[ubuntu/lunar-proposed] grub2-unsigned 2.06-2ubuntu15 (Accepted)

Julian Andres Klode juliank at ubuntu.com
Thu Dec 1 15:47:37 UTC 2022 

grub2-unsigned (2.06-2ubuntu15) lunar; urgency=medium

  * grub-multi-install: Reset partition type between partitions (LP: #1997795)
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

grub2 (2.06-2ubuntu14) kinetic; urgency=medium

  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    review:
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Enforce verification of fonts when secure boot is enabled:
    - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
  * Fix LP: #1997006 - add support for performing measurements to RTMRs
    - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
    - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
    - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
  * Fix the squashfs tests during the build
    - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
    - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in

Date: Thu, 01 Dec 2022 16:30:53 +0100
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu15
-------------- next part --------------
Format: 1.8
Date: Thu, 01 Dec 2022 16:30:53 +0100
Source: grub2-unsigned
Built-For-Profiles: noudeb
Architecture: source
Version: 2.06-2ubuntu15
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Launchpad-Bugs-Fixed: 1996950 1997006 1997795
Changes:
 grub2-unsigned (2.06-2ubuntu15) lunar; urgency=medium
 .
   * grub-multi-install: Reset partition type between partitions (LP: #1997795)
   * Source package generated from src:grub2 using make -f ./debian/rules
     generate-grub2-unsigned
 .
 grub2 (2.06-2ubuntu14) kinetic; urgency=medium
 .
   * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
     - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
     - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
     - CVE-2022-2601, CVE-2022-3775
     - LP: #1996950
   * Fix various issues as a result of fuzzing, static analysis and code
     review:
     - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
     - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
     - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
     - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
     - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
     - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
     - add debian/patches/fbutil-Fix-integer-overflow.patch
     - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
     - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
     - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
   * Enforce verification of fonts when secure boot is enabled:
     - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
   * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
     - update debian/control
     - update debian/build-efi-image
     - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
   * Fix LP: #1997006 - add support for performing measurements to RTMRs
     - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
     - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
     - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
   * Fix the squashfs tests during the build
     - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
     - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
   * Bump SBAT generation:
     - update debian/sbat.ubuntu.csv.in
Checksums-Sha1:
 9bdcdd4da55eba7adb769f667c5fb319543b6af4 3589 grub2-unsigned_2.06-2ubuntu15.dsc
 c9f93f1e195ec7a5a21d36a13b469788c0b29f0f 6581924 grub2-unsigned_2.06.orig.tar.xz
 ecb6463af8f16c422ca3b89217bf1b1ceddafd97 1195560 grub2-unsigned_2.06-2ubuntu15.debian.tar.xz
 64f2ed44840c975d2a128d22aacc74805b2dbf59 9912 grub2-unsigned_2.06-2ubuntu15_source.buildinfo
Checksums-Sha256:
 fe8966fa6e9a00a3aa14841bc83cb5b90398d2321666801dc0b6e24d946a149b 3589 grub2-unsigned_2.06-2ubuntu15.dsc
 b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 6581924 grub2-unsigned_2.06.orig.tar.xz
 b5ac88f6e5e931f8132f4a719483b24c1f9ba0d16fc489825c4b5c37f5c87353 1195560 grub2-unsigned_2.06-2ubuntu15.debian.tar.xz
 ad54c20b1e1d37c60e7cc45d6b93ed7168c647905d62c80b2108dce7e3fa1f78 9912 grub2-unsigned_2.06-2ubuntu15_source.buildinfo
Files:
 d5020d9d0231d62b4e92aaca587532bb 3589 admin optional grub2-unsigned_2.06-2ubuntu15.dsc
 cf0fd928b1e5479c8108ee52cb114363 6581924 admin optional grub2-unsigned_2.06.orig.tar.xz
 e272380bb67aeca27925ccbac3067d9a 1195560 admin optional grub2-unsigned_2.06-2ubuntu15.debian.tar.xz
 c22ab12cfa81d41f82e1894d4d01e8a7 9912 admin optional grub2-unsigned_2.06-2ubuntu15_source.buildinfo
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>

More information about the lunar-changes mailing list