[ubuntu/oracular-proposed] grub2 2.12-5ubuntu4 (Accepted)
Mate Kukri
mate.kukri at canonical.com
Thu Aug 15 09:53:16 UTC 2024
grub2 (2.12-5ubuntu4) oracular; urgency=medium
* Merge from Debian unstable; remaining changes:
- Add Ubuntu sbat data
- build-efi-images: do not produce -installer.efi.signed. LP #1863994
- grub-common: Install canonical-uefi-ca.crt
- Check signatures
- Support installing to multiple ESP (LP #1871821)
- Split out unsigned artefacts into grub2-unsigned
- Vcs-Git: Point to ubuntu packaging branch
- Relax dependencies on grub-common and grub2-common
- UBUNTU: Do not link grub-efi-*-unsigned docs to grub-common
- UBUNTU: Default timeout changes
- UBUNTU: Replace grub-install-extra-removable
- UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
- UBUNTU: Revert "Add f2fs module to signed UEFI images"
- UBUNTU: Drop luks2
- Install grub-initrd-fallback.service again
- Build using -O1 on s390x to avoid misoptimization
- grub-check-signatures: Support gzip compressed kernels
- forward port fix for LP #1926748
- Forward port the fix for LP #1930742 and make it conditional (xenial/bionic only)
- Build grub2-unsigned packages with xz compression
- Drop i386 from grub-efi-amd64*
- Turn depends on grub-efi-amd64/arm64 unversioned
- Revert "Have -bin packages Break pre-2.12 -signed packages"
- Install grub-sort-version
- rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned
- d/postinst.in: Make empty "grub-pc/install_devices" non-fatal in "noninteractive" mode
- Add debconf options "grub-{efi,pc}/cloud_style_installation"
- grub-common.service: Add After/Requires=boot-complete.target (LP #1992643)
- d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
- Removed patches:
+ install-signed.patch with
+ grub-install-extra-removable.patch
+ grub-install-removable-shim.patch
- Added patches:
+ ubuntu-install-signed.patch
+ ubuntu-grub-install-extra-removable.patch
+ ubuntu-zfs-enhance-support.patch
+ ubuntu-zfs-mkconfig-ubuntu-recovery.patch
+ ubuntu-zfs-mkconfig-ubuntu-distributor.patch
+ ubuntu-zfs-mkconfig-signed-kernel.patch
+ ubuntu-zfs-gfxpayload-keep-default.patch
+ ubuntu-zfs-gfxpayload-dynamic.patch
+ ubuntu-zfs-vt-handoff.patch
+ ubuntu-zfs-mkconfig-recovery-title.patch
+ ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
+ ubuntu-support-initrd-less-boot.patch
+ ubuntu-shorter-version-info.patch
+ ubuntu-add-initrd-less-boot-fallback.patch
+ ubuntu-mkconfig-leave-breadcrumbs.patch
+ ubuntu-fix-lzma-decompressor-objcopy.patch
+ ubuntu-add-devicetree-command-support.patch
+ ubuntu-boot-from-multipath-dependent-symlink.patch
+ ubuntu-resilient-boot-ignore-alternative-esps.patch
+ ubuntu-resilient-boot-boot-order.patch
+ ubuntu-speed-zsys-history.patch
+ ubuntu-dont-verify-loopback-images.patch
+ ubuntu-recovery-dis_ucode_ldr.patch
+ ubuntu-add-initrd-less-boot-messages.patch
+ rhboot-f34-make-exit-take-a-return-code.patch
+ rhboot-f34-dont-use-int-for-efi-status.patch
+ suse-grub.texi-add-net_bootp6-document.patch
+ ubuntu-verifiers-last.patch
+ ubuntu-os-prober-auto.patch
+ grub-sort-version.patch
+ Revert-kern-ieee1275-init-ppc64-Display-upper_mem_limit-w.patch
+ Revert-kern-ieee1275-init-ppc64-Fix-a-comment.patch
+ Revert-kern-ieee1275-ieee1275-Display-successful-memory-c.patch
+ Revert-loader-powerpc-ieee1275-Use-new-allocation-functio.patch
+ Revert-kern-ieee1275-cmain-ppc64-Introduce-flags-to-ident.patch
+ Revert-kern-ieee1275-init-ppc64-Rename-regions_claim-to-g.patch
+ Revert-kern-ieee1275-init-ppc64-Add-support-for-alignment.patch
+ Revert-kern-ieee1275-init-ppc64-Return-allocated-address-.patch
+ Revert-kern-ieee1275-init-ppc64-Decide-by-request-whether.patch
+ Revert-kern-ieee1275-init-ppc64-Introduce-a-request-for-r.patch
+ grub-install-efi-title.patch
+ kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-track-.patch
+ kern-efi-mm-Change-grub_efi_allocate_pages_real-to-call-s.patch
+ kern-efi-mm-Detect-calls-to-grub_efi_drop_alloc-with-wron.patch
+ nx/modules-strip-.llvm_addrsig-sections-and-similar.patch
+ nx/modules-Don-t-allocate-space-for-non-allocable-sections.patch
+ nx/modules-load-module-sections-at-page-aligned-addresses.patch
+ nx/nx-add-memory-attribute-get-set-API.patch
+ nx/nx-set-page-permissions-for-loaded-modules.patch
+ nx/nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch
+ nx/efi-Disallow-fallback-to-legacy-Linux-loader-when-shim-sa.patch
+ nx/peimage-Add-memory-attribute-support.patch
+ commands-efi-tpm-Re-enable-measurements-on-confidential-c.patch
+ loader-efi-fdt-Add-fdtdump-command-to-access-device-tree.patch
* Rebase d/legacy/update-grub.ubuntu.patch
* Move -unsigned binaries to the -unsigned sources
* efi/chainloader: Do not print device path (LP: #2073634)
* Disable ELF metadata injection
grub2 (2.12-5) unstable; urgency=medium
* Build-Depend on pkgconf instead of pkg-config.
* Update legacy/update-grub to correctly check for grub2 core.img
* Correct Breaks+Replaces on grub-efi-arm64-unsigned for grub-efi-arm64-bin.
(Closes: #1076235)
grub2 (2.12-4) unstable; urgency=medium
[ Mate Kukri ]
* Determine GRUB_DISTRIBUTOR from os-release and fall back to build-time dpkg vendor
[ Felix Zielcke ]
* Ship gdb_helper.py in dbg packages. (Closes: #1072164)
* Update README.source to mention that we're now using gbp-pq instead of git-dpm.
* Add grub-pc+grub2-common Breaks: against grub-legacy (<< 0.97-83~).
* Upload to unstable.
grub2 (2.12-3) experimental; urgency=medium
[ Colin Watson ]
* Update signing-template Uploaders to match main package.
[ Mate Kukri ]
* d/p/mkconfig-ubuntu-recovery.patch: Use "recovery" instead of "single recovery" for recovery mode bootparams
* d/p/revert-term-ns8250-spcr.patch: Revert ACPI SPCR table support (#1062073)
* d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches
* Revert "d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches"
[ Jiajie Chen ]
* Enable building for LoongArch64
[ Heinrich Schuchardt ]
* d/rules: build monolithic images for all EFI architectures
[ Julian Andres Klode ]
* Introduce new -unsigned packages to house the pre-built .efi binaries
* signing: Use the -unsigned packages as signed build-depends
[ Jiajie Chen ]
* d/p/sb/efi-use-peimage-shim.patch: add loong64 suppport
[ Felix Zielcke ]
* Update Breaks/Replaces -efi-{ia32,amd64}-bin to << 2.12-3~ at -unsigned packages.
[ Pascal Hambourg ]
* 05_debian_theme: cache background picture if not in /boot/grub filesystem
* debian/default/grub: Replace 'vbeinfo' with 'videoinfo'
* debian/default/grub: Document /etc/default/grub.d/*.cfg
[ Tianyu Chen ]
* Make grub-common Breaks grub-efi-*-signed (<< 1+2.12~rc1)
grub2 (2.12-2) unstable; urgency=medium
[ Mate Kukri ]
* Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
* d/build-efi-images: Make sure downstream didn't remove peimage SBAT
entry
* SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
- CVE-2024-2312
[ Julian Andres Klode ]
* Bump SBAT level to `grub.peimage,2`; and also bump `grub.debian,5` to
make sure we can revoke any downstream users of peimage that forgot to
include the grub.peimage component if that should become necessary.
Date: Mon, 22 Jul 2024 10:55:04 +0100
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/grub2/2.12-5ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 22 Jul 2024 10:55:04 +0100
Source: grub2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.12-5ubuntu4
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mate Kukri <mate.kukri at canonical.com>
Closes: 950959 1072164 1076235
Launchpad-Bugs-Fixed: 2054127 2057679 2073634
Changes:
grub2 (2.12-5ubuntu4) oracular; urgency=medium
.
* Merge from Debian unstable; remaining changes:
- Add Ubuntu sbat data
- build-efi-images: do not produce -installer.efi.signed. LP #1863994
- grub-common: Install canonical-uefi-ca.crt
- Check signatures
- Support installing to multiple ESP (LP #1871821)
- Split out unsigned artefacts into grub2-unsigned
- Vcs-Git: Point to ubuntu packaging branch
- Relax dependencies on grub-common and grub2-common
- UBUNTU: Do not link grub-efi-*-unsigned docs to grub-common
- UBUNTU: Default timeout changes
- UBUNTU: Replace grub-install-extra-removable
- UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
- UBUNTU: Revert "Add f2fs module to signed UEFI images"
- UBUNTU: Drop luks2
- Install grub-initrd-fallback.service again
- Build using -O1 on s390x to avoid misoptimization
- grub-check-signatures: Support gzip compressed kernels
- forward port fix for LP #1926748
- Forward port the fix for LP #1930742 and make it conditional (xenial/bionic only)
- Build grub2-unsigned packages with xz compression
- Drop i386 from grub-efi-amd64*
- Turn depends on grub-efi-amd64/arm64 unversioned
- Revert "Have -bin packages Break pre-2.12 -signed packages"
- Install grub-sort-version
- rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned
- d/postinst.in: Make empty "grub-pc/install_devices" non-fatal in "noninteractive" mode
- Add debconf options "grub-{efi,pc}/cloud_style_installation"
- grub-common.service: Add After/Requires=boot-complete.target (LP #1992643)
- d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
- Removed patches:
+ install-signed.patch with
+ grub-install-extra-removable.patch
+ grub-install-removable-shim.patch
- Added patches:
+ ubuntu-install-signed.patch
+ ubuntu-grub-install-extra-removable.patch
+ ubuntu-zfs-enhance-support.patch
+ ubuntu-zfs-mkconfig-ubuntu-recovery.patch
+ ubuntu-zfs-mkconfig-ubuntu-distributor.patch
+ ubuntu-zfs-mkconfig-signed-kernel.patch
+ ubuntu-zfs-gfxpayload-keep-default.patch
+ ubuntu-zfs-gfxpayload-dynamic.patch
+ ubuntu-zfs-vt-handoff.patch
+ ubuntu-zfs-mkconfig-recovery-title.patch
+ ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
+ ubuntu-support-initrd-less-boot.patch
+ ubuntu-shorter-version-info.patch
+ ubuntu-add-initrd-less-boot-fallback.patch
+ ubuntu-mkconfig-leave-breadcrumbs.patch
+ ubuntu-fix-lzma-decompressor-objcopy.patch
+ ubuntu-add-devicetree-command-support.patch
+ ubuntu-boot-from-multipath-dependent-symlink.patch
+ ubuntu-resilient-boot-ignore-alternative-esps.patch
+ ubuntu-resilient-boot-boot-order.patch
+ ubuntu-speed-zsys-history.patch
+ ubuntu-dont-verify-loopback-images.patch
+ ubuntu-recovery-dis_ucode_ldr.patch
+ ubuntu-add-initrd-less-boot-messages.patch
+ rhboot-f34-make-exit-take-a-return-code.patch
+ rhboot-f34-dont-use-int-for-efi-status.patch
+ suse-grub.texi-add-net_bootp6-document.patch
+ ubuntu-verifiers-last.patch
+ ubuntu-os-prober-auto.patch
+ grub-sort-version.patch
+ Revert-kern-ieee1275-init-ppc64-Display-upper_mem_limit-w.patch
+ Revert-kern-ieee1275-init-ppc64-Fix-a-comment.patch
+ Revert-kern-ieee1275-ieee1275-Display-successful-memory-c.patch
+ Revert-loader-powerpc-ieee1275-Use-new-allocation-functio.patch
+ Revert-kern-ieee1275-cmain-ppc64-Introduce-flags-to-ident.patch
+ Revert-kern-ieee1275-init-ppc64-Rename-regions_claim-to-g.patch
+ Revert-kern-ieee1275-init-ppc64-Add-support-for-alignment.patch
+ Revert-kern-ieee1275-init-ppc64-Return-allocated-address-.patch
+ Revert-kern-ieee1275-init-ppc64-Decide-by-request-whether.patch
+ Revert-kern-ieee1275-init-ppc64-Introduce-a-request-for-r.patch
+ grub-install-efi-title.patch
+ kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-track-.patch
+ kern-efi-mm-Change-grub_efi_allocate_pages_real-to-call-s.patch
+ kern-efi-mm-Detect-calls-to-grub_efi_drop_alloc-with-wron.patch
+ nx/modules-strip-.llvm_addrsig-sections-and-similar.patch
+ nx/modules-Don-t-allocate-space-for-non-allocable-sections.patch
+ nx/modules-load-module-sections-at-page-aligned-addresses.patch
+ nx/nx-add-memory-attribute-get-set-API.patch
+ nx/nx-set-page-permissions-for-loaded-modules.patch
+ nx/nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch
+ nx/efi-Disallow-fallback-to-legacy-Linux-loader-when-shim-sa.patch
+ nx/peimage-Add-memory-attribute-support.patch
+ commands-efi-tpm-Re-enable-measurements-on-confidential-c.patch
+ loader-efi-fdt-Add-fdtdump-command-to-access-device-tree.patch
* Rebase d/legacy/update-grub.ubuntu.patch
* Move -unsigned binaries to the -unsigned sources
* efi/chainloader: Do not print device path (LP: #2073634)
* Disable ELF metadata injection
.
grub2 (2.12-5) unstable; urgency=medium
.
* Build-Depend on pkgconf instead of pkg-config.
* Update legacy/update-grub to correctly check for grub2 core.img
* Correct Breaks+Replaces on grub-efi-arm64-unsigned for grub-efi-arm64-bin.
(Closes: #1076235)
.
grub2 (2.12-4) unstable; urgency=medium
.
[ Mate Kukri ]
* Determine GRUB_DISTRIBUTOR from os-release and fall back to build-time dpkg vendor
.
[ Felix Zielcke ]
* Ship gdb_helper.py in dbg packages. (Closes: #1072164)
* Update README.source to mention that we're now using gbp-pq instead of git-dpm.
* Add grub-pc+grub2-common Breaks: against grub-legacy (<< 0.97-83~).
* Upload to unstable.
.
grub2 (2.12-3) experimental; urgency=medium
.
[ Colin Watson ]
* Update signing-template Uploaders to match main package.
.
[ Mate Kukri ]
* d/p/mkconfig-ubuntu-recovery.patch: Use "recovery" instead of "single recovery" for recovery mode bootparams
* d/p/revert-term-ns8250-spcr.patch: Revert ACPI SPCR table support (#1062073)
* d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches
* Revert "d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches"
.
[ Jiajie Chen ]
* Enable building for LoongArch64
.
[ Heinrich Schuchardt ]
* d/rules: build monolithic images for all EFI architectures
.
[ Julian Andres Klode ]
* Introduce new -unsigned packages to house the pre-built .efi binaries
* signing: Use the -unsigned packages as signed build-depends
.
[ Jiajie Chen ]
* d/p/sb/efi-use-peimage-shim.patch: add loong64 suppport
.
[ Felix Zielcke ]
* Update Breaks/Replaces -efi-{ia32,amd64}-bin to << 2.12-3~ at -unsigned packages.
.
[ Pascal Hambourg ]
* 05_debian_theme: cache background picture if not in /boot/grub filesystem
* debian/default/grub: Replace 'vbeinfo' with 'videoinfo'
* debian/default/grub: Document /etc/default/grub.d/*.cfg
.
[ Tianyu Chen ]
* Make grub-common Breaks grub-efi-*-signed (<< 1+2.12~rc1)
.
grub2 (2.12-2) unstable; urgency=medium
.
[ Mate Kukri ]
* Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
* d/build-efi-images: Make sure downstream didn't remove peimage SBAT
entry
* SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
- CVE-2024-2312
.
[ Julian Andres Klode ]
* Bump SBAT level to `grub.peimage,2`; and also bump `grub.debian,5` to
make sure we can revoke any downstream users of peimage that forgot to
include the grub.peimage component if that should become necessary.
Checksums-Sha1:
d4b47dbb701f9c7380c3e334a7cb3c7c27126648 8249 grub2_2.12-5ubuntu4.dsc
91cf7d9350f6135076d41f5a55274bd075ed33b5 1157512 grub2_2.12-5ubuntu4.debian.tar.xz
c94dccc5b138161878e02a6c8e7f4a7601dd51eb 10009 grub2_2.12-5ubuntu4_source.buildinfo
Checksums-Sha256:
2ec12735d188395e35be0e52ce0cc589816fecb9bbbb8442a986f7c00f6dc5ed 8249 grub2_2.12-5ubuntu4.dsc
c5c41c669a3360da2e8e413cf6496b8a44626bd4a47887c3442b2f06aba4ccfd 1157512 grub2_2.12-5ubuntu4.debian.tar.xz
ea2bb3f78d97bed71f80ba8b4cac1e5af7e2eeca10cdb4b8bdf65a8ab6146011 10009 grub2_2.12-5ubuntu4_source.buildinfo
Files:
10390bb38a64aa227a75687975d1f819 8249 admin optional grub2_2.12-5ubuntu4.dsc
8351881aede4ad6cb07c3a53d2058ed8 1157512 admin optional grub2_2.12-5ubuntu4.debian.tar.xz
9a601a9bd70f4a6158eddeafd149e270 10009 admin optional grub2_2.12-5ubuntu4_source.buildinfo
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
More information about the oracular-changes
mailing list