-
grub2 (2.12-5ubuntu5) oracular; urgency=medium
* peimage: Fixup grub_error -> grub_dprintf
* peimage: Fixup section consistency checks (LP: #2078307)
-- Mate Kukri <email address hidden> Fri, 30 Aug 2024 16:11:07 +0100
-
grub2 (2.12-5ubuntu4) oracular; urgency=medium
* Merge from Debian unstable; remaining changes:
- Add Ubuntu sbat data
- build-efi-images: do not produce -installer.efi.signed. LP #1863994
- grub-common: Install canonical-uefi-ca.crt
- Check signatures
- Support installing to multiple ESP (LP #1871821)
- Split out unsigned artefacts into grub2-unsigned
- Vcs-Git: Point to ubuntu packaging branch
- Relax dependencies on grub-common and grub2-common
- UBUNTU: Do not link grub-efi-*-unsigned docs to grub-common
- UBUNTU: Default timeout changes
- UBUNTU: Replace grub-install-extra-removable
- UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
- UBUNTU: Revert "Add f2fs module to signed UEFI images"
- UBUNTU: Drop luks2
- Install grub-initrd-fallback.service again
- Build using -O1 on s390x to avoid misoptimization
- grub-check-signatures: Support gzip compressed kernels
- forward port fix for LP #1926748
- Forward port the fix for LP #1930742 and make it conditional (xenial/bionic only)
- Build grub2-unsigned packages with xz compression
- Drop i386 from grub-efi-amd64*
- Turn depends on grub-efi-amd64/arm64 unversioned
- Revert "Have -bin packages Break pre-2.12 -signed packages"
- Install grub-sort-version
- rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned
- d/postinst.in: Make empty "grub-pc/install_devices" non-fatal in "noninteractive" mode
- Add debconf options "grub-{efi,pc}/cloud_style_installation"
- grub-common.service: Add After/Requires=boot-complete.target (LP #1992643)
- d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
- Removed patches:
+ install-signed.patch with
+ grub-install-extra-removable.patch
+ grub-install-removable-shim.patch
- Added patches:
+ ubuntu-install-signed.patch
+ ubuntu-grub-install-extra-removable.patch
+ ubuntu-zfs-enhance-support.patch
+ ubuntu-zfs-mkconfig-ubuntu-recovery.patch
+ ubuntu-zfs-mkconfig-ubuntu-distributor.patch
+ ubuntu-zfs-mkconfig-signed-kernel.patch
+ ubuntu-zfs-gfxpayload-keep-default.patch
+ ubuntu-zfs-gfxpayload-dynamic.patch
+ ubuntu-zfs-vt-handoff.patch
+ ubuntu-zfs-mkconfig-recovery-title.patch
+ ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
+ ubuntu-support-initrd-less-boot.patch
+ ubuntu-shorter-version-info.patch
+ ubuntu-add-initrd-less-boot-fallback.patch
+ ubuntu-mkconfig-leave-breadcrumbs.patch
+ ubuntu-fix-lzma-decompressor-objcopy.patch
+ ubuntu-add-devicetree-command-support.patch
+ ubuntu-boot-from-multipath-dependent-symlink.patch
+ ubuntu-resilient-boot-ignore-alternative-esps.patch
+ ubuntu-resilient-boot-boot-order.patch
+ ubuntu-speed-zsys-history.patch
+ ubuntu-dont-verify-loopback-images.patch
+ ubuntu-recovery-dis_ucode_ldr.patch
+ ubuntu-add-initrd-less-boot-messages.patch
+ rhboot-f34-make-exit-take-a-return-code.patch
+ rhboot-f34-dont-use-int-for-efi-status.patch
+ suse-grub.texi-add-net_bootp6-document.patch
+ ubuntu-verifiers-last.patch
+ ubuntu-os-prober-auto.patch
+ grub-sort-version.patch
+ Revert-kern-ieee1275-init-ppc64-Display-upper_mem_limit-w.patch
+ Revert-kern-ieee1275-init-ppc64-Fix-a-comment.patch
+ Revert-kern-ieee1275-ieee1275-Display-successful-memory-c.patch
+ Revert-loader-powerpc-ieee1275-Use-new-allocation-functio.patch
+ Revert-kern-ieee1275-cmain-ppc64-Introduce-flags-to-ident.patch
+ Revert-kern-ieee1275-init-ppc64-Rename-regions_claim-to-g.patch
+ Revert-kern-ieee1275-init-ppc64-Add-support-for-alignment.patch
+ Revert-kern-ieee1275-init-ppc64-Return-allocated-address-.patch
+ Revert-kern-ieee1275-init-ppc64-Decide-by-request-whether.patch
+ Revert-kern-ieee1275-init-ppc64-Introduce-a-request-for-r.patch
+ grub-install-efi-title.patch
+ kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-track-.patch
+ kern-efi-mm-Change-grub_efi_allocate_pages_real-to-call-s.patch
+ kern-efi-mm-Detect-calls-to-grub_efi_drop_alloc-with-wron.patch
+ nx/modules-strip-.llvm_addrsig-sections-and-similar.patch
+ nx/modules-Don-t-allocate-space-for-non-allocable-sections.patch
+ nx/modules-load-module-sections-at-page-aligned-addresses.patch
+ nx/nx-add-memory-attribute-get-set-API.patch
+ nx/nx-set-page-permissions-for-loaded-modules.patch
+ nx/nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch
+ nx/efi-Disallow-fallback-to-legacy-Linux-loader-when-shim-sa.patch
+ nx/peimage-Add-memory-attribute-support.patch
+ commands-efi-tpm-Re-enable-measurements-on-confidential-c.patch
+ loader-efi-fdt-Add-fdtdump-command-to-access-device-tree.patch
* Rebase d/legacy/update-grub.ubuntu.patch
* Move -unsigned binaries to the -unsigned sources
* efi/chainloader: Do not print device path (LP: #2073634)
* Disable ELF metadata injection
grub2 (2.12-5) unstable; urgency=medium
* Build-Depend on pkgconf instead of pkg-config.
* Update legacy/update-grub to correctly check for grub2 core.img
* Correct Breaks+Replaces on grub-efi-arm64-unsigned for grub-efi-arm64-bin.
(Closes: #1076235)
grub2 (2.12-4) unstable; urgency=medium
[ Mate Kukri ]
* Determine GRUB_DISTRIBUTOR from os-release and fall back to build-time dpkg vendor
[ Felix Zielcke ]
* Ship gdb_helper.py in dbg packages. (Closes: #1072164)
* Update README.source to mention that we're now using gbp-pq instead of git-dpm.
* Add grub-pc+grub2-common Breaks: against grub-legacy (<< 0.97-83~).
* Upload to unstable.
grub2 (2.12-3) experimental; urgency=medium
[ Colin Watson ]
* Update signing-template Uploaders to match main package.
[ Mate Kukri ]
* d/p/mkconfig-ubuntu-recovery.patch: Use "recovery" instead of "single recovery" for recovery mode bootparams
* d/p/revert-term-ns8250-spcr.patch: Revert ACPI SPCR table support (#1062073)
* d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches
* Revert "d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches"
[ Jiajie Chen ]
* Enable building for LoongArch64
[ Heinrich Schuchardt ]
* d/rules: build monolithic images for all EFI architectures
[ Julian Andres Klode ]
* Introduce new -unsigned packages to house the pre-built .efi binaries
* signing: Use the -unsigned packages as signed build-depends
[ Jiajie Chen ]
* d/p/sb/efi-use-peimage-shim.patch: add loong64 suppport
[ Felix Zielcke ]
* Update Breaks/Replaces -efi-{ia32,amd64}-bin to << 2.12-3~ at -unsigned packages.
[ Pascal Hambourg ]
* 05_debian_theme: cache background picture if not in /boot/grub filesystem
* debian/default/grub: Replace 'vbeinfo' with 'videoinfo'
* debian/default/grub: Document /etc/default/grub.d/*.cfg
[ Tianyu Chen ]
* Make grub-common Breaks grub-efi-*-signed (<< 1+2.12~rc1)
grub2 (2.12-2) unstable; urgency=medium
[ Mate Kukri ]
* Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
* d/build-efi-images: Make sure downstream didn't remove peimage SBAT
entry
* SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
- CVE-2024-2312
[ Julian Andres Klode ]
* Bump SBAT level to `grub.peimage,2`; and also bump `grub.debian,5` to
make sure we can revoke any downstream users of peimage that forgot to
include the grub.peimage component if that should become necessary.
-- Mate Kukri <email address hidden> Mon, 22 Jul 2024 10:55:04 +0100
-
grub2 (2.12-1ubuntu9) oracular; urgency=medium
* Cherry-pick upstream efi mm patches to avoid crashing at exit on Mu
* peimage: Improve section consistency checks, use grub_dprintf for errors
* peimage: Make sure partially loaded images are unloaded on error
* Implement support for UEFI NX mitigation
* Cherry-pick missing TDX measurements fix (LP: #2069232)
* grub-common.service: Add After/Requires=boot-complete.target (LP: #1992643)
* d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
* Cherry-pick fdtdump patch
-- Mate Kukri <email address hidden> Wed, 19 Jun 2024 11:47:16 +0100
-
grub2 (2.12-1ubuntu7) noble; urgency=medium
* d/p/grub-sort-version.patch: Also patch grub-mkconfig to export GRUB_FLAVOUR_ORDER
* d/grub-sort-version: Update regex to correctly match kernel flavour
* d/grub-sort-version: Append `-0` to abi strings before passing to python-apt (Fixes LP: #2041827)
* debian/: Add tests for grub-sort-version
* Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
* Increase SBAT level to "grub.ubuntu,2" and "grub.peimage,2"
* d/build-efi-images: Make sure downstream didn't remove peimage SBAT entry
* SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
- CVE-2024-2312
-- Mate Kukri <email address hidden> Thu, 04 Apr 2024 11:12:35 +0100