Multiple mounts of a dataset breaks listing the content of snapshots #9958
Labels
Type: Defect
Incorrect behavior (e.g. crash, hang)
Comments
|
I have what appears to be the same or a very similar issue. I have a dataset containing my nix store mounted at /nix/, and nix bind mounts /nix/store to itself to make it read-only (so there are indeed multiple mounts, but no namespaces or containers involved to my knowledge). When I access a snapshot of the nix store I get the same "Too many levels of symbolic links" ELOOP error. What I can add to the above bug report is that the snapshot is in fact automounted, but at the wrong path: it appears in /.zfs/snapshot instead of /nix/.zfs/snapshot! So if you then go looking for the same-named snapshot of the root dataset, you actually get the wrong data: I have not, however, been able to reproduce this issue by following jibel's reproduction steps above, or come up with any similarly clean reproduction steps with a new dataset. It's even possible that the bind mount is a red herring. But I think the fact that the mount happens at the wrong path might be a pretty useful clue to identifying the bug.
|
|
We're seeing this issue as well with bind mounts happening inside containers (0.8.4-1) |
System information
I'm seeing the same issue in a openSUSE Tumbleweed VM. To me it looks like a mounted snapshot cannot be accessed via the
|
|
Still happening on Debian 11 using zfsnap: |
|
Just a thought, the snapshots are separate (hidden) mountpoints that get mounted on demand, so maybe you need a recursive bind mount? And I'm not sure if the "on demand" part would work through the bind mount if it's not already mounted. That seems like it would be more of a Linux issue than a ZFS issue. What I don't expect to work is for ZFS to perform the snapshot mounts inside of the bind instead of the actual mount. I'm pretty sure there are checks preventing it. |
|
Also noticed it doesn't happen on the root mountpoint: |
balabit-sync
pushed a commit
to balabit-deps/balabit-os-8-grub2
that referenced
this issue
Nov 14, 2022
grub2 (2.04-1ubuntu26.7) focal; urgency=medium
* Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels
on arm64 by setting the image base address before jumping to the
PE/COFF entry point LP: #1900774
* Fix tftp timeouts when fetching large files. LP: #1900773
grub2 (2.04-1ubuntu26.6) focal; urgency=medium
* postinst.in, grub-multi-install: fix logic of skipping installing onto
any device, if one chose to not install bootloader on any device. LP:
#1896608
* Do not finalize params twice on arm64. LP: #1897819
grub2 (2.04-1ubuntu26.5) focal; urgency=medium
* ubuntu-linuxefi-arm64.patch: Fix build on armhf (LP: #1862279)
grub2 (2.04-1ubuntu26.4) focal; urgency=medium
* grub-install: cherry-pick patch from grub-devel to make grub-install
fault tolerant. Create backup of files in /boot/grub, and restore them
on failure to complete grub-install. LP: #1891680
* postinst.in: do not exit successfully when failing to show critical
grub-pc/install_devices_failed and grub-pc/install_devices_empty
prompts in non-interactive mode. This enables surfacing upgrade errors
to the users and/or automation. LP: #1891680
* postinst.in: do not attempt to call grub-install upon fresh install of
grub-pc because it it a job of installers to do that after fresh
install. Fixup for the issue unmasked by above. LP: #1891680
* grub-multi-install: fix non-interactive failures for grub-efi like it
was fixed in postinst for grub-pc. LP: #1891680
* postinst.in: Fixup postinst.in, to attempt grub-install upon explicit
dpkg-reconfigure grub-pc. LP: #1892526
grub2 (2.04-1ubuntu26.3) focal; urgency=medium
* 2.04-1ubuntu27 and 2.04-1ubuntu28 folded together for focal
* debian/patches/ubuntu-flavour-order.patch:
- Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel
flavours as preferred, and specify an order between those preferred
flavours (LP: #1882663)
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Use version_find_latest for ordering kernels, so it also supports
the GRUB_FLAVOUR_ORDER setting.
* debian/patches/ubuntu-dont-verify-loopback-images.patch:
- disk/loopback: Don't verify loopback images (LP: #1878541),
Thanks to Chris Coulson for the patch
* debian/patches/ubuntu-recovery-dis_ucode_ldr.patch
- Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789)
* debian/patches/ubuntu-add-initrd-less-boot-fallback.patch:
- Merge changes from xnox to fix multiple initrds support (LP: #1878705)
* debian/patches/ubuntu-clear-invalid-initrd-spacing.patch:
- Remove, no longer needed thanks to xnox's patch
* Ensure that grub-multi-install can always find templates (LP: #1879948)
grub2 (2.04-1ubuntu26.2) focal; urgency=medium
* debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc
package, since we cannot be certain that it will install to the correct
disk and a grub-install failure will render the system unbootable.
LP: #1889556.
grub2 (2.04-1ubuntu26.1) focal; urgency=medium
[ Julian Andres Klode ]
* Move gettext patches out of git-dpm's way, so it does not delete them
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
use-after-free in the halt and reboot commands by not freeing
allocated memory in these paths
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
grub2 (2.04-1ubuntu26) focal; urgency=medium
[ Julian Andres Klode ]
* Move /boot/efi -> debconf migration into wrapper, so it runs everywhere
(LP: #1872077)
* Display disk name and size in the ESP selection dialog, instead of ???
[ Sebastien Bacher ]
* debian/patches/gettext,
debian/patches/rules:
- backport upstream patches to fix the list of translated strings,
reported on the ubuntu-translators mailing list. The changes would
be overwritten by autoreconf so applying from a rules override.
grub2 (2.04-1ubuntu25) focal; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* debian/patches/ubuntu-zfs-enhance-support.patch:
- fix trailing } when no advanced menu is printed
- ensure we unmount all temporary snapshots path before zfs collect them
out.
* debian/patches/ubuntu-speed-zsys-history.patch:
- Speed up navigating zsys history by reducing greatly grub.cfg file size.
It used to take eg 80 seconds when loading 100 system snapshots. This is
now instantaneous by using a function with parameters that the users can
still easily edit.
grub2 (2.04-1ubuntu24) focal; urgency=medium
* Support installing to multiple ESPs (LP: #1871821)
grub2 (2.04-1ubuntu23) focal; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Performance improvements for update-grub on ZFS systems (LP: #1869885)
grub2 (2.04-1ubuntu22) focal; urgency=medium
* smbios: Add a --linux argument to apply linux modalias-like filtering
* Make the linux command in EFI grub always try EFI handover; thanks
to Chris Coulson for the patches (LP: #1864533)
grub2 (2.04-1ubuntu21) focal; urgency=medium
* Make ZFS menu generation depending on new zsysd binary instead of eoan
zsys compatibility symlink.
grub2 (2.04-1ubuntu20) focal; urgency=medium
* build-efi-images: do not produce -installer.efi.signed. LP: #1863994
grub2 (2.04-1ubuntu19) focal; urgency=medium
* uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings
(LP: #1864547)
* build-efi-images: add smbios module to the prebuilt signed EFI images
(LP: #1856424)
grub2 (2.04-1ubuntu18) focal; urgency=medium
* Cherry-pick fix from Colin W. in debian to build with python3.
grub2 (2.04-1ubuntu17) focal; urgency=medium
* Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list
snapshots due to an upstream change.
https://github.com/zfsonlinux/zfs/issues/9958
grub2 (2.04-1ubuntu16) focal; urgency=medium
* Revert "Add smbios module to build-efi-images script" from previous
upload, pending review see https://bugs.launchpad.net/bugs/1856424
grub2 (2.04-1ubuntu15) focal; urgency=medium
* ubuntu-efi-allow-loopmount-chainload.patch:
- Enable chainloading EFI apps from loopmounts
* cherrypick-lsefisystab-define-smbios3.patch:
* cherrypick-smbios-modules.patch:
- Cherrypick from 2.05 module for retrieving SMBIOS information
* cherrypick-lsefisystab-show-dtb.patch:
- If dtb is provided by the firmware / DtbLoader driver, display it in
human form, rather than just UUID
grub2 (2.04-1ubuntu14) focal; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Handle the case where grub-probe returns several devices for a single
pool (LP: #1848856). Thanks jpb for the report and the proposed patch.
- Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik
for the patch.
- Do not crash on invalid fstab and report the invalid entry.
(LP: #1849347) Thanks Deltik for the patch.
- When a pool fails to import, catch and display the error message and
continue with other pools. Import all the pools in readonly mode so we
can import other pools with unsupported features (LP: #1848399) Thanks
satmandu for the investigation and the proposed patch
grub2 (2.04-1ubuntu13) focal; urgency=medium
* debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown"
TPM errors as non-fatal, but still write up the details as debug messages
so we can further track what happens with the systems throwing those up.
(LP: #1848892)
* debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot
status in linuxefi_secure_validate(); it's unnecessary and blocking boot
in chainload (like chainloading Windows) when SB is disabled.
(LP: #1845289)
grub2 (2.04-1ubuntu12) eoan; urgency=medium
* Move our identifier to com.ubuntu
As we are not going to own org.zsys, move our identifier under
com.ubuntu.zsys (LP: #1847711)
grub2 (2.04-1ubuntu11) eoan; urgency=medium
* Load all kernels (even those without .efi.signed) for secure boot mode
as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581)
grub2 (2.04-1ubuntu10) eoan; urgency=medium
* debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch:
skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration.
(LP: #1838525)
grub2 (2.04-1ubuntu9) eoan; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Handle case of pure zfs only snapshots giving additional "}", and as
such, creating invalid grub menu.
Spotted by grubzfs-testsuite autopkgtests.
grub2 (2.04-1ubuntu8) eoan; urgency=medium
* debian/patches/install-signed.patch -> ubuntu-install-signed.patch:
Really fix the installation of UEFI artefacts to the distributor path (we
only want shim, grub, and MokManager, and shim's boot.csv there), and to
the removable /EFI/BOOT path (where we want shim and fallback only).
Rename the patch to ubuntu- like others that are Ubuntu-specific or
otherwise modified to avoid such confusion at merge time in the future.
grub2 (2.04-1ubuntu7) eoan; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
Disable history entry under some conditions:
- Don't show up if the system is a zsys one and zsys isn't installed
(LP: #1845333)
- Don't show for pure zfs systems: we identified multiple issues due
to the mount generator in upstream zfs which makes it incompatible.
Disable for now (LP: #1845913)
grub2 (2.04-1ubuntu6) eoan; urgency=medium
* debian/patches/install-signed.patch: fix paths for MokManager/fallback;
shim no longer ships these with a .signed suffix. (LP: #1845466)
grub2 (2.04-1ubuntu5) eoan; urgency=medium
* d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix
mis-spelling of helper function in final computation of GRUB_DEVICE in
multipath case.
grub2 (2.04-1ubuntu4) eoan; urgency=medium
* d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is
multipathed there will be multiple paths to the partition, so using
root=UUID= exposes the boot process to udev races. In addition
grub-probe --target device / in this case reports /dev/dm-1 or similar --
better to use a symlink that depends on the multipath name. (LP: #1429327)
grub2 (2.04-1ubuntu3) eoan; urgency=medium
[ Mathieu Trudel-Lapierre ]
* debian/patches/ubuntu-add-devicetree-command-support.patch: import patch
into git-dpm: drop [PATCH] tag and add Patch-Name.
[ Didier Roche ]
* debian/patches/ubuntu-zfs-enhance-support.patch
- Don't patch autoregenerated files.
- rewrite generate MenuMeta implementation in shell (LP: #1834095)
mawk doesn't support \s and other array features.
+ Change \s by their space or tab equivalent.
+ Rewrite the menumeta generation in pure shell, which is easier to
debug, keeping globally the same algorithm
+ Support i18n in entry name generation.
Co-authored with Jean-Baptiste.
- Resplit all patches in debian/patches/*, so that we have upstreamable
and non upstreamable parts separate. Also, any change in 10_linux patch
will be reflected in 10_linux_zfs.
- Always import pools (using force), as we don't mount them. Ensure also
that we don't update the host cache, as we import all pools, and not
only those attached to that system.
grub2 (2.04-1ubuntu2) eoan; urgency=medium
* Add device-tree command support as installed by flash-kernel.
grub2 (2.04-1ubuntu1) eoan; urgency=medium
* Merge against Debian; remaining changes:
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- debian/patches/linuxefi.patch: Secure Boot support: use newer patchset
from rhboot repo, flattened to a single patch.
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd
boot config.
- debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel
fails to boot without initrd, we will fallback to trying to boot the
kernel with an initrd.
- debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure
grub-mkconfig leaves a trace of what files were sourced to help generate
the config we're building.
- debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI
console, only set text-mode when we're actually going to need it.
- debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream
version in menu and console, and hide the package one in a
package_version variable.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/build-efi-images: add http module to NET_MODULES.
* debian/patches/linuxefi*.patch: Flatten linuxefi patches into one.
* debian/patches: rename patches to use "-" as a separator rather than "_".
* debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu"
so it's clearer which are new or changed when doing a merge.
* debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due
to objcopy building an invalid binary padded with zeroes (LP: #1833234)
* debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid
spacing for the initrd command when not using early initrds.
* debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd
boot success/failure service to start later at boot time. (LP: #1823391)
* debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which
breaks with new linuxefi patchset.
* debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the
--auto-nvram option we previously had as a supported option in grub-install
(with no effect now), to avoid breaking upgrades. "auto-nvram" is default
behavior now that we use libefivar instead of calling efibootmgr.
grub2 (2.04-2) UNRELEASED; urgency=medium
[ James Clarke ]
* Only Build-Depend on libefiboot-dev and libefivar-dev on Linux
architectures, since they're Linux-only.
grub2 (2.04-1) unstable; urgency=medium
* New upstream release.
* debian/upstream/signing-key.asc: Add signing key of new upstream
maintainer (Daniel Kiper).
grub2 (2.04~rc1-3) experimental; urgency=medium
[ Will Thompson ]
* Fix --disable-quiet-boot.
[ Steve Langasek ]
* If we don't have writable grubenv and we're on EFI, always show the menu
(merged from Ubuntu).
[ Steve McIntyre ]
* Make all the signed EFI arches have a Recommends: from
grub-efi-ARCH-signed to shim-signed, not just amd64.
Closes: #931038
* Add myself to Uploaders
[ Colin Watson ]
* Squash linuxefi* patches into a single patch.
grub2 (2.04~rc1-2) experimental; urgency=medium
[ Colin Watson ]
* debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson).
[ Steve McIntyre ]
* Add the ntfs module to signed UEFI images. Closes: #923855
* Add the cpuid module to signed UEFI images. Closes: #928628
* Add the play module to signed UEFI images. Closes: #930290
* Add an extra di-specific version of the UEFI netboot image with a
different baked-in prefix value. Helps to fix #928750.
* Deal with --force-extra-removable with signed shim too. Closes: #930531
grub2 (2.04~rc1-1) experimental; urgency=medium
* New upstream release candidate.
- getroot: Save/restore CWD more reliably on Unix (closes: #918700).
* Rename patches to use "-" as a separator rather than "_" (except when
referring to a file, function, or command containing a "_").
* Fix format of debian/copyright.
grub2 (2.02+dfsg1-20) unstable; urgency=medium
[ Steve McIntyre ]
* Make all the signed EFI arches have a Recommends: from
grub-efi-ARCH-signed to shim-signed, not just amd64.
Closes: #931038
* Add myself to Uploaders
grub2 (2.02+dfsg1-19) unstable; urgency=medium
[ Colin Watson ]
* Fix format of debian/copyright.
[ Steve McIntyre ]
* Add the ntfs module to signed UEFI images. Closes: #923855
* Add the cpuid module to signed UEFI images. Closes: #928628
* Add the play module to signed UEFI images. Closes: #930290
* Add an extra di-specific version of the UEFI netboot image with a
different baked-in prefix value. Helps to fix #928750.
* Deal with --force-extra-removable with signed shim too. Closes: #930531
grub2 (2.02+dfsg1-18) unstable; urgency=medium
* Apply patches from Alexander Graf to fix grub-efi-arm crash (closes:
#927269):
- arm: Move trampolines into code section
- arm: Align section alignment with manual relocation offset code
* Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work
around that package shipping colliding configuration file names in
stretch-backports (closes: #919915).
* Apply patch from Peter Jones to forbid the "devicetree" command when
Secure Boot is enabled (closes: #927888).
grub2 (2.02+dfsg1-17) unstable; urgency=medium
* Make grub-efi-*-bin recommend efibootmgr. We don't actually use it any
more, but it's helpful for debugging.
grub2 (2.02+dfsg1-16) unstable; urgency=medium
* Fix -Wcast-align diagnostics on ARM.
grub2 (2.02+dfsg1-15) unstable; urgency=medium
* Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
storage changes.
* Drop now-unnecessary dependencies on efibootmgr.
grub2 (2.02+dfsg1-14) unstable; urgency=medium
* Make signed packages depend on a matching version of grub-common, in an
attempt to prevent incorrect testing migrations (closes: #924814).
* Cherry-pick from upstream:
- xfs: Accept filesystem with sparse inodes (closes: #924760).
* Minimise writes to EFI variable storage (closes: #891434).
grub2 (2.02+dfsg1-13) unstable; urgency=medium
* Add regexp module to signed UEFI images.
* debian/signing-template.json.in: Use new extendable format.
[ Debconf translations ]
* [nb] Norwegian Bokmål (Petter Reinholdtsen; closes: #924326).
grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium
* debian/patches/zfs_enhance_support.patch:
Enhance ZFS grub support:
- Support multiple zfs systems (grouped by machine-id)
- Group zfs snapshots and clones with latest dataset for a given
installation.
- Support "history" entry with one time boot, recovery mode and
consecutive reboots.
- Pin kernel to particular snapshot, trying to reboot with the exact
same kernel and initrd.
- Disable in 10_linux zfs support if 10_linux_zfs is installed so that
we don't end up with the same installation multiple times.
* debian/patches/*:
- Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs.
Work done with Jean-Baptiste.
grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium
* debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console,
only set text-mode when we're actually going to need it.
* debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630)
grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
* Merge against Debian unstable; remaining changes (LP: #564853):
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable.
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems.
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP.
- debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu.
- debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
- debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
- debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
- debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, we will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
- debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept.
* Refreshed patches and fixed up attribution to the right authors after
merge with Debian.
* debian/patches/linuxefi_missing_include.patch,
debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
small fixes to casts, format strings, includes and Makefile to make sure
the newer linuxefi patches apply and build properly.
grub2 (2.02+dfsg1-12) unstable; urgency=medium
[ Colin Watson ]
* Remove code to migrate grub-pc/install_devices to persistent device
names under /dev/disk/by-id/. This migration happened in
1.98+20100702-1, which was in squeeze (four stable releases ago), so we
no longer need to carry around this complex code.
* Preserve previous answer to grub-pc/install_devices if we have to ask
grub-pc/install_devices_disks_changed and the user chooses not to
install to any devices, so that we can recover from temporary bugs that
cause /dev/disk/by-id/ paths to change (closes: #919029).
* debian/signing-template.json.in: Add trusted_certs key (empty, since
GRUB has no hardcoded list of trusted certificates).
* util: Detect more I/O errors (closes: #922741).
[ Leif Lindholm ]
* arm64/efi: Fix grub_efi_get_ram_base().
[ Steve McIntyre ]
* grub-install: Check for arm-efi as a default target (closes: #922104).
[ James Clarke ]
* osdep/freebsd: Fix partition calculation for EBR entries (closes:
#923253).
grub2 (2.02+dfsg1-11) unstable; urgency=medium
[ Colin Watson ]
* Apply patches from Alexander Graf to set arm64-efi code offset to
EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
* Upgrade to debhelper v10.
* Set Rules-Requires-Root: no.
* Add help and ls modules to signed UEFI images (closes: #919955).
* Fix application of answers from dpkg-reconfigure to /etc/default/grub
(based loosely on a patch by Steve Langasek, for which thanks; closes:
#921702).
[ Steve McIntyre ]
* Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).
[ Jeroen Dekkers ]
* Initialize keyboard in at_keyboard module init if keyboard is ready
(closes: #741464).
[ John Paul Adrian Glaubitz ]
* Include a.out header in assembly of sparc64 boot loader (closes:
#921249).
[ Hervé Werner ]
* Fix setup on Secure Boot systems where cryptodisk is in use (closes:
#917117).
[ Debconf translations ]
* [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).
grub2 (2.02+dfsg1-10) unstable; urgency=medium
* Apply patch from Heinrich Schuchardt (mentioned in #916695 though
unrelated):
- grub-core/loader/efi/fdt.c: do not copy random memory
* Add luks modules to signed UEFI images (pointed out by Alex Griffin and
Hervé Werner; closes: #908162, LP: #1565950).
* Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file (closes:
#812574, LP: #564853).
* Backport Xen PVH guest support from upstream (closes: #776450). Thanks
to Hans van Kranenburg for testing.
grub2 (2.02+dfsg1-9) unstable; urgency=medium
[ Colin Watson ]
* Sync Maintainer/Uploaders in debian/signing-template/control.in with the
main packaging.
* Tell reportbug to submit bug reports against unsigned packages rather
than generated signed packages.
* Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
* Move bash completions to /usr/share/bash-completion/completions/grub and
add appropriate symlinks (closes: #912852).
* Build with GCC 8 (closes: #915735).
[ Leif Lindholm ]
* Apply patch series (mostly) from upstream to switch the arm loader over
to use the arm64 loader code and improve arm/arm64 initrd handling
(closes: #907596, #909420, #915091).
[ Matthew Garrett ]
* Don't enforce Shim signature validation if Secure Boot is disabled.
grub2 (2.02+dfsg1-8) unstable; urgency=medium
* Revise grub-<platform>-bin and grub-<platform> package descriptions to
try to explain better how they fit together and which one should be used
(based loosely on work by Justin B Rye, for which thanks; closes:
#630224).
* Skip flaky grub_cmd_set_date test (closes: #906470).
* Work around bug in obsolete init-select package: add Conflicts/Replaces
from grub-common, and take over /etc/default/grub.d/init-select.cfg with
a no-op stub (thanks to Guillem Jover for the suggestion; closes:
#863801).
* Build-depend on dosfstools and mtools on non-Linux variants of
i386/amd64/arm64 as well, to match debian/rules.
* Cherry-pick from upstream:
- i386/linux: Add support for ext_lfb_base (LP: #1785033).
* Don't source /etc/default/grub.d/*.cfg in config maintainer scripts,
since otherwise we incorrectly merge settings from there into
/etc/default/grub (closes: #872637, LP: #1797894).
* Add xfs module to signed UEFI images (closes: #911147, LP: #1652822).
* Cope with / being on a ZFS root dataset (closes: #886178).
[ Debconf translations ]
* [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964).
grub2 (2.02+dfsg1-7) unstable; urgency=medium
* Move kernel maintainer script snippets into grub2-common (thanks,
Bastian Blank; closes: #910959).
* Add cryptodisk and gcry_* modules to signed UEFI images (closes:
#908162, LP: #1565950).
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
grub2 (2.02+dfsg1-6) unstable; urgency=medium
* Only build *-signed packages on their native architecture for now, since
otherwise we end up with clashing source packages (closes: #906596).
* Refer to source packages in Built-Using, not binary packages (closes:
#907483).
grub2 (2.02+dfsg1-5ubuntu11) disco; urgency=medium
[ Mathieu Trudel-Lapierre ]
* debian/grub-check-signatures: properly account for DB showing as empty on
some broken firmwares: Guard against mokutil --export --db failing, and do
a better job at finding the DER certs for conversion to PEM format.
(LP: #1814575)
[ Steve Langasek ]
* debian/patches/quick-boot-lvm.patch: checking the return value of
'lsefi' when the command doesn't exist does not do what's expected, so
instead check the value of $grub_platform which is simpler anyway.
LP: #1814403.
grub2 (2.02+dfsg1-5ubuntu10) disco; urgency=medium
* debian/grub-check-signatures: check kernel signatures against keys known
in firmware, in case a kernel is signed but not using a key that will pass
validation, such as when using kernels coming from a PPA. (LP: #1789918)
grub2 (2.02+dfsg1-5ubuntu9) disco; urgency=medium
[ Steve Langasek ]
* debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu. Closes LP: #1800722.
[ Mathieu Trudel-Lapierre ]
* debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
grub2 (2.02+dfsg1-5ubuntu8) cosmic; urgency=medium
* debian/patches/grub-install-extra-removable.patch: install mmx64.efi to
the EFI removable path to avoid boot failures after install when certs
need to be enrolled and the system's firmware is confused. (LP: #1798171)
grub2 (2.02+dfsg1-5ubuntu7) cosmic; urgency=medium
[ Steve Langasek ]
* debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
[ Mathieu Trudel-Lapierre ]
* debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT,
to avoid unnecessary delay at boot time. (LP: #1784363)
grub2 (2.02+dfsg1-5ubuntu6) cosmic; urgency=medium
[ Steve Langasek ]
* debian/grub-check-signatures: Handle the case where we have unsigned
vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727)
grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium
[ Mathieu Trudel-Lapierre ]
* debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
[ Steve Langasek ]
* debian/rules, debian/control: enable dh-systemd.
* debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, grub will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
grub2 (2.02+dfsg1-5ubuntu4) cosmic; urgency=medium
* debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
(LP: #1792575)
grub2 (2.02+dfsg1-5ubuntu3) cosmic; urgency=medium
* debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept. (LP: #788298)
grub2 (2.02+dfsg1-5ubuntu2) cosmic; urgency=medium
* debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for
ext_lfb_base. (LP: #1785033)
grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium
[ Mathieu Trudel-Lapierre]
* Merge against Debian unstable; remaining changes:
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Move installing fb$arch.efi to --no-extra-removable; as we don't want
fallback to be installed unless we're also installing to /EFI/BOOT.
(LP: #1684341)
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel. (LP: #1401532)
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597)
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config. (LP: #1640878)
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot (LP: #1447500)
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable. (LP: #1723434)
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems. (LP: #1711452)
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP. (LP: #1743249)
* util/grub-install.c: Drop extra handling for x.efi.signed files for mok
and fallback binaries: shim now installs them without the .signed
extension. (LP: #1708245)
- debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and
the casting they do on some architectures: we don't want to fail build
because of some of the warnings that can show up since we otherwise build
with -Werror.
* debian/rules: shuffle files around for now to keep putting build artefacts
for signing at the same location as they were expected by Launchpad.
[ Julian Andres Klode ]
* debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859)
grub2 (2.02+dfsg1-5) unstable; urgency=medium
[ Colin Watson ]
* Change Maintainer to pkg-grub-devel@alioth-lists.debian.net, following
Alioth lists migration.
* Backport from upstream:
- Use grub-file to figure out whether multiboot2 should be used for
Xen.gz (closes: #898947).
- x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32.
* Fix some test failures:
- Disable sercon in SeaBIOS.
- Fix qemu options for UHCI test.
[ Philipp Hahn ]
* Disallow unsigned kernels if UEFI Secure Boot is enabled
(patch by Linn Crosetto <linn@hpe.com>)
* Add patch to fix lockdown mode
(patch by Luca Boccassi <bluca@debian.org>)
* Build monolithic EFI binaries for signing (closes: #851994)
* Add template for signing monolithic EFI binaries
* debian/build-efi-images: Use correct EFI vendor (closes: #769172)
[ Luca Boccassi ]
* template packages: install changelog and copyright
* Override lintian error about template rules file
* Add XB-Efi-Vendor metadata to efi-*-bin packages
grub2 (2.02+dfsg1-4) unstable; urgency=medium
* Adjust restore_mkdevicemap.patch to fix format-overflow warning with GCC
7 (the overflow was in fact impossible in practice, but GCC couldn't
prove that).
* Cherry-pick upstream patch to disable -Wformat-truncation on GCC >= 7 in
printf_unit_test.
* Build with GCC 7 (closes: #892397).
grub2 (2.02+dfsg1-3) unstable; urgency=medium
* sparc64: Don't use devspec to determine the OBP path (closes: #854568).
* ieee1275: Fix crash in of_path_of_nvme when of_path is empty (closes:
#891773).
* sparc64: Limit nvme of_path_of_nvme to just SPARC.
grub2 (2.02+dfsg1-2) unstable; urgency=medium
* Build-depend on libparted-dev on powerpc and ppc64 (closes: #891070).
* Add support for modern sparc64 hardware (thanks, Eric Snowberg via John
Paul Adrian Glaubitz; closes: #854568).
* Build without PIE on sparc and sparc64 (thanks, John Paul Adrian
Glaubitz; closes: #891733).
grub2 (2.02+dfsg1-1) unstable; urgency=medium
* Switch to tracking debian/grub-extras/ using "git subtree" rather than
submodules.
* Update debian/README.source for Salsa migration.
* Use pkg-config to find FreeType (closes: #887721).
* Change various binary packages' priorities to optional, since "Priority:
extra" is now deprecated.
* Repack upstream tarball without grub-core/lib/libgcrypt*/cipher/crc.c,
and provide a replacement implementation backported from more recent
versions of libgcrypt (closes: #745409).
* Cherry-pick upstream patch to avoid -Werror=unused-value build failure
(closes: #890431).
* Handle the case where udevadm exists but is non-functional, as warned
about by Lintian 2.5.75.
grub2 (2.02-3) unstable; urgency=medium
* Use current location for upstream signing key
(debian/upstream/signing-key.asc).
* Update upstream signing key to a non-expired version.
* Install bootinfo.txt and grub.chrp in grub-ieee1275-bin for ppc64, and
install and use prep-bootdev on powerpc and ppc64 as well as ppc64el
(thanks, John Paul Adrian Glaubitz; closes: #881730).
* Cherry-pick upstream patch to change the default TSC calibration method
to pmtimer on EFI systems (closes: #883193).
* Move VCS to salsa.debian.org.
* Consistently create /boot/grub in the postinst of all grub-<platform>
packages (closes: #884883).
[ Debconf translations ]
* [sq] Albanian (Silva Arapi; closes: #874497).
grub2 (2.02-2ubuntu13) cosmic; urgency=medium
* debian/patches/tests_update_for_new_qemu.patch: update qemu options to
remove deprecated options that fail tests.
* debian/patches: fix up busted patches due to git-dpm:
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch
- debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch
* debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose
of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as
R_X86_64_PC32. Make R_X86_64_PLT32 supported.
grub2 (2.02-2ubuntu12) cosmic; urgency=medium
* debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise
and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597)
grub2 (2.02-2ubuntu11) cosmic; urgency=medium
* Verify that the current and newer kernels are signed when grub is updated, to
make sure people do not accidentally shutdown without a signed kernel.
grub2 (2.02-2ubuntu10) cosmic; urgency=medium
* debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the
grub-shell test helper, disable seabios's serial console through fw_cfg
runtime configuration as its boot output interferes with testing.
(LP: #1775249)
grub2 (2.02-2ubuntu9) cosmic; urgency=medium
* debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
grub2 (2.02-2ubuntu8) bionic; urgency=medium
* Drop debian/patches/mkconfig_keep_native_term_active.patch, which can
lead to flickering between graphical and text mode when traversing the
menu. (LP: #1752767)
* debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS
with flex 2.6.4.
grub2 (2.02-2ubuntu7) bionic; urgency=medium
[ Julian Andres Klode ]
* debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable. (LP: #1723434)
[ Mathieu Trudel-Lapierre ]
* debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems. (LP: #1711452)
grub2 (2.02-2ubuntu6) bionic; urgency=medium
[ Steve Langasek ]
* debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP. (LP: #1743249)
grub2 (2.02-2ubuntu5) bionic; urgency=medium
* debian/patches/mkconfig_keep_native_term_active.patch: Keep the
default EFI console active while enabling gfxterm. (LP: #1743884)
grub2 (2.02-2ubuntu4) bionic; urgency=medium
* debian/patches/vt_handoff.patch: modify the existing patch to set
vt.handoff=1 instead of vt.handoff=7 as we now start display managers on
vt1 anyway. This also fixes issues with netboot installed server systems
not displaying the login prompt on boot. (LP: #1675453)
grub2 (2.02-2ubuntu3) bionic; urgency=medium
* util/grub-install.c: Drop extra handling for x.efi.signed files for mok
and fallback binaries: shim now installs them without the .signed
extension. (LP: #1708245)
* debian/control: Breaks shim (<< 13).
grub2 (2.02-2ubuntu2) bionic; urgency=medium
* Cherry-pick upstream patch to change the default TSC calibration method
to pmtimer on EFI systems (LP: #1734278)
* debian/control: Update Vcs fields for code location on Ubuntu.
grub2 (2.02-2ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config. (LP: #1640878)
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot (LP: #1447500)
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel. (LP: #1401532)
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Move installing fb$arch.efi to --no-extra-removable; as we don't want
fallback to be installed unless we're also installing to /EFI/BOOT.
(LP: #1684341)
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
* Sync Secure Boot support patches with the upstream patch set from
rhboot/grub2:master-sb. Renamed some patches and updated descriptions for
the whole thing to make more sense, too:
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/linuxefi.patch
- debian/patches/linuxefi_debug.patch
- debian/patches/linuxefi_non_sb_fallback.patch
- debian/patches/linuxefi_add_sb_to_efi_chainload.patch
- debian/patches/linuxefi_cleanup_errors_in_loader.patch
- debian/patches/linuxefi_fix_efi_validation_race.patch
- debian/patches/linuxefi_handle_multiarch_boot.patch
- debian/patches/linuxefi_honor_sb_mode.patch
- debian/patches/linuxefi_move_fdt_helper.patch
- debian/patches/linuxefi_load_arm_with_sb.patch
- debian/patches/linuxefi_minor_cleanups.patch
- debian/patches/linuxefi_re-enable_linux_cmd.patch
- debian/patches/linuxefi_rework_linux16_cmd.patch
- debian/patches/linuxefi_rework_linux_cmd.patch
- debian/patches/linuxefi_rework_non-sb_efi_chainload.patch
- debian/patches/linuxefi_rework_pe_loading.patch
- debian/patches/linuxefi_use_dev_chainloader_target.patch
* debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and
the casting they do on some architectures: we don't want to fail build
because of some of the warnings that can show up since we otherwise build
with -Werror.
grub2 (2.02-2) unstable; urgency=medium
* Comment out debian/watch lines for betas and pre-releases for now.
* Cherry-pick upstream patch to allow mounting ext2/3/4 file systems that
have the 'encrypt' feature enabled (closes: #840204).
grub2 (2.02-1) unstable; urgency=medium
* New upstream release.
- xen: Fix wrong register in relocator (closes: #799480).
* Resolve symlinks for supported init paths as well as for /sbin/init
(thanks, Felipe Sateler; closes: #842315).
[ Debconf translations ]
* [sr] Serbian (Karolina Kalic; closes: #691288).
* [sr@latin] Serbian Latin (Karolina Kalic; closes: #691289).
* [pt] Portuguese (Rui Branco - DebianPT; closes: #864171).
grub2 (2.02~beta3-5) unstable; urgency=medium
[ Steve McIntyre ]
* Make grub-install check for errors from efibootmgr (closes: #853234).
There are probably still underlying issues in other similar reported
bugs, but they're more effectively tracked elsewhere (e.g. efibootmgr)
at this point (closes: #756253, #852513).
[ Debconf translations ]
* [ug] Uyghur (Abduqadir Abliz).
* [es] Spanish (Manuel "Venturi" Porras Peralta; closes: #852977).
grub2 (2.02~beta3-4ubuntu7) artful; urgency=medium
* debian/patches/headers_for_device_macros.patch,
debian/patches/fix_check_for_sys_macros.patch: make sure the right
device macro header is included and that the deprecation warning
is dealt with. LP: #1722955.
grub2 (2.02~beta3-4ubuntu6) artful; urgency=medium
* debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to
mount an EXT4 partition that has the 'encrypt' feature enabled
(closes: 840204)
grub2 (2.02~beta3-4ubuntu5) artful; urgency=medium
* debian/patches/linuxefi.patch: fix double-free caused by an extra
grub_free() call in this patch (which the previous upload didn't change).
* debian/patches/linuxefi_rework_non-sb_cases.patch,
debian/patches/linuxefi_non_sb_fallback.patch: refreshed.
grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium
* debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
SB patch set:
- linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
chainloader.
- linuxefi_fix_validation_race.patch: Fix a race in validating images.
- linuxefi_chainloader_path.patch: honor the starting path for grub, so
images do not need to be started from $root.
- linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
when Secure Boot is enabled.
- linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
loaders: don't load the commands when Secure Boot is enabled.
- linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
initrd commands to automatically hand-off to linuxefi/initrdefi; re-
enable the linux loader.
- linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
"special" PE images, such as Windows'.
- linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
disabled or shim validation is disabled so loading works as EFI binaries
when it is supposed to.
- Removed linuxefi_require_shim.patch; superseded by the above.
grub2 (2.02~beta3-4ubuntu3) artful; urgency=medium
* debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Move installing fb$arch.efi to --no-extra-removable; as we don't want
fallback to be installed unless we're also installing to /EFI/BOOT.
(LP: #1684341)
grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium
* debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel. (LP: #1401532)
grub2 (2.02~beta3-4ubuntu1) zesty; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config. (LP: #1640878)
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot (LP: #1447500)
grub2 (2.02~beta3-4) unstable; urgency=medium
[ Colin Watson ]
* Drop build-dependency on libxen-dev, unnecessary now that upstream has
taken a copy of the necessary public headers.
* Ensure that build-efi-images has a suitable PATH for running mkfs.msdos
(thanks, Luca Boccassi; closes: #852001).
[ dann frazier ]
* Add grub2/update_nvram template to allow users to disable NVRAM
updates during package upgrades (LP: #1642298).
[ Debconf translations ]
* [ro] Romanian (Andrei POPESCU).
* [kk] Kazakh (Baurzhan Muftakhidinov).
* [lt] Lithuanian (Rimas Kudelis).
* [th] Thai (Theppitak Karoonboonyanan).
* [sl] Slovenian (Vanja Cvelbar).
* [pl] Polish (Łukasz Dulny).
* [eu] Basque (Iñaki Larrañaga Murgoitio; closes: #851981).
* [bg] Bulgarian (Damyan Ivanov; closes: #852024).
* [de] German (Helge Kreutzmann; closes: #852027).
* [vi] Vietnamese (Trần Ngọc Quân).
* [ko] Korean (Changwoo Ryu; closes: #852061).
* [ru] Russian (Yuri Kozlov; closes: #852064).
* [tr] Turkish (Mert Dirik).
* [it] Italian (Luca Monducci; closes: #852073).
* [cs] Czech (Miroslav Kure; closes: #852189).
* [be] Belarusian (Viktar Siarheichyk; closes: #852286).
* [eo] Esperanto (Felipe Castro).
* [uk] Ukrainian (Yatsenko Alexandr).
* [pt_BR] Brazilian Portuguese (Adriano Rafael Gomes; closes: #852325).
* [hr] Croatian (Tomislav Krznar).
* [ca] Catalan (Innocent De Marchi; closes: #852331).
* [fr] French (Baptiste Jammet; closes: #852341).
* [da] Danish (Joe Hansen; closes: #852349).
* [nl] Dutch (Frans Spiesschaert; closes: #852403).
grub2 (2.02~beta3-3) unstable; urgency=medium
[ Chad MILLER ]
* Signal to zpool that it should emit full names of constituent devices
(closes: #824974, LP: #1527727).
[ Mathieu Trudel-Lapierre ]
* Fix support for IPv6 PXE booting under UEFI (LP: #1229458):
- misc-fix-invalid-char-strtol.patch: fix strto*l methods invalid chars.
- net_read_bracketed_ipv6_addr.patch: read bracketed IPv6 addresses.
- bootp_new_net_bootp6_command.patch: add new bootp6 commands.
- efinet_uefi_ipv6_pxe_support.patch: teach efinet to allow bootp6.
- bootp_process_dhcpack_http_boot.patch: process DHCPACK, support HTTP.
- efinet_set_network_from_uefi_devpath.patch: configure network from the
devpath provided by the UEFI firmware.
- efinet_set_dns_from_uefi_proto.patch: set DNS nameservers and search
domains from the UEFI protocol.
* debian/patches/install_signed.patch: update patch for the new names of
the EFI binaries from shim.
* debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) due to
the renamed binaries in the new shim.
* debian/postinst.in: call on to update-secureboot-policy on configure to
make sure users can disable shim validation if necessary.
* debian/build-efi-images: add loopback and squash4 modules to the signed
EFI images.
grub2 (2.02~beta3-2) unstable; urgency=medium
* debian/watch: Switch URL scheme to HTTP.
* Fix operator precedence in GRUB_DEVICE UUID tests (closes: #841680,
#841741).
grub2 (2.02~beta3-1) unstable; urgency=medium
[ Colin Watson ]
* New upstream beta release.
* syslinux_test: Fix out-of-tree build handling.
* Drop "grub-shell: Pass -no-pad to xorriso when building floppy images".
The floppy images built by grub-shell are no longer over the floppy
limit, and this patch now itself causes fddboot_test failures.
* Build with GCC 6 (closes: #835964).
* linuxefi.patch: Adjust for libgcc removal.
* Apply openSUSE patch to accept empty modules for now so that Xen builds
work.
[ Debconf translations ]
* [ja] Japanese (Takuma Yamada; closes: #815203, #817084).
[ Martin Pitt ]
* debian/grub-common.init: Don't source /lib/init/vars.sh, we don't depend
on initscripts (and don't want to). There is no reason why we would not
use the LSB log_action_msg in non-verbose (default) mode, most other
packages use it unconditionally (closes: #824875, LP: #1584134).
[ Steve Beattie ]
* debian/rules: Disable PIE builds for GRUB modules (closes: #837493).
grub2 (2.02~beta2-36) unstable; urgency=medium
[ Colin Watson ]
* Use HTTPS for Vcs-Git URL.
* Add zfs, zfscrypt, and zfsinfo to signed EFI images (LP: #1542358).
[ Martin Pitt ]
* debian/postinst.in, debian/kernel/zz-update-grub: Call
systemd-detect-virt (which works under any init system, despite the
name) instead of the Ubuntu specific running-in-container wrapper.
(LP: #1539016)
grub2 (2.02~beta2-35) unstable; urgency=medium
* Apply the arm64 -mpc-relative-literal-loads workaround in configure
rather than in debian/rules, to cope with toolchains that don't have the
relevant patch applied.
grub2 (2.02~beta2-34) unstable; urgency=medium
[ Colin Watson ]
* Remove duplicate Replaces on grub-ieee1275 (<< 2.00-4) from
grub2-common.
* Refer to /usr/share/common-licenses/GPL-3 rather than
/usr/share/common-licenses/GPL.
* Cherry-pick upstream patches to add more ACPI opcodes to acpihalt
(closes: #766853, LP: #1530648).
* Drop build-dependency on libusb-dev, since it was currently unused in
any case; also explicitly configure with --disable-grub-emu-usb to avoid
possible future ambiguity (closes: #810421).
* Use dpkg-maintscript-helper to convert directories to symlinks in
various upgrade cases, in place of hand-coded equivalents.
* Change versioned Conflicts from grub-common and grub2-common into Breaks
or Breaks+Replaces as appropriate.
* Remove pragmas related to -Wunreachable-code (closes: #812047).
* Temporarily work around arm64 build failure with gcc-5 >= 5.3.1-4 using
-mpc-relative-literal-loads.
* Backport various ZFS improvements from trunk (closes: #706415, #772797;
LP: #1451476, #1530457).
[ Didier Roche ]
* Use new plymouth theme path to set grub theme configuration.
grub2 (2.02~beta2-33) unstable; urgency=high
[ Mathieu Trudel-Lapierre ]
* Cherry-picks to better handle TFTP timeouts on some arches: (LP: #1521612)
- (7b386b7) efidisk: move device path helpers in core for efinet
- (c52ae40) efinet: skip virtual IP devices when enumerating cards
- (f348aee) efinet: enable hardware filters when opening interface
[ Lee Trager ]
* Add raid5rec and raid6rec to signed EFI images (closes: #807385).
[ Colin Watson ]
* CVE-2015-8370: Fix authentication bypass via backspace integer underflow
(closes: #808122).
grub2 (2.02~beta2-32) unstable; urgency=medium
[ Mathieu Trudel-Lapierre ]
* Cherry-pick patch to add SAS disks to the device list from the ofdisk
module. (LP: #1517586)
[ dann frazier ]
* Cherry-pick patch to open Simple Network Protocol exclusively.
(LP: #1508893)
[ Linn Crosetto ]
* Install arm64 signed images if UEFI Secure Boot is enabled (closes:
#806178).
grub2 (2.02~beta2-31) unstable; urgency=medium
* Cherry-pick upstream patch to fix XFS alignment treatment.
* Cherry-pick upstream patch to fix XFS handling of symlink with
crc-enabled filesystem.
grub2 (2.02~beta2-30) unstable; urgency=medium
[ dann frazier ]
* arm64/setjmp: Add missing license macro. (LP: #1459871)
[ Colin Watson ]
* Cherry-pick upstream patches for XFS v5 support (closes: #772565).
grub2 (2.02~beta2-29) unstable; urgency=medium
[ Linn Crosetto ]
* Clean up docs, mpi, and other files (closes: #798607).
[ dann frazier ]
* progress: avoid NULL dereference for net files. (LP: #1459872)
grub2 (2.02~beta2-28) unstable; urgency=medium
* Reduce the CFLAGS -O3 default on Ubuntu ppc64el to -O2; it introduces
various -Werror failures and isn't worth it here.
grub2 (2.02~beta2-27) unstable; urgency=medium
[ Felix Zielcke ]
* Remove Robert Millan from Uploaders with his permission. Thanks for
all the work he did for GRUB 2!
* Stop forcing gcc-4.9 for building.
* Update to Policy 3.9.6.
* Update the Browser URL for our git repository.
* Use dpkg-buildflags at least for the host binaries.
* Simplify Build-Depends.
[ Colin Watson ]
* Go back to forcing a particular compiler version, but this time gcc-5.
The reason for this is that new compiler versions often make slight
changes to the size of compiled code which break delicate parts of GRUB,
and we want to make sure that we test newer versions before switching to
them.
* Make builds that a…
balabit-sync
pushed a commit
to balabit-deps/balabit-os-9-grub2
that referenced
this issue
Nov 15, 2022
grub2 (2.06-2ubuntu7) jammy; urgency=medium
[ Heinrich Schuchardt ]
* Disable LOAD FILE2 protocol for initrd on ARM (LP: #1967562)
grub2 (2.06-2ubuntu6) jammy; urgency=medium
[ Heinrich Schuchardt ]
* efivar: check that efivarfs is writeable (LP: #1965288)
[ Dimitri John Ledkov ]
* Do not validate kernels twice. (LP: #1964943)
[ Heinrich Schuchardt ]
* efi: EFI Device Tree Fixup Protocol (LP: #1965796)
* fdt: add debug output to devicetree command
grub2 (2.06-2ubuntu5) jammy; urgency=medium
[ Julian Andres Klode ]
* Free correct size when freeing params, rather than 16 Ki (LP: #1958623)
* Build with FUSE3 (LP: #1935659)
* Only run os-prober on first run and if it previously found other OS
(LP: #1955109)
[ Heinrich Schuchardt ]
* Rename grub-core/loader/efi/linux.c
* Add patches for GRUB on RISC-V
* fat: fix listing the root directory
* Enable building for RISC-V (LP: #1876620)
[ Julian Andres Klode ]
* Re-enable peimage code on other archs outside secure boot; this
fixes LP: #1947046 when not booting in secure boot mode (secure
boot pending security review of the code)
grub2 (2.06-2ubuntu4) jammy; urgency=medium
* UBUNTU: Move verifiers after decompressors (LP: #1954683)
* grub-check-signatures: Support gzip compressed kernels (LP: #1954683)
grub2 (2.06-2ubuntu3) jammy; urgency=medium
* Cherry-pick the missing hunk back that changes parameter loading
in grub-core/loader/i386/linux.c, this should fix booting on
BIOS systems.
* Fix the fallback for kernel addresses on amd64 EFI, if the kernel
could not be allocated at the preferred address, reset errno such
that if the 2nd allocation succeeds, we do not fail erroneously.
grub2 (2.06-2ubuntu2) jammy; urgency=medium
* Restore still relevant patches lost in rebase.
They got lost in a first rebase, when we did not include
ubuntu-linuxefi.patch as they modify code in there.
- no-devicetree-if-secure-boot.patch
- 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch
- 0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch
- 0099-chainloader-Avoid-a-double-free-when-validation-fail.patch
- 0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
grub2 (2.06-2ubuntu1) jammy; urgency=medium
* Merge from Debian unstable; remaining changes:
- Build without lto
- Add Ubuntu sbat data
- Make prebuilt netboot image look for MAAS grub.cfg
- build-efi-images: add smbios module to the prebuilt signed EFI images
(LP: 1856424)
- build-efi-images: do not produce -installer.efi.signed. LP: 1863994
- build-efi-images: Add http to netboot images
- grub-common: Install canonical-uefi-ca.crt
- Check signatures
- minilzo: built using the distribution's minilzo
- Support installing to multiple ESP (LP: 1871821)
- Disable various bits on i386
- Split out unsigned artefacts into grub2-unsigned
- Vcs-Git: Point to ubuntu packaging branch
- Relax dependencies on grub-common and grub2-common
- grub-pc: Avoid the possibility of breaking grub on SRU update due
to ABI change
- UBUNTU: Default timeout changes
- Disable os-prober for ppc64el on the PowerNV platform (for Petitboot)
- dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar)
- Link grub-efi-{amd64,arm64}-bin docs directory
- grub-common.service: port init.d script to systemd unit. Add warning
message, when initrdless boot fails triggering fallback. LP: 1901553
- Removed patches:
- grub-install-extra-removable.patch
- grub-install-removable-shim.patch
- Added patches:
+ ubuntu-grub-install-extra-removable.patch
+ ubuntu-zfs-enhance-support.patch
+ ubuntu-zfs-gfxpayload-keep-default.patch
+ ubuntu-zfs-mkconfig-ubuntu-distributor.patch
+ ubuntu-zfs-mkconfig-signed-kernel.patch
+ ubuntu-zfs-maybe-quiet.patch
+ ubuntu-zfs-quick-boot.patch
+ ubuntu-zfs-gfxpayload-dynamic.patch
+ ubuntu-zfs-vt-handoff.patch
+ ubuntu-zfs-mkconfig-recovery-title.patch
+ ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
+ ubuntu-support-initrd-less-boot.patch
+ ubuntu-shorter-version-info.patch
+ ubuntu-add-initrd-less-boot-fallback.patch
+ ubuntu-mkconfig-leave-breadcrumbs.patch
+ ubuntu-fix-lzma-decompressor-objcopy.patch
+ ubuntu-temp-keep-auto-nvram.patch
+ ubuntu-add-devicetree-command-support.patch
+ ubuntu-boot-from-multipath-dependent-symlink.patch
+ ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch
+ ubuntu-efi-allow-loopmount-chainload.patch
+ 0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch
+ ubuntu-resilient-boot-ignore-alternative-esps.patch
+ ubuntu-resilient-boot-boot-order.patch
+ ubuntu-speed-zsys-history.patch
+ ubuntu-flavour-order.patch
+ ubuntu-dont-verify-loopback-images.patch
+ ubuntu-recovery-dis_ucode_ldr.patch
+ ubuntu-linuxefi-arm64.patch
+ ubuntu-add-initrd-less-boot-messages.patch
+ ubuntu-fix-reproducible-squashfs-test.patch
+ rhboot-f34-make-exit-take-a-return-code.patch
+ rhboot-f34-dont-use-int-for-efi-status.patch
+ rhboot-f34-make-pmtimer-tsc-calibration-fast.patch
+ suse-add-support-for-UEFI-network-protocols.patch
+ suse-AUDIT-0-http-boot-tracker-bug.patch
+ rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch
+ 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch
* Dropped changes:
- Remove obsolete dependencies on dh-autoreconf and automake
- Remove explicit --with systemd in debhelper invocation
- Remove debian/gettext-patches; they do not seem to be necessary anymore
- Remove inadvertent change to debian/signing-template.json.in, we do not
use that file anyway.
- Merged upstream:
+ merged: 0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch
+ merged: 0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch
+ merged security patches 0081-0105, and 0128-0240
+ various cherry picks: cherry-* and cherrypick-*.patch
+ grub-install-backup-and-restore.patch
+ uefi-firmware-setup.patch
+ sleep-shift.patch
+ vsnprintf-upper-case-hex.patch
+ rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch
+ suse-search-for-specific-config-files-for-netboot.patch
+ tftp-rollover-block-counter.patch
+ ubuntu-efi-console-set-text-mode-as-needed.patch
- Merged in Debian:
+ install-efi-ubuntu-flavours.patch
+ ubuntu-dejavu-font-path.patch
+ ubuntu-tpm-unknown-error-non-fatal.patch
- Not applicable:
+ 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch: The
check has been removed.
* Fix zstd build on s390x
* Cherry-pick two upstream fixes to fix closing of SNP protocol in EFI
networking stack
* Build with -O1 on s390x to avoid build failure due to gcc optimization
failure causing it to wrongly assume variables as uninitialized.
* Revert integration of jfs and f2fs modules into signed images, we do not
support these file systems on /boot.
grub2 (2.06-2) unstable; urgency=medium
* Update to minilzo-2.10, fixing build failures on armel, mips64el,
mipsel, and ppc64el.
grub2 (2.06-1) unstable; urgency=medium
* Use "command -v" in maintainer scripts rather than "which".
* New upstream release.
- Switch to the upstream shim_lock verifier, dropping several more
manual checks for UEFI Secure Boot.
* Cherry-pick from upstream:
- fs/xfs: Fix unreadable filesystem with v4 superblock
- tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd"
(closes: #997100)
* Remove dir_to_symlink maintainer script code, which was only needed for
upgrades from before jessie.
grub2 (2.04-20) unstable; urgency=medium
[ Mathieu Trudel-Lapierre ]
* tpm: Pass unknown error as non-fatal, but debug print the error we got
(closes: #940911, LP: #1848892).
grub2 (2.04-19) unstable; urgency=medium
* Resync grub-install backup and restore patches from upstream, fixing
problems that left the system unbootable after certain kinds of failure
(closes: #983435).
grub2 (2.04-18) unstable; urgency=medium
[ Steve McIntyre ]
* Enable the shim_lock and tpm modules for i386-efi too. Ensure that
tpm is included in our EFI images.
* List the modules we include the EFI images - make it easier to
debug things.
* Add debug to display what's going on with verifiers
[ Colin Watson ]
* util/mkimage: Some fixes to PE binaries section size calculation
(closes: #987103).
grub2 (2.04-17) unstable; urgency=medium
* Pass --sbat when building the d-i netboot image as well.
* i386-pc: build verifiers API as module (thanks, Michael Chang; closes:
#984488, #985374).
grub2 (2.04-16) unstable; urgency=medium
* Fix broken advice in message when the postinst has to bail out (thanks
to Daniel Leidert for pointing out the problem).
* Backport security patch series from upstream:
- verifiers: Move verifiers API to kernel image
- kern: Add lockdown support
- kern/lockdown: Set a variable if the GRUB is locked down
- efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
- efi: Use grub_is_lockdown() instead of hardcoding a disabled modules
list
- CVE-2020-14372: acpi: Don't register the acpi command when locked down
- CVE-2020-27779: mmap: Don't register cutmem and badram commands when
lockdown is enforced
- commands: Restrict commands that can load BIOS or DT blobs when locked
down
- commands/setpci: Restrict setpci command when locked down
- commands/hdparm: Restrict hdparm command when locked down
- gdb: Restrict GDB access when locked down
- loader/xnu: Don't allow loading extension and packages when locked
down
- docs: Document the cutmem command
- CVE-2020-25632: dl: Only allow unloading modules that are not
dependencies
- CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by
malicious devices
- mmap: Fix memory leak when iterating over mapped memory
- net/net: Fix possible dereference to of a NULL pointer
- net/tftp: Fix dangling memory pointer
- kern/parser: Fix resource leak if argc == 0
- kern/efi: Fix memory leak on failure
- kern/efi/mm: Fix possible NULL pointer dereference
- gnulib/regexec: Resolve unused variable
- gnulib/regcomp: Fix uninitialized token structure
- gnulib/argp-help: Fix dereference of a possibly NULL state
- gnulib/regexec: Fix possible null-dereference
- gnulib/regcomp: Fix uninitialized re_token
- io/lzopio: Resolve unnecessary self-assignment errors
- zstd: Initialize seq_t structure fully
- kern/partition: Check for NULL before dereferencing input string
- disk/ldm: Make sure comp data is freed before exiting from make_vg()
- disk/ldm: If failed then free vg variable too
- disk/ldm: Fix memory leak on uninserted lv references
- disk/cryptodisk: Fix potential integer overflow
- hfsplus: Check that the volume name length is valid
- zfs: Fix possible negative shift operation
- zfs: Fix resource leaks while constructing path
- zfs: Fix possible integer overflows
- zfsinfo: Correct a check for error allocating memory
- affs: Fix memory leaks
- libgcrypt/mpi: Fix possible unintended sign extension
- libgcrypt/mpi: Fix possible NULL dereference
- syslinux: Fix memory leak while parsing
- normal/completion: Fix leaking of memory when processing a completion
- commands/hashsum: Fix a memory leak
- video/efi_gop: Remove unnecessary return value of
grub_video_gop_fill_mode_info()
- video/fb/fbfill: Fix potential integer overflow
- video/fb/video_fb: Fix multiple integer overflows
- video/fb/video_fb: Fix possible integer overflow
- video/readers/jpeg: Test for an invalid next marker reference from a
jpeg file
- gfxmenu/gui_list: Remove code that coverity is flagging as dead
- loader/bsd: Check for NULL arg up-front
- loader/xnu: Fix memory leak
- loader/xnu: Free driverkey data when an error is detected in
grub_xnu_writetree_toheap()
- loader/xnu: Check if pointer is NULL before using it
- util/grub-install: Fix NULL pointer dereferences
- util/grub-editenv: Fix incorrect casting of a signed value
- util/glue-efi: Fix incorrect use of a possibly negative value
- script/execute: Fix NULL dereference in grub_script_execute_cmdline()
- commands/ls: Require device_name is not NULL before printing
- script/execute: Avoid crash when using "$#" outside a function scope
- CVE-2021-20225: lib/arg: Block repeated short options that require an
argument
- script/execute: Don't crash on a "for" loop with no items
- CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix()
- kern/misc: Always set *end in grub_strtoull()
- video/readers/jpeg: Catch files with unsupported quantization or
Huffman tables
- video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du()
- video/readers/jpeg: Don't decode data before start of stream
- term/gfxterm: Don't set up a font with glyphs that are too big
- fs/fshelp: Catch impermissibly large block sizes in read helper
- fs/hfsplus: Don't fetch a key beyond the end of the node
- fs/hfsplus: Don't use uninitialized data on corrupt filesystems
- fs/hfs: Disable under lockdown
- fs/sfs: Fix over-read of root object name
- fs/jfs: Do not move to leaf level if name length is negative
- fs/jfs: Limit the extents that getblk() can consider
- fs/jfs: Catch infinite recursion
- fs/nilfs2: Reject too-large keys
- fs/nilfs2: Don't search children if provided number is too large
- fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup()
- io/gzio: Bail if gzio->tl/td is NULL
- io/gzio: Add init_dynamic_block() clean up if unpacking codes fails
- io/gzio: Catch missing values in huft_build() and bail
- io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build()
fails
- disk/lvm: Don't go beyond the end of the data we read from disk
- disk/lvm: Don't blast past the end of the circular metadata buffer
- disk/lvm: Bail on missing PV list
- disk/lvm: Do not crash if an expected string is not found
- disk/lvm: Do not overread metadata
- disk/lvm: Sanitize rlocn->offset to prevent wild read
- disk/lvm: Do not allow a LV to be it's own segment's node's LV
- fs/btrfs: Validate the number of stripes/parities in RAID5/6
- fs/btrfs: Squash some uninitialized reads
- kern/parser: Fix a memory leak
- kern/parser: Introduce process_char() helper
- kern/parser: Introduce terminate_arg() helper
- kern/parser: Refactor grub_parser_split_cmdline() cleanup
- kern/buffer: Add variable sized heap buffer
- CVE-2020-27749: kern/parser: Fix a stack buffer overflow
- kern/efi: Add initial stack protector implementation
- util/mkimage: Remove unused code to add BSS section
- util/mkimage: Use grub_host_to_target32() instead of
grub_cpu_to_le32()
- util/mkimage: Always use grub_host_to_target32() to initialize PE
stack and heap stuff
- util/mkimage: Unify more of the PE32 and PE32+ header set-up
- util/mkimage: Reorder PE optional header fields set-up
- util/mkimage: Improve data_size value calculation
- util/mkimage: Refactor section setup to use a helper
- util/mkimage: Add an option to import SBAT metadata into a .sbat
section
- grub-install-common: Add --sbat option
- kern/misc: Split parse_printf_args() into format parsing and va_list
handling
- kern/misc: Add STRING type for internal printf() format handling
- kern/misc: Add function to check printf() format against expected
format
- gfxmenu/gui: Check printf() format in the gui_progress_bar and
gui_label
- kern/mm: Fix grub_debug_calloc() compilation error
* Add SBAT section (thanks, Chris Coulson).
grub2 (2.04-15) unstable; urgency=medium
* Demote grub-common → mtools dependency to Suggests, to go with xorriso;
explain the situation in the package description (closes: #982313).
grub2 (2.04-14) unstable; urgency=medium
[ Raphaël Hertzog ]
* Extend grub-efi to also cover arm64/ia64/arm (closes: #981819).
[ Colin Watson ]
* Cherry-pick from upstream:
- grub-install: Fix inverted test for NLS enabled when copying locales
(closes: #979754).
* Fix handling of trailing commas in grub-pc/install_devices (closes:
#913928).
* Make grub-firmware-qemu Recommend/Enhance qemu-system-x86, not qemu
(closes: #966243).
* Make grub-common depend on mtools on EFI platforms, for grub-mkrescue
(closes: #774910).
grub2 (2.04-13) unstable; urgency=medium
[ Steve McIntyre ]
* Switch to using the efivarfs interface for detecting "system setup"
(Closes: #979299)
grub2 (2.04-12) unstable; urgency=medium
* Cherry-pick from upstream:
- mdraid1x_linux: Fix gcc10 error -Werror=array-bounds
- zfs: Fix gcc10 error -Werror=zero-length-bounds
* Build with GCC 10 (closes: #978515).
grub2 (2.04-11) unstable; urgency=medium
* grub-install: Fix backup restoration on i386 (closes: #976671).
grub2 (2.04-10) unstable; urgency=medium
[ Ian Campbell ]
* Remove myself from uploaders.
[ Colin Watson ]
* When upgrading grub-pc noninteractively, bail out if grub-install fails.
It's better to fail the upgrade than to produce a possibly-unbootable
system.
* Explicitly check whether the target device exists before running
grub-install, since grub-install copies modules to /boot/grub/ before
installing the core image, and the new modules might be incompatible
with the old core image (closes: #966575).
* Cherry-pick from upstream:
- tftp: Roll-over block counter to prevent data packets timeouts
(LP: #1892290).
[ Dimitri John Ledkov ]
* grub-install: Add backup and restore.
* Don't call grub-install on fresh install of grub-pc. It's the job of
installers to do that after a fresh install.
grub2 (2.04-9) unstable; urgency=high
* Backport security patch series from upstream:
- CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal
- safemath: Add some arithmetic primitives that check for overflow
- calloc: Make sure we always have an overflow-checking calloc()
available
- CVE-2020-14308: calloc: Use calloc() at most places
- CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow
checking primitives where we do complex allocations
- iso9660: Don't leak memory on realloc() failures
- font: Do not load more than one NAME section
- gfxmenu: Fix double free in load_image()
- xnu: Fix double free in grub_xnu_devprop_add_property()
- lzma: Make sure we don't dereference past array
- term: Fix overflow on user inputs
- udf: Fix memory leak
- multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
- tftp: Do not use priority queue
- relocator: Protect grub_relocator_alloc_chunk_addr() input args
against integer underflow/overflow
- relocator: Protect grub_relocator_alloc_chunk_align() max_addr against
integer underflow
- script: Remove unused fields from grub_script_function struct
- CVE-2020-15706: script: Avoid a use-after-free when redefining a
function during execution
- relocator: Fix grub_relocator_alloc_chunk_align() top memory
allocation
- hfsplus: fix two more overflows
- lvm: fix two more potential data-dependent alloc overflows
- emu: make grub_free(NULL) safe
- efi: fix some malformed device path arithmetic errors
- Fix a regression caused by "efi: fix some malformed device path
arithmetic errors"
- update safemath with fallback code for gcc older than 5.1
- efi: Fix use-after-free in halt/reboot path
- linux loader: avoid overflow on initrd size calculation
* CVE-2020-15707: linux: Fix integer overflows in initrd size handling
* Apply overflow checking to allocations in Debian patches:
- bootp: Fix integer overflow in parse_dhcp6_option
- unix/config: Fix integer overflow in grub_util_load_config
- deviceiter: Fix integer overflow in grub_util_iterate_devices
grub2 (2.04-8) unstable; urgency=medium
[ Vincent Lefevre ]
* Fix typos in /etc/grub.d/05_debian_theme. Closes: #959484
[ Fabian Greffrath ]
* Change font dependency to fonts-dejavu-core. Closes: #912846
[ Colin Watson ]
* Cherry-pick from upstream:
- templates/20_linux_xen: Ignore xenpolicy and config files too.
- templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK).
[ Ian Jackson ]
* 20_linux_xen: Do not load XSM policy in non-XSM options (closes:
#961673).
grub2 (2.04-7) unstable; urgency=medium
[ Christian Göttsche ]
* Create grub default configuration with default SELinux context.
[ Steve McIntyre ]
* In the signed packages, change the version dependency on
grub-common to be >= and not =. This will allow for installation
in unstable to still work in the window while we wait for the
template package to do its second trip through the archive.
* Tweak the build-dep architecture listing for libefiboot-dev and
libefivar-dev. The linux-* wildcards don't work in the way
expected, and were missing out (at least) armhf and armel.
Closes: #958461
grub2 (2.04-6) unstable; urgency=medium
[ Romain Perier ]
* Add f2fs module to signed UEFI images
[ Steve McIntyre ]
* Add jfs module to signed UEFI images. Closes: #950959
[ Colin Watson ]
* Drop mkconfig-mid-upgrade.patch; it was only needed for upgrades from
GRUB 1.99 (now a long time ago) and can inappropriately hide problems
when /etc/grub.d/00_header should have been updated but wasn't (closes:
#953201).
* Cherry-pick from upstream:
- btrfs: Add support for new RAID1C34 profiles (closes: #958236).
grub2 (2.04-5) unstable; urgency=medium
* Cherry-pick from upstream:
- verifiers: Blocklist fallout cleanup (this was one cause of a build
failure on hurd-i386, though may not be the only one).
* Only recommend grub-efi-*-signed on the architectures where they exist.
grub2 (2.04-4) unstable; urgency=medium
[ Thomas Gaugler ]
* Add leading / to prefix of network boot image for d-i.
[ Martin von Wittich ]
* upgrade-from-grub-legacy: Set DPKG_MAINTSCRIPT_NAME and
DPKG_MAINTSCRIPT_PACKAGE when calling grub-pc.postinst manually (closes:
#943387).
[ Colin Watson ]
* Use policy-compliant architecture wildcards in libefiboot-dev and
libefivar-dev build-dependencies.
* Build with GCC 9 (closes: #944166).
grub2 (2.04-3) unstable; urgency=medium
* Apply patch from James Clarke to fix BIOS Boot Partition support on
sparc64 (closes: #931969).
* Fix UEFI installation for Devuan (thanks, Ivan J.; closes: #932966).
* Add probe module to signed UEFI images (closes: #936082).
grub2 (2.04-2) unstable; urgency=medium
[ James Clarke ]
* Only Build-Depend on libefiboot-dev and libefivar-dev on Linux
architectures, since they're Linux-only.
[ Colin Watson ]
* Use debhelper-compat instead of debian/compat.
* debian/apport/source_grub2.py:
- Avoid star import.
- Fix flake8 errors.
* Run gentpl.py with python3.
grub2 (2.04-1ubuntu48) jammy; urgency=medium
* d/p/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch:
Fix "error: can't find command `hwmatch'." on non-i386/pc
platforms such as x86_64/efi. (LP: #1840560)
grub2 (2.04-1ubuntu47) impish; urgency=medium
* Drop grub.cfg-400.patch (LP: #1933826)
grub2 (2.04-1ubuntu46) impish; urgency=medium
* debian/grub-common.service: change type to oneshot, add wantedby
sleep.target, after sleep.target. The service will now start after
resume from hybernation. LP: #1929860
* grub-initrd-fallback.service: add wantedby sleep.target, after
sleep.target. The service will now start after resume from
hybernation. LP: #1929860
* cherrypick upstream fix to make armhf efi boot work. LP: #1788940
* debian/rules: disable LTO. LP: #1922005
* grub-initrd-fallback.service, debian/grub-common.service: only start
units when booted with grub. Use presence of /boot/grub/grub.cfg as
proxy. LP: #1925507
* tests: patch qemu command to use ide-hd instead of the removed
ide-drive.
grub2 (2.04-1ubuntu45) hirsute; urgency=medium
* Unapply all patches.
* Stop using git-dpm.
* Start using gbp pq import|export --no-patch-numbers, this brings grub2
packaging closer to other non-debian distributions.
* It would be nice to separate patches into topic subdirs -
i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security,
etc.
* Drop redundant dh-systemd build-dependency.
grub2 (2.04-1ubuntu44) hirsute; urgency=medium
* Compile grub-efi-amd64 installable i386 platform on hirsute, to make
it available in bionic and earlier as part of onegrub builds.
grub2 (2.04-1ubuntu42) hirsute; urgency=medium
* SECURITY UPDATE: acpi command allows privilleged user to load crafted
ACPI tables when secure boot is enabled.
- 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't
register the acpi command when secure boot is enabled.
- CVE-2020-14372
* SECURITY UPDATE: use-after-free in rmmod command
- 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't
allow rmmod to unload modules that are dependencies of other modules.
- CVE-2020-25632
* SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize()
- 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- CVE-2020-25647
* SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline
- 0206-kern-parser-Introduce-process_char-helper.patch,
0207-kern-parser-Introduce-terminate_arg-helper.patch,
0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch,
0209-kern-buffer-Add-variable-sized-heap-buffer.patch,
0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable
sized heap buffer type and use this.
- CVE-2020-27749
* SECURITY UPDATE: cutmem command allows privileged user to remove memory
regions when Secure Boot is enabled.
- 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch:
Don't register cutmem and badram commands when secure boot is enabled.
- CVE-2020-27779
* SECURITY UPDATE: heap out-of-bounds write in short form option parser.
- 0173-lib-arg-Block-repeated-short-options-that-require-an.patch:
Block repeated short options that require an argument.
- CVE-2021-20225
* SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space
required for quoting.
- 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix
quoting in setparams_prefix()
- CVE-2021-20233
* Partially backport the lockdown framework to restrict certain features
when secure boot is enabled.
* Backport various fixes for Coverity defects.
* Add SBAT metadata to the grub EFI binary.
- Backport patches to support adding SBAT metadata with grub-mkimage:
+ 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
+ 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
+ 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
+ 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
+ 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
+ 0217-util-mkimage-Improve-data_size-value-calculation.patch
+ 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
+ 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
- Add debian/sbat.csv.in
- Update debian/build-efi-image and debian/rules
[ Dimitri John Ledkov & Steve Langasek LP: #1915536 ]
* Allow grub-efi-amd64|arm64 & -bin & -dbg be built by
src:grub2-unsigned (potentially of a higher version number).
* Add debian/rules generate-grub2-unsigned target to quickly build
src:grub2-unsigned for binary-copy backports.
* postinst: allow postinst to with with or without grub-multi-install
binary.
* postinst: allow using various grub-install options to achieve
--no-extra-removable.
* postinst: only call grub-check-signatures if it exists.
* control: relax dependency on grub2-common, as maintainer script got
fixed up to work with grub2-common/grub-common as far back as trusty.
* control: allow higher version depdencies from grub-efi package.
* dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as
postinst script uses that directory, and yet relies on grub-common to
create/ship it, which is not true in older releases. Also make sure
dh_installdirs runs after the .dirs files are generated.
grub2 (2.04-1ubuntu41) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
grub2 (2.04-1ubuntu40) hirsute; urgency=medium
* Revert: rhboot-f34-tcp-add-window-scaling-support.patch,
rhboot-f34-support-non-ethernet.patch,
ubuntu-fixup-rhboot-f34-support-non-ethernet.patch,
ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS
LXD KVM pod deployments. LP: #1915288
grub2 (2.04-1ubuntu39) hirsute; urgency=medium
* Cherrypick a bunch of patches:
- fix crash in http LP: #1915288
- add bootp6 documentation
- add support for UEFI boot protocols
- use UEFI protocols for http & https networking
- make netboot search for by-mac/by-uuid/by-ip for grub.cfg
- update documentation for netboot search paths of grub.cfg
* Make prebuilt netboot image look for MAAS grub.cfg
* Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815
grub2 (2.04-1ubuntu38) hirsute; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Fix warnings during grub menu generation. Thanks wdoekes for the patch
(LP: #1898177)
- Fix warnings when bpool doesn't exist.
- Fix warnings when snapshot name contains dashes.
* Do not fail to generate grub menu when name of the snapshot contains
spaces. (LP: #1903524)
grub2 (2.04-1ubuntu37) hirsute; urgency=medium
* debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch
to correctly initialyze the names of the modules to restore. LP:
#1907085
* 10_linux: emit messages when initrdless boot is configured, attempted
and fails triggering fallback. LP: #1901553
* grub-common.service: port init.d script to systemd unit. Add warning
message, when initrdless boot fails triggering fallback. LP: #1901553
* debian/rules: undo po/ directory patching in
override_dh_autoreconf_clean.
* minilzo: built using the distribution's minilzo
* ubuntu-fix-reproducible-squashfs-test.patch: fix squashfs-test with
new squashfs-tools in hirsute.
* rhboot-f34-make-exit-take-a-return-code.patch,
rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit
non-zero under EFI, this should allow falling back to the next
BootOrder BootEntry.
* rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot
transfer speed.
* rhboot-f34-support-non-ethernet.patch,
ubuntu-fixup-rhboot-f34-support-non-ethernet.patch,
ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch:
add support for link layer addresses of up to 32-bytes.
* rhboot-f34-make-pmtimer-tsc-calibration-fast.patch:
speed up calibration time, especially when booting VMs.
grub2 (2.04-1ubuntu36) hirsute; urgency=medium
* Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels
on arm64 by setting the image base address before jumping to the
PE/COFF entry point LP: #1900774
* Fix tftp timeouts when fetch large files. LP: #1900773
grub2 (2.04-1ubuntu35) groovy; urgency=medium
* postinst.in, grub-multi-install: fix logic of skipping installing onto
any device, if one chose to not install bootloader on any device. LP:
#1896608
* Do not finalize params twice on arm64. LP: #1897819
grub2 (2.04-1ubuntu34) groovy; urgency=medium
* configure.ac: one more dejavu font search path
grub2 (2.04-1ubuntu33) groovy; urgency=medium
* Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core.
grub2 (2.04-1ubuntu32) groovy; urgency=medium
* ubuntu-linuxefi-arm64.patch: Fix build on armhf
grub2 (2.04-1ubuntu31) groovy; urgency=medium
* ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch
that got lost in the 2.04 rebase (LP: #1862279)
grub2 (2.04-1ubuntu30) groovy; urgency=medium
* postinst.in: do not attempt to call grub-install upon fresh install of
grub-pc because it it a job of installers to do that after fresh
install.
* grub-multi-install: fix non-interactive failures for grub-efi like it
was fixed in postinst for grub-pc.
grub2 (2.04-1ubuntu29) groovy; urgency=medium
* grub-install: cherry-pick patch from grub-devel to make grub-install
fault tolerant. Create backup of files in /boot/grub, and restore them
on failure to complete grub-install. LP: #1891680
* postinst.in: do not exit successfully when failing to show critical
grub-pc/install_devices_failed and grub-pc/install_devices_empty
prompts in non-interactive mode. This enables surfacing upgrade errors
to the users and/or automation. LP: #1891680
* postinst.in: Fixup postinst.in, to attempt grub-install upon explicit
dpkg-reconfigure grub-pc. LP: #1892526
grub2 (2.04-1ubuntu28) groovy; urgency=medium
* Ensure that grub-multi-install can always find templates (LP: #1879948)
* Fix changelog entries for security update
grub2 (2.04-1ubuntu27) groovy; urgency=medium
* debian/patches/ubuntu-flavour-order.patch:
- Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel
flavours as preferred, and specify an order between those preferred
flavours (LP: #1882663)
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Use version_find_latest for ordering kernels, so it also supports
the GRUB_FLAVOUR_ORDER setting.
* debian/patches/ubuntu-dont-verify-loopback-images.patch:
- disk/loopback: Don't verify loopback images (LP: #1878541),
Thanks to Chris Coulson for the patch
* debian/patches/ubuntu-recovery-dis_ucode_ldr.patch
- Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789)
* debian/patches/ubuntu-add-initrd-less-boot-fallback.patch:
- Merge changes from xnox to fix multiple initrds support (LP: #1878705)
* debian/patches/ubuntu-clear-invalid-initrd-spacing.patch:
- Remove, no longer needed thanks to xnox's patch
grub2 (2.04-1ubuntu26.2) focal; urgency=medium
* debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc
package, since we cannot be certain that it will install to the correct
disk and a grub-install failure will render the system unbootable.
LP: #1889556.
grub2 (2.04-1ubuntu26.1) focal; urgency=medium
[ Julian Andres Klode ]
* Move gettext patches out of git-dpm's way, so it does not delete them
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
- 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
fatal lexer errors actually be fatal
- CVE-2020-10713
* SECURITY UPDATE: Multiple integer overflow bugs that could result in
heap buffer allocations that were too small and subsequent heap buffer
overflows when handling certain filesystems, font files or PNG images.
- 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
arithmetic primitives that allow for overflows to be detected
- 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
Make sure that there is always an overflow checking implementation
of calloc() available
- 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
appropriate
- 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
overflow-safe arithmetic primitives when performing allocations
based on the results of operations that might overflow
- 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
hfsplus
- 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
more potential integer overflows in lvm
- CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
* SECURITY UPDATE: Use-after-free when executing a command that causes
a currently executing function to be redefined.
- 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
Remove unused fields from grub_script_function
- 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
Avoid a use-after-free when redefining a function during execution
- CVE-2020-15706
* SECURITY UPDATE: Integer overflows that could result in heap buffer
allocations that were too small and subsequent heap buffer overflows
during initrd loading.
- 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
integer overflows in initrd size handling
- 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
integer overflows in linuxefi grub_cmd_initrd
- CVE-2020-15707
* Various fixes as a result of code review and static analysis:
- 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
memory leak on realloc failures when processing symbolic links
- 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
memory leak when processing font files with more than one NAME
section
- 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
after it is freed in order to avoid a potential double free later on
- 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
out-of-bounds read in LzmaEncode
- 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
priority queues and fix a double free
- 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
various arithmetic errors with malformed device paths
- 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
a NULL deref in the chainloader command introduced by a previous
patch
- 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
use-after-free in the halt and reboot commands by not freeing
allocated memory in these paths
- 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
Avoid a double free in the chainloader command when validation fails
- 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
Protect grub_relocator_alloc_chunk_addr input arguments against
integer overflow / underflow
- 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
Protect grub_relocator_alloc_chunk_align max_addr argument against
integer underflow
- 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
grub_relocator_alloc_chunk_align top memory allocation
- 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
Avoid overflow on initrd size calculation
[ Dimitri John Ledkov ]
* SECURITY UPDATE: Grub does not enforce kernel signature validation
when the shim protocol isn't present.
- 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
Fail kernel validation if the shim protocol isn't available
- CVE-2020-15705
grub2 (2.04-1ubuntu26) focal; urgency=medium
[ Julian Andres Klode ]
* Move /boot/efi -> debconf migration into wrapper, so it runs everywhere
(LP: #1872077)
* Display disk name and size in the ESP selection dialog, instead of ???
[ Sebastien Bacher ]
* debian/patches/gettext,
debian/patches/rules:
- backport upstream patches to fix the list of translated strings,
reported on the ubuntu-translators mailing list. The changes would
be overwritten by autoreconf so applying from a rules override.
grub2 (2.04-1ubuntu25) focal; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* debian/patches/ubuntu-zfs-enhance-support.patch:
- fix trailing } when no advanced menu is printed
- ensure we unmount all temporary snapshots path before zfs collect them
out.
* debian/patches/ubuntu-speed-zsys-history.patch:
- Speed up navigating zsys history by reducing greatly grub.cfg file size.
It used to take eg 80 seconds when loading 100 system snapshots. This is
now instantaneous by using a function with parameters that the users can
still easily edit.
grub2 (2.04-1ubuntu24) focal; urgency=medium
* Support installing to multiple ESPs (LP: #1871821)
grub2 (2.04-1ubuntu23) focal; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Performance improvements for update-grub on ZFS systems (LP: #1869885)
grub2 (2.04-1ubuntu22) focal; urgency=medium
* smbios: Add a --linux argument to apply linux modalias-like filtering
* Make the linux command in EFI grub always try EFI handover; thanks
to Chris Coulson for the patches (LP: #1864533)
grub2 (2.04-1ubuntu21) focal; urgency=medium
* Make ZFS menu generation depending on new zsysd binary instead of eoan
zsys compatibility symlink.
grub2 (2.04-1ubuntu20) focal; urgency=medium
* build-efi-images: do not produce -installer.efi.signed. LP: #1863994
grub2 (2.04-1ubuntu19) focal; urgency=medium
* uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings
(LP: #1864547)
* build-efi-images: add smbios module to the prebuilt signed EFI images
(LP: #1856424)
grub2 (2.04-1ubuntu18) focal; urgency=medium
* Cherry-pick fix from Colin W. in debian to build with python3.
grub2 (2.04-1ubuntu17) focal; urgency=medium
* Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list
snapshots due to an upstream change.
https://github.com/zfsonlinux/zfs/issues/9958
grub2 (2.04-1ubuntu16) focal; urgency=medium
* Revert "Add smbios module to build-efi-images script" from previous
upload, pending review see https://bugs.launchpad.net/bugs/1856424
grub2 (2.04-1ubuntu15) focal; urgency=medium
* ubuntu-efi-allow-loopmount-chainload.patch:
- Enable chainloading EFI apps from loopmounts
* cherrypick-lsefisystab-define-smbios3.patch:
* cherrypick-smbios-modules.patch:
- Cherrypick from 2.05 module for retrieving SMBIOS information
* cherrypick-lsefisystab-show-dtb.patch:
- If dtb is provided by the firmware / DtbLoader driver, display it in
human form, rather than just UUID
grub2 (2.04-1ubuntu14) focal; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Handle the case where grub-probe returns several devices for a single
pool (LP: #1848856). Thanks jpb for the report and the proposed patch.
- Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik
for the patch.
- Do not crash on invalid fstab and report the invalid entry.
(LP: #1849347) Thanks Deltik for the patch.
- When a pool fails to import, catch and display the error message and
continue with other pools. Import all the pools in readonly mode so we
can import other pools with unsupported features (LP: #1848399) Thanks
satmandu for the investigation and the proposed patch
grub2 (2.04-1ubuntu13) focal; urgency=medium
* debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown"
TPM errors as non-fatal, but still write up the details as debug messages
so we can further track what happens with the systems throwing those up.
(LP: #1848892)
* debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot
status in linuxefi_secure_validate(); it's unnecessary and blocking boot
in chainload (like chainloading Windows) when SB is disabled.
(LP: #1845289)
grub2 (2.04-1ubuntu12) eoan; urgency=medium
* Move our identifier to com.ubuntu
As we are not going to own org.zsys, move our identifier under
com.ubuntu.zsys (LP: #1847711)
grub2 (2.04-1ubuntu11) eoan; urgency=medium
* Load all kernels (even those without .efi.signed) for secure boot mode
as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581)
grub2 (2.04-1ubuntu10) eoan; urgency=medium
* debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch:
skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration.
(LP: #1838525)
grub2 (2.04-1ubuntu9) eoan; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
- Handle case of pure zfs only snapshots giving additional "}", and as
such, creating invalid grub menu.
Spotted by grubzfs-testsuite autopkgtests.
grub2 (2.04-1ubuntu8) eoan; urgency=medium
* debian/patches/install-signed.patch -> ubuntu-install-signed.patch:
Really fix the installation of UEFI artefacts to the distributor path (we
only want shim, grub, and MokManager, and shim's boot.csv there), and to
the removable /EFI/BOOT path (where we want shim and fallback only).
Rename the patch to ubuntu- like others that are Ubuntu-specific or
otherwise modified to avoid such confusion at merge time in the future.
grub2 (2.04-1ubuntu7) eoan; urgency=medium
* debian/patches/ubuntu-zfs-enhance-support.patch:
Disable history entry under some conditions:
- Don't show up if the system is a zsys one and zsys isn't installed
(LP: #1845333)
- Don't show for pure zfs systems: we identified multiple issues due
to the mount generator in upstream zfs which makes it incompatible.
Disable for now (LP: #1845913)
grub2 (2.04-1ubuntu6) eoan; urgency=medium
* debian/patches/install-signed.patch: fix paths for MokManager/fallback;
shim no longer ships these with a .signed suffix. (LP: #1845466)
grub2 (2.04-1ubuntu5) eoan; urgency=medium
* d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix
mis-spelling of helper function in final computation of GRUB_DEVICE in
multipath case.
grub2 (2.04-1ubuntu4) eoan; urgency=medium
* d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is
multipathed there will be multiple paths to the partition, so using
root=UUID= exposes the boot process to udev races. In addition
grub-probe --target device / in this case reports /dev/dm-1 or similar --
better to use a symlink that depends on the multipath name. (LP: #1429327)
grub2 (2.04-1ubuntu3) eoan; urgency=medium
[ Mathieu Trudel-Lapierre ]
* debian/patches/ubuntu-add-devicetree-command-support.patch: import patch
into git-dpm: drop [PATCH] tag and add Patch-Name.
[ Didier Roche ]
* debian/patches/ubuntu-zfs-enhance-support.patch
- Don't patch autoregenerated files.
- rewrite generate MenuMeta implementation in shell (LP: #1834095)
mawk doesn't support \s and other array features.
+ Change \s by their space or tab equivalent.
+ Rewrite the menumeta generation in pure shell, which is easier to
debug, keeping globally the same algorithm
+ Support i18n in entry name generation.
Co-authored with Jean-Baptiste.
- Resplit all patches in debian/patches/*, so that we have upstreamable
and non upstreamable parts separate. Also, any change in 10_linux patch
will be reflected in 10_linux_zfs.
- Always import pools (using force), as we don't mount them. Ensure also
that we don't update the host cache, as we import all pools, and not
only those attached to that system.
grub2 (2.04-1ubuntu2) eoan; urgency=medium
* Add device-tree command support as installed by flash-kernel.
grub2 (2.04-1ubuntu1) eoan; urgency=medium
* Merge against Debian; remaining changes:
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- debian/patches/linuxefi.patch: Secure Boot support: use newer patchset
from rhboot repo, flattened to a single patch.
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd
boot config.
- debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel
fails to boot without initrd, we will fallback to trying to boot the
kernel with an initrd.
- debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure
grub-mkconfig leaves a trace of what files were sourced to help generate
the config we're building.
- debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI
console, only set text-mode when we're actually going to need it.
- debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream
version in menu and console, and hide the package one in a
package_version variable.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/build-efi-images: add http module to NET_MODULES.
* debian/patches/linuxefi*.patch: Flatten linuxefi patches into one.
* debian/patches: rename patches to use "-" as a separator rather than "_".
* debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu"
so it's clearer which are new or changed when doing a merge.
* debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due
to objcopy building an invalid binary padded with zeroes (LP: #1833234)
* debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid
spacing for the initrd command when not using early initrds.
* debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd
boot success/failure service to start later at boot time. (LP: #1823391)
* debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which
breaks with new linuxefi patchset.
* debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the
--auto-nvram option we previously had as a supported option in grub-install
(with no effect now), to avoid breaking upgrades. "auto-nvram" is default
behavior now that we use libefivar instead of calling efibootmgr.
grub2 (2.04-1) unstable; urgency=medium
* New upstream release.
* debian/upstream/signing-key.asc: Add signing key of new upstream
maintainer (Daniel Kiper).
grub2 (2.04~rc1-3) experimental; urgency=medium
[ Will Thompson ]
* Fix --disable-quiet-boot.
[ Steve Langasek ]
* If we don't have writable grubenv and we're on EFI, always show the menu
(merged from Ubuntu).
[ Steve McIntyre ]
* Make all the signed EFI arches have a Recommends: from
grub-efi-ARCH-signed to shim-signed, not just amd64.
Closes: #931038
* Add myself to Uploaders
[ Colin Watson ]
* Squash linuxefi* patches into a single patch.
grub2 (2.04~rc1-2) experimental; urgency=medium
[ Colin Watson ]
* debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson).
[ Steve McIntyre ]
* Add the ntfs module to signed UEFI images. Closes: #923855
* Add the cpuid module to signed UEFI images. Closes: #928628
* Add the play module to signed UEFI images. Closes: #930290
* Add an extra di-specific version of the UEFI netboot image with a
different baked-in prefix value. Helps to fix #928750.
* Deal with --force-extra-removable with signed shim too. Closes: #930531
grub2 (2.04~rc1-1) experimental; urgency=medium
* New upstream release candidate.
- getroot: Save/restore CWD more reliably on Unix (closes: #918700).
* Rename patches to use "-" as a separator rather than "_" (except when
referring to a file, function, or command containing a "_").
* Fix format of debian/copyright.
grub2 (2.02+dfsg1-20) unstable; urgency=medium
[ Steve McIntyre ]
* Make all the signed EFI arches have a Recommends: from
grub-efi-ARCH-signed to shim-signed, not just amd64.
Closes: #931038
* Add myself to Uploaders
grub2 (2.02+dfsg1-19) unstable; urgency=medium
[ Colin Watson ]
* Fix format of debian/copyright.
[ Steve McIntyre ]
* Add the ntfs module to signed UEFI images. Closes: #923855
* Add the cpuid module to signed UEFI images. Closes: #928628
* Add the play module to signed UEFI images. Closes: #930290
* Add an extra di-specific version of the UEFI netboot image with a
different baked-in prefix value. Helps to fix #928750.
* Deal with --force-extra-removable with signed shim too. Closes: #930531
grub2 (2.02+dfsg1-18) unstable; urgency=medium
* Apply patches from Alexander Graf to fix grub-efi-arm crash (closes:
#927269):
- arm: Move trampolines into code section
- arm: Align section alignment with manual relocation offset code
* Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work
around that package shipping colliding configuration file names in
stretch-backports (closes: #919915).
* Apply patch from Peter Jones to forbid the "devicetree" command when
Secure Boot is enabled (closes: #927888).
grub2 (2.02+dfsg1-17) unstable; urgency=medium
* Make grub-efi-*-bin recommend efibootmgr. We don't actually use it any
more, but it's helpful for debugging.
grub2 (2.02+dfsg1-16) unstable; urgency=medium
* Fix -Wcast-align diagnostics on ARM.
grub2 (2.02+dfsg1-15) unstable; urgency=medium
* Build-depend on libefiboot-dev and libefivar-dev, for EFI variable
storage changes.
* Drop now-unnecessary dependencies on efibootmgr.
grub2 (2.02+dfsg1-14) unstable; urgency=medium
* Make signed packages depend on a matching version of grub-common, in an
attempt to prevent incorrect testing migrations (closes: #924814).
* Cherry-pick from upstream:
- xfs: Accept filesystem with sparse inodes (closes: #924760).
* Minimise writes to EFI variable storage (closes: #891434).
grub2 (2.02+dfsg1-13) unstable; urgency=medium
* Add regexp module to signed UEFI images.
* debian/signing-template.json.in: Use new extendable format.
[ Debconf translations ]
* [nb] Norwegian Bokmål (Petter Reinholdtsen; closes: #924326).
grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium
* debian/patches/zfs_enhance_support.patch:
Enhance ZFS grub support:
- Support multiple zfs systems (grouped by machine-id)
- Group zfs snapshots and clones with latest dataset for a given
installation.
- Support "history" entry with one time boot, recovery mode and
consecutive reboots.
- Pin kernel to particular snapshot, trying to reboot with the exact
same kernel and initrd.
- Disable in 10_linux zfs support if 10_linux_zfs is installed so that
we don't end up with the same installation multiple times.
* debian/patches/*:
- Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs.
Work done with Jean-Baptiste.
grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium
* debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console,
only set text-mode when we're actually going to need it.
* debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630)
grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
* Merge against Debian unstable; remaining changes (LP: #564853):
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable.
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems.
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP.
- debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu.
- debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
- debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
- debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
- debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, we will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
- debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept.
* Refreshed patches and fixed up attribution to the right authors after
merge with Debian.
* debian/patches/linuxefi_missing_include.patch,
debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
small fixes to casts, format strings, includes and Makefile to make sure
the newer linuxefi patches apply and build properly.
grub2 (2.02+dfsg1-12) unstable; urgency=medium
[ Colin Watson ]
* Remove code to migrate grub-pc/install_devices to persistent device
names under /dev/disk/by-id/. This migration happened in
1.98+20100702-1, which was in squeeze (four stable releases ago), so we
no longer need to carry around this complex code.
* Preserve previous answer to grub-pc/install_devices if we have to ask
grub-pc/install_devices_disks_changed and the user chooses not to
install to any devices, so that we can recover from temporary bugs that
cause /dev/disk/by-id/ paths to change (closes: #919029).
* debian/signing-template.json.in: Add trusted_certs key (empty, since
GRUB has no hardcoded list of trusted certificates).
* util: Detect more I/O errors (closes: #922741).
[ Leif Lindholm ]
* arm64/efi: Fix grub_efi_get_ram_base().
[ Steve McIntyre ]
* grub-install: Check for arm-efi as a default target (closes: #922104).
[ James Clarke ]
* osdep/freebsd: Fix partition calculation for EBR entries (closes:
#923253).
grub2 (2.02+dfsg1-11) unstable; urgency=medium
[ Colin Watson ]
* Apply patches from Alexander Graf to set arm64-efi code offset to
EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
* Upgrade to debhelper v10.
* Set Rules-Requires-Root: no.
* Add help and ls modules to signed UEFI images (closes: #919955).
* Fix application of answers from dpkg-reconfigure to /etc/default/grub
(based loosely on a patch by Steve Langasek, for which thanks; closes:
#921702).
[ Steve McIntyre ]
* Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).
[ Jeroen Dekkers ]
* Initialize keyboard in at_keyboard module init if keyboard is ready
(closes: #741464).
[ John Paul Adrian Glaubitz ]
* Include a.out header in assembly of sparc64 boot loader (closes:
#921249).
[ Hervé Werner ]
* Fix setup on Secure Boot systems where cryptodisk is in use (closes:
#917117).
[ Debconf translations ]
* [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).
grub2 (2.02+dfsg1-10) unstable; urgency=medium
* Apply patch from Heinrich Schuchardt (mentioned in #916695 though
unrelated):
- grub-core/loader/efi/fdt.c: do not copy random memory
* Add luks modules to signed UEFI images (pointed out by Alex Griffin and
Hervé Werner; closes: #908162, LP: #1565950).
* Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file (closes:
#812574, LP: #564853).
* Backport Xen PVH guest support from upstream (closes: #776450). Thanks
to Hans van Kranenburg for testing.
grub2 (2.02+dfsg1-9) unstable; urgency=medium
[ Colin Watson ]
* Sync Maintainer/Uploaders in debian/signing-template/control.in with the
main packaging.
* Tell reportbug to submit bug reports against unsigned packages rather
than generated signed packages.
* Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
* Move bash completions to /usr/share/bash-completion/completions/grub and
add appropriate symlinks (closes: #912852).
* Build with GCC 8 (closes: #915735).
[ Leif Lindholm ]
* Apply patch series (mostly) from upstream to switch the arm loader over
to use the arm64 loader code and improve arm/arm64 initrd handling
(closes: #907596, #909420, #915091).
[ Matthew Garrett ]
* Don't enforce Shim signature validation if Secure Boot is disabled.
grub2 (2.02+dfsg1-8) unstable; urgency=medium
* Revise grub-<platform>-bin and grub-<platform> package descriptions to
try to explain better how they fit together and which one should be used
(b…
|
Huh… how did that Looking at earlier code even, it should've hit the same "owning" codepath that results in EBUSY. (Unfortunate as I'd like to mount the same snapshot in many places instead of using bind mounts but that seems to not be allowed… but it was unintentionally "allowed" due to a bug in the past??) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
System information
Describe the problem you're observing
When a dataset is mounted several times, the content of the snapshot cannot be accessed anymore through their .zfs/snapshot/ path.
Trying to perform a filesystem operation in the snapshot results in the following error:
Too many levels of symbolic links
Our use case is to generate a grub menu with the history of all the snapshots and allow a user to revert to any version from the menu.
This issue is similar to #9479
Describe how to reproduce the problem
The content can be listed successfully
Accessing the content of the snapshot fails
Accessing the content of the snapshot fails.
The text was updated successfully, but these errors were encountered: