This bug was fixed in the package grub2 - 2.12~rc1-12ubuntu2 --------------- grub2 (2.12~rc1-12ubuntu2) noble; urgency=medium * Merge from Debian unstable; remaining changes: - Add Ubuntu sbat data - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 - grub-common: Install canonical-uefi-ca.crt - Check signatures - Support installing to multiple ESP (LP: 1871821) - Disable various bits on i386 - Split out unsigned artefacts into grub2-unsigned - Vcs-Git: Point to ubuntu packaging branch - Relax dependencies on grub-common and grub2-common - grub-pc: Avoid the possibility of breaking grub on SRU update due to ABI change - UBUNTU: Default timeout changes - Revert "Add jfs module to signed UEFI images. Closes: #950959" - Revert "Add f2fs module to signed UEFI images" - Install grub-initrd-fallback.service again - Build using -O1 on s390x to avoid misoptimization - grub-check-signatures: Support gzip compressed kernels (LP: #1954683) - grub-multi-install: Reset partition type between partitions (LP: #1997795) - Drop i386 from grub-efi-amd64* (LP: #2020907) - Turn depends on grub-efi-amd64/arm64 unversioned - forward port fix for LP: #1926748 - Make the grub2/no_efi_extra_removable setting work correctly - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only) - Build grub2-unsigned packages with xz compression - Revert: "Have -bin packages Break pre-2.12 -signed packages.", this is not compatible with our versioning schemes. - Install a /usr/lib/grub/grub-sort-version and use that to sort versions as it respects GRUB_FLAVOUR_ORDER. Depend on python3 to do so. - rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned - Replaced patches: - installe-signed.patched - grub-install-extra-removable.patch - grub-install-removable-shim.patch - Added patches: + rhboot-f34-dont-use-int-for-efi-status.patch + rhboot-f34-make-exit-take-a-return-code.patch + suse-grub.texi-add-net_bootp6-document.patch + ubuntu-add-devicetree-command-support.patch + ubuntu-add-initrd-less-boot-fallback.patch + ubuntu-add-initrd-less-boot-messages.patch + ubuntu-boot-from-multipath-dependent-symlink.patch + ubuntu-dont-verify-loopback-images.patch + ubuntu-fix-lzma-decompressor-objcopy.patch + ubuntu-grub-install-extra-removable.patch + ubuntu-install-signed.patch + ubuntu-mkconfig-leave-breadcrumbs.patch + ubuntu-os-prober-auto.patch + ubuntu-recovery-dis_ucode_ldr.patch + ubuntu-resilient-boot-boot-order.patch + ubuntu-resilient-boot-ignore-alternative-esps.patch + ubuntu-shorter-version-info.patch + ubuntu-speed-zsys-history.patch + ubuntu-support-initrd-less-boot.patch + ubuntu-verifiers-last.patch + ubuntu-zfs-enhance-support.patch + ubuntu-zfs-gfxpayload-dynamic.patch + ubuntu-zfs-gfxpayload-keep-default.patch + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch + ubuntu-zfs-mkconfig-recovery-title.patch + ubuntu-zfs-mkconfig-signed-kernel.patch + ubuntu-zfs-mkconfig-ubuntu-distributor.patch + ubuntu-zfs-mkconfig-ubuntu-recovery.patch + ubuntu-zfs-vt-handoff.patch * Removed luks2 from signed EFI binaries (LP: #2043101) grub2 (2.12~rc1-12) unstable; urgency=medium [ Mate Kukri ] * Port UEFI based network stack to 2.12 (LP: #2039081) * efi: Correct image unloading behavior * Prevent the incorrect use of `UnloadImage()` by binaries loaded by peimage * efinet: HTTP_MESSAGE fix field size (LP: #2043084) [ Abe Wieland ] * Maintain administrator value for os-prober [ Julian Andres Klode ] * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543) (LP: #2039172) grub2 (2.12~rc1-11) unstable; urgency=medium [ Mate Kukri ] * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- label.patch: fs/ntfs: Fix an OOB read when parsing a volume label - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- index-at.patch: fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- entries-fr.patch: fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- reside.patch: fs/ntfs: Fix an OOB read when reading data from the resident $DATA + attribute - CVE-2023-4693 * SECURITY UPDATE: Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- ATTRIBUTE_LIST-.patch: fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch fs/ntfs: Make code more readable - CVE-2023-4692 * efi: Cleanup peimage.c [ Julian Andres Klode ] * Bump SBAT to grub,4 -- Mate Kukri