grub2 2.06-2ubuntu10 source package in Ubuntu
Changelog
grub2 (2.06-2ubuntu10) kinetic; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
write in heap.
- 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
video/readers/png: Drop greyscale support to fix heap out-of-bounds write
- CVE-2021-3695
* SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
huffman table handling.
- 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
video/readers/png: Avoid heap OOB R/W inserting huff table items
- CVE-2021-3696
* SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
the heap.
- 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
video/readers/jpeg: Block int underflow -> wild pointer write
- CVE-2021-3697
* SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
- 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
maths safely
- CVE-2022-28733
* SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
- 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
OOB write for split http headers
- CVE-2022-28734
* SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
- 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
kern/efi/sb: Reject non-kernel files in the shim_lock verifier
- CVE-2022-28735
* SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
- 0130-loader-efi-chainloader-simplify-the-loader-state.patch:
loader/efi/chainloader: simplify the loader state
- 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot:
Add API to pass context to loader
- 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
loader/efi/chainloader: Use grub_loader_set_ex
- 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
loader/i386/efi/linux: Use grub_loader_set_ex
* Various fixes as a result of fuzzing and static analysis:
- 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch:
loader/efi/chainloader: grub_load_and_start_image doesn't load and start
- 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch:
loader/i386/efi/linux: Fix a memory leak in the initrd command
- 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
kern/file: Do not leak device_name on error in grub_file_open()
- 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
video/readers/png: Abort sooner if a read operation fails
- 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
video/readers/png: Refuse to handle multiple image headers
- 0141-video-readers-png-Sanity-check-some-huffman-codes.patch:
video/readers/png: Sanity check some huffman codes
- 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
video/readers/jpeg: Abort sooner if a read operation fails
- 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
video/readers/jpeg: Do not reallocate a given huff table
- 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
video/readers/jpeg: Refuse to handle multiple start of streams
- 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
normal/charset: Fix array out-of-bounds formatting unicode for display
- 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch:
net/netbuff: Block overly large netbuff allocs
- 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
net/dns: Fix double-free addresses on corrupt DNS response
- 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
net/dns: Don't read past the end of the string we're checking against
- 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
net/tftp: Prevent a UAF and double-free from a failed seek
- 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
- 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
net/http: Do not tear down socket if it's already been torn down
- 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch:
net/http: Error out on headers with LF without CR
- 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
fs/f2fs: Do not read past the end of nat journal entries
- 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
fs/f2fs: Do not read past the end of nat bitmap
- 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
fs/f2fs: Do not copy file names that are too long
- 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
fs/btrfs: Fix several fuzz issues with invalid dir item sizing
- 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
- 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
fs/btrfs: Fix more fuzz issues related to chunks
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Make the grub2/no_efi_extra_removable setting work correctly
- update debian/postinst.in
* Build grub2-unsigned packages with xz compression for compatibility
with xenial dpkg
- update debian/rules
[ Steve Langasek ]
* Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for
necessary arm relocation support. LP: #1926748.
* debian/postinst.in: Unconditionally call grub-install with
--force-extra-removable on xenial and bionic, so that the \EFI\BOOT
removable path as used in cloud images receives the updates. LP: #1930742.
-- Chris Coulson <email address hidden> Tue, 07 Jun 2022 17:36:27 +0100
Upload details
- Uploaded by:
- Chris Coulson
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| grub2_2.06.orig.tar.xz | 6.3 MiB | b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 |
| grub2_2.06-2ubuntu10.debian.tar.xz | 1.1 MiB | f3f5097e1135e69a83ecd946d102b0681174515655505b99856706fba0931f85 |
| grub2_2.06-2ubuntu10.dsc | 6.7 KiB | 879a0a22ed582cc0e766522e811f2e6a97165c5cc1ddc985ae93e540c5919c6d |
Available diffs
- diff from 2.06-2ubuntu7 (in Ubuntu) to 2.06-2ubuntu10 (30.2 KiB)
- diff from 2.06-2ubuntu9 to 2.06-2ubuntu10 (826 bytes)
Binary packages built by this source
- grub-common: GRand Unified Bootloader (common files)
This package contains common files shared by the distinct flavours of GRUB.
It is shared between GRUB Legacy and GRUB 2, although a number of files
specific to GRUB 2 are here as long as they do not break GRUB Legacy.
.
grub-mkrescue needs the suggested packages mtools (for UEFI targets) and
xorriso.
- grub-common-dbgsym: debug symbols for grub-common
- grub-coreboot: GRand Unified Bootloader, version 2 (Coreboot version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with platforms running the Coreboot firmware. Installing this package
indicates that this version of GRUB should be the active boot loader.
- grub-coreboot-bin: GRand Unified Bootloader, version 2 (Coreboot modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with
platforms running the Coreboot firmware. It can be installed in parallel
with other flavours, but will not automatically install GRUB as the active
boot loader nor automatically update grub.cfg on upgrade unless
grub-coreboot is also installed.
- grub-coreboot-dbg: GRand Unified Bootloader, version 2 (Coreboot debug files)
This package contains debugging files for grub-coreboot-bin. You only need
these if you are trying to debug GRUB using its GDB stub.
- grub-efi: GRand Unified Bootloader, version 2 (dummy package)
This is a dummy package that depends on the grub-efi-$ARCH package most likely
to be appropriate for each architecture.
- grub-efi-amd64-signed-template: GRand Unified Bootloader, version 2 (EFI-AMD64 signing template)
This package contains template files for grub-efi-
amd64-signed.
This is only needed for Secure Boot signing.
- grub-efi-arm: GRand Unified Bootloader, version 2 (ARM UEFI version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use on ARM systems with UEFI. Installing this package indicates that this
version of GRUB should be the active boot loader.
- grub-efi-arm-bin: GRand Unified Bootloader, version 2 (ARM UEFI modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use on ARM
systems with UEFI. It can be installed in parallel with other flavours,
but will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-efi-arm is also
installed.
- grub-efi-arm-dbg: GRand Unified Bootloader, version 2 (ARM UEFI debug files)
This package contains debugging files for grub-efi-arm-bin. You only need
these if you are trying to debug GRUB using its GDB stub.
- grub-efi-arm64-signed-template: GRand Unified Bootloader, version 2 (ARM64 UEFI signing template)
This package contains template files for grub-efi-
arm64-signed.
This is only needed for Secure Boot signing.
- grub-efi-ia32: GRand Unified Bootloader, version 2 (EFI-IA32 version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with the EFI-IA32 architecture, as used by Intel Macs (unless a BIOS
interface has been activated). Installing this package indicates that this
version of GRUB should be the active boot loader.
- grub-efi-ia32-bin: GRand Unified Bootloader, version 2 (EFI-IA32 modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with the
EFI-IA32 architecture, as used by Intel Macs (unless a BIOS interface has
been activated). It can be installed in parallel with other flavours, but
will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-efi-ia32 is also
installed.
- grub-efi-ia32-dbg: GRand Unified Bootloader, version 2 (EFI-IA32 debug files)
This package contains debugging files for grub-efi-ia32-bin. You only need
these if you are trying to debug GRUB using its GDB stub.
- grub-efi-riscv64: GRand Unified Bootloader, version 2 (riscv64 UEFI version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use on RISC-V 64-bit systems with UEFI. Installing this package indicates that
this version of GRUB should be the active boot loader.
- grub-efi-riscv64-bin: GRand Unified Bootloader, version 2 (riscv64 UEFI modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use on riscv64
systems with UEFI. It can be installed in parallel with other flavours,
but will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-efi-riscv64 is also
installed.
- grub-efi-riscv64-dbg: GRand Unified Bootloader, version 2 (riscv64 UEFI debug files)
This package contains debugging files for grub-efi-
riscv64- bin. You only
need these if you are trying to debug GRUB using its GDB stub.
- grub-emu: GRand Unified Bootloader, version 2 (emulated version)
This package contains grub-emu, an emulated version of GRUB. It is only
provided for debugging purposes.
- grub-emu-dbg: GRand Unified Bootloader, version 2 (emulated debug files)
This package contains debugging files for grub-emu. You only need these if
you are trying to debug GRUB using its GDB stub.
- grub-firmware-qemu: GRUB firmware image for QEMU
This package contains a binary of GRUB that has been built for use as
firmware for QEMU. It can be used as a replacement for other PC BIOS
images provided by seabios, bochsbios, and so on.
.
In order to make QEMU use this firmware, simply add `-bios grub.bin' when
invoking it.
.
This package behaves in the same way as GRUB for coreboot, but doesn't
contain any code from coreboot itself, and is only suitable for QEMU. If
you want to install GRUB as firmware on real hardware, you need to use the
grub-coreboot package, and manually combine that with coreboot.
- grub-ieee1275: GRand Unified Bootloader, version 2 (Open Firmware version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with Open Firmware implementations. Installing this package indicates
that this version of GRUB should be the active boot loader.
- grub-ieee1275-bin: GRand Unified Bootloader, version 2 (Open Firmware modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with Open
Firmware implementations. It can be installed in parallel with other
flavours, but will not automatically install GRUB as the active boot loader
nor automatically update grub.cfg on upgrade unless grub-ieee1275 is also
installed.
- grub-ieee1275-bin-dbgsym: debug symbols for grub-ieee1275-bin
- grub-ieee1275-dbg: GRand Unified Bootloader, version 2 (Open Firmware debug files)
This package contains debugging files for grub-ieee1275-bin. You only
need these if you are trying to debug GRUB using its GDB stub.
- grub-linuxbios: GRand Unified Bootloader, version 2 (dummy package)
This is a dummy transitional package that depends on grub-coreboot.
- grub-pc: GRand Unified Bootloader, version 2 (PC/BIOS version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
- VESA-based graphical mode with background image support and complete 24-bit
color set.
- Support for extended charsets. Users can write UTF-8 text to their menu
entries.
.
This is a dependency package for a version of GRUB that has been built for
use with the traditional PC/BIOS architecture. Installing this package
indicates that this version of GRUB should be the active boot loader.
- grub-pc-bin: GRand Unified Bootloader, version 2 (PC/BIOS modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
- VESA-based graphical mode with background image support and complete 24-bit
color set.
- Support for extended charsets. Users can write UTF-8 text to their menu
entries.
.
This package contains GRUB modules that have been built for use with the
traditional PC/BIOS architecture. It can be installed in parallel with
other flavours, but will not automatically install GRUB as the active boot
loader nor automatically update grub.cfg on upgrade unless grub-pc is also
installed.
- grub-pc-bin-dbgsym: debug symbols for grub-pc-bin
- grub-pc-dbg: GRand Unified Bootloader, version 2 (PC/BIOS debug files)
This package contains debugging files for grub-pc-bin. You only need these
if you are trying to debug GRUB using its GDB stub.
- grub-rescue-pc: GRUB bootable rescue images, version 2 (PC/BIOS version)
This package contains three GRUB rescue images that have been built for use
with the traditional PC/BIOS architecture:
.
- grub-rescue-floppy. img: floppy image.
- grub-rescue-cdrom.iso: El Torito CDROM image.
- grub-rescue-usb.img: USB image.
- grub-theme-starfield: GRand Unified Bootloader, version 2 (starfield theme)
This is the default theme for GRUB's graphical menu.
- grub-uboot: GRand Unified Bootloader, version 2 (ARM U-Boot version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with ARM systems with U-Boot. Installing this package indicates that
this version of GRUB should be the active boot loader.
- grub-uboot-bin: GRand Unified Bootloader, version 2 (ARM U-Boot modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with ARM
systems with U-Boot. It can be installed in parallel with other flavours,
but will not automatically install GRUB as the active boot loader nor
automatically update grub.cfg on upgrade unless grub-uboot is also
installed.
- grub-uboot-dbg: GRand Unified Bootloader, version 2 (ARM U-Boot debug files)
This package contains debugging files for grub-uboot-bin. You only need
these if you are trying to debug GRUB using its GDB stub.
- grub-xen: GRand Unified Bootloader, version 2 (Xen version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This is a dependency package for a version of GRUB that has been built for
use with the Xen hypervisor (i.e. PV-GRUB). Installing this package
indicates that this version of GRUB should be the active boot loader.
- grub-xen-bin: GRand Unified Bootloader, version 2 (Xen modules)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package contains GRUB modules that have been built for use with the
Xen hypervisor (i.e. PV-GRUB). It can be installed in parallel with other
flavours, but will not automatically install GRUB as the active boot loader
nor automatically update grub.cfg on upgrade unless grub-xen is also
installed.
- grub-xen-dbg: GRand Unified Bootloader, version 2 (Xen debug files)
This package contains debugging files for grub-xen-bin. You only need
these if you are trying to debug GRUB using its GDB stub.
- grub-xen-host: GRand Unified Bootloader, version 2 (Xen host version)
GRUB is a portable, powerful bootloader. This version of GRUB is based on a
cleaner design than its predecessors, and provides the following new features:
.
- Scripting in grub.cfg using BASH-like syntax.
- Support for modern partition maps such as GPT.
- Modular generation of grub.cfg via update-grub. Packages providing GRUB
add-ons can plug in their own script rules and trigger updates by invoking
update-grub.
.
This package arranges for GRUB binary images which can be used to boot a Xen
guest (i.e. PV-GRUB) to be present in the control domain filesystem.
- grub2: GRand Unified Bootloader, version 2 (dummy package)
This is a dummy transitional package to handle GRUB 2 upgrades. It can be
safely removed.
- grub2-common: GRand Unified Bootloader (common files for version 2)
This package contains common files shared by the distinct flavours of GRUB.
The files in this package are specific to GRUB 2, and would break GRUB
Legacy if installed on the same system.
- grub2-common-dbgsym: debug symbols for grub2-common
