Change logs for grub2 source package in Groovy

grub2 (2.04-1ubuntu35.6) groovy; urgency=medium

  [ Dimitri John Ledkov & Steve Langasek ]
  * Relax dependencies to allow grub-efi be installed with later versions
    of grub-efi-amd64. Stop building grub-efi-amd64|arm64{-bin,dbg}
    packages, now provided by src:grub2-unsigned. LP: #1915536

 -- Dimitri John Ledkov <email address hidden>  Wed, 24 Feb 2021 14:55:25 +0000

grub2 (2.04-1ubuntu35.4) groovy; urgency=medium

  * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815

grub2 (2.04-1ubuntu35.3) groovy; urgency=medium

  * Revert: rhboot-f34-tcp-add-window-scaling-support.patch,
    rhboot-f34-support-non-ethernet.patch,
    ubuntu-fixup-rhboot-f34-support-non-ethernet.patch,
    ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS
    LXD KVM pod deployments. LP: #1915288
  * Cherrypick fix crash in http LP: #1915288

 -- Dimitri John Ledkov <email address hidden>  Fri, 12 Feb 2021 22:11:53 +0000

grub2 (2.04-1ubuntu35.2) groovy; urgency=medium

  * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch
    to correctly initialyze the names of the modules to restore. LP:
    #1907085
  * rhboot-f34-make-exit-take-a-return-code.patch,
    rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit
    non-zero under EFI, this should allow falling back to the next
    BootOrder BootEntry. LP: #1865515
  * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot
    transfer speed. LP: #1911439
  * rhboot-f34-support-non-ethernet.patch,
    ubuntu-fixup-rhboot-f34-support-non-ethernet.patch,
    ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch:
    add support for link layer addresses of up to 32-bytes. LP: #1911439
  * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch:
    speed up calibration time, especially when booting VMs. LP: #1911439
  * minilzo: built using the distribution's minilzo. LP: #1911440

 -- Dimitri John Ledkov <email address hidden>  Thu, 14 Jan 2021 12:30:56 +0000

grub2 (2.04-1ubuntu35.1) groovy; urgency=medium

  * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels
    on arm64 by setting the image base address before jumping to the
    PE/COFF entry point LP: #1900774
  * Fix tftp timeouts when fetching large files. LP: #1900773

 -- dann frazier <email address hidden>  Thu, 12 Nov 2020 16:08:57 -0700

grub2 (2.04-1ubuntu35) groovy; urgency=medium

  * postinst.in, grub-multi-install: fix logic of skipping installing onto
    any device, if one chose to not install bootloader on any device. LP:
    #1896608
  * Do not finalize params twice on arm64. LP: #1897819

 -- Dimitri John Ledkov <email address hidden>  Thu, 01 Oct 2020 22:59:51 +0800

grub2 (2.04-1ubuntu34) groovy; urgency=medium

  * configure.ac: one more dejavu font search path

 -- Dimitri John Ledkov <email address hidden>  Mon, 14 Sep 2020 10:53:07 +0100

grub2 (2.04-1ubuntu33) groovy; urgency=medium

  * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core.

 -- Steve Langasek <email address hidden>  Sun, 13 Sep 2020 23:49:08 -0700

grub2 (2.04-1ubuntu32) groovy; urgency=medium

  * ubuntu-linuxefi-arm64.patch: Fix build on armhf

grub2 (2.04-1ubuntu31) groovy; urgency=medium

  * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch
    that got lost in the 2.04 rebase (LP: #1862279)

 -- Julian Andres Klode <email address hidden>  Fri, 11 Sep 2020 20:33:34 +0200

grub2 (2.04-1ubuntu31) groovy; urgency=medium

  * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch
    that got lost in the 2.04 rebase (LP: #1862279)

 -- Julian Andres Klode <email address hidden>  Fri, 11 Sep 2020 17:49:50 +0200

grub2 (2.04-1ubuntu30) groovy; urgency=medium

  * postinst.in: do not attempt to call grub-install upon fresh install of
    grub-pc because it it a job of installers to do that after fresh
    install.
  * grub-multi-install: fix non-interactive failures for grub-efi like it
    was fixed in postinst for grub-pc.

 -- Dimitri John Ledkov <email address hidden>  Thu, 03 Sep 2020 14:54:23 +0100

grub2 (2.04-1ubuntu29) groovy; urgency=medium

  * grub-install: cherry-pick patch from grub-devel to make grub-install
    fault tolerant. Create backup of files in /boot/grub, and restore them
    on failure to complete grub-install. LP: #1891680
  * postinst.in: do not exit successfully when failing to show critical
    grub-pc/install_devices_failed and grub-pc/install_devices_empty
    prompts in non-interactive mode. This enables surfacing upgrade errors
    to the users and/or automation. LP: #1891680
  * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit
    dpkg-reconfigure grub-pc. LP: #1892526

 -- Dimitri John Ledkov <email address hidden>  Tue, 01 Sep 2020 20:04:44 +0100

grub2 (2.04-1ubuntu28) groovy; urgency=medium

  * Ensure that grub-multi-install can always find templates (LP: #1879948)
  * Fix changelog entries for security update

 -- Julian Andres Klode <email address hidden>  Mon, 10 Aug 2020 15:07:29 +0200

grub2 (2.04-1ubuntu27) groovy; urgency=medium

  * debian/patches/ubuntu-flavour-order.patch:
    - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel
      flavours as preferred, and specify an order between those preferred
      flavours (LP: #1882663)
  * debian/patches/ubuntu-zfs-enhance-support.patch:
    - Use version_find_latest for ordering kernels, so it also supports
      the GRUB_FLAVOUR_ORDER setting.
  * debian/patches/ubuntu-dont-verify-loopback-images.patch:
    - disk/loopback: Don't verify loopback images (LP: #1878541),
      Thanks to Chris Coulson for the patch
  * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch
    - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789)
  * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch:
    - Merge changes from xnox to fix multiple initrds support (LP: #1878705)
  * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch:
    - Remove, no longer needed thanks to xnox's patch

 -- Julian Andres Klode <email address hidden>  Thu, 06 Aug 2020 14:47:52 +0200

grub2 (2.04-1ubuntu26.2) focal; urgency=medium

  * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc
    package, since we cannot be certain that it will install to the correct
    disk and a grub-install failure will render the system unbootable.
    LP: #1889556.

 -- Steve Langasek <email address hidden>  Thu, 30 Jul 2020 17:34:25 -0700

grub2 (2.04-1ubuntu26.1) focal; urgency=medium

  [ Julian Andres Klode ]
  * Move gettext patches out of git-dpm's way, so it does not delete them

  [ Chris Coulson ]
  * SECURITY UPDATE: Heap buffer overflow when encountering commands that
    cannot be tokenized to less than 8192 characters.
    - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
      fatal lexer errors actually be fatal
    - CVE-2020-10713
  * SECURITY UPDATE: Multiple integer overflow bugs that could result in
    heap buffer allocations that were too small and subsequent heap buffer
    overflows when handling certain filesystems, font files or PNG images.
    - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
      arithmetic primitives that allow for overflows to be detected
    - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
      Make sure that there is always an overflow checking implementation
      of calloc() available
    - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
      appropriate
    - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
      overflow-safe arithmetic primitives when performing allocations
      based on the results of operations that might overflow
    - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
      hfsplus
    - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
      more potential integer overflows in lvm
    - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
  * SECURITY UPDATE: Use-after-free when executing a command that causes
    a currently executing function to be redefined.
    - 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
      Remove unused fields from grub_script_function
    - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
      Avoid a use-after-free when redefining a function during execution
    - CVE-2020-15706
  * SECURITY UPDATE: Integer overflows that could result in heap buffer
    allocations that were too small and subsequent heap buffer overflows
    during initrd loading.
    - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
      integer overflows in initrd size handling
    - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
      integer overflows in linuxefi grub_cmd_initrd
    - CVE-2020-15707
  * Various fixes as a result of code review and static analysis:
    - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
     memory leak on realloc failures when processing symbolic links
    - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
      memory leak when processing font files with more than one NAME
      section
    - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
      after it is freed in order to avoid a potential double free later on
    - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
      out-of-bounds read in LzmaEncode
    - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
      priority queues and fix a double free
    - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
      various arithmetic errors with malformed device paths
    - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
      a NULL deref in the chainloader command introduced by a previous
      patch
    - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a
      use-after-free in the halt and reboot commands by not freeing
      allocated memory in these paths
    - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
      Avoid a double free in the chainloader command when validation fails
    - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
      Protect grub_relocator_alloc_chunk_addr input arguments against
      integer overflow / underflow
    - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
      Protect grub_relocator_alloc_chunk_align max_addr argument against
      integer underflow
    - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
      grub_relocator_alloc_chunk_align top memory allocation
    - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
      Avoid overflow on initrd size calculation

  [ Dimitri John Ledkov ]
  * SECURITY UPDATE: Grub does not enforce kernel signature validation
    when the shim protocol isn't present.
    - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
      Fail kernel validation if the shim protocol isn't available
    - CVE-2020-15705

 -- Chris Coulson <email address hidden>  Mon, 20 Jul 2020 19:19:08 +0100

grub2 (2.04-1ubuntu26) focal; urgency=medium

  [ Julian Andres Klode ]
  * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere
    (LP: #1872077)
  * Display disk name and size in the ESP selection dialog, instead of ???

  [ Sebastien Bacher ]
  * debian/patches/gettext,
    debian/patches/rules:
    - backport upstream patches to fix the list of translated strings,
      reported on the ubuntu-translators mailing list. The changes would
      be overwritten by autoreconf so applying from a rules override.

 -- Julian Andres Klode <email address hidden>  Wed, 15 Apr 2020 13:31:27 +0200