Last commit made on 2022-11-18
Get this branch:
git clone -b ubuntu https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

9433c92... by Chris Coulson

releasing package grub2 version 2.06-2ubuntu14

5fed772... by Chris Coulson

Bump SBAT generation

57c6cdc... by Chris Coulson

Don't drop dosfstools as a build-dependency because it's required for vfat FS tests

a34484d... by Chris Coulson

Fix the squashfs tests during the build

4ac97c1... by Chris Coulson

Fix LP: #1997006 - add support for performing measurements to RTMRs

60e6f86... by Chris Coulson

Add security fixes for November 15th disclosure

  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Enforce verification of fonts when secure boot is enabled:
    - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch

6d78e37... by Julian Andres Klode

releasing package grub2 version 2.06-2ubuntu13

2f20eb2... by Julian Andres Klode

x86-efi: Use bounce buffers for reading to addresses > 4GB

Lots of machines apparently can't DMA correctly above 4GB during UEFI,
so use bounce buffers for the initramfs read.

Signed-off-by: Peter Jones <email address hidden>

Gpb-Pq: Name rhboot-x86-efi-use-bounce-buffers.patch

x86-efi: Reduce maximum bounce buffer size to 16 MiB

The EFI linux loader allocates a bounce buffer to copy the initrd since in
some machines doing DMA on addresses above 4GB is not possible during EFI.

But the verifiers framework also allocates a buffer to copy the initrd in
its grub_file_open() handler. It does this since the data to verify has to
be passed as a single chunk to modules that use the verifiers framework.

If the initrd image size is big there may not be enough memory in the heap
to allocate two buffers of that size. This causes an allocation failure in
the verifiers framework and leads to the initrd not being read.

To prevent these allocation failures, let's reduce the maximum size of the
bounce buffer used in the EFI loader. Since the data read can be copied to
the actual initrd address in multilple chunks.

Resolves: rhbz#1838633

Signed-off-by: Javier Martinez Canillas <email address hidden>
Gbp-Pq: Name rhboot-bounce-buffers.patch

a093515... by Julian Andres Klode

Try to pick better locations for kernel and initrd

LP: #1989446

5e9731a... by Julian Andres Klode

releasing package grub2 version 2.06-2ubuntu12