[ubuntu/groovy-proposed] grub2_2.04-1ubuntu26.1_arm64.tar.gz - (Accepted)
Chris Coulson
chris.coulson at canonical.com
Wed Jul 29 17:15:48 UTC 2020
grub2 (2.04-1ubuntu26.1) focal; urgency=medium
[ Julian Andres Klode ]
* Move gettext patches out of git-dpm's way, so it does not delete them
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
use-after-free in the halt and reboot commands by not freeing
allocated memory in these paths
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Date: Mon, 20 Jul 2020 19:19:08 +0100
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-048.buildd>
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Jul 2020 19:19:08 +0100
Source: grub2
Binary: grub-common grub-efi-arm64 grub-efi-arm64-bin grub-efi-arm64-dbg grub-efi-arm64-signed-template grub-mount-udeb grub-theme-starfield grub2-common
Architecture: arm64 arm64_translations
Version: 2.04-1ubuntu26.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at bos02-arm64-048.buildd>
Changed-By: Chris Coulson <chris.coulson at canonical.com>
Description:
grub-common - GRand Unified Bootloader (common files)
grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI modules)
grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
grub-efi-arm64-signed-template - GRand Unified Bootloader, version 2 (ARM64 UEFI signing template)
grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
grub2-common - GRand Unified Bootloader (common files for version 2)
Changes:
grub2 (2.04-1ubuntu26.1) focal; urgency=medium
.
[ Julian Andres Klode ]
* Move gettext patches out of git-dpm's way, so it does not delete them
.
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
use-after-free in the halt and reboot commands by not freeing
allocated memory in these paths
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
.
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
Checksums-Sha1:
faf09b7d3abc88574ee32942ed56af1db015b108 13707496 grub-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
b3f189bc3c6934d7be96152653148d1599f0ac2b 1835524 grub-common_2.04-1ubuntu26.1_arm64.deb
fbfdf5bfb0b9618ac09c63e8d90be90824caaefc 600612 grub-efi-arm64-bin_2.04-1ubuntu26.1_arm64.deb
0fa82dcbcec86e035f3fcdb12160e55f514e48c9 3098600 grub-efi-arm64-dbg_2.04-1ubuntu26.1_arm64.deb
a3e1ead7cf1570e7432582101dec43de48433e02 14212 grub-efi-arm64-signed-template_2.04-1ubuntu26.1_arm64.deb
39746f4b24e6325b547d8d63f492fc8a8664a59d 46524 grub-efi-arm64_2.04-1ubuntu26.1_arm64.deb
536b225c242d51052dd848826a157c1dfebec233 395932 grub-mount-udeb_2.04-1ubuntu26.1_arm64.udeb
b1a1bb1945ad0091b26e54853a11f067e4a5e158 1673440 grub-theme-starfield_2.04-1ubuntu26.1_arm64.deb
f2152f895b4ee5ce2bca9fad47d24665e4c1d361 1713344 grub2-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
a3bfcd663692a2031a59bc183ff5a483bf6ab164 568632 grub2-common_2.04-1ubuntu26.1_arm64.deb
06924108308e9ee41017b6e396be9a643087f935 14335 grub2_2.04-1ubuntu26.1_arm64.buildinfo
df1d169cb53f5dc2a622b8f541a91dee65b79757 1580176 grub2_2.04-1ubuntu26.1_arm64.tar.gz
bffe900b8059f1336ec5552705869b2ff00fefc2 4957314 grub2_2.04-1ubuntu26.1_arm64_translations.tar.gz
Checksums-Sha256:
16d330b8146ed2b048767c89cac39021409c1ecac9c88cb2889820a1bbcff048 13707496 grub-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
42bde99fe0cd5e42a76a4575f99c1784899cab40b66ca8bcf0a1908e76a2b010 1835524 grub-common_2.04-1ubuntu26.1_arm64.deb
537163664eb59a60c821827ef686913dcf0310a178d87913c80043e757d77ba8 600612 grub-efi-arm64-bin_2.04-1ubuntu26.1_arm64.deb
7da2fa99d92beac0758cfcf7a3051e6bc8b4f3cbad83a48223bb98102f50da78 3098600 grub-efi-arm64-dbg_2.04-1ubuntu26.1_arm64.deb
c25f25d669022ea0ecd146b4618da4c741c33f03c2231db5db35a8fa06fec542 14212 grub-efi-arm64-signed-template_2.04-1ubuntu26.1_arm64.deb
ae69e4e7b53a2db68aa76f42f48017a8e58792e740f1cf89737262afc5454988 46524 grub-efi-arm64_2.04-1ubuntu26.1_arm64.deb
ef2fa2b23abffa10b938c3cc9fc91f2aade9576add24fe0318dc3151ad7c8845 395932 grub-mount-udeb_2.04-1ubuntu26.1_arm64.udeb
510bfb8a156dad7c6f8924345828e4791f81767b31210e3d4437748640cd160b 1673440 grub-theme-starfield_2.04-1ubuntu26.1_arm64.deb
a95ffc0d951084b249e9d04012eab6768c1e897dc8744c2ab42c819c63daac40 1713344 grub2-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
3366decf21c444ded433363b6ecb44d0ffcfc451b9c4f17e18199d11bccd89ba 568632 grub2-common_2.04-1ubuntu26.1_arm64.deb
690176219ed2681f157d4237c8caa27c4313c502a319b1a901a19401e9de3e10 14335 grub2_2.04-1ubuntu26.1_arm64.buildinfo
e8abf706eb40fc67e2f237500bc9b3fdd390acf05d79b394dc9c2860b55b3657 1580176 grub2_2.04-1ubuntu26.1_arm64.tar.gz
87e734257346901fcc141fb89e7d39cbaffcd5eebca6ea7eae675ea622f6353a 4957314 grub2_2.04-1ubuntu26.1_arm64_translations.tar.gz
Files:
dc21793a539a0d6d86f4611e32f648bd 13707496 debug optional grub-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
7b8c302cdf52e20bb9b3093abdc7e62c 1835524 admin optional grub-common_2.04-1ubuntu26.1_arm64.deb
de6958a953d58919fdb6578eed2edabf 600612 admin optional grub-efi-arm64-bin_2.04-1ubuntu26.1_arm64.deb
da21e0ffc8e393fa0bfed22a18ae67aa 3098600 debug optional grub-efi-arm64-dbg_2.04-1ubuntu26.1_arm64.deb
e07605357c8fe6f47edb5af709217fb9 14212 admin optional grub-efi-arm64-signed-template_2.04-1ubuntu26.1_arm64.deb
6f5bbc34c59c3c68f081040492da52bf 46524 admin optional grub-efi-arm64_2.04-1ubuntu26.1_arm64.deb
24bc91349e0f868dbd058c55c0313406 395932 debian-installer optional grub-mount-udeb_2.04-1ubuntu26.1_arm64.udeb
384dd3f00d2048eb7a01457be968805a 1673440 admin optional grub-theme-starfield_2.04-1ubuntu26.1_arm64.deb
f04dae3fc2b13abee9c80889c5ae8f78 1713344 debug optional grub2-common-dbgsym_2.04-1ubuntu26.1_arm64.ddeb
8cae8dfdb72e06c78a0876b5278fdd42 568632 admin optional grub2-common_2.04-1ubuntu26.1_arm64.deb
699c301d2fc683583227c6bbc4b161b8 14335 admin optional grub2_2.04-1ubuntu26.1_arm64.buildinfo
0be01c24f8e28b2b4faebf6ccd1c1f8e 1580176 raw-uefi - grub2_2.04-1ubuntu26.1_arm64.tar.gz
99132da75ca98b804291f6981afc8513 4957314 raw-translations - grub2_2.04-1ubuntu26.1_arm64_translations.tar.gz
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
More information about the Groovy-changes
mailing list