grub2 2.04-1ubuntu26.1 source package in Ubuntu

Changelog

grub2 (2.04-1ubuntu26.1) focal; urgency=medium

  [ Julian Andres Klode ]
  * Move gettext patches out of git-dpm's way, so it does not delete them

  [ Chris Coulson ]
  * SECURITY UPDATE: Heap buffer overflow when encountering commands that
    cannot be tokenized to less than 8192 characters.
    - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
      fatal lexer errors actually be fatal
    - CVE-2020-10713
  * SECURITY UPDATE: Multiple integer overflow bugs that could result in
    heap buffer allocations that were too small and subsequent heap buffer
    overflows when handling certain filesystems, font files or PNG images.
    - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
      arithmetic primitives that allow for overflows to be detected
    - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
      Make sure that there is always an overflow checking implementation
      of calloc() available
    - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
      appropriate
    - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
      overflow-safe arithmetic primitives when performing allocations
      based on the results of operations that might overflow
    - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
      hfsplus
    - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
      more potential integer overflows in lvm
    - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
  * SECURITY UPDATE: Use-after-free when executing a command that causes
    a currently executing function to be redefined.
    - 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
      Remove unused fields from grub_script_function
    - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
      Avoid a use-after-free when redefining a function during execution
    - CVE-2020-15706
  * SECURITY UPDATE: Integer overflows that could result in heap buffer
    allocations that were too small and subsequent heap buffer overflows
    during initrd loading.
    - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
      integer overflows in initrd size handling
    - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
      integer overflows in linuxefi grub_cmd_initrd
    - CVE-2020-15707
  * Various fixes as a result of code review and static analysis:
    - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
     memory leak on realloc failures when processing symbolic links
    - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
      memory leak when processing font files with more than one NAME
      section
    - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
      after it is freed in order to avoid a potential double free later on
    - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
      out-of-bounds read in LzmaEncode
    - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
      priority queues and fix a double free
    - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
      various arithmetic errors with malformed device paths
    - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
      a NULL deref in the chainloader command introduced by a previous
      patch
    - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
      use-after-free in the halt and reboot commands by not freeing
      allocated memory in these paths
    - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
      Avoid a double free in the chainloader command when validation fails
    - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
      Protect grub_relocator_alloc_chunk_addr input arguments against
      integer overflow / underflow
    - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
      Protect grub_relocator_alloc_chunk_align max_addr argument against
      integer underflow
    - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
      grub_relocator_alloc_chunk_align top memory allocation
    - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
      Avoid overflow on initrd size calculation

  [ Dimitri John Ledkov ]
  * SECURITY UPDATE: Grub does not enforce kernel signature validation
    when the shim protocol isn't present.
    - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
      Fail kernel validation if the shim protocol isn't available
    - CVE-2020-15705

 -- Chris Coulson <email address hidden>  Mon, 20 Jul 2020 19:19:08 +0100

Upload details

Uploaded by:
Chris Coulson
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
grub2_2.04.orig.tar.xz 6.1 MiB e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d
grub2_2.04.orig.tar.xz.asc 833 bytes 955cc63196020e3a70dbb1834ec8b6a1808b1100bc878431c52aa0dd7e6a2532
grub2_2.04-1ubuntu26.1.debian.tar.xz 1.1 MiB 817a688f11cc9c71bf73eaf0a10de110fabaaac767900506a52cee6e6ff07500
grub2_2.04-1ubuntu26.1.dsc 6.8 KiB c56b68389499b63db516a57b4b20c623dede8d245c37a83d0ef4084450172aa3

View changes file

Binary packages built by this source

grub-common: GRand Unified Bootloader (common files)

 This package contains common files shared by the distinct flavours of GRUB.
 It is shared between GRUB Legacy and GRUB 2, although a number of files
 specific to GRUB 2 are here as long as they do not break GRUB Legacy.

grub-common-dbgsym: debug symbols for grub-common
grub-coreboot: GRand Unified Bootloader, version 2 (Coreboot version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with platforms running the Coreboot firmware. Installing this package
 indicates that this version of GRUB should be the active boot loader.

grub-coreboot-bin: GRand Unified Bootloader, version 2 (Coreboot modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with
 platforms running the Coreboot firmware. It can be installed in parallel
 with other flavours, but will not automatically install GRUB as the active
 boot loader nor automatically update grub.cfg on upgrade unless
 grub-coreboot is also installed.

grub-coreboot-dbg: GRand Unified Bootloader, version 2 (Coreboot debug files)

 This package contains debugging files for grub-coreboot-bin. You only need
 these if you are trying to debug GRUB using its GDB stub.

grub-efi: GRand Unified Bootloader, version 2 (dummy package)

 This is a dummy transitional package that depends on either grub-efi-ia32 or
 grub-efi-amd64, depending on the architecture.

grub-efi-amd64: GRand Unified Bootloader, version 2 (EFI-AMD64 version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with the EFI-AMD64 architecture, as used by Intel Macs (unless a BIOS
 interface has been activated). Installing this package indicates that this
 version of GRUB should be the active boot loader.

grub-efi-amd64-bin: GRand Unified Bootloader, version 2 (EFI-AMD64 modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with the
 EFI-AMD64 architecture, as used by Intel Macs (unless a BIOS interface has
 been activated). It can be installed in parallel with other flavours, but
 will not automatically install GRUB as the active boot loader nor
 automatically update grub.cfg on upgrade unless grub-efi-amd64 is also
 installed.

grub-efi-amd64-dbg: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)

 This package contains debugging files for grub-efi-amd64-bin. You only
 need these if you are trying to debug GRUB using its GDB stub.

grub-efi-amd64-signed-template: GRand Unified Bootloader, version 2 (EFI-AMD64 signing template)

 This package contains template files for grub-efi-amd64-signed.
 This is only needed for Secure Boot signing.

grub-efi-arm: GRand Unified Bootloader, version 2 (ARM UEFI version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use on ARM systems with UEFI. Installing this package indicates that this
 version of GRUB should be the active boot loader.

grub-efi-arm-bin: GRand Unified Bootloader, version 2 (ARM UEFI modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use on ARM
 systems with UEFI. It can be installed in parallel with other flavours,
 but will not automatically install GRUB as the active boot loader nor
 automatically update grub.cfg on upgrade unless grub-efi-arm is also
 installed.

grub-efi-arm-dbg: GRand Unified Bootloader, version 2 (ARM UEFI debug files)

 This package contains debugging files for grub-efi-arm-bin. You only need
 these if you are trying to debug GRUB using its GDB stub.

grub-efi-arm64: GRand Unified Bootloader, version 2 (ARM64 UEFI version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use on ARM64 systems with UEFI. Installing this package indicates that
 this version of GRUB should be the active boot loader.

grub-efi-arm64-bin: GRand Unified Bootloader, version 2 (ARM64 UEFI modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use on ARM64
 systems with UEFI. It can be installed in parallel with other flavours,
 but will not automatically install GRUB as the active boot loader nor
 automatically update grub.cfg on upgrade unless grub-efi-arm64 is also
 installed.

grub-efi-arm64-dbg: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)

 This package contains debugging files for grub-efi-arm64-bin. You only
 need these if you are trying to debug GRUB using its GDB stub.

grub-efi-arm64-signed-template: GRand Unified Bootloader, version 2 (ARM64 UEFI signing template)

 This package contains template files for grub-efi-arm64-signed.
 This is only needed for Secure Boot signing.

grub-efi-ia32: GRand Unified Bootloader, version 2 (EFI-IA32 version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with the EFI-IA32 architecture, as used by Intel Macs (unless a BIOS
 interface has been activated). Installing this package indicates that this
 version of GRUB should be the active boot loader.

grub-efi-ia32-bin: GRand Unified Bootloader, version 2 (EFI-IA32 modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with the
 EFI-IA32 architecture, as used by Intel Macs (unless a BIOS interface has
 been activated). It can be installed in parallel with other flavours, but
 will not automatically install GRUB as the active boot loader nor
 automatically update grub.cfg on upgrade unless grub-efi-ia32 is also
 installed.

grub-efi-ia32-dbg: GRand Unified Bootloader, version 2 (EFI-IA32 debug files)

 This package contains debugging files for grub-efi-ia32-bin. You only need
 these if you are trying to debug GRUB using its GDB stub.

grub-emu: GRand Unified Bootloader, version 2 (emulated version)

 This package contains grub-emu, an emulated version of GRUB. It is only
 provided for debugging purposes.

grub-emu-dbg: GRand Unified Bootloader, version 2 (emulated debug files)

 This package contains debugging files for grub-emu. You only need these if
 you are trying to debug GRUB using its GDB stub.

grub-firmware-qemu: GRUB firmware image for QEMU

 This package contains a binary of GRUB that has been built for use as
 firmware for QEMU. It can be used as a replacement for other PC BIOS
 images provided by seabios, bochsbios, and so on.
 .
 In order to make QEMU use this firmware, simply add `-bios grub.bin' when
 invoking it.
 .
 This package behaves in the same way as GRUB for coreboot, but doesn't
 contain any code from coreboot itself, and is only suitable for QEMU. If
 you want to install GRUB as firmware on real hardware, you need to use the
 grub-coreboot package, and manually combine that with coreboot.

grub-ieee1275: GRand Unified Bootloader, version 2 (Open Firmware version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with Open Firmware implementations. Installing this package indicates
 that this version of GRUB should be the active boot loader.

grub-ieee1275-bin: GRand Unified Bootloader, version 2 (Open Firmware modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with Open
 Firmware implementations. It can be installed in parallel with other
 flavours, but will not automatically install GRUB as the active boot loader
 nor automatically update grub.cfg on upgrade unless grub-ieee1275 is also
 installed.

grub-ieee1275-bin-dbgsym: debug symbols for grub-ieee1275-bin
grub-ieee1275-dbg: GRand Unified Bootloader, version 2 (Open Firmware debug files)

 This package contains debugging files for grub-ieee1275-bin. You only
 need these if you are trying to debug GRUB using its GDB stub.

grub-linuxbios: GRand Unified Bootloader, version 2 (dummy package)

 This is a dummy transitional package that depends on grub-coreboot.

grub-mount-udeb: export GRUB filesystems using FUSE
grub-pc: GRand Unified Bootloader, version 2 (PC/BIOS version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
  - VESA-based graphical mode with background image support and complete 24-bit
    color set.
  - Support for extended charsets. Users can write UTF-8 text to their menu
    entries.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with the traditional PC/BIOS architecture. Installing this package
 indicates that this version of GRUB should be the active boot loader.

grub-pc-bin: GRand Unified Bootloader, version 2 (PC/BIOS modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
  - VESA-based graphical mode with background image support and complete 24-bit
    color set.
  - Support for extended charsets. Users can write UTF-8 text to their menu
    entries.
 .
 This package contains GRUB modules that have been built for use with the
 traditional PC/BIOS architecture. It can be installed in parallel with
 other flavours, but will not automatically install GRUB as the active boot
 loader nor automatically update grub.cfg on upgrade unless grub-pc is also
 installed.

grub-pc-bin-dbgsym: debug symbols for grub-pc-bin
grub-pc-dbg: GRand Unified Bootloader, version 2 (PC/BIOS debug files)

 This package contains debugging files for grub-pc-bin. You only need these
 if you are trying to debug GRUB using its GDB stub.

grub-rescue-pc: GRUB bootable rescue images, version 2 (PC/BIOS version)

 This package contains three GRUB rescue images that have been built for use
 with the traditional PC/BIOS architecture:
 .
  - grub-rescue-floppy.img: floppy image.
  - grub-rescue-cdrom.iso: El Torito CDROM image.
  - grub-rescue-usb.img: USB image.

grub-theme-starfield: GRand Unified Bootloader, version 2 (starfield theme)

 This is the default theme for GRUB's graphical menu.

grub-uboot: GRand Unified Bootloader, version 2 (ARM U-Boot version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with ARM systems with U-Boot. Installing this package indicates that
 this version of GRUB should be the active boot loader.

grub-uboot-bin: GRand Unified Bootloader, version 2 (ARM U-Boot modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with ARM
 systems with U-Boot. It can be installed in parallel with other flavours,
 but will not automatically install GRUB as the active boot loader nor
 automatically update grub.cfg on upgrade unless grub-uboot is also
 installed.

grub-uboot-dbg: GRand Unified Bootloader, version 2 (ARM U-Boot debug files)

 This package contains debugging files for grub-uboot-bin. You only need
 these if you are trying to debug GRUB using its GDB stub.

grub-xen: GRand Unified Bootloader, version 2 (Xen version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This is a dependency package for a version of GRUB that has been built for
 use with the Xen hypervisor (i.e. PV-GRUB). Installing this package
 indicates that this version of GRUB should be the active boot loader.

grub-xen-bin: GRand Unified Bootloader, version 2 (Xen modules)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package contains GRUB modules that have been built for use with the
 Xen hypervisor (i.e. PV-GRUB). It can be installed in parallel with other
 flavours, but will not automatically install GRUB as the active boot loader
 nor automatically update grub.cfg on upgrade unless grub-xen is also
 installed.

grub-xen-dbg: GRand Unified Bootloader, version 2 (Xen debug files)

 This package contains debugging files for grub-xen-bin. You only need
 these if you are trying to debug GRUB using its GDB stub.

grub-xen-host: GRand Unified Bootloader, version 2 (Xen host version)

 GRUB is a portable, powerful bootloader. This version of GRUB is based on a
 cleaner design than its predecessors, and provides the following new features:
 .
  - Scripting in grub.cfg using BASH-like syntax.
  - Support for modern partition maps such as GPT.
  - Modular generation of grub.cfg via update-grub. Packages providing GRUB
    add-ons can plug in their own script rules and trigger updates by invoking
    update-grub.
 .
 This package arranges for GRUB binary images which can be used to boot a Xen
 guest (i.e. PV-GRUB) to be present in the control domain filesystem.

grub2: GRand Unified Bootloader, version 2 (dummy package)

 This is a dummy transitional package to handle GRUB 2 upgrades. It can be
 safely removed.

grub2-common: GRand Unified Bootloader (common files for version 2)

 This package contains common files shared by the distinct flavours of GRUB.
 The files in this package are specific to GRUB 2, and would break GRUB
 Legacy if installed on the same system.

grub2-common-dbgsym: debug symbols for grub2-common