Merge ~mkukri/grub:ubuntu into ~ubuntu-core-dev/grub/+git/ubuntu:master
- Git
- lp:~mkukri/grub
- ubuntu
- Merge into master
Proposed by
Mate Kukri
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Julian Andres Klode | ||||||||
Merged at revision: | b64aac60df87dbd18ae956dc51bb0430f7d978a1 | ||||||||
Proposed branch: | ~mkukri/grub:ubuntu | ||||||||
Merge into: | ~ubuntu-core-dev/grub/+git/ubuntu:master | ||||||||
Diff against target: |
95559 lines (+35434/-11890) 299 files modified
ChangeLog (+1496/-0) INSTALL (+1/-1) Makefile.in (+43/-28) Makefile.util.am (+10/-1) Makefile.util.def (+7/-1) NEWS (+20/-0) autogen.sh (+1/-1) conf/Makefile.common (+1/-1) config-util.h.in (+7/-4) config.h.in (+2/-0) configure (+191/-59) configure.ac (+101/-36) debian/build-efi-images (+13/-13) debian/canonical-uefi-ca.crt (+25/-0) debian/changelog (+2069/-0) debian/control (+17/-20) debian/grub-check-signatures (+136/-0) debian/grub-common.dirs (+1/-0) debian/grub-common.install.in (+5/-0) debian/grub-common.templates (+53/-0) debian/grub-multi-install (+419/-0) debian/grub-sort-version (+56/-0) debian/patches/Revert-kern-ieee1275-cmain-ppc64-Introduce-flags-to-ident.patch (+52/-0) debian/patches/Revert-kern-ieee1275-ieee1275-Display-successful-memory-c.patch (+52/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Add-support-for-alignment.patch (+48/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Decide-by-request-whether.patch (+60/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Display-upper_mem_limit-w.patch (+24/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Fix-a-comment.patch (+22/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Introduce-a-request-for-r.patch (+164/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Rename-regions_claim-to-g.patch (+58/-0) debian/patches/Revert-kern-ieee1275-init-ppc64-Return-allocated-address-.patch (+36/-0) debian/patches/Revert-loader-powerpc-ieee1275-Use-new-allocation-functio.patch (+99/-0) debian/patches/efi-variable-storage-minimise-writes.patch (+6/-6) debian/patches/extra_deps_lst.patch (+17/-0) debian/patches/fdt-device-tree-fixup-protocol.patch (+1/-1) debian/patches/gfxpayload-dynamic.patch (+6/-6) debian/patches/grub-install-pvxen-paths.patch (+3/-3) debian/patches/grub-legacy-0-based-partitions.patch (+1/-1) debian/patches/grub-sort-version.patch (+37/-0) debian/patches/hwmatch-only-on-grub-pc-platform.patch (+2/-2) debian/patches/insmod-xzio-and-lzopio-on-xen.patch (+2/-2) debian/patches/install-efi-adjust-distributor.patch (+1/-1) debian/patches/install-locale-langpack.patch (+7/-7) debian/patches/install-powerpc-machtypes.patch (+1/-1) debian/patches/install-stage2-confusion.patch (+2/-2) debian/patches/maybe-quiet.patch (+6/-6) debian/patches/mkconfig-loopback.patch (+2/-2) debian/patches/mkconfig-nonexistent-loopback.patch (+1/-1) debian/patches/mkconfig-recovery-title.patch (+8/-8) debian/patches/mkconfig-ubuntu-distributor.patch (+1/-1) debian/patches/mkconfig-ubuntu-recovery.patch (+19/-11) debian/patches/network/bootp-new-net_bootp6-command.patch (+1/-1) debian/patches/network/efinet-Configure-network-from-UEFI-device-path.patch (+1/-1) debian/patches/network/efinet-add-structures-for-PXE-messages.patch (+1/-1) debian/patches/network/efinet-set-dns-from-uefi-proto.patch (+1/-1) debian/patches/network/http-prepend-prefix-when-the-http-path-is-relative.patch (+2/-2) debian/patches/network/net-http-check-result-of-grub_netbuff_put-in-http_receive.patch (+2/-2) debian/patches/network/support-uefi-networking-protocols.patch (+13/-15) debian/patches/network/try-prefixes-for-tftp-config-file.patch (+2/-2) debian/patches/olpc-prefix-hack.patch (+4/-4) debian/patches/pc-verifiers-module.patch (+2/-2) debian/patches/quick-boot.patch (+6/-6) debian/patches/recovery-dis_ucode_ldr.patch (+2/-2) debian/patches/restore-mkdevicemap.patch (+1/-1) debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch (+23/-0) debian/patches/rhboot-f34-make-exit-take-a-return-code.patch (+280/-0) debian/patches/secure-boot/efi-use-peimage-shim.patch (+1/-1) debian/patches/secure-boot/loader-framework.patch (+7/-7) debian/patches/secure-boot/revert-efi-fallback-to-legacy.patch (+27/-8) debian/patches/series (+42/-14) debian/patches/suse-grub.texi-add-net_bootp6-document.patch (+49/-0) debian/patches/ubuntu-add-devicetree-command-support.patch (+51/-0) debian/patches/ubuntu-add-initrd-less-boot-fallback.patch (+212/-0) debian/patches/ubuntu-add-initrd-less-boot-messages.patch (+68/-0) debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch (+68/-0) debian/patches/ubuntu-dont-verify-loopback-images.patch (+35/-0) debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch (+29/-0) debian/patches/ubuntu-grub-install-extra-removable.patch (+65/-39) debian/patches/ubuntu-install-signed.patch (+43/-42) debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch (+28/-0) debian/patches/ubuntu-os-prober-auto.patch (+51/-0) debian/patches/ubuntu-recovery-dis_ucode_ldr.patch (+67/-0) debian/patches/ubuntu-resilient-boot-boot-order.patch (+236/-0) debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch (+212/-0) debian/patches/ubuntu-shorter-version-info.patch (+40/-0) debian/patches/ubuntu-speed-zsys-history.patch (+157/-0) debian/patches/ubuntu-support-initrd-less-boot.patch (+80/-0) debian/patches/ubuntu-verifiers-last.patch (+59/-0) debian/patches/ubuntu-zfs-enhance-support.patch (+1048/-0) debian/patches/ubuntu-zfs-gfxpayload-dynamic.patch (+95/-0) debian/patches/ubuntu-zfs-gfxpayload-keep-default.patch (+38/-0) debian/patches/ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch (+32/-0) debian/patches/ubuntu-zfs-mkconfig-recovery-title.patch (+49/-0) debian/patches/ubuntu-zfs-mkconfig-signed-kernel.patch (+93/-0) debian/patches/ubuntu-zfs-mkconfig-ubuntu-distributor.patch (+36/-0) debian/patches/ubuntu-zfs-mkconfig-ubuntu-recovery.patch (+66/-0) debian/patches/ubuntu-zfs-vt-handoff.patch (+77/-0) debian/patches/uefi-secure-boot-cryptomount.patch (+2/-2) debian/patches/vt-handoff.patch (+6/-6) debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch (+1/-1) debian/patches/zpool-full-device-name.patch (+1/-1) debian/po/ar.po (+99/-18) debian/po/ast.po (+107/-18) debian/po/be.po (+118/-18) debian/po/bg.po (+119/-18) debian/po/ca.po (+120/-18) debian/po/cs.po (+118/-18) debian/po/cy.po (+120/-18) debian/po/da.po (+119/-18) debian/po/de.po (+122/-18) debian/po/dz.po (+107/-18) debian/po/el.po (+134/-33) debian/po/eo.po (+118/-18) debian/po/es.po (+119/-18) debian/po/eu.po (+118/-18) debian/po/fa.po (+108/-18) debian/po/fi.po (+118/-18) debian/po/fr.po (+136/-33) debian/po/gl.po (+108/-18) debian/po/gu.po (+106/-18) debian/po/he.po (+117/-18) debian/po/hr.po (+118/-18) debian/po/hu.po (+109/-18) debian/po/id.po (+119/-18) debian/po/is.po (+119/-18) debian/po/it.po (+120/-18) debian/po/ja.po (+119/-18) debian/po/ka.po (+87/-18) debian/po/kk.po (+119/-18) debian/po/km.po (+106/-18) debian/po/ko.po (+118/-18) debian/po/lt.po (+118/-18) debian/po/lv.po (+118/-18) debian/po/mr.po (+117/-18) debian/po/nb.po (+129/-31) debian/po/nl.po (+120/-18) debian/po/pl.po (+120/-18) debian/po/pt.po (+120/-18) debian/po/pt_BR.po (+120/-18) debian/po/ro.po (+265/-157) debian/po/ru.po (+127/-27) debian/po/si.po (+106/-18) debian/po/sk.po (+107/-18) debian/po/sl.po (+118/-18) debian/po/sq.po (+105/-18) debian/po/sr.po (+107/-18) debian/po/sr@latin.po (+107/-18) debian/po/sv.po (+119/-18) debian/po/ta.po (+106/-18) debian/po/templates.pot (+87/-18) debian/po/th.po (+117/-18) debian/po/tr.po (+118/-18) debian/po/ug.po (+119/-18) debian/po/uk.po (+118/-18) debian/po/vi.po (+119/-18) debian/po/zh_CN.po (+105/-18) debian/po/zh_TW.po (+116/-18) debian/postinst.in (+74/-4) debian/rules (+81/-11) debian/sbat.ubuntu.csv.in (+4/-0) debian/signing-template/control.in (+1/-1) debian/templates.in (+78/-8) dev/null (+0/-48) docs/Makefile.in (+1/-0) docs/grub-dev.info (+55/-55) docs/grub-dev.texi (+8/-2) docs/grub.info (+265/-263) docs/grub.info-1 (+155/-186) docs/grub.info-2 (+123/-17) docs/grub.texi (+101/-30) docs/stamp-1 (+4/-4) docs/stamp-vti (+4/-4) docs/version-dev.texi (+4/-4) docs/version.texi (+4/-4) grub-core/Makefile.am (+4/-2) grub-core/Makefile.core.am (+1/-1) grub-core/Makefile.core.def (+1/-1) grub-core/Makefile.in (+7/-4) grub-core/commands/acpi.c (+22/-11) grub-core/commands/efi/loadbios.c (+9/-28) grub-core/commands/efi/lsefi.c (+2/-2) grub-core/commands/efi/lsefisystab.c (+8/-2) grub-core/commands/efi/lssal.c (+6/-12) grub-core/commands/efi/smbios.c (+2/-26) grub-core/commands/ls.c (+13/-13) grub-core/commands/videoinfo.c (+5/-0) grub-core/disk/cryptodisk.c (+23/-9) grub-core/disk/diskfilter.c (+1/-3) grub-core/disk/i386/pc/biosdisk.c (+4/-1) grub-core/efiemu/runtime/efiemu.c (+31/-10) grub-core/fs/archelp.c (+8/-0) grub-core/fs/btrfs.c (+2/-0) grub-core/fs/ntfs.c (+105/-16) grub-core/fs/xfs.c (+65/-24) grub-core/fs/zfs/zfs.c (+22/-7) grub-core/fs/zfs/zfsinfo.c (+2/-2) grub-core/genmoddep.awk (+4/-0) grub-core/gfxmenu/gui_image.c (+7/-4) grub-core/kern/acpi.c (+8/-0) grub-core/kern/efi/acpi.c (+2/-24) grub-core/kern/efi/efi.c (+18/-0) grub-core/kern/efi/fdt.c (+6/-14) grub-core/kern/efi/init.c (+3/-2) grub-core/kern/efi/sb.c (+8/-0) grub-core/kern/i386/pc/init.c (+10/-1) grub-core/kern/ieee1275/cmain.c (+7/-1) grub-core/kern/ieee1275/ieee1275.c (+3/-0) grub-core/kern/ieee1275/init.c (+200/-15) grub-core/kern/misc.c (+2/-2) grub-core/kern/mm.c (+2/-2) grub-core/lib/gnulib/Makefile.in (+1/-0) grub-core/lib/i386/relocator64.S (+1/-1) grub-core/lib/libgcrypt-grub/cipher/ChangeLog (+1/-1) grub-core/loader/efi/linux.c (+3/-0) grub-core/loader/i386/bsdXX.c (+12/-8) grub-core/loader/i386/linux.c (+12/-0) grub-core/loader/i386/xnu.c (+1/-1) grub-core/loader/powerpc/ieee1275/linux.c (+46/-9) grub-core/net/http.c (+2/-6) grub-core/osdep/bsd/hostdisk.c (+6/-2) grub-core/osdep/generic/blocklist.c (+26/-2) grub-core/osdep/unix/getroot.c (+6/-6) grub-core/partmap/gpt.c (+3/-0) grub-core/term/ns8250-spcr.c (+3/-1) grub-core/term/serial.c (+4/-1) grub-core/video/efi_gop.c (+4/-0) include/grub/disk.h (+3/-0) include/grub/efi/api.h (+6/-6) include/grub/efi/efi.h (+3/-0) include/grub/efi/pe32.h (+6/-0) include/grub/efiemu/efiemu.h (+2/-2) include/grub/efiemu/runtime.h (+1/-1) include/grub/gpt_partition.h (+1/-1) include/grub/i386/linux.h (+13/-2) include/grub/ieee1275/alloc.h (+39/-0) include/grub/ieee1275/ieee1275.h (+4/-0) include/grub/powerpc/ieee1275/ieee1275.h (+3/-0) include/grub/sparc64/ieee1275/ieee1275.h (+3/-0) include/grub/types.h (+11/-2) include/grub/util/libnvpair.h (+9/-3) po/LINGUAS (+1/-1) po/POTFILES.in (+1/-0) po/ast.po (+180/-153) po/ca.po (+180/-153) po/da.po (+180/-153) po/de.po (+418/-394) po/de@hebrew.po (+410/-386) po/de_CH.po (+419/-394) po/en@arabic.po (+185/-156) po/en@cyrillic.po (+185/-156) po/en@greek.po (+185/-156) po/en@hebrew.po (+185/-156) po/en@piglatin.po (+187/-156) po/en@quot.po (+185/-156) po/eo.po (+180/-153) po/es.po (+180/-153) po/fi.po (+181/-154) po/fr.po (+393/-358) po/gl.po (+180/-153) po/grub.pot (+181/-154) po/he.po (+7539/-0) po/hr.po (+181/-154) po/hu.po (+181/-154) po/id.po (+181/-154) po/it.po (+180/-153) po/ja.po (+180/-153) po/ka.po (+324/-326) po/ko.po (+378/-369) po/lg.po (+180/-153) po/lt.po (+180/-153) po/nb.po (+181/-154) po/nl.po (+181/-154) po/pa.po (+180/-153) po/pl.po (+383/-382) po/pt.po (+181/-154) po/pt_BR.po (+180/-153) po/ro.po (+432/-413) po/ru.po (+181/-154) po/sl.po (+180/-153) po/sr.po (+383/-369) po/sv.po (+181/-154) po/tr.po (+180/-153) po/uk.po (+382/-369) po/vi.po (+385/-377) po/zh_CN.po (+374/-374) po/zh_TW.po (+180/-153) tests/serial_test.in (+55/-0) tests/util/grub-shell-luks-tester.in (+8/-3) tests/util/grub-shell.in (+26/-13) util/bash-completion.d/Makefile.in (+1/-0) util/editenv.c (+2/-2) util/getroot.c (+3/-3) util/grub-install-common.c (+31/-18) util/grub-install.c (+32/-30) util/grub-mkconfig_lib.in (+54/-0) util/grub-mkstandalone.c (+29/-8) util/grub-mount.c (+3/-0) util/grub.d/20_linux_xen.in (+8/-8) util/grub.d/25_bli.in (+1/-1) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Julian Andres Klode | Pending | ||
Review via email: mp+459698@code.launchpad.net |
Commit message
Rebase on top of grub2 2.12-1 from Debian sid.
Passed all automated, and some manual testing.
Also fixes the 'single recovery' issue.
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/ChangeLog b/ChangeLog |
2 | index 2f75a1d..f33a8db 100644 |
3 | --- a/ChangeLog |
4 | +++ b/ChangeLog |
5 | @@ -1,3 +1,1499 @@ |
6 | +2023-12-20 Daniel Kiper <daniel.kiper@oracle.com> |
7 | + |
8 | + Release 2.12 |
9 | + |
10 | +2023-12-20 Glenn Washburn <development@efficientek.com> |
11 | + |
12 | + efi: Add support for reproducible builds |
13 | + Having randomly generated bytes in the binary output breaks reproducible |
14 | + builds. Since build timestamps are usually the source of irreproducibility |
15 | + there is a standard which defines an environment variable SOURCE_DATE_EPOCH |
16 | + to be used when set for build timestamps. According to the standard [1], the |
17 | + value of SOURCE_DATE_EPOCH is a base-10 integer of the number of seconds |
18 | + since the UNIX epoch. Currently, this is a 10 digit number that fits into |
19 | + 32-bits, but will not shortly after the year 2100. So to be future-proof |
20 | + only use the least significant 32-bits. On 64-bit architectures, where the |
21 | + canary is also 64-bits, there is an extra 32-bits that can be filled to |
22 | + provide more entropy. The first byte is NUL to filter out string buffer |
23 | + overflow attacks and the remaining 24-bits are set to static random bytes. |
24 | + |
25 | + [1] https://reproducible-builds.org/specs/source-date-epoch |
26 | + |
27 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
28 | + |
29 | +2023-12-20 Glenn Washburn <development@efficientek.com> |
30 | + |
31 | + efi: Generate stack protector canary at build time if urandom is available |
32 | + Generating the canary at build time allows the canary to be different for |
33 | + every build which could limit the effectiveness of certain exploits. |
34 | + Fallback to the statically generated random bytes if /dev/urandom is not |
35 | + readable, e.g. Windows. |
36 | + |
37 | + On 32-bit architectures, which use a 32-bit canary, reduce the canary to |
38 | + 4 bytes with one byte being NUL to filter out string buffer overflow attacks. |
39 | + |
40 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
41 | + |
42 | +2023-12-20 Glenn Washburn <development@efficientek.com> |
43 | + |
44 | + efi: Initialize canary to non-zero value |
45 | + The canary, __stack_chk_guard, is in the BSS and so will get initialized to |
46 | + zero if it is not explicitly initialized. If the UEFI firmware does not |
47 | + support the RNG protocol, then the canary will not be randomized and will |
48 | + be zero. This seems like a possibly easier value to write by an attacker. |
49 | + Initialize canary to static random bytes, so that it is still random when |
50 | + there is no RNG protocol. Set at least one byte to NUL to protect against |
51 | + string buffer overflow attacks [1]. Code that writes NUL terminated strings |
52 | + will terminate when a NUL is encountered in the input byte stream. So the |
53 | + attacker will not be able to forge the canary by including it in the input |
54 | + stream without terminating the string operation and thus limiting the |
55 | + stack corruption. |
56 | + |
57 | + [1] https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage/ |
58 | + |
59 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
60 | + |
61 | +2023-12-14 Alec Brown <alec.r.brown@oracle.com> |
62 | + |
63 | + gfxmenu/gui_image: Fix double free of bitmap |
64 | + In grub-core/gfxmenu/gui_image.c, Coverity detected a double free in the |
65 | + function load_image(). The function checks if self->bitmap and self->raw_bitmap |
66 | + aren't NULL and then frees them. In the case self->bitmap and self->raw_bitmap |
67 | + are the same, only self->raw_bitmap is freed which would also free the memory |
68 | + used by self->bitmap. However, in this case self->bitmap isn't being set to NULL |
69 | + which could lead to a double free later in the code. After self->raw_bitmap is |
70 | + freed, it gets set to the variable bitmap. If this variable is NULL, the code |
71 | + could have a path that would free self->bitmap a second time in the function |
72 | + rescale_image(). |
73 | + |
74 | + Fixes: CID 292472 |
75 | + |
76 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
77 | + |
78 | +2023-12-13 Qiumiao Zhang <zhangqiumiao1@huawei.com> |
79 | + |
80 | + commands/acpi: Fix calculation of ACPI tables addresses when processing RSDT and XSDT |
81 | + According to the ACPI specification the XSDT Entry field contains an array |
82 | + of 64-bit physical addresses which points to other DESCRIPTION_HEADERs. However, |
83 | + the entry_ptr iterator is defined as a 32-bit pointer. It means each 64-bit |
84 | + entry in the XSDT table is treated as two separate 32-bit entries then. Fix the |
85 | + issue by using correct addresses sizes when processing RSDT and XSDT tables. |
86 | + |
87 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
88 | + |
89 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
90 | + |
91 | + libnvpair: Support prefixed nvlist symbol names as found on NetBSD |
92 | + NetBSD uses slightly different function names for the same functions. |
93 | + |
94 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
95 | + |
96 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
97 | + |
98 | + bootstrap: Don't check gettext version |
99 | + NetBSD gettext is older than the check but we don't actually need 0.18.3, |
100 | + older one works fine. This is needed to make bootstrap work on NetBSD. |
101 | + |
102 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
103 | + |
104 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
105 | + |
106 | + kern/mm: Use %x and cast for displaying sizeof() |
107 | + There is some variance in how compiler treats sizeof() especially |
108 | + on 32-bit platforms where it can be naturally either int or long. |
109 | + Explicit cast solves the issue. |
110 | + |
111 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
112 | + |
113 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
114 | + |
115 | + configure: Add RPATH for freetype on NetBSD |
116 | + Without this build-time mkfont fails dynamic linking. This is not ideal |
117 | + but improves the situation until a better solution is available. |
118 | + |
119 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
120 | + |
121 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
122 | + |
123 | + configure: Add *BSD font paths |
124 | + *BSD puts fonts in other places. Add them to the list. |
125 | + |
126 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
127 | + |
128 | +2023-12-13 Vladimir Serbinenko <phcoder@gmail.com> |
129 | + |
130 | + autogen: Accept python3.10 as a python alternative |
131 | + NetBSD doesn't provide python or python3. |
132 | + |
133 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
134 | + |
135 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
136 | + |
137 | + build: Rename HAVE_LIBZFS to USE_LIBZFS |
138 | + The HAVE_LIBZFS is defined by libzfs test and hence conflicts with |
139 | + manual definition. On NetBSD it ends up detecting zfs but not detecting |
140 | + nvpair and creates confusion. Split them. |
141 | + |
142 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
143 | + |
144 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
145 | + |
146 | + gnulib: Tolerate always_inline attribute being ignored |
147 | + It's not critical, -Werror on it is inappropriate. We don't want to |
148 | + modify gnulib too much. This warning is pretty much irrelevant. |
149 | + |
150 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
151 | + |
152 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
153 | + |
154 | + util/editenv: Don't use %m formatter |
155 | + It's not available on NetBSD outside of syslog. Using strerror() is more |
156 | + reliable as we retrieve errno immediately rather than down the stack. |
157 | + |
158 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
159 | + |
160 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
161 | + |
162 | + osdep/bsd/hostdisk: Fix NetBSD compilation |
163 | + Wrong function and variable name cause a stupid compilation error on |
164 | + NetBSD and OpenBSD. Only NetBSD and OpenBSD use this file. No other |
165 | + platform is affected. |
166 | + |
167 | + Additionally, define RAW_FLOPPY_MAJOR constant if it is missing. |
168 | + |
169 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
170 | + |
171 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
172 | + |
173 | + osdep/generic/blocklist: Fix compilation |
174 | + After recent change in blocklist types we have a type mismatch. Fixing it |
175 | + requires a wrapper or large changes. I feel like wrapper makes more sense. |
176 | + |
177 | + Without this patch we end up with a compilation problem and without wrapping |
178 | + callback data is not passed properly anymore. |
179 | + |
180 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
181 | + |
182 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
183 | + |
184 | + disk/diskfilter: Remove unused variable |
185 | + Variable e is set but never used. We can just remove it now. |
186 | + |
187 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
188 | + |
189 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
190 | + |
191 | + build: Tolerate unused-but-set in generated lexer/bison files |
192 | + We don't really control the small aspects of generated files and NetBSD |
193 | + version has an unused variable that is then detected by gcc as warning |
194 | + that is then promoted to error. |
195 | + |
196 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
197 | + |
198 | +2023-12-12 Vladimir Serbinenko <phcoder@gmail.com> |
199 | + |
200 | + loader/i386/bsdXX: Fix loading after unaligned module |
201 | + Current code implicitly assumes that aligning chunk_size + *kern_end is |
202 | + the same as aligning on curload which is not the case because |
203 | + chunk_size starts at zero even if *kern_end is unaligned and ALIGN_PAGE |
204 | + moved curload to an aligned position but not *kern_end + chunk_size. |
205 | + |
206 | + This fixes booting of FreeBSD with zfs module. |
207 | + |
208 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
209 | + |
210 | +2023-12-12 Mate Kukri <mate.kukri@canonical.com> |
211 | + |
212 | + grub-core/Makefile.am: Make path to extra_deps.lst relative to $(top_srcdir)/grub-core |
213 | + The commit 154dcb1ae (build: Allow explicit module dependencies) broke |
214 | + out of tree builds by introducing the extra_deps.lst file into the |
215 | + source tree but referencing it just by name in grub-core/Makefile.am. |
216 | + Fix it by adding $(top_srcdir)/grub-core to the path. |
217 | + |
218 | + Fixes: 154dcb1ae (build: Allow explicit module dependencies) |
219 | + |
220 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
221 | + |
222 | +2023-12-12 Mate Kukri <mate.kukri@canonical.com> |
223 | + |
224 | + util/grub-install: Move platdir path canonicalization after files were copied to grubdir |
225 | + The commit 3f9eace2d (util/grub-install: Delay copying files to |
226 | + {grubdir,platdir} after install_device was validated) delaying |
227 | + copying of files caused a regression when installing without an |
228 | + existing directory structure. |
229 | + |
230 | + This patch ensures that the platform directory actually exists by the |
231 | + time the code tries to canonicalize its filename. |
232 | + |
233 | + Fixes: 3f9eace2d (util/grub-install: Delay copying files to {grubdir,platdir} after install_device was validated) |
234 | + |
235 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
236 | + |
237 | +2023-12-12 Michael Chang <mchang@suse.com> |
238 | + |
239 | + util/grub-mkstandalone: Ensure deterministic tar file creation by sorting contents |
240 | + The add_tar_files() function currently iterates through a directory's |
241 | + content using readdir(), which doesn't guarantee a specific order. This |
242 | + lack of deterministic behavior impacts reproducibility in the build process. |
243 | + |
244 | + This commit resolves the issue by introducing sorting functionality. |
245 | + The list retrieved by readdir() is now sorted alphabetically before |
246 | + incorporation into the tar archive, ensuring consistent and predictable |
247 | + file ordering within the archive. |
248 | + |
249 | + On the occasion fix tfp memory leak. |
250 | + |
251 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
252 | + |
253 | +2023-12-12 Michael Chang <mchang@suse.com> |
254 | + |
255 | + util/grub-mkstandalone: Ensure stable timestamps for generated images |
256 | + This change mirrors a previous fix [1] but is specific to images |
257 | + generated by grub-mkstandalone. |
258 | + |
259 | + The former fix, commit 85a7be241 (util/mkimage: Use stable timestamp |
260 | + when generating binaries.), focused on utilizing a stable timestamp |
261 | + during binary generation in the util/mkimage context. This commit |
262 | + extends that approach to the images produced by grub-mkstandalone, |
263 | + ensuring consistency and stability in timestamps across all generated |
264 | + binaries. |
265 | + |
266 | + [1] 85a7be241 util/mkimage: Use stable timestamp when generating binaries. |
267 | + |
268 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
269 | + |
270 | +2023-12-05 Mate Kukri <mate.kukri@canonical.com> |
271 | + |
272 | + net/http: Fix gcc-13 errors relating to type signedness |
273 | + Replace definition of HTTP_PORT with a pre-processor macro that converts |
274 | + the constant to the correct grub_uint16_t type. |
275 | + |
276 | + Change "port" local variable definition in http_establish() to have the |
277 | + same type. |
278 | + |
279 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com |
280 | + |
281 | +2023-12-05 Julian Andres Klode <julian.klode@canonical.com> |
282 | + |
283 | + templates: Reinstate unused version comparison functions with warning |
284 | + Revert the commit a79c567f6 (templates: Remove unused version comparison |
285 | + functions) and add a warning to the functions that they are deprecated. |
286 | + |
287 | + Removing the functions directly caused a lot of upgrade issues |
288 | + with custom user scripts that called the functions. In Debian and |
289 | + Ubuntu, grub-mkconfig is invoked as a post-installation script |
290 | + and would fail, causing upgrades to fail halfway through and |
291 | + putting the package manager into an inconsistent state. |
292 | + |
293 | + FWIW, we get one bug per 2 weeks basically, for an interim Ubuntu |
294 | + release which generally does not receive much usage, that is a high |
295 | + number. |
296 | + |
297 | + The proposal is to pick this for 2.12 and directly after the release |
298 | + remove it again. Then users will have time to fix their scripts without |
299 | + systems breaking immediately. |
300 | + |
301 | + This reverts commit a79c567f6 (templates: Remove unused version |
302 | + comparison functions). |
303 | + |
304 | + Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> |
305 | + Cc: Daniel Kiper <daniel.kiper@oracle.com> |
306 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
307 | + |
308 | +2023-12-05 Mate Kukri <mate.kukri@canonical.com> |
309 | + |
310 | + util/grub-install: Delay copying files to {grubdir,platdir} after install_device was validated |
311 | + Previously grub-install copied modules to grubdir before doing any |
312 | + validation on the install_device. |
313 | + |
314 | + When grub-install was called with an invalid install_device, modules |
315 | + were already copied to /boot before it found out and was forced to rely |
316 | + on atexit() rollback. |
317 | + |
318 | + This patch delays copying the modules after at least some install_device |
319 | + validation was done, and thus reduces reliance on successful rollback. |
320 | + |
321 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
322 | + |
323 | +2023-12-05 Julian Andres Klode <julian.klode@canonical.com> |
324 | + |
325 | + efi: Set shim_lock_enabled even if validation is disabled |
326 | + If validation has been disabled via MokSbState, secure boot on the |
327 | + firmware is still enabled, and the kernel fails to boot. |
328 | + |
329 | + This is a bit hacky, because shim_lock is not *fully* enabled, but |
330 | + it triggers the right code paths. |
331 | + |
332 | + Ultimately, all this will be resolved by shim gaining it's own image |
333 | + loading and starting protocol, so this is more a temporary workaround. |
334 | + |
335 | + Fixes: 6425c12cd (efi: Fallback to legacy mode if shim is loaded on x86 archs) |
336 | + |
337 | + Cc: Peter Jones <pjones@redhat.com> |
338 | + Cc: Michael Chang <mchang@suse.com> |
339 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
340 | + |
341 | +2023-12-05 Oliver Steffen <osteffen@redhat.com> |
342 | + |
343 | + docs: Improve bli module documentation |
344 | + Improve the documentation of the bli module and explain in more detail what |
345 | + it does. Make clear that GPT formatted drives are expected and other |
346 | + partition formats are ignored. Also reorder and reword this section a bit. |
347 | + |
348 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
349 | + |
350 | +2023-12-05 Oliver Steffen <osteffen@redhat.com> |
351 | + |
352 | + bli: Add explicit dependency on the part_gpt module |
353 | + The bli module has a "hidden" dependency on the part_gpt module, which |
354 | + is not picked up automatically by the build system. One purpose of the |
355 | + bli module is to communicate the GPT UUID of the partition GRUB was |
356 | + launched from to Linux user-space (systemd-gpt-auto-generator). |
357 | + Without the part_gpt module, bli is not able to obtain the UUID. Since |
358 | + bli does its work in the module initialization function, the order in |
359 | + which the modules are loaded is also important: part_gpt needs to be |
360 | + loaded before the bli module. |
361 | + |
362 | + To solve this, track this dependency explicitly. |
363 | + |
364 | + Note that the Boot Loader Interface specification, which bli aims to |
365 | + implement, requires GPT formatted drives. The bli module ignores all |
366 | + other partition formats. |
367 | + |
368 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
369 | + |
370 | +2023-12-05 Oliver Steffen <osteffen@redhat.com> |
371 | + |
372 | + build: Allow explicit module dependencies |
373 | + The build system deduces inter-module dependencies from the symbols |
374 | + required and exported by the modules. This works well, except for some |
375 | + rare cases where the dependency is indirect or hidden. A module might |
376 | + not make use of any function of some other module, but still expect its |
377 | + functionality to be available to GRUB. |
378 | + |
379 | + To solve this, introduce a new file, currently empty, called extra_deps.lst |
380 | + to track these cases manually. This file gets processed in the same way |
381 | + as the automatically generated syminfo.lst, making it possible to inject |
382 | + data into the dependency resolver. |
383 | + |
384 | + Since *.lst files are set to be ignored by git, add an exception for |
385 | + extra_deps.lst. |
386 | + |
387 | + Additionally, introduce a new keyword for the syminfo.lst syntax: |
388 | + "depends" allows specifying a module dependency directly: |
389 | + |
390 | + depends <module> <depdendency>... |
391 | + |
392 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
393 | + |
394 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
395 | + |
396 | + kern/ieee1275/init/ppc64: Display upper_mem_limit when debugging |
397 | + Display upper_mem_limit and its rounded-down value in MiB. |
398 | + |
399 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
400 | + |
401 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
402 | + |
403 | + kern/ieee1275/init/ppc64: Fix a comment |
404 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
405 | + |
406 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
407 | + |
408 | + kern/ieee1275/ieee1275: Display successful memory claims when debugging |
409 | + Display successful memory claims with exact address and rounded-down |
410 | + MiB location and rounded-up size in MiB. |
411 | + |
412 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
413 | + Cc: Eric Snowberg <eric.snowberg@oracle.com> |
414 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
415 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
416 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
417 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
418 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
419 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
420 | + |
421 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
422 | + |
423 | + loader/powerpc/ieee1275: Use new allocation function for kernel and initrd |
424 | + On PowerVM and KVM on Power use the new memory allocation function that |
425 | + honors restrictions on which memory GRUB can actually use. In the request |
426 | + structure indicate the request for a single memory block along with |
427 | + address alignment restrictions. Request direct usage of the memory block |
428 | + by setting init_region to false (prevent it from being added to GRUB's |
429 | + heap). Initialize the found addr to -1, so that -1 will be returned |
430 | + to the loader in case no memory could be allocated. |
431 | + |
432 | + Report an out-of-memory error in case the initrd could not be loaded. |
433 | + |
434 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
435 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
436 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
437 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
438 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
439 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
440 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
441 | + |
442 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
443 | + |
444 | + kern/ieee1275/cmain/ppc64: Introduce flags to identify KVM and PowerVM |
445 | + Introduce flags to identify PowerVM and KVM on Power and set them where |
446 | + each type of host has been detected. |
447 | + |
448 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
449 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
450 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
451 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
452 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
453 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
454 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
455 | + |
456 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
457 | + |
458 | + kern/ieee1275/init/ppc64: Rename regions_claim() to grub_regions_claim() |
459 | + Rename regions_claim() to grub_regions_claim() to make it available for |
460 | + memory allocation. The ieee1275 loader will use this function on PowerVM |
461 | + and KVM on Power and thus avoid usage of memory that it is not allowed |
462 | + to use. |
463 | + |
464 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
465 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
466 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
467 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
468 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
469 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
470 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
471 | + |
472 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
473 | + |
474 | + kern/ieee1275/init/ppc64: Add support for alignment requirements |
475 | + Add support for memory alignment requirements and adjust a candidate |
476 | + address to it before checking whether the block is large enough. This |
477 | + must be done in this order since the alignment adjustment can make |
478 | + a block smaller than what was requested. |
479 | + |
480 | + None of the current callers has memory alignment requirements but the |
481 | + ieee1275 loader for kernel and initrd will use it to convey them. |
482 | + |
483 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
484 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
485 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
486 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
487 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
488 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
489 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
490 | + |
491 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
492 | + |
493 | + kern/ieee1275/init/ppc64: Return allocated address using context |
494 | + Return the allocated address of the memory block in the request structure |
495 | + if a memory allocation was actually done. Leave the address untouched |
496 | + otherwise. This enables a caller who wants to use the allocated memory |
497 | + directly, rather than adding the memory to the heap, to see where memory |
498 | + was allocated. None of the current callers need this but the converted |
499 | + ieee1275 loader will make use of it. |
500 | + |
501 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
502 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
503 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
504 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
505 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
506 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
507 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
508 | + |
509 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
510 | + |
511 | + kern/ieee1275/init/ppc64: Decide by request whether to initialize region |
512 | + Let the regions_claim() request structure's init_region determine whether |
513 | + to call grub_mm_init_region() on it. This allows for adding memory to |
514 | + GRUB's memory heap if init_region is set to true, or direct usage of the |
515 | + memory otherwise. Set all current callers' init_region to true since they |
516 | + want to add memory regions to GRUB's heap. |
517 | + |
518 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
519 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
520 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
521 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
522 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
523 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
524 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
525 | + |
526 | +2023-12-05 Stefan Berger <stefanb@linux.ibm.com> |
527 | + |
528 | + kern/ieee1275/init/ppc64: Introduce a request for regions_claim() |
529 | + The regions_claim() function limits the allocation of memory regions |
530 | + by excluding certain memory areas from being used by GRUB. This for |
531 | + example includes a gap between 640MB and 768MB as well as an upper |
532 | + limit beyond which no memory may be used when an fadump is present. |
533 | + However, the ieee1275 loader for kernel and initrd currently does not |
534 | + use regions_claim() for memory allocation on PowerVM and KVM on Power |
535 | + and therefore may allocate memory in those areas that it should not use. |
536 | + |
537 | + To make the regions_claim() function more flexible and ultimately usable |
538 | + for the ieee1275 loader, introduce a request structure to pass various |
539 | + parameters to the regions_claim() function that describe the properties |
540 | + of requested memory chunks. In a first step, move the total and flags |
541 | + variables into this structure. |
542 | + |
543 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
544 | + Cc: Hari Bathini <hbathini@linux.ibm.com> |
545 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
546 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
547 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
548 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
549 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
550 | + |
551 | +2023-11-22 Anthony Iliopoulos <ailiop@suse.com> |
552 | + |
553 | + fs/xfs: Add large extent counters incompat feature support |
554 | + XFS introduced 64-bit extent counters for inodes via a series of |
555 | + upstream commits and the feature was marked as stable in v6.5 via |
556 | + commit 61d7e8274cd8 (xfs: drop EXPERIMENTAL tag for large extent |
557 | + counts). |
558 | + |
559 | + Further, xfsprogs release v6.5.0 switched this feature on by default |
560 | + in mkfs.xfs via commit e5b18d7d1d96 (mkfs: enable large extent counts |
561 | + by default). |
562 | + |
563 | + Filesystems formatted with large extent count support, nrext64=1, are |
564 | + thus currently not recognizable by GRUB, since this is an incompat |
565 | + feature. Add the required support so that those filesystems and inodes |
566 | + with large extent counters can be read by GRUB. |
567 | + |
568 | + Reviewed-by: Andrey Albershteyn <aalbersh@redhat.com> |
569 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
570 | + Tested-by: Marta Lewandowska <mlewando@redhat.com> |
571 | + Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> |
572 | + |
573 | +2023-11-08 Vladimir Serbinenko <phcoder@gmail.com> |
574 | + |
575 | + gpt: Add compile time asserts for guid and gpt_partentry sizes |
576 | + With new alignment specification it's easy to screw up. Fortunately if it |
577 | + happens the size will be bigger than intended. Compile time assert will catch |
578 | + this. |
579 | + |
580 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
581 | + |
582 | +2023-11-08 Vladimir Serbinenko <phcoder@gmail.com> |
583 | + |
584 | + types: Split aligned and packed guids |
585 | + On ia64 alignment requirements are strict. When we pass a pointer to |
586 | + UUID it needs to be at least 4-byte aligned or EFI will crash. |
587 | + On the other hand in device path there is no padding for UUID, so we |
588 | + need 2 types in one formor another. Make 4-byte aligned and unaligned types |
589 | + |
590 | + The code is structured in a way to accept unaligned inputs |
591 | + in most cases and supply 4-byte aligned outputs. |
592 | + |
593 | + Efiemu case is a bit ugly because there inputs and outputs are |
594 | + reversed and so we need careful casts to account for this |
595 | + inversion. |
596 | + |
597 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
598 | + |
599 | +2023-11-06 Vladimir Serbinenko <phcoder@gmail.com> |
600 | + |
601 | + gpt_partition: Mark grub_gpt_partentry as having natural alignment |
602 | + gpt_partition contains grub_guid. We need to decide whether the whole |
603 | + structure is unaligned and then we need to use packed_guid. But we never |
604 | + have unaligned part entries as we read them in an aligned buffer from disk. |
605 | + Hence just make it all aligned. |
606 | + |
607 | +2023-11-06 Vladimir Serbinenko <phcoder@gmail.com> |
608 | + |
609 | + efi: Deduplicate configuration table search function |
610 | + We do table search in many places doing exactly the same algorithm. |
611 | + The only minor variance in users is which table is used if several entries |
612 | + are present. As specification mandates uniqueness and even if it ever isn't, |
613 | + first entry is good enough, unify this code and always use the first entry. |
614 | + |
615 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
616 | + |
617 | +2023-11-06 Vladimir Serbinenko <phcoder@gmail.com> |
618 | + |
619 | + lsefi: Add missing static qualifier |
620 | + known_protocols isn't used anywhere else and even misses grub_ prefix, so |
621 | + let's make it local (static). |
622 | + |
623 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
624 | + |
625 | +2023-11-06 Vladimir Serbinenko <phcoder@gmail.com> |
626 | + |
627 | + types: Fix typo |
628 | + Just a small grammar mistake. |
629 | + |
630 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
631 | + |
632 | +2023-10-30 Qiumiao Zhang <zhangqiumiao1@huawei.com> |
633 | + |
634 | + util/grub-mount: Check file path sanity |
635 | + The function argp_parser() in util/grub-mount.c lacks a check on the |
636 | + sanity of the file path when parsing parameters. This results in |
637 | + a segmentation fault if a partition is mounted to a non-existent path. |
638 | + |
639 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
640 | + |
641 | +2023-10-30 Richard Marko <srk@48.io> |
642 | + |
643 | + configure: Make the DJVU_FONT_SOURCE configurable with --with-dejavufont=FILE |
644 | + Font might be located in different location, the default font might |
645 | + not be available on all systems or other font might be preferred. |
646 | + |
647 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
648 | + |
649 | +2023-10-30 Mads Kiilerich <mads@kiilerich.com> |
650 | + |
651 | + configure: Make the Unifont FONT_SOURCE configurable with --with-unifont=FILE |
652 | + Font might be located in different location, the default font might |
653 | + not be available on all systems or other font might be preferred. |
654 | + |
655 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
656 | + |
657 | +2023-10-30 Jon DeVree <nuxi@vault24.org> |
658 | + |
659 | + fs/xfs: Fix XFS directory extent parsing |
660 | + The XFS directory entry parsing code has never been completely correct |
661 | + for extent based directories. The parser correctly handles the case |
662 | + where the directory is contained in a single extent, but then mistakenly |
663 | + assumes the data blocks for the multiple extent case are each identical |
664 | + to the single extent case. The difference in the format of the data |
665 | + blocks between the two cases is tiny enough that its gone unnoticed for |
666 | + a very long time. |
667 | + |
668 | + A recent change introduced some additional bounds checking into the XFS |
669 | + parser. Like GRUB's existing parser, it is correct for the single extent |
670 | + case but incorrect for the multiple extent case. When parsing a directory |
671 | + with multiple extents, this new bounds checking is sometimes (but not |
672 | + always) tripped and triggers an "invalid XFS directory entry" error. This |
673 | + probably would have continued to go unnoticed but the /boot/grub/<arch> |
674 | + directory is large enough that it often has multiple extents. |
675 | + |
676 | + The difference between the two cases is that when there are multiple |
677 | + extents, the data blocks do not contain a trailer nor do they contain |
678 | + any leaf information. That information is stored in a separate set of |
679 | + extents dedicated to just the leaf information. These extents come after |
680 | + the directory entry extents and are not included in the inode size. So |
681 | + the existing parser already ignores the leaf extents. |
682 | + |
683 | + The only reason to read the trailer/leaf information at all is so that |
684 | + the parser can avoid misinterpreting that data as directory entries. So |
685 | + this updates the parser as follows: |
686 | + |
687 | + For the single extent case the parser doesn't change much: |
688 | + 1. Read the size of the leaf information from the trailer |
689 | + 2. Set the end pointer for the parser to the start of the leaf |
690 | + information. (The previous bounds checking set the end pointer to the |
691 | + start of the trailer, so this is actually a small improvement.) |
692 | + 3. Set the entries variable to the expected number of directory entries. |
693 | + |
694 | + For the multiple extent case: |
695 | + 1. Set the end pointer to the end of the block. |
696 | + 2. Do not set up the entries variable. Figuring out how many entries are |
697 | + in each individual block is complex and does not seem worth it when |
698 | + it appears to be safe to just iterate over the entire block. |
699 | + |
700 | + The bounds check itself was also dependent upon the faulty XFS parser |
701 | + because it accidentally used "filename + length - 1". Presumably this |
702 | + was able to pass the fuzzer because in the old parser there was always |
703 | + 8 bytes of slack space between the tail pointer and the actual end of |
704 | + the block. Since this is no longer the case the bounds check needs to be |
705 | + updated to "filename + length + 1" in order to prevent a regression in |
706 | + the handling of corrupt fliesystems. |
707 | + |
708 | + Notes: |
709 | + * When there is only one extent there will only ever be one block. If |
710 | + more than one block is required then XFS will always switch to holding |
711 | + leaf information in a separate extent. |
712 | + * B-tree based directories seems to be parsed properly by the same code |
713 | + that handles multiple extents. This is unlikely to ever occur within |
714 | + /boot though because its only used when there are an extremely large |
715 | + number of directory entries. |
716 | + |
717 | + Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem) |
718 | + Fixes: b2499b29c (Adds support for the XFS filesystem.) |
719 | + Fixes: https://savannah.gnu.org/bugs/?64376 |
720 | + |
721 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
722 | + Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> |
723 | + Tested-by: Marta Lewandowska <mlewando@redhat.com> |
724 | + |
725 | +2023-10-30 Lidong Chen <lidong.chen@oracle.com> |
726 | + |
727 | + fs/xfs: Incorrect short form directory data boundary check |
728 | + After parsing of the current entry, the entry pointer is advanced |
729 | + to the next entry at the end of the "for" loop. In case where the |
730 | + last entry is at the end of the data boundary, the advanced entry |
731 | + pointer can point off the data boundary. The subsequent boundary |
732 | + check for the advanced entry pointer can cause a failure. |
733 | + |
734 | + The fix is to include the boundary check into the "for" loop |
735 | + condition. |
736 | + |
737 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
738 | + Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> |
739 | + Tested-by: Marta Lewandowska <mlewando@redhat.com> |
740 | + |
741 | +2023-10-12 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com> |
742 | + |
743 | + Revert "zfsinfo: Correct a check for error allocating memory" |
744 | + Original commit is wrong because grub_file_get_device_name() may return NULL |
745 | + if we use implicit $root. Additionally, the grub_errno is guaranteed to be |
746 | + GRUB_ERR_NONE at the beginning of a command. So, everything should work as |
747 | + expected and Coverity report, CID 73668, WRT to this code should be treated |
748 | + as false positive. |
749 | + |
750 | + This reverts commit 7aab03418 (zfsinfo: Correct a check for error allocating memory). |
751 | + |
752 | + Fixes: 7aab03418 (zfsinfo: Correct a check for error allocating memory) |
753 | + |
754 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
755 | + |
756 | +2023-10-12 ValdikSS <iam@valdikss.org.ru> |
757 | + |
758 | + disk/i386/pc/biosdisk: Read up to 63 sectors in LBA mode |
759 | + Current code imposes limitations on the amount of sectors read in |
760 | + a single call according to CHS layout of the disk even in LBA |
761 | + read mode. There's no need to obey CHS layout restrictions for |
762 | + LBA reads on LBA disks. It only slows down booting process. |
763 | + |
764 | + See: https://lore.kernel.org/grub-devel/d42a11fa-2a59-b5e7-08b1-d2c60444bb99@valdikss.org.ru/ |
765 | + |
766 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
767 | + |
768 | +2023-10-12 ValdikSS <iam@valdikss.org.ru> |
769 | + |
770 | + kern/i386/pc/init: Flush cache only on VIA C3 and earlier |
771 | + The code flushes the cache on VIA processors unconditionally which |
772 | + is excessive. Check for cpuid family and execute wbinvd only on C3 |
773 | + and earlier. |
774 | + |
775 | + Fixes: https://savannah.gnu.org/bugs/?45149 |
776 | + Fixes: 25492a0f0 (Add wbinvd around bios call.) |
777 | + |
778 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
779 | + |
780 | +2023-10-12 Fabian Vogt <fvogt@suse.de> |
781 | + |
782 | + fs/btrfs: Zero file data not backed by extents |
783 | + Implicit holes in file data need to be zeroed explicitly, instead of |
784 | + just leaving the data in the buffer uninitialized. |
785 | + |
786 | + This led to kernels randomly failing to boot in "fun" ways when loaded |
787 | + from btrfs with the no_holes feature enabled, because large blocks of |
788 | + zeros in the kernel file contained random data instead. |
789 | + |
790 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
791 | + Reviewed-by: Qu Wenruo <wqu@suse.com> |
792 | + |
793 | +2023-10-12 Stefan Berger <stefanb@linux.ibm.com> |
794 | + |
795 | + kern/ieee1275/init: Restrict high memory in presence of fadump on ppc64 |
796 | + When a kernel dump is present then restrict the high memory regions to |
797 | + avoid allocating memory where the kernel dump resides. Use the |
798 | + ibm,kernel-dump node under /rtas to determine whether a kernel dump |
799 | + exists and up to which limit GRUB can use available memory. Set the |
800 | + upper_mem_limit to the size of the kernel dump section of type |
801 | + REAL_MODE_REGION and therefore only allow GRUB's memory usage for high |
802 | + addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can |
803 | + use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit |
804 | + and the kernel-dump memory regions above upper_mem_limit remain |
805 | + untouched. This change has no effect on memory allocations below |
806 | + linux_rmo_save (typically at 640MB). |
807 | + |
808 | + Also, fall back to allocating below rmo_linux_save in case the chunk of |
809 | + memory there would be larger than the chunk of memory above RMO_ADDR_MAX. |
810 | + This can for example occur if a free memory area is found starting at 300MB |
811 | + extending up to 1GB but a kernel dump is located at 768MB and therefore |
812 | + does not allow the allocation of the high memory area but requiring to use |
813 | + the chunk starting at 300MB to avoid an unnecessary out-of-memory condition. |
814 | + |
815 | + Reviewed-by: Hari Bathini <hbathini@linux.ibm.com> |
816 | + Cc: Pavithra Prakash <pavrampu@in.ibm.com> |
817 | + Cc: Michael Ellerman <mpe@ellerman.id.au> |
818 | + Cc: Carolyn Scherrer <cpscherr@us.ibm.com> |
819 | + Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com> |
820 | + Cc: Sourabh Jain <sourabhjain@linux.ibm.com> |
821 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
822 | + |
823 | +2023-10-12 Glenn Washburn <development@efficientek.com> |
824 | + |
825 | + tests/util/grub-shell: Enable RNG device to better test stack smashing |
826 | + In certain firmwares, e.g. OVMF, the RNG protocol is not enabled unless |
827 | + there is an RNG device. When not enabled, GRUB fails to initialize the |
828 | + stack guard with random bytes. For testing, this is not a big issue, but |
829 | + there have been bugs found in the initialization. So turn this on for EFI |
830 | + platforms to catch any regressions. |
831 | + |
832 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
833 | + |
834 | +2023-10-12 Glenn Washburn <development@efficientek.com> |
835 | + |
836 | + kern/efi/init: Disable stack smashing protection on grub_efi_init() |
837 | + GCC is electing to instrument grub_efi_init() to give it stack smashing |
838 | + protection when configuring with --enable-stack-protector on the x86_64-efi |
839 | + target. In the function prologue, the canary at the top of the stack frame |
840 | + is set to the value of the stack guard. And in the epilogue, the canary is |
841 | + checked to verify if it is equal to the guard and if not to call the stack |
842 | + check fail function. The issue is that grub_efi_init() sets up the guard |
843 | + by initializing it with random bytes, if the firmware supports the RNG |
844 | + protocol. So in its prologue the canary will be set with the value of the |
845 | + uninitialized guard, likely NUL bytes. Then the guard is initialized, and |
846 | + finally the epilogue checks the canary against the guard, which will almost |
847 | + certainly be different. This causes the code path for a smashed stack to be |
848 | + taken, causing the machine to print out a message that stack smashing was |
849 | + detected, wait 5 seconds, and then reboot. Disable grub_efi_init() |
850 | + instrumentation so there is no stack smashing false positive generated. |
851 | + |
852 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
853 | + |
854 | +2023-10-12 Glenn Washburn <development@efficientek.com> |
855 | + |
856 | + disk/cryptodisk: Add support for LUKS2 in (proc)/luks_script |
857 | + The sector size in bytes is added to each line and it is allowed to be |
858 | + 6 decimal digits long, which covers the most common cases of 512 and 4096 |
859 | + byte sectors with space for two additional digits as future-proofing. The |
860 | + size allocation is updated to reflect this additional field. Also make |
861 | + clearer the size allocation calculation. |
862 | + |
863 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
864 | + |
865 | +2023-10-12 Glenn Washburn <development@efficientek.com> |
866 | + |
867 | + disk/cryptodisk: Optimize luks_script_get() |
868 | + Use the return value of grub_snprintf() to move the string pointer forward, |
869 | + instead of incrementing the string pointer iteratively until a NULL byte is |
870 | + reached. Move the space out of the format string argument, a small |
871 | + optimization, but also makes the spacing clearer. Also, use the new |
872 | + PRIxGRUB_OFFSET instead of PRIuGRUB_UINT64_T to accurately reflect the |
873 | + format string for this type. |
874 | + |
875 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
876 | + |
877 | +2023-10-12 Glenn Washburn <development@efficientek.com> |
878 | + |
879 | + term/serial: Ensure proper NULL termination after grub_strncpy() |
880 | + A large enough argument to the --port option could cause a string buffer |
881 | + to be not NULL terminated because grub_strncpy() does not guarantee NULL |
882 | + termination if copied string is longer than max characters to copy. |
883 | + |
884 | + Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string) |
885 | + |
886 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
887 | + |
888 | +2023-10-12 Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
889 | + |
890 | + commands/efi/lsefisystab: Print the UEFI specification revision in human readable form |
891 | + E.g. 2.10 instead of 00020064 and 2.3.1 instead of 0002001f. |
892 | + |
893 | + See UEFI 2.10 specification, chapter 4.2.1 EFI_TABLE_HEADER. |
894 | + |
895 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
896 | + |
897 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
898 | + |
899 | + fs/ntfs: Make code more readable |
900 | + Move some calls used to access NTFS attribute header fields into |
901 | + functions with human-readable names. |
902 | + |
903 | + Suggested-by: Daniel Kiper <daniel.kiper@oracle.com> |
904 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
905 | + |
906 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
907 | + |
908 | + fs/ntfs: Fix an OOB read when parsing a volume label |
909 | + This fix introduces checks to ensure that an NTFS volume label is always |
910 | + read from the corresponding file record segment. |
911 | + |
912 | + The current NTFS code allows the volume label string to be read from an |
913 | + arbitrary, attacker-chosen memory location. However, the bytes read are |
914 | + always treated as UTF-16LE. So, the final string displayed is mostly |
915 | + unreadable and it can't be easily converted back to raw bytes. |
916 | + |
917 | + The lack of this check is a minor issue, likely not causing a significant |
918 | + data leak. |
919 | + |
920 | + Reported-by: Maxim Suhanov <dfirblog@gmail.com> |
921 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
922 | + |
923 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
924 | + |
925 | + fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes |
926 | + This fix introduces checks to ensure that bitmaps for directory indices |
927 | + are never read beyond their actual sizes. |
928 | + |
929 | + The lack of this check is a minor issue, likely not exploitable in any way. |
930 | + |
931 | + Reported-by: Maxim Suhanov <dfirblog@gmail.com> |
932 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
933 | + |
934 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
935 | + |
936 | + fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes |
937 | + This fix introduces checks to ensure that index entries are never read |
938 | + beyond the corresponding directory index. |
939 | + |
940 | + The lack of this check is a minor issue, likely not exploitable in any way. |
941 | + |
942 | + Reported-by: Maxim Suhanov <dfirblog@gmail.com> |
943 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
944 | + |
945 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
946 | + |
947 | + fs/ntfs: Fix an OOB read when reading data from the resident $DATA attribute |
948 | + When reading a file containing resident data, i.e., the file data is stored in |
949 | + the $DATA attribute within the NTFS file record, not in external clusters, |
950 | + there are no checks that this resident data actually fits the corresponding |
951 | + file record segment. |
952 | + |
953 | + When parsing a specially-crafted file system image, the current NTFS code will |
954 | + read the file data from an arbitrary, attacker-chosen memory offset and of |
955 | + arbitrary, attacker-chosen length. |
956 | + |
957 | + This allows an attacker to display arbitrary chunks of memory, which could |
958 | + contain sensitive information like password hashes or even plain-text, |
959 | + obfuscated passwords from BS EFI variables. |
960 | + |
961 | + This fix implements a check to ensure that resident data is read from the |
962 | + corresponding file record segment only. |
963 | + |
964 | + Fixes: CVE-2023-4693 |
965 | + |
966 | + Reported-by: Maxim Suhanov <dfirblog@gmail.com> |
967 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
968 | + |
969 | +2023-10-03 Maxim Suhanov <dfirblog@gmail.com> |
970 | + |
971 | + fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file |
972 | + When parsing an extremely fragmented $MFT file, i.e., the file described |
973 | + using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer |
974 | + containing bytes read from the underlying drive to store sector numbers, |
975 | + which are consumed later to read data from these sectors into another buffer. |
976 | + |
977 | + These sectors numbers, two 32-bit integers, are always stored at predefined |
978 | + offsets, 0x10 and 0x14, relative to first byte of the selected entry within |
979 | + the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. |
980 | + |
981 | + However, when parsing a specially-crafted file system image, this may cause |
982 | + the NTFS code to write these integers beyond the buffer boundary, likely |
983 | + causing the GRUB memory allocator to misbehave or fail. These integers contain |
984 | + values which are controlled by on-disk structures of the NTFS file system. |
985 | + |
986 | + Such modification and resulting misbehavior may touch a memory range not |
987 | + assigned to the GRUB and owned by firmware or another EFI application/driver. |
988 | + |
989 | + This fix introduces checks to ensure that these sector numbers are never |
990 | + written beyond the boundary. |
991 | + |
992 | + Fixes: CVE-2023-4692 |
993 | + |
994 | + Reported-by: Maxim Suhanov <dfirblog@gmail.com> |
995 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
996 | + |
997 | +2023-10-03 Michael Chang <mchang@suse.com> |
998 | + |
999 | + kern/acpi: Skip NULL entries in RSDT and XSDT |
1000 | + During attempts to configure a serial console, a Page Fault Exception |
1001 | + and system reset were encountered, specifically on release 2.12~rc1. |
1002 | + This issue was not present in prior versions and seemed to affect only |
1003 | + a specific machine, potentially pointing to hardware or firmware flaw. |
1004 | + |
1005 | + After investigation, it was discovered that the invalid page access |
1006 | + occurred during the discovery of serial MMIO ports as specified by |
1007 | + ACPI's SPCR table [1]. The recent change uncovered an issue in GRUB's |
1008 | + ACPI driver. |
1009 | + |
1010 | + In certain cases, the XSDT/RSDT root table might contain a NULL entry as |
1011 | + a terminator, depending on how the tables are assembled. GRUB cannot |
1012 | + blindly trust the address in the root table to be valid and should |
1013 | + perform a sanity check for NULL entries. This patch introduces this |
1014 | + simple check. |
1015 | + |
1016 | + This fix is also inspired by a related Linux kernel fix [2]. |
1017 | + |
1018 | + [1] 7b192ec4c term/ns8250: Use ACPI SPCR table when available to configure serial |
1019 | + [2] 0f929fbf0 ACPICA: Tables: Add new mechanism to skip NULL entries in RSDT and XSDT. |
1020 | + |
1021 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1022 | + |
1023 | +2023-10-03 Glenn Washburn <development@efficientek.com> |
1024 | + |
1025 | + util/grub-install-common: Print usable grub-mkimage command |
1026 | + When grub-install is run with the verbose option, it will print a log |
1027 | + message indicating the grub-mkimage command and arguments used. |
1028 | + GRUB no longer calls the grub-mkimage binary internally, however the |
1029 | + command logged is a command that if run should effectively be what |
1030 | + grub-install used. However, as this has changed some of the newer |
1031 | + options have been incorrectly added so that the printed command fails |
1032 | + when run separately. This change makes the displayed command run as |
1033 | + intended. |
1034 | + |
1035 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1036 | + |
1037 | +2023-10-03 Glenn Washburn <development@efficientek.com> |
1038 | + |
1039 | + util/grub-install-common: Minor improvements to printing of grub-mkimage command |
1040 | + This is a preparatory patch to make the following patch less cluttered. The |
1041 | + only visible change made here is to not print extra spaces when either or |
1042 | + both --note or --disable-shim-lock are not given and to not print an extra |
1043 | + space at the end of the command. The latter is done by constructing the |
1044 | + trailing argument string with spaces in front of each argument rather than |
1045 | + trailing. The allocation of the argument string is made precise, which has |
1046 | + the benefit of saving a few bytes, but more importantly self-documenting |
1047 | + what the needed allocated bytes are. Also, unneeded braces are removed from |
1048 | + an if block. |
1049 | + |
1050 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1051 | + |
1052 | +2023-10-03 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com> |
1053 | + |
1054 | + lib/i386/relocator64: Fix 64-bit FreeBSD boot on BIOS |
1055 | + The commit 80948f532d (lib/i386/relocator64: Build fixes for i386) has |
1056 | + broken 64-bit FreeBSD boot on BIOS. This patch fixes the issue. |
1057 | + |
1058 | + Fixes: 80948f532d (lib/i386/relocator64: Build fixes for i386) |
1059 | + |
1060 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1061 | + |
1062 | +2023-09-22 Anthony PERARD <anthony.perard@citrix.com> |
1063 | + |
1064 | + templates/linux_xen: Fix XSM entries generation |
1065 | + It turns out that setting $xen_version in linux_entry_xsm() override |
1066 | + $xen_version in the loop over $reverse_sorted_xen_list. This means |
1067 | + that only one entry per Xen version is going to enable XSM, but all |
1068 | + further entries are going to have "(XSM enabled)" in their titles |
1069 | + without enabling XSM. |
1070 | + |
1071 | + When a "xenpolicy-$xen_version" file was found for the current |
1072 | + $xen_version, it would overwrite $xen_version to add "(XSM enabled)" to |
1073 | + the menu entry title. Once updated, the next call to linux_entry_xsm() |
1074 | + would also have this modified $xen_version and would look for the file |
1075 | + "xenpolicy-*(XSM enabled)" and fail. |
1076 | + |
1077 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1078 | + |
1079 | +2023-09-22 Xiaotian Wu <wuxiaotian@loongson.cn> |
1080 | + |
1081 | + loongarch: Eliminate cmodel compilation warnings |
1082 | + In the configure phase, the "-mcmodel=large" CFLAGS passed the test, but |
1083 | + because it has not been implemented in gcc, the following warning will |
1084 | + appear when compiling: |
1085 | + |
1086 | + gcc: warning: 'large' is not supported, now cmodel is set to 'normal' |
1087 | + |
1088 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1089 | + |
1090 | +2023-09-22 Glenn Washburn <development@efficientek.com> |
1091 | + |
1092 | + configure: Enable -fno-omit-frame-pointer for backtrace module |
1093 | + The backtrace module is written assuming that the frame pointer is in %ebp. |
1094 | + By default, -Os optimization level is used, which enables the gcc option |
1095 | + -fomit-frame-pointer. This breaks the backtrace functionality. Enabling |
1096 | + this may cause an unnoticeable performance cost and virtually no size increase. |
1097 | + |
1098 | + The backtrace command on x86_64 and probably i386 is broken due to the |
1099 | + above rationale. I've not verified, but presumably the backtrace that used |
1100 | + to be printed for an unhandled CPU exception is also broken. Do any distros |
1101 | + handle this? |
1102 | + |
1103 | + Considering that, to my knowledge, no one has complained about this in the |
1104 | + over 13 years that -Os has been used, has this code actually been useful? |
1105 | + Is it worth disabling -fomit-frame-pointer? Though, I don't see much downside |
1106 | + right now in disabling it. Alternatively, we could disable/remove the |
1107 | + backtrace code. I think it would be nice to keep it and have it working. |
1108 | + |
1109 | + Nowadays, presumably QEMU makes the GDB stub rarely used as I imagine most |
1110 | + are developing in a virtual machines. Also, the GDB stub does not work in UEFI. |
1111 | + So, if anyone is using it on real hardware, they are doing so on pretty old |
1112 | + machines. The lack of a GDB stub does not seem to be a pain point because |
1113 | + no one has got it working on UEFI. |
1114 | + |
1115 | + This patch gets the backtrace command working on x86_64-efi in QEMU for me. |
1116 | + However, it hangs when run on my laptop. Not sure what's going on there. |
1117 | + |
1118 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1119 | + |
1120 | +2023-09-22 Ard Biesheuvel <ardb@kernel.org> |
1121 | + |
1122 | + loader/efi/linux: Implement x86 mixed mode using legacy boot |
1123 | + Recent mixed-mode Linux kernels, i.e., v4.0 or newer, can access EFI |
1124 | + runtime services at OS runtime even when the OS was not entered via the |
1125 | + EFI stub. This is because, instead of reverting back to the firmware's |
1126 | + segment selectors, GDTs and IDTs, the 64-bit kernel simply calls 32-bit |
1127 | + runtime services using compatibility mode, i.e., the same mode used for |
1128 | + 32-bit user space, without taking down all interrupt handling, exception |
1129 | + handling, etc. |
1130 | + |
1131 | + This means that GRUB's legacy x86 boot mode is sufficient to make use of |
1132 | + this: 32-bit i686 builds of GRUB can already boot 64-bit kernels in EFI |
1133 | + enlightened mode, but without going via the EFI stub, and provide all |
1134 | + the metadata that the OS needs to map the EFI runtime regions and call |
1135 | + EFI runtime services successfully. |
1136 | + |
1137 | + It does mean that GRUB should not attempt to invoke the firmware's |
1138 | + LoadImage()/StartImage() methods on kernel builds that it knows cannot |
1139 | + be started natively. So, add a check for this in the native EFI boot |
1140 | + path and fall back to legacy x86 mode in such cases. |
1141 | + |
1142 | + Note that in the general case, booting non-native images of the same |
1143 | + native word size, e.g., x64 EFI apps on arm64 firmware, might be |
1144 | + supported by means of emulation. So, let's only disallow images that use |
1145 | + a non-native word size. This will also permit booting i686 kernels on |
1146 | + x86_64 builds, although without access to runtime services, as this is |
1147 | + not supported by Linux. |
1148 | + |
1149 | + This change on top of 2.12-rc1 is sufficient to boot ordinary Linux |
1150 | + mixed mode builds and get full access to the EFI runtime services. |
1151 | + |
1152 | + Cc: Daniel Kiper <daniel.kiper@oracle.com> |
1153 | + Cc: Steve McIntyre <steve@einval.com> |
1154 | + Cc: Julian Andres Klode <julian.klode@canonical.com> |
1155 | + Acked-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> |
1156 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1157 | + |
1158 | +2023-09-22 Ard Biesheuvel <ardb@kernel.org> |
1159 | + |
1160 | + loader/i386/linux: Prefer entry in long mode when booting via EFI |
1161 | + The x86_64 Linux kernel can be booted in 32-bit mode, in which case the |
1162 | + startup code creates a set of preliminary page tables that map the first |
1163 | + 4 GiB of physical memory 1:1 and enables paging. This is a prerequisite |
1164 | + for 64-bit execution and can therefore only be implemented in 32-bit code. |
1165 | + |
1166 | + The x86_64 Linux kernel can also be booted in 64-bit mode directly: this |
1167 | + implies that paging is already enabled and it is the responsibility of |
1168 | + the bootloader to ensure that the active page tables cover the entire |
1169 | + loaded image, including its BSS space, the size of which is described in |
1170 | + the image's setup header. |
1171 | + |
1172 | + Given that the EFI spec mandates execution in long mode for x86_64 and |
1173 | + stipulates that all system memory is mapped 1:1, the Linux/x86 |
1174 | + requirements for 64-bit entry can be met trivially when booting on |
1175 | + x86_64 via EFI. So, enter via the 64-bit entry point in this case. |
1176 | + |
1177 | + This involves inspecting the xloadflags field in the setup header to |
1178 | + check whether the 64-bit entry point is supported. This field was |
1179 | + introduced in Linux version v3.8 (early 2013). |
1180 | + |
1181 | + This change ensures that all EFI firmware tables and other assets passed |
1182 | + by the firmware or bootloader in memory remain mapped and accessible |
1183 | + throughout the early startup code. |
1184 | + |
1185 | + Avoiding the drop out of long mode will also be needed to support |
1186 | + upcoming CPU designs that no longer implement 32-bit mode at all |
1187 | + (as recently announced by Intel [0]). |
1188 | + |
1189 | + [0] https://www.intel.com/content/www/us/en/developer/articles/technical/envisioning-future-simplified-architecture.html |
1190 | + |
1191 | + Cc: Daniel Kiper <daniel.kiper@oracle.com> |
1192 | + Cc: Julian Andres Klode <julian.klode@canonical.com> |
1193 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1194 | + |
1195 | +2023-09-18 Vladimir Serbinenko <phcoder@gmail.com> |
1196 | + |
1197 | + ZFS: Check bonustype in addition to dnode type |
1198 | + Some dnodes are shared with properties zap. This is used |
1199 | + e.g. for quotas. Then dnode type is 0xc4 and GRUB stumbles on |
1200 | + this. Check bonus type and if it's ok then ignore dnode type mismatch |
1201 | + |
1202 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1203 | + |
1204 | +2023-09-18 Vladimir Serbinenko <phcoder@gmail.com> |
1205 | + |
1206 | + ZFS: Don't iterate over null objsets |
1207 | + Reading them is harmless but useless as they are empty by definition |
1208 | + |
1209 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1210 | + |
1211 | +2023-09-18 Vladimir Serbinenko <phcoder@gmail.com> |
1212 | + |
1213 | + ZFS: Fix invalid memcmp |
1214 | + We ended up comparing over unset values as we had dnode_phys on one side |
1215 | + and dnode on another |
1216 | + |
1217 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1218 | + |
1219 | +2023-09-18 Vladimir Serbinenko <phcoder@gmail.com> |
1220 | + |
1221 | + ZFS: support inode type embed into its ID |
1222 | + This is a speedup used in some ZFS version. This trips GRUB and makes it |
1223 | + unable to access directories. Just skip it for now and revisit |
1224 | + if we ever need this speedup. |
1225 | + |
1226 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1227 | + |
1228 | +2023-08-31 Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
1229 | + |
1230 | + video/efi_gop: Require shadow if PixelBltOnly |
1231 | + If the EFI graphics pixel format is PixelBltOnly, we cannot write directly |
1232 | + to the frame buffer. We need the shadow frame buffer which we copy via |
1233 | + the BitBlt operation to the hardware. |
1234 | + |
1235 | + If the pixel format is PixelBltOnly and allocation of the shadow frame |
1236 | + buffer fails, we must raise an error to signal that the EFI GOP protocol |
1237 | + is not usable. |
1238 | + |
1239 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1240 | + |
1241 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1242 | + |
1243 | + docs: Add menu to prevent older makeinfo versions from failing |
1244 | + It has been reported that makeinfo version 4.13a complains and returns |
1245 | + error when menus for chapter structuring commands are not present. It |
1246 | + is also known that newer makeinfos, such as version 6.7, will create |
1247 | + default menus when needed. Since the menu will be created regardless, |
1248 | + explicitly create it to support older makeinfo versions. This also |
1249 | + enables building to be successful when an older makeinfo is installed |
1250 | + because in that case info files are attempted to be generated with the |
1251 | + "all" target. |
1252 | + |
1253 | + Reported-by: Olaf Hering <olaf@aepfle.de> |
1254 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1255 | + Tested-by: Olaf Hering <olaf@aepfle.de> |
1256 | + |
1257 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1258 | + |
1259 | + docs: Use @ref instead of @xref |
1260 | + The @xref command is meant to be used at the beginning of a sentence |
1261 | + because its expansion creates a "See " prefix on all output formats, and |
1262 | + on older makeinfo versions is strict about enforcing a "." or "," after |
1263 | + the command. The @ref command has no such restriction and is just the |
1264 | + link, which allows more control over output. This also fixes an issue |
1265 | + where there was a repeated "see" in the output. |
1266 | + |
1267 | + Reported-by: Olaf Hering <olaf@aepfle.de> |
1268 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1269 | + Tested-by: Olaf Hering <olaf@aepfle.de> |
1270 | + |
1271 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1272 | + |
1273 | + tests/util/grub-shell-luks-tester: Allow setting timeout |
1274 | + Allow using the envvar GRUB_SHELL_LUKS_TIMEOUT to change the default |
1275 | + timeout. If not specified, use value of GRUB_SHELL_DEFAULT_TIMEOUT. And |
1276 | + if that is not specified, fallback to original 600s timeout. |
1277 | + |
1278 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1279 | + |
1280 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1281 | + |
1282 | + disk/cryptodisk: Fix missing change when updating to use grub_uuidcasecmp() |
1283 | + This was causing the cryptomount command to return failure even though |
1284 | + the crypto device was successfully added. Of course, this meant that any |
1285 | + script using the return code would behave unexpectedly. |
1286 | + |
1287 | + Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner) |
1288 | + |
1289 | + Suggested-by: Olaf Hering <olaf@aepfle.de> |
1290 | + Reviewed-by: Patrich Steinhardt <ps@pks.im> |
1291 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1292 | + |
1293 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1294 | + |
1295 | + kern/misc: Make grub_vsnprintf() C99/POSIX conformant |
1296 | + To comply with C99 and POSIX standards, snprintf() should return the |
1297 | + number of bytes that would be written to the string (excluding the |
1298 | + terminating NUL byte) if the buffer size was big enough. Before this |
1299 | + change, the return value was the minimum of the standard return and the |
1300 | + length of the buffer. Rarely is the return value of grub_snprintf() or |
1301 | + grub_vsnprintf() used with current code, and the few places where it is |
1302 | + used do not need to be changed. |
1303 | + |
1304 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1305 | + |
1306 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1307 | + |
1308 | + tests: Add serial_test |
1309 | + This test is meant to test output via various serial devices. Currently, |
1310 | + only the PCI serial device is tested. |
1311 | + |
1312 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1313 | + |
1314 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1315 | + |
1316 | + tests/util/grub-shell: Allow explicitly using other serial ports for output |
1317 | + While here, move "-qemu=*" case to be next to the "--qemu-opts=*" case. |
1318 | + This causes no change in logic, but is more logically located. |
1319 | + |
1320 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1321 | + |
1322 | +2023-08-31 Glenn Washburn <development@efficientek.com> |
1323 | + |
1324 | + tests/util/grub-shell-luks-tester: Do not remove generated files when test fails to allow debugging |
1325 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1326 | + |
1327 | + tests/util/grub-shell: Convert spaces to TABs |
1328 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1329 | + |
1330 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1331 | + |
1332 | + commands/ls: Print "????????????" if unable to get file size |
1333 | + In long list mode, if the file can not be opened, the file is not printed. |
1334 | + Instead, print the file but print the size as "????????????". |
1335 | + |
1336 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1337 | + |
1338 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1339 | + |
1340 | + commands/ls: Send correct dirname to print functions |
1341 | + For each non-directory path argument to the ls command, the full path was |
1342 | + being sent to the print functions, instead of the dirname. The long output |
1343 | + print function expected dirname to be the directory containing the file |
1344 | + and so could not open the file to get the file size because the generated |
1345 | + path was incorrect. This caused the output to be a blank line. |
1346 | + |
1347 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1348 | + |
1349 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1350 | + |
1351 | + fs/archelp: If path given to grub_archelp_dir() is not a directory return error |
1352 | + Specifically, return GRUB_ERR_BAD_FILE_TYPE because this is what is |
1353 | + expected by the ls command when it is given a path to a non-directory. |
1354 | + This fixes a bug where calling ls with a list of non-directory paths |
1355 | + outputs a blank line for each such argument. |
1356 | + |
1357 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1358 | + |
1359 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1360 | + |
1361 | + commands/videoinfo: Prevent crash when run while video driver already active |
1362 | + The videoinfo command will initialize all non-active video adapters. Video |
1363 | + drivers tend to zero out the global framebuffer object on initialization. |
1364 | + This is not a problem when there is no active video adapter. However, when |
1365 | + there is, then outputting to the video adapter will cause a crash because |
1366 | + methods in the framebuffer object are reinitialized. For example, this |
1367 | + command sequence will cause a crash. |
1368 | + |
1369 | + terminal_output --append gfxterm; videoinfo |
1370 | + |
1371 | + When running in a QEMU headless with GRUB built for the x86_64-efi target, |
1372 | + the first command initializes the Bochs video adapter, which, among |
1373 | + other things, sets the set_page() member function. Then when videoinfo is |
1374 | + run, all non-Bochs video adapters will be initialized, each one wiping |
1375 | + the framebuffer and thus setting set_page to NULL. Soon after the videoinfo |
1376 | + command finishes there will be a call to grub_refresh(), which will |
1377 | + ultimately call the framebuffer's set_page which will be NULL and cause |
1378 | + a crash when called. |
1379 | + |
1380 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1381 | + |
1382 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1383 | + |
1384 | + docs: Improve initrd documentation |
1385 | + A list of improvements: |
1386 | + * Remove reference to "initial ramdisk" and replace with "initrd". This |
1387 | + then covers the case of ramdisk and ramfs, which is the usual method |
1388 | + with kernels 2.6 and newer. |
1389 | + * Add sentence with URL to initrd documentation Linux kernel. |
1390 | + * Add a section documenting how to have the initrd command generate |
1391 | + a new-style initrd via a specially crafted argument and include an example. |
1392 | + * Update initrd16 to refer to the initrd section and make note that |
1393 | + initrd16 is only on the pc platform. |
1394 | + |
1395 | + Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1396 | + Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> |
1397 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1398 | + |
1399 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1400 | + |
1401 | + term/ns8250-spcr: Continue processing SPCR table even if revision is < 2 |
1402 | + According to commit 0231d00082 (ACPI: SPCR: Make SPCR available to x86) |
1403 | + to the Linux kernel, "On x86, many systems have a valid SPCR table but the |
1404 | + table version is not 2 so the table version check must be a warning." |
1405 | + |
1406 | + Reviewed-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
1407 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1408 | + |
1409 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1410 | + |
1411 | + docs: A note to cat that hexdump should be used for binary data |
1412 | + The cat command should not be used to print binary data because it can |
1413 | + show bytes not in the binary data and not show bytes that are in the data, |
1414 | + which can lead to confusion. This happens because cat does some processing |
1415 | + of the data stream, namely trying to decode substrings as UTF-8. |
1416 | + |
1417 | + Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1418 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1419 | + |
1420 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1421 | + |
1422 | + docs: Document hexdump command |
1423 | + Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1424 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1425 | + |
1426 | + docs: Group usage of user-space utilities into single chapter |
1427 | + Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1428 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1429 | + |
1430 | +2023-08-14 Qiumiao Zhang <zhangqiumiao1@huawei.com> |
1431 | + |
1432 | + util/grub-mount: Fix memory leak in fuse_getattr() |
1433 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1434 | + |
1435 | +2023-08-14 Michał Grzelak <mchl.grzlk@gmail.com> |
1436 | + |
1437 | + configure: Fix SDL2 typo by referencing value |
1438 | + During configuration of SDL2, variable enable_grub_emu_sdl2 is checked |
1439 | + whether to throw an error message. However, error could not happen |
1440 | + because two unequal strings were compared. Fix this by referencing |
1441 | + value of enable_grub_emu_sdl2, not name. |
1442 | + |
1443 | + Fixes: 17d6ac1a7 (emu: Add SDL2 support) |
1444 | + |
1445 | + Reviewed-by: Julian Andres Klode <julian.klode@canonical.com> |
1446 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1447 | + Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> |
1448 | + |
1449 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1450 | + |
1451 | + docs: Add missing assumption |
1452 | + Also reword a prior sentence to be more clear. |
1453 | + |
1454 | + Fixes: 5a3d2b4742df (docs: Add debugging chapter to development documentation) |
1455 | + |
1456 | + Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1457 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1458 | + |
1459 | +2023-08-14 Oskari Pirhonen <xxc3ncoredxx@gmail.com> |
1460 | + |
1461 | + util/grub.d/25_bli.in: Fix shebang on unmerged-usr |
1462 | + On an unmerged-usr system, grub-mkconfig errors out with the following |
1463 | + error due to /usr/bin/sh not existing: |
1464 | + |
1465 | + /usr/sbin/grub-mkconfig: /etc/grub.d/25_bli: /usr/bin/sh: bad interpreter: No such file or directory |
1466 | + |
1467 | + Use a /bin/sh shebang to fix the error as well as match the other |
1468 | + existing files. |
1469 | + |
1470 | + Fixes: 158a6583e (util/grub.d/25_bli.in: Activate bli module on EFI) |
1471 | + |
1472 | + Reviewed-by: Glenn Washburn <development@efficientek.com> |
1473 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1474 | + Reviewed-by: Oliver Steffen <osteffen@redhat.com> |
1475 | + |
1476 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1477 | + |
1478 | + tests/util/grub-shell-luks-tester: Allow GRUB_SHELL_LUKS_DEFAULT_DEBUG and GRUB_TEST_DEFAULT_DEBUG to specify the debug level to grub-shell |
1479 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1480 | + |
1481 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1482 | + |
1483 | + tests/util/grub-shell: Allow setting the value of debug regardless of its previous state |
1484 | + This allows an invocation of grub-shell to set the value of debug regardless |
1485 | + of the global default environment variable GRUB_SHELL_DEFAULT_DEBUG. |
1486 | + |
1487 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1488 | + |
1489 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1490 | + |
1491 | + tests/util/grub-shell: Allow setting default timeout via GRUB_SHELL_DEFAULT_TIMEOUT envvar |
1492 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1493 | + |
1494 | +2023-08-14 Glenn Washburn <development@efficientek.com> |
1495 | + |
1496 | + tests/util/grub-shell: Add --verbose to grub-mkrescue when $debug is greater than 2 |
1497 | + Since this is fairly verbose output, do not enable first level of debug |
1498 | + is turned on. |
1499 | + |
1500 | + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
1501 | + |
1502 | 2023-07-10 Daniel Kiper <daniel.kiper@oracle.com> |
1503 | |
1504 | Release 2.12~rc1 |
1505 | diff --git a/INSTALL b/INSTALL |
1506 | index b93fe9c..8d9207c 100644 |
1507 | --- a/INSTALL |
1508 | +++ b/INSTALL |
1509 | @@ -20,7 +20,7 @@ configuring the GRUB. |
1510 | for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 |
1511 | * GNU Make |
1512 | * GNU Bison 2.3 or later |
1513 | -* GNU gettext 0.17 or later |
1514 | +* GNU gettext |
1515 | * GNU binutils 2.9.1.0.23 or later |
1516 | * Flex 2.5.35 or later |
1517 | * pkg-config |
1518 | diff --git a/Makefile.in b/Makefile.in |
1519 | index 0e7be5f..6c8dfcf 100644 |
1520 | --- a/Makefile.in |
1521 | +++ b/Makefile.in |
1522 | @@ -1296,15 +1296,16 @@ am__dist_noinst_DATA_DIST = grub-core/kern/disk_common.c \ |
1523 | tests/grub_script_no_commands.in tests/partmap_test.in \ |
1524 | tests/hddboot_test.in tests/fddboot_test.in \ |
1525 | tests/cdboot_test.in tests/netboot_test.in \ |
1526 | - tests/pseries_test.in tests/core_compress_test.in \ |
1527 | - tests/xzcompress_test.in tests/gzcompress_test.in \ |
1528 | - tests/lzocompress_test.in tests/grub_cmd_echo.in \ |
1529 | - tests/help_test.in tests/grub_script_gettext.in \ |
1530 | - tests/grub_script_escape_comma.in tests/grub_script_strcmp.in \ |
1531 | - tests/test_sha512sum.in tests/test_unset.in \ |
1532 | - tests/grub_func_test.in tests/grub_cmd_tr.in \ |
1533 | - tests/file_filter_test.in tests/grub_cmd_test.in \ |
1534 | - tests/syslinux_test.in tests/luks1_test.in tests/luks2_test.in |
1535 | + tests/serial_test.in tests/pseries_test.in \ |
1536 | + tests/core_compress_test.in tests/xzcompress_test.in \ |
1537 | + tests/gzcompress_test.in tests/lzocompress_test.in \ |
1538 | + tests/grub_cmd_echo.in tests/help_test.in \ |
1539 | + tests/grub_script_gettext.in tests/grub_script_escape_comma.in \ |
1540 | + tests/grub_script_strcmp.in tests/test_sha512sum.in \ |
1541 | + tests/test_unset.in tests/grub_func_test.in \ |
1542 | + tests/grub_cmd_tr.in tests/file_filter_test.in \ |
1543 | + tests/grub_cmd_test.in tests/syslinux_test.in \ |
1544 | + tests/luks1_test.in tests/luks2_test.in |
1545 | DATA = $(dist_grubconf_DATA) $(dist_noinst_DATA) $(noinst_DATA) \ |
1546 | $(pkgdata_DATA) $(platform_DATA) $(starfield_DATA) |
1547 | HEADERS = $(nodist_platform_HEADERS) |
1548 | @@ -1998,6 +1999,7 @@ GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ |
1549 | GREP = @GREP@ |
1550 | GRUB_BOOT_MACHINE_LINK_ADDR = @GRUB_BOOT_MACHINE_LINK_ADDR@ |
1551 | GRUB_PLATFORM = @GRUB_PLATFORM@ |
1552 | +GRUB_STACK_PROTECTOR_INIT = @GRUB_STACK_PROTECTOR_INIT@ |
1553 | GRUB_TARGET_CPU = @GRUB_TARGET_CPU@ |
1554 | HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ |
1555 | HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ |
1556 | @@ -2781,7 +2783,7 @@ CCASFLAGS_LIBRARY = |
1557 | grubconfdir = $(sysconfdir)/grub.d |
1558 | platformdir = $(pkglibdir)/$(target_cpu)-$(platform) |
1559 | starfielddir = $(pkgdatadir)/themes/starfield |
1560 | -CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion |
1561 | +CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion -Wno-error=attributes |
1562 | CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib |
1563 | CFLAGS_POSIX = -fno-builtin |
1564 | CPPFLAGS_POSIX = -I$(top_srcdir)/grub-core/lib/posix_wrap |
1565 | @@ -2834,11 +2836,12 @@ check_SCRIPTS_nonnative = pata_test ahci_test uhci_test ohci_test \ |
1566 | grub_cmd_cryptomount grub_cmd_regexp grub_cmd_date \ |
1567 | grub_cmd_set_date grub_cmd_sleep grub_script_expansion \ |
1568 | grub_script_not partmap_test hddboot_test fddboot_test \ |
1569 | - cdboot_test netboot_test pseries_test core_compress_test \ |
1570 | - xzcompress_test gzcompress_test lzocompress_test grub_cmd_echo \ |
1571 | - help_test grub_script_gettext grub_script_escape_comma \ |
1572 | - grub_script_strcmp test_sha512sum test_unset grub_func_test \ |
1573 | - grub_cmd_tr file_filter_test grub_cmd_test |
1574 | + cdboot_test netboot_test serial_test pseries_test \ |
1575 | + core_compress_test xzcompress_test gzcompress_test \ |
1576 | + lzocompress_test grub_cmd_echo help_test grub_script_gettext \ |
1577 | + grub_script_escape_comma grub_script_strcmp test_sha512sum \ |
1578 | + test_unset grub_func_test grub_cmd_tr file_filter_test \ |
1579 | + grub_cmd_test |
1580 | check_PROGRAMS_native = example_unit_test printf_test date_test \ |
1581 | $(am__append_50) cmp_test |
1582 | check_PROGRAMS_nonnative = |
1583 | @@ -2899,15 +2902,16 @@ dist_noinst_DATA = grub-core/kern/disk_common.c \ |
1584 | tests/grub_script_no_commands.in tests/partmap_test.in \ |
1585 | tests/hddboot_test.in tests/fddboot_test.in \ |
1586 | tests/cdboot_test.in tests/netboot_test.in \ |
1587 | - tests/pseries_test.in tests/core_compress_test.in \ |
1588 | - tests/xzcompress_test.in tests/gzcompress_test.in \ |
1589 | - tests/lzocompress_test.in tests/grub_cmd_echo.in \ |
1590 | - tests/help_test.in tests/grub_script_gettext.in \ |
1591 | - tests/grub_script_escape_comma.in tests/grub_script_strcmp.in \ |
1592 | - tests/test_sha512sum.in tests/test_unset.in \ |
1593 | - tests/grub_func_test.in tests/grub_cmd_tr.in \ |
1594 | - tests/file_filter_test.in tests/grub_cmd_test.in \ |
1595 | - tests/syslinux_test.in tests/luks1_test.in tests/luks2_test.in |
1596 | + tests/serial_test.in tests/pseries_test.in \ |
1597 | + tests/core_compress_test.in tests/xzcompress_test.in \ |
1598 | + tests/gzcompress_test.in tests/lzocompress_test.in \ |
1599 | + tests/grub_cmd_echo.in tests/help_test.in \ |
1600 | + tests/grub_script_gettext.in tests/grub_script_escape_comma.in \ |
1601 | + tests/grub_script_strcmp.in tests/test_sha512sum.in \ |
1602 | + tests/test_unset.in tests/grub_func_test.in \ |
1603 | + tests/grub_cmd_tr.in tests/file_filter_test.in \ |
1604 | + tests/grub_cmd_test.in tests/syslinux_test.in \ |
1605 | + tests/luks1_test.in tests/luks2_test.in |
1606 | grubconf_SCRIPTS = 00_header $(am__append_59) $(am__append_63) \ |
1607 | $(am__append_67) $(am__append_71) $(am__append_75) \ |
1608 | $(am__append_79) $(am__append_83) $(am__append_87) 25_bli \ |
1609 | @@ -3086,9 +3090,9 @@ CLEANFILES = $(nodist_libgrubkern_a_SOURCES) \ |
1610 | grub_cmd_regexp grub_cmd_date grub_cmd_set_date grub_cmd_sleep \ |
1611 | grub_script_expansion grub_script_not grub_script_no_commands \ |
1612 | partmap_test hddboot_test fddboot_test cdboot_test \ |
1613 | - netboot_test pseries_test core_compress_test xzcompress_test \ |
1614 | - gzcompress_test lzocompress_test grub_cmd_echo help_test \ |
1615 | - grub_script_gettext grub_script_escape_comma \ |
1616 | + netboot_test serial_test pseries_test core_compress_test \ |
1617 | + xzcompress_test gzcompress_test lzocompress_test grub_cmd_echo \ |
1618 | + help_test grub_script_gettext grub_script_escape_comma \ |
1619 | grub_script_strcmp test_sha512sum test_unset grub_func_test \ |
1620 | grub_cmd_tr file_filter_test grub_cmd_test syslinux_test \ |
1621 | luks1_test luks2_test grub_script.tab.c grub_script.tab.h \ |
1622 | @@ -3216,7 +3220,7 @@ libgrubmods_a_SOURCES = grub-core/commands/blocklist.c \ |
1623 | nodist_libgrubmods_a_SOURCES = grub_script.tab.c grub_script.tab.h \ |
1624 | grub_script.yy.c grub_script.yy.h libgrub_a_init.c |
1625 | libgrubmods_a_CFLAGS = $(AM_CFLAGS) $(CFLAGS_LIBRARY) -fno-builtin \ |
1626 | - -Wno-undef |
1627 | + -Wno-undef -Wno-unused-but-set-variable |
1628 | libgrubmods_a_CPPFLAGS = $(AM_CPPFLAGS) $(CPPFLAGS_LIBRARY) \ |
1629 | -I$(srcdir)/grub-core/lib/minilzo \ |
1630 | -I$(srcdir)/grub-core/lib/xzembed \ |
1631 | @@ -12395,6 +12399,13 @@ netboot_test.log: netboot_test |
1632 | --log-file $$b.log --trs-file $$b.trs \ |
1633 | $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ |
1634 | "$$tst" $(AM_TESTS_FD_REDIRECT) |
1635 | +serial_test.log: serial_test |
1636 | + @p='serial_test'; \ |
1637 | + b='serial_test'; \ |
1638 | + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ |
1639 | + --log-file $$b.log --trs-file $$b.trs \ |
1640 | + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ |
1641 | + "$$tst" $(AM_TESTS_FD_REDIRECT) |
1642 | pseries_test.log: pseries_test |
1643 | @p='pseries_test'; \ |
1644 | b='pseries_test'; \ |
1645 | @@ -13453,6 +13464,10 @@ netboot_test: $(top_builddir)/config.status tests/netboot_test.in |
1646 | (for x in tests/netboot_test.in ; do cat $(srcdir)/"$$x"; done) | $(top_builddir)/config.status --file=$@:- |
1647 | chmod a+x netboot_test |
1648 | |
1649 | +serial_test: $(top_builddir)/config.status tests/serial_test.in |
1650 | + (for x in tests/serial_test.in ; do cat $(srcdir)/"$$x"; done) | $(top_builddir)/config.status --file=$@:- |
1651 | + chmod a+x serial_test |
1652 | + |
1653 | pseries_test: $(top_builddir)/config.status tests/pseries_test.in |
1654 | (for x in tests/pseries_test.in ; do cat $(srcdir)/"$$x"; done) | $(top_builddir)/config.status --file=$@:- |
1655 | chmod a+x pseries_test |
1656 | diff --git a/Makefile.util.am b/Makefile.util.am |
1657 | index fd6243d..87eead8 100644 |
1658 | --- a/Makefile.util.am |
1659 | +++ b/Makefile.util.am |
1660 | @@ -25,7 +25,7 @@ CLEANFILES += $(nodist_libgrubkern_a_SOURCES) |
1661 | noinst_LIBRARIES += libgrubmods.a |
1662 | libgrubmods_a_SOURCES += grub-core/commands/blocklist.c grub-core/commands/ls.c grub-core/commands/macbless.c grub-core/commands/testload.c grub-core/commands/xnu_uuid.c grub-core/disk/dmraid_nvidia.c grub-core/disk/loopback.c grub-core/disk/lvm.c grub-core/disk/mdraid1x_linux.c grub-core/disk/mdraid_linux.c grub-core/disk/mdraid_linux_be.c grub-core/disk/raid5_recover.c grub-core/disk/raid6_recover.c grub-core/font/font.c grub-core/fs/affs.c grub-core/fs/afs.c grub-core/fs/bfs.c grub-core/fs/btrfs.c grub-core/fs/cbfs.c grub-core/fs/cpio.c grub-core/fs/cpio_be.c grub-core/fs/exfat.c grub-core/fs/ext2.c grub-core/fs/f2fs.c grub-core/fs/fat.c grub-core/fs/fshelp.c grub-core/fs/hfs.c grub-core/fs/hfsplus.c grub-core/fs/hfspluscomp.c grub-core/fs/iso9660.c grub-core/fs/jfs.c grub-core/fs/minix.c grub-core/fs/minix2.c grub-core/fs/minix2_be.c grub-core/fs/minix3.c grub-core/fs/minix3_be.c grub-core/fs/minix_be.c grub-core/fs/newc.c grub-core/fs/nilfs2.c grub-core/fs/ntfs.c grub-core/fs/ntfscomp.c grub-core/fs/odc.c grub-core/fs/reiserfs.c grub-core/fs/romfs.c grub-core/fs/sfs.c grub-core/fs/squash4.c grub-core/fs/tar.c grub-core/fs/udf.c grub-core/fs/ufs.c grub-core/fs/ufs2.c grub-core/fs/ufs_be.c grub-core/fs/xfs.c grub-core/fs/zfs/zfs.c grub-core/fs/zfs/zfs_fletcher.c grub-core/fs/zfs/zfs_lz4.c grub-core/fs/zfs/zfs_lzjb.c grub-core/fs/zfs/zfs_sha256.c grub-core/fs/zfs/zfscrypt.c grub-core/fs/zfs/zfsinfo.c grub-core/gfxmenu/font.c grub-core/io/bufio.c grub-core/io/gzio.c grub-core/io/lzopio.c grub-core/io/xzio.c grub-core/kern/arm/dl_helper.c grub-core/kern/arm64/dl_helper.c grub-core/kern/ia64/dl_helper.c grub-core/kern/loongarch64/dl_helper.c grub-core/lib/LzFind.c grub-core/lib/LzmaEnc.c grub-core/lib/adler32.c grub-core/lib/crc.c grub-core/lib/crc64.c grub-core/lib/datetime.c grub-core/lib/envblk.c grub-core/lib/hexdump.c grub-core/lib/minilzo/minilzo.c grub-core/lib/xzembed/xz_dec_bcj.c grub-core/lib/xzembed/xz_dec_lzma2.c grub-core/lib/xzembed/xz_dec_stream.c grub-core/lib/zstd/debug.c grub-core/lib/zstd/entropy_common.c grub-core/lib/zstd/error_private.c grub-core/lib/zstd/fse_decompress.c grub-core/lib/zstd/huf_decompress.c grub-core/lib/zstd/module.c grub-core/lib/zstd/xxhash.c grub-core/lib/zstd/zstd_common.c grub-core/lib/zstd/zstd_decompress.c grub-core/normal/charset.c grub-core/normal/misc.c grub-core/partmap/acorn.c grub-core/partmap/amiga.c grub-core/partmap/apple.c grub-core/partmap/bsdlabel.c grub-core/partmap/dfly.c grub-core/partmap/dvh.c grub-core/partmap/plan.c grub-core/partmap/sun.c grub-core/partmap/sunpc.c grub-core/script/argv.c grub-core/script/function.c grub-core/script/lexer.c grub-core/script/main.c grub-core/script/script.c grub-core/unidata.c grub-core/video/capture.c grub-core/video/colors.c grub-core/video/fb/fbblit.c grub-core/video/fb/fbfill.c grub-core/video/fb/fbutil.c grub-core/video/fb/video_fb.c grub-core/video/video.c |
1663 | nodist_libgrubmods_a_SOURCES += grub_script.tab.c grub_script.tab.h grub_script.yy.c grub_script.yy.h libgrub_a_init.c |
1664 | -libgrubmods_a_CFLAGS += $(AM_CFLAGS) $(CFLAGS_LIBRARY) -fno-builtin -Wno-undef |
1665 | +libgrubmods_a_CFLAGS += $(AM_CFLAGS) $(CFLAGS_LIBRARY) -fno-builtin -Wno-undef -Wno-unused-but-set-variable |
1666 | libgrubmods_a_CPPFLAGS += $(AM_CPPFLAGS) $(CPPFLAGS_LIBRARY) -I$(srcdir)/grub-core/lib/minilzo -I$(srcdir)/grub-core/lib/xzembed -I$(srcdir)/grub-core/lib/zstd -DMINILZO_HAVE_CONFIG_H |
1667 | libgrubmods_a_CCASFLAGS += $(AM_CCASFLAGS) $(CCASFLAGS_LIBRARY) |
1668 | dist_noinst_DATA += |
1669 | @@ -1393,6 +1393,15 @@ netboot_test: $(top_builddir)/config.status tests/netboot_test.in |
1670 | CLEANFILES += netboot_test |
1671 | EXTRA_DIST += |
1672 | dist_noinst_DATA += tests/netboot_test.in |
1673 | +check_SCRIPTS_nonnative += serial_test |
1674 | + |
1675 | +serial_test: $(top_builddir)/config.status tests/serial_test.in |
1676 | + (for x in tests/serial_test.in ; do cat $(srcdir)/"$$x"; done) | $(top_builddir)/config.status --file=$@:- |
1677 | + chmod a+x serial_test |
1678 | + |
1679 | +CLEANFILES += serial_test |
1680 | +EXTRA_DIST += |
1681 | +dist_noinst_DATA += tests/serial_test.in |
1682 | check_SCRIPTS_nonnative += pseries_test |
1683 | |
1684 | pseries_test: $(top_builddir)/config.status tests/pseries_test.in |
1685 | diff --git a/Makefile.util.def b/Makefile.util.def |
1686 | index 1e9a13d..9432365 100644 |
1687 | --- a/Makefile.util.def |
1688 | +++ b/Makefile.util.def |
1689 | @@ -55,7 +55,7 @@ library = { |
1690 | |
1691 | library = { |
1692 | name = libgrubmods.a; |
1693 | - cflags = '-fno-builtin -Wno-undef'; |
1694 | + cflags = '-fno-builtin -Wno-undef -Wno-unused-but-set-variable'; |
1695 | cppflags = '-I$(srcdir)/grub-core/lib/minilzo -I$(srcdir)/grub-core/lib/xzembed -I$(srcdir)/grub-core/lib/zstd -DMINILZO_HAVE_CONFIG_H'; |
1696 | |
1697 | common_nodist = grub_script.tab.c; |
1698 | @@ -1132,6 +1132,12 @@ script = { |
1699 | |
1700 | script = { |
1701 | testcase = nonnative; |
1702 | + name = serial_test; |
1703 | + common = tests/serial_test.in; |
1704 | +}; |
1705 | + |
1706 | +script = { |
1707 | + testcase = nonnative; |
1708 | name = pseries_test; |
1709 | common = tests/pseries_test.in; |
1710 | }; |
1711 | diff --git a/NEWS b/NEWS |
1712 | index 73b8492..3101309 100644 |
1713 | --- a/NEWS |
1714 | +++ b/NEWS |
1715 | @@ -1,3 +1,23 @@ |
1716 | +New in 2.12: |
1717 | + |
1718 | +* GCC 13 support. |
1719 | +* clang 14 support. |
1720 | +* binutils 2.38 support. |
1721 | +* Unification of EFI Linux kernel loader across architectures. |
1722 | +* Transition to EFI Linux kernel stub loader for x86 architecture. |
1723 | +* Initial support for Boot Loader Interface. |
1724 | +* Support for dynamic GRUB runtime memory addition using firmware calls. |
1725 | +* PCI and MMIO UARTs support. |
1726 | +* SDL2 support. |
1727 | +* LoongArch support. |
1728 | +* TPM driver fixes. |
1729 | +* Many filesystems fixes. |
1730 | +* Many CVE and Coverity fixes. |
1731 | +* Debugging support improvements. |
1732 | +* Tests improvements. |
1733 | +* Documentation improvements. |
1734 | +* ...and tons of other fixes and cleanups... |
1735 | + |
1736 | New in 2.06: |
1737 | |
1738 | * GCC 10 support. |
1739 | diff --git a/autogen.sh b/autogen.sh |
1740 | index 5a5c356..195daa5 100755 |
1741 | --- a/autogen.sh |
1742 | +++ b/autogen.sh |
1743 | @@ -9,7 +9,7 @@ fi |
1744 | |
1745 | # Detect python |
1746 | if [ -z "$PYTHON" ]; then |
1747 | - for i in python3 python; do |
1748 | + for i in python3 python3.10 python; do |
1749 | if command -v "$i" > /dev/null 2>&1; then |
1750 | PYTHON="$i" |
1751 | echo "Using $PYTHON..." |
1752 | diff --git a/conf/Makefile.common b/conf/Makefile.common |
1753 | index f8faa92..b8f216f 100644 |
1754 | --- a/conf/Makefile.common |
1755 | +++ b/conf/Makefile.common |
1756 | @@ -75,7 +75,7 @@ grubconfdir = $(sysconfdir)/grub.d |
1757 | platformdir = $(pkglibdir)/$(target_cpu)-$(platform) |
1758 | starfielddir = $(pkgdatadir)/themes/starfield |
1759 | |
1760 | -CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion |
1761 | +CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion -Wno-error=attributes |
1762 | CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib |
1763 | |
1764 | CFLAGS_POSIX = -fno-builtin |
1765 | diff --git a/config-util.h.in b/config-util.h.in |
1766 | index 7d48348..fc4530f 100644 |
1767 | --- a/config-util.h.in |
1768 | +++ b/config-util.h.in |
1769 | @@ -319,6 +319,9 @@ |
1770 | /* Configuration dir */ |
1771 | #undef GRUB_SYSCONFDIR |
1772 | |
1773 | +/* Define to 1 if libnvpair symbols are prefixed with opensolaris_. */ |
1774 | +#undef GRUB_UTIL_NVPAIR_IS_PREFIXED |
1775 | + |
1776 | /* Define to 1 if you have 'alloca' after including <alloca.h>, a header that |
1777 | may be supplied by this distribution. */ |
1778 | #undef HAVE_ALLOCA |
1779 | @@ -640,13 +643,10 @@ |
1780 | /* Define to 1 if you have the `lzma' library (-llzma). */ |
1781 | #undef HAVE_LIBLZMA |
1782 | |
1783 | -/* Define to 1 if you have the NVPAIR library. */ |
1784 | -#undef HAVE_LIBNVPAIR |
1785 | - |
1786 | /* Define to 1 if you have the <libnvpair.h> header file. */ |
1787 | #undef HAVE_LIBNVPAIR_H |
1788 | |
1789 | -/* Define to 1 if you have the ZFS library. */ |
1790 | +/* Define to 1 if you have the `zfs' library (-lzfs). */ |
1791 | #undef HAVE_LIBZFS |
1792 | |
1793 | /* Define to 1 if you have the <libzfs.h> header file. */ |
1794 | @@ -1389,6 +1389,9 @@ |
1795 | /* Define to 1 if you have the LZMA library. */ |
1796 | #undef USE_LIBLZMA |
1797 | |
1798 | +/* Define to 1 if ZFS library should be used. */ |
1799 | +#undef USE_LIBZFS |
1800 | + |
1801 | /* Define if the POSIX multithreading library can be used. */ |
1802 | #undef USE_POSIX_THREADS |
1803 | |
1804 | diff --git a/config.h.in b/config.h.in |
1805 | index 4d1e50e..9b1d399 100644 |
1806 | --- a/config.h.in |
1807 | +++ b/config.h.in |
1808 | @@ -64,6 +64,8 @@ |
1809 | # define GRUB_TARGET_CPU "@GRUB_TARGET_CPU@" |
1810 | # define GRUB_PLATFORM "@GRUB_PLATFORM@" |
1811 | |
1812 | +# define GRUB_STACK_PROTECTOR_INIT @GRUB_STACK_PROTECTOR_INIT@ |
1813 | + |
1814 | # define RE_ENABLE_I18N 1 |
1815 | |
1816 | # define _GNU_SOURCE 1 |
1817 | diff --git a/configure b/configure |
1818 | index 2eba5f1..d1a9432 100755 |
1819 | --- a/configure |
1820 | +++ b/configure |
1821 | @@ -1,6 +1,6 @@ |
1822 | #! /bin/sh |
1823 | # Guess values for system-dependent variables and create Makefiles. |
1824 | -# Generated by GNU Autoconf 2.69 for GRUB 2.12~rc1. |
1825 | +# Generated by GNU Autoconf 2.69 for GRUB 2.12. |
1826 | # |
1827 | # Report bugs to <bug-grub@gnu.org>. |
1828 | # |
1829 | @@ -580,8 +580,8 @@ MAKEFLAGS= |
1830 | # Identity of this package. |
1831 | PACKAGE_NAME='GRUB' |
1832 | PACKAGE_TARNAME='grub' |
1833 | -PACKAGE_VERSION='2.12~rc1' |
1834 | -PACKAGE_STRING='GRUB 2.12~rc1' |
1835 | +PACKAGE_VERSION='2.12' |
1836 | +PACKAGE_STRING='GRUB 2.12' |
1837 | PACKAGE_BUGREPORT='bug-grub@gnu.org' |
1838 | PACKAGE_URL='' |
1839 | |
1840 | @@ -812,6 +812,7 @@ COND_MM_DEBUG_TRUE |
1841 | MM_DEBUG |
1842 | TARGET_NMFLAGS_DEFINED_ONLY |
1843 | TARGET_NMFLAGS_MINUS_P |
1844 | +GRUB_STACK_PROTECTOR_INIT |
1845 | TARGET_LDFLAGS_OLDMAGIC |
1846 | EFIEMU64_LINK_FORMAT |
1847 | enable_efiemu |
1848 | @@ -2090,6 +2091,8 @@ enable_grub_emu_sdl |
1849 | enable_grub_emu_pci |
1850 | enable_grub_mkfont |
1851 | enable_grub_themes |
1852 | +with_dejavufont |
1853 | +with_unifont |
1854 | enable_grub_mount |
1855 | enable_device_mapper |
1856 | enable_liblzma |
1857 | @@ -2674,7 +2677,7 @@ if test "$ac_init_help" = "long"; then |
1858 | # Omit some internal or obsolete options to make the list less imposing. |
1859 | # This message is too long to be a string in the A/UX 3.1 sh. |
1860 | cat <<_ACEOF |
1861 | -\`configure' configures GRUB 2.12~rc1 to adapt to many kinds of systems. |
1862 | +\`configure' configures GRUB 2.12 to adapt to many kinds of systems. |
1863 | |
1864 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1865 | |
1866 | @@ -2746,7 +2749,7 @@ fi |
1867 | |
1868 | if test -n "$ac_init_help"; then |
1869 | case $ac_init_help in |
1870 | - short | recursive ) echo "Configuration of GRUB 2.12~rc1:";; |
1871 | + short | recursive ) echo "Configuration of GRUB 2.12:";; |
1872 | esac |
1873 | cat <<\_ACEOF |
1874 | |
1875 | @@ -2809,6 +2812,8 @@ Optional Packages: |
1876 | don't compile regex; this is the default on systems |
1877 | with recent-enough versions of the GNU C Library |
1878 | (use with caution on other systems). |
1879 | + --with-dejavufont=FILE set the DejeVu source [[guessed]] |
1880 | + --with-unifont=FILE set the unifont source [[guessed]] |
1881 | |
1882 | Some influential environment variables: |
1883 | CC C compiler command |
1884 | @@ -2914,7 +2919,7 @@ fi |
1885 | test -n "$ac_init_help" && exit $ac_status |
1886 | if $ac_init_version; then |
1887 | cat <<\_ACEOF |
1888 | -GRUB configure 2.12~rc1 |
1889 | +GRUB configure 2.12 |
1890 | generated by GNU Autoconf 2.69 |
1891 | |
1892 | Copyright (C) 2012 Free Software Foundation, Inc. |
1893 | @@ -3666,7 +3671,7 @@ cat >config.log <<_ACEOF |
1894 | This file contains any messages produced by compilers while |
1895 | running configure, to aid debugging if configure makes a mistake. |
1896 | |
1897 | -It was created by GRUB $as_me 2.12~rc1, which was |
1898 | +It was created by GRUB $as_me 2.12, which was |
1899 | generated by GNU Autoconf 2.69. Invocation command line was |
1900 | |
1901 | $ $0 $@ |
1902 | @@ -6707,7 +6712,7 @@ fi |
1903 | |
1904 | # Define the identity of the package. |
1905 | PACKAGE='grub' |
1906 | - VERSION='2.12~rc1' |
1907 | + VERSION='2.12' |
1908 | |
1909 | |
1910 | cat >>confdefs.h <<_ACEOF |
1911 | @@ -17782,8 +17787,8 @@ rm -f core conftest.err conftest.$ac_objext \ |
1912 | LIBS=$save_LIBS |
1913 | test $gl_pthread_api = yes && break |
1914 | done |
1915 | - echo "$as_me:17785: gl_pthread_api=$gl_pthread_api" >&5 |
1916 | - echo "$as_me:17786: LIBPTHREAD=$LIBPTHREAD" >&5 |
1917 | + echo "$as_me:17790: gl_pthread_api=$gl_pthread_api" >&5 |
1918 | + echo "$as_me:17791: LIBPTHREAD=$LIBPTHREAD" >&5 |
1919 | |
1920 | gl_pthread_in_glibc=no |
1921 | # On Linux with glibc >= 2.34, libc contains the fully functional |
1922 | @@ -17808,7 +17813,7 @@ rm -f conftest* |
1923 | |
1924 | ;; |
1925 | esac |
1926 | - echo "$as_me:17811: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1927 | + echo "$as_me:17816: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1928 | |
1929 | # Test for libpthread by looking for pthread_kill. (Not pthread_self, |
1930 | # since it is defined as a macro on OSF/1.) |
1931 | @@ -17962,7 +17967,7 @@ fi |
1932 | |
1933 | fi |
1934 | fi |
1935 | - echo "$as_me:17965: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1936 | + echo "$as_me:17970: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1937 | fi |
1938 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether POSIX threads API is available" >&5 |
1939 | $as_echo_n "checking whether POSIX threads API is available... " >&6; } |
1940 | @@ -20382,8 +20387,8 @@ rm -f core conftest.err conftest.$ac_objext \ |
1941 | LIBS=$save_LIBS |
1942 | test $gl_pthread_api = yes && break |
1943 | done |
1944 | - echo "$as_me:20385: gl_pthread_api=$gl_pthread_api" >&5 |
1945 | - echo "$as_me:20386: LIBPTHREAD=$LIBPTHREAD" >&5 |
1946 | + echo "$as_me:20390: gl_pthread_api=$gl_pthread_api" >&5 |
1947 | + echo "$as_me:20391: LIBPTHREAD=$LIBPTHREAD" >&5 |
1948 | |
1949 | gl_pthread_in_glibc=no |
1950 | # On Linux with glibc >= 2.34, libc contains the fully functional |
1951 | @@ -20408,7 +20413,7 @@ rm -f conftest* |
1952 | |
1953 | ;; |
1954 | esac |
1955 | - echo "$as_me:20411: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1956 | + echo "$as_me:20416: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1957 | |
1958 | # Test for libpthread by looking for pthread_kill. (Not pthread_self, |
1959 | # since it is defined as a macro on OSF/1.) |
1960 | @@ -20562,7 +20567,7 @@ fi |
1961 | |
1962 | fi |
1963 | fi |
1964 | - echo "$as_me:20565: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1965 | + echo "$as_me:20570: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1966 | fi |
1967 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether POSIX threads API is available" >&5 |
1968 | $as_echo_n "checking whether POSIX threads API is available... " >&6; } |
1969 | @@ -20788,8 +20793,8 @@ rm -f core conftest.err conftest.$ac_objext \ |
1970 | LIBS=$save_LIBS |
1971 | test $gl_pthread_api = yes && break |
1972 | done |
1973 | - echo "$as_me:20791: gl_pthread_api=$gl_pthread_api" >&5 |
1974 | - echo "$as_me:20792: LIBPTHREAD=$LIBPTHREAD" >&5 |
1975 | + echo "$as_me:20796: gl_pthread_api=$gl_pthread_api" >&5 |
1976 | + echo "$as_me:20797: LIBPTHREAD=$LIBPTHREAD" >&5 |
1977 | |
1978 | gl_pthread_in_glibc=no |
1979 | # On Linux with glibc >= 2.34, libc contains the fully functional |
1980 | @@ -20814,7 +20819,7 @@ rm -f conftest* |
1981 | |
1982 | ;; |
1983 | esac |
1984 | - echo "$as_me:20817: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1985 | + echo "$as_me:20822: gl_pthread_in_glibc=$gl_pthread_in_glibc" >&5 |
1986 | |
1987 | # Test for libpthread by looking for pthread_kill. (Not pthread_self, |
1988 | # since it is defined as a macro on OSF/1.) |
1989 | @@ -20968,7 +20973,7 @@ fi |
1990 | |
1991 | fi |
1992 | fi |
1993 | - echo "$as_me:20971: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1994 | + echo "$as_me:20976: LIBPMULTITHREAD=$LIBPMULTITHREAD" >&5 |
1995 | fi |
1996 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether POSIX threads API is available" >&5 |
1997 | $as_echo_n "checking whether POSIX threads API is available... " >&6; } |
1998 | @@ -37117,6 +37122,41 @@ $as_echo "$grub_cv_target_cc_mno_relax" >&6; } |
1999 | TARGET_LDFLAGS="$TARGET_LDFLAGS $grub_cv_target_cc_mno_relax" |
2000 | fi |
2001 | |
2002 | +# The backtrace module relies on frame pointers and the default optimization |
2003 | +# level, -Os, omits them. Make sure they are enabled. |
2004 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fno-omit-frame-pointer works" >&5 |
2005 | +$as_echo_n "checking whether -fno-omit-frame-pointer works... " >&6; } |
2006 | +if ${grub_cv_cc_fno_omit_frame_pointer+:} false; then : |
2007 | + $as_echo_n "(cached) " >&6 |
2008 | +else |
2009 | + |
2010 | + CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer" |
2011 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2012 | +/* end confdefs.h. */ |
2013 | + |
2014 | +int |
2015 | +main (void) |
2016 | +{ |
2017 | + |
2018 | + ; |
2019 | + return 0; |
2020 | +} |
2021 | +_ACEOF |
2022 | +if ac_fn_c_try_compile "$LINENO"; then : |
2023 | + grub_cv_cc_fno_omit_frame_pointer=yes |
2024 | +else |
2025 | + grub_cv_cc_fno_omit_frame_pointer=no |
2026 | +fi |
2027 | +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext |
2028 | + |
2029 | +fi |
2030 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $grub_cv_cc_fno_omit_frame_pointer" >&5 |
2031 | +$as_echo "$grub_cv_cc_fno_omit_frame_pointer" >&6; } |
2032 | + |
2033 | +if test "x$grub_cv_cc_fno_omit_frame_pointer" = xyes; then |
2034 | + TARGET_CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer" |
2035 | +fi |
2036 | + |
2037 | # By default, GCC 4.4 generates .eh_frame sections containing unwind |
2038 | # information in some cases where it previously did not. GRUB doesn't need |
2039 | # these and they just use up vital space. Restore the old compiler |
2040 | @@ -37637,8 +37677,7 @@ CFLAGS="$TARGET_CFLAGS" |
2041 | |
2042 | LDFLAGS="$TARGET_LDFLAGS" |
2043 | |
2044 | -if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 \ |
2045 | - || test "$target_cpu" = loongarch64 ; then |
2046 | +if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 ; then |
2047 | # Use large model to support 4G memory |
2048 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether option -mcmodel=large works" >&5 |
2049 | $as_echo_n "checking whether option -mcmodel=large works... " >&6; } |
2050 | @@ -38135,6 +38174,28 @@ else |
2051 | as_fn_error $? "invalid value $enable_stack_protector for --enable-stack-protector" "$LINENO" 5 |
2052 | fi |
2053 | TARGET_CPPFLAGS="$TARGET_CPPFLAGS -DGRUB_STACK_PROTECTOR=1" |
2054 | + |
2055 | + if test -n "$SOURCE_DATE_EPOCH"; then |
2056 | + GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2$(printf "%x" "$SOURCE_DATE_EPOCH" | sed 's/.*\(........\)$/\1/')" |
2057 | + elif test -r /dev/urandom; then |
2058 | + # Generate the 8 byte stack protector canary at build time if /dev/urandom |
2059 | + # is able to be read. The first byte should be NUL to filter out string |
2060 | + # buffer overflow attacks. |
2061 | + GRUB_STACK_PROTECTOR_INIT="$($PYTHON -c 'import codecs; rf=open("/dev/urandom", "rb"); print("0x00"+codecs.encode(rf.read(7), "hex").decode("ascii"))')" |
2062 | + else |
2063 | + # Some hosts may not have a urandom, e.g. Windows, so use statically |
2064 | + # generated random bytes |
2065 | + GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2f193b25c" |
2066 | + fi |
2067 | + |
2068 | + if test x"$target_m32" = x1 ; then |
2069 | + # Make sure that the canary default value is 24-bits by only using the |
2070 | + # lower 3 bytes on 32 bit systems. This allows the upper byte to be NUL |
2071 | + # to filter out string buffer overflow attacks. |
2072 | + GRUB_STACK_PROTECTOR_INIT="0x00$(echo "$GRUB_STACK_PROTECTOR_INIT" | sed 's/.*\(......\)$/\1/')" |
2073 | + fi |
2074 | + |
2075 | + |
2076 | fi |
2077 | |
2078 | CFLAGS="$TARGET_CFLAGS" |
2079 | @@ -39000,7 +39061,7 @@ $as_echo "#define HAVE_SDL2 1" >>confdefs.h |
2080 | |
2081 | fi |
2082 | fi |
2083 | - if test x"enable_grub_emu_sdl2" = xyes && test x"$grub_emu_sdl2_excuse" != x ; then |
2084 | + if test x"$enable_grub_emu_sdl2" = xyes && test x"$grub_emu_sdl2_excuse" != x ; then |
2085 | as_fn_error $? "SDL2 support for grub-emu was explicitly requested but can't be compiled ($grub_emu_sdl2_excuse)" "$LINENO" 5 |
2086 | fi |
2087 | if test x"$grub_emu_sdl2_excuse" = x ; then |
2088 | @@ -39306,6 +39367,9 @@ rm -f core conftest.err conftest.$ac_objext \ |
2089 | LIBS="$SAVED_LIBS" |
2090 | |
2091 | fi |
2092 | + if test x"$grub_mkfont_excuse" = x && test x"$host_kernel" = xnetbsd ; then |
2093 | + FREETYPE_LIBS="$FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ; |
2094 | + fi |
2095 | fi |
2096 | |
2097 | if test x"$enable_grub_mkfont" = xyes && test x"$grub_mkfont_excuse" != x ; then |
2098 | @@ -39690,6 +39754,11 @@ rm -f core conftest.err conftest.$ac_objext \ |
2099 | CPPFLAGS="$SAVED_CPPFLAGS_2" |
2100 | |
2101 | fi |
2102 | + if test x"$grub_build_mkfont_excuse" = x ; then |
2103 | + case x"$build_os" in |
2104 | + xnetbsd*) BUILD_FREETYPE_LIBS="$BUILD_FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ;; |
2105 | + esac |
2106 | + fi |
2107 | PKG_CONFIG="$SAVED_PKG_CONFIG" |
2108 | fi |
2109 | |
2110 | @@ -39716,8 +39785,6 @@ CPPFLAGS="$SAVED_CPPFLAGS" |
2111 | LDFLAGS="$SAVED_LDFLAGS" |
2112 | |
2113 | |
2114 | -DJVU_FONT_SOURCE= |
2115 | - |
2116 | starfield_excuse= |
2117 | |
2118 | # Check whether --enable-grub-themes was given. |
2119 | @@ -39733,19 +39800,31 @@ if test x"$starfield_excuse" = x && test x"$enable_build_grub_mkfont" = xno ; th |
2120 | starfield_excuse="No build-time grub-mkfont" |
2121 | fi |
2122 | |
2123 | -if test x"$starfield_excuse" = x; then |
2124 | - for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2125 | - for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype; do |
2126 | - if test -f "$dir/DejaVuSans.$ext"; then |
2127 | - DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext" |
2128 | - break 2 |
2129 | - fi |
2130 | + |
2131 | +# Check whether --with-dejavufont was given. |
2132 | +if test "${with_dejavufont+set}" = set; then : |
2133 | + withval=$with_dejavufont; |
2134 | +fi |
2135 | + |
2136 | + |
2137 | +if test "x$with_dejavufont" = x; then |
2138 | + # search in well-known directories |
2139 | + if test x"$starfield_excuse" = x; then |
2140 | + for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2141 | + for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/pkg/share/fonts/X11/TTF /usr/local/share/fonts/dejavu /usr/X11R6/lib/X11/fonts/TTF; do |
2142 | + if test -f "$dir/DejaVuSans.$ext"; then |
2143 | + DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext" |
2144 | + break 2 |
2145 | + fi |
2146 | + done |
2147 | done |
2148 | - done |
2149 | |
2150 | - if test "x$DJVU_FONT_SOURCE" = x; then |
2151 | - starfield_excuse="No DejaVu found" |
2152 | - fi |
2153 | + if test "x$DJVU_FONT_SOURCE" = x; then |
2154 | + starfield_excuse="No DejaVu found" |
2155 | + fi |
2156 | + fi |
2157 | +else |
2158 | + DJVU_FONT_SOURCE="$with_dejavufont" |
2159 | fi |
2160 | |
2161 | if test x"$enable_grub_themes" = xyes && test x"$starfield_excuse" != x; then |
2162 | @@ -39754,21 +39833,31 @@ fi |
2163 | |
2164 | |
2165 | |
2166 | -FONT_SOURCE= |
2167 | |
2168 | -for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2169 | - for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc; do |
2170 | - if test -f "$dir/unifont.$ext"; then |
2171 | - md5="$(md5sum "$dir/unifont.$ext"|awk '{ print $1; }')" |
2172 | - # PCF and BDF from version 6.3 isn't hanled properly by libfreetype. |
2173 | - if test "$md5" = 0a54834d2788c83886a3e1785a6a1e61 || test "$md5" = 28f2565c7a41d8d407e2551159385edb || test "$md5" = dae5e588461b3b92b87b6ffee734f936 || test "$md5" = 4a3d687aa5bb329ed05f4263a1016791 ; then |
2174 | - continue |
2175 | +# Check whether --with-unifont was given. |
2176 | +if test "${with_unifont+set}" = set; then : |
2177 | + withval=$with_unifont; |
2178 | +fi |
2179 | + |
2180 | + |
2181 | +if test "x$with_unifont" = x; then |
2182 | + # search in well-known directories |
2183 | + for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2184 | + for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc /usr/pkg/share/fonts/X11/misc /usr/local/share/fonts/gnu-unifont /usr/local/share/fonts/unifont; do |
2185 | + if test -f "$dir/unifont.$ext"; then |
2186 | + md5="$(md5sum "$dir/unifont.$ext"|awk '{ print $1; }')" |
2187 | + # PCF and BDF from version 6.3 isn't hanled properly by libfreetype. |
2188 | + if test "$md5" = 0a54834d2788c83886a3e1785a6a1e61 || test "$md5" = 28f2565c7a41d8d407e2551159385edb || test "$md5" = dae5e588461b3b92b87b6ffee734f936 || test "$md5" = 4a3d687aa5bb329ed05f4263a1016791 ; then |
2189 | + continue |
2190 | + fi |
2191 | + FONT_SOURCE="$dir/unifont.$ext" |
2192 | + break 2 |
2193 | fi |
2194 | - FONT_SOURCE="$dir/unifont.$ext" |
2195 | - break 2 |
2196 | - fi |
2197 | + done |
2198 | done |
2199 | -done |
2200 | +else |
2201 | + FONT_SOURCE="$with_unifont" |
2202 | +fi |
2203 | |
2204 | if test x"$enable_build_grub_mkfont" = xno ; then |
2205 | FONT_SOURCE= |
2206 | @@ -40417,16 +40506,62 @@ fi |
2207 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nvpair_nvlist_lookup_string" >&5 |
2208 | $as_echo "$ac_cv_lib_nvpair_nvlist_lookup_string" >&6; } |
2209 | if test "x$ac_cv_lib_nvpair_nvlist_lookup_string" = xyes; then : |
2210 | - cat >>confdefs.h <<_ACEOF |
2211 | -#define HAVE_LIBNVPAIR 1 |
2212 | -_ACEOF |
2213 | + have_normal_nvpair=yes |
2214 | +else |
2215 | + have_normal_nvpair=no |
2216 | +fi |
2217 | |
2218 | - LIBS="-lnvpair $LIBS" |
2219 | + if test x"$have_normal_nvpair" = xno ; then |
2220 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for opensolaris_nvlist_lookup_string in -lnvpair" >&5 |
2221 | +$as_echo_n "checking for opensolaris_nvlist_lookup_string in -lnvpair... " >&6; } |
2222 | +if ${ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string+:} false; then : |
2223 | + $as_echo_n "(cached) " >&6 |
2224 | +else |
2225 | + ac_check_lib_save_LIBS=$LIBS |
2226 | +LIBS="-lnvpair $LIBS" |
2227 | +cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2228 | +/* end confdefs.h. */ |
2229 | |
2230 | +/* Override any GCC internal prototype to avoid an error. |
2231 | + Use char because int might match the return type of a GCC |
2232 | + builtin and then its argument prototype would still apply. */ |
2233 | +#ifdef __cplusplus |
2234 | +extern "C" |
2235 | +#endif |
2236 | +char opensolaris_nvlist_lookup_string (); |
2237 | +int |
2238 | +main (void) |
2239 | +{ |
2240 | +return opensolaris_nvlist_lookup_string (); |
2241 | + ; |
2242 | + return 0; |
2243 | +} |
2244 | +_ACEOF |
2245 | +if ac_fn_c_try_link "$LINENO"; then : |
2246 | + ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string=yes |
2247 | else |
2248 | - libzfs_excuse="need nvpair library" |
2249 | + ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string=no |
2250 | fi |
2251 | +rm -f core conftest.err conftest.$ac_objext \ |
2252 | + conftest$ac_exeext conftest.$ac_ext |
2253 | +LIBS=$ac_check_lib_save_LIBS |
2254 | +fi |
2255 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string" >&5 |
2256 | +$as_echo "$ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string" >&6; } |
2257 | +if test "x$ac_cv_lib_nvpair_opensolaris_nvlist_lookup_string" = xyes; then : |
2258 | + have_prefixed_nvpair=yes |
2259 | +else |
2260 | + have_prefixed_nvpair=no |
2261 | +fi |
2262 | + |
2263 | + if test x"$have_prefixed_nvpair" = xyes ; then |
2264 | + |
2265 | +$as_echo "#define GRUB_UTIL_NVPAIR_IS_PREFIXED 1" >>confdefs.h |
2266 | |
2267 | + else |
2268 | + libzfs_excuse="need nvpair library" |
2269 | + fi |
2270 | + fi |
2271 | fi |
2272 | |
2273 | if test x"$enable_libzfs" = xyes && test x"$libzfs_excuse" != x ; then |
2274 | @@ -40436,12 +40571,9 @@ fi |
2275 | if test x"$libzfs_excuse" = x ; then |
2276 | # We need both libzfs and libnvpair for a successful build. |
2277 | LIBZFS="-lzfs" |
2278 | - |
2279 | -$as_echo "#define HAVE_LIBZFS 1" >>confdefs.h |
2280 | - |
2281 | LIBNVPAIR="-lnvpair" |
2282 | |
2283 | -$as_echo "#define HAVE_LIBNVPAIR 1" >>confdefs.h |
2284 | +$as_echo "#define USE_LIBZFS 1" >>confdefs.h |
2285 | |
2286 | fi |
2287 | |
2288 | @@ -41909,7 +42041,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
2289 | # report actual input values of CONFIG_FILES etc. instead of their |
2290 | # values after options handling. |
2291 | ac_log=" |
2292 | -This file was extended by GRUB $as_me 2.12~rc1, which was |
2293 | +This file was extended by GRUB $as_me 2.12, which was |
2294 | generated by GNU Autoconf 2.69. Invocation command line was |
2295 | |
2296 | CONFIG_FILES = $CONFIG_FILES |
2297 | @@ -41979,7 +42111,7 @@ _ACEOF |
2298 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
2299 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
2300 | ac_cs_version="\\ |
2301 | -GRUB config.status 2.12~rc1 |
2302 | +GRUB config.status 2.12 |
2303 | configured by $0, generated by GNU Autoconf 2.69, |
2304 | with options \\"\$ac_cs_config\\" |
2305 | |
2306 | diff --git a/configure.ac b/configure.ac |
2307 | index 01500ff..cd667a2 100644 |
2308 | --- a/configure.ac |
2309 | +++ b/configure.ac |
2310 | @@ -34,7 +34,7 @@ dnl "TARGET_" (such as TARGET_CC, TARGET_CFLAGS, etc.) are used for |
2311 | dnl the target type. See INSTALL for full list of variables and |
2312 | dnl description of the relationships between them. |
2313 | |
2314 | -AC_INIT([GRUB],[2.12~rc1],[bug-grub@gnu.org]) |
2315 | +AC_INIT([GRUB],[2.12],[bug-grub@gnu.org]) |
2316 | |
2317 | AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"], |
2318 | [n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no], |
2319 | @@ -1020,6 +1020,19 @@ if test x"$target_cpu" = xsparc64 ; then |
2320 | TARGET_LDFLAGS="$TARGET_LDFLAGS $grub_cv_target_cc_mno_relax" |
2321 | fi |
2322 | |
2323 | +# The backtrace module relies on frame pointers and the default optimization |
2324 | +# level, -Os, omits them. Make sure they are enabled. |
2325 | +AC_CACHE_CHECK([whether -fno-omit-frame-pointer works], [grub_cv_cc_fno_omit_frame_pointer], [ |
2326 | + CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer" |
2327 | + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], |
2328 | + [grub_cv_cc_fno_omit_frame_pointer=yes], |
2329 | + [grub_cv_cc_fno_omit_frame_pointer=no]) |
2330 | +]) |
2331 | + |
2332 | +if test "x$grub_cv_cc_fno_omit_frame_pointer" = xyes; then |
2333 | + TARGET_CFLAGS="$TARGET_CFLAGS -fno-omit-frame-pointer" |
2334 | +fi |
2335 | + |
2336 | # By default, GCC 4.4 generates .eh_frame sections containing unwind |
2337 | # information in some cases where it previously did not. GRUB doesn't need |
2338 | # these and they just use up vital space. Restore the old compiler |
2339 | @@ -1262,8 +1275,7 @@ AC_SUBST(TARGET_LDFLAGS_OLDMAGIC) |
2340 | |
2341 | LDFLAGS="$TARGET_LDFLAGS" |
2342 | |
2343 | -if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 \ |
2344 | - || test "$target_cpu" = loongarch64 ; then |
2345 | +if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 ; then |
2346 | # Use large model to support 4G memory |
2347 | AC_CACHE_CHECK([whether option -mcmodel=large works], grub_cv_cc_mcmodel, [ |
2348 | CFLAGS="$TARGET_CFLAGS -mcmodel=large" |
2349 | @@ -1426,6 +1438,28 @@ else |
2350 | AC_MSG_ERROR([invalid value $enable_stack_protector for --enable-stack-protector]) |
2351 | fi |
2352 | TARGET_CPPFLAGS="$TARGET_CPPFLAGS -DGRUB_STACK_PROTECTOR=1" |
2353 | + |
2354 | + if test -n "$SOURCE_DATE_EPOCH"; then |
2355 | + GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2$(printf "%x" "$SOURCE_DATE_EPOCH" | sed 's/.*\(........\)$/\1/')" |
2356 | + elif test -r /dev/urandom; then |
2357 | + # Generate the 8 byte stack protector canary at build time if /dev/urandom |
2358 | + # is able to be read. The first byte should be NUL to filter out string |
2359 | + # buffer overflow attacks. |
2360 | + GRUB_STACK_PROTECTOR_INIT="$($PYTHON -c 'import codecs; rf=open("/dev/urandom", "rb"); print("0x00"+codecs.encode(rf.read(7), "hex").decode("ascii"))')" |
2361 | + else |
2362 | + # Some hosts may not have a urandom, e.g. Windows, so use statically |
2363 | + # generated random bytes |
2364 | + GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2f193b25c" |
2365 | + fi |
2366 | + |
2367 | + if test x"$target_m32" = x1 ; then |
2368 | + # Make sure that the canary default value is 24-bits by only using the |
2369 | + # lower 3 bytes on 32 bit systems. This allows the upper byte to be NUL |
2370 | + # to filter out string buffer overflow attacks. |
2371 | + GRUB_STACK_PROTECTOR_INIT="0x00$(echo "$GRUB_STACK_PROTECTOR_INIT" | sed 's/.*\(......\)$/\1/')" |
2372 | + fi |
2373 | + |
2374 | + AC_SUBST([GRUB_STACK_PROTECTOR_INIT]) |
2375 | fi |
2376 | |
2377 | CFLAGS="$TARGET_CFLAGS" |
2378 | @@ -1609,7 +1643,7 @@ if test "$platform" = emu; then |
2379 | AC_SUBST(HAVE_SDL2)], |
2380 | [grub_emu_sdl2_excuse="libSDL2 libraries are required to build \`grub-emu' with SDL2 support"]) |
2381 | [fi] |
2382 | - if test x"enable_grub_emu_sdl2" = xyes && test x"$grub_emu_sdl2_excuse" != x ; then |
2383 | + if test x"$enable_grub_emu_sdl2" = xyes && test x"$grub_emu_sdl2_excuse" != x ; then |
2384 | AC_MSG_ERROR([SDL2 support for grub-emu was explicitly requested but can't be compiled ($grub_emu_sdl2_excuse)]) |
2385 | fi |
2386 | if test x"$grub_emu_sdl2_excuse" = x ; then |
2387 | @@ -1704,6 +1738,9 @@ if test x"$grub_mkfont_excuse" = x ; then |
2388 | CPPFLAGS="$SAVED_CPPFLAGS" |
2389 | LIBS="$SAVED_LIBS" |
2390 | ], [grub_mkfont_excuse=["need freetype2 library"]]) |
2391 | + if test x"$grub_mkfont_excuse" = x && test x"$host_kernel" = xnetbsd ; then |
2392 | + FREETYPE_LIBS="$FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ; |
2393 | + fi |
2394 | fi |
2395 | |
2396 | if test x"$enable_grub_mkfont" = xyes && test x"$grub_mkfont_excuse" != x ; then |
2397 | @@ -1758,6 +1795,11 @@ if test x"$grub_build_mkfont_excuse" = x ; then |
2398 | LIBS="$SAVED_LIBS" |
2399 | CPPFLAGS="$SAVED_CPPFLAGS_2" |
2400 | ], [grub_build_mkfont_excuse=["need freetype2 library"]]) |
2401 | + if test x"$grub_build_mkfont_excuse" = x ; then |
2402 | + case x"$build_os" in |
2403 | + xnetbsd*) BUILD_FREETYPE_LIBS="$BUILD_FREETYPE_LIBS -Wl,-R,/usr/pkg/lib" ;; |
2404 | + esac |
2405 | + fi |
2406 | PKG_CONFIG="$SAVED_PKG_CONFIG" |
2407 | fi |
2408 | |
2409 | @@ -1784,8 +1826,6 @@ CPPFLAGS="$SAVED_CPPFLAGS" |
2410 | LDFLAGS="$SAVED_LDFLAGS" |
2411 | |
2412 | |
2413 | -DJVU_FONT_SOURCE= |
2414 | - |
2415 | starfield_excuse= |
2416 | |
2417 | AC_ARG_ENABLE([grub-themes], |
2418 | @@ -1799,19 +1839,28 @@ if test x"$starfield_excuse" = x && test x"$enable_build_grub_mkfont" = xno ; th |
2419 | starfield_excuse="No build-time grub-mkfont" |
2420 | fi |
2421 | |
2422 | -if test x"$starfield_excuse" = x; then |
2423 | - for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2424 | - for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype; do |
2425 | - if test -f "$dir/DejaVuSans.$ext"; then |
2426 | - DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext" |
2427 | - break 2 |
2428 | - fi |
2429 | +AC_ARG_WITH([dejavufont], |
2430 | + AS_HELP_STRING([--with-dejavufont=FILE], |
2431 | + [set the DejeVu source [[guessed]]])) |
2432 | + |
2433 | +if test "x$with_dejavufont" = x; then |
2434 | + # search in well-known directories |
2435 | + if test x"$starfield_excuse" = x; then |
2436 | + for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2437 | + for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/pkg/share/fonts/X11/TTF /usr/local/share/fonts/dejavu /usr/X11R6/lib/X11/fonts/TTF; do |
2438 | + if test -f "$dir/DejaVuSans.$ext"; then |
2439 | + DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext" |
2440 | + break 2 |
2441 | + fi |
2442 | + done |
2443 | done |
2444 | - done |
2445 | |
2446 | - if test "x$DJVU_FONT_SOURCE" = x; then |
2447 | - starfield_excuse="No DejaVu found" |
2448 | - fi |
2449 | + if test "x$DJVU_FONT_SOURCE" = x; then |
2450 | + starfield_excuse="No DejaVu found" |
2451 | + fi |
2452 | + fi |
2453 | +else |
2454 | + DJVU_FONT_SOURCE="$with_dejavufont" |
2455 | fi |
2456 | |
2457 | if test x"$enable_grub_themes" = xyes && test x"$starfield_excuse" != x; then |
2458 | @@ -1820,21 +1869,28 @@ fi |
2459 | |
2460 | AC_SUBST([DJVU_FONT_SOURCE]) |
2461 | |
2462 | -FONT_SOURCE= |
2463 | - |
2464 | -for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2465 | - for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc; do |
2466 | - if test -f "$dir/unifont.$ext"; then |
2467 | - md5="$(md5sum "$dir/unifont.$ext"|awk '{ print $1; }')" |
2468 | - # PCF and BDF from version 6.3 isn't hanled properly by libfreetype. |
2469 | - if test "$md5" = 0a54834d2788c83886a3e1785a6a1e61 || test "$md5" = 28f2565c7a41d8d407e2551159385edb || test "$md5" = dae5e588461b3b92b87b6ffee734f936 || test "$md5" = 4a3d687aa5bb329ed05f4263a1016791 ; then |
2470 | - continue |
2471 | +AC_ARG_WITH([unifont], |
2472 | + AS_HELP_STRING([--with-unifont=FILE], |
2473 | + [set the unifont source [[guessed]]])) |
2474 | + |
2475 | +if test "x$with_unifont" = x; then |
2476 | + # search in well-known directories |
2477 | + for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do |
2478 | + for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/unifont /usr/share/fonts/uni /usr/share/fonts/truetype/unifont /usr/share/fonts/misc /usr/pkg/share/fonts/X11/misc /usr/local/share/fonts/gnu-unifont /usr/local/share/fonts/unifont; do |
2479 | + if test -f "$dir/unifont.$ext"; then |
2480 | + md5="$(md5sum "$dir/unifont.$ext"|awk '{ print $1; }')" |
2481 | + # PCF and BDF from version 6.3 isn't hanled properly by libfreetype. |
2482 | + if test "$md5" = 0a54834d2788c83886a3e1785a6a1e61 || test "$md5" = 28f2565c7a41d8d407e2551159385edb || test "$md5" = dae5e588461b3b92b87b6ffee734f936 || test "$md5" = 4a3d687aa5bb329ed05f4263a1016791 ; then |
2483 | + continue |
2484 | + fi |
2485 | + FONT_SOURCE="$dir/unifont.$ext" |
2486 | + break 2 |
2487 | fi |
2488 | - FONT_SOURCE="$dir/unifont.$ext" |
2489 | - break 2 |
2490 | - fi |
2491 | + done |
2492 | done |
2493 | -done |
2494 | +else |
2495 | + FONT_SOURCE="$with_unifont" |
2496 | +fi |
2497 | |
2498 | if test x"$enable_build_grub_mkfont" = xno ; then |
2499 | FONT_SOURCE= |
2500 | @@ -1971,8 +2027,19 @@ fi |
2501 | |
2502 | if test x"$libzfs_excuse" = x ; then |
2503 | AC_CHECK_LIB([nvpair], [nvlist_lookup_string], |
2504 | - [], |
2505 | - [libzfs_excuse="need nvpair library"]) |
2506 | + [have_normal_nvpair=yes], |
2507 | + [have_normal_nvpair=no]) |
2508 | + if test x"$have_normal_nvpair" = xno ; then |
2509 | + AC_CHECK_LIB([nvpair], [opensolaris_nvlist_lookup_string], |
2510 | + [have_prefixed_nvpair=yes], |
2511 | + [have_prefixed_nvpair=no]) |
2512 | + if test x"$have_prefixed_nvpair" = xyes ; then |
2513 | + AC_DEFINE([GRUB_UTIL_NVPAIR_IS_PREFIXED], [1], |
2514 | + [Define to 1 if libnvpair symbols are prefixed with opensolaris_.]) |
2515 | + else |
2516 | + libzfs_excuse="need nvpair library" |
2517 | + fi |
2518 | + fi |
2519 | fi |
2520 | |
2521 | if test x"$enable_libzfs" = xyes && test x"$libzfs_excuse" != x ; then |
2522 | @@ -1982,11 +2049,9 @@ fi |
2523 | if test x"$libzfs_excuse" = x ; then |
2524 | # We need both libzfs and libnvpair for a successful build. |
2525 | LIBZFS="-lzfs" |
2526 | - AC_DEFINE([HAVE_LIBZFS], [1], |
2527 | - [Define to 1 if you have the ZFS library.]) |
2528 | LIBNVPAIR="-lnvpair" |
2529 | - AC_DEFINE([HAVE_LIBNVPAIR], [1], |
2530 | - [Define to 1 if you have the NVPAIR library.]) |
2531 | + AC_DEFINE([USE_LIBZFS], [1], |
2532 | + [Define to 1 if ZFS library should be used.]) |
2533 | fi |
2534 | |
2535 | AC_SUBST([LIBZFS]) |
2536 | diff --git a/debian/build-efi-images b/debian/build-efi-images |
2537 | index d3f6cc5..d17e225 100755 |
2538 | --- a/debian/build-efi-images |
2539 | +++ b/debian/build-efi-images |
2540 | @@ -104,7 +104,6 @@ CD_MODULES=" |
2541 | ext2 |
2542 | fat |
2543 | font |
2544 | - f2fs |
2545 | gettext |
2546 | gfxmenu |
2547 | gfxterm |
2548 | @@ -114,7 +113,6 @@ CD_MODULES=" |
2549 | help |
2550 | hfsplus |
2551 | iso9660 |
2552 | - jfs |
2553 | jpeg |
2554 | keystatus |
2555 | loadenv |
2556 | @@ -196,7 +194,6 @@ GRUB_MODULES="$CD_MODULES |
2557 | gcry_twofish |
2558 | gcry_whirlpool |
2559 | luks |
2560 | - luks2 |
2561 | lvm |
2562 | mdraid09 |
2563 | mdraid1x |
2564 | @@ -246,15 +243,18 @@ echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name.efi" |
2565 | # Special network boot image for d-i to use. Just the same as the |
2566 | # normal network boot image, but with a different value baked in for |
2567 | # the prefix setting |
2568 | -echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name-installer.efi" |
2569 | -"$grub_mkimage" \ |
2570 | - -O "$platform" \ |
2571 | - -o "$outdir/grubnet$efi_name-installer.efi" \ |
2572 | - -c "$workdir/grub-bootstrap.cfg" \ |
2573 | - -d "$grub_core" \ |
2574 | - -m "$workdir/memdisk-netboot.squashfs" \ |
2575 | - -p "/${efi_vendor}-installer/$deb_arch/grub" \ |
2576 | - --sbat "$sbat_csv" \ |
2577 | - $NET_MODULES |
2578 | +# |
2579 | +# but not on Ubuntu LP: #1863994 |
2580 | +# |
2581 | +#echo "Including modules $NET_MODULES in $outdir/grubnet$efi_name-installer.efi" |
2582 | +#"$grub_mkimage" \ |
2583 | +# -O "$platform" \ |
2584 | +# -o "$outdir/grubnet$efi_name-installer.efi" \ |
2585 | +# -c "$workdir/grub-bootstrap.cfg" \ |
2586 | +# -d "$grub_core" \ |
2587 | +# -m "$workdir/memdisk-netboot.squashfs" \ |
2588 | +# -p "/${efi_vendor}-installer/$deb_arch/grub" \ |
2589 | +# --sbat "$sbat_csv" \ |
2590 | +# $NET_MODULES |
2591 | |
2592 | exit 0 |
2593 | diff --git a/debian/canonical-uefi-ca.crt b/debian/canonical-uefi-ca.crt |
2594 | new file mode 100644 |
2595 | index 0000000..55c06d5 |
2596 | --- /dev/null |
2597 | +++ b/debian/canonical-uefi-ca.crt |
2598 | @@ -0,0 +1,25 @@ |
2599 | +-----BEGIN CERTIFICATE----- |
2600 | +MIIENDCCAxygAwIBAgIJALlBJKAYLJJnMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD |
2601 | +VQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xEDAOBgNVBAcMB0RvdWdsYXMx |
2602 | +FzAVBgNVBAoMDkNhbm9uaWNhbCBMdGQuMTQwMgYDVQQDDCtDYW5vbmljYWwgTHRk |
2603 | +LiBNYXN0ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDQxMjExMTI1MVoX |
2604 | +DTQyMDQxMTExMTI1MVowgYQxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9m |
2605 | +IE1hbjEQMA4GA1UEBwwHRG91Z2xhczEXMBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4x |
2606 | +NDAyBgNVBAMMK0Nhbm9uaWNhbCBMdGQuIE1hc3RlciBDZXJ0aWZpY2F0ZSBBdXRo |
2607 | +b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/WzoWdO4hXa5h |
2608 | +7Z1WrL3e3nLz3X4tTGIPrMBtSAgRz42L+2EfJ8wRbtlVPTlU60A7sbvihTR5yvd7 |
2609 | +v7p6yBAtGX2tWc+m1OlOD9quUupMnpDOxpkNTmdleF350dU4Skp6j5OcfxqjhdvO |
2610 | ++ov3wqIhLZtUQTUQVxONbLwpBlBKfuqZqWinO8cHGzKeoBmHDnm7aJktfpNS5fbr |
2611 | +yZv5K+24aEm82ZVQQFvFsnGq61xX3nH5QArdW6wehC1QGlLW4fNrbpBkT1u06yDk |
2612 | +YRDaWvDq5ELXAcT+IR/ZucBUlUKBUnIfSWR6yGwk8QhwC02loDLRoBxXqE3jr6WO |
2613 | +BQU+EEOhAgMBAAGjgaYwgaMwHQYDVR0OBBYEFK2RmQvCKrH1FwSMI7ZlWiaONFpj |
2614 | +MB8GA1UdIwQYMBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA8GA1UdEwEB/wQFMAMB |
2615 | +Af8wCwYDVR0PBAQDAgGGMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuY2Fu |
2616 | +b25pY2FsLmNvbS9zZWN1cmUtYm9vdC1tYXN0ZXItY2EuY3JsMA0GCSqGSIb3DQEB |
2617 | +CwUAA4IBAQA/ffZ2pbODtCt60G1SGgODxBKnUJxHkszAlHeC0q5Xs5kE9TI6xlUd |
2618 | +B9sSqVb62NR2IOvkw1Hbmlyckj8Yc9qUaqGZOIykiG3B/Dlx0HR2FgM+ViM11VVH |
2619 | +WxodQcLTEkzc/64KkpxiChcBnHPgXrH9vNa1GRF6fs0+A35m21uoyTlIUf9T4Zwx |
2620 | +U5EbOxB1Axe65oECgJRwTEa3lLA9Fc0fjgLgaAKP+/lHHX2iAcYHUcSazO3dz6Nd |
2621 | +7ZK7vtH95uwfM1FzBL48crB9CPgB/5h9y5zgaTl3JUdxiLGNJ6UuqPc/X4Bplz6p |
2622 | +9JkU284DDgtmxBxtvbgnd8FClL38agq8 |
2623 | +-----END CERTIFICATE----- |
2624 | diff --git a/debian/changelog b/debian/changelog |
2625 | index da31470..17299bf 100644 |
2626 | --- a/debian/changelog |
2627 | +++ b/debian/changelog |
2628 | @@ -1,3 +1,207 @@ |
2629 | +grub2 (2.12-1ubuntu2) noble; urgency=medium |
2630 | + |
2631 | + * Revert patchset "ppc64: Restrict memory allocations" (LP: #2053117) |
2632 | + |
2633 | + -- Mate Kukri <mate.kukri@canonical.com> Wed, 14 Feb 2024 09:19:35 +0000 |
2634 | + |
2635 | +grub2 (2.12-1ubuntu1) noble; urgency=medium |
2636 | + |
2637 | + * Merge from Debian unstable; remaining changes: |
2638 | + - Add Ubuntu sbat data |
2639 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
2640 | + - grub-common: Install canonical-uefi-ca.crt |
2641 | + - Check signatures |
2642 | + - Support installing to multiple ESP (LP: 1871821) |
2643 | + - Disable various bits on i386 |
2644 | + - Split out unsigned artefacts into grub2-unsigned |
2645 | + - Vcs-Git: Point to ubuntu packaging branch |
2646 | + - Relax dependencies on grub-common and grub2-common |
2647 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
2648 | + to ABI change |
2649 | + - UBUNTU: Default timeout changes |
2650 | + - Revert "Add jfs module to signed UEFI images. Closes: #950959" |
2651 | + - Revert "Add f2fs module to signed UEFI images" |
2652 | + - Install grub-initrd-fallback.service again |
2653 | + - Build using -O1 on s390x to avoid misoptimization |
2654 | + - grub-check-signatures: Support gzip compressed kernels (LP: #1954683) |
2655 | + - grub-multi-install: Reset partition type between partitions (LP: #1997795) |
2656 | + - Drop i386 from grub-efi-amd64* (LP: #2020907) |
2657 | + - Turn depends on grub-efi-amd64/arm64 unversioned |
2658 | + - forward port fix for LP: #1926748 |
2659 | + - Make the grub2/no_efi_extra_removable setting work correctly |
2660 | + - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only) |
2661 | + - Build grub2-unsigned packages with xz compression |
2662 | + - Revert: "Have -bin packages Break pre-2.12 -signed packages.", this is not |
2663 | + compatible with our versioning schemes. |
2664 | + - Install a /usr/lib/grub/grub-sort-version and use that to sort versions as |
2665 | + it respects GRUB_FLAVOUR_ORDER. Depend on python3 to do so. |
2666 | + - rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned |
2667 | + - Drop luks2 |
2668 | + - d/control: Add python3-apt to Depends of grub-common (LP: #2048953) |
2669 | + - Replaced patches: |
2670 | + - install-signed.patche |
2671 | + - grub-install-extra-removable.patch |
2672 | + - grub-install-removable-shim.patch |
2673 | + - Added patches: |
2674 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
2675 | + + rhboot-f34-make-exit-take-a-return-code.patch |
2676 | + + suse-grub.texi-add-net_bootp6-document.patch |
2677 | + + ubuntu-add-devicetree-command-support.patch |
2678 | + + ubuntu-add-initrd-less-boot-fallback.patch |
2679 | + + ubuntu-add-initrd-less-boot-messages.patch |
2680 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
2681 | + + ubuntu-dont-verify-loopback-images.patch |
2682 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
2683 | + + ubuntu-grub-install-extra-removable.patch |
2684 | + + ubuntu-install-signed.patch |
2685 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
2686 | + + ubuntu-os-prober-auto.patch |
2687 | + + ubuntu-recovery-dis_ucode_ldr.patch |
2688 | + + ubuntu-resilient-boot-boot-order.patch |
2689 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
2690 | + + ubuntu-shorter-version-info.patch |
2691 | + + ubuntu-speed-zsys-history.patch |
2692 | + + ubuntu-support-initrd-less-boot.patch |
2693 | + + ubuntu-verifiers-last.patch |
2694 | + + ubuntu-zfs-enhance-support.patch |
2695 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
2696 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
2697 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
2698 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
2699 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
2700 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
2701 | + + ubuntu-zfs-mkconfig-ubuntu-recovery.patch |
2702 | + + ubuntu-zfs-vt-handoff.patch |
2703 | + * Unreleased changes from Debian: |
2704 | + - Update signing-template Uploaders to match main package. |
2705 | + - d/p/mkconfig-ubuntu-recovery.patch: Use "recovery" instead of "single recovery" |
2706 | + for recovery mode bootparams (LP: #2041245) |
2707 | + |
2708 | + -- Mate Kukri <mate.kukri@canonical.com> Mon, 29 Jan 2024 11:06:12 +0000 |
2709 | + |
2710 | +grub2 (2.12-1) unstable; urgency=medium |
2711 | + |
2712 | + [ Mate Kukri ] |
2713 | + * New upstream version, 2.12 |
2714 | + * d/patches: Rebase on `upstream/2.12` and drop superseded patches: |
2715 | + - Dropping patches now included upstream: |
2716 | + + d/p/ntfs-cve-fixes/*: Fixes for NTFS OOB CVE |
2717 | + + d/p/upstream/xfs-*: XFS parsing fixes |
2718 | + + d/p/upstream/unmerged-usr-shebang.patch |
2719 | + - Dropping patch replaced with configure option: |
2720 | + + d/p/dejavu-font-path.patch |
2721 | + * d/rules: Pass configure option '--enable-grub-themes' |
2722 | + * d/rules: Provide Debian specific DejaVu path via configure |
2723 | + * d/{control,rules}: Use default gcc version |
2724 | + * d/p/extra_deps_lst.patch: |
2725 | + Checkout "extra_deps.lst" from upstream/master |
2726 | + * d/p/sb/revert-efi-fallback-to-legacy.patch: |
2727 | + Also revert newer fallback patch |
2728 | + |
2729 | + [ Julian Andres Klode ] |
2730 | + * Add Mate to Uploaders |
2731 | + |
2732 | + -- Mate Kukri <mate.kukri@canonical.com> Mon, 15 Jan 2024 09:54:55 +0000 |
2733 | + |
2734 | +grub2 (2.12~rc1-13) unstable; urgency=medium |
2735 | + |
2736 | + * No-change rebuild to retrigger signing following binNMU breakage |
2737 | + |
2738 | + -- Julian Andres Klode <jak@debian.org> Fri, 12 Jan 2024 19:00:41 +0100 |
2739 | + |
2740 | +grub2 (2.12~rc1-12ubuntu5) noble; urgency=medium |
2741 | + |
2742 | + * d/control: Add python3-apt to Depends of grub-common (LP: #2048953) |
2743 | + |
2744 | + -- Mate Kukri <mate.kukri@canonical.com> Fri, 09 Feb 2024 13:23:36 +0000 |
2745 | + |
2746 | +grub2 (2.12~rc1-12ubuntu4) noble; urgency=medium |
2747 | + |
2748 | + * d/p/delay-copying-to-grubdir.patch: Move platdir path canonicalisation |
2749 | + after files were copied to grubdir. (LP: #2045944) |
2750 | + |
2751 | + -- Mate Kukri <mate.kukri@canonical.com> Fri, 08 Dec 2023 09:22:22 +0000 |
2752 | + |
2753 | +grub2 (2.12~rc1-12ubuntu3) noble; urgency=medium |
2754 | + |
2755 | + * d/p/delay-copying-to-grubdir.patch: Improve grub-install robustness by |
2756 | + delaying the update of /boot after install device validation |
2757 | + * Remove workaround for LP: 1889556 (LP: #2043995) |
2758 | + - Was not needed since /boot rollback was introduced upstream |
2759 | + - Patch above ensures that this will not reoccur even if rollback fails |
2760 | + |
2761 | + -- Mate Kukri <mate.kukri@canonical.com> Tue, 21 Nov 2023 15:35:55 +0000 |
2762 | + |
2763 | +grub2 (2.12~rc1-12ubuntu2) noble; urgency=medium |
2764 | + |
2765 | + * Merge from Debian unstable; remaining changes: |
2766 | + - Add Ubuntu sbat data |
2767 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
2768 | + - grub-common: Install canonical-uefi-ca.crt |
2769 | + - Check signatures |
2770 | + - Support installing to multiple ESP (LP: 1871821) |
2771 | + - Disable various bits on i386 |
2772 | + - Split out unsigned artefacts into grub2-unsigned |
2773 | + - Vcs-Git: Point to ubuntu packaging branch |
2774 | + - Relax dependencies on grub-common and grub2-common |
2775 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
2776 | + to ABI change |
2777 | + - UBUNTU: Default timeout changes |
2778 | + - Revert "Add jfs module to signed UEFI images. Closes: #950959" |
2779 | + - Revert "Add f2fs module to signed UEFI images" |
2780 | + - Install grub-initrd-fallback.service again |
2781 | + - Build using -O1 on s390x to avoid misoptimization |
2782 | + - grub-check-signatures: Support gzip compressed kernels (LP: #1954683) |
2783 | + - grub-multi-install: Reset partition type between partitions (LP: #1997795) |
2784 | + - Drop i386 from grub-efi-amd64* (LP: #2020907) |
2785 | + - Turn depends on grub-efi-amd64/arm64 unversioned |
2786 | + - forward port fix for LP: #1926748 |
2787 | + - Make the grub2/no_efi_extra_removable setting work correctly |
2788 | + - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only) |
2789 | + - Build grub2-unsigned packages with xz compression |
2790 | + - Revert: "Have -bin packages Break pre-2.12 -signed packages.", this is not |
2791 | + compatible with our versioning schemes. |
2792 | + - Install a /usr/lib/grub/grub-sort-version and use that to sort versions as |
2793 | + it respects GRUB_FLAVOUR_ORDER. Depend on python3 to do so. |
2794 | + - rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned |
2795 | + - Replaced patches: |
2796 | + - installe-signed.patched |
2797 | + - grub-install-extra-removable.patch |
2798 | + - grub-install-removable-shim.patch |
2799 | + - Added patches: |
2800 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
2801 | + + rhboot-f34-make-exit-take-a-return-code.patch |
2802 | + + suse-grub.texi-add-net_bootp6-document.patch |
2803 | + + ubuntu-add-devicetree-command-support.patch |
2804 | + + ubuntu-add-initrd-less-boot-fallback.patch |
2805 | + + ubuntu-add-initrd-less-boot-messages.patch |
2806 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
2807 | + + ubuntu-dont-verify-loopback-images.patch |
2808 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
2809 | + + ubuntu-grub-install-extra-removable.patch |
2810 | + + ubuntu-install-signed.patch |
2811 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
2812 | + + ubuntu-os-prober-auto.patch |
2813 | + + ubuntu-recovery-dis_ucode_ldr.patch |
2814 | + + ubuntu-resilient-boot-boot-order.patch |
2815 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
2816 | + + ubuntu-shorter-version-info.patch |
2817 | + + ubuntu-speed-zsys-history.patch |
2818 | + + ubuntu-support-initrd-less-boot.patch |
2819 | + + ubuntu-verifiers-last.patch |
2820 | + + ubuntu-zfs-enhance-support.patch |
2821 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
2822 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
2823 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
2824 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
2825 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
2826 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
2827 | + + ubuntu-zfs-mkconfig-ubuntu-recovery.patch |
2828 | + + ubuntu-zfs-vt-handoff.patch |
2829 | + * Removed luks2 from signed EFI binaries (LP: #2043101) |
2830 | + |
2831 | + -- Mate Kukri <mate.kukri@canonical.com> Thu, 09 Nov 2023 16:16:56 +0200 |
2832 | + |
2833 | grub2 (2.12~rc1-12) unstable; urgency=medium |
2834 | |
2835 | [ Mate Kukri ] |
2836 | @@ -51,6 +255,108 @@ grub2 (2.12~rc1-11) unstable; urgency=medium |
2837 | |
2838 | -- Julian Andres Klode <juliank@ubuntu.com> Mon, 02 Oct 2023 15:55:25 +0200 |
2839 | |
2840 | +grub2 (2.12~rc1-10ubuntu4) mantic; urgency=high |
2841 | + |
2842 | + * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write |
2843 | + and may leak sensitive information into the GRUB pager. |
2844 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- |
2845 | + label.patch: |
2846 | + fs/ntfs: Fix an OOB read when parsing a volume label |
2847 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- |
2848 | + index-at.patch: |
2849 | + fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes |
2850 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- |
2851 | + entries-fr.patch: |
2852 | + fs/ntfs: Fix an OOB read when parsing directory entries from resident and |
2853 | + non-resident index attributes |
2854 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- |
2855 | + reside.patch: |
2856 | + fs/ntfs: Fix an OOB read when reading data from the resident $DATA + |
2857 | + attribute |
2858 | + - CVE-2023-4693 |
2859 | + * SECURITY UPDATE: Crafted file system images can cause heap-based buffer |
2860 | + overflow and may allow arbitrary code execution and secure boot bypass. |
2861 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- |
2862 | + ATTRIBUTE_LIST-.patch: |
2863 | + fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for |
2864 | + the $MFT file |
2865 | + - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch |
2866 | + fs/ntfs: Make code more readable |
2867 | + - CVE-2023-4692 |
2868 | + |
2869 | + -- Mate Kukri <mate.kukri@canonical.com> Mon, 02 Oct 2023 15:23:58 +0100 |
2870 | + |
2871 | +grub2 (2.12~rc1-10ubuntu2) mantic; urgency=medium |
2872 | + |
2873 | + * Merge from Debian unstable to pick up fixes (LP: #2028947); remaining changes: |
2874 | + - Add Ubuntu sbat data |
2875 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
2876 | + - grub-common: Install canonical-uefi-ca.crt |
2877 | + - Check signatures |
2878 | + - Support installing to multiple ESP (LP: 1871821) |
2879 | + - Disable various bits on i386 |
2880 | + - Split out unsigned artefacts into grub2-unsigned |
2881 | + - Vcs-Git: Point to ubuntu packaging branch |
2882 | + - Relax dependencies on grub-common and grub2-common |
2883 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
2884 | + to ABI change |
2885 | + - UBUNTU: Default timeout changes |
2886 | + - Revert "Add jfs module to signed UEFI images. Closes: #950959" |
2887 | + - Revert "Add f2fs module to signed UEFI images" |
2888 | + - Install grub-initrd-fallback.service again |
2889 | + - Build using -O1 on s390x to avoid misoptimization |
2890 | + - grub-check-signatures: Support gzip compressed kernels (LP: #1954683) |
2891 | + - grub-multi-install: Reset partition type between partitions (LP: #1997795) |
2892 | + - Drop i386 from grub-efi-amd64* (LP: #2020907) |
2893 | + - Turn depends on grub-efi-amd64/arm64 unversioned |
2894 | + - forward port fix for LP: #1926748 |
2895 | + - Make the grub2/no_efi_extra_removable setting work correctly |
2896 | + - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only) |
2897 | + - Build grub2-unsigned packages with xz compression |
2898 | + - Replaced patches: |
2899 | + - installe-signed.patched |
2900 | + - grub-install-extra-removable.patch |
2901 | + - grub-install-removable-shim.patch |
2902 | + - Added patches: |
2903 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
2904 | + + rhboot-f34-make-exit-take-a-return-code.patch |
2905 | + + suse-grub.texi-add-net_bootp6-document.patch |
2906 | + + ubuntu-add-devicetree-command-support.patch |
2907 | + + ubuntu-add-initrd-less-boot-fallback.patch |
2908 | + + ubuntu-add-initrd-less-boot-messages.patch |
2909 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
2910 | + + ubuntu-dont-verify-loopback-images.patch |
2911 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
2912 | + + ubuntu-grub-install-extra-removable.patch |
2913 | + + ubuntu-install-signed.patch |
2914 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
2915 | + + ubuntu-os-prober-auto.patch |
2916 | + + ubuntu-recovery-dis_ucode_ldr.patch |
2917 | + + ubuntu-resilient-boot-boot-order.patch |
2918 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
2919 | + + ubuntu-shorter-version-info.patch |
2920 | + + ubuntu-speed-zsys-history.patch |
2921 | + + ubuntu-support-initrd-less-boot.patch |
2922 | + + ubuntu-verifiers-last.patch |
2923 | + + ubuntu-zfs-enhance-support.patch |
2924 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
2925 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
2926 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
2927 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
2928 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
2929 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
2930 | + + ubuntu-zfs-mkconfig-ubuntu-recovery.patch |
2931 | + + ubuntu-zfs-vt-handoff.patch |
2932 | + * Dropped Ubuntu changes: |
2933 | + - Temporarily rmmod peimage for os-prober chainloader entries (LP: #2030810) |
2934 | + * Revert: "Have -bin packages Break pre-2.12 -signed packages.", this is not |
2935 | + compatible with our versioning schemes. |
2936 | + * Install a /usr/lib/grub/grub-sort-version and use that to sort versions as |
2937 | + it respects GRUB_FLAVOUR_ORDER. Depend on python3 to do so. |
2938 | + * rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned |
2939 | + |
2940 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 25 Sep 2023 17:31:09 +0200 |
2941 | + |
2942 | grub2 (2.12~rc1-10) unstable; urgency=medium |
2943 | |
2944 | [ Julian Andres Klode ] |
2945 | @@ -111,6 +417,165 @@ grub2 (2.12~rc1-5) experimental; urgency=medium |
2946 | |
2947 | -- Julian Andres Klode <jak@debian.org> Mon, 04 Sep 2023 14:16:12 +0200 |
2948 | |
2949 | +grub2 (2.12~rc1-4ubuntu3) mantic; urgency=medium |
2950 | + |
2951 | + * zfs: Drop `set -u`, incompatible with undefined variables in library |
2952 | + (LP: #2033256) |
2953 | + |
2954 | + -- Julian Andres Klode <juliank@ubuntu.com> Tue, 29 Aug 2023 16:03:49 +0200 |
2955 | + |
2956 | +grub2 (2.12~rc1-4ubuntu2) mantic; urgency=medium |
2957 | + |
2958 | + * ubuntu-zfs-enhance-support.patch: Adjustments for 2.12 library |
2959 | + (LP: #2029260) |
2960 | + * zfs: on_exit: Unmount ${MNTDIR}/boot before ${MNTDIR} (LP: #2031042) |
2961 | + * Temporarily rmmod peimage for os-prober chainloader entries (LP: #2030810) |
2962 | + |
2963 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 21 Aug 2023 14:26:07 +0200 |
2964 | + |
2965 | +grub2 (2.12~rc1-4ubuntu1) mantic; urgency=medium |
2966 | + |
2967 | + * Merge from Debian unstable (LP: #2028947); remaining changes: |
2968 | + - Add Ubuntu sbat data |
2969 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
2970 | + - grub-common: Install canonical-uefi-ca.crt |
2971 | + - Check signatures |
2972 | + - Support installing to multiple ESP (LP: 1871821) |
2973 | + - Disable various bits on i386 |
2974 | + - Split out unsigned artefacts into grub2-unsigned |
2975 | + - Vcs-Git: Point to ubuntu packaging branch |
2976 | + - Relax dependencies on grub-common and grub2-common |
2977 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
2978 | + to ABI change |
2979 | + - UBUNTU: Default timeout changes |
2980 | + - Revert "Add jfs module to signed UEFI images. Closes: #950959" |
2981 | + - Revert "Add f2fs module to signed UEFI images" |
2982 | + - Install grub-initrd-fallback.service again |
2983 | + - Build using -O1 on s390x to avoid misoptimization |
2984 | + - grub-check-signatures: Support gzip compressed kernels (LP: #1954683) |
2985 | + - grub-multi-install: Reset partition type between partitions (LP: #1997795) |
2986 | + - Drop i386 from grub-efi-amd64* (LP: #2020907) |
2987 | + - Turn depends on grub-efi-amd64/arm64 unversioned |
2988 | + - forward port fix for LP: #1926748 |
2989 | + - Make the grub2/no_efi_extra_removable setting work correctly |
2990 | + - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only) |
2991 | + - Build grub2-unsigned packages with xz compression |
2992 | + - Replaced patches: |
2993 | + - installe-signed.patched |
2994 | + - grub-install-extra-removable.patch |
2995 | + - grub-install-removable-shim.patch |
2996 | + - Added patches: |
2997 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
2998 | + + rhboot-f34-make-exit-take-a-return-code.patch |
2999 | + + suse-grub.texi-add-net_bootp6-document.patch |
3000 | + + ubuntu-add-devicetree-command-support.patch |
3001 | + + ubuntu-add-initrd-less-boot-fallback.patch |
3002 | + + ubuntu-add-initrd-less-boot-messages.patch |
3003 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
3004 | + + ubuntu-dont-verify-loopback-images.patch |
3005 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
3006 | + + ubuntu-grub-install-extra-removable.patch |
3007 | + + ubuntu-install-signed.patch |
3008 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
3009 | + + ubuntu-os-prober-auto.patch |
3010 | + + ubuntu-recovery-dis_ucode_ldr.patch |
3011 | + + ubuntu-resilient-boot-boot-order.patch |
3012 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
3013 | + + ubuntu-shorter-version-info.patch |
3014 | + + ubuntu-speed-zsys-history.patch |
3015 | + + ubuntu-support-initrd-less-boot.patch |
3016 | + + ubuntu-verifiers-last.patch |
3017 | + + ubuntu-zfs-enhance-support.patch |
3018 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
3019 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
3020 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
3021 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
3022 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
3023 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
3024 | + + ubuntu-zfs-mkconfig-ubuntu-recovery.patch |
3025 | + + ubuntu-zfs-vt-handoff.patch |
3026 | + * Dropped Ubuntu changes: |
3027 | + - All the rhboot loader patches |
3028 | + - Temporarily, support for GRUB_FLAVOUR_ORDER |
3029 | + - RISC-V patches, applied upstream: |
3030 | + + efi-add-definition-of-LoadFile2-protocol.patch |
3031 | + + efi-correct-struct-grub_efi_boot_services.patch |
3032 | + + efi-implemented-LoadFile2-initrd-loading-protocol-fo.patch |
3033 | + + efi-implement-grub_efi_run_image.patch |
3034 | + + RISC-V-Update-image-header.patch |
3035 | + + RISC-V-Use-common-linux-loader.patch |
3036 | + + riscv-adjust-march-flags-for-binutils-2.38.patch |
3037 | + + upstream/riscv-handle-r-riscv-call-plt-reloc.patch |
3038 | + + loader-drop-argv-argument-in-grub_initrd_load.patch |
3039 | + + loader-Move-arm64-linux-loader-to-common-code.patch |
3040 | + - Networking patches (rebasing still WIP): |
3041 | + + cherrypick-efi-grub_efi_close_protocol.patch |
3042 | + + cherrypick-efinet-correct-closing-snp-protocol.patch |
3043 | + + efinet-uefi-ipv6-pxe-support.patch |
3044 | + + suse-add-support-for-UEFI-network-protocols.patch |
3045 | + + suse-AUDIT-0-http-boot-tracker-bug.patch |
3046 | + - Red Hat boot loader, replaced by upstream: |
3047 | + + linuxefi-do-not-validate-kernels-twice.patch |
3048 | + + linuxefi-Invalidate-i-cache-before-starting-the-kern.patch |
3049 | + + rhboot-bounce-buffers.patch |
3050 | + + rhboot-efi-allocate-in-kernel-bounds.patch |
3051 | + + rhboot-efi-allocate-kernel-as-code-for-real.patch |
3052 | + + rhboot-efi-allocate-kernel-as-code.patch |
3053 | + + rhboot-efi-enumerated-array-for-allocation-choice.patch |
3054 | + + rhboot-efi-fix-incorrect-array-size.patch |
3055 | + + rhboot-efi-initrd-above-4gb.patch |
3056 | + + rhboot-efi-kernel-allocator.patch |
3057 | + + rhboot-efi-rearrange-grub-cmd-linux.patch |
3058 | + + rhboot-efi-split-allocation-policy.patch |
3059 | + + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
3060 | + + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
3061 | + + rhboot-try-to-pick-better-locations-for-kernel-and-initrd.patch |
3062 | + + ubuntu-linuxefi-arm64.patch |
3063 | + + ubuntu-linuxefi-arm64-set-base-addr.patch |
3064 | + + ubuntu-linuxefi.patch |
3065 | + + ubuntu-rhboot-cast-fixups.patch |
3066 | + + ubuntu-efi-allow-loopmount-chainload.patch |
3067 | + + ubuntu-efi-loader-code.patch |
3068 | + - Security patches, applied upstream: |
3069 | + + {0076...0161} security patches, applied upstream |
3070 | + + font-*.patchi - security patches applied upstream |
3071 | + + commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch |
3072 | + + fbutil-Fix-integer-overflow.patch |
3073 | + + kern-efi-sb-Enforce-verification-of-font-files.patch |
3074 | + + normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch |
3075 | + - Misc patches, merged in Debian: |
3076 | + + efi-EFI-Device-Tree-Fixup-Protocol.patch |
3077 | + + efivar-check-that-efivarfs-is-writeable.patch |
3078 | + + fat-fix-listing-the-root-directory.patch |
3079 | + + fdt-add-debug-output-to-devicetree-command.patch |
3080 | + + zstd-require-8-byte-buffer.patch |
3081 | + + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
3082 | + - Misc patches applied upstream: |
3083 | + + 2.12-mm/* - applied upstream |
3084 | + + ubuntu-fuse3.patch |
3085 | + + xfs-fix-v4-superblock.patch |
3086 | + + tpm-unknown-error-non-fatal.patch |
3087 | + + commands-efi-tpm-Refine-the-status-of-log-event.patch |
3088 | + + efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch |
3089 | + + linux_xen-Properly-load-multiple-initrd-files.patch |
3090 | + + linux_xen-Properly-order-multiple-initrd-files.patch |
3091 | + + linux-ignore-FDT-unless-we-need-to-modify-it.patch |
3092 | + + mkrescue-efi-modules.patch |
3093 | + + tests-ahci-update-qemu-device-name.patch |
3094 | + - No longer relevant: |
3095 | + + ubuntu-disable-LOAD-FILE2-protocol-for-initrd-on-ARM.patch |
3096 | + + ubuntu-temp-keep-auto-nvram.patch: was temporary in 2019 lol |
3097 | + + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch |
3098 | + + no-devicetree-if-secure-boot.patch |
3099 | + + no-insmod-on-sb.patch |
3100 | + - To be rewritten later in this cycle: |
3101 | + + ubuntu-flavour-order.patch |
3102 | + - Coalesced into some other patches: |
3103 | + + ubuntu-zfs-maybe-quiet.patch |
3104 | + + ubuntu-zfs-quick-boot.patch |
3105 | + |
3106 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 28 Jul 2023 15:34:32 +0200 |
3107 | + |
3108 | grub2 (2.12~rc1-4) experimental; urgency=medium |
3109 | |
3110 | [ Julian Andres Klode ] |
3111 | @@ -485,6 +950,385 @@ grub2 (2.06-3) unstable; urgency=medium |
3112 | |
3113 | -- Julian Andres Klode <jak@debian.org> Fri, 10 Jun 2022 11:15:11 +0200 |
3114 | |
3115 | +grub2 (2.06-2ubuntu18) mantic; urgency=medium |
3116 | + |
3117 | + * Cherry-pick "RISC-V: Handle R_RISCV_CALL_PLT reloc" (LP: #2022379) |
3118 | + * Drop i386 from grub-efi-amd64* (LP: #2020907) |
3119 | + * Turn depends on grub-efi-amd64/arm64 unversioned |
3120 | + |
3121 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 05 Jun 2023 18:55:05 +0200 |
3122 | + |
3123 | +grub2 (2.06-2ubuntu17) lunar; urgency=medium |
3124 | + |
3125 | + * Cherry-pick more upstream memory patches (LP: #2004643) |
3126 | + |
3127 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 20 Feb 2023 17:24:10 +0100 |
3128 | + |
3129 | +grub2 (2.06-2ubuntu16) lunar; urgency=medium |
3130 | + |
3131 | + * Cherry-pick all memory patches from rhboot |
3132 | + - Allocate initrd > 4 GB (LP: #1842320) |
3133 | + - Allocate kernels as code, not data (needed for newer firmware) |
3134 | + * ubuntu: Fix casts on i386-efi target |
3135 | + * Cherry-pick all the 2.12 memory management changes (LP: #1842320) |
3136 | + * Allocate executables as CODE, not DATA in chainloader and arm64 |
3137 | + |
3138 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 09 Dec 2022 17:11:44 +0100 |
3139 | + |
3140 | +grub2 (2.06-2ubuntu15) lunar; urgency=medium |
3141 | + |
3142 | + * grub-multi-install: Reset partition type between partitions (LP: #1997795) |
3143 | + |
3144 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 01 Dec 2022 16:30:53 +0100 |
3145 | + |
3146 | +grub2 (2.06-2ubuntu14) kinetic; urgency=medium |
3147 | + |
3148 | + * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts. |
3149 | + - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch |
3150 | + - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch |
3151 | + - CVE-2022-2601, CVE-2022-3775 |
3152 | + - LP: #1996950 |
3153 | + * Fix various issues as a result of fuzzing, static analysis and code |
3154 | + review: |
3155 | + - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch |
3156 | + - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch |
3157 | + - add debian/patchces/font-Remove-grub_font_dup_glyph.patch |
3158 | + - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch |
3159 | + - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch |
3160 | + - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch |
3161 | + - add debian/patches/fbutil-Fix-integer-overflow.patch |
3162 | + - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch |
3163 | + - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch |
3164 | + - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch |
3165 | + * Enforce verification of fonts when secure boot is enabled: |
3166 | + - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch |
3167 | + * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary |
3168 | + - update debian/control |
3169 | + - update debian/build-efi-image |
3170 | + - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch |
3171 | + * Fix LP: #1997006 - add support for performing measurements to RTMRs |
3172 | + - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch |
3173 | + - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch |
3174 | + - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch |
3175 | + * Fix the squashfs tests during the build |
3176 | + - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch |
3177 | + - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch |
3178 | + * Bump SBAT generation: |
3179 | + - update debian/sbat.ubuntu.csv.in |
3180 | + |
3181 | + -- Chris Coulson <chris.coulson@canonical.com> Wed, 16 Nov 2022 14:40:42 +0000 |
3182 | + |
3183 | +grub2 (2.06-2ubuntu13) kinetic; urgency=medium |
3184 | + |
3185 | + * Try to pick better locations for kernel and initrd (LP: #1989446) |
3186 | + * x86-efi: Use bounce buffers for reading to addresses > 4GB (enhances |
3187 | + firmware compatibility of previous change) |
3188 | + |
3189 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 20 Oct 2022 21:18:25 +0200 |
3190 | + |
3191 | +grub2 (2.06-2ubuntu12) kinetic; urgency=medium |
3192 | + |
3193 | + * ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143) |
3194 | + |
3195 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 19 Sep 2022 16:00:47 +0200 |
3196 | + |
3197 | +grub2 (2.06-2ubuntu11) kinetic; urgency=medium |
3198 | + |
3199 | + [ Mauricio Faria de Oliveira ] |
3200 | + * linux_xen: Properly handle multiple initrd files (LP: #1987567) |
3201 | + - d/p/linux_xen-Properly-load-multiple-initrd-files.patch |
3202 | + - d/p/linux_xen-Properly-order-multiple-initrd-files.patch |
3203 | + * Fix for ZFS snapshots without etc directory. |
3204 | + Thanks to Adam R Bell <a_0x07@protonmail.ch> (LP: #1965983) |
3205 | + |
3206 | + [ Heinrich Schuchardt ] |
3207 | + * efi/peimage: fix typos in code comments |
3208 | + |
3209 | + [ dann frazier ] |
3210 | + * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924) |
3211 | + - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch |
3212 | + |
3213 | + -- dann frazier <dannf@ubuntu.com> Wed, 14 Sep 2022 12:35:29 -0600 |
3214 | + |
3215 | +grub2 (2.06-2ubuntu10) kinetic; urgency=medium |
3216 | + |
3217 | + [ Chris Coulson ] |
3218 | + * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds |
3219 | + write in heap. |
3220 | + - 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch: |
3221 | + video/readers/png: Drop greyscale support to fix heap out-of-bounds write |
3222 | + - CVE-2021-3695 |
3223 | + * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during |
3224 | + huffman table handling. |
3225 | + - 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch: |
3226 | + video/readers/png: Avoid heap OOB R/W inserting huff table items |
3227 | + - CVE-2021-3696 |
3228 | + * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in |
3229 | + the heap. |
3230 | + - 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch: |
3231 | + video/readers/jpeg: Block int underflow -> wild pointer write |
3232 | + - CVE-2021-3697 |
3233 | + * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets |
3234 | + - 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment |
3235 | + maths safely |
3236 | + - CVE-2022-28733 |
3237 | + * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers |
3238 | + - 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix |
3239 | + OOB write for split http headers |
3240 | + - CVE-2022-28734 |
3241 | + * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded |
3242 | + - 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch: |
3243 | + kern/efi/sb: Reject non-kernel files in the shim_lock verifier |
3244 | + - CVE-2022-28735 |
3245 | + * SECURITY UPDATE: use-after-free in grub_cmd_chainloader() |
3246 | + - 0130-loader-efi-chainloader-simplify-the-loader-state.patch: |
3247 | + loader/efi/chainloader: simplify the loader state |
3248 | + - 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot: |
3249 | + Add API to pass context to loader |
3250 | + - 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch: |
3251 | + loader/efi/chainloader: Use grub_loader_set_ex |
3252 | + - 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch: |
3253 | + loader/i386/efi/linux: Use grub_loader_set_ex |
3254 | + * Various fixes as a result of fuzzing and static analysis: |
3255 | + - 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch: |
3256 | + loader/efi/chainloader: grub_load_and_start_image doesn't load and start |
3257 | + - 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch: |
3258 | + loader/i386/efi/linux: Fix a memory leak in the initrd command |
3259 | + - 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch: |
3260 | + kern/file: Do not leak device_name on error in grub_file_open() |
3261 | + - 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch: |
3262 | + video/readers/png: Abort sooner if a read operation fails |
3263 | + - 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch: |
3264 | + video/readers/png: Refuse to handle multiple image headers |
3265 | + - 0141-video-readers-png-Sanity-check-some-huffman-codes.patch: |
3266 | + video/readers/png: Sanity check some huffman codes |
3267 | + - 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch: |
3268 | + video/readers/jpeg: Abort sooner if a read operation fails |
3269 | + - 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch: |
3270 | + video/readers/jpeg: Do not reallocate a given huff table |
3271 | + - 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch: |
3272 | + video/readers/jpeg: Refuse to handle multiple start of streams |
3273 | + - 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch: |
3274 | + normal/charset: Fix array out-of-bounds formatting unicode for display |
3275 | + - 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch: |
3276 | + net/netbuff: Block overly large netbuff allocs |
3277 | + - 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch: |
3278 | + net/dns: Fix double-free addresses on corrupt DNS response |
3279 | + - 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch: |
3280 | + net/dns: Don't read past the end of the string we're checking against |
3281 | + - 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch: |
3282 | + net/tftp: Prevent a UAF and double-free from a failed seek |
3283 | + - 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF |
3284 | + - 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch: |
3285 | + net/http: Do not tear down socket if it's already been torn down |
3286 | + - 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch: |
3287 | + net/http: Error out on headers with LF without CR |
3288 | + - 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch: |
3289 | + fs/f2fs: Do not read past the end of nat journal entries |
3290 | + - 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch: |
3291 | + fs/f2fs: Do not read past the end of nat bitmap |
3292 | + - 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch: |
3293 | + fs/f2fs: Do not copy file names that are too long |
3294 | + - 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch: |
3295 | + fs/btrfs: Fix several fuzz issues with invalid dir item sizing |
3296 | + - 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch: |
3297 | + fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing |
3298 | + - 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch: |
3299 | + fs/btrfs: Fix more fuzz issues related to chunks |
3300 | + * Bump SBAT generation: |
3301 | + - update debian/sbat.ubuntu.csv.in |
3302 | + * Make the grub2/no_efi_extra_removable setting work correctly |
3303 | + - update debian/postinst.in |
3304 | + * Build grub2-unsigned packages with xz compression for compatibility |
3305 | + with xenial dpkg |
3306 | + - update debian/rules |
3307 | + |
3308 | + [ Steve Langasek ] |
3309 | + * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for |
3310 | + necessary arm relocation support. LP: #1926748. |
3311 | + * debian/postinst.in: Unconditionally call grub-install with |
3312 | + --force-extra-removable on xenial and bionic, so that the \EFI\BOOT |
3313 | + removable path as used in cloud images receives the updates. LP: #1930742. |
3314 | + |
3315 | + -- Chris Coulson <chris.coulson@canonical.com> Tue, 07 Jun 2022 17:36:27 +0100 |
3316 | + |
3317 | +grub2 (2.06-2ubuntu7) jammy; urgency=medium |
3318 | + |
3319 | + [ Heinrich Schuchardt ] |
3320 | + * Disable LOAD FILE2 protocol for initrd on ARM (LP: #1967562) |
3321 | + |
3322 | + -- dann frazier <dannf@ubuntu.com> Fri, 15 Apr 2022 15:50:11 -0600 |
3323 | + |
3324 | +grub2 (2.06-2ubuntu6) jammy; urgency=medium |
3325 | + |
3326 | + [ Heinrich Schuchardt ] |
3327 | + * efivar: check that efivarfs is writeable (LP: #1965288) |
3328 | + |
3329 | + [ Dimitri John Ledkov ] |
3330 | + * Do not validate kernels twice. (LP: #1964943) |
3331 | + |
3332 | + [ Heinrich Schuchardt ] |
3333 | + * efi: EFI Device Tree Fixup Protocol (LP: #1965796) |
3334 | + * fdt: add debug output to devicetree command |
3335 | + |
3336 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 25 Mar 2022 16:03:11 +0100 |
3337 | + |
3338 | +grub2 (2.06-2ubuntu5) jammy; urgency=medium |
3339 | + |
3340 | + [ Julian Andres Klode ] |
3341 | + * Free correct size when freeing params, rather than 16 Ki (LP: #1958623) |
3342 | + * Build with FUSE3 (LP: #1935659) |
3343 | + * Only run os-prober on first run and if it previously found other OS |
3344 | + (LP: #1955109) |
3345 | + |
3346 | + [ Heinrich Schuchardt ] |
3347 | + * Rename grub-core/loader/efi/linux.c |
3348 | + * Add patches for GRUB on RISC-V |
3349 | + * fat: fix listing the root directory |
3350 | + * Enable building for RISC-V (LP: #1876620) |
3351 | + |
3352 | + [ Julian Andres Klode ] |
3353 | + * Re-enable peimage code on other archs outside secure boot; this |
3354 | + fixes LP: #1947046 when not booting in secure boot mode (secure |
3355 | + boot pending security review of the code) |
3356 | + |
3357 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 18 Feb 2022 17:21:16 +0100 |
3358 | + |
3359 | +grub2 (2.06-2ubuntu4) jammy; urgency=medium |
3360 | + |
3361 | + * UBUNTU: Move verifiers after decompressors (LP: #1954683) |
3362 | + * grub-check-signatures: Support gzip compressed kernels (LP: #1954683) |
3363 | + |
3364 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 10 Jan 2022 14:52:04 +0100 |
3365 | + |
3366 | +grub2 (2.06-2ubuntu3) jammy; urgency=medium |
3367 | + |
3368 | + * Cherry-pick the missing hunk back that changes parameter loading |
3369 | + in grub-core/loader/i386/linux.c, this should fix booting on |
3370 | + BIOS systems. |
3371 | + * Fix the fallback for kernel addresses on amd64 EFI, if the kernel |
3372 | + could not be allocated at the preferred address, reset errno such |
3373 | + that if the 2nd allocation succeeds, we do not fail erroneously. |
3374 | + |
3375 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 13 Dec 2021 14:27:53 +0100 |
3376 | + |
3377 | +grub2 (2.06-2ubuntu2) jammy; urgency=medium |
3378 | + |
3379 | + * Restore still relevant patches lost in rebase. |
3380 | + They got lost in a first rebase, when we did not include |
3381 | + ubuntu-linuxefi.patch as they modify code in there. |
3382 | + - no-devicetree-if-secure-boot.patch |
3383 | + - 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch |
3384 | + - 0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch |
3385 | + - 0099-chainloader-Avoid-a-double-free-when-validation-fail.patch |
3386 | + - 0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch |
3387 | + |
3388 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 08 Dec 2021 17:14:50 +0100 |
3389 | + |
3390 | +grub2 (2.06-2ubuntu1) jammy; urgency=medium |
3391 | + |
3392 | + * Merge from Debian unstable; remaining changes: |
3393 | + - Build without lto |
3394 | + - Add Ubuntu sbat data |
3395 | + - Make prebuilt netboot image look for MAAS grub.cfg |
3396 | + - build-efi-images: add smbios module to the prebuilt signed EFI images |
3397 | + (LP: 1856424) |
3398 | + - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 |
3399 | + - build-efi-images: Add http to netboot images |
3400 | + - grub-common: Install canonical-uefi-ca.crt |
3401 | + - Check signatures |
3402 | + - minilzo: built using the distribution's minilzo |
3403 | + - Support installing to multiple ESP (LP: 1871821) |
3404 | + - Disable various bits on i386 |
3405 | + - Split out unsigned artefacts into grub2-unsigned |
3406 | + - Vcs-Git: Point to ubuntu packaging branch |
3407 | + - Relax dependencies on grub-common and grub2-common |
3408 | + - grub-pc: Avoid the possibility of breaking grub on SRU update due |
3409 | + to ABI change |
3410 | + - UBUNTU: Default timeout changes |
3411 | + - Disable os-prober for ppc64el on the PowerNV platform (for Petitboot) |
3412 | + - dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) |
3413 | + - Link grub-efi-{amd64,arm64}-bin docs directory |
3414 | + - grub-common.service: port init.d script to systemd unit. Add warning |
3415 | + message, when initrdless boot fails triggering fallback. LP: 1901553 |
3416 | + - Removed patches: |
3417 | + - grub-install-extra-removable.patch |
3418 | + - grub-install-removable-shim.patch |
3419 | + - Added patches: |
3420 | + + ubuntu-grub-install-extra-removable.patch |
3421 | + + ubuntu-zfs-enhance-support.patch |
3422 | + + ubuntu-zfs-gfxpayload-keep-default.patch |
3423 | + + ubuntu-zfs-mkconfig-ubuntu-distributor.patch |
3424 | + + ubuntu-zfs-mkconfig-signed-kernel.patch |
3425 | + + ubuntu-zfs-maybe-quiet.patch |
3426 | + + ubuntu-zfs-quick-boot.patch |
3427 | + + ubuntu-zfs-gfxpayload-dynamic.patch |
3428 | + + ubuntu-zfs-vt-handoff.patch |
3429 | + + ubuntu-zfs-mkconfig-recovery-title.patch |
3430 | + + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch |
3431 | + + ubuntu-support-initrd-less-boot.patch |
3432 | + + ubuntu-shorter-version-info.patch |
3433 | + + ubuntu-add-initrd-less-boot-fallback.patch |
3434 | + + ubuntu-mkconfig-leave-breadcrumbs.patch |
3435 | + + ubuntu-fix-lzma-decompressor-objcopy.patch |
3436 | + + ubuntu-temp-keep-auto-nvram.patch |
3437 | + + ubuntu-add-devicetree-command-support.patch |
3438 | + + ubuntu-boot-from-multipath-dependent-symlink.patch |
3439 | + + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch |
3440 | + + ubuntu-efi-allow-loopmount-chainload.patch |
3441 | + + 0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch |
3442 | + + ubuntu-resilient-boot-ignore-alternative-esps.patch |
3443 | + + ubuntu-resilient-boot-boot-order.patch |
3444 | + + ubuntu-speed-zsys-history.patch |
3445 | + + ubuntu-flavour-order.patch |
3446 | + + ubuntu-dont-verify-loopback-images.patch |
3447 | + + ubuntu-recovery-dis_ucode_ldr.patch |
3448 | + + ubuntu-linuxefi-arm64.patch |
3449 | + + ubuntu-add-initrd-less-boot-messages.patch |
3450 | + + ubuntu-fix-reproducible-squashfs-test.patch |
3451 | + + rhboot-f34-make-exit-take-a-return-code.patch |
3452 | + + rhboot-f34-dont-use-int-for-efi-status.patch |
3453 | + + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch |
3454 | + + suse-add-support-for-UEFI-network-protocols.patch |
3455 | + + suse-AUDIT-0-http-boot-tracker-bug.patch |
3456 | + + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch |
3457 | + + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch |
3458 | + * Dropped changes: |
3459 | + - Remove obsolete dependencies on dh-autoreconf and automake |
3460 | + - Remove explicit --with systemd in debhelper invocation |
3461 | + - Remove debian/gettext-patches; they do not seem to be necessary anymore |
3462 | + - Remove inadvertent change to debian/signing-template.json.in, we do not |
3463 | + use that file anyway. |
3464 | + - Merged upstream: |
3465 | + + merged: 0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch |
3466 | + + merged: 0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch |
3467 | + + merged security patches 0081-0105, and 0128-0240 |
3468 | + + various cherry picks: cherry-* and cherrypick-*.patch |
3469 | + + grub-install-backup-and-restore.patch |
3470 | + + uefi-firmware-setup.patch |
3471 | + + sleep-shift.patch |
3472 | + + vsnprintf-upper-case-hex.patch |
3473 | + + rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch |
3474 | + + suse-search-for-specific-config-files-for-netboot.patch |
3475 | + + tftp-rollover-block-counter.patch |
3476 | + + ubuntu-efi-console-set-text-mode-as-needed.patch |
3477 | + - Merged in Debian: |
3478 | + + install-efi-ubuntu-flavours.patch |
3479 | + + ubuntu-dejavu-font-path.patch |
3480 | + + ubuntu-tpm-unknown-error-non-fatal.patch |
3481 | + - Not applicable: |
3482 | + + 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch: The |
3483 | + check has been removed. |
3484 | + * Fix zstd build on s390x |
3485 | + * Cherry-pick two upstream fixes to fix closing of SNP protocol in EFI |
3486 | + networking stack |
3487 | + * Build with -O1 on s390x to avoid build failure due to gcc optimization |
3488 | + failure causing it to wrongly assume variables as uninitialized. |
3489 | + * Revert integration of jfs and f2fs modules into signed images, we do not |
3490 | + support these file systems on /boot. |
3491 | + |
3492 | + -- Julian Andres Klode <juliank@ubuntu.com> Tue, 07 Dec 2021 13:40:32 +0100 |
3493 | + |
3494 | grub2 (2.06-2) unstable; urgency=medium |
3495 | |
3496 | * Update to minilzo-2.10, fixing build failures on armel, mips64el, |
3497 | @@ -907,6 +1751,705 @@ grub2 (2.04-2) unstable; urgency=medium |
3498 | |
3499 | -- Colin Watson <cjwatson@debian.org> Sat, 03 Aug 2019 13:42:49 +0100 |
3500 | |
3501 | +grub2 (2.04-1ubuntu48) jammy; urgency=medium |
3502 | + |
3503 | + * d/p/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch: |
3504 | + Fix "error: can't find command `hwmatch'." on non-i386/pc |
3505 | + platforms such as x86_64/efi. (LP: #1840560) |
3506 | + |
3507 | + -- Mauricio Faria de Oliveira <mfo@canonical.com> Thu, 04 Nov 2021 10:48:06 -0300 |
3508 | + |
3509 | +grub2 (2.04-1ubuntu47) impish; urgency=medium |
3510 | + |
3511 | + * Drop grub.cfg-400.patch (LP: #1933826) |
3512 | + |
3513 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 02 Sep 2021 14:37:43 +0200 |
3514 | + |
3515 | +grub2 (2.04-1ubuntu46) impish; urgency=medium |
3516 | + |
3517 | + * debian/grub-common.service: change type to oneshot, add wantedby |
3518 | + sleep.target, after sleep.target. The service will now start after |
3519 | + resume from hybernation. LP: #1929860 |
3520 | + * grub-initrd-fallback.service: add wantedby sleep.target, after |
3521 | + sleep.target. The service will now start after resume from |
3522 | + hybernation. LP: #1929860 |
3523 | + * cherrypick upstream fix to make armhf efi boot work. LP: #1788940 |
3524 | + * debian/rules: disable LTO. LP: #1922005 |
3525 | + * grub-initrd-fallback.service, debian/grub-common.service: only start |
3526 | + units when booted with grub. Use presence of /boot/grub/grub.cfg as |
3527 | + proxy. LP: #1925507 |
3528 | + * tests: patch qemu command to use ide-hd instead of the removed |
3529 | + ide-drive. |
3530 | + |
3531 | + -- Dimitri John Ledkov <dimitri.ledkov@canonical.com> Fri, 16 Jul 2021 14:01:31 +0100 |
3532 | + |
3533 | +grub2 (2.04-1ubuntu45) hirsute; urgency=medium |
3534 | + |
3535 | + * Unapply all patches. |
3536 | + * Stop using git-dpm. |
3537 | + * Start using gbp pq import|export --no-patch-numbers, this brings grub2 |
3538 | + packaging closer to other non-debian distributions. |
3539 | + * It would be nice to separate patches into topic subdirs - |
3540 | + i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security, |
3541 | + etc. |
3542 | + * Drop redundant dh-systemd build-dependency. |
3543 | + |
3544 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 30 Mar 2021 11:55:05 +0100 |
3545 | + |
3546 | +grub2 (2.04-1ubuntu44) hirsute; urgency=medium |
3547 | + |
3548 | + * Compile grub-efi-amd64 installable i386 platform on hirsute, to make |
3549 | + it available in bionic and earlier as part of onegrub builds. |
3550 | + |
3551 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 03 Mar 2021 11:42:28 +0000 |
3552 | + |
3553 | +grub2 (2.04-1ubuntu42) hirsute; urgency=medium |
3554 | + |
3555 | + * SECURITY UPDATE: acpi command allows privilleged user to load crafted |
3556 | + ACPI tables when secure boot is enabled. |
3557 | + - 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't |
3558 | + register the acpi command when secure boot is enabled. |
3559 | + - CVE-2020-14372 |
3560 | + * SECURITY UPDATE: use-after-free in rmmod command |
3561 | + - 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't |
3562 | + allow rmmod to unload modules that are dependencies of other modules. |
3563 | + - CVE-2020-25632 |
3564 | + * SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize() |
3565 | + - 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch |
3566 | + - CVE-2020-25647 |
3567 | + * SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline |
3568 | + - 0206-kern-parser-Introduce-process_char-helper.patch, |
3569 | + 0207-kern-parser-Introduce-terminate_arg-helper.patch, |
3570 | + 0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch, |
3571 | + 0209-kern-buffer-Add-variable-sized-heap-buffer.patch, |
3572 | + 0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable |
3573 | + sized heap buffer type and use this. |
3574 | + - CVE-2020-27749 |
3575 | + * SECURITY UPDATE: cutmem command allows privileged user to remove memory |
3576 | + regions when Secure Boot is enabled. |
3577 | + - 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch: |
3578 | + Don't register cutmem and badram commands when secure boot is enabled. |
3579 | + - CVE-2020-27779 |
3580 | + * SECURITY UPDATE: heap out-of-bounds write in short form option parser. |
3581 | + - 0173-lib-arg-Block-repeated-short-options-that-require-an.patch: |
3582 | + Block repeated short options that require an argument. |
3583 | + - CVE-2021-20225 |
3584 | + * SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space |
3585 | + required for quoting. |
3586 | + - 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix |
3587 | + quoting in setparams_prefix() |
3588 | + - CVE-2021-20233 |
3589 | + * Partially backport the lockdown framework to restrict certain features |
3590 | + when secure boot is enabled. |
3591 | + * Backport various fixes for Coverity defects. |
3592 | + * Add SBAT metadata to the grub EFI binary. |
3593 | + - Backport patches to support adding SBAT metadata with grub-mkimage: |
3594 | + + 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch |
3595 | + + 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch |
3596 | + + 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch |
3597 | + + 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch |
3598 | + + 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch |
3599 | + + 0217-util-mkimage-Improve-data_size-value-calculation.patch |
3600 | + + 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch |
3601 | + + 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch |
3602 | + - Add debian/sbat.csv.in |
3603 | + - Update debian/build-efi-image and debian/rules |
3604 | + |
3605 | + [ Dimitri John Ledkov & Steve Langasek LP: #1915536 ] |
3606 | + * Allow grub-efi-amd64|arm64 & -bin & -dbg be built by |
3607 | + src:grub2-unsigned (potentially of a higher version number). |
3608 | + * Add debian/rules generate-grub2-unsigned target to quickly build |
3609 | + src:grub2-unsigned for binary-copy backports. |
3610 | + * postinst: allow postinst to with with or without grub-multi-install |
3611 | + binary. |
3612 | + * postinst: allow using various grub-install options to achieve |
3613 | + --no-extra-removable. |
3614 | + * postinst: only call grub-check-signatures if it exists. |
3615 | + * control: relax dependency on grub2-common, as maintainer script got |
3616 | + fixed up to work with grub2-common/grub-common as far back as trusty. |
3617 | + * control: allow higher version depdencies from grub-efi package. |
3618 | + * dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as |
3619 | + postinst script uses that directory, and yet relies on grub-common to |
3620 | + create/ship it, which is not true in older releases. Also make sure |
3621 | + dh_installdirs runs after the .dirs files are generated. |
3622 | + |
3623 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 23 Feb 2021 16:23:39 +0000 |
3624 | + |
3625 | +grub2 (2.04-1ubuntu41) hirsute; urgency=medium |
3626 | + |
3627 | + * No-change rebuild to drop the udeb package. |
3628 | + |
3629 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:33:38 +0100 |
3630 | + |
3631 | +grub2 (2.04-1ubuntu40) hirsute; urgency=medium |
3632 | + |
3633 | + * Revert: rhboot-f34-tcp-add-window-scaling-support.patch, |
3634 | + rhboot-f34-support-non-ethernet.patch, |
3635 | + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, |
3636 | + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS |
3637 | + LXD KVM pod deployments. LP: #1915288 |
3638 | + |
3639 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 12 Feb 2021 20:29:16 +0000 |
3640 | + |
3641 | +grub2 (2.04-1ubuntu39) hirsute; urgency=medium |
3642 | + |
3643 | + * Cherrypick a bunch of patches: |
3644 | + - fix crash in http LP: #1915288 |
3645 | + - add bootp6 documentation |
3646 | + - add support for UEFI boot protocols |
3647 | + - use UEFI protocols for http & https networking |
3648 | + - make netboot search for by-mac/by-uuid/by-ip for grub.cfg |
3649 | + - update documentation for netboot search paths of grub.cfg |
3650 | + * Make prebuilt netboot image look for MAAS grub.cfg |
3651 | + * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815 |
3652 | + |
3653 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 12 Feb 2021 00:42:07 +0000 |
3654 | + |
3655 | +grub2 (2.04-1ubuntu38) hirsute; urgency=medium |
3656 | + |
3657 | + [ Jean-Baptiste Lallement ] |
3658 | + [ Didier Roche ] |
3659 | + * Fix warnings during grub menu generation. Thanks wdoekes for the patch |
3660 | + (LP: #1898177) |
3661 | + - Fix warnings when bpool doesn't exist. |
3662 | + - Fix warnings when snapshot name contains dashes. |
3663 | + * Do not fail to generate grub menu when name of the snapshot contains |
3664 | + spaces. (LP: #1903524) |
3665 | + |
3666 | + -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com> Mon, 08 Feb 2021 10:50:21 +0100 |
3667 | + |
3668 | +grub2 (2.04-1ubuntu37) hirsute; urgency=medium |
3669 | + |
3670 | + * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch |
3671 | + to correctly initialyze the names of the modules to restore. LP: |
3672 | + #1907085 |
3673 | + * 10_linux: emit messages when initrdless boot is configured, attempted |
3674 | + and fails triggering fallback. LP: #1901553 |
3675 | + * grub-common.service: port init.d script to systemd unit. Add warning |
3676 | + message, when initrdless boot fails triggering fallback. LP: #1901553 |
3677 | + * debian/rules: undo po/ directory patching in |
3678 | + override_dh_autoreconf_clean. |
3679 | + * minilzo: built using the distribution's minilzo |
3680 | + * ubuntu-fix-reproducible-squashfs-test.patch: fix squashfs-test with |
3681 | + new squashfs-tools in hirsute. |
3682 | + * rhboot-f34-make-exit-take-a-return-code.patch, |
3683 | + rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit |
3684 | + non-zero under EFI, this should allow falling back to the next |
3685 | + BootOrder BootEntry. |
3686 | + * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot |
3687 | + transfer speed. |
3688 | + * rhboot-f34-support-non-ethernet.patch, |
3689 | + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, |
3690 | + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: |
3691 | + add support for link layer addresses of up to 32-bytes. |
3692 | + * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch: |
3693 | + speed up calibration time, especially when booting VMs. |
3694 | + |
3695 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 12 Dec 2020 00:50:47 +0000 |
3696 | + |
3697 | +grub2 (2.04-1ubuntu36) hirsute; urgency=medium |
3698 | + |
3699 | + * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels |
3700 | + on arm64 by setting the image base address before jumping to the |
3701 | + PE/COFF entry point LP: #1900774 |
3702 | + * Fix tftp timeouts when fetch large files. LP: #1900773 |
3703 | + |
3704 | + -- dann frazier <dannf@ubuntu.com> Wed, 11 Nov 2020 07:17:49 -0700 |
3705 | + |
3706 | +grub2 (2.04-1ubuntu35) groovy; urgency=medium |
3707 | + |
3708 | + * postinst.in, grub-multi-install: fix logic of skipping installing onto |
3709 | + any device, if one chose to not install bootloader on any device. LP: |
3710 | + #1896608 |
3711 | + * Do not finalize params twice on arm64. LP: #1897819 |
3712 | + |
3713 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 01 Oct 2020 22:59:51 +0800 |
3714 | + |
3715 | +grub2 (2.04-1ubuntu34) groovy; urgency=medium |
3716 | + |
3717 | + * configure.ac: one more dejavu font search path |
3718 | + |
3719 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 14 Sep 2020 10:53:07 +0100 |
3720 | + |
3721 | +grub2 (2.04-1ubuntu33) groovy; urgency=medium |
3722 | + |
3723 | + * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core. |
3724 | + |
3725 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 13 Sep 2020 23:49:08 -0700 |
3726 | + |
3727 | +grub2 (2.04-1ubuntu32) groovy; urgency=medium |
3728 | + |
3729 | + * ubuntu-linuxefi-arm64.patch: Fix build on armhf |
3730 | + |
3731 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 11 Sep 2020 20:33:34 +0200 |
3732 | + |
3733 | +grub2 (2.04-1ubuntu31) groovy; urgency=medium |
3734 | + |
3735 | + * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch |
3736 | + that got lost in the 2.04 rebase (LP: #1862279) |
3737 | + |
3738 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 11 Sep 2020 17:49:50 +0200 |
3739 | + |
3740 | +grub2 (2.04-1ubuntu30) groovy; urgency=medium |
3741 | + |
3742 | + * postinst.in: do not attempt to call grub-install upon fresh install of |
3743 | + grub-pc because it it a job of installers to do that after fresh |
3744 | + install. |
3745 | + * grub-multi-install: fix non-interactive failures for grub-efi like it |
3746 | + was fixed in postinst for grub-pc. |
3747 | + |
3748 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 03 Sep 2020 14:54:23 +0100 |
3749 | + |
3750 | +grub2 (2.04-1ubuntu29) groovy; urgency=medium |
3751 | + |
3752 | + * grub-install: cherry-pick patch from grub-devel to make grub-install |
3753 | + fault tolerant. Create backup of files in /boot/grub, and restore them |
3754 | + on failure to complete grub-install. LP: #1891680 |
3755 | + * postinst.in: do not exit successfully when failing to show critical |
3756 | + grub-pc/install_devices_failed and grub-pc/install_devices_empty |
3757 | + prompts in non-interactive mode. This enables surfacing upgrade errors |
3758 | + to the users and/or automation. LP: #1891680 |
3759 | + * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit |
3760 | + dpkg-reconfigure grub-pc. LP: #1892526 |
3761 | + |
3762 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 01 Sep 2020 20:04:44 +0100 |
3763 | + |
3764 | +grub2 (2.04-1ubuntu28) groovy; urgency=medium |
3765 | + |
3766 | + * Ensure that grub-multi-install can always find templates (LP: #1879948) |
3767 | + * Fix changelog entries for security update |
3768 | + |
3769 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 10 Aug 2020 15:07:29 +0200 |
3770 | + |
3771 | +grub2 (2.04-1ubuntu27) groovy; urgency=medium |
3772 | + |
3773 | + * debian/patches/ubuntu-flavour-order.patch: |
3774 | + - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel |
3775 | + flavours as preferred, and specify an order between those preferred |
3776 | + flavours (LP: #1882663) |
3777 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
3778 | + - Use version_find_latest for ordering kernels, so it also supports |
3779 | + the GRUB_FLAVOUR_ORDER setting. |
3780 | + * debian/patches/ubuntu-dont-verify-loopback-images.patch: |
3781 | + - disk/loopback: Don't verify loopback images (LP: #1878541), |
3782 | + Thanks to Chris Coulson for the patch |
3783 | + * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch |
3784 | + - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) |
3785 | + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: |
3786 | + - Merge changes from xnox to fix multiple initrds support (LP: #1878705) |
3787 | + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: |
3788 | + - Remove, no longer needed thanks to xnox's patch |
3789 | + |
3790 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 06 Aug 2020 14:47:52 +0200 |
3791 | + |
3792 | +grub2 (2.04-1ubuntu26.2) focal; urgency=medium |
3793 | + |
3794 | + * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc |
3795 | + package, since we cannot be certain that it will install to the correct |
3796 | + disk and a grub-install failure will render the system unbootable. |
3797 | + LP: #1889556. |
3798 | + |
3799 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 30 Jul 2020 17:34:25 -0700 |
3800 | + |
3801 | +grub2 (2.04-1ubuntu26.1) focal; urgency=medium |
3802 | + |
3803 | + [ Julian Andres Klode ] |
3804 | + * Move gettext patches out of git-dpm's way, so it does not delete them |
3805 | + |
3806 | + [ Chris Coulson ] |
3807 | + * SECURITY UPDATE: Heap buffer overflow when encountering commands that |
3808 | + cannot be tokenized to less than 8192 characters. |
3809 | + - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make |
3810 | + fatal lexer errors actually be fatal |
3811 | + - CVE-2020-10713 |
3812 | + * SECURITY UPDATE: Multiple integer overflow bugs that could result in |
3813 | + heap buffer allocations that were too small and subsequent heap buffer |
3814 | + overflows when handling certain filesystems, font files or PNG images. |
3815 | + - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add |
3816 | + arithmetic primitives that allow for overflows to be detected |
3817 | + - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: |
3818 | + Make sure that there is always an overflow checking implementation |
3819 | + of calloc() available |
3820 | + - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where |
3821 | + appropriate |
3822 | + - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use |
3823 | + overflow-safe arithmetic primitives when performing allocations |
3824 | + based on the results of operations that might overflow |
3825 | + - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in |
3826 | + hfsplus |
3827 | + - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix |
3828 | + more potential integer overflows in lvm |
3829 | + - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 |
3830 | + * SECURITY UPDATE: Use-after-free when executing a command that causes |
3831 | + a currently executing function to be redefined. |
3832 | + - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: |
3833 | + Remove unused fields from grub_script_function |
3834 | + - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: |
3835 | + Avoid a use-after-free when redefining a function during execution |
3836 | + - CVE-2020-15706 |
3837 | + * SECURITY UPDATE: Integer overflows that could result in heap buffer |
3838 | + allocations that were too small and subsequent heap buffer overflows |
3839 | + during initrd loading. |
3840 | + - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix |
3841 | + integer overflows in initrd size handling |
3842 | + - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix |
3843 | + integer overflows in linuxefi grub_cmd_initrd |
3844 | + - CVE-2020-15707 |
3845 | + * Various fixes as a result of code review and static analysis: |
3846 | + - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a |
3847 | + memory leak on realloc failures when processing symbolic links |
3848 | + - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a |
3849 | + memory leak when processing font files with more than one NAME |
3850 | + section |
3851 | + - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap |
3852 | + after it is freed in order to avoid a potential double free later on |
3853 | + - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an |
3854 | + out-of-bounds read in LzmaEncode |
3855 | + - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use |
3856 | + priority queues and fix a double free |
3857 | + - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix |
3858 | + various arithmetic errors with malformed device paths |
3859 | + - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix |
3860 | + a NULL deref in the chainloader command introduced by a previous |
3861 | + patch |
3862 | + - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a |
3863 | + use-after-free in the halt and reboot commands by not freeing |
3864 | + allocated memory in these paths |
3865 | + - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: |
3866 | + Avoid a double free in the chainloader command when validation fails |
3867 | + - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: |
3868 | + Protect grub_relocator_alloc_chunk_addr input arguments against |
3869 | + integer overflow / underflow |
3870 | + - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: |
3871 | + Protect grub_relocator_alloc_chunk_align max_addr argument against |
3872 | + integer underflow |
3873 | + - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix |
3874 | + grub_relocator_alloc_chunk_align top memory allocation |
3875 | + - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: |
3876 | + Avoid overflow on initrd size calculation |
3877 | + |
3878 | + [ Dimitri John Ledkov ] |
3879 | + * SECURITY UPDATE: Grub does not enforce kernel signature validation |
3880 | + when the shim protocol isn't present. |
3881 | + - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: |
3882 | + Fail kernel validation if the shim protocol isn't available |
3883 | + - CVE-2020-15705 |
3884 | + |
3885 | + -- Chris Coulson <chris.coulson@canonical.com> Mon, 20 Jul 2020 19:19:08 +0100 |
3886 | + |
3887 | +grub2 (2.04-1ubuntu26) focal; urgency=medium |
3888 | + |
3889 | + [ Julian Andres Klode ] |
3890 | + * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere |
3891 | + (LP: #1872077) |
3892 | + * Display disk name and size in the ESP selection dialog, instead of ??? |
3893 | + |
3894 | + [ Sebastien Bacher ] |
3895 | + * debian/patches/gettext, |
3896 | + debian/patches/rules: |
3897 | + - backport upstream patches to fix the list of translated strings, |
3898 | + reported on the ubuntu-translators mailing list. The changes would |
3899 | + be overwritten by autoreconf so applying from a rules override. |
3900 | + |
3901 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 15 Apr 2020 13:31:27 +0200 |
3902 | + |
3903 | +grub2 (2.04-1ubuntu25) focal; urgency=medium |
3904 | + |
3905 | + [ Jean-Baptiste Lallement ] |
3906 | + [ Didier Roche ] |
3907 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
3908 | + - fix trailing } when no advanced menu is printed |
3909 | + - ensure we unmount all temporary snapshots path before zfs collect them |
3910 | + out. |
3911 | + * debian/patches/ubuntu-speed-zsys-history.patch: |
3912 | + - Speed up navigating zsys history by reducing greatly grub.cfg file size. |
3913 | + It used to take eg 80 seconds when loading 100 system snapshots. This is |
3914 | + now instantaneous by using a function with parameters that the users can |
3915 | + still easily edit. |
3916 | + |
3917 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 13 Apr 2020 15:17:42 +0200 |
3918 | + |
3919 | +grub2 (2.04-1ubuntu24) focal; urgency=medium |
3920 | + |
3921 | + * Support installing to multiple ESPs (LP: #1871821) |
3922 | + |
3923 | + -- Julian Andres Klode <juliank@ubuntu.com> Thu, 09 Apr 2020 12:51:07 +0200 |
3924 | + |
3925 | +grub2 (2.04-1ubuntu23) focal; urgency=medium |
3926 | + |
3927 | + [ Jean-Baptiste Lallement ] |
3928 | + [ Didier Roche ] |
3929 | + * Performance improvements for update-grub on ZFS systems (LP: #1869885) |
3930 | + |
3931 | + -- Didier Roche <didrocks@ubuntu.com> Tue, 31 Mar 2020 15:30:36 +0200 |
3932 | + |
3933 | +grub2 (2.04-1ubuntu22) focal; urgency=medium |
3934 | + |
3935 | + * smbios: Add a --linux argument to apply linux modalias-like filtering |
3936 | + * Make the linux command in EFI grub always try EFI handover; thanks |
3937 | + to Chris Coulson for the patches (LP: #1864533) |
3938 | + |
3939 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 11 Mar 2020 17:46:35 +0100 |
3940 | + |
3941 | +grub2 (2.04-1ubuntu21) focal; urgency=medium |
3942 | + |
3943 | + * Make ZFS menu generation depending on new zsysd binary instead of eoan |
3944 | + zsys compatibility symlink. |
3945 | + |
3946 | + -- Didier Roche <didrocks@ubuntu.com> Wed, 26 Feb 2020 09:59:49 +0100 |
3947 | + |
3948 | +grub2 (2.04-1ubuntu20) focal; urgency=medium |
3949 | + |
3950 | + * build-efi-images: do not produce -installer.efi.signed. LP: #1863994 |
3951 | + |
3952 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 25 Feb 2020 01:11:31 +0000 |
3953 | + |
3954 | +grub2 (2.04-1ubuntu19) focal; urgency=medium |
3955 | + |
3956 | + * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings |
3957 | + (LP: #1864547) |
3958 | + * build-efi-images: add smbios module to the prebuilt signed EFI images |
3959 | + (LP: #1856424) |
3960 | + |
3961 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 24 Feb 2020 20:34:13 +0000 |
3962 | + |
3963 | +grub2 (2.04-1ubuntu18) focal; urgency=medium |
3964 | + |
3965 | + * Cherry-pick fix from Colin W. in debian to build with python3. |
3966 | + |
3967 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 06 Feb 2020 18:37:44 +0100 |
3968 | + |
3969 | +grub2 (2.04-1ubuntu17) focal; urgency=medium |
3970 | + |
3971 | + * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list |
3972 | + snapshots due to an upstream change. |
3973 | + https://github.com/zfsonlinux/zfs/issues/9958 |
3974 | + |
3975 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 06 Feb 2020 18:20:16 +0100 |
3976 | + |
3977 | +grub2 (2.04-1ubuntu16) focal; urgency=medium |
3978 | + |
3979 | + * Revert "Add smbios module to build-efi-images script" from previous |
3980 | + upload, pending review see https://bugs.launchpad.net/bugs/1856424 |
3981 | + |
3982 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sun, 15 Dec 2019 01:28:49 +0000 |
3983 | + |
3984 | +grub2 (2.04-1ubuntu15) focal; urgency=medium |
3985 | + |
3986 | + * ubuntu-efi-allow-loopmount-chainload.patch: |
3987 | + - Enable chainloading EFI apps from loopmounts |
3988 | + * cherrypick-lsefisystab-define-smbios3.patch: |
3989 | + * cherrypick-smbios-modules.patch: |
3990 | + - Cherrypick from 2.05 module for retrieving SMBIOS information |
3991 | + * cherrypick-lsefisystab-show-dtb.patch: |
3992 | + - If dtb is provided by the firmware / DtbLoader driver, display it in |
3993 | + human form, rather than just UUID |
3994 | + |
3995 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 13 Dec 2019 11:24:21 +0000 |
3996 | + |
3997 | +grub2 (2.04-1ubuntu14) focal; urgency=medium |
3998 | + |
3999 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
4000 | + - Handle the case where grub-probe returns several devices for a single |
4001 | + pool (LP: #1848856). Thanks jpb for the report and the proposed patch. |
4002 | + - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik |
4003 | + for the patch. |
4004 | + - Do not crash on invalid fstab and report the invalid entry. |
4005 | + (LP: #1849347) Thanks Deltik for the patch. |
4006 | + - When a pool fails to import, catch and display the error message and |
4007 | + continue with other pools. Import all the pools in readonly mode so we |
4008 | + can import other pools with unsupported features (LP: #1848399) Thanks |
4009 | + satmandu for the investigation and the proposed patch |
4010 | + |
4011 | + -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com> Mon, 18 Nov 2019 11:22:43 +0100 |
4012 | + |
4013 | +grub2 (2.04-1ubuntu13) focal; urgency=medium |
4014 | + |
4015 | + * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown" |
4016 | + TPM errors as non-fatal, but still write up the details as debug messages |
4017 | + so we can further track what happens with the systems throwing those up. |
4018 | + (LP: #1848892) |
4019 | + * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot |
4020 | + status in linuxefi_secure_validate(); it's unnecessary and blocking boot |
4021 | + in chainload (like chainloading Windows) when SB is disabled. |
4022 | + (LP: #1845289) |
4023 | + |
4024 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 31 Oct 2019 17:58:47 -0400 |
4025 | + |
4026 | +grub2 (2.04-1ubuntu12) eoan; urgency=medium |
4027 | + |
4028 | + * Move our identifier to com.ubuntu |
4029 | + As we are not going to own org.zsys, move our identifier under |
4030 | + com.ubuntu.zsys (LP: #1847711) |
4031 | + |
4032 | + -- Didier Roche <didrocks@ubuntu.com> Fri, 11 Oct 2019 15:57:47 +0200 |
4033 | + |
4034 | +grub2 (2.04-1ubuntu11) eoan; urgency=medium |
4035 | + |
4036 | + * Load all kernels (even those without .efi.signed) for secure boot mode |
4037 | + as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581) |
4038 | + |
4039 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 10 Oct 2019 11:40:44 +0200 |
4040 | + |
4041 | +grub2 (2.04-1ubuntu10) eoan; urgency=medium |
4042 | + |
4043 | + * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch: |
4044 | + skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration. |
4045 | + (LP: #1838525) |
4046 | + |
4047 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Mon, 07 Oct 2019 23:23:54 -0300 |
4048 | + |
4049 | +grub2 (2.04-1ubuntu9) eoan; urgency=medium |
4050 | + |
4051 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
4052 | + - Handle case of pure zfs only snapshots giving additional "}", and as |
4053 | + such, creating invalid grub menu. |
4054 | + Spotted by grubzfs-testsuite autopkgtests. |
4055 | + |
4056 | + -- Didier Roche <didrocks@ubuntu.com> Wed, 02 Oct 2019 09:59:19 +0200 |
4057 | + |
4058 | +grub2 (2.04-1ubuntu8) eoan; urgency=medium |
4059 | + |
4060 | + * debian/patches/install-signed.patch -> ubuntu-install-signed.patch: |
4061 | + Really fix the installation of UEFI artefacts to the distributor path (we |
4062 | + only want shim, grub, and MokManager, and shim's boot.csv there), and to |
4063 | + the removable /EFI/BOOT path (where we want shim and fallback only). |
4064 | + Rename the patch to ubuntu- like others that are Ubuntu-specific or |
4065 | + otherwise modified to avoid such confusion at merge time in the future. |
4066 | + |
4067 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 01 Oct 2019 11:29:24 -0400 |
4068 | + |
4069 | +grub2 (2.04-1ubuntu7) eoan; urgency=medium |
4070 | + |
4071 | + * debian/patches/ubuntu-zfs-enhance-support.patch: |
4072 | + Disable history entry under some conditions: |
4073 | + - Don't show up if the system is a zsys one and zsys isn't installed |
4074 | + (LP: #1845333) |
4075 | + - Don't show for pure zfs systems: we identified multiple issues due |
4076 | + to the mount generator in upstream zfs which makes it incompatible. |
4077 | + Disable for now (LP: #1845913) |
4078 | + |
4079 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 30 Sep 2019 09:35:03 +0200 |
4080 | + |
4081 | +grub2 (2.04-1ubuntu6) eoan; urgency=medium |
4082 | + |
4083 | + * debian/patches/install-signed.patch: fix paths for MokManager/fallback; |
4084 | + shim no longer ships these with a .signed suffix. (LP: #1845466) |
4085 | + |
4086 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 26 Sep 2019 09:48:07 -0400 |
4087 | + |
4088 | +grub2 (2.04-1ubuntu5) eoan; urgency=medium |
4089 | + |
4090 | + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix |
4091 | + mis-spelling of helper function in final computation of GRUB_DEVICE in |
4092 | + multipath case. |
4093 | + |
4094 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 13 Aug 2019 08:56:16 +1200 |
4095 | + |
4096 | +grub2 (2.04-1ubuntu4) eoan; urgency=medium |
4097 | + |
4098 | + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is |
4099 | + multipathed there will be multiple paths to the partition, so using |
4100 | + root=UUID= exposes the boot process to udev races. In addition |
4101 | + grub-probe --target device / in this case reports /dev/dm-1 or similar -- |
4102 | + better to use a symlink that depends on the multipath name. (LP: #1429327) |
4103 | + |
4104 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 06 Aug 2019 12:37:18 +1200 |
4105 | + |
4106 | +grub2 (2.04-1ubuntu3) eoan; urgency=medium |
4107 | + |
4108 | + [ Mathieu Trudel-Lapierre ] |
4109 | + * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch |
4110 | + into git-dpm: drop [PATCH] tag and add Patch-Name. |
4111 | + |
4112 | + [ Didier Roche ] |
4113 | + * debian/patches/ubuntu-zfs-enhance-support.patch |
4114 | + - Don't patch autoregenerated files. |
4115 | + - rewrite generate MenuMeta implementation in shell (LP: #1834095) |
4116 | + mawk doesn't support \s and other array features. |
4117 | + + Change \s by their space or tab equivalent. |
4118 | + + Rewrite the menumeta generation in pure shell, which is easier to |
4119 | + debug, keeping globally the same algorithm |
4120 | + + Support i18n in entry name generation. |
4121 | + Co-authored with Jean-Baptiste. |
4122 | + - Resplit all patches in debian/patches/*, so that we have upstreamable |
4123 | + and non upstreamable parts separate. Also, any change in 10_linux patch |
4124 | + will be reflected in 10_linux_zfs. |
4125 | + - Always import pools (using force), as we don't mount them. Ensure also |
4126 | + that we don't update the host cache, as we import all pools, and not |
4127 | + only those attached to that system. |
4128 | + |
4129 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 29 Jul 2019 08:08:48 +0200 |
4130 | + |
4131 | +grub2 (2.04-1ubuntu2) eoan; urgency=medium |
4132 | + |
4133 | + * Add device-tree command support as installed by flash-kernel. |
4134 | + |
4135 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 17 Jul 2019 23:47:27 +0100 |
4136 | + |
4137 | +grub2 (2.04-1ubuntu1) eoan; urgency=medium |
4138 | + |
4139 | + * Merge against Debian; remaining changes: |
4140 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
4141 | + - debian/control: Breaks shim (<< 13). |
4142 | + - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset |
4143 | + from rhboot repo, flattened to a single patch. |
4144 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
4145 | + - Make sure if we install shim; it should also be exported as the default |
4146 | + bootloader to install later to a removable path, if we do. |
4147 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
4148 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
4149 | + to install on a removable device, or explicitly telling grub *not* to |
4150 | + do it. |
4151 | + - Install a BOOT.CSV for fallback to use. |
4152 | + - Make sure postinst and templates know about the replacement of |
4153 | + --force-extra-removable with --no-extra-removable. |
4154 | + - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd |
4155 | + boot config. |
4156 | + - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel |
4157 | + fails to boot without initrd, we will fallback to trying to boot the |
4158 | + kernel with an initrd. |
4159 | + - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure |
4160 | + grub-mkconfig leaves a trace of what files were sourced to help generate |
4161 | + the config we're building. |
4162 | + - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI |
4163 | + console, only set text-mode when we're actually going to need it. |
4164 | + - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support. |
4165 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
4166 | + number of entries/clutter from other OSes in Petitboot |
4167 | + - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream |
4168 | + version in menu and console, and hide the package one in a |
4169 | + package_version variable. |
4170 | + - Verify that the current and newer kernels are signed when grub is |
4171 | + updated, to make sure people do not accidentally shutdown without a |
4172 | + signed kernel. |
4173 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
4174 | + confusing GRUB_TIMEOUT_STYLE=hidden. |
4175 | + - debian/rules: shuffle files around for now to keep build artefacts |
4176 | + for signing at the same location as they were expected by Launchpad. |
4177 | + - debian/rules, debian/control: enable dh-systemd. |
4178 | + - debian/grub-common.install.in: install the systemd unit that's part of |
4179 | + initrd fallback handling, missed when the feature landed. |
4180 | + - debian/build-efi-images: add http module to NET_MODULES. |
4181 | + * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one. |
4182 | + * debian/patches: rename patches to use "-" as a separator rather than "_". |
4183 | + * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu" |
4184 | + so it's clearer which are new or changed when doing a merge. |
4185 | + * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due |
4186 | + to objcopy building an invalid binary padded with zeroes (LP: #1833234) |
4187 | + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid |
4188 | + spacing for the initrd command when not using early initrds. |
4189 | + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd |
4190 | + boot success/failure service to start later at boot time. (LP: #1823391) |
4191 | + * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which |
4192 | + breaks with new linuxefi patchset. |
4193 | + * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the |
4194 | + --auto-nvram option we previously had as a supported option in grub-install |
4195 | + (with no effect now), to avoid breaking upgrades. "auto-nvram" is default |
4196 | + behavior now that we use libefivar instead of calling efibootmgr. |
4197 | + |
4198 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 16 Jul 2019 11:31:29 -0400 |
4199 | + |
4200 | grub2 (2.04-1) unstable; urgency=medium |
4201 | |
4202 | * New upstream release. |
4203 | @@ -1040,6 +2583,112 @@ grub2 (2.02+dfsg1-13) unstable; urgency=medium |
4204 | |
4205 | -- Colin Watson <cjwatson@debian.org> Thu, 14 Mar 2019 10:33:24 +0000 |
4206 | |
4207 | +grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium |
4208 | + |
4209 | + * debian/patches/zfs_enhance_support.patch: |
4210 | + Enhance ZFS grub support: |
4211 | + - Support multiple zfs systems (grouped by machine-id) |
4212 | + - Group zfs snapshots and clones with latest dataset for a given |
4213 | + installation. |
4214 | + - Support "history" entry with one time boot, recovery mode and |
4215 | + consecutive reboots. |
4216 | + - Pin kernel to particular snapshot, trying to reboot with the exact |
4217 | + same kernel and initrd. |
4218 | + - Disable in 10_linux zfs support if 10_linux_zfs is installed so that |
4219 | + we don't end up with the same installation multiple times. |
4220 | + * debian/patches/*: |
4221 | + - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs. |
4222 | + |
4223 | + Work done with Jean-Baptiste. |
4224 | + |
4225 | + -- Didier Roche <didrocks@ubuntu.com> Mon, 17 Jun 2019 11:28:48 +0200 |
4226 | + |
4227 | +grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium |
4228 | + |
4229 | + * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console, |
4230 | + only set text-mode when we're actually going to need it. |
4231 | + * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630) |
4232 | + |
4233 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 11 Mar 2019 17:48:49 -0400 |
4234 | + |
4235 | +grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium |
4236 | + |
4237 | + * Merge against Debian unstable; remaining changes (LP: #564853): |
4238 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
4239 | + - debian/control: Breaks shim (<< 13). |
4240 | + - Secure Boot support: use newer patchset from rhboot repo: |
4241 | + - many linuxefi_* patches added and modified |
4242 | + - dropped debian/patches/linuxefi_require_shim.patch |
4243 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
4244 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
4245 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
4246 | + - Make sure if we install shim; it should also be exported as the default |
4247 | + bootloader to install later to a removable path, if we do. |
4248 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
4249 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
4250 | + to install on a removable device, or explicitly telling grub *not* to |
4251 | + do it. |
4252 | + - Install a BOOT.CSV for fallback to use. |
4253 | + - Make sure postinst and templates know about the replacement of |
4254 | + --force-extra-removable with --no-extra-removable. |
4255 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
4256 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
4257 | + before attempting NVRAM updates. |
4258 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
4259 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
4260 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
4261 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
4262 | + signed kernel. |
4263 | + - Verify that the current and newer kernels are signed when grub is |
4264 | + updated, to make sure people do not accidentally shutdown without a |
4265 | + signed kernel. |
4266 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
4267 | + confusing GRUB_TIMEOUT_STYLE=hidden. |
4268 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
4269 | + non-initrd boot config. |
4270 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
4271 | + number of entries/clutter from other OSes in Petitboot |
4272 | + - debian/patches/shorter_version_info.patch: Only show the upstream version |
4273 | + in menu and console, and hide the package one in a package_version |
4274 | + variable. |
4275 | + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
4276 | + 'text' payload if it's not supported but present in gfxpayload, such as |
4277 | + on EFI systems. |
4278 | + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
4279 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
4280 | + the files unnecessarily, which may require re-open files that cannot be |
4281 | + seeked into, such as via TFTP. |
4282 | + - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize |
4283 | + structs in bootpath parser. |
4284 | + - debian/rules: shuffle files around for now to keep build artefacts |
4285 | + for signing at the same location as they were expected by Launchpad. |
4286 | + - debian/rules, debian/control: enable dh-systemd. |
4287 | + - debian/grub-common.install.in: install the systemd unit that's part of |
4288 | + initrd fallback handling, missed when the feature landed. |
4289 | + - debian/patches/quick-boot-lvm.patch: If we don't have writable |
4290 | + grubenv and we're on EFI, always show the menu. |
4291 | + - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig |
4292 | + leaves a trace of what files were sourced to help generate the config |
4293 | + we're building. |
4294 | + - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows |
4295 | + 7 bootloader has inconsistent headers; truncate to the smaller, correct |
4296 | + size to fix chainloading Windows 7. |
4297 | + - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in |
4298 | + relocate_coff() causing issues with relocation of code in chainload. |
4299 | + - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less |
4300 | + capabilities. If a kernel fails to boot without initrd, we will fallback |
4301 | + to trying to boot the kernel with an initrd. Patch by Chris Glass. |
4302 | + - debian/patches/grub-reboot-warn.patch: Warn when "for the next |
4303 | + boot only" promise cannot be kept. |
4304 | + * Refreshed patches and fixed up attribution to the right authors after |
4305 | + merge with Debian. |
4306 | + * debian/patches/linuxefi_missing_include.patch, |
4307 | + debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional |
4308 | + small fixes to casts, format strings, includes and Makefile to make sure |
4309 | + the newer linuxefi patches apply and build properly. |
4310 | + |
4311 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 05 Mar 2019 17:05:09 -0500 |
4312 | + |
4313 | grub2 (2.02+dfsg1-12) unstable; urgency=medium |
4314 | |
4315 | [ Colin Watson ] |
4316 | @@ -1184,6 +2833,175 @@ grub2 (2.02+dfsg1-6) unstable; urgency=medium |
4317 | |
4318 | -- Colin Watson <cjwatson@debian.org> Tue, 28 Aug 2018 16:17:21 +0100 |
4319 | |
4320 | +grub2 (2.02+dfsg1-5ubuntu11) disco; urgency=medium |
4321 | + |
4322 | + [ Mathieu Trudel-Lapierre ] |
4323 | + * debian/grub-check-signatures: properly account for DB showing as empty on |
4324 | + some broken firmwares: Guard against mokutil --export --db failing, and do |
4325 | + a better job at finding the DER certs for conversion to PEM format. |
4326 | + (LP: #1814575) |
4327 | + |
4328 | + [ Steve Langasek ] |
4329 | + * debian/patches/quick-boot-lvm.patch: checking the return value of |
4330 | + 'lsefi' when the command doesn't exist does not do what's expected, so |
4331 | + instead check the value of $grub_platform which is simpler anyway. |
4332 | + LP: #1814403. |
4333 | + |
4334 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 04 Feb 2019 17:51:15 -0500 |
4335 | + |
4336 | +grub2 (2.02+dfsg1-5ubuntu10) disco; urgency=medium |
4337 | + |
4338 | + * debian/grub-check-signatures: check kernel signatures against keys known |
4339 | + in firmware, in case a kernel is signed but not using a key that will pass |
4340 | + validation, such as when using kernels coming from a PPA. (LP: #1789918) |
4341 | + |
4342 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 21 Jan 2019 09:34:36 -0500 |
4343 | + |
4344 | +grub2 (2.02+dfsg1-5ubuntu9) disco; urgency=medium |
4345 | + |
4346 | + [ Steve Langasek ] |
4347 | + * debian/patches/quick-boot-lvm.patch: If we don't have writable |
4348 | + grubenv and we're on EFI, always show the menu. Closes LP: #1800722. |
4349 | + |
4350 | + [ Mathieu Trudel-Lapierre ] |
4351 | + * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig |
4352 | + leaves a trace of what files were sourced to help generate the config |
4353 | + we're building. |
4354 | + |
4355 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 07 Jan 2019 17:32:01 -0500 |
4356 | + |
4357 | +grub2 (2.02+dfsg1-5ubuntu8) cosmic; urgency=medium |
4358 | + |
4359 | + * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to |
4360 | + the EFI removable path to avoid boot failures after install when certs |
4361 | + need to be enrolled and the system's firmware is confused. (LP: #1798171) |
4362 | + |
4363 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 17 Oct 2018 14:44:49 -0400 |
4364 | + |
4365 | +grub2 (2.02+dfsg1-5ubuntu7) cosmic; urgency=medium |
4366 | + |
4367 | + [ Steve Langasek ] |
4368 | + * debian/grub-common.install.in: install the systemd unit that's part of |
4369 | + initrd fallback handling, missed when the feature landed. |
4370 | + |
4371 | + [ Mathieu Trudel-Lapierre ] |
4372 | + * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT, |
4373 | + to avoid unnecessary delay at boot time. (LP: #1784363) |
4374 | + |
4375 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Fri, 12 Oct 2018 11:10:10 -0400 |
4376 | + |
4377 | +grub2 (2.02+dfsg1-5ubuntu6) cosmic; urgency=medium |
4378 | + |
4379 | + [ Steve Langasek ] |
4380 | + * debian/grub-check-signatures: Handle the case where we have unsigned |
4381 | + vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727) |
4382 | + |
4383 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 03 Oct 2018 14:59:05 -0400 |
4384 | + |
4385 | +grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium |
4386 | + |
4387 | + [ Mathieu Trudel-Lapierre ] |
4388 | + * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows |
4389 | + 7 bootloader has inconsistent headers; truncate to the smaller, correct |
4390 | + size to fix chainloading Windows 7. |
4391 | + |
4392 | + [ Steve Langasek ] |
4393 | + * debian/rules, debian/control: enable dh-systemd. |
4394 | + * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less |
4395 | + capabilities. If a kernel fails to boot without initrd, grub will fallback |
4396 | + to trying to boot the kernel with an initrd. Patch by Chris Glass. |
4397 | + |
4398 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 25 Sep 2018 16:05:13 -0400 |
4399 | + |
4400 | +grub2 (2.02+dfsg1-5ubuntu4) cosmic; urgency=medium |
4401 | + |
4402 | + * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in |
4403 | + relocate_coff() causing issues with relocation of code in chainload. |
4404 | + (LP: #1792575) |
4405 | + |
4406 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 17 Sep 2018 07:45:49 -0400 |
4407 | + |
4408 | +grub2 (2.02+dfsg1-5ubuntu3) cosmic; urgency=medium |
4409 | + |
4410 | + * debian/patches/grub-reboot-warn.patch: Warn when "for the next |
4411 | + boot only" promise cannot be kept. (LP: #788298) |
4412 | + |
4413 | + -- dann frazier <dannf@ubuntu.com> Thu, 13 Sep 2018 15:28:50 -0600 |
4414 | + |
4415 | +grub2 (2.02+dfsg1-5ubuntu2) cosmic; urgency=medium |
4416 | + |
4417 | + * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for |
4418 | + ext_lfb_base. (LP: #1785033) |
4419 | + |
4420 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 05 Sep 2018 14:29:04 -0400 |
4421 | + |
4422 | +grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium |
4423 | + |
4424 | + [ Mathieu Trudel-Lapierre] |
4425 | + * Merge against Debian unstable; remaining changes: |
4426 | + - debian/control: Update Vcs fields for code location on Ubuntu. |
4427 | + - debian/control: Breaks shim (<< 13). |
4428 | + - Secure Boot support: use newer patchset from rhboot repo: |
4429 | + - many linuxefi_* patches added and modified |
4430 | + - dropped debian/patches/linuxefi_require_shim.patch |
4431 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
4432 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
4433 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
4434 | + - Make sure if we install shim; it should also be exported as the default |
4435 | + bootloader to install later to a removable path, if we do. |
4436 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
4437 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
4438 | + to install on a removable device, or explicitly telling grub *not* to |
4439 | + do it. |
4440 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
4441 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
4442 | + (LP: #1684341) |
4443 | + - Install a BOOT.CSV for fallback to use. |
4444 | + - Make sure postinst and templates know about the replacement of |
4445 | + --force-extra-removable with --no-extra-removable. |
4446 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
4447 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
4448 | + before attempting NVRAM updates. |
4449 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
4450 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
4451 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
4452 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
4453 | + signed kernel. (LP: #1401532) |
4454 | + - Verify that the current and newer kernels are signed when grub is |
4455 | + updated, to make sure people do not accidentally shutdown without a |
4456 | + signed kernel. |
4457 | + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less |
4458 | + confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) |
4459 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
4460 | + non-initrd boot config. (LP: #1640878) |
4461 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
4462 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
4463 | + - debian/patches/shorter_version_info.patch: Only show the upstream version |
4464 | + in menu and console, and hide the package one in a package_version |
4465 | + variable. (LP: #1723434) |
4466 | + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
4467 | + 'text' payload if it's not supported but present in gfxpayload, such as |
4468 | + on EFI systems. (LP: #1711452) |
4469 | + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
4470 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
4471 | + the files unnecessarily, which may require re-open files that cannot be |
4472 | + seeked into, such as via TFTP. (LP: #1743249) |
4473 | + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok |
4474 | + and fallback binaries: shim now installs them without the .signed |
4475 | + extension. (LP: #1708245) |
4476 | + - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and |
4477 | + the casting they do on some architectures: we don't want to fail build |
4478 | + because of some of the warnings that can show up since we otherwise build |
4479 | + with -Werror. |
4480 | + * debian/rules: shuffle files around for now to keep putting build artefacts |
4481 | + for signing at the same location as they were expected by Launchpad. |
4482 | + |
4483 | + [ Julian Andres Klode ] |
4484 | + * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize |
4485 | + structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859) |
4486 | + |
4487 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 23 Aug 2018 15:00:14 -0400 |
4488 | + |
4489 | grub2 (2.02+dfsg1-5) unstable; urgency=medium |
4490 | |
4491 | [ Colin Watson ] |
4492 | @@ -1280,6 +3098,171 @@ grub2 (2.02-3) unstable; urgency=medium |
4493 | |
4494 | -- Colin Watson <cjwatson@debian.org> Sat, 10 Feb 2018 03:00:30 +0000 |
4495 | |
4496 | +grub2 (2.02-2ubuntu13) cosmic; urgency=medium |
4497 | + |
4498 | + * debian/patches/tests_update_for_new_qemu.patch: update qemu options to |
4499 | + remove deprecated options that fail tests. |
4500 | + * debian/patches: fix up busted patches due to git-dpm: |
4501 | + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch |
4502 | + - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch |
4503 | + * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose |
4504 | + of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as |
4505 | + R_X86_64_PC32. Make R_X86_64_PLT32 supported. |
4506 | + |
4507 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 19 Jul 2018 09:46:53 -0400 |
4508 | + |
4509 | +grub2 (2.02-2ubuntu12) cosmic; urgency=medium |
4510 | + |
4511 | + * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise |
4512 | + and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) |
4513 | + |
4514 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 16 Jul 2018 14:18:46 -0400 |
4515 | + |
4516 | +grub2 (2.02-2ubuntu11) cosmic; urgency=medium |
4517 | + |
4518 | + * Verify that the current and newer kernels are signed when grub is updated, to |
4519 | + make sure people do not accidentally shutdown without a signed kernel. |
4520 | + |
4521 | + -- Julian Andres Klode <juliank@ubuntu.com> Fri, 13 Jul 2018 15:21:48 +0200 |
4522 | + |
4523 | +grub2 (2.02-2ubuntu10) cosmic; urgency=medium |
4524 | + |
4525 | + * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the |
4526 | + grub-shell test helper, disable seabios's serial console through fw_cfg |
4527 | + runtime configuration as its boot output interferes with testing. |
4528 | + (LP: #1775249) |
4529 | + |
4530 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 06 Jun 2018 01:03:26 +0200 |
4531 | + |
4532 | +grub2 (2.02-2ubuntu9) cosmic; urgency=medium |
4533 | + |
4534 | + * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the |
4535 | + --auto-nvram option to grub-install for auto-detecting NVRAM availability |
4536 | + before attempting NVRAM updates. |
4537 | + |
4538 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Tue, 05 Jun 2018 00:34:38 +0200 |
4539 | + |
4540 | +grub2 (2.02-2ubuntu8) bionic; urgency=medium |
4541 | + |
4542 | + * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can |
4543 | + lead to flickering between graphical and text mode when traversing the |
4544 | + menu. (LP: #1752767) |
4545 | + * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS |
4546 | + with flex 2.6.4. |
4547 | + |
4548 | + -- dann frazier <dannf@ubuntu.com> Sun, 04 Mar 2018 06:11:35 -0700 |
4549 | + |
4550 | +grub2 (2.02-2ubuntu7) bionic; urgency=medium |
4551 | + |
4552 | + [ Julian Andres Klode ] |
4553 | + * debian/patches/shorter_version_info.patch: Only show the upstream version |
4554 | + in menu and console, and hide the package one in a package_version |
4555 | + variable. (LP: #1723434) |
4556 | + |
4557 | + [ Mathieu Trudel-Lapierre ] |
4558 | + * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the |
4559 | + 'text' payload if it's not supported but present in gfxpayload, such as |
4560 | + on EFI systems. (LP: #1711452) |
4561 | + |
4562 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Fri, 09 Feb 2018 16:30:45 -0500 |
4563 | + |
4564 | +grub2 (2.02-2ubuntu6) bionic; urgency=medium |
4565 | + |
4566 | + [ Steve Langasek ] |
4567 | + * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file |
4568 | + fizes as block sizes in bufio: this avoids potentially seeking back in |
4569 | + the files unnecessarily, which may require re-open files that cannot be |
4570 | + seeked into, such as via TFTP. (LP: #1743249) |
4571 | + |
4572 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 05 Feb 2018 11:58:09 -0500 |
4573 | + |
4574 | +grub2 (2.02-2ubuntu5) bionic; urgency=medium |
4575 | + |
4576 | + * debian/patches/mkconfig_keep_native_term_active.patch: Keep the |
4577 | + default EFI console active while enabling gfxterm. (LP: #1743884) |
4578 | + |
4579 | + -- dann frazier <dannf@ubuntu.com> Wed, 31 Jan 2018 10:51:11 -0700 |
4580 | + |
4581 | +grub2 (2.02-2ubuntu4) bionic; urgency=medium |
4582 | + |
4583 | + * debian/patches/vt_handoff.patch: modify the existing patch to set |
4584 | + vt.handoff=1 instead of vt.handoff=7 as we now start display managers on |
4585 | + vt1 anyway. This also fixes issues with netboot installed server systems |
4586 | + not displaying the login prompt on boot. (LP: #1675453) |
4587 | + |
4588 | + -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Thu, 18 Jan 2018 18:32:31 +0100 |
4589 | + |
4590 | +grub2 (2.02-2ubuntu3) bionic; urgency=medium |
4591 | + |
4592 | + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok |
4593 | + and fallback binaries: shim now installs them without the .signed |
4594 | + extension. (LP: #1708245) |
4595 | + * debian/control: Breaks shim (<< 13). |
4596 | + |
4597 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 17 Jan 2018 09:25:09 -0500 |
4598 | + |
4599 | +grub2 (2.02-2ubuntu2) bionic; urgency=medium |
4600 | + |
4601 | + * Cherry-pick upstream patch to change the default TSC calibration method |
4602 | + to pmtimer on EFI systems (LP: #1734278) |
4603 | + * debian/control: Update Vcs fields for code location on Ubuntu. |
4604 | + |
4605 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 05 Dec 2017 11:47:31 -0500 |
4606 | + |
4607 | +grub2 (2.02-2ubuntu1) bionic; urgency=medium |
4608 | + |
4609 | + * Merge with Debian; remaining changes: |
4610 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
4611 | + non-initrd boot config. (LP: #1640878) |
4612 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
4613 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
4614 | + - debian/build-efi-images: provide a new grub EFI image which enforces that |
4615 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
4616 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
4617 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
4618 | + signed kernel. (LP: #1401532) |
4619 | + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
4620 | + - Make sure if we install shim; it should also be exported as the default |
4621 | + bootloader to install later to a removable path, if we do. |
4622 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
4623 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
4624 | + to install on a removable device, or explicitly telling grub *not* to |
4625 | + do it. |
4626 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
4627 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
4628 | + (LP: #1684341) |
4629 | + - Make sure postinst and templates know about the replacement of |
4630 | + --force-extra-removable with --no-extra-removable. |
4631 | + * Sync Secure Boot support patches with the upstream patch set from |
4632 | + rhboot/grub2:master-sb. Renamed some patches and updated descriptions for |
4633 | + the whole thing to make more sense, too: |
4634 | + - dropped debian/patches/linuxefi_require_shim.patch |
4635 | + - renamed: debian/patches/no_insmod_on_sb.patch -> |
4636 | + debian/patches/linuxefi_no_insmod_on_sb.patch |
4637 | + - debian/patches/linuxefi.patch |
4638 | + - debian/patches/linuxefi_debug.patch |
4639 | + - debian/patches/linuxefi_non_sb_fallback.patch |
4640 | + - debian/patches/linuxefi_add_sb_to_efi_chainload.patch |
4641 | + - debian/patches/linuxefi_cleanup_errors_in_loader.patch |
4642 | + - debian/patches/linuxefi_fix_efi_validation_race.patch |
4643 | + - debian/patches/linuxefi_handle_multiarch_boot.patch |
4644 | + - debian/patches/linuxefi_honor_sb_mode.patch |
4645 | + - debian/patches/linuxefi_move_fdt_helper.patch |
4646 | + - debian/patches/linuxefi_load_arm_with_sb.patch |
4647 | + - debian/patches/linuxefi_minor_cleanups.patch |
4648 | + - debian/patches/linuxefi_re-enable_linux_cmd.patch |
4649 | + - debian/patches/linuxefi_rework_linux16_cmd.patch |
4650 | + - debian/patches/linuxefi_rework_linux_cmd.patch |
4651 | + - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch |
4652 | + - debian/patches/linuxefi_rework_pe_loading.patch |
4653 | + - debian/patches/linuxefi_use_dev_chainloader_target.patch |
4654 | + * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and |
4655 | + the casting they do on some architectures: we don't want to fail build |
4656 | + because of some of the warnings that can show up since we otherwise build |
4657 | + with -Werror. |
4658 | + |
4659 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 06 Nov 2017 15:37:12 -0500 |
4660 | + |
4661 | grub2 (2.02-2) unstable; urgency=medium |
4662 | |
4663 | * Comment out debian/watch lines for betas and pre-releases for now. |
4664 | @@ -1316,6 +3299,92 @@ grub2 (2.02~beta3-5) unstable; urgency=medium |
4665 | |
4666 | -- Colin Watson <cjwatson@debian.org> Sat, 11 Feb 2017 15:09:19 +0000 |
4667 | |
4668 | +grub2 (2.02~beta3-4ubuntu7) artful; urgency=medium |
4669 | + |
4670 | + * debian/patches/headers_for_device_macros.patch, |
4671 | + debian/patches/fix_check_for_sys_macros.patch: make sure the right |
4672 | + device macro header is included and that the deprecation warning |
4673 | + is dealt with. LP: #1722955. |
4674 | + |
4675 | + -- Tiago Stürmer Daitx <tiago.daitx@ubuntu.com> Thu, 12 Oct 2017 09:41:17 -0400 |
4676 | + |
4677 | +grub2 (2.02~beta3-4ubuntu6) artful; urgency=medium |
4678 | + |
4679 | + * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to |
4680 | + mount an EXT4 partition that has the 'encrypt' feature enabled |
4681 | + (closes: 840204) |
4682 | + |
4683 | + -- Tyler Hicks <tyhicks@canonical.com> Wed, 05 Jul 2017 22:23:03 +0000 |
4684 | + |
4685 | +grub2 (2.02~beta3-4ubuntu5) artful; urgency=medium |
4686 | + |
4687 | + * debian/patches/linuxefi.patch: fix double-free caused by an extra |
4688 | + grub_free() call in this patch (which the previous upload didn't change). |
4689 | + * debian/patches/linuxefi_rework_non-sb_cases.patch, |
4690 | + debian/patches/linuxefi_non_sb_fallback.patch: refreshed. |
4691 | + |
4692 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Mon, 29 May 2017 16:28:41 -0400 |
4693 | + |
4694 | +grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium |
4695 | + |
4696 | + * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream |
4697 | + SB patch set: |
4698 | + - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its |
4699 | + chainloader. |
4700 | + - linuxefi_fix_validation_race.patch: Fix a race in validating images. |
4701 | + - linuxefi_chainloader_path.patch: honor the starting path for grub, so |
4702 | + images do not need to be started from $root. |
4703 | + - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use |
4704 | + when Secure Boot is enabled. |
4705 | + - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all |
4706 | + loaders: don't load the commands when Secure Boot is enabled. |
4707 | + - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and |
4708 | + initrd commands to automatically hand-off to linuxefi/initrdefi; re- |
4709 | + enable the linux loader. |
4710 | + - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading |
4711 | + "special" PE images, such as Windows'. |
4712 | + - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is |
4713 | + disabled or shim validation is disabled so loading works as EFI binaries |
4714 | + when it is supposed to. |
4715 | + - Removed linuxefi_require_shim.patch; superseded by the above. |
4716 | + |
4717 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 11 May 2017 17:05:04 -0400 |
4718 | + |
4719 | +grub2 (2.02~beta3-4ubuntu3) artful; urgency=medium |
4720 | + |
4721 | + * debian/patches/install_signed.patch, grub-install-extra-removable.patch: |
4722 | + - Make sure if we install shim; it should also be exported as the default |
4723 | + bootloader to install later to a removable path, if we do. |
4724 | + - Rework grub-install-extra-removable.patch to reverse its logic: in the |
4725 | + default case, install the bootloader to /EFI/BOOT, unless we're trying |
4726 | + to install on a removable device, or explicitly telling grub *not* to |
4727 | + do it. |
4728 | + - Move installing fb$arch.efi to --no-extra-removable; as we don't want |
4729 | + fallback to be installed unless we're also installing to /EFI/BOOT. |
4730 | + (LP: #1684341) |
4731 | + |
4732 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 26 Apr 2017 21:08:22 -0400 |
4733 | + |
4734 | +grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium |
4735 | + |
4736 | + * debian/build-efi-images: provide a new grub EFI image which enforces that |
4737 | + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is |
4738 | + the same as grub$arch.efi minus the 'linux' module. Without fallback to |
4739 | + 'linux' for unsigned loading, this makes it effectively enforce having a |
4740 | + signed kernel. (LP: #1401532) |
4741 | + |
4742 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 30 Mar 2017 17:45:23 -0400 |
4743 | + |
4744 | +grub2 (2.02~beta3-4ubuntu1) zesty; urgency=medium |
4745 | + |
4746 | + * Merge with Debian; remaining changes: |
4747 | + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow |
4748 | + non-initrd boot config. (LP: #1640878) |
4749 | + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the |
4750 | + number of entries/clutter from other OSes in Petitboot (LP: #1447500) |
4751 | + |
4752 | + -- dann frazier <dannf@ubuntu.com> Thu, 09 Feb 2017 10:06:57 -0700 |
4753 | + |
4754 | grub2 (2.02~beta3-4) unstable; urgency=medium |
4755 | |
4756 | [ Colin Watson ] |
4757 | diff --git a/debian/control b/debian/control |
4758 | index b9d79ec..efd46e3 100644 |
4759 | --- a/debian/control |
4760 | +++ b/debian/control |
4761 | @@ -1,8 +1,9 @@ |
4762 | Source: grub2 |
4763 | Section: admin |
4764 | Priority: optional |
4765 | -Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> |
4766 | -Uploaders: Felix Zielcke <fzielcke@z-51.de>, Jordi Mallach <jordi@debian.org>, Steve McIntyre <93sam@debian.org>, Julian Andres Klode <jak@debian.org> |
4767 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
4768 | +XSBC-Original-Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> |
4769 | +Uploaders: Felix Zielcke <fzielcke@z-51.de>, Jordi Mallach <jordi@debian.org>, Steve McIntyre <93sam@debian.org>, Julian Andres Klode <jak@debian.org>, Mate Kukri <mate.kukri@canonical.com> |
4770 | Build-Depends: debhelper-compat (= 13), |
4771 | patchutils, |
4772 | python3, |
4773 | @@ -12,8 +13,7 @@ Build-Depends: debhelper-compat (= 13), |
4774 | po-debconf, |
4775 | help2man, |
4776 | texinfo, |
4777 | - gcc-12, |
4778 | - gcc-12-multilib [i386 kopensolaris-i386 any-amd64 any-ppc64 any-sparc], |
4779 | + gcc-multilib [i386 kopensolaris-i386 any-amd64 any-ppc64 any-sparc], |
4780 | xfonts-unifont, |
4781 | libfreetype6-dev, |
4782 | gettext, |
4783 | @@ -40,8 +40,8 @@ Build-Depends: debhelper-compat (= 13), |
4784 | Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev |
4785 | Standards-Version: 3.9.6 |
4786 | Homepage: https://www.gnu.org/software/grub/ |
4787 | -Vcs-Git: https://salsa.debian.org/grub-team/grub.git |
4788 | -Vcs-Browser: https://salsa.debian.org/grub-team/grub |
4789 | +Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu |
4790 | +Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu |
4791 | Rules-Requires-Root: no |
4792 | |
4793 | Package: grub2 |
4794 | @@ -66,7 +66,7 @@ Description: GRand Unified Bootloader, version 2 (dummy package) |
4795 | Package: grub-efi |
4796 | Architecture: any-i386 any-amd64 any-arm64 any-ia64 any-arm any-riscv64 |
4797 | Pre-Depends: ${misc:Pre-Depends} |
4798 | -Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (= ${binary:Version}) [any-amd64], grub-efi-arm64 (= ${binary:Version}) [any-arm64], grub-efi-ia64 (= ${binary:Version}) [any-ia64], grub-efi-arm (= ${binary:Version}) [any-arm], grub-efi-riscv64 (= ${binary:Version}) [any-riscv64] |
4799 | +Depends: ${misc:Depends}, grub-efi-ia32 (>= ${binary:Version}) [any-i386], grub-efi-amd64 [any-amd64], grub-efi-arm64 [any-arm64], grub-efi-ia64 (>= ${binary:Version}) [any-ia64], grub-efi-arm (>= ${binary:Version}) [any-arm], grub-efi-riscv64 (>= ${binary:Version}) [any-riscv64] |
4800 | Multi-Arch: foreign |
4801 | Description: GRand Unified Bootloader, version 2 (dummy package) |
4802 | This is a dummy package that depends on the grub-efi-$ARCH package most likely |
4803 | @@ -75,7 +75,7 @@ Description: GRand Unified Bootloader, version 2 (dummy package) |
4804 | Package: grub-common |
4805 | Architecture: any |
4806 | Built-Using: ${Built-Using} |
4807 | -Depends: ${shlibs:Depends}, ${misc:Depends}, gettext-base, ${lsb-base-depends} |
4808 | +Depends: ${shlibs:Depends}, ${misc:Depends}, gettext-base, ${lsb-base-depends}, python3, python3-apt |
4809 | Replaces: grub-pc (<< 2.00-4), grub-ieee1275 (<< 2.00-4), grub-efi (<< 1.99-1), grub-coreboot (<< 2.00-4), grub-linuxbios (<< 1.96+20080831-1), grub-efi-ia32 (<< 2.00-4), grub-efi-amd64 (<< 2.00-4), grub-efi-ia64 (<< 2.00-4), grub-yeeloong (<< 2.00-4), init-select |
4810 | Recommends: os-prober (>= 1.33) |
4811 | Suggests: multiboot-doc, grub-emu [any-i386 any-amd64 any-powerpc], mtools [any-i386 any-amd64 any-ia64 any-arm any-arm64 riscv64], xorriso (>= 0.5.6.pl00), desktop-base (>= 4.0.6), console-setup |
4812 | @@ -252,7 +252,6 @@ Description: GRand Unified Bootloader, version 2 (Coreboot version) |
4813 | Package: grub-efi-ia32-bin |
4814 | Architecture: any-i386 any-amd64 |
4815 | Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) |
4816 | -Breaks: grub-efi-ia32-signed (<< 1+2.12~rc1) |
4817 | Recommends: grub-efi-ia32-signed [i386], efibootmgr [linux-any] |
4818 | Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi, grub-efi-ia32 (<< 1.99-1) |
4819 | Multi-Arch: foreign |
4820 | @@ -313,11 +312,10 @@ Description: GRand Unified Bootloader, version 2 (EFI-IA32 signing template) |
4821 | This is only needed for Secure Boot signing. |
4822 | |
4823 | Package: grub-efi-amd64-bin |
4824 | -Architecture: i386 kopensolaris-i386 any-amd64 |
4825 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) |
4826 | +Architecture: kopensolaris-i386 any-amd64 |
4827 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (>= 2.02~beta2-9) |
4828 | Recommends: grub-efi-amd64-signed [amd64], efibootmgr [linux-any] |
4829 | Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi-amd64 (<< 1.99-1) |
4830 | -Breaks: grub-efi-amd64-signed (<< 1+2.12~rc1) |
4831 | Multi-Arch: foreign |
4832 | XB-Efi-Vendor: ${efi:Vendor} |
4833 | Description: GRand Unified Bootloader, version 2 (EFI-AMD64 modules) |
4834 | @@ -339,17 +337,17 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 modules) |
4835 | |
4836 | Package: grub-efi-amd64-dbg |
4837 | Section: debug |
4838 | -Architecture: i386 kopensolaris-i386 any-amd64 |
4839 | -Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}), grub-common (= ${binary:Version}) |
4840 | +Architecture: kopensolaris-i386 any-amd64 |
4841 | +Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}) |
4842 | Multi-Arch: foreign |
4843 | Description: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files) |
4844 | This package contains debugging files for grub-efi-amd64-bin. You only |
4845 | need these if you are trying to debug GRUB using its GDB stub. |
4846 | |
4847 | Package: grub-efi-amd64 |
4848 | -Architecture: i386 kopensolaris-i386 any-amd64 |
4849 | +Architecture: kopensolaris-i386 any-amd64 |
4850 | Pre-Depends: ${misc:Pre-Depends} |
4851 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf |
4852 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-9), grub-efi-amd64-bin (= ${binary:Version}), ucf |
4853 | Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-pc, grub-efi-ia32, grub-coreboot, grub-ieee1275 |
4854 | Conflicts: grub, grub-legacy, grub-efi-ia32, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo |
4855 | Multi-Arch: foreign |
4856 | @@ -477,8 +475,7 @@ Description: GRand Unified Bootloader, version 2 (ARM UEFI version) |
4857 | |
4858 | Package: grub-efi-arm64-bin |
4859 | Architecture: any-arm64 |
4860 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}) |
4861 | -Breaks: grub-efi-arm64-signed (<< 1+2.12~rc1) |
4862 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (>= 2.02~beta2-9) |
4863 | Recommends: grub-efi-arm64-signed [arm64], efibootmgr [linux-any] |
4864 | Multi-Arch: foreign |
4865 | XB-Efi-Vendor: ${efi:Vendor} |
4866 | @@ -501,7 +498,7 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI modules) |
4867 | Package: grub-efi-arm64-dbg |
4868 | Section: debug |
4869 | Architecture: any-arm64 |
4870 | -Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}), grub-common (= ${binary:Version}) |
4871 | +Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}) |
4872 | Multi-Arch: foreign |
4873 | Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files) |
4874 | This package contains debugging files for grub-efi-arm64-bin. You only |
4875 | @@ -510,7 +507,7 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files) |
4876 | Package: grub-efi-arm64 |
4877 | Architecture: any-arm64 |
4878 | Pre-Depends: ${misc:Pre-Depends} |
4879 | -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf |
4880 | +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (>= 2.02~beta2-36ubuntu3.32), grub-efi-arm64-bin (= ${binary:Version}), ucf |
4881 | Multi-Arch: foreign |
4882 | Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version) |
4883 | GRUB is a portable, powerful bootloader. This version of GRUB is based on a |
4884 | diff --git a/debian/grub-check-signatures b/debian/grub-check-signatures |
4885 | new file mode 100755 |
4886 | index 0000000..edc171e |
4887 | --- /dev/null |
4888 | +++ b/debian/grub-check-signatures |
4889 | @@ -0,0 +1,136 @@ |
4890 | +#!/bin/sh |
4891 | + |
4892 | +set -e |
4893 | + |
4894 | +. /usr/share/debconf/confmodule |
4895 | + |
4896 | +# Check if we are on an EFI system |
4897 | +efivars=/sys/firmware/efi/efivars |
4898 | +secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c |
4899 | +moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 |
4900 | +tmpdir=$(mktemp -d) |
4901 | + |
4902 | +on_secure_boot() { |
4903 | + # Validate any queued actions before we go try to do them. |
4904 | + local moksbstatert=0 |
4905 | + |
4906 | + if ! [ -d $efivars ]; then |
4907 | + return 1 |
4908 | + fi |
4909 | + |
4910 | + if ! [ -f $efivars/$secureboot_var ] \ |
4911 | + || [ "$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF }')" -ne 1 ] |
4912 | + then |
4913 | + return 1 |
4914 | + fi |
4915 | + |
4916 | + if [ -f /proc/sys/kernel/moksbstate_disabled ]; then |
4917 | + moksbstatert=$(cat /proc/sys/kernel/moksbstate_disabled 2>/dev/null || echo 0) |
4918 | + elif [ -f $efivars/$moksbstatert_var ]; then |
4919 | + # MokSBStateRT set to 1 means validation is disabled |
4920 | + moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \ |
4921 | + awk '{ print $NF; }') |
4922 | + fi |
4923 | + |
4924 | + if [ $moksbstatert -eq 1 ]; then |
4925 | + return 1 |
4926 | + fi |
4927 | + |
4928 | + return 0 |
4929 | +} |
4930 | + |
4931 | +# Retrieve the keys we do trust from PK, DB, KEK, and MokList. |
4932 | +extract_known_keys() { |
4933 | + # Make the Canonical CA cert available for validation too; in case |
4934 | + # MokListRT is empty due to a bug. |
4935 | + cp /usr/share/grub/canonical-uefi-ca.crt $tmpdir |
4936 | + |
4937 | + # Extract known UEFI certs from firmware variables |
4938 | + ( cd $tmpdir; \ |
4939 | + mokutil --export --db >/dev/null 2>/dev/null; \ |
4940 | + mokutil --export --mok >/dev/null 2>/dev/null; ) |
4941 | + find $tmpdir -name "*.der" -exec openssl x509 -inform der -in {} -outform pem -out {}.crt \; |
4942 | +} |
4943 | + |
4944 | +# Check if a given kernel image is signed |
4945 | +is_signed() { |
4946 | + kernel=$1 |
4947 | + tmp=$(mktemp) |
4948 | + kernel_tmp=$(mktemp) |
4949 | + if zcat $kernel > $kernel_tmp 2>/dev/null; then |
4950 | + kernel=$kernel_tmp |
4951 | + fi |
4952 | + sbattach --detach $tmp $kernel >/dev/null 2>/dev/null # that's ugly... |
4953 | + test "$(wc -c < $tmp)" -ge 16 # Just _some_ minimum size |
4954 | + result=$? |
4955 | + if [ $result -eq 0 ]; then |
4956 | + sig_subject=$(openssl pkcs7 -inform der -in $tmp -print_certs | openssl x509 -noout -text | grep Subject: ) |
4957 | + fi |
4958 | + rm $tmp |
4959 | + if [ $result -eq 0 ]; then |
4960 | + for crtfile in $tmpdir/*.crt; do |
4961 | + sbverify --cert $crtfile $kernel >/dev/null 2>/dev/null |
4962 | + result=$? |
4963 | + if [ $result -eq 0 ]; then |
4964 | + rm "$kernel_tmp" |
4965 | + return $result; |
4966 | + fi |
4967 | + done |
4968 | + echo "$1 is signed, but using an unknown key:" >&2 |
4969 | + echo "$sig_subject" >&2 |
4970 | + else |
4971 | + echo "$1 is unsigned." >&2 |
4972 | + fi |
4973 | + rm "$kernel_tmp" |
4974 | + return $result |
4975 | +} |
4976 | + |
4977 | +# Check that our current kernel and every newer one is signed |
4978 | +find_unsigned() { |
4979 | + uname_r="$(uname -r)" |
4980 | + for kernel in $(ls -1 /boot/vmlinuz-* | sort -V -r); do |
4981 | + # no kernels :( |
4982 | + if [ "$kernel" = "/boot/vmlinuz-*" ]; then |
4983 | + break |
4984 | + fi |
4985 | + this_uname_r="$(echo "$kernel" | sed -r 's#^/boot/vmlinuz-(.*)#\1#; s#\.efi\.signed$##')" |
4986 | + if dpkg --compare-versions "$this_uname_r" lt "$uname_r"; then |
4987 | + continue |
4988 | + fi |
4989 | + if [ -e "$kernel.efi.signed" ]; then |
4990 | + continue |
4991 | + fi |
4992 | + if ! is_signed $kernel; then |
4993 | + echo "$this_uname_r" |
4994 | + fi |
4995 | + done |
4996 | +} |
4997 | + |
4998 | +# Only reached from show_warning |
4999 | +error() { |
5000 | + echo "E: Your kernels are not signed with a key known to your firmware. This system will fail to boot in a Secure Boot environment." >&2 |
The diff has been truncated for viewing.