Ubuntu
grub2-unsigned package

  1. Bug #2028947
  2. Comment #6

Comment 6 for bug 2028947

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-unsigned - 2.12~rc1-4ubuntu1

---------------
grub2-unsigned (2.12~rc1-4ubuntu1) mantic; urgency=medium

  * Merge from Debian unstable (LP: #2028947); remaining changes:
    - Add Ubuntu sbat data
    - build-efi-images: do not produce -installer.efi.signed. LP: 1863994
    - grub-common: Install canonical-uefi-ca.crt
    - Check signatures
    - Support installing to multiple ESP (LP: 1871821)
    - Disable various bits on i386
    - Split out unsigned artefacts into grub2-unsigned
    - Vcs-Git: Point to ubuntu packaging branch
    - Relax dependencies on grub-common and grub2-common
    - grub-pc: Avoid the possibility of breaking grub on SRU update due
      to ABI change
    - UBUNTU: Default timeout changes
    - Revert "Add jfs module to signed UEFI images. Closes: #950959"
    - Revert "Add f2fs module to signed UEFI images"
    - Install grub-initrd-fallback.service again
    - Build using -O1 on s390x to avoid misoptimization
    - grub-check-signatures: Support gzip compressed kernels (LP: #1954683)
    - grub-multi-install: Reset partition type between partitions (LP: #1997795)
    - Drop i386 from grub-efi-amd64* (LP: #2020907)
    - Turn depends on grub-efi-amd64/arm64 unversioned
    - forward port fix for LP: #1926748
    - Make the grub2/no_efi_extra_removable setting work correctly
    - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only)
    - Build grub2-unsigned packages with xz compression
    - Replaced patches:
      - installe-signed.patched
      - grub-install-extra-removable.patch
      - grub-install-removable-shim.patch
    - Added patches:
      + rhboot-f34-dont-use-int-for-efi-status.patch
      + rhboot-f34-make-exit-take-a-return-code.patch
      + suse-grub.texi-add-net_bootp6-document.patch
      + ubuntu-add-devicetree-command-support.patch
      + ubuntu-add-initrd-less-boot-fallback.patch
      + ubuntu-add-initrd-less-boot-messages.patch
      + ubuntu-boot-from-multipath-dependent-symlink.patch
      + ubuntu-dont-verify-loopback-images.patch
      + ubuntu-fix-lzma-decompressor-objcopy.patch
      + ubuntu-grub-install-extra-removable.patch
      + ubuntu-install-signed.patch
      + ubuntu-mkconfig-leave-breadcrumbs.patch
      + ubuntu-os-prober-auto.patch
      + ubuntu-recovery-dis_ucode_ldr.patch
      + ubuntu-resilient-boot-boot-order.patch
      + ubuntu-resilient-boot-ignore-alternative-esps.patch
      + ubuntu-shorter-version-info.patch
      + ubuntu-speed-zsys-history.patch
      + ubuntu-support-initrd-less-boot.patch
      + ubuntu-verifiers-last.patch
      + ubuntu-zfs-enhance-support.patch
      + ubuntu-zfs-gfxpayload-dynamic.patch
      + ubuntu-zfs-gfxpayload-keep-default.patch
      + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
      + ubuntu-zfs-mkconfig-recovery-title.patch
      + ubuntu-zfs-mkconfig-signed-kernel.patch
      + ubuntu-zfs-mkconfig-ubuntu-distributor.patch
      + ubuntu-zfs-mkconfig-ubuntu-recovery.patch
      + ubuntu-zfs-vt-handoff.patch
  * Dropped Ubuntu changes:
    - All the rhboot loader patches
    - Temporarily, support for GRUB_FLAVOUR_ORDER
    - RISC-V patches, applied upstream:
      + efi-add-definition-of-LoadFile2-protocol.patch
      + efi-correct-struct-grub_efi_boot_services.patch
      + efi-implemented-LoadFile2-initrd-loading-protocol-fo.patch
      + efi-implement-grub_efi_run_image.patch
      + RISC-V-Update-image-header.patch
      + RISC-V-Use-common-linux-loader.patch
      + riscv-adjust-march-flags-for-binutils-2.38.patch
      + upstream/riscv-handle-r-riscv-call-plt-reloc.patch
      + loader-drop-argv-argument-in-grub_initrd_load.patch
      + loader-Move-arm64-linux-loader-to-common-code.patch
    - Networking patches (rebasing still WIP):
      + cherrypick-efi-grub_efi_close_protocol.patch
      + cherrypick-efinet-correct-closing-snp-protocol.patch
      + efinet-uefi-ipv6-pxe-support.patch
      + suse-add-support-for-UEFI-network-protocols.patch
      + suse-AUDIT-0-http-boot-tracker-bug.patch
    - Red Hat boot loader, replaced by upstream:
      + linuxefi-do-not-validate-kernels-twice.patch
      + linuxefi-Invalidate-i-cache-before-starting-the-kern.patch
      + rhboot-bounce-buffers.patch
      + rhboot-efi-allocate-in-kernel-bounds.patch
      + rhboot-efi-allocate-kernel-as-code-for-real.patch
      + rhboot-efi-allocate-kernel-as-code.patch
      + rhboot-efi-enumerated-array-for-allocation-choice.patch
      + rhboot-efi-fix-incorrect-array-size.patch
      + rhboot-efi-initrd-above-4gb.patch
      + rhboot-efi-kernel-allocator.patch
      + rhboot-efi-rearrange-grub-cmd-linux.patch
      + rhboot-efi-split-allocation-policy.patch
      + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch
      + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch
      + rhboot-try-to-pick-better-locations-for-kernel-and-initrd.patch
      + ubuntu-linuxefi-arm64.patch
      + ubuntu-linuxefi-arm64-set-base-addr.patch
      + ubuntu-linuxefi.patch
      + ubuntu-rhboot-cast-fixups.patch
      + ubuntu-efi-allow-loopmount-chainload.patch
      + ubuntu-efi-loader-code.patch
    - Security patches, applied upstream:
      + {0076...0161} security patches, applied upstream
      + font-*.patchi - security patches applied upstream
      + commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
      + fbutil-Fix-integer-overflow.patch
      + kern-efi-sb-Enforce-verification-of-font-files.patch
      + normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
    - Misc patches, merged in Debian:
      + efi-EFI-Device-Tree-Fixup-Protocol.patch
      + efivar-check-that-efivarfs-is-writeable.patch
      + fat-fix-listing-the-root-directory.patch
      + fdt-add-debug-output-to-devicetree-command.patch
      + zstd-require-8-byte-buffer.patch
      + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch
    - Misc patches applied upstream:
      + 2.12-mm/* - applied upstream
      + ubuntu-fuse3.patch
      + xfs-fix-v4-superblock.patch
      + tpm-unknown-error-non-fatal.patch
      + commands-efi-tpm-Refine-the-status-of-log-event.patch
      + efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
      + linux_xen-Properly-load-multiple-initrd-files.patch
      + linux_xen-Properly-order-multiple-initrd-files.patch
      + linux-ignore-FDT-unless-we-need-to-modify-it.patch
      + mkrescue-efi-modules.patch
      + tests-ahci-update-qemu-device-name.patch
    - No longer relevant:
      + ubuntu-disable-LOAD-FILE2-protocol-for-initrd-on-ARM.patch
      + ubuntu-temp-keep-auto-nvram.patch: was temporary in 2019 lol
      + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch
      + no-devicetree-if-secure-boot.patch
      + no-insmod-on-sb.patch
    - To be rewritten later in this cycle:
      + ubuntu-flavour-order.patch
    - Coalesced into some other patches:
      + ubuntu-zfs-maybe-quiet.patch
      + ubuntu-zfs-quick-boot.patch
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Julian Andres Klode <email address hidden> Fri, 28 Jul 2023 15:34:32 +0200