~juliank/grub/+git/ubuntu:grub-multi-install-discovery

Branch merges

Propose for merging

Merged into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu at revision ae85cfba2cca4122aa699a06442b9f9e25d3a43e

Ubuntu Core Development Team: Pending requested 2022-06-23

Diff: 13 lines (+2/-0)

1 file modified

debian/grub-multi-install (+2/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ae85cfb... by Julian Andres Klode on 2022-06-23

grub-multi-install: Reset partition type between partitions

Reconfiguring shim-signed in a lxd VM offered /dev/sda as
an ESP, which is obviously wrong.

What happened is that it did not have any ID_PART_ENTRY_TYPE
or ID_PART_ENTRY_SCHEME properties set in udev, so the eval
did not set anything, and the values from the previous partition
were reused.

LP: #1997795

9433c92... by Chris Coulson on 2022-11-18

releasing package grub2 version 2.06-2ubuntu14

5fed772... by Chris Coulson on 2022-11-17

Bump SBAT generation

57c6cdc... by Chris Coulson on 2022-11-17

Don't drop dosfstools as a build-dependency because it's required for vfat FS tests

a34484d... by Chris Coulson on 2022-11-17

Fix the squashfs tests during the build

4ac97c1... by Chris Coulson on 2022-11-17

Fix LP: #1997006 - add support for performing measurements to RTMRs

60e6f86... by Chris Coulson on 2022-11-16

Add security fixes for November 15th disclosure

  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    review:
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Enforce verification of fonts when secure boot is enabled:
    - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch

6d78e37... by Julian Andres Klode on 2022-10-20

releasing package grub2 version 2.06-2ubuntu13

2f20eb2... by Julian Andres Klode on 2022-10-18

x86-efi: Use bounce buffers for reading to addresses > 4GB

Lots of machines apparently can't DMA correctly above 4GB during UEFI,
so use bounce buffers for the initramfs read.

Signed-off-by: Peter Jones <email address hidden>

Gpb-Pq: Name rhboot-x86-efi-use-bounce-buffers.patch

x86-efi: Reduce maximum bounce buffer size to 16 MiB

The EFI linux loader allocates a bounce buffer to copy the initrd since in
some machines doing DMA on addresses above 4GB is not possible during EFI.

But the verifiers framework also allocates a buffer to copy the initrd in
its grub_file_open() handler. It does this since the data to verify has to
be passed as a single chunk to modules that use the verifiers framework.

If the initrd image size is big there may not be enough memory in the heap
to allocate two buffers of that size. This causes an allocation failure in
the verifiers framework and leads to the initrd not being read.

To prevent these allocation failures, let's reduce the maximum size of the
bounce buffer used in the EFI loader. Since the data read can be copied to
the actual initrd address in multilple chunks.

Resolves: rhbz#1838633

Signed-off-by: Javier Martinez Canillas <email address hidden>
Gbp-Pq: Name rhboot-bounce-buffers.patch

a093515... by Julian Andres Klode on 2022-10-04

Try to pick better locations for kernel and initrd

LP: #1989446