changelog

grub2 (2.06-11) unstable; urgency=medium

  * And try again... :-/

 -- Steve McIntyre <93sam@debian.org>  Fri, 21 Apr 2023 01:50:26 +0100

grub2 (2.06-10) unstable; urgency=medium

  * Fix 32-bit build with the osdep/devmapper/getroot patches.

 -- Steve McIntyre <93sam@debian.org>  Fri, 21 Apr 2023 01:14:13 +0100

grub2 (2.06-9) unstable; urgency=medium

  [ Steve McIntyre ]
  * postinst: make config_item() more robust
  * Add debconf logic for GRUB_DISABLE_OS_PROBER to make it easier to
    control things here. Particularly useful for the installer.
    Closes: #1031594, #1012865, #1025698.
  * Add luks2 to the signed grub efi images. Closes: #1001248

  [ Ben Hutchings ]
  * Fix probing of LUKS2 devices (Closes: #1028301):
    - disk/cryptodisk: When cheatmounting, use the sector info of the cheat
      device
    - osdep/devmapper/getroot: Have devmapper recognize LUKS2
    - osdep/devmapper/getroot: Set up cheated LUKS2 cryptodisk mount from DM
      parameters

  [ Emanuele Rocca ]
  * Add arm64-handover-to-kernel-if-sb-enabled.patch to fix Secure Boot on
    arm64 (Closes: #1033657)

  [ Mattia Rizzolo ]
  * Don't warn about os-prober if it's not installed. Closes: #1020769

 -- Steve McIntyre <93sam@debian.org>  Thu, 20 Apr 2023 20:35:11 +0100

grub2 (2.06-8.1) experimental; urgency=medium

  * Non-maintainer upload.
  * Fix an issue where a logical volume rename would lead grub to fail to
    boot (Closes: #987008)

 -- Antoine Beaupré <anarcat@debian.org>  Sat, 25 Feb 2023 15:16:55 -0500

grub2 (2.06-8) unstable; urgency=medium

  [ Steve McIntyre ]
  * Fix an issue in an f2fs security fix which caused mount
    failures. Closes: #1021846. Thanks to программист некто for helping
    to debug the problem!
  * Switch build-deps from gcc-10 to gcc-12. Closes: #1022184
  * Include upstream patch to enable EFI zboot support on arm64.
    Closes: #1026092
  * grub-mkconfig: Restore umask for the grub.cfg. CVE-2021-3981
    Closes: #1001414
  * postinst: be more verbose when using grub-install to install onto
    devices.
  * /etc/default/grub: Fix comment about text-mode console.
    Fixes #845683
  * grub-install: Don't install the shim fallback program when called
    with --removable. Closes: #1016737
  * grub-install: Don't use our grub CD EFI image for --removable.
    Closes: #1026915. Thanks to Pascal Hambourg for the patch.
  * Ignore some new ext2 flags to stay compatible with latest mke2fs
    defaults. Closes: #1030846

  [ Colin Watson ]
  * Remove myself from Uploaders.

 -- Steve McIntyre <93sam@debian.org>  Thu, 09 Feb 2023 01:09:00 +0000

grub2 (2.06-7) unstable; urgency=medium

  [ Steve McIntyre ]
  * Fix bug in core file code so errors are handled better. This makes
    the fallback font-handling patch work properly.
    Closes: #1025469, #1025477.

 -- Steve McIntyre <93sam@debian.org>  Tue, 06 Dec 2022 03:14:53 +0000

grub2 (2.06-6) unstable; urgency=medium

  [ Steve McIntyre ]
  * Include fonts in the memdisk build for EFI images.
    Closes: #1024395, #1025352, #1024447
  * Bump Debian SBAT level to 4
    - Due to a mistake in the buster upload (2.06-3~deb10u2) that left
      the CVE-2022-2601 bugs in place, we need to bump SBAT for all of
      the Debian GRUB binaries. :-(
  * Switch away from git-dpm

 -- Steve McIntyre <93sam@debian.org>  Sun, 04 Dec 2022 20:42:23 +0000

grub2 (2.06-5) unstable; urgency=high

  [ Steve McIntyre ]
  * Explicitly unset SOURCE_DATE_EPOCH before running fs tests
  * Pull in upstream patches to harden font and image handling -
    CVE-2022-2601, CVE-2022-3775.
  * Bump SBAT level to 3 for grub-efi packages

 -- Steve McIntyre <93sam@debian.org>  Sun, 13 Nov 2022 00:33:35 +0000

grub2 (2.06-4) unstable; urgency=high

  [ Steve McIntyre ]
  * Updated the 2.06-3 changelog to mention closure of CVE-2022-28736
  * Add a commented-out GRUB_DISABLE_OS_PROBER section to
    /etc/default/grub to make it easier for users to turn os-prober
    back on if they want it. Closes: #1013797, #1009336
  * Add smbios to the signed grub efi images. Closes: #1008106
  * Add serial to the signed grub efi images. Closes: #1013962
  * grub2-common: Remove dependency on install-info, it's apparently
    not needed. Closes: #1013698
  * Don't strip Xen binaries so they work again. Closes: #1017944.
    Thanks to Valentin Kleibel for the patch.

 -- Steve McIntyre <93sam@debian.org>  Wed, 14 Sep 2022 22:35:49 +0100

grub2 (2.06-3) unstable; urgency=medium

  [ Colin Watson ]
  * Update a few leftover uses of "which" to use "command -v" instead.
  * Remove some old Lintian overrides.
  * Trim trailing whitespace.
  * debian/copyright: use spaces rather than tabs to start continuation lines.
  * Add missing ${misc:Depends} to Depends for grub-efi-ia32-signed-template,
    grub-efi-amd64-signed-template, grub-efi-arm64-signed-template.
  * Bump debhelper from old 10 to 13.
  * Set upstream metadata fields: Bug-Submit (from ./configure), Repository,
    Repository-Browse.
  * Drop now-unnecessary sparc PIE workaround from debian/rules (thanks,
    John Paul Adrian Glaubitz; closes: #952815).

  [ Debconf translations ]
  * [id] Indonesian (Andika Triwidada; closes: #1007706).

  [ Julian Andres Klode ]
  * Add Julian Andres Klode to uploaders
  * Disable building with LTO, as used in Ubuntu and possibly other
    downstreams (maybe Debian one day), as that breaks the build.
  * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
    write in heap.
    - 0070-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
      video/readers/png: Drop greyscale support to fix heap out-of-bounds write
    - CVE-2021-3695
  * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
    huffman table handling.
    - 0071-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
      video/readers/png: Avoid heap OOB R/W inserting huff table items
    - CVE-2021-3696
  * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
    the heap.
    - 0076-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
      video/readers/jpeg: Block int underflow -> wild pointer write
    - CVE-2021-3697
  * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
    - 0079-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
      maths safely
    - CVE-2022-28733
  * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
    - 0085-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
      OOB write for split http headers
    - CVE-2022-28734
  * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
    - 0066-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
      kern/efi/sb: Reject non-kernel files in the shim_lock verifier
    - CVE-2022-28735
    - Closes: #1001057
  * SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
    - 0063-loader-efi-chainloader-Simplify-the-loader-state.patch:
      loader/efi/chainloader: simplify the loader state
    - 0064-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
      Add API to pass context to loader
    - 0065-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
      loader/efi/chainloader: Use grub_loader_set_ex
    - 0066-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
      loader/i386/efi/linux: Use grub_loader_set_ex
    - CVE-2022-28736
  * Various fixes as a result of fuzzing and static analysis:
    - 0067-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
      kern/file: Do not leak device_name on error in grub_file_open()
    - 0068-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
      video/readers/png: Abort sooner if a read operation fails
    - 0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
      video/readers/png: Refuse to handle multiple image headers
    - 0072-video-readers-png-Sanity-check-some-huffman-codes.patch:
      video/readers/png: Sanity check some huffman codes
    - 0073-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
      video/readers/jpeg: Abort sooner if a read operation fails
    - 0074-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
      video/readers/jpeg: Do not reallocate a given huff table
    - 0075-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
      video/readers/jpeg: Refuse to handle multiple start of streams
    - 0077-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
      normal/charset: Fix array out-of-bounds formatting unicode for display
    - 0078-net-netbuff-Block-overly-large-netbuff-allocs.patch:
      net/netbuff: Block overly large netbuff allocs
    - 0080-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
      net/dns: Fix double-free addresses on corrupt DNS response
    - 0081-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
      net/dns: Don't read past the end of the string we're checking against
    - 0082-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
      net/tftp: Prevent a UAF and double-free from a failed seek
    - 0083-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
    - 0084-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
      net/http: Do not tear down socket if it's already been torn down
    - 0086-net-http-Error-out-on-headers-with-LF-without-CR.patch:
      net/http: Error out on headers with LF without CR
    - 0087-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
      fs/f2fs: Do not read past the end of nat journal entries
    - 0088-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
      fs/f2fs: Do not read past the end of nat bitmap
    - 0089-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
      fs/f2fs: Do not copy file names that are too long
    - 0090-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
      fs/btrfs: Fix several fuzz issues with invalid dir item sizing
    - 0091-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
      fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
    - 0092-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
      fs/btrfs: Fix more fuzz issues related to chunks
  * Bump SBAT generation:
    - update debian/sbat.debian.csv.in

 -- Julian Andres Klode <jak@debian.org>  Fri, 10 Jun 2022 11:15:11 +0200

grub2 (2.06-2) unstable; urgency=medium

  * Update to minilzo-2.10, fixing build failures on armel, mips64el,
    mipsel, and ppc64el.

 -- Colin Watson <cjwatson@debian.org>  Mon, 29 Nov 2021 00:10:09 +0000

grub2 (2.06-1) unstable; urgency=medium

  * Use "command -v" in maintainer scripts rather than "which".
  * New upstream release.
    - Switch to the upstream shim_lock verifier, dropping several more
      manual checks for UEFI Secure Boot.
  * Cherry-pick from upstream:
    - fs/xfs: Fix unreadable filesystem with v4 superblock
    - tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd"
      (closes: #997100)
  * Remove dir_to_symlink maintainer script code, which was only needed for
    upgrades from before jessie.

 -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2021 13:30:32 +0000

grub2 (2.04-20) unstable; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * tpm: Pass unknown error as non-fatal, but debug print the error we got
    (closes: #940911, LP: #1848892).

 -- Colin Watson <cjwatson@debian.org>  Sun, 11 Jul 2021 00:37:36 +0100

grub2 (2.04-19) unstable; urgency=medium

  * Resync grub-install backup and restore patches from upstream, fixing
    problems that left the system unbootable after certain kinds of failure
    (closes: #983435).

 -- Colin Watson <cjwatson@debian.org>  Sat, 19 Jun 2021 13:04:38 +0100

grub2 (2.04-18) unstable; urgency=medium

  [ Steve McIntyre ]
  * Enable the shim_lock and tpm modules for i386-efi too. Ensure that
    tpm is included in our EFI images.
  * List the modules we include the EFI images - make it easier to
    debug things.
  * Add debug to display what's going on with verifiers

  [ Colin Watson ]
  * util/mkimage: Some fixes to PE binaries section size calculation
    (closes: #987103).

 -- Colin Watson <cjwatson@debian.org>  Sun, 25 Apr 2021 16:20:17 +0100

grub2 (2.04-17) unstable; urgency=medium

  * Pass --sbat when building the d-i netboot image as well.
  * i386-pc: build verifiers API as module (thanks, Michael Chang; closes:
    #984488, #985374).

 -- Colin Watson <cjwatson@debian.org>  Fri, 19 Mar 2021 10:41:41 +0000

grub2 (2.04-16) unstable; urgency=medium

  * Fix broken advice in message when the postinst has to bail out (thanks
    to Daniel Leidert for pointing out the problem).
  * Backport security patch series from upstream:
    - verifiers: Move verifiers API to kernel image
    - kern: Add lockdown support
    - kern/lockdown: Set a variable if the GRUB is locked down
    - efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
    - efi: Use grub_is_lockdown() instead of hardcoding a disabled modules
      list
    - CVE-2020-14372: acpi: Don't register the acpi command when locked down
    - CVE-2020-27779: mmap: Don't register cutmem and badram commands when
      lockdown is enforced
    - commands: Restrict commands that can load BIOS or DT blobs when locked
      down
    - commands/setpci: Restrict setpci command when locked down
    - commands/hdparm: Restrict hdparm command when locked down
    - gdb: Restrict GDB access when locked down
    - loader/xnu: Don't allow loading extension and packages when locked
      down
    - docs: Document the cutmem command
    - CVE-2020-25632: dl: Only allow unloading modules that are not
      dependencies
    - CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by
      malicious devices
    - mmap: Fix memory leak when iterating over mapped memory
    - net/net: Fix possible dereference to of a NULL pointer
    - net/tftp: Fix dangling memory pointer
    - kern/parser: Fix resource leak if argc == 0
    - kern/efi: Fix memory leak on failure
    - kern/efi/mm: Fix possible NULL pointer dereference
    - gnulib/regexec: Resolve unused variable
    - gnulib/regcomp: Fix uninitialized token structure
    - gnulib/argp-help: Fix dereference of a possibly NULL state
    - gnulib/regexec: Fix possible null-dereference
    - gnulib/regcomp: Fix uninitialized re_token
    - io/lzopio: Resolve unnecessary self-assignment errors
    - zstd: Initialize seq_t structure fully
    - kern/partition: Check for NULL before dereferencing input string
    - disk/ldm: Make sure comp data is freed before exiting from make_vg()
    - disk/ldm: If failed then free vg variable too
    - disk/ldm: Fix memory leak on uninserted lv references
    - disk/cryptodisk: Fix potential integer overflow
    - hfsplus: Check that the volume name length is valid
    - zfs: Fix possible negative shift operation
    - zfs: Fix resource leaks while constructing path
    - zfs: Fix possible integer overflows
    - zfsinfo: Correct a check for error allocating memory
    - affs: Fix memory leaks
    - libgcrypt/mpi: Fix possible unintended sign extension
    - libgcrypt/mpi: Fix possible NULL dereference
    - syslinux: Fix memory leak while parsing
    - normal/completion: Fix leaking of memory when processing a completion
    - commands/hashsum: Fix a memory leak
    - video/efi_gop: Remove unnecessary return value of
      grub_video_gop_fill_mode_info()
    - video/fb/fbfill: Fix potential integer overflow
    - video/fb/video_fb: Fix multiple integer overflows
    - video/fb/video_fb: Fix possible integer overflow
    - video/readers/jpeg: Test for an invalid next marker reference from a
      jpeg file
    - gfxmenu/gui_list: Remove code that coverity is flagging as dead
    - loader/bsd: Check for NULL arg up-front
    - loader/xnu: Fix memory leak
    - loader/xnu: Free driverkey data when an error is detected in
      grub_xnu_writetree_toheap()
    - loader/xnu: Check if pointer is NULL before using it
    - util/grub-install: Fix NULL pointer dereferences
    - util/grub-editenv: Fix incorrect casting of a signed value
    - util/glue-efi: Fix incorrect use of a possibly negative value
    - script/execute: Fix NULL dereference in grub_script_execute_cmdline()
    - commands/ls: Require device_name is not NULL before printing
    - script/execute: Avoid crash when using "$#" outside a function scope
    - CVE-2021-20225: lib/arg: Block repeated short options that require an
      argument
    - script/execute: Don't crash on a "for" loop with no items
    - CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix()
    - kern/misc: Always set *end in grub_strtoull()
    - video/readers/jpeg: Catch files with unsupported quantization or
      Huffman tables
    - video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du()
    - video/readers/jpeg: Don't decode data before start of stream
    - term/gfxterm: Don't set up a font with glyphs that are too big
    - fs/fshelp: Catch impermissibly large block sizes in read helper
    - fs/hfsplus: Don't fetch a key beyond the end of the node
    - fs/hfsplus: Don't use uninitialized data on corrupt filesystems
    - fs/hfs: Disable under lockdown
    - fs/sfs: Fix over-read of root object name
    - fs/jfs: Do not move to leaf level if name length is negative
    - fs/jfs: Limit the extents that getblk() can consider
    - fs/jfs: Catch infinite recursion
    - fs/nilfs2: Reject too-large keys
    - fs/nilfs2: Don't search children if provided number is too large
    - fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup()
    - io/gzio: Bail if gzio->tl/td is NULL
    - io/gzio: Add init_dynamic_block() clean up if unpacking codes fails
    - io/gzio: Catch missing values in huft_build() and bail
    - io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build()
      fails
    - disk/lvm: Don't go beyond the end of the data we read from disk
    - disk/lvm: Don't blast past the end of the circular metadata buffer
    - disk/lvm: Bail on missing PV list
    - disk/lvm: Do not crash if an expected string is not found
    - disk/lvm: Do not overread metadata
    - disk/lvm: Sanitize rlocn->offset to prevent wild read
    - disk/lvm: Do not allow a LV to be it's own segment's node's LV
    - fs/btrfs: Validate the number of stripes/parities in RAID5/6
    - fs/btrfs: Squash some uninitialized reads
    - kern/parser: Fix a memory leak
    - kern/parser: Introduce process_char() helper
    - kern/parser: Introduce terminate_arg() helper
    - kern/parser: Refactor grub_parser_split_cmdline() cleanup
    - kern/buffer: Add variable sized heap buffer
    - CVE-2020-27749: kern/parser: Fix a stack buffer overflow
    - kern/efi: Add initial stack protector implementation
    - util/mkimage: Remove unused code to add BSS section
    - util/mkimage: Use grub_host_to_target32() instead of
      grub_cpu_to_le32()
    - util/mkimage: Always use grub_host_to_target32() to initialize PE
      stack and heap stuff
    - util/mkimage: Unify more of the PE32 and PE32+ header set-up
    - util/mkimage: Reorder PE optional header fields set-up
    - util/mkimage: Improve data_size value calculation
    - util/mkimage: Refactor section setup to use a helper
    - util/mkimage: Add an option to import SBAT metadata into a .sbat
      section
    - grub-install-common: Add --sbat option
    - kern/misc: Split parse_printf_args() into format parsing and va_list
      handling
    - kern/misc: Add STRING type for internal printf() format handling
    - kern/misc: Add function to check printf() format against expected
      format
    - gfxmenu/gui: Check printf() format in the gui_progress_bar and
      gui_label
    - kern/mm: Fix grub_debug_calloc() compilation error
  * Add SBAT section (thanks, Chris Coulson).

 -- Colin Watson <cjwatson@debian.org>  Tue, 02 Mar 2021 18:00:00 +0000

grub2 (2.04-15) unstable; urgency=medium

  * Demote grub-common → mtools dependency to Suggests, to go with xorriso;
    explain the situation in the package description (closes: #982313).

 -- Colin Watson <cjwatson@debian.org>  Mon, 08 Feb 2021 21:39:24 +0000

grub2 (2.04-14) unstable; urgency=medium

  [ Raphaël Hertzog ]
  * Extend grub-efi to also cover arm64/ia64/arm (closes: #981819).

  [ Colin Watson ]
  * Cherry-pick from upstream:
    - grub-install: Fix inverted test for NLS enabled when copying locales
      (closes: #979754).
  * Fix handling of trailing commas in grub-pc/install_devices (closes:
    #913928).
  * Make grub-firmware-qemu Recommend/Enhance qemu-system-x86, not qemu
    (closes: #966243).
  * Make grub-common depend on mtools on EFI platforms, for grub-mkrescue
    (closes: #774910).

 -- Colin Watson <cjwatson@debian.org>  Sun, 07 Feb 2021 15:23:51 +0000

grub2 (2.04-13) unstable; urgency=medium

  [ Steve McIntyre ]
  * Switch to using the efivarfs interface for detecting "system setup"
    (Closes: #979299)

 -- Colin Watson <cjwatson@debian.org>  Sat, 06 Feb 2021 17:30:38 +0000

grub2 (2.04-12) unstable; urgency=medium

  * Cherry-pick from upstream:
    - mdraid1x_linux: Fix gcc10 error -Werror=array-bounds
    - zfs: Fix gcc10 error -Werror=zero-length-bounds
  * Build with GCC 10 (closes: #978515).

 -- Colin Watson <cjwatson@debian.org>  Mon, 28 Dec 2020 22:33:23 +0000

grub2 (2.04-11) unstable; urgency=medium

  * grub-install: Fix backup restoration on i386 (closes: #976671).

 -- Colin Watson <cjwatson@debian.org>  Sun, 06 Dec 2020 18:29:51 +0000

grub2 (2.04-10) unstable; urgency=medium

  [ Ian Campbell ]
  * Remove myself from uploaders.

  [ Colin Watson ]
  * When upgrading grub-pc noninteractively, bail out if grub-install fails.
    It's better to fail the upgrade than to produce a possibly-unbootable
    system.
  * Explicitly check whether the target device exists before running
    grub-install, since grub-install copies modules to /boot/grub/ before
    installing the core image, and the new modules might be incompatible
    with the old core image (closes: #966575).
  * Cherry-pick from upstream:
    - tftp: Roll-over block counter to prevent data packets timeouts
      (LP: #1892290).

  [ Dimitri John Ledkov ]
  * grub-install: Add backup and restore.
  * Don't call grub-install on fresh install of grub-pc.  It's the job of
    installers to do that after a fresh install.

 -- Colin Watson <cjwatson@debian.org>  Sun, 08 Nov 2020 16:26:08 +0000

grub2 (2.04-9) unstable; urgency=high

  * Backport security patch series from upstream:
    - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal
    - safemath: Add some arithmetic primitives that check for overflow
    - calloc: Make sure we always have an overflow-checking calloc()
      available
    - CVE-2020-14308: calloc: Use calloc() at most places
    - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow
      checking primitives where we do complex allocations
    - iso9660: Don't leak memory on realloc() failures
    - font: Do not load more than one NAME section
    - gfxmenu: Fix double free in load_image()
    - xnu: Fix double free in grub_xnu_devprop_add_property()
    - lzma: Make sure we don't dereference past array
    - term: Fix overflow on user inputs
    - udf: Fix memory leak
    - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
    - tftp: Do not use priority queue
    - relocator: Protect grub_relocator_alloc_chunk_addr() input args
      against integer underflow/overflow
    - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against
      integer underflow
    - script: Remove unused fields from grub_script_function struct
    - CVE-2020-15706: script: Avoid a use-after-free when redefining a
      function during execution
    - relocator: Fix grub_relocator_alloc_chunk_align() top memory
      allocation
    - hfsplus: fix two more overflows
    - lvm: fix two more potential data-dependent alloc overflows
    - emu: make grub_free(NULL) safe
    - efi: fix some malformed device path arithmetic errors
    - Fix a regression caused by "efi: fix some malformed device path
      arithmetic errors"
    - update safemath with fallback code for gcc older than 5.1
    - efi: Fix use-after-free in halt/reboot path
    - linux loader: avoid overflow on initrd size calculation
  * CVE-2020-15707: linux: Fix integer overflows in initrd size handling
  * Apply overflow checking to allocations in Debian patches:
    - bootp: Fix integer overflow in parse_dhcp6_option
    - unix/config: Fix integer overflow in grub_util_load_config
    - deviceiter: Fix integer overflow in grub_util_iterate_devices

 -- Colin Watson <cjwatson@debian.org>  Wed, 29 Jul 2020 17:58:37 +0100

grub2 (2.04-8) unstable; urgency=medium

  [ Vincent Lefevre ]
  * Fix typos in /etc/grub.d/05_debian_theme. Closes: #959484

  [ Fabian Greffrath ]
  * Change font dependency to fonts-dejavu-core. Closes: #912846

  [ Colin Watson ]
  * Cherry-pick from upstream:
    - templates/20_linux_xen: Ignore xenpolicy and config files too.
    - templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK).

  [ Ian Jackson ]
  * 20_linux_xen: Do not load XSM policy in non-XSM options (closes:
    #961673).

 -- Colin Watson <cjwatson@debian.org>  Sun, 07 Jun 2020 10:06:37 +0100

grub2 (2.04-7) unstable; urgency=medium

  [ Christian Göttsche ]
  * Create grub default configuration with default SELinux context.

  [ Steve McIntyre ]
  * In the signed packages, change the version dependency on
    grub-common to be >= and not =. This will allow for installation
    in unstable to still work in the window while we wait for the
    template package to do its second trip through the archive.
  * Tweak the build-dep architecture listing for libefiboot-dev and
    libefivar-dev. The linux-* wildcards don't work in the way
    expected, and were missing out (at least) armhf and armel.
    Closes: #958461

 -- Colin Watson <cjwatson@debian.org>  Wed, 22 Apr 2020 14:52:13 +0100

grub2 (2.04-6) unstable; urgency=medium

  [ Romain Perier ]
  * Add f2fs module to signed UEFI images

  [ Steve McIntyre ]
  * Add jfs module to signed UEFI images. Closes: #950959

  [ Colin Watson ]
  * Drop mkconfig-mid-upgrade.patch; it was only needed for upgrades from
    GRUB 1.99 (now a long time ago) and can inappropriately hide problems
    when /etc/grub.d/00_header should have been updated but wasn't (closes:
    #953201).
  * Cherry-pick from upstream:
    - btrfs: Add support for new RAID1C34 profiles (closes: #958236).

 -- Colin Watson <cjwatson@debian.org>  Mon, 20 Apr 2020 01:03:08 +0100

grub2 (2.04-5) unstable; urgency=medium

  * Cherry-pick from upstream:
    - verifiers: Blocklist fallout cleanup (this was one cause of a build
      failure on hurd-i386, though may not be the only one).
  * Only recommend grub-efi-*-signed on the architectures where they exist.

 -- Colin Watson <cjwatson@debian.org>  Mon, 16 Dec 2019 15:48:45 +0000

grub2 (2.04-4) unstable; urgency=medium

  [ Thomas Gaugler ]
  * Add leading / to prefix of network boot image for d-i.

  [ Martin von Wittich ]
  * upgrade-from-grub-legacy: Set DPKG_MAINTSCRIPT_NAME and
    DPKG_MAINTSCRIPT_PACKAGE when calling grub-pc.postinst manually (closes:
    #943387).

  [ Colin Watson ]
  * Use policy-compliant architecture wildcards in libefiboot-dev and
    libefivar-dev build-dependencies.
  * Build with GCC 9 (closes: #944166).

 -- Colin Watson <cjwatson@debian.org>  Fri, 08 Nov 2019 10:58:30 +0000

grub2 (2.04-3) unstable; urgency=medium

  * Apply patch from James Clarke to fix BIOS Boot Partition support on
    sparc64 (closes: #931969).
  * Fix UEFI installation for Devuan (thanks, Ivan J.; closes: #932966).
  * Add probe module to signed UEFI images (closes: #936082).

 -- Colin Watson <cjwatson@debian.org>  Fri, 30 Aug 2019 13:50:41 +0100

grub2 (2.04-2) unstable; urgency=medium

  [ James Clarke ]
  * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux
    architectures, since they're Linux-only.

  [ Colin Watson ]
  * Use debhelper-compat instead of debian/compat.
  * debian/apport/source_grub2.py:
    - Avoid star import.
    - Fix flake8 errors.
  * Run gentpl.py with python3.

 -- Colin Watson <cjwatson@debian.org>  Sat, 03 Aug 2019 13:42:49 +0100

grub2 (2.04-1) unstable; urgency=medium

  * New upstream release.
  * debian/upstream/signing-key.asc: Add signing key of new upstream
    maintainer (Daniel Kiper).

 -- Colin Watson <cjwatson@debian.org>  Tue, 09 Jul 2019 11:48:01 +0100

grub2 (2.04~rc1-3) experimental; urgency=medium

  [ Will Thompson ]
  * Fix --disable-quiet-boot.

  [ Steve Langasek ]
  * If we don't have writable grubenv and we're on EFI, always show the menu
    (merged from Ubuntu).

  [ Steve McIntyre ]
  * Make all the signed EFI arches have a Recommends: from
    grub-efi-ARCH-signed to shim-signed, not just amd64.
    Closes: #931038
  * Add myself to Uploaders

  [ Colin Watson ]
  * Squash linuxefi* patches into a single patch.

 -- Colin Watson <cjwatson@debian.org>  Thu, 27 Jun 2019 08:51:37 +0100

grub2 (2.04~rc1-2) experimental; urgency=medium

  [ Colin Watson ]
  * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson).

  [ Steve McIntyre ]
  * Add the ntfs module to signed UEFI images. Closes: #923855
  * Add the cpuid module to signed UEFI images. Closes: #928628
  * Add the play module to signed UEFI images. Closes: #930290
  * Add an extra di-specific version of the UEFI netboot image with a
    different baked-in prefix value. Helps to fix #928750.
  * Deal with --force-extra-removable with signed shim too. Closes: #930531

 -- Colin Watson <cjwatson@debian.org>  Sat, 15 Jun 2019 09:41:19 +0100

grub2 (2.04~rc1-1) experimental; urgency=medium

  * New upstream release candidate.
    - getroot: Save/restore CWD more reliably on Unix (closes: #918700).
  * Rename patches to use "-" as a separator rather than "_" (except when
    referring to a file, function, or command containing a "_").
  * Fix format of debian/copyright.

 -- Colin Watson <cjwatson@debian.org>  Thu, 30 May 2019 16:56:05 +0100

grub2 (2.02+dfsg1-20) unstable; urgency=medium

  [ Steve McIntyre ]
  * Make all the signed EFI arches have a Recommends: from
    grub-efi-ARCH-signed to shim-signed, not just amd64.
    Closes: #931038
  * Add myself to Uploaders

 -- Steve McIntyre <93sam@debian.org>  Tue, 25 Jun 2019 10:11:12 +0100

grub2 (2.02+dfsg1-19) unstable; urgency=medium

  [ Colin Watson ]
  * Fix format of debian/copyright.

  [ Steve McIntyre ]
  * Add the ntfs module to signed UEFI images. Closes: #923855
  * Add the cpuid module to signed UEFI images. Closes: #928628
  * Add the play module to signed UEFI images. Closes: #930290
  * Add an extra di-specific version of the UEFI netboot image with a
    different baked-in prefix value. Helps to fix #928750.
  * Deal with --force-extra-removable with signed shim too. Closes: #930531

 -- Colin Watson <cjwatson@debian.org>  Fri, 14 Jun 2019 19:04:01 +0100

grub2 (2.02+dfsg1-18) unstable; urgency=medium

  * Apply patches from Alexander Graf to fix grub-efi-arm crash (closes:
    #927269):
    - arm: Move trampolines into code section
    - arm: Align section alignment with manual relocation offset code
  * Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work
    around that package shipping colliding configuration file names in
    stretch-backports (closes: #919915).
  * Apply patch from Peter Jones to forbid the "devicetree" command when
    Secure Boot is enabled (closes: #927888).

 -- Colin Watson <cjwatson@debian.org>  Sat, 04 May 2019 22:58:32 +0100

grub2 (2.02+dfsg1-17) unstable; urgency=medium

  * Make grub-efi-*-bin recommend efibootmgr.  We don't actually use it any
    more, but it's helpful for debugging.

 -- Colin Watson <cjwatson@debian.org>  Mon, 15 Apr 2019 18:38:30 +0100

grub2 (2.02+dfsg1-16) unstable; urgency=medium

  * Fix -Wcast-align diagnostics on ARM.

 -- Colin Watson <cjwatson@debian.org>  Sat, 23 Mar 2019 23:28:17 +0000

grub2 (2.02+dfsg1-15) unstable; urgency=medium

  * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
    storage changes.
  * Drop now-unnecessary dependencies on efibootmgr.

 -- Colin Watson <cjwatson@debian.org>  Sat, 23 Mar 2019 09:56:35 +0000

grub2 (2.02+dfsg1-14) unstable; urgency=medium

  * Make signed packages depend on a matching version of grub-common, in an
    attempt to prevent incorrect testing migrations (closes: #924814).
  * Cherry-pick from upstream:
    - xfs: Accept filesystem with sparse inodes (closes: #924760).
  * Minimise writes to EFI variable storage (closes: #891434).

 -- Colin Watson <cjwatson@debian.org>  Sat, 23 Mar 2019 09:47:10 +0000

grub2 (2.02+dfsg1-13) unstable; urgency=medium

  * Add regexp module to signed UEFI images.
  * debian/signing-template.json.in: Use new extendable format.

  [ Debconf translations ]
  * [nb] Norwegian Bokmål (Petter Reinholdtsen; closes: #924326).

 -- Colin Watson <cjwatson@debian.org>  Thu, 14 Mar 2019 10:33:24 +0000

grub2 (2.02+dfsg1-12) unstable; urgency=medium

  [ Colin Watson ]
  * Remove code to migrate grub-pc/install_devices to persistent device
    names under /dev/disk/by-id/.  This migration happened in
    1.98+20100702-1, which was in squeeze (four stable releases ago), so we
    no longer need to carry around this complex code.
  * Preserve previous answer to grub-pc/install_devices if we have to ask
    grub-pc/install_devices_disks_changed and the user chooses not to
    install to any devices, so that we can recover from temporary bugs that
    cause /dev/disk/by-id/ paths to change (closes: #919029).
  * debian/signing-template.json.in: Add trusted_certs key (empty, since
    GRUB has no hardcoded list of trusted certificates).
  * util: Detect more I/O errors (closes: #922741).

  [ Leif Lindholm ]
  * arm64/efi: Fix grub_efi_get_ram_base().

  [ Steve McIntyre ]
  * grub-install: Check for arm-efi as a default target (closes: #922104).

  [ James Clarke ]
  * osdep/freebsd: Fix partition calculation for EBR entries (closes:
    #923253).

 -- Colin Watson <cjwatson@debian.org>  Fri, 01 Mar 2019 12:34:45 +0000

grub2 (2.02+dfsg1-11) unstable; urgency=medium

  [ Colin Watson ]
  * Apply patches from Alexander Graf to set arm64-efi code offset to
    EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
  * Upgrade to debhelper v10.
  * Set Rules-Requires-Root: no.
  * Add help and ls modules to signed UEFI images (closes: #919955).
  * Fix application of answers from dpkg-reconfigure to /etc/default/grub
    (based loosely on a patch by Steve Langasek, for which thanks; closes:
    #921702).

  [ Steve McIntyre ]
  * Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).

  [ Jeroen Dekkers ]
  * Initialize keyboard in at_keyboard module init if keyboard is ready
    (closes: #741464).

  [ John Paul Adrian Glaubitz ]
  * Include a.out header in assembly of sparc64 boot loader (closes:
    #921249).

  [ Hervé Werner ]
  * Fix setup on Secure Boot systems where cryptodisk is in use (closes:
    #917117).

  [ Debconf translations ]
  * [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).

 -- Colin Watson <cjwatson@debian.org>  Sun, 10 Feb 2019 18:53:41 +0000

grub2 (2.02+dfsg1-10) unstable; urgency=medium

  * Apply patch from Heinrich Schuchardt (mentioned in #916695 though
    unrelated):
    - grub-core/loader/efi/fdt.c: do not copy random memory
  * Add luks modules to signed UEFI images (pointed out by Alex Griffin and
    Hervé Werner; closes: #908162, LP: #1565950).
  * Keep track of the previous version of /usr/share/grub/default/grub and
    set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
    can't figure this out for itself since we apply debconf-based
    customisations on top of the template configuration file (closes:
    #812574, LP: #564853).
  * Backport Xen PVH guest support from upstream (closes: #776450).  Thanks
    to Hans van Kranenburg for testing.

 -- Colin Watson <cjwatson@debian.org>  Fri, 11 Jan 2019 15:24:20 +0000

grub2 (2.02+dfsg1-9) unstable; urgency=medium

  [ Colin Watson ]
  * Sync Maintainer/Uploaders in debian/signing-template/control.in with the
    main packaging.
  * Tell reportbug to submit bug reports against unsigned packages rather
    than generated signed packages.
  * Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
  * Move bash completions to /usr/share/bash-completion/completions/grub and
    add appropriate symlinks (closes: #912852).
  * Build with GCC 8 (closes: #915735).

  [ Leif Lindholm ]
  * Apply patch series (mostly) from upstream to switch the arm loader over
    to use the arm64 loader code and improve arm/arm64 initrd handling
    (closes: #907596, #909420, #915091).

  [ Matthew Garrett ]
  * Don't enforce Shim signature validation if Secure Boot is disabled.

 -- Colin Watson <cjwatson@debian.org>  Fri, 07 Dec 2018 10:38:37 +0000

grub2 (2.02+dfsg1-8) unstable; urgency=medium

  * Revise grub-<platform>-bin and grub-<platform> package descriptions to
    try to explain better how they fit together and which one should be used
    (based loosely on work by Justin B Rye, for which thanks; closes:
    #630224).
  * Skip flaky grub_cmd_set_date test (closes: #906470).
  * Work around bug in obsolete init-select package: add Conflicts/Replaces
    from grub-common, and take over /etc/default/grub.d/init-select.cfg with
    a no-op stub (thanks to Guillem Jover for the suggestion; closes:
    #863801).
  * Build-depend on dosfstools and mtools on non-Linux variants of
    i386/amd64/arm64 as well, to match debian/rules.
  * Cherry-pick from upstream:
    - i386/linux: Add support for ext_lfb_base (LP: #1785033).
  * Don't source /etc/default/grub.d/*.cfg in config maintainer scripts,
    since otherwise we incorrectly merge settings from there into
    /etc/default/grub (closes: #872637, LP: #1797894).
  * Add xfs module to signed UEFI images (closes: #911147, LP: #1652822).
  * Cope with / being on a ZFS root dataset (closes: #886178).

  [ Debconf translations ]
  * [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964).

 -- Colin Watson <cjwatson@debian.org>  Mon, 29 Oct 2018 13:02:08 +0000

grub2 (2.02+dfsg1-7) unstable; urgency=medium

  * Move kernel maintainer script snippets into grub2-common (thanks,
    Bastian Blank; closes: #910959).
  * Add cryptodisk and gcry_* modules to signed UEFI images (closes:
    #908162, LP: #1565950).
  * Remove dh_builddeb override to use xz compression; this has been the
    default since dpkg 1.17.0.

 -- Colin Watson <cjwatson@debian.org>  Sat, 27 Oct 2018 13:06:32 +0100

grub2 (2.02+dfsg1-6) unstable; urgency=medium

  * Only build *-signed packages on their native architecture for now, since
    otherwise we end up with clashing source packages (closes: #906596).
  * Refer to source packages in Built-Using, not binary packages (closes:
    #907483).

 -- Colin Watson <cjwatson@debian.org>  Tue, 28 Aug 2018 16:17:21 +0100

grub2 (2.02+dfsg1-5) unstable; urgency=medium

  [ Colin Watson ]
  * Change Maintainer to pkg-grub-devel@alioth-lists.debian.net, following
    Alioth lists migration.
  * Backport from upstream:
    - Use grub-file to figure out whether multiboot2 should be used for
      Xen.gz (closes: #898947).
    - x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32.
  * Fix some test failures:
    - Disable sercon in SeaBIOS.
    - Fix qemu options for UHCI test.

  [ Philipp Hahn ]
  * Disallow unsigned kernels if UEFI Secure Boot is enabled
    (patch by Linn Crosetto <linn@hpe.com>)
  * Add patch to fix lockdown mode
    (patch by Luca Boccassi <bluca@debian.org>)
  * Build monolithic EFI binaries for signing (closes: #851994)
  * Add template for signing monolithic EFI binaries
  * debian/build-efi-images: Use correct EFI vendor (closes: #769172)

  [ Luca Boccassi ]
  * template packages: install changelog and copyright
  * Override lintian error about template rules file
  * Add XB-Efi-Vendor metadata to efi-*-bin packages

 -- Colin Watson <cjwatson@debian.org>  Mon, 30 Jul 2018 13:33:23 +0100

grub2 (2.02+dfsg1-4) unstable; urgency=medium

  * Adjust restore_mkdevicemap.patch to fix format-overflow warning with GCC
    7 (the overflow was in fact impossible in practice, but GCC couldn't
    prove that).
  * Cherry-pick upstream patch to disable -Wformat-truncation on GCC >= 7 in
    printf_unit_test.
  * Build with GCC 7 (closes: #892397).

 -- Colin Watson <cjwatson@debian.org>  Sun, 01 Apr 2018 10:49:48 +0100

grub2 (2.02+dfsg1-3) unstable; urgency=medium

  * sparc64: Don't use devspec to determine the OBP path (closes: #854568).
  * ieee1275: Fix crash in of_path_of_nvme when of_path is empty (closes:
    #891773).
  * sparc64: Limit nvme of_path_of_nvme to just SPARC.

 -- Colin Watson <cjwatson@debian.org>  Fri, 02 Mar 2018 12:53:34 +0000

grub2 (2.02+dfsg1-2) unstable; urgency=medium

  * Build-depend on libparted-dev on powerpc and ppc64 (closes: #891070).
  * Add support for modern sparc64 hardware (thanks, Eric Snowberg via John
    Paul Adrian Glaubitz; closes: #854568).
  * Build without PIE on sparc and sparc64 (thanks, John Paul Adrian
    Glaubitz; closes: #891733).

 -- Colin Watson <cjwatson@debian.org>  Wed, 28 Feb 2018 12:03:49 +0000

grub2 (2.02+dfsg1-1) unstable; urgency=medium

  * Switch to tracking debian/grub-extras/ using "git subtree" rather than
    submodules.
  * Update debian/README.source for Salsa migration.
  * Use pkg-config to find FreeType (closes: #887721).
  * Change various binary packages' priorities to optional, since "Priority:
    extra" is now deprecated.
  * Repack upstream tarball without grub-core/lib/libgcrypt*/cipher/crc.c,
    and provide a replacement implementation backported from more recent
    versions of libgcrypt (closes: #745409).
  * Cherry-pick upstream patch to avoid -Werror=unused-value build failure
    (closes: #890431).
  * Handle the case where udevadm exists but is non-functional, as warned