-
grub2 (2.02~beta2-9ubuntu1.17) trusty; urgency=medium
* debian/grub-check-signatures: check kernel signatures against keys known
in firmware, in case a kernel is signed but not using a key that will pass
validation, such as when using kernels coming from a PPA. (LP: #1789918)
* debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned
kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled
and kernel signature verification fails, do not boot the kernel. Patch
from Linn Crosetto. (LP: #1401532)
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 22 Mar 2019 11:36:54 -0400
-
grub2 (2.02~beta2-9ubuntu1.16) trusty; urgency=medium
[ Ivan Hu ]
* debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch:
Add support for ext_lfb_base. (LP: #1785033)
[ dann frazier ]
* Add grub2/update_nvram template to allow users to disable NVRAM
updates during package upgrades (LP: #1642298).
[ Mathieu Trudel-Lapierre ]
* debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
SB patch set: (LP: #1696599)
- linuxefi_backport_arm64.patch: backport basic arm64 chainload/linux
command support from 17.04.
- linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
chainloader.
- linuxefi_fix_validation_race.patch: Fix a race in validating images.
- linuxefi_chainloader_path.patch: honor the starting path for grub, so
images do not need to be started from $root.
- linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
when Secure Boot is enabled.
- linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
loaders: don't load the commands when Secure Boot is enabled.
- linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
initrd commands to automatically hand-off to linuxefi/initrdefi; re-
enable the linux loader.
- linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
"special" PE images, such as Windows'.
- linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
disabled or shim validation is disabled so loading works as EFI binaries
when it is supposed to.
- Removed linuxefi_require_shim.patch; superseded by the above.
- Removed linuxefi_amd64_only.patch; superseded by the above.
- Refreshed patches.
* debian/rules: disable the use of -Werror while building grub; the EFI
patches have subtle cases which trip it up unnecessarily.
* debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch:
dropped; included in linuxefi_backport_arm64.patch.
* debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
(LP: #1792575)
* debian/patches/linuxefi_truncate_overlong_relocs.patch: The Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7. (LP: #1792575)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 08 Jan 2019 12:36:49 -0500
-
grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium
* util/grub-install.c: Use MokManager EFI binary name without
the .signed extension now that shim handles signing via sbsigntool
natively. (LP: #1708245)
- debian/patches/install_signed.patch
* debian/control: Breaks shim << 13 due to the renamed MokManager binary.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 04 Jul 2018 15:28:17 -0400
-
grub2 (2.02~beta2-9ubuntu1.14) trusty; urgency=medium
* debian/patches/install_signed.patch: update to use the new names for the
shim binary (shim$arch) and MokManager (mm$arch). (LP: #1637290)
* debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
renamed EFI binaries.
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 14 Jul 2017 12:20:11 -0400
-
grub2 (2.02~beta2-9ubuntu1.13) trusty; urgency=medium
* debian/patches/install_signed.patch: update to use the new names for the
shim binary (shim$arch), MokManager (mm$arch) and add fallback (fb$arch).
(LP: #1637290)
* debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
renamed EFI binaries.
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 22 Sep 2016 12:34:56 -0400
-
grub2 (2.02~beta2-9ubuntu1.12) trusty; urgency=medium
* debian/patches/uefi_firmware_setup.patch: take into account that the UEFI
variable OsIndicationsSupported is a bit field, and as such should be
compared as hex values in 30_uefi-firmware.in. (LP: #1456911)
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 29 Jul 2016 14:50:13 -0400
-
grub2 (2.02~beta2-9ubuntu1.11) trusty-proposed; urgency=medium
* Add support for running a 64-bit Linux kernel on a 32-bit EFI.
(LP: #1591818)
-- Shih-Yuan Lee (FourDollars) <email address hidden> Wed, 08 Jun 2016 13:53:40 +0800
-
grub2 (2.02~beta2-9ubuntu1.10) trusty; urgency=low
* No change rebuild to refresh custom upload.
grub2 (2.02~beta2-9ubuntu1.9) trusty; urgency=medium
* debian/postinst.in: call on update-secureboot-policy to allow users
to toggle Secure Boot validation in shim when third-party drivers are
installed. (LP: #1574727)
-- Andy Whitcroft <email address hidden> Tue, 28 Jun 2016 12:07:53 +0100
-
grub2 (2.02~beta2-9ubuntu1.9) trusty; urgency=medium
* debian/postinst.in: call on update-secureboot-policy to allow users
to toggle Secure Boot validation in shim when third-party drivers are
installed. (LP: #1574727)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 21 Jun 2016 13:34:21 -0400
-
grub2 (2.02~beta2-9ubuntu1.8) trusty; urgency=medium
* debian/prep-bootdev.c: add prep-bootdev for use in postinst (and to help
detecting the prep partition on ppc64el in general).
* debian/rules: build the prep-bootdev binary for grub-ieee1275.
* debian/control: add libparted-dev to Build-Depends for prep-bootdev.
* debian/grub-ieee1275-bin.install.ppc64el.in: ship prep-bootdev.
* debian/clean: clean up prep-bootdev.
* debian/postinst.in: (LP: #1549064)
- run prep-bootdev to have a device to point grub-ieee1275 to to install
the new bootloader data to when calling grub-install.
- run grub-install with --no-nvram to avoid clobbering the boot-device
variable every time grub is updated.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 24 Feb 2016 14:39:34 -0500
-
grub2 (2.02~beta2-9ubuntu1.7) trusty; urgency=medium
* Cherry-picks to better handle TFTP timeouts on some arches: (LP: #1521612)
- (7b386b7) efidisk: move device path helpers in core for efinet
- (c52ae40) efinet: skip virtual IP devices when enumerating cards
- (f348aee) efinet: enable hardware filters when opening interface
* Update quick boot logic to handle abstractions for which there is no
write support. (LP: #1274320)
-- dann frazier <email address hidden> Wed, 16 Dec 2015 14:03:48 -0700
-
grub2 (2.02~beta2-9ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: password bypass via backspace key buffer overflow
- debian/patches/CVE-2015-8370.patch: check length before accepting a
backspace character in grub-core/lib/crypto.c,
grub-core/normal/auth.c.
- CVE-2015-8370
-- Marc Deslauriers <email address hidden> Tue, 15 Dec 2015 09:11:24 -0500
-
grub2 (2.02~beta2-9ubuntu1.5) trusty; urgency=medium
* d/p/arm64-set-correct-length-of-device-path-end-entry.patch: Fixes
booting arm64 kernels on certain UEFI implementations. (LP: #1476882)
* progress: avoid NULL dereference for net files. (LP: #1459872)
* arm64/setjmp: Add missing license macro. (LP: #1459871)
* Cherry-pick patch to add SAS disks to the device list from the ofdisk
module. (LP: #1517586)
* Cherry-pick patch to open Simple Network Protocol exclusively.
(LP: #1508893)
-- dann frazier <email address hidden> Wed, 25 Nov 2015 13:13:35 -0700
-
grub2 (2.02~beta2-9ubuntu1.4) trusty; urgency=medium
* Fix overlap check in check_blocklists for load_env (backported patch from
upstream commit 1f6af2a9). (LP: #1311247)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 23 Sep 2015 21:29:20 -0400
-
grub2 (2.02~beta2-9ubuntu1.3) trusty; urgency=medium
* Do not hang headless servers indefinitely on boot after edge case power
failure timing (LP: #1443735). Instead, time out after 30 seconds and boot
anyway, including on non-headless systems.
-- Robie Basak <email address hidden> Tue, 19 May 2015 13:31:03 +0100
-
grub2 (2.02~beta2-9ubuntu1.2) trusty-proposed; urgency=medium
* debian/patches/install_powerpc_machtypes.patch: updated: do a better job
at detecting machine types; so as to use the right utility when updating
nvram for the boot-device. This also fixes adding a CHRP note on the
chrp_ibm machines, which broke PowerVM mode. (LP: #1334793)
* debian/patches/ppc64el-disable-vsx.patch: disable the VSX instruction,
which is enabled by default on POWER7/8 cpu models, to avoid crashes due
to instruction exceptions. The kernel will re-enable it when necessary.
(LP: #1454743)
* debian/patches/ieee1275-clear-reset.patch: clear the text attribute in
the clear command. (LP: #1454764)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 13 May 2015 12:30:05 -0400
-
grub2 (2.02~beta2-9ubuntu1.1) trusty-proposed; urgency=medium
* Add dependency on efibootmgr to grub-efi-arm64-bin (LP: #1435663).
-- dann frazier <email address hidden> Mon, 06 Apr 2015 22:31:19 -0600
-
grub2 (2.02~beta2-9ubuntu1) trusty; urgency=medium
* Backport patches from upstream to make the network stack more responsive
on busy networks (LP: #1314134).
* Add support for nvme device in grub-mkdevicemap (thanks, Dimitri John
Ledkov; closes: #746396, LP: #1275162).
-- Colin Watson <email address hidden> Thu, 08 May 2014 13:09:46 +0100
-
grub2 (2.02~beta2-9) unstable; urgency=medium
* Backport from upstream:
- Tolerate devices with no filesystem UUID returned by os-prober
(LP: #1287436).
-- Colin Watson <email address hidden> Thu, 10 Apr 2014 17:34:44 +0100
-
grub2 (2.02~beta2-8) unstable; urgency=medium
[ Colin Watson ]
* Backport from upstream:
- ieee1275: check for IBM pseries emulated machine.
- Fix partmap, cryptodisk, and abstraction handling in grub-mkconfig
(closes: #735935).
- btrfs: fix get_root key comparison failures due to endianness.
* Build-depend on automake (>= 1.10.1) to ensure that it meets configure's
requirements (LP: #1299041).
* When installing an image for use with UEFI Secure Boot, generate a
load.cfg even if there are no device abstractions in use (LP: #1298399).
[ Jon Severinsson ]
* Add Tanglu support, as in Debian except:
- Enable splash screen by default (as Ubuntu)
- Enable quiet and quick boot (as Ubuntu)
- Enable the grub-common init script (as Ubuntu)
- Enable dynamic gfxpayload (as Ubuntu)
- Enable vt handover (as Ubuntu)
- Use monochromatic theme by default (as Ubuntu)
- Use Tanglu GRUB wallpaper by default.
-- Colin Watson <email address hidden> Mon, 31 Mar 2014 16:30:37 +0100
-
grub2 (2.02~beta2-7) experimental; urgency=medium
* Fix shift-held-down test not to clear other modifier key states
(LP: #843804).
* Explicitly pass an appropriate --target to grub-install in the postinst
(suggested by Jordan Uggla).
* Backport from upstream:
- Use bootaa64.efi instead of bootaarch64.efi on arm64 to comply with
EFI specification. Also use grubaa64.efi for consistency.
-- Colin Watson <email address hidden> Mon, 10 Mar 2014 13:39:33 +0000
-
grub2 (2.02~beta2-6) experimental; urgency=medium
* Install bootinfo.txt and grub.chrp into grub-ieee1275-bin on powerpc and
ppc64el.
* Port yaboot logic to improve installation for various powerpc machine
types.
* Improve parsing of /etc/default/grub.d/*.cfg in C utilities
(LP: #1273694).
* Run grub-install on install or upgrade on grub-ieee1275/ppc64el.
-- Colin Watson <email address hidden> Tue, 28 Jan 2014 23:50:55 +0000
-
grub2 (2.02~beta2-5) experimental; urgency=medium
* Add a number of EFI debugging commands to the signed image (lsefi,
lsefimmap, lsefisystab, lssal).
* Add gfxterm_background to the signed image so that background_image
works in UEFI Secure Boot mode. Thanks to syscon-hh for the report.
-- Colin Watson <email address hidden> Mon, 27 Jan 2014 10:03:00 +0000
-
grub2 (2.02~beta2-4) experimental; urgency=medium
* Remove redundant build-dependencies on autoconf and automake, covered by
dh-autoreconf.
* In --enable-quick-boot mode, restore previous behaviour of using a
hidden timeout if GRUB_HIDDEN_TIMEOUT=0 (thanks to Sebastien Bacher for
the report).
* Disable cpio test on kFreeBSD again for now; it fails within cpio itself
with "field width not sufficient for storing rdev minor".
* Copy shim.efi.signed to the correct path in UEFI Secure Boot mode.
Thanks to syscon-hh for the report.
-- Colin Watson <email address hidden> Mon, 20 Jan 2014 15:53:36 +0000
-
grub2 (2.02~beta2-2) experimental; urgency=medium
* Convert patch handling to git-dpm.
* Add bi-endian support to ELF parser (Tomohiro B Berry).
* Adjust restore_mkdevicemap.patch to mark get_kfreebsd_version as static,
to appease "gcc -Werror=missing-prototypes".
* Cherry-pick from upstream:
- Change grub-macbless' manual page section to 8.
* Install grub-glue-efi, grub-macbless, grub-render-label, and
grub-syslinux2cfg.
* grub-shell: Pass -no-pad to xorriso when building floppy images.
-- Colin Watson <email address hidden> Thu, 16 Jan 2014 15:18:04 +0000
-
grub2 (2.00-22) unstable; urgency=low
* Backport from upstream:
- On Linux, read partition start offsets from sysfs if possible
(LP: #1237519).
- Fix sector number when writing to non-512B disks (LP: #1253443).
* Regularise indentation of "recordfail" in /etc/grub.d/10_linux.
-- Colin Watson <email address hidden> Thu, 12 Dec 2013 01:24:11 +0000
-
grub2 (2.00-21) unstable; urgency=low
[ Robert Millan ]
* Backport from upstream:
- Accept ZFS version 5000 (feature based).
[ Colin Watson ]
* Silence error message on initial installation when /etc/default/grub
does not yet exist.
* Add GRUB_RECOVERY_TITLE option, to allow the controversial "recovery
mode" text to be customised (LP: #1240360).
* Backport from upstream:
- Revamp hidden timeout handling by adding a new timeout_style
environment variable and a corresponding GRUB_TIMEOUT_STYLE
configuration key for grub-mkconfig. This controls hidden-timeout
handling more simply than the previous arrangements, and pressing any
hotkeys associated with menu entries during the hidden timeout will
now boot the corresponding menu entry immediately (LP: #1178618). As
part of merging this, radically simplify the mess that
quick_boot.patch had made of /etc/grub.d/30_os-prober; if it finds
other OSes it can now just set timeout_style=menu and make sure the
timeout is non-zero.
- Fix build with FreeType 2.5.1.
-- Colin Watson <email address hidden> Tue, 03 Dec 2013 16:53:32 +0000
-
grub2 (2.00-20) unstable; urgency=low
* Backport from upstream:
- Sort gnumach kernels in version order (closes: #725451).
* Move packaging to git, following upstream. Adjust Vcs-* fields.
* Remove obsolete DM-Upload-Allowed field.
* Merge (completely!) from Ubuntu:
- Handle probing striped DM-RAID devices (thanks, Robert Collins;
LP: #803658).
- Unconditionally create grub.cfg on our EFI boot partition in Secure
Boot mode; GRUB always needs some configuration in this case to find
/boot/grub, since we can't modify the signed image at install time
(Steve Langasek, LP: #1236625).
- If MokManager is present on the host system, copy it onto the EFI boot
partition for use (Steve Langasek).
- Adjust UEFI installation to cope with Kubuntu setting GRUB_DISTRIBUTOR
(LP: #1242417).
- If building for Ubuntu:
+ Bypass menu unless other OSes are installed or Shift is pressed.
+ Show the boot menu if the previous boot failed.
+ Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported
on the current hardware.
+ Set vt.handoff=7 for smooth handoff to kernel graphical mode.
+ In recovery mode, add nomodeset to the Linux kernel arguments, and
remove the 'set gfxpayload=keep' command.
+ Set default timeout to 10 seconds.
+ Enable hidden timeout support by default.
- Migrate timeout settings from menu.lst.
- Probe FusionIO devices (LP: #1237519).
* Make grub.cfg world-unreadable if even hashed passwords are in use
(closes: #632598).
-- Colin Watson <email address hidden> Thu, 14 Nov 2013 10:49:31 +0000
-
grub2 (2.00-19ubuntu4) trusty; urgency=low
* Probe FusionIO devices (LP: #1237519).
-- Colin Watson <email address hidden> Tue, 12 Nov 2013 16:46:19 +0000
-
grub2 (2.00-19ubuntu3) trusty; urgency=low
* Adjust UEFI installation to cope with Kubuntu setting GRUB_DISTRIBUTOR
(LP: #1242417).
-- Colin Watson <email address hidden> Tue, 22 Oct 2013 09:36:32 +0100
-
grub2 (2.00-19ubuntu2) saucy; urgency=low
[ Steve Langasek ]
* debian/patches/ubuntu_efi_always_install_grub_cfg.patch: unconditionally
create grub.cfg on our EFI boot partition. Closes LP: #1236625.
* If MokManager is present on the host system, copy it onto the EFI boot
partition for use.
-- Colin Watson <email address hidden> Thu, 10 Oct 2013 18:23:29 +0100