proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-08-16 16:37:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
14,711 Commits 1 Branch 0 Tags 41 MiB
44ad2d701f
Commit Graph

14711 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabian Grünbichler
44ad2d701f bump version to 2.06-13+pmx3 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2025-02-21 08:10:51 +01:00
Fabian Grünbichler
152022a390 backport CVE fixes for 2025-02 CVEs 
this backports upstream commits fixing slew of CVEs:

ea703528a8581a2ea7e0bad424a70fdf0aec7d8f~..4dc6166571645780c459dde2cdc1b001a5ec844c
, adapting context or dropping inapplciable patches as needed for 2.06. changes
noted on individual patches.

commit ef7850c757fb3dd2462a512cfa0ff19c89fcc0b1 is cherry-picked additionally
as pre-requisite.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2025-02-21 08:03:15 +01:00
Fabian Grünbichler
e6283f87ed fix patch to make gbp pq happy 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2025-02-19 10:48:13 +01:00
Thomas Lamprecht
73289700b9 bump version to 2.06-13+pmx2 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2024-04-19 09:30:16 +02:00
Thomas Lamprecht
043582b1fc mkrescue: add opt-in quirk for secure-boot 
When building the ISO we use grub-mkrescue to setup the outer GRUB on
the ISO that's used to boot the actual installer, but mkrescue sadly
has no native support to copy over the signed shim, so add that but
only enable it through an environment variable so that we do not have
to vet this overly closely as it won't affect any normal grub use
anyway, even less so as mkrescue is used rather rarely on running
systems.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2024-04-19 09:29:40 +02:00
Fabian Grünbichler
33d6a5f260 bump version to 2.06-13+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-11-06 14:39:55 +01:00
Felix Zielcke
958247d031 Strip grub-emu binary. 2023-11-06 14:39:55 +01:00
Julian Andres Klode
4ece60aa69 Fix lintian overrides 2023-11-06 14:39:55 +01:00
Fabian Grünbichler
f462870abd proxmox-grub: depend on grub-common 
lintian is unhappy otherwise because of the /usr/share/doc/.. symlink.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-11-06 14:39:55 +01:00
Fabian Grünbichler
1c5a88b6ee update SBAT contents for Proxmox 
bump grub upstream SBAT for the pulled in CVE fixes

add grub.debian entry since we mostly re-use Debian's implementation, any
Debian-specific issue almost certainly would affect ours too

keep grub.proxmox at 1 - no signatures have been created yet using the
production keys, so there is no binary in existence that would need to be
revoked.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-11-06 11:14:53 +01:00
Fabian Grünbichler
27df922d25 grub2 Debian release 2.06-13+deb12u1 
-----BEGIN PGP SIGNATURE-----
 
 iQJPBAABCgA5FiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUcSXEbHGp1bGlhbi5r
 bG9kZUBjYW5vbmljYWwuY29tAAoJEG+kWN0dsD9xRQAP/0f76N/+7GYSY0eqh4vk
 ryhwkKovgCul02nAgIl/jxXMCDpwjCWzpdGDknp+CWSVTZ1QKdveFn0+0CGPwGM8
 2bNvTUGXfj63VaZFXw3q5BeTlc/DlVbDInrk9Uz+n1/qeg4yL42Q+CDnxmrxqt7s
 Mdi0RwL0BaYfMxSiruN0orDcvd72dYN1NMj3r7bDWOQeUFM3UHrRilPWB7O4xSpe
 d8toDWECiK9+A8u4Z5qQs9Db+VOwy8eo24hWKJvhdCdC3VnbUsvapGQATbXN42uY
 eWzF2pGI9RPc8qeQ9lXzd0c8EUWhdda/LPQImkF0gu/hSPRLIZrQcITojj5z0w4e
 Nc/+3iK2ceu+pX1bP1yP+rQSKiSSuJc6gygPHMZ5Vrc60n6QrKP7pRt5R/Hsd0BV
 iKExe756YNDiOiwlMNR5irXHAbCgUqEqpLKrW2Hehf97JvqLD7SrCb3jpgIc750m
 XvvtDR2oWx7E25itRHmyFlWip7E+cEEHoGVd1xcnZc42yDgV7ha6jKF/QzgEoQK0
 boK1h7X3R1FUqdp7rrKZd47KCzsw2K+dRvgQkJ1Dt3Lxc5WHy0Kpq776p8f6IsF3
 /5dC2cvdoKfKK2hz3jCL9gh/IJtA+wz3MqCPLsdVUejwrIyEVN5SzWyCC6DaXXKQ
 3mQ/J7uDNaiai6syMkNyFjOa
 =V4Gy
 -----END PGP SIGNATURE-----

Merge tag 'debian/2.06-13+deb12u1' into proxmox/bookworm

grub2 Debian release 2.06-13+deb12u1
 2023-11-06 11:13:58 +01:00
Julian Andres Klode
c160f2ebb4 Release 2.06-13+deb12u1 2023-10-02 16:20:28 +02:00
Julian Andres Klode
3fd986ee51 Bump SBAT to grub,4 2023-10-02 16:09:17 +02:00
Mate Kukri
279cc2d193 fs/ntfs: Fix various OOB reads and writes (CVE-2023-4692, CVE-2023-4693) 
This fixes the two CVEs and various other OOB bugs in the ntfs driver.

Reported-by: Maxim Suhanov <dfirblog@gmail.com>
 2023-10-02 16:09:16 +02:00
Steve McIntyre
f64f291a74 Prepare 2.06-13 release 2023-05-15 23:26:08 +01:00
Steve McIntyre
fc3e9c8b0a More translation updates 2023-05-14 00:57:07 +01:00
Steve McIntyre
b1e4812335 More debconf template translations 2023-05-11 00:46:32 +01:00
Steve McIntyre
dab5d311f8 Updates to lots of the debconf template translations 2023-05-02 15:17:47 +01:00
Steve McIntyre
358e8faa13 Allow initrd to contain spaces. Closes: #838177, #820838 2023-04-23 23:08:26 +01:00
Steve McIntyre
fd7b355f25 Installing to the RMP also needs mokmanager. 
Closes: #1034409
 2023-04-23 23:06:26 +01:00
Steve McIntyre
effc800113 Fix up arm64 SB patch to fix build failure on 32-bit systems 2023-04-21 16:24:40 +01:00
Steve McIntyre
8818b1d731 Try again, argh printf types 2023-04-21 00:56:37 +00:00
Steve McIntyre
4f52e7f9b0 Fix 32-bit compilation 2023-04-21 00:15:13 +00:00
Steve McIntyre
93d4aaa568 Prepare 2.06-9 release 2023-04-20 21:35:31 +01:00
Steve McIntyre
1ff00c01da Close another bug with the os-prober change 2023-04-20 21:34:22 +01:00
Steve McIntyre
3cc70f6d90 Add luks2 to the signed grub efi images. Closes: #1001248 2023-04-20 21:15:26 +01:00
Steve McIntyre
160701104a Don't warn about os-prober if it's not installed. Closes: #1020769 2023-04-20 21:02:05 +01:00
Steve McIntyre
d73cec07b9 Optionally re-enable os-prober 
Add debconf logic for GRUB_DISABLE_OS_PROBER to make it easier to
control things here. Particularly useful for the installer.
Closes: #1031594, #1012865.
 2023-04-20 21:01:12 +01:00
Steve McIntyre
53aecee25b Merge branch 'arm64-sb-1033657' into 'master' 
Add arm64-handover-to-kernel-if-sb-enabled.patch

See merge request grub-team/grub!32
 2023-04-14 18:09:48 +00:00
Fabian Grünbichler
04ce01635c bump version to 2.06-8.1+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-04-05 10:07:59 +02:00
Fabian Grünbichler
108001dc79 switch packaging to be Proxmox branded 
SBAT version is 3 (as opposed to Debian's 4) since we haven't shipped a version
3 Grub that doesn't have the version 3 fixes..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-04-05 10:07:59 +02:00
Emanuele Rocca
dccded55a2 Add arm64-handover-to-kernel-if-sb-enabled.patch 
Fix Secure Boot on arm64 with patch
arm64-handover-to-kernel-if-sb-enabled.patch.

Fix: #1033657
 2023-04-03 13:37:29 +02:00
Ben Hutchings
7fd3d6f657 Fix probing of LUKS2 devices (Closes: #1028301): 
- disk/cryptodisk: When cheatmounting, use the sector info of the cheat
  device
- osdep/devmapper/getroot: Have devmapper recognize LUKS2
- osdep/devmapper/getroot: Set up cheated LUKS2 cryptodisk mount from DM
  parameters
 2023-03-04 22:45:46 +00:00
Steve McIntyre
47de3eb3fa Make config_item() more robust 2023-03-04 22:19:53 +00:00
Steve McIntyre
43786f0557 Import changes for the 2.06-8.1 NMU 
Thanks for tracking this down Antoine!
 2023-03-04 22:17:35 +00:00
Steve McIntyre
a3b9f421da Prepare 2.06-8 release 2023-02-09 01:09:11 +00:00
Colin Watson
70ba87c609 Remove myself from Uploaders 
I've mostly retired from GRUB maintenance since early 2022, so I think
it would be better if I weren't listed as an uploader in bookworm.
Thanks to Steve and Julian for picking up the torch!
 2023-02-08 23:15:47 +00:00
Steve McIntyre
a892e077d3 Ignore some new ext2 flags to stay compatible with latest mke2fs 
Closes: #1030846
 2023-02-08 21:13:42 +00:00
Steve McIntyre
36f78fd054 grub-install: Don't use our grub CD EFI image for --removable 
Closes: #1026915. Thanks to Pascal Hambourg for the patch.
 2023-01-15 23:52:26 +00:00
Steve McIntyre
d6be13a9e7 Don't install fallback to removable media 
It only causes problems. Closes: #1016737
 2023-01-15 23:47:09 +00:00
Steve McIntyre
036c38093b /etc/default/grub: Fix comment about text-mode console 
Fixes #845683
 2022-12-29 20:59:36 +00:00
Steve McIntyre
44e74e2a73 postinst: be more verbose when using grub-install 
to install onto devices
 2022-12-29 13:39:36 +00:00
Steve McIntyre
9ba3bf3855 grub-mkconfig: Restore umask for the grub.cfg. CVE-2021-3981 
Apply patch from upstream,

Closes: #1001414
 2022-12-29 13:36:46 +00:00
Steve McIntyre
9df17d0bdb Include upstream patch to enable EFI zboot support on arm64 
Closes: #1026092
 2022-12-14 16:57:42 +00:00
Steve McIntyre
16895d90dd Switch build-deps from gcc-10 to gcc-12. Closes: #1022184 
Also needs backports from upstream commits to fix warnings/errors
from using gcc 12:

be8eb0eed util/mkimage: Fix dangling pointer may be used error
acffb8148 build: Fix -Werror=array-bounds array subscript 0 is outside array bounds
3ce13d974 lib/reed_solomon: Fix array subscript 0 is outside array bounds
 2022-12-11 16:47:49 +00:00
Steve McIntyre
552fb31330 Fix an issue in an f2fs security fix which caused mount failures 
Closes: #1021846. Thanks to программист некто for helping to debug the
problem!
 2022-12-11 12:09:24 +00:00
Steve McIntyre
1fd7f8c9c9 Fix error handling in grub_file_open() 
Make font fallback handling work!
 2022-12-06 03:15:39 +00:00
Steve McIntyre
28632f1776 Release version 2.06-6 2022-12-04 20:42:19 +00:00
Steve McIntyre
2c1a132e34 Switch away from git-dpm 2022-12-04 18:22:27 +00:00
Steve McIntyre
e2dc71dd03 Bump Debian SBAT level to 4 
Due to a mistake in the buster update that left the CVE-2022-2601 bugs
in place, we need to bump SBAT for all of the Debian GRUB binaries. :-(
 2022-12-04 17:08:31 +00:00