grub2 2.04-1ubuntu42 source package in Ubuntu
Changelog
grub2 (2.04-1ubuntu42) hirsute; urgency=medium * SECURITY UPDATE: acpi command allows privilleged user to load crafted ACPI tables when secure boot is enabled. - 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't register the acpi command when secure boot is enabled. - CVE-2020-14372 * SECURITY UPDATE: use-after-free in rmmod command - 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't allow rmmod to unload modules that are dependencies of other modules. - CVE-2020-25632 * SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize() - 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - CVE-2020-25647 * SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline - 0206-kern-parser-Introduce-process_char-helper.patch, 0207-kern-parser-Introduce-terminate_arg-helper.patch, 0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch, 0209-kern-buffer-Add-variable-sized-heap-buffer.patch, 0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable sized heap buffer type and use this. - CVE-2020-27749 * SECURITY UPDATE: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled. - 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch: Don't register cutmem and badram commands when secure boot is enabled. - CVE-2020-27779 * SECURITY UPDATE: heap out-of-bounds write in short form option parser. - 0173-lib-arg-Block-repeated-short-options-that-require-an.patch: Block repeated short options that require an argument. - CVE-2021-20225 * SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space required for quoting. - 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix quoting in setparams_prefix() - CVE-2021-20233 * Partially backport the lockdown framework to restrict certain features when secure boot is enabled. * Backport various fixes for Coverity defects. * Add SBAT metadata to the grub EFI binary. - Backport patches to support adding SBAT metadata with grub-mkimage: + 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch + 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch + 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch + 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch + 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch + 0217-util-mkimage-Improve-data_size-value-calculation.patch + 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch + 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - Add debian/sbat.csv.in - Update debian/build-efi-image and debian/rules [ Dimitri John Ledkov & Steve Langasek LP: #1915536 ] * Allow grub-efi-amd64|arm64 & -bin & -dbg be built by src:grub2-unsigned (potentially of a higher version number). * Add debian/rules generate-grub2-unsigned target to quickly build src:grub2-unsigned for binary-copy backports. * postinst: allow postinst to with with or without grub-multi-install binary. * postinst: allow using various grub-install options to achieve --no-extra-removable. * postinst: only call grub-check-signatures if it exists. * control: relax dependency on grub2-common, as maintainer script got fixed up to work with grub2-common/grub-common as far back as trusty. * control: allow higher version depdencies from grub-efi package. * dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as postinst script uses that directory, and yet relies on grub-common to create/ship it, which is not true in older releases. Also make sure dh_installdirs runs after the .dirs files are generated. -- Dimitri John Ledkov <email address hidden> Tue, 23 Feb 2021 16:23:39 +0000
Upload details
- Uploaded by:
- Dimitri John Ledkov
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
grub2_2.04.orig.tar.xz | 6.1 MiB | e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d |
grub2_2.04.orig.tar.xz.asc | 833 bytes | 955cc63196020e3a70dbb1834ec8b6a1808b1100bc878431c52aa0dd7e6a2532 |
grub2_2.04-1ubuntu42.debian.tar.xz | 1.2 MiB | 86287d8694c52ac63ae6efc5e65d88ce3f23e026ca225971414b6fbe6c16e8d8 |
grub2_2.04-1ubuntu42.dsc | 7.1 KiB | b06c339adf06e582d1b48ada9578898558a7274d7c17674c45e0a867a7766f87 |
Available diffs
Binary packages built by this source
- grub-common: No summary available for grub-common in ubuntu hirsute.
No description available for grub-common in ubuntu hirsute.
- grub-common-dbgsym: No summary available for grub-common-dbgsym in ubuntu hirsute.
No description available for grub-common-dbgsym in ubuntu hirsute.
- grub-coreboot: No summary available for grub-coreboot in ubuntu hirsute.
No description available for grub-coreboot in ubuntu hirsute.
- grub-coreboot-bin: No summary available for grub-coreboot-bin in ubuntu hirsute.
No description available for grub-coreboot-bin in ubuntu hirsute.
- grub-coreboot-dbg: No summary available for grub-coreboot-dbg in ubuntu hirsute.
No description available for grub-coreboot-dbg in ubuntu hirsute.
- grub-efi: No summary available for grub-efi in ubuntu hirsute.
No description available for grub-efi in ubuntu hirsute.
- grub-efi-amd64-signed-template: No summary available for grub-efi-amd64-signed-template in ubuntu hirsute.
No description available for grub-efi-
amd64-signed- template in ubuntu hirsute.
- grub-efi-arm: No summary available for grub-efi-arm in ubuntu hirsute.
No description available for grub-efi-arm in ubuntu hirsute.
- grub-efi-arm-bin: No summary available for grub-efi-arm-bin in ubuntu hirsute.
No description available for grub-efi-arm-bin in ubuntu hirsute.
- grub-efi-arm-dbg: No summary available for grub-efi-arm-dbg in ubuntu hirsute.
No description available for grub-efi-arm-dbg in ubuntu hirsute.
- grub-efi-arm64-signed-template: No summary available for grub-efi-arm64-signed-template in ubuntu hirsute.
No description available for grub-efi-
arm64-signed- template in ubuntu hirsute.
- grub-efi-ia32: No summary available for grub-efi-ia32 in ubuntu hirsute.
No description available for grub-efi-ia32 in ubuntu hirsute.
- grub-efi-ia32-bin: No summary available for grub-efi-ia32-bin in ubuntu hirsute.
No description available for grub-efi-ia32-bin in ubuntu hirsute.
- grub-efi-ia32-dbg: No summary available for grub-efi-ia32-dbg in ubuntu hirsute.
No description available for grub-efi-ia32-dbg in ubuntu hirsute.
- grub-emu: No summary available for grub-emu in ubuntu hirsute.
No description available for grub-emu in ubuntu hirsute.
- grub-emu-dbg: No summary available for grub-emu-dbg in ubuntu hirsute.
No description available for grub-emu-dbg in ubuntu hirsute.
- grub-firmware-qemu: No summary available for grub-firmware-qemu in ubuntu hirsute.
No description available for grub-firmware-qemu in ubuntu hirsute.
- grub-ieee1275: No summary available for grub-ieee1275 in ubuntu hirsute.
No description available for grub-ieee1275 in ubuntu hirsute.
- grub-ieee1275-bin: No summary available for grub-ieee1275-bin in ubuntu hirsute.
No description available for grub-ieee1275-bin in ubuntu hirsute.
- grub-ieee1275-bin-dbgsym: No summary available for grub-ieee1275-bin-dbgsym in ubuntu hirsute.
No description available for grub-ieee1275-
bin-dbgsym in ubuntu hirsute.
- grub-ieee1275-dbg: No summary available for grub-ieee1275-dbg in ubuntu hirsute.
No description available for grub-ieee1275-dbg in ubuntu hirsute.
- grub-linuxbios: No summary available for grub-linuxbios in ubuntu hirsute.
No description available for grub-linuxbios in ubuntu hirsute.
- grub-pc: No summary available for grub-pc in ubuntu hirsute.
No description available for grub-pc in ubuntu hirsute.
- grub-pc-bin: No summary available for grub-pc-bin in ubuntu hirsute.
No description available for grub-pc-bin in ubuntu hirsute.
- grub-pc-bin-dbgsym: No summary available for grub-pc-bin-dbgsym in ubuntu hirsute.
No description available for grub-pc-bin-dbgsym in ubuntu hirsute.
- grub-pc-dbg: No summary available for grub-pc-dbg in ubuntu hirsute.
No description available for grub-pc-dbg in ubuntu hirsute.
- grub-rescue-pc: No summary available for grub-rescue-pc in ubuntu hirsute.
No description available for grub-rescue-pc in ubuntu hirsute.
- grub-theme-starfield: No summary available for grub-theme-starfield in ubuntu hirsute.
No description available for grub-theme-
starfield in ubuntu hirsute.
- grub-uboot: No summary available for grub-uboot in ubuntu hirsute.
No description available for grub-uboot in ubuntu hirsute.
- grub-uboot-bin: No summary available for grub-uboot-bin in ubuntu hirsute.
No description available for grub-uboot-bin in ubuntu hirsute.
- grub-uboot-dbg: No summary available for grub-uboot-dbg in ubuntu hirsute.
No description available for grub-uboot-dbg in ubuntu hirsute.
- grub-xen: No summary available for grub-xen in ubuntu hirsute.
No description available for grub-xen in ubuntu hirsute.
- grub-xen-bin: No summary available for grub-xen-bin in ubuntu hirsute.
No description available for grub-xen-bin in ubuntu hirsute.
- grub-xen-dbg: No summary available for grub-xen-dbg in ubuntu hirsute.
No description available for grub-xen-dbg in ubuntu hirsute.
- grub-xen-host: No summary available for grub-xen-host in ubuntu hirsute.
No description available for grub-xen-host in ubuntu hirsute.
- grub2: No summary available for grub2 in ubuntu hirsute.
No description available for grub2 in ubuntu hirsute.
- grub2-common: No summary available for grub2-common in ubuntu hirsute.
No description available for grub2-common in ubuntu hirsute.
- grub2-common-dbgsym: No summary available for grub2-common-dbgsym in ubuntu hirsute.
No description available for grub2-common-dbgsym in ubuntu hirsute.