.
  * debian/apport/source_grub2.py:
    - Avoid star import.
    - Fix flake8 errors.
  * Run gentpl.py with python3.

grub2 (2.04-1ubuntu48) jammy; urgency=medium

  * d/p/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch:
    Fix "error: can't find command `hwmatch'." on non-i386/pc
    platforms such as x86_64/efi. (LP: #1840560)

Date: 2023-01-30 10:58:09.404790+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Mark Esler <mark.esler at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list