A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * 'assert'=>'ack', 'asserts'=>'known' * unset/zero => immediately refresh try * - README.md: snappy => snap * - daemon,client,overlord: progress current => done * - image: bootstrapToRootDir => setupSeed * - many: use "SNAP.APP as ALIAS" instead of => when listing * - overlord/state: prevent change ready => unready * - release,store,daemon: no more default-channel, release=>series * git: 1:2.17.1-1ubuntu0.13 => 1:2.17.1-1ubuntu0.15 * grub2-signed: 1.173.2~18.04.1+2.04-1ubuntu47.4 => 1.187.2~18.04.1+2.06-2ubuntu14 * grub2-unsigned: 2.04-1ubuntu47.4 => 2.06-2ubuntu14 * heimdal: 7.5.0+dfsg-1ubuntu0.2 => 7.5.0+dfsg-1ubuntu0.4 * krb5: 1.16-2ubuntu0.2 => 1.16-2ubuntu0.3 * linux-meta: 4.15.0.202.185 => 4.15.0.204.187 * linux-signed: 4.15.0-202.213 => 4.15.0-204.215 * openssl1.0: 1.0.2n-1ubuntu5.10 => 1.0.2n-1ubuntu5.11 * openssl: 1.1.1-1ubuntu2.1~18.04.20 => 1.1.1-1ubuntu2.1~18.04.21 * pam: 1.1.8-3.6ubuntu2.18.04.3 => 1.1.8-3.6ubuntu2.18.04.6 * python-setuptools: 39.0.1-2 => 39.0.1-2ubuntu0.1 * snapd: 2.57.5+18.04ubuntu0.1 => 2.58+18.04 * software-properties: 0.96.24.32.18 => 0.96.24.32.20 * sudo: 1.8.21p2-3ubuntu1.4 => 1.8.21p2-3ubuntu1.5 * tmux: 2.6-3ubuntu0.2 => 2.6-3ubuntu0.3 * ubuntu-advantage-tools: 27.12~18.04.1 => 27.13.3~18.04.1 * update-notifier: 3.192.1.12 => 3.192.1.18 * vim: 2:8.0.1453-1ubuntu1.9 => 2:8.0.1453-1ubuntu1.10 The following is a complete changelog for this image. new: {'linux-modules-4.15.0-204-generic': '4.15.0-204.215', 'linux-headers-4.15.0-204-generic': '4.15.0-204.215', 'linux-headers-4.15.0-204': '4.15.0-204.215'} removed: {'linux-headers-4.15.0-202': '4.15.0-202.213', 'linux-modules-4.15.0-202-generic': '4.15.0-202.213', 'linux-headers-4.15.0-202-generic': '4.15.0-202.213'} changed: ['git', 'git-man', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'krb5-locales', 'libasn1-8-heimdal:amd64', 'libgssapi-krb5-2:amd64', 'libgssapi3-heimdal:amd64', 'libhcrypto4-heimdal:amd64', 'libheimbase1-heimdal:amd64', 'libheimntlm0-heimdal:amd64', 'libhx509-5-heimdal:amd64', 'libk5crypto3:amd64', 'libkrb5-26-heimdal:amd64', 'libkrb5-3:amd64', 'libkrb5support0:amd64', 'libpam-modules-bin', 'libpam-modules:amd64', 'libpam-runtime', 'libpam0g:amd64', 'libroken18-heimdal:amd64', 'libssl1.0.0:amd64', 'libssl1.1:amd64', 'libwind0-heimdal:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-204-generic', 'linux-image-virtual', 'linux-virtual', 'openssl', 'python3-pkg-resources', 'python3-software-properties', 'snapd', 'software-properties-common', 'sudo', 'tmux', 'ubuntu-advantage-tools', 'update-notifier-common', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd'] new snaps: {} removed snaps: {} changed snaps: [] ==== git: 1:2.17.1-1ubuntu0.13 => 1:2.17.1-1ubuntu0.15 ==== ==== git git-man * SECURITY REGRESSION: Previous update was incomplete what could causes regressions - debian/patches/CVE_2022_23521_and_41903/0012-*.patch: update patch with missed parts (LP: #2003246). * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 ==== grub2-signed: 1.173.2~18.04.1+2.04-1ubuntu47.4 => 1.187.2~18.04.1+2.06-2ubuntu14 ==== ==== grub-efi-amd64-signed * Resign with 2022v1 signing key * [focal/bionic] remaining backport changes: - Bump grub2-common dependency to 2.02~beta2-36ubuntu3.33 in xenial and 2.02-2ubuntu8.25 in bionic to fix LP #1995751 * Source debconf in postinst script (LP: #1997779) * Really rebuild against grub2 2.06-2ubuntu14 (LP: #1996950) * Rebuild against grub2 2.06-2ubuntu14 (LP: #1996950) * Rebuild against grub2 2.06-2ubuntu13 (LP: #1989446) * Rebuild against grub2 2.06-2ubuntu12. * Rebuild against grub2 2.06-2ubuntu11. * No change rebuild against grub 2.06-2ubuntu10, take 2 (source-only upload) * No change rebuild against grub 2.06-2ubuntu10. * No change rebuild against grub 2.06-2ubuntu7. * No change rebuild against grub 2.06-2ubuntu6. * Fix grub version number in previous changelog entry. * No change rebuild against grub 2.06-2ubuntu5. * No change rebuild against grub 2.06-2ubuntu4. * No change rebuild against grub 2.06-2ubuntu3. * No change rebuild against grub 2.06-2ubuntu1. * No change rebuild against grub 2.04-1ubuntu48. * Actual no change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu46. * Update Vcs-Git to impish-devel. * key on grub-efi-$(DEB_HOST_ARCH) as the binary package for download-signed since grub-efi-* and grub2-common are now built from separate sources. * No chnage rebuild against grub 2.04-1ubuntu45. * Change branch name in VCS field to just $suite-devel. * Forward port debian/rules ifeq/else statement fixes from bionic&xenial. * Use debhelper-compat 9 for ease of SRUs to Bionic and earlier. LP: #1920008 * grub-efi-amd64-signed: add depends on grub2-common with support for R_X86_64_PLT32 relocations. LP: #1920008 * Rebuild against grub2 2.04-1ubuntu44. * Rebuild against grub2 2.04-1ubuntu43. * Rebuild against grub2 2.04-1ubuntu42. LP: #1915536 * Make maintainer scripts compatible with any grub2-common since precise. LP: #1915536 * Drop unused config_item function. * Only download signed binaries once. * Rebuild with correct permissions, and higher version number. * Rebuild against grub2 2.04-1ubuntu39 * Fix test directory existence race in download-signed, making FTBFS on arm64: - download-signed is run 3 times in parallel due to Makefile and download assets in a single directory. - testing the directory and then calling makedirs is not done atomically. - long term fix would be to run it once and collect/compared all signed files. * Rebuild against grub2 2.04-1ubuntu38 * Trim trailing whitespace. * Use secure copyright file specification URI. * Bump debhelper from deprecated 9 to 12. * Set debhelper-compat version in Build-Depends. * Drop unused bzr-builddeb.conf * Add postinst for the arm64 package (LP: #1914582) * Set series specific VCS field in debian/control * Rebuild against grub2 2.04-1ubuntu37 * Rebuild against grub2 2.04-1ubuntu36 * Rebuild against grub2 2.04-1ubuntu35 * Rebuild against grub2 2.04-1ubuntu33 * Rebuild against grub2 2.04-1ubuntu32 * Rebuild against grub2 2.04-1ubuntu31 * Rebuild against grub2 2.04-1ubuntu30. * Add check to compare that signed grub, matches monolithic builds, to avoid signing skew when copying grub2/grub2-signed to PPAs. * Rebuild against grub2 2.04-1ubuntu29. * Rebuild against grub2 2.04-1ubuntu28 * Rebuild against grub2 2.04-1ubuntu27 * Rebuild against grub2 2.04-1ubuntu26.2. * Rebuild against grub2 2.04-1ubuntu26.1. * Fix arm64 download, grub2 package doesn't exist on that arch, use grub2-common instead. * Support downloads from PPAs for additional signatures. LP: #1876875 * Rebuild against grub2 2.04-1ubuntu26. * Rebuild against grub2 2.04-1ubuntu25. * Fix postinst typpo. * Rebuild against grub2 2.04-1ubuntu24, enable installing to multiple ESPs (LP: #1871821) * Rebuild against grub2 2.04-1ubuntu23. * Rebuild against grub2 2.04-1ubuntu22. * Rebuild against grub2 2.04-1ubuntu21. * Rebuild against grub2 2.04-1ubuntu19. * Rebuild against grub2 2.04-1ubuntu18. * Rebuild against grub2 2.04-1ubuntu16. * Rebuild against grub2 2.04-1ubuntu15. * Rebuild against grub2 2.04-1ubuntu14. * Really rebuild against grub2 2.04-1ubuntu13 this time. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu13. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu12. * Rebuild against grub2 2.04-1ubuntu11. * Rebuild against grub2 2.04-1ubuntu10. * Rebuild against grub2 2.04-1ubuntu9. * Rebuild against grub2 2.04-1ubuntu8. * Rebuild against grub2 2.04-1ubuntu7. * Rebuild against grub2 2.04-1ubuntu6. (LP: #1845466) * Rebuild against grub2 2.04-1ubuntu5. * Rebuild against grub2 2.04-1ubuntu4. * Rebuild against grub2 2.04-1ubuntu3. * Rebuild against grub2 2.04-1ubuntu2. * Rebuild against grub2 2.04-1ubuntu1. * Rebuild against grub2 2.02+dfsg1-12ubuntu3. * Rebuild against grub2 2.02+dfsg1-12ubuntu2. * Rebuild against grub2 2.02+dfsg1-12ubuntu1. * Rebuild against grub2 2.02+dfsg1-5ubuntu11. (LP: #1814403) (LP: #1814575) * Rebuild against grub2 2.02+dfsg1-5ubuntu10. * Rebuild against grub2 2.02+dfsg1-5ubuntu9. * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1798171) * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1784363) * Rebuild against grub2 2.02+dfsg1-5ubuntu6. (LP: #1788727) * Rebuild against grub2 2.02+dfsg1-5ubuntu5. * Rebuild against grub2 2.02+dfsg1-5ubuntu4. (LP: #1792575) * Rebuild against grub2 2.02+dfsg1-5ubuntu3. (LP: #788298) * Rebuild against grub2 2.02+dfsg1-5ubuntu2. (LP: #1785033) * Rebuild against grub2 2.02+dfsg1-5ubuntu1. * Call grub-check-signatures before calling grub-install, not after, to avoid overwriting the boot loader on disk with one that will fail to load. LP: #1786491. * Rebuild against grub2 2.02-2ubuntu13. * Rebuild against grub2 2.02-2ubuntu12. (LP: #1258597) * debian/grub-efi-amd64-signed.postinst: run grub-check-signatures on update to ensure we have signed kernels installed. * Rebuild against grub2 2.02-2ubuntu11. * debian/control: add a dependency of grub-efi-amd64 | grub-pc to grub-efi-amd64-signed to make sure the grub postinst is triggered even for cases of old iso (without the fixed installer) installations with automatic download of updates enabled (LP: #1780897). * debian/control: switch the grub-efi-amd64 dependency of grub-efi-amd64-signed to grub-efi-amd64-bin. * debian/grub-efi-amd64-signed.postinst: invoke grub-install with --auto-nvram and pass the x86_64-efi target to it, making sure we always install the right target. * Rebuild against grub2 2.02-2ubuntu10. * Rebuild against grub2 2.02-2ubuntu9. * Rebuild against grub2 2.02-2ubuntu8. (LP: #1752767) * Rebuild against grub2 2.02-2ubuntu7. (LP: #1711452, #1723434) * Rebuild against grub2 2.02-2ubuntu6. (LP: #1743249) * Rebuild against grub2 2.02-2ubuntu5. (LP: #1743884) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1675453) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1708245) * Rebuild against grub2 2.02-2ubuntu2. (LP: #1734278) * Rebuild against grub2 2.02-2ubuntu1. * Rebuild against grub2 2.02~beta3-4ubuntu7. * Rebuild against grub2 2.02~beta3-4ubuntu6. * Rebuild against grub2 2.02~beta3-4ubuntu5. * Rebuild against grub2 2.02~beta3-4ubuntu4. * Rebuild against grub2 2.02~beta3-4ubuntu3. * Rebuild against grub2 2.02~beta3-4ubuntu2. (LP: #1401532) * Rebuild against grub2 2.02~beta3-4ubuntu1. * Rebuild against grub2 2.02~beta3-3ubuntu2. (LP: #1447500) * Rebuild against grub2 2.02~beta3-3ubuntu1. * Rebuild against grub2 2.02~beta3-3. * Rebuild against grub2 2.02~beta2-36ubuntu12. * Rebuild against grub2 2.02~beta2-36ubuntu11. * Rebuild against grub2 2.02~beta2-36ubuntu10. * Rebuild against grub2 2.02~beta2-36ubuntu9. * Rebuild against grub2 2.02~beta2-36ubuntu8. * Rebuild against grub2 2.02~beta2-36ubuntu7. * Rebuild against grub2 2.02~beta2-36ubuntu6. * Rebuild against grub2 2.02~beta2-36ubuntu5. * Rebuild against grub2 2.02~beta2-36ubuntu4. * Rebuild against grub2 2.02~beta2-36ubuntu3. (LP: #1559933) * Rebuild against grub2 2.02~beta2-36ubuntu2. * Rebuild against grub2 2.02~beta2-36ubuntu1. * Rebuild against grub2 2.02~beta2-36. * Rebuild against grub2 2.02~beta2-35ubuntu1. * Rebuild against grub2 2.02~beta2-35. * Rebuild against grub2 2.02~beta2-33. * Rebuild against grub2 2.02~beta2-32ubuntu1. * Rebuild against grub2 2.02~beta2-32. * Rebuild against grub2 2.02~beta2-31ubuntu1. * Rebuild against grub2 2.02~beta2-31. * Rebuild against grub2 2.02~beta2-29. * Rebuild against grub2 2.02~beta2-28. [ dann frazier ] * Add arm64 support. (LP: #1457178) [ Adam Conrad ] * Rebuild against grub-efi 2.02~beta2-26ubuntu5. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu3. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu2. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25. * Rebuild against grub-efi-amd64 2.02~beta2-23. * Rebuild against grub-efi-amd64 2.02~beta2-22ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-22. * Rebuild against grub-efi-amd64 2.02~beta2-21. * Rebuild against grub-efi-amd64 2.02~beta2-20. * Rebuild against grub-efi-amd64 2.02~beta2-19. * Rebuild against grub-efi-amd64 2.02~beta2-18. * Rebuild against grub-efi-amd64 2.02~beta2-17. * Rebuild against grub-efi-amd64 2.02~beta2-16. * Rebuild against grub-efi-amd64 2.02~beta2-15. * Rebuild against grub-efi-amd64 2.02~beta2-14. * Rebuild against grub-efi-amd64 2.02~beta2-11. * Rebuild against grub-efi-amd64 2.02~beta2-10. * Rebuild against grub-efi-amd64 2.02~beta2-9. * Rebuild against grub-efi-amd64 2.02~beta2-8. * Rebuild against grub-efi-amd64 2.02~beta2-7. * Rebuild against grub-efi-amd64 2.02~beta2-6. * Rebuild against grub-efi-amd64 2.02~beta2-5. * Rebuild against grub-efi-amd64 2.02~beta2-4. * Policy version 3.9.5: no changes required. * Rebuild against grub-efi-amd64 2.02~beta2-2. * Rebuild against grub-efi-amd64 2.00-22. * Rebuild against grub-efi-amd64 2.00-21. * Rebuild against grub-efi-amd64 2.00-20. * Rebuild against grub-efi-amd64 2.00-19ubuntu4. * Rebuild against grub-efi-amd64 2.00-19ubuntu3 LP: #1242417 * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu1. * Rebuild against grub-efi-amd64 2.00-18ubuntu4. * Add grubnetx64.efi.signed. * Rebuild against grub-efi-amd64 2.00-18ubuntu3. * Rebuild against grub-efi-amd64 2.00-18ubuntu1. * Rebuild against grub-efi-amd64 2.00-17ubuntu1. * Rebuild against grub-efi-amd64 2.00-15ubuntu2. (LP: #1184297) * Give grub-efi-amd64-signed a strict versioned dependency on the grub-efi-amd64 we're built against to force a paired migration. * Rebuild against grub-efi-amd64 2.00-15ubuntu1. * Rebuild against grub-efi-amd64 2.00-14ubuntu1. * Rebuild against grub-efi-amd64 2.00-12ubuntu1. * Recommend secureboot-db (LP: #1087843). * Rebuild against grub-efi-amd64 2.00-7ubuntu13. * Download the signed image from the correct pocket. * Rebuild against grub-efi-amd64 2.00-7ubuntu11. * Rebuild against grub-efi-amd64 2.00-7ubuntu10. * Rebuild against grub-efi-amd64 2.00-7ubuntu9. * Drop Depends back to grub-efi-amd64 (>= 2.00-7ubuntu4), which is good enough (grub-install extensions). * Build-depend on a current grub-efi-amd64-bin so that this upload can safely be accepted before grub2/amd64 binaries have published. * Rebuild against grub-efi-amd64 2.00-7ubuntu8. * Rebuild against grub-efi-amd64 2.00-7ubuntu7. * Rebuild against grub-efi-amd64 2.00-7ubuntu5. [ Colin Watson ] * Include gcdx64.efi.signed. * Depend on grub-efi-amd64 so that /etc/default/grub and /boot/grub/grub.cfg are updated. * Run grub-install on configure if appropriate. [ Steve Langasek ] * Adjust makefile so gcdx64.efi.signed actually gets included in the package, not just downloaded. * Add a Built-Using field, per policy 3.9.4. * Initial release. ==== grub2-unsigned: 2.04-1ubuntu47.4 => 2.06-2ubuntu14 ==== ==== grub-efi-amd64-bin * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts. - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch - CVE-2022-2601, CVE-2022-3775 - LP: #1996950 * Fix various issues as a result of fuzzing, static analysis and code review: - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch - add debian/patchces/font-Remove-grub_font_dup_glyph.patch - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch - add debian/patches/fbutil-Fix-integer-overflow.patch - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch * Enforce verification of fonts when secure boot is enabled: - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary - update debian/control - update debian/build-efi-image - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch * Fix LP: #1997006 - add support for performing measurements to RTMRs - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch * Fix the squashfs tests during the build - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch * Bump SBAT generation: - update debian/sbat.ubuntu.csv.in * Try to pick better locations for kernel and initrd (LP: #1989446) * x86-efi: Use bounce buffers for reading to addresses > 4GB (enhances firmware compatibility of previous change) * ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143) [ Mauricio Faria de Oliveira ] * linux_xen: Properly handle multiple initrd files (LP: #1987567) - d/p/linux_xen-Properly-load-multiple-initrd-files.patch - d/p/linux_xen-Properly-order-multiple-initrd-files.patch * Fix for ZFS snapshots without etc directory. Thanks to Adam R Bell (LP: #1965983) [ Heinrich Schuchardt ] * efi/peimage: fix typos in code comments [ dann frazier ] * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924) - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch [ Chris Coulson ] * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds write in heap. - 0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch: video/readers/png: Drop greyscale support to fix heap out-of-bounds write - CVE-2021-3695 * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during huffman table handling. - 0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch: video/readers/png: Avoid heap OOB R/W inserting huff table items - CVE-2021-3696 * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in the heap. - 0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch: video/readers/jpeg: Block int underflow -> wild pointer write - CVE-2021-3697 * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets - 0148-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment maths safely - CVE-2022-28733 * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers - 0154-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix OOB write for split http headers - CVE-2022-28734 * SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded - 0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch: kern/efi/sb: Reject non-kernel files in the shim_lock verifier - CVE-2022-28735 * SECURITY UPDATE: use-after-free in grub_cmd_chainloader() - 0130-loader-efi-chainloader-simplify-the-loader-state.patch: loader/efi/chainloader: simplify the loader state - 0131-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot: Add API to pass context to loader - 0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch: loader/efi/chainloader: Use grub_loader_set_ex - 0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch: loader/i386/efi/linux: Use grub_loader_set_ex * Various fixes as a result of fuzzing and static analysis: - 0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch: loader/efi/chainloader: grub_load_and_start_image doesn't load and start - 0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch: loader/i386/efi/linux: Fix a memory leak in the initrd command - 0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch: kern/file: Do not leak device_name on error in grub_file_open() - 0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch: video/readers/png: Abort sooner if a read operation fails - 0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch: video/readers/png: Refuse to handle multiple image headers - 0141-video-readers-png-Sanity-check-some-huffman-codes.patch: video/readers/png: Sanity check some huffman codes - 0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch: video/readers/jpeg: Abort sooner if a read operation fails - 0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch: video/readers/jpeg: Do not reallocate a given huff table - 0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch: video/readers/jpeg: Refuse to handle multiple start of streams - 0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch: normal/charset: Fix array out-of-bounds formatting unicode for display - 0147-net-netbuff-Block-overly-large-netbuff-allocs.patch: net/netbuff: Block overly large netbuff allocs - 0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch: net/dns: Fix double-free addresses on corrupt DNS response - 0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch: net/dns: Don't read past the end of the string we're checking against - 0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch: net/tftp: Prevent a UAF and double-free from a failed seek - 0152-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF - 0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch: net/http: Do not tear down socket if it's already been torn down - 0155-net-http-Error-out-on-headers-with-LF-without-CR.patch: net/http: Error out on headers with LF without CR - 0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch: fs/f2fs: Do not read past the end of nat journal entries - 0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch: fs/f2fs: Do not read past the end of nat bitmap - 0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch: fs/f2fs: Do not copy file names that are too long - 0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch: fs/btrfs: Fix several fuzz issues with invalid dir item sizing - 0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch: fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing - 0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch: fs/btrfs: Fix more fuzz issues related to chunks * Bump SBAT generation: - update debian/sbat.ubuntu.csv.in * Make the grub2/no_efi_extra_removable setting work correctly - update debian/postinst.in * Build grub2-unsigned packages with xz compression for compatibility with xenial dpkg - update debian/rules [ Steve Langasek ] * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for necessary arm relocation support. LP: #1926748. * debian/postinst.in: Unconditionally call grub-install with --force-extra-removable on xenial and bionic, so that the \EFI\BOOT removable path as used in cloud images receives the updates. LP: #1930742. [ Heinrich Schuchardt ] * Disable LOAD FILE2 protocol for initrd on ARM (LP: #1967562) [ Heinrich Schuchardt ] * efivar: check that efivarfs is writeable (LP: #1965288) [ Dimitri John Ledkov ] * Do not validate kernels twice. (LP: #1964943) [ Heinrich Schuchardt ] * efi: EFI Device Tree Fixup Protocol (LP: #1965796) * fdt: add debug output to devicetree command [ Julian Andres Klode ] * Free correct size when freeing params, rather than 16 Ki (LP: #1958623) * Build with FUSE3 (LP: #1935659) * Only run os-prober on first run and if it previously found other OS (LP: #1955109) [ Heinrich Schuchardt ] * Rename grub-core/loader/efi/linux.c * Add patches for GRUB on RISC-V * fat: fix listing the root directory * Enable building for RISC-V (LP: #1876620) [ Julian Andres Klode ] * Re-enable peimage code on other archs outside secure boot; this fixes LP: #1947046 when not booting in secure boot mode (secure boot pending security review of the code) * UBUNTU: Move verifiers after decompressors (LP: #1954683) * grub-check-signatures: Support gzip compressed kernels (LP: #1954683) * Cherry-pick the missing hunk back that changes parameter loading in grub-core/loader/i386/linux.c, this should fix booting on BIOS systems. * Fix the fallback for kernel addresses on amd64 EFI, if the kernel could not be allocated at the preferred address, reset errno such that if the 2nd allocation succeeds, we do not fail erroneously. * Restore still relevant patches lost in rebase. They got lost in a first rebase, when we did not include ubuntu-linuxefi.patch as they modify code in there. - no-devicetree-if-secure-boot.patch - 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch - 0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch - 0099-chainloader-Avoid-a-double-free-when-validation-fail.patch - 0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch * Merge from Debian unstable; remaining changes: - Build without lto - Add Ubuntu sbat data - Make prebuilt netboot image look for MAAS grub.cfg - build-efi-images: add smbios module to the prebuilt signed EFI images (LP: 1856424) - build-efi-images: do not produce -installer.efi.signed. LP: 1863994 - build-efi-images: Add http to netboot images - grub-common: Install canonical-uefi-ca.crt - Check signatures - minilzo: built using the distribution's minilzo - Support installing to multiple ESP (LP: 1871821) - Disable various bits on i386 - Split out unsigned artefacts into grub2-unsigned - Vcs-Git: Point to ubuntu packaging branch - Relax dependencies on grub-common and grub2-common - grub-pc: Avoid the possibility of breaking grub on SRU update due to ABI change - UBUNTU: Default timeout changes - Disable os-prober for ppc64el on the PowerNV platform (for Petitboot) - dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) - Link grub-efi-{amd64,arm64}-bin docs directory - grub-common.service: port init.d script to systemd unit. Add warning message, when initrdless boot fails triggering fallback. LP: 1901553 - Removed patches: - grub-install-extra-removable.patch - grub-install-removable-shim.patch - Added patches: + ubuntu-grub-install-extra-removable.patch + ubuntu-zfs-enhance-support.patch + ubuntu-zfs-gfxpayload-keep-default.patch + ubuntu-zfs-mkconfig-ubuntu-distributor.patch + ubuntu-zfs-mkconfig-signed-kernel.patch + ubuntu-zfs-maybe-quiet.patch + ubuntu-zfs-quick-boot.patch + ubuntu-zfs-gfxpayload-dynamic.patch + ubuntu-zfs-vt-handoff.patch + ubuntu-zfs-mkconfig-recovery-title.patch + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch + ubuntu-support-initrd-less-boot.patch + ubuntu-shorter-version-info.patch + ubuntu-add-initrd-less-boot-fallback.patch + ubuntu-mkconfig-leave-breadcrumbs.patch + ubuntu-fix-lzma-decompressor-objcopy.patch + ubuntu-temp-keep-auto-nvram.patch + ubuntu-add-devicetree-command-support.patch + ubuntu-boot-from-multipath-dependent-symlink.patch + ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch + ubuntu-efi-allow-loopmount-chainload.patch + 0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch + ubuntu-resilient-boot-ignore-alternative-esps.patch + ubuntu-resilient-boot-boot-order.patch + ubuntu-speed-zsys-history.patch + ubuntu-flavour-order.patch + ubuntu-dont-verify-loopback-images.patch + ubuntu-recovery-dis_ucode_ldr.patch + ubuntu-linuxefi-arm64.patch + ubuntu-add-initrd-less-boot-messages.patch + ubuntu-fix-reproducible-squashfs-test.patch + rhboot-f34-make-exit-take-a-return-code.patch + rhboot-f34-dont-use-int-for-efi-status.patch + rhboot-f34-make-pmtimer-tsc-calibration-fast.patch + suse-add-support-for-UEFI-network-protocols.patch + suse-AUDIT-0-http-boot-tracker-bug.patch + rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch + 0241-Call-hwmatch-only-on-the-grub-pc-platform.patch * Dropped changes: - Remove obsolete dependencies on dh-autoreconf and automake - Remove explicit --with systemd in debhelper invocation - Remove debian/gettext-patches; they do not seem to be necessary anymore - Remove inadvertent change to debian/signing-template.json.in, we do not use that file anyway. - Merged upstream: + merged: 0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch + merged: 0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch + merged security patches 0081-0105, and 0128-0240 + various cherry picks: cherry-* and cherrypick-*.patch + grub-install-backup-and-restore.patch + uefi-firmware-setup.patch + sleep-shift.patch + vsnprintf-upper-case-hex.patch + rhboot-f34-update-info-with-grub.cfg-netboot-selection-order.patch + suse-search-for-specific-config-files-for-netboot.patch + tftp-rollover-block-counter.patch + ubuntu-efi-console-set-text-mode-as-needed.patch - Merged in Debian: + install-efi-ubuntu-flavours.patch + ubuntu-dejavu-font-path.patch + ubuntu-tpm-unknown-error-non-fatal.patch - Not applicable: + 0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch: The check has been removed. * Fix zstd build on s390x * Cherry-pick two upstream fixes to fix closing of SNP protocol in EFI networking stack * Build with -O1 on s390x to avoid build failure due to gcc optimization failure causing it to wrongly assume variables as uninitialized. * Revert integration of jfs and f2fs modules into signed images, we do not support these file systems on /boot. * Update to minilzo-2.10, fixing build failures on armel, mips64el, mipsel, and ppc64el. * Use "command -v" in maintainer scripts rather than "which". * New upstream release. - Switch to the upstream shim_lock verifier, dropping several more manual checks for UEFI Secure Boot. * Cherry-pick from upstream: - fs/xfs: Fix unreadable filesystem with v4 superblock - tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd" (closes: #997100) * Remove dir_to_symlink maintainer script code, which was only needed for upgrades from before jessie. [ Mathieu Trudel-Lapierre ] * tpm: Pass unknown error as non-fatal, but debug print the error we got (closes: #940911, LP: #1848892). * Resync grub-install backup and restore patches from upstream, fixing problems that left the system unbootable after certain kinds of failure (closes: #983435). [ Steve McIntyre ] * Enable the shim_lock and tpm modules for i386-efi too. Ensure that tpm is included in our EFI images. * List the modules we include the EFI images - make it easier to debug things. * Add debug to display what's going on with verifiers [ Colin Watson ] * util/mkimage: Some fixes to PE binaries section size calculation (closes: #987103). * Pass --sbat when building the d-i netboot image as well. * i386-pc: build verifiers API as module (thanks, Michael Chang; closes: #984488, #985374). * Fix broken advice in message when the postinst has to bail out (thanks to Daniel Leidert for pointing out the problem). * Backport security patch series from upstream: - verifiers: Move verifiers API to kernel image - kern: Add lockdown support - kern/lockdown: Set a variable if the GRUB is locked down - efi: Lockdown the GRUB when the UEFI Secure Boot is enabled - efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list - CVE-2020-14372: acpi: Don't register the acpi command when locked down - CVE-2020-27779: mmap: Don't register cutmem and badram commands when lockdown is enforced - commands: Restrict commands that can load BIOS or DT blobs when locked down - commands/setpci: Restrict setpci command when locked down - commands/hdparm: Restrict hdparm command when locked down - gdb: Restrict GDB access when locked down - loader/xnu: Don't allow loading extension and packages when locked down - docs: Document the cutmem command - CVE-2020-25632: dl: Only allow unloading modules that are not dependencies - CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by malicious devices - mmap: Fix memory leak when iterating over mapped memory - net/net: Fix possible dereference to of a NULL pointer - net/tftp: Fix dangling memory pointer - kern/parser: Fix resource leak if argc == 0 - kern/efi: Fix memory leak on failure - kern/efi/mm: Fix possible NULL pointer dereference - gnulib/regexec: Resolve unused variable - gnulib/regcomp: Fix uninitialized token structure - gnulib/argp-help: Fix dereference of a possibly NULL state - gnulib/regexec: Fix possible null-dereference - gnulib/regcomp: Fix uninitialized re_token - io/lzopio: Resolve unnecessary self-assignment errors - zstd: Initialize seq_t structure fully - kern/partition: Check for NULL before dereferencing input string - disk/ldm: Make sure comp data is freed before exiting from make_vg() - disk/ldm: If failed then free vg variable too - disk/ldm: Fix memory leak on uninserted lv references - disk/cryptodisk: Fix potential integer overflow - hfsplus: Check that the volume name length is valid - zfs: Fix possible negative shift operation - zfs: Fix resource leaks while constructing path - zfs: Fix possible integer overflows - zfsinfo: Correct a check for error allocating memory - affs: Fix memory leaks - libgcrypt/mpi: Fix possible unintended sign extension - libgcrypt/mpi: Fix possible NULL dereference - syslinux: Fix memory leak while parsing - normal/completion: Fix leaking of memory when processing a completion - commands/hashsum: Fix a memory leak - video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info() - video/fb/fbfill: Fix potential integer overflow - video/fb/video_fb: Fix multiple integer overflows - video/fb/video_fb: Fix possible integer overflow - video/readers/jpeg: Test for an invalid next marker reference from a jpeg file - gfxmenu/gui_list: Remove code that coverity is flagging as dead - loader/bsd: Check for NULL arg up-front - loader/xnu: Fix memory leak - loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap() - loader/xnu: Check if pointer is NULL before using it - util/grub-install: Fix NULL pointer dereferences - util/grub-editenv: Fix incorrect casting of a signed value - util/glue-efi: Fix incorrect use of a possibly negative value - script/execute: Fix NULL dereference in grub_script_execute_cmdline() - commands/ls: Require device_name is not NULL before printing - script/execute: Avoid crash when using "$#" outside a function scope - CVE-2021-20225: lib/arg: Block repeated short options that require an argument - script/execute: Don't crash on a "for" loop with no items - CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix() - kern/misc: Always set *end in grub_strtoull() - video/readers/jpeg: Catch files with unsupported quantization or Huffman tables - video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() - video/readers/jpeg: Don't decode data before start of stream - term/gfxterm: Don't set up a font with glyphs that are too big - fs/fshelp: Catch impermissibly large block sizes in read helper - fs/hfsplus: Don't fetch a key beyond the end of the node - fs/hfsplus: Don't use uninitialized data on corrupt filesystems - fs/hfs: Disable under lockdown - fs/sfs: Fix over-read of root object name - fs/jfs: Do not move to leaf level if name length is negative - fs/jfs: Limit the extents that getblk() can consider - fs/jfs: Catch infinite recursion - fs/nilfs2: Reject too-large keys - fs/nilfs2: Don't search children if provided number is too large - fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() - io/gzio: Bail if gzio->tl/td is NULL - io/gzio: Add init_dynamic_block() clean up if unpacking codes fails - io/gzio: Catch missing values in huft_build() and bail - io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails - disk/lvm: Don't go beyond the end of the data we read from disk - disk/lvm: Don't blast past the end of the circular metadata buffer - disk/lvm: Bail on missing PV list - disk/lvm: Do not crash if an expected string is not found - disk/lvm: Do not overread metadata - disk/lvm: Sanitize rlocn->offset to prevent wild read - disk/lvm: Do not allow a LV to be it's own segment's node's LV - fs/btrfs: Validate the number of stripes/parities in RAID5/6 - fs/btrfs: Squash some uninitialized reads - kern/parser: Fix a memory leak - kern/parser: Introduce process_char() helper - kern/parser: Introduce terminate_arg() helper - kern/parser: Refactor grub_parser_split_cmdline() cleanup - kern/buffer: Add variable sized heap buffer - CVE-2020-27749: kern/parser: Fix a stack buffer overflow - kern/efi: Add initial stack protector implementation - util/mkimage: Remove unused code to add BSS section - util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() - util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff - util/mkimage: Unify more of the PE32 and PE32+ header set-up - util/mkimage: Reorder PE optional header fields set-up - util/mkimage: Improve data_size value calculation - util/mkimage: Refactor section setup to use a helper - util/mkimage: Add an option to import SBAT metadata into a .sbat section - grub-install-common: Add --sbat option - kern/misc: Split parse_printf_args() into format parsing and va_list handling - kern/misc: Add STRING type for internal printf() format handling - kern/misc: Add function to check printf() format against expected format - gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label - kern/mm: Fix grub_debug_calloc() compilation error * Add SBAT section (thanks, Chris Coulson). * Demote grub-common mtools dependency to Suggests, to go with xorriso; explain the situation in the package description (closes: #982313). [ Raphal Hertzog ] * Extend grub-efi to also cover arm64/ia64/arm (closes: #981819). [ Colin Watson ] * Cherry-pick from upstream: - grub-install: Fix inverted test for NLS enabled when copying locales (closes: #979754). * Fix handling of trailing commas in grub-pc/install_devices (closes: #913928). * Make grub-firmware-qemu Recommend/Enhance qemu-system-x86, not qemu (closes: #966243). * Make grub-common depend on mtools on EFI platforms, for grub-mkrescue (closes: #774910). [ Steve McIntyre ] * Switch to using the efivarfs interface for detecting "system setup" (Closes: #979299) * Cherry-pick from upstream: - mdraid1x_linux: Fix gcc10 error -Werror=array-bounds - zfs: Fix gcc10 error -Werror=zero-length-bounds * Build with GCC 10 (closes: #978515). * grub-install: Fix backup restoration on i386 (closes: #976671). [ Ian Campbell ] * Remove myself from uploaders. [ Colin Watson ] * When upgrading grub-pc noninteractively, bail out if grub-install fails. It's better to fail the upgrade than to produce a possibly-unbootable system. * Explicitly check whether the target device exists before running grub-install, since grub-install copies modules to /boot/grub/ before installing the core image, and the new modules might be incompatible with the old core image (closes: #966575). * Cherry-pick from upstream: - tftp: Roll-over block counter to prevent data packets timeouts (LP: #1892290). [ Dimitri John Ledkov ] * grub-install: Add backup and restore. * Don't call grub-install on fresh install of grub-pc. It's the job of installers to do that after a fresh install. * Backport security patch series from upstream: - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal - safemath: Add some arithmetic primitives that check for overflow - calloc: Make sure we always have an overflow-checking calloc() available - CVE-2020-14308: calloc: Use calloc() at most places - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow checking primitives where we do complex allocations - iso9660: Don't leak memory on realloc() failures - font: Do not load more than one NAME section - gfxmenu: Fix double free in load_image() - xnu: Fix double free in grub_xnu_devprop_add_property() - lzma: Make sure we don't dereference past array - term: Fix overflow on user inputs - udf: Fix memory leak - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails - tftp: Do not use priority queue - relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow - script: Remove unused fields from grub_script_function struct - CVE-2020-15706: script: Avoid a use-after-free when redefining a function during execution - relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation - hfsplus: fix two more overflows - lvm: fix two more potential data-dependent alloc overflows - emu: make grub_free(NULL) safe - efi: fix some malformed device path arithmetic errors - Fix a regression caused by "efi: fix some malformed device path arithmetic errors" - update safemath with fallback code for gcc older than 5.1 - efi: Fix use-after-free in halt/reboot path - linux loader: avoid overflow on initrd size calculation * CVE-2020-15707: linux: Fix integer overflows in initrd size handling * Apply overflow checking to allocations in Debian patches: - bootp: Fix integer overflow in parse_dhcp6_option - unix/config: Fix integer overflow in grub_util_load_config - deviceiter: Fix integer overflow in grub_util_iterate_devices [ Vincent Lefevre ] * Fix typos in /etc/grub.d/05_debian_theme. Closes: #959484 [ Fabian Greffrath ] * Change font dependency to fonts-dejavu-core. Closes: #912846 [ Colin Watson ] * Cherry-pick from upstream: - templates/20_linux_xen: Ignore xenpolicy and config files too. - templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK). [ Ian Jackson ] * 20_linux_xen: Do not load XSM policy in non-XSM options (closes: #961673). [ Christian Gttsche ] * Create grub default configuration with default SELinux context. [ Steve McIntyre ] * In the signed packages, change the version dependency on grub-common to be >= and not =. This will allow for installation in unstable to still work in the window while we wait for the template package to do its second trip through the archive. * Tweak the build-dep architecture listing for libefiboot-dev and libefivar-dev. The linux-* wildcards don't work in the way expected, and were missing out (at least) armhf and armel. Closes: #958461 [ Romain Perier ] * Add f2fs module to signed UEFI images [ Steve McIntyre ] * Add jfs module to signed UEFI images. Closes: #950959 [ Colin Watson ] * Drop mkconfig-mid-upgrade.patch; it was only needed for upgrades from GRUB 1.99 (now a long time ago) and can inappropriately hide problems when /etc/grub.d/00_header should have been updated but wasn't (closes: #953201). * Cherry-pick from upstream: - btrfs: Add support for new RAID1C34 profiles (closes: #958236). * Cherry-pick from upstream: - verifiers: Blocklist fallout cleanup (this was one cause of a build failure on hurd-i386, though may not be the only one). * Only recommend grub-efi-*-signed on the architectures where they exist. [ Thomas Gaugler ] * Add leading / to prefix of network boot image for d-i. [ Martin von Wittich ] * upgrade-from-grub-legacy: Set DPKG_MAINTSCRIPT_NAME and DPKG_MAINTSCRIPT_PACKAGE when calling grub-pc.postinst manually (closes: #943387). [ Colin Watson ] * Use policy-compliant architecture wildcards in libefiboot-dev and libefivar-dev build-dependencies. * Build with GCC 9 (closes: #944166). * Apply patch from James Clarke to fix BIOS Boot Partition support on sparc64 (closes: #931969). * Fix UEFI installation for Devuan (thanks, Ivan J.; closes: #932966). * Add probe module to signed UEFI images (closes: #936082). [ James Clarke ] * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux architectures, since they're Linux-only. [ Colin Watson ] * Use debhelper-compat instead of debian/compat. * debian/apport/source_grub2.py: - Avoid star import. - Fix flake8 errors. * Run gentpl.py with python3. * d/p/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch: Fix "error: can't find command `hwmatch'." on non-i386/pc platforms such as x86_64/efi. (LP: #1840560) * Drop grub.cfg-400.patch (LP: #1933826) * debian/grub-common.service: change type to oneshot, add wantedby sleep.target, after sleep.target. The service will now start after resume from hybernation. LP: #1929860 * grub-initrd-fallback.service: add wantedby sleep.target, after sleep.target. The service will now start after resume from hybernation. LP: #1929860 * cherrypick upstream fix to make armhf efi boot work. LP: #1788940 * debian/rules: disable LTO. LP: #1922005 * grub-initrd-fallback.service, debian/grub-common.service: only start units when booted with grub. Use presence of /boot/grub/grub.cfg as proxy. LP: #1925507 * tests: patch qemu command to use ide-hd instead of the removed ide-drive. * Unapply all patches. * Stop using git-dpm. * Start using gbp pq import|export --no-patch-numbers, this brings grub2 packaging closer to other non-debian distributions. * It would be nice to separate patches into topic subdirs - i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security, etc. * Drop redundant dh-systemd build-dependency. * Compile grub-efi-amd64 installable i386 platform on hirsute, to make it available in bionic and earlier as part of onegrub builds. * SECURITY UPDATE: acpi command allows privilleged user to load crafted ACPI tables when secure boot is enabled. - 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't register the acpi command when secure boot is enabled. - CVE-2020-14372 * SECURITY UPDATE: use-after-free in rmmod command - 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't allow rmmod to unload modules that are dependencies of other modules. - CVE-2020-25632 * SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize() - 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - CVE-2020-25647 * SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline - 0206-kern-parser-Introduce-process_char-helper.patch, 0207-kern-parser-Introduce-terminate_arg-helper.patch, 0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch, 0209-kern-buffer-Add-variable-sized-heap-buffer.patch, 0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable sized heap buffer type and use this. - CVE-2020-27749 * SECURITY UPDATE: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled. - 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch: Don't register cutmem and badram commands when secure boot is enabled. - CVE-2020-27779 * SECURITY UPDATE: heap out-of-bounds write in short form option parser. - 0173-lib-arg-Block-repeated-short-options-that-require-an.patch: Block repeated short options that require an argument. - CVE-2021-20225 * SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space required for quoting. - 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix quoting in setparams_prefix() - CVE-2021-20233 * Partially backport the lockdown framework to restrict certain features when secure boot is enabled. * Backport various fixes for Coverity defects. * Add SBAT metadata to the grub EFI binary. - Backport patches to support adding SBAT metadata with grub-mkimage: + 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch + 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch + 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch + 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch + 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch + 0217-util-mkimage-Improve-data_size-value-calculation.patch + 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch + 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - Add debian/sbat.csv.in - Update debian/build-efi-image and debian/rules [ Dimitri John Ledkov & Steve Langasek LP: #1915536 ] * Allow grub-efi-amd64|arm64 & -bin & -dbg be built by src:grub2-unsigned (potentially of a higher version number). * Add debian/rules generate-grub2-unsigned target to quickly build src:grub2-unsigned for binary-copy backports. * postinst: allow postinst to with with or without grub-multi-install binary. * postinst: allow using various grub-install options to achieve --no-extra-removable. * postinst: only call grub-check-signatures if it exists. * control: relax dependency on grub2-common, as maintainer script got fixed up to work with grub2-common/grub-common as far back as trusty. * control: allow higher version depdencies from grub-efi package. * dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as postinst script uses that directory, and yet relies on grub-common to create/ship it, which is not true in older releases. Also make sure dh_installdirs runs after the .dirs files are generated. * No-change rebuild to drop the udeb package. * Revert: rhboot-f34-tcp-add-window-scaling-support.patch, rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS LXD KVM pod deployments. LP: #1915288 * Cherrypick a bunch of patches: - fix crash in http LP: #1915288 - add bootp6 documentation - add support for UEFI boot protocols - use UEFI protocols for http & https networking - make netboot search for by-mac/by-uuid/by-ip for grub.cfg - update documentation for netboot search paths of grub.cfg * Make prebuilt netboot image look for MAAS grub.cfg * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815 [ Jean-Baptiste Lallement ] [ Didier Roche ] * Fix warnings during grub menu generation. Thanks wdoekes for the patch (LP: #1898177) - Fix warnings when bpool doesn't exist. - Fix warnings when snapshot name contains dashes. * Do not fail to generate grub menu when name of the snapshot contains spaces. (LP: #1903524) * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch to correctly initialyze the names of the modules to restore. LP: #1907085 * 10_linux: emit messages when initrdless boot is configured, attempted and fails triggering fallback. LP: #1901553 * grub-common.service: port init.d script to systemd unit. Add warning message, when initrdless boot fails triggering fallback. LP: #1901553 * debian/rules: undo po/ directory patching in override_dh_autoreconf_clean. * minilzo: built using the distribution's minilzo * ubuntu-fix-reproducible-squashfs-test.patch: fix squashfs-test with new squashfs-tools in hirsute. * rhboot-f34-make-exit-take-a-return-code.patch, rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit non-zero under EFI, this should allow falling back to the next BootOrder BootEntry. * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot transfer speed. * rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: add support for link layer addresses of up to 32-bytes. * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch: speed up calibration time, especially when booting VMs. * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels on arm64 by setting the image base address before jumping to the PE/COFF entry point LP: #1900774 * Fix tftp timeouts when fetch large files. LP: #1900773 * postinst.in, grub-multi-install: fix logic of skipping installing onto any device, if one chose to not install bootloader on any device. LP: #1896608 * Do not finalize params twice on arm64. LP: #1897819 * configure.ac: one more dejavu font search path * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core. * ubuntu-linuxefi-arm64.patch: Fix build on armhf * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch that got lost in the 2.04 rebase (LP: #1862279) * postinst.in: do not attempt to call grub-install upon fresh install of grub-pc because it it a job of installers to do that after fresh install. * grub-multi-install: fix non-interactive failures for grub-efi like it was fixed in postinst for grub-pc. * grub-install: cherry-pick patch from grub-devel to make grub-install fault tolerant. Create backup of files in /boot/grub, and restore them on failure to complete grub-install. LP: #1891680 * postinst.in: do not exit successfully when failing to show critical grub-pc/install_devices_failed and grub-pc/install_devices_empty prompts in non-interactive mode. This enables surfacing upgrade errors to the users and/or automation. LP: #1891680 * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit dpkg-reconfigure grub-pc. LP: #1892526 * Ensure that grub-multi-install can always find templates (LP: #1879948) * Fix changelog entries for security update * debian/patches/ubuntu-flavour-order.patch: - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel flavours as preferred, and specify an order between those preferred flavours (LP: #1882663) * debian/patches/ubuntu-zfs-enhance-support.patch: - Use version_find_latest for ordering kernels, so it also supports the GRUB_FLAVOUR_ORDER setting. * debian/patches/ubuntu-dont-verify-loopback-images.patch: - disk/loopback: Don't verify loopback images (LP: #1878541), Thanks to Chris Coulson for the patch * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: - Merge changes from xnox to fix multiple initrds support (LP: #1878705) * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: - Remove, no longer needed thanks to xnox's patch * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc package, since we cannot be certain that it will install to the correct disk and a grub-install failure will render the system unbootable. LP: #1889556. [ Julian Andres Klode ] * Move gettext patches out of git-dpm's way, so it does not delete them [ Chris Coulson ] * SECURITY UPDATE: Heap buffer overflow when encountering commands that cannot be tokenized to less than 8192 characters. - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make fatal lexer errors actually be fatal - CVE-2020-10713 * SECURITY UPDATE: Multiple integer overflow bugs that could result in heap buffer allocations that were too small and subsequent heap buffer overflows when handling certain filesystems, font files or PNG images. - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add arithmetic primitives that allow for overflows to be detected - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: Make sure that there is always an overflow checking implementation of calloc() available - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where appropriate - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use overflow-safe arithmetic primitives when performing allocations based on the results of operations that might overflow - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in hfsplus - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix more potential integer overflows in lvm - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 * SECURITY UPDATE: Use-after-free when executing a command that causes a currently executing function to be redefined. - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: Remove unused fields from grub_script_function - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: Avoid a use-after-free when redefining a function during execution - CVE-2020-15706 * SECURITY UPDATE: Integer overflows that could result in heap buffer allocations that were too small and subsequent heap buffer overflows during initrd loading. - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix integer overflows in initrd size handling - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix integer overflows in linuxefi grub_cmd_initrd - CVE-2020-15707 * Various fixes as a result of code review and static analysis: - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a memory leak on realloc failures when processing symbolic links - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a memory leak when processing font files with more than one NAME section - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap after it is freed in order to avoid a potential double free later on - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an out-of-bounds read in LzmaEncode - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use priority queues and fix a double free - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix various arithmetic errors with malformed device paths - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix a NULL deref in the chainloader command introduced by a previous patch - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a use-after-free in the halt and reboot commands by not freeing allocated memory in these paths - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: Avoid a double free in the chainloader command when validation fails - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: Protect grub_relocator_alloc_chunk_addr input arguments against integer overflow / underflow - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: Protect grub_relocator_alloc_chunk_align max_addr argument against integer underflow - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix grub_relocator_alloc_chunk_align top memory allocation - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: Avoid overflow on initrd size calculation [ Dimitri John Ledkov ] * SECURITY UPDATE: Grub does not enforce kernel signature validation when the shim protocol isn't present. - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: Fail kernel validation if the shim protocol isn't available - CVE-2020-15705 [ Julian Andres Klode ] * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere (LP: #1872077) * Display disk name and size in the ESP selection dialog, instead of ??? [ Sebastien Bacher ] * debian/patches/gettext, debian/patches/rules: - backport upstream patches to fix the list of translated strings, reported on the ubuntu-translators mailing list. The changes would be overwritten by autoreconf so applying from a rules override. [ Jean-Baptiste Lallement ] [ Didier Roche ] * debian/patches/ubuntu-zfs-enhance-support.patch: - fix trailing } when no advanced menu is printed - ensure we unmount all temporary snapshots path before zfs collect them out. * debian/patches/ubuntu-speed-zsys-history.patch: - Speed up navigating zsys history by reducing greatly grub.cfg file size. It used to take eg 80 seconds when loading 100 system snapshots. This is now instantaneous by using a function with parameters that the users can still easily edit. * Support installing to multiple ESPs (LP: #1871821) [ Jean-Baptiste Lallement ] [ Didier Roche ] * Performance improvements for update-grub on ZFS systems (LP: #1869885) * smbios: Add a --linux argument to apply linux modalias-like filtering * Make the linux command in EFI grub always try EFI handover; thanks to Chris Coulson for the patches (LP: #1864533) * Make ZFS menu generation depending on new zsysd binary instead of eoan zsys compatibility symlink. * build-efi-images: do not produce -installer.efi.signed. LP: #1863994 * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings (LP: #1864547) * build-efi-images: add smbios module to the prebuilt signed EFI images (LP: #1856424) * Cherry-pick fix from Colin W. in debian to build with python3. * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets cant list snapshots due to an upstream change. https://github.com/zfsonlinux/zfs/issues/9958 * Revert "Add smbios module to build-efi-images script" from previous upload, pending review see https://bugs.launchpad.net/bugs/1856424 * ubuntu-efi-allow-loopmount-chainload.patch: - Enable chainloading EFI apps from loopmounts * cherrypick-lsefisystab-define-smbios3.patch: * cherrypick-smbios-modules.patch: - Cherrypick from 2.05 module for retrieving SMBIOS information * cherrypick-lsefisystab-show-dtb.patch: - If dtb is provided by the firmware / DtbLoader driver, display it in human form, rather than just UUID * debian/patches/ubuntu-zfs-enhance-support.patch: - Handle the case where grub-probe returns several devices for a single pool (LP: #1848856). Thanks jpb for the report and the proposed patch. - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik for the patch. - Do not crash on invalid fstab and report the invalid entry. (LP: #1849347) Thanks Deltik for the patch. - When a pool fails to import, catch and display the error message and continue with other pools. Import all the pools in readonly mode so we can import other pools with unsupported features (LP: #1848399) Thanks satmandu for the investigation and the proposed patch * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown" TPM errors as non-fatal, but still write up the details as debug messages so we can further track what happens with the systems throwing those up. (LP: #1848892) * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot status in linuxefi_secure_validate(); it's unnecessary and blocking boot in chainload (like chainloading Windows) when SB is disabled. (LP: #1845289) * Move our identifier to com.ubuntu As we are not going to own org.zsys, move our identifier under com.ubuntu.zsys (LP: #1847711) * Load all kernels (even those without .efi.signed) for secure boot mode as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581) * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch: skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration. (LP: #1838525) * debian/patches/ubuntu-zfs-enhance-support.patch: - Handle case of pure zfs only snapshots giving additional "}", and as such, creating invalid grub menu. Spotted by grubzfs-testsuite autopkgtests. * debian/patches/install-signed.patch -> ubuntu-install-signed.patch: Really fix the installation of UEFI artefacts to the distributor path (we only want shim, grub, and MokManager, and shim's boot.csv there), and to the removable /EFI/BOOT path (where we want shim and fallback only). Rename the patch to ubuntu- like others that are Ubuntu-specific or otherwise modified to avoid such confusion at merge time in the future. * debian/patches/ubuntu-zfs-enhance-support.patch: Disable history entry under some conditions: - Don't show up if the system is a zsys one and zsys isn't installed (LP: #1845333) - Don't show for pure zfs systems: we identified multiple issues due to the mount generator in upstream zfs which makes it incompatible. Disable for now (LP: #1845913) * debian/patches/install-signed.patch: fix paths for MokManager/fallback; shim no longer ships these with a .signed suffix. (LP: #1845466) * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix mis-spelling of helper function in final computation of GRUB_DEVICE in multipath case. * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is multipathed there will be multiple paths to the partition, so using root=UUID= exposes the boot process to udev races. In addition grub-probe --target device / in this case reports /dev/dm-1 or similar -- better to use a symlink that depends on the multipath name. (LP: #1429327) [ Mathieu Trudel-Lapierre ] * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch into git-dpm: drop [PATCH] tag and add Patch-Name. [ Didier Roche ] * debian/patches/ubuntu-zfs-enhance-support.patch - Don't patch autoregenerated files. - rewrite generate MenuMeta implementation in shell (LP: #1834095) mawk doesn't support \s and other array features. + Change \s by their space or tab equivalent. + Rewrite the menumeta generation in pure shell, which is easier to debug, keeping globally the same algorithm + Support i18n in entry name generation. Co-authored with Jean-Baptiste. - Resplit all patches in debian/patches/*, so that we have upstreamable and non upstreamable parts separate. Also, any change in 10_linux patch will be reflected in 10_linux_zfs. - Always import pools (using force), as we don't mount them. Ensure also that we don't update the host cache, as we import all pools, and not only those attached to that system. * Add device-tree command support as installed by flash-kernel. * Merge against Debian; remaining changes: - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset from rhboot repo, flattened to a single patch. - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd boot config. - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel fails to boot without initrd, we will fallback to trying to boot the kernel with an initrd. - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI console, only set text-mode when we're actually going to need it. - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support. - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. - debian/rules: shuffle files around for now to keep build artefacts for signing at the same location as they were expected by Launchpad. - debian/rules, debian/control: enable dh-systemd. - debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. - debian/build-efi-images: add http module to NET_MODULES. * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one. * debian/patches: rename patches to use "-" as a separator rather than "_". * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu" so it's clearer which are new or changed when doing a merge. * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due to objcopy building an invalid binary padded with zeroes (LP: #1833234) * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid spacing for the initrd command when not using early initrds. * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd boot success/failure service to start later at boot time. (LP: #1823391) * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which breaks with new linuxefi patchset. * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the --auto-nvram option we previously had as a supported option in grub-install (with no effect now), to avoid breaking upgrades. "auto-nvram" is default behavior now that we use libefivar instead of calling efibootmgr. * New upstream release. * debian/upstream/signing-key.asc: Add signing key of new upstream maintainer (Daniel Kiper). [ Will Thompson ] * Fix --disable-quiet-boot. [ Steve Langasek ] * If we don't have writable grubenv and we're on EFI, always show the menu (merged from Ubuntu). [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders [ Colin Watson ] * Squash linuxefi* patches into a single patch. [ Colin Watson ] * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson). [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 * New upstream release candidate. - getroot: Save/restore CWD more reliably on Unix (closes: #918700). * Rename patches to use "-" as a separator rather than "_" (except when referring to a file, function, or command containing a "_"). * Fix format of debian/copyright. [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders [ Colin Watson ] * Fix format of debian/copyright. [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 * Apply patches from Alexander Graf to fix grub-efi-arm crash (closes: #927269): - arm: Move trampolines into code section - arm: Align section alignment with manual relocation offset code * Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work around that package shipping colliding configuration file names in stretch-backports (closes: #919915). * Apply patch from Peter Jones to forbid the "devicetree" command when Secure Boot is enabled (closes: #927888). * Make grub-efi-*-bin recommend efibootmgr. We don't actually use it any more, but it's helpful for debugging. * Fix -Wcast-align diagnostics on ARM. * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable storage changes. * Drop now-unnecessary dependencies on efibootmgr. * Make signed packages depend on a matching version of grub-common, in an attempt to prevent incorrect testing migrations (closes: #924814). * Cherry-pick from upstream: - xfs: Accept filesystem with sparse inodes (closes: #924760). * Minimise writes to EFI variable storage (closes: #891434). * Add regexp module to signed UEFI images. * debian/signing-template.json.in: Use new extendable format. [ Debconf translations ] * [nb] Norwegian Bokml (Petter Reinholdtsen; closes: #924326). * debian/patches/zfs_enhance_support.patch: Enhance ZFS grub support: - Support multiple zfs systems (grouped by machine-id) - Group zfs snapshots and clones with latest dataset for a given installation. - Support "history" entry with one time boot, recovery mode and consecutive reboots. - Pin kernel to particular snapshot, trying to reboot with the exact same kernel and initrd. - Disable in 10_linux zfs support if 10_linux_zfs is installed so that we don't end up with the same installation multiple times. * debian/patches/*: - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs. Work done with Jean-Baptiste. * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console, only set text-mode when we're actually going to need it. * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630) * Merge against Debian unstable; remaining changes (LP: #564853): - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - Secure Boot support: use newer patchset from rhboot repo: - many linuxefi_* patches added and modified - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot - debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize structs in bootpath parser. - debian/rules: shuffle files around for now to keep build artefacts for signing at the same location as they were expected by Launchpad. - debian/rules, debian/control: enable dh-systemd. - debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. - debian/patches/quick-boot-lvm.patch: If we don't have writable grubenv and we're on EFI, always show the menu. - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7. - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload. - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less capabilities. If a kernel fails to boot without initrd, we will fallback to trying to boot the kernel with an initrd. Patch by Chris Glass. - debian/patches/grub-reboot-warn.patch: Warn when "for the next boot only" promise cannot be kept. * Refreshed patches and fixed up attribution to the right authors after merge with Debian. * debian/patches/linuxefi_missing_include.patch, debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional small fixes to casts, format strings, includes and Makefile to make sure the newer linuxefi patches apply and build properly. [ Colin Watson ] * Remove code to migrate grub-pc/install_devices to persistent device names under /dev/disk/by-id/. This migration happened in 1.98+20100702-1, which was in squeeze (four stable releases ago), so we no longer need to carry around this complex code. * Preserve previous answer to grub-pc/install_devices if we have to ask grub-pc/install_devices_disks_changed and the user chooses not to install to any devices, so that we can recover from temporary bugs that cause /dev/disk/by-id/ paths to change (closes: #919029). * debian/signing-template.json.in: Add trusted_certs key (empty, since GRUB has no hardcoded list of trusted certificates). * util: Detect more I/O errors (closes: #922741). [ Leif Lindholm ] * arm64/efi: Fix grub_efi_get_ram_base(). [ Steve McIntyre ] * grub-install: Check for arm-efi as a default target (closes: #922104). [ James Clarke ] * osdep/freebsd: Fix partition calculation for EBR entries (closes: #923253). [ Colin Watson ] * Apply patches from Alexander Graf to set arm64-efi code offset to EFI_PAGE_SIZE (closes: #919012, LP: #1812317). * Upgrade to debhelper v10. * Set Rules-Requires-Root: no. * Add help and ls modules to signed UEFI images (closes: #919955). * Fix application of answers from dpkg-reconfigure to /etc/default/grub (based loosely on a patch by Steve Langasek, for which thanks; closes: #921702). [ Steve McIntyre ] * Make grub-efi-amd64-signed recommend shim-signed (closes: #919067). [ Jeroen Dekkers ] * Initialize keyboard in at_keyboard module init if keyboard is ready (closes: #741464). [ John Paul Adrian Glaubitz ] * Include a.out header in assembly of sparc64 boot loader (closes: #921249). [ Herv Werner ] * Fix setup on Secure Boot systems where cryptodisk is in use (closes: #917117). [ Debconf translations ] * [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018). * Apply patch from Heinrich Schuchardt (mentioned in #916695 though unrelated): - grub-core/loader/efi/fdt.c: do not copy random memory * Add luks modules to signed UEFI images (pointed out by Alex Griffin and Herv Werner; closes: #908162, LP: #1565950). * Keep track of the previous version of /usr/share/grub/default/grub and set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf can't figure this out for itself since we apply debconf-based customisations on top of the template configuration file (closes: #812574, LP: #564853). * Backport Xen PVH guest support from upstream (closes: #776450). Thanks to Hans van Kranenburg for testing. [ Colin Watson ] * Sync Maintainer/Uploaders in debian/signing-template/control.in with the main packaging. * Tell reportbug to submit bug reports against unsigned packages rather than generated signed packages. * Update Homepage, debian/copyright Source, and debian/watch to use HTTPS. * Move bash completions to /usr/share/bash-completion/completions/grub and add appropriate symlinks (closes: #912852). * Build with GCC 8 (closes: #915735). [ Leif Lindholm ] * Apply patch series (mostly) from upstream to switch the arm loader over to use the arm64 loader code and improve arm/arm64 initrd handling (closes: #907596, #909420, #915091). [ Matthew Garrett ] * Don't enforce Shim signature validation if Secure Boot is disabled. * Revise grub--bin and grub- package descriptions to try to explain better how they fit together and which one should be used (based loosely on work by Justin B Rye, for which thanks; closes: #630224). * Skip flaky grub_cmd_set_date test (closes: #906470). * Work around bug in obsolete init-select package: add Conflicts/Replaces from grub-common, and take over /etc/default/grub.d/init-select.cfg with a no-op stub (thanks to Guillem Jover for the suggestion; closes: #863801). * Build-depend on dosfstools and mtools on non-Linux variants of i386/amd64/arm64 as well, to match debian/rules. * Cherry-pick from upstream: - i386/linux: Add support for ext_lfb_base (LP: #1785033). * Don't source /etc/default/grub.d/*.cfg in config maintainer scripts, since otherwise we incorrectly merge settings from there into /etc/default/grub (closes: #872637, LP: #1797894). * Add xfs module to signed UEFI images (closes: #911147, LP: #1652822). * Cope with / being on a ZFS root dataset (closes: #886178). [ Debconf translations ] * [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964). * Move kernel maintainer script snippets into grub2-common (thanks, Bastian Blank; closes: #910959). * Add cryptodisk and gcry_* modules to signed UEFI images (closes: #908162, LP: #1565950). * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Only build *-signed packages on their native architecture for now, since otherwise we end up with clashing source packages (closes: #906596). * Refer to source packages in Built-Using, not binary packages (closes: #907483). [ Mathieu Trudel-Lapierre ] * debian/grub-check-signatures: properly account for DB showing as empty on some broken firmwares: Guard against mokutil --export --db failing, and do a better job at finding the DER certs for conversion to PEM format. (LP: #1814575) [ Steve Langasek ] * debian/patches/quick-boot-lvm.patch: checking the return value of 'lsefi' when the command doesn't exist does not do what's expected, so instead check the value of $grub_platform which is simpler anyway. LP: #1814403. * debian/grub-check-signatures: check kernel signatures against keys known in firmware, in case a kernel is signed but not using a key that will pass validation, such as when using kernels coming from a PPA. (LP: #1789918) [ Steve Langasek ] * debian/patches/quick-boot-lvm.patch: If we don't have writable grubenv and we're on EFI, always show the menu. Closes LP: #1800722. [ Mathieu Trudel-Lapierre ] * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to the EFI removable path to avoid boot failures after install when certs need to be enrolled and the system's firmware is confused. (LP: #1798171) [ Steve Langasek ] * debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. [ Mathieu Trudel-Lapierre ] * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT, to avoid unnecessary delay at boot time. (LP: #1784363) [ Steve Langasek ] * debian/grub-check-signatures: Handle the case where we have unsigned vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727) [ Mathieu Trudel-Lapierre ] * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7. [ Steve Langasek ] * debian/rules, debian/control: enable dh-systemd. * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less capabilities. If a kernel fails to boot without initrd, grub will fallback to trying to boot the kernel with an initrd. Patch by Chris Glass. * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload. (LP: #1792575) * debian/patches/grub-reboot-warn.patch: Warn when "for the next boot only" promise cannot be kept. (LP: #788298) * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for ext_lfb_base. (LP: #1785033) [ Mathieu Trudel-Lapierre] * Merge against Debian unstable; remaining changes: - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - Secure Boot support: use newer patchset from rhboot repo: - many linuxefi_* patches added and modified - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) - debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. (LP: #1723434) - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. (LP: #1711452) - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. (LP: #1743249) * util/grub-install.c: Drop extra handling for x.efi.signed files for mok and fallback binaries: shim now installs them without the .signed extension. (LP: #1708245) - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and the casting they do on some architectures: we don't want to fail build because of some of the warnings that can show up since we otherwise build with -Werror. * debian/rules: shuffle files around for now to keep putting build artefacts for signing at the same location as they were expected by Launchpad. [ Julian Andres Klode ] * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859) [ Colin Watson ] * Change Maintainer to pkg-grub-devel@alioth-lists.debian.net, following Alioth lists migration. * Backport from upstream: - Use grub-file to figure out whether multiboot2 should be used for Xen.gz (closes: #898947). - x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32. * Fix some test failures: - Disable sercon in SeaBIOS. - Fix qemu options for UHCI test. [ Philipp Hahn ] * Disallow unsigned kernels if UEFI Secure Boot is enabled (patch by Linn Crosetto ) * Add patch to fix lockdown mode (patch by Luca Boccassi ) * Build monolithic EFI binaries for signing (closes: #851994) * Add template for signing monolithic EFI binaries * debian/build-efi-images: Use correct EFI vendor (closes: #769172) [ Luca Boccassi ] * template packages: install changelog and copyright * Override lintian error about template rules file * Add XB-Efi-Vendor metadata to efi-*-bin packages * Adjust restore_mkdevicemap.patch to fix format-overflow warning with GCC 7 (the overflow was in fact impossible in practice, but GCC couldn't prove that). * Cherry-pick upstream patch to disable -Wformat-truncation on GCC >= 7 in printf_unit_test. * Build with GCC 7 (closes: #892397). * sparc64: Don't use devspec to determine the OBP path (closes: #854568). * ieee1275: Fix crash in of_path_of_nvme when of_path is empty (closes: #891773). * sparc64: Limit nvme of_path_of_nvme to just SPARC. * Build-depend on libparted-dev on powerpc and ppc64 (closes: #891070). * Add support for modern sparc64 hardware (thanks, Eric Snowberg via John Paul Adrian Glaubitz; closes: #854568). * Build without PIE on sparc and sparc64 (thanks, John Paul Adrian Glaubitz; closes: #891733). * Switch to tracking debian/grub-extras/ using "git subtree" rather than submodules. * Update debian/README.source for Salsa migration. * Use pkg-config to find FreeType (closes: #887721). * Change various binary packages' priorities to optional, since "Priority: extra" is now deprecated. * Repack upstream tarball without grub-core/lib/libgcrypt*/cipher/crc.c, and provide a replacement implementation backported from more recent versions of libgcrypt (closes: #745409). * Cherry-pick upstream patch to avoid -Werror=unused-value build failure (closes: #890431). * Handle the case where udevadm exists but is non-functional, as warned about by Lintian 2.5.75. * Use current location for upstream signing key (debian/upstream/signing-key.asc). * Update upstream signing key to a non-expired version. * Install bootinfo.txt and grub.chrp in grub-ieee1275-bin for ppc64, and install and use prep-bootdev on powerpc and ppc64 as well as ppc64el (thanks, John Paul Adrian Glaubitz; closes: #881730). * Cherry-pick upstream patch to change the default TSC calibration method to pmtimer on EFI systems (closes: #883193). * Move VCS to salsa.debian.org. * Consistently create /boot/grub in the postinst of all grub- packages (closes: #884883). [ Debconf translations ] * [sq] Albanian (Silva Arapi; closes: #874497). * debian/patches/tests_update_for_new_qemu.patch: update qemu options to remove deprecated options that fail tests. * debian/patches: fix up busted patches due to git-dpm: - debian/patches/add-an-auto-nvram-option-to-grub-install.patch - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as R_X86_64_PC32. Make R_X86_64_PLT32 supported. * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) * Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the grub-shell test helper, disable seabios's serial console through fw_cfg runtime configuration as its boot output interferes with testing. (LP: #1775249) * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can lead to flickering between graphical and text mode when traversing the menu. (LP: #1752767) * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS with flex 2.6.4. [ Julian Andres Klode ] * debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. (LP: #1723434) [ Mathieu Trudel-Lapierre ] * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. (LP: #1711452) [ Steve Langasek ] * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. (LP: #1743249) * debian/patches/mkconfig_keep_native_term_active.patch: Keep the default EFI console active while enabling gfxterm. (LP: #1743884) * debian/patches/vt_handoff.patch: modify the existing patch to set vt.handoff=1 instead of vt.handoff=7 as we now start display managers on vt1 anyway. This also fixes issues with netboot installed server systems not displaying the login prompt on boot. (LP: #1675453) * util/grub-install.c: Drop extra handling for x.efi.signed files for mok and fallback binaries: shim now installs them without the .signed extension. (LP: #1708245) * debian/control: Breaks shim (<< 13). * Cherry-pick upstream patch to change the default TSC calibration method to pmtimer on EFI systems (LP: #1734278) * debian/control: Update Vcs fields for code location on Ubuntu. * Merge with Debian; remaining changes: - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. * Sync Secure Boot support patches with the upstream patch set from rhboot/grub2:master-sb. Renamed some patches and updated descriptions for the whole thing to make more sense, too: - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/linuxefi.patch - debian/patches/linuxefi_debug.patch - debian/patches/linuxefi_non_sb_fallback.patch - debian/patches/linuxefi_add_sb_to_efi_chainload.patch - debian/patches/linuxefi_cleanup_errors_in_loader.patch - debian/patches/linuxefi_fix_efi_validation_race.patch - debian/patches/linuxefi_handle_multiarch_boot.patch - debian/patches/linuxefi_honor_sb_mode.patch - debian/patches/linuxefi_move_fdt_helper.patch - debian/patches/linuxefi_load_arm_with_sb.patch - debian/patches/linuxefi_minor_cleanups.patch - debian/patches/linuxefi_re-enable_linux_cmd.patch - debian/patches/linuxefi_rework_linux16_cmd.patch - debian/patches/linuxefi_rework_linux_cmd.patch - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch - debian/patches/linuxefi_rework_pe_loading.patch - debian/patches/linuxefi_use_dev_chainloader_target.patch * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and the casting they do on some architectures: we don't want to fail build because of some of the warnings that can show up since we otherwise build with -Werror. * Comment out debian/watch lines for betas and pre-releases for now. * Cherry-pick upstream patch to allow mounting ext2/3/4 file systems that have the 'encrypt' feature enabled (closes: #840204). * New upstream release. - xen: Fix wrong register in relocator (closes: #799480). * Resolve symlinks for supported init paths as well as for /sbin/init (thanks, Felipe Sateler; closes: #842315). [ Debconf translations ] * [sr] Serbian (Karolina Kalic; closes: #691288). * [sr@latin] Serbian Latin (Karolina Kalic; closes: #691289). * [pt] Portuguese (Rui Branco - DebianPT; closes: #864171). [ Steve McIntyre ] * Make grub-install check for errors from efibootmgr (closes: #853234). There are probably still underlying issues in other similar reported bugs, but they're more effectively tracked elsewhere (e.g. efibootmgr) at this point (closes: #756253, #852513). [ Debconf translations ] * [ug] Uyghur (Abduqadir Abliz). * [es] Spanish (Manuel "Venturi" Porras Peralta; closes: #852977). * debian/patches/headers_for_device_macros.patch, debian/patches/fix_check_for_sys_macros.patch: make sure the right device macro header is included and that the deprecation warning is dealt with. LP: #1722955. * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to mount an EXT4 partition that has the 'encrypt' feature enabled (closes: 840204) * debian/patches/linuxefi.patch: fix double-free caused by an extra grub_free() call in this patch (which the previous upload didn't change). * debian/patches/linuxefi_rework_non-sb_cases.patch, debian/patches/linuxefi_non_sb_fallback.patch: refreshed. * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream SB patch set: - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its chainloader. - linuxefi_fix_validation_race.patch: Fix a race in validating images. - linuxefi_chainloader_path.patch: honor the starting path for grub, so images do not need to be started from $root. - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use when Secure Boot is enabled. - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all loaders: don't load the commands when Secure Boot is enabled. - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and initrd commands to automatically hand-off to linuxefi/initrdefi; re- enable the linux loader. - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading "special" PE images, such as Windows'. - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is disabled or shim validation is disabled so loading works as EFI binaries when it is supposed to. - Removed linuxefi_require_shim.patch; superseded by the above. * debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) * debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) * Merge with Debian; remaining changes: - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) [ Colin Watson ] * Drop build-dependency on libxen-dev, unnecessary now that upstream has taken a copy of the necessary public headers. * Ensure that build-efi-images has a suitable PATH for running mkfs.msdos (thanks, Luca Boccassi; closes: #852001). [ dann frazier ] * Add grub2/update_nvram template to allow users to disable NVRAM updates during package upgrades (LP: #1642298). [ Debconf translations ] * [ro] Romanian (Andrei POPESCU). * [kk] Kazakh (Baurzhan Muftakhidinov). * [lt] Lithuanian (Rimas Kudelis). * [th] Thai (Theppitak Karoonboonyanan). * [sl] Slovenian (Vanja Cvelbar). * [pl] Polish (ukasz Dulny). * [eu] Basque (Iaki Larraaga Murgoitio; closes: #851981). * [bg] Bulgarian (Damyan Ivanov; closes: #852024). * [de] German (Helge Kreutzmann; closes: #852027). * [vi] Vietnamese (Trn Ngc Qun). * [ko] Korean (Changwoo Ryu; closes: #852061). * [ru] Russian (Yuri Kozlov; closes: #852064). * [tr] Turkish (Mert Dirik). * [it] Italian (Luca Monducci; closes: #852073). * [cs] Czech (Miroslav Kure; closes: #852189). * [be] Belarusian (Viktar Siarheichyk; closes: #852286). * [eo] Esperanto (Felipe Castro). * [uk] Ukrainian (Yatsenko Alexandr). * [pt_BR] Brazilian Portuguese (Adriano Rafael Gomes; closes: #852325). * [hr] Croatian (Tomislav Krznar). * [ca] Catalan (Innocent De Marchi; closes: #852331). * [fr] French (Baptiste Jammet; closes: #852341). * [da] Danish (Joe Hansen; closes: #852349). * [nl] Dutch (Frans Spiesschaert; closes: #852403). [ Chad MILLER ] * Signal to zpool that it should emit full names of constituent devices (closes: #824974, LP: #1527727). [ Mathieu Trudel-Lapierre ] * Fix support for IPv6 PXE booting under UEFI (LP: #1229458): - misc-fix-invalid-char-strtol.patch: fix strto*l methods invalid chars. - net_read_bracketed_ipv6_addr.patch: read bracketed IPv6 addresses. - bootp_new_net_bootp6_command.patch: add new bootp6 commands. - efinet_uefi_ipv6_pxe_support.patch: teach efinet to allow bootp6. - bootp_process_dhcpack_http_boot.patch: process DHCPACK, support HTTP. - efinet_set_network_from_uefi_devpath.patch: configure network from the devpath provided by the UEFI firmware. - efinet_set_dns_from_uefi_proto.patch: set DNS nameservers and search domains from the UEFI protocol. * debian/patches/install_signed.patch: update patch for the new names of the EFI binaries from shim. * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) due to the renamed binaries in the new shim. * debian/postinst.in: call on to update-secureboot-policy on configure to make sure users can disable shim validation if necessary. * debian/build-efi-images: add loopback and squash4 modules to the signed EFI images. * debian/watch: Switch URL scheme to HTTP. * Fix operator precedence in GRUB_DEVICE UUID tests (closes: #841680, #841741). [ Colin Watson ] * New upstream beta release. * syslinux_test: Fix out-of-tree build handling. * Drop "grub-shell: Pass -no-pad to xorriso when building floppy images". The floppy images built by grub-shell are no longer over the floppy limit, and this patch now itself causes fddboot_test failures. * Build with GCC 6 (closes: #835964). * linuxefi.patch: Adjust for libgcc removal. * Apply openSUSE patch to accept empty modules for now so that Xen builds work. [ Debconf translations ] * [ja] Japanese (Takuma Yamada; closes: #815203, #817084). [ Martin Pitt ] * debian/grub-common.init: Don't source /lib/init/vars.sh, we don't depend on initscripts (and don't want to). There is no reason why we would not use the LSB log_action_msg in non-verbose (default) mode, most other packages use it unconditionally (closes: #824875, LP: #1584134). [ Steve Beattie ] * debian/rules: Disable PIE builds for GRUB modules (closes: #837493). [ Colin Watson ] * Use HTTPS for Vcs-Git URL. * Add zfs, zfscrypt, and zfsinfo to signed EFI images (LP: #1542358). [ Martin Pitt ] * debian/postinst.in, debian/kernel/zz-update-grub: Call systemd-detect-virt (which works under any init system, despite the name) instead of the Ubuntu specific running-in-container wrapper. (LP: #1539016) * Apply the arm64 -mpc-relative-literal-loads workaround in configure rather than in debian/rules, to cope with toolchains that don't have the relevant patch applied. [ Colin Watson ] * Remove duplicate Replaces on grub-ieee1275 (<< 2.00-4) from grub2-common. * Refer to /usr/share/common-licenses/GPL-3 rather than /usr/share/common-licenses/GPL. * Cherry-pick upstream patches to add more ACPI opcodes to acpihalt (closes: #766853, LP: #1530648). * Drop build-dependency on libusb-dev, since it was currently unused in any case; also explicitly configure with --disable-grub-emu-usb to avoid possible future ambiguity (closes: #810421). * Use dpkg-maintscript-helper to convert directories to symlinks in various upgrade cases, in place of hand-coded equivalents. * Change versioned Conflicts from grub-common and grub2-common into Breaks or Breaks+Replaces as appropriate. * Remove pragmas related to -Wunreachable-code (closes: #812047). * Temporarily work around arm64 build failure with gcc-5 >= 5.3.1-4 using -mpc-relative-literal-loads. * Backport various ZFS improvements from trunk (closes: #706415, #772797; LP: #1451476, #1530457). [ Didier Roche ] * Use new plymouth theme path to set grub theme configuration. [ Mathieu Trudel-Lapierre ] * Cherry-picks to better handle TFTP timeouts on some arches: (LP: #1521612) - (7b386b7) efidisk: move device path helpers in core for efinet - (c52ae40) efinet: skip virtual IP devices when enumerating cards - (f348aee) efinet: enable hardware filters when opening interface [ Lee Trager ] * Add raid5rec and raid6rec to signed EFI images (closes: #807385). [ Colin Watson ] * CVE-2015-8370: Fix authentication bypass via backspace integer underflow (closes: #808122). [ Mathieu Trudel-Lapierre ] * Cherry-pick patch to add SAS disks to the device list from the ofdisk module. (LP: #1517586) [ dann frazier ] * Cherry-pick patch to open Simple Network Protocol exclusively. (LP: #1508893) [ Linn Crosetto ] * Install arm64 signed images if UEFI Secure Boot is enabled (closes: #806178). * Cherry-pick upstream patch to fix XFS alignment treatment. * Cherry-pick upstream patch to fix XFS handling of symlink with crc-enabled filesystem. [ dann frazier ] * arm64/setjmp: Add missing license macro. (LP: #1459871) [ Colin Watson ] * Cherry-pick upstream patches for XFS v5 support (closes: #772565). [ Linn Crosetto ] * Clean up docs, mpi, and other files (closes: #798607). [ dann frazier ] * progress: avoid NULL dereference for net files. (LP: #1459872) * Reduce the CFLAGS -O3 default on Ubuntu ppc64el to -O2; it introduces various -Werror failures and isn't worth it here. [ Felix Zielcke ] * Remove Robert Millan from Uploaders with his permission. Thanks for all the work he did for GRUB 2! * Stop forcing gcc-4.9 for building. * Update to Policy 3.9.6. * Update the Browser URL for our git repository. * Use dpkg-buildflags at least for the host binaries. * Simplify Build-Depends. [ Colin Watson ] * Go back to forcing a particular compiler version, but this time gcc-5. The reason for this is that new compiler versions often make slight changes to the size of compiled code which break delicate parts of GRUB, and we want to make sure that we test newer versions before switching to them. * Make builds that are not limited to architecture-dependent packages (i.e. dpkg-buildpackage -b) work on non-x86 architectures (closes: #744954). [ Mathieu Trudel-Lapierre ] * debian/build-efi-images: Look for grub.cfg in $cmdpath too in gcdx64.efi, to simplify embedded scenarios: putting a grub.cfg snippet that loads the right "real" grub.cfg can be useful. (LP: #1468111) * debian/patches/uefi_firmware_setup.patch: Take into account that the UEFI variable OsIndicationsSupported is a bit field, and as such should be compared as hex values in 30_uefi-firmware.in. (LP: #1456911) * Update quick boot logic to handle abstractions for which there is no write support. (LP: #1274320) [ dann frazier ] * d/p/arm64-set-correct-length-of-device-path-end-entry.patch: Fixes booting arm64 kernels on certain UEFI implementations. (LP: #1476882) [ Debconf translations ] * [lv] Latvian (Rudolfs Mazurs; closes: #777648). [ William Grant ] * Fix linuxefi module to be included on x86_64-efi rather than amd64-efi. amd64-efi isn't a thing. (LP: #1464959) [ Steven Chamberlain ] * Recognise Xen xbd and KVM virtio disks on kFreeBSD (closes: #786621). * Build-depend on dosfstools and mtools on arm64 as well as amd64. [ Mathieu Trudel-Lapierre ] * Fix handling of --disk-module option (cherry-pick from fa335308). (Closes: #746596, LP: #1309735) * Fix double-free of LV names for mdraid (cherry-pick from fc535b32). (LP: #1330963) [ dann frazier ] * Build image tarball on arm64 * Only include linuxefi module in images for amd64. This module doesn't exist on other platforms like arm64, where GRUB chainloads to the kernel EFI stub. [ Paulo Flabiano Smorigo ] * powerpc: Add a flag to avoid unnecessary optimizations (like vsx) (LP: #1459706). [ Debconf translations ] * [da] Danish (Joe Dalton; closes: #781333). [ Felix Zielcke ] * Run the tests with LC_MESSAGES=C.UTF-8. Some tests fail with non english locale. (Closes: #782580) [ Mathieu Trudel-Lapierre ] * Backport from upstream: - arp, icmp: Fix handling in case of oversized or invalid packets. (LP: #1428005) [ Robie Basak ] * Change the default GRUB_RECORDFAIL_TIMEOUT to 30, so interactive users still get the opporunity to intervene after a real boot failure, but headless users will not end up stuck after boot failures that were really power failures (closes: #782552, LP: #1443735). * Make grub-common's Suggests on grub-emu architecture-specific, to quieten debcheck. * Remove unnecessary feature test macros from hostfs, to fix building with glibc 2.20. * Backport from upstream: - Fix UEFI boot failure with some firmware that returns incorrect paths (closes: #735960). [ Mathieu Trudel-Lapierre ] * Fix overlap check in check_blocklists for load_env (backported patch from upstream commit 1f6af2a9; LP: #1311247). [ Steve McIntyre ] * Add support for running a 64-bit Linux kernel on a 32-bit EFI (closes: #775202). [ Colin Watson ] * Use mtmsr rather than mtmsrd in ppc64el-disable-vsx.patch, since the "VSX Available" bit is in the lower half of the MSR anyway, and mtmsrd faults on 32-bit systems (closes: #776400). [ Colin Watson ] * Generate alternative init entries in advanced menu (closes: #757298, #773173). * When configuring grub-pc, copy unicode.pf2 to /boot/grub/ even if /boot/grub/grub.cfg does not exist yet; this matches the behaviour of grub-efi-* (thanks, Luca Capello; closes: #617196). [ Debconf translations ] * [fi] Finnish (Timo Jyrinki; closes: #774060). * [mr] Marathi (sampada nakhare; closes: #773901). [ Steve McIntyre ] * Handle case insensitivity of VFAT filesystem on /boot/EFI when installing extra cpoy of grub-efi to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI (Closes: #773092) * Make the force_efi_extra_removable debconf prompt only show up when configuring grub-*efi*. Closes: #773004 [ Ian Campbell ] * Improvements to English wording of new debconf template from Justin B Rye. * Add debian/README.source. [ Debconf translations ] * [eu] Basque (Iaki Larraaga Murgoitio, Closes: #772946) * [be] Belarusian (Viktar Siarheichyk, Closes: #773054) * [pt_BR] Brazilian Portuguese (Adriano Rafael Gomes, Closes: #773682) * [bg] Bulgarian (Damyan Ivanov, Closes: #772878) * [cs] Czech (Miroslav Kure, Closes: #772924) * [nl] Dutch (Frans Spiesschaert, Closes: 773637) * [eo] Esperanto (Felipe Castro, Closes: #773096) * [fi] Finnish (Timo Jyrinki, Closes: #772921) * [fr] French (Christian PERRIER, Closes: #772771) * [de] German (Martin Eberhard Schauer, Closes: #773664) * [el] Greek (Panagiotis Georgakopoulos, Closes: #773068) * [he] Hebrew (Omer Zak, Closes: #773377) * [is] Icelandic (Sveinn Felli, Closes: #772922) * [it] Italian (Luca Monducci, Closes: #773553) * [kk] Kazakh (Baurzhan Muftakhidinov, Closes: #772916) * [lt] Lithuanian (Rimas Kudelis, Closes: #773060) * [pl] Polish (ukasz Dulny, Closes: #772930) * [ro] Romanian (Andrei POPESCU, Closes: #773349) * [ru] Russian (Yuri Kozlov, Closes: #773211) * [sl] Slovenian (Vanja Cvelbar, Closes: #773508) * [es] Spanish (Manuel "Venturi" Porras Peralta, Closes: #773222) * [sv] Swedish (Martin Bagge & Anders Jonsson, Closes: 773208) * [th] Thai (Theppitak Karoonboonyanan, Closes: #773160) * [zh_TW] Traditional Chinese (Vincent W. Chen, Closes: #773418) * [tr] Turkish (Mert Dirik, Closes: #773666) [ Steve McIntyre ] * Add support for forcing an extra copy of grub-efi to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI (#767037) [ Ian Campbell ] * Add myself to Uploaders. [ Colin Watson ] * Fix up some pointer-to-integer casts in linuxefi so that it can build on i386-efi. * Backport from upstream: - Fix typo (gettext_print instead of gettext_printf) (LP: #1390766). [ Ian Campbell ] * Correct syntax error in grub-xen-host bootstrap configuration file. * Log failure when grub-install fails in postinst, rather than failing the entire postinst. (Closes: #770412) * Arrange to insmod xzio and lzopio when booting a kernel as a Xen guest. (Closes: #755256) [ Ian Campbell ] * Provide prebuilt grub-xen binaries for host use in a new grub-xen-host package. * Build/Install binaries into /boot/xen when installing grub-xen. * Disable nvram installation again on chrp_ibm machines that are emulated by qemu; that doesn't have nvram devices so the nvram utility inevitably fails. * On architectures without a real GRUB port, just build the utilities. This makes tools such as grub-probe and grub-fstest available everywhere, and makes grub-mount available on all Linux and kFreeBSD architectures. * Remove .MIPS.abiflags section from images (thanks, Jurica Stanojkovic, although I used a slightly simpler approach; closes: #762307). * Include a text attribute reset in the clear command for ppc (LP: #1295255). * Disable VSX instruction on powerpc startup to fix booting on ppc64el. * Stop adding a CHRP note on chrp_ibm machines, since that apparently breaks PowerVM and isn't needed on other machine types as far as we can tell (LP: #1334793). * Refactor flicker-free-boot configuration in debian/rules to reduce duplication. * Disable flicker-free-boot on Ubuntu ppc64el for now, as it isn't needed there and causes too many problems (LP: #1338471). * Use nvram rather than nvsetenv on chrp_ibm machines, since that tool is better-supported and copes with such things as nvram being missing in qemu. * Remove brace-expansion from the postrm, and switch the preinst and postrm to /bin/sh (closes: #762940). * On ppc64el, look for a PReP partition and install the core image to the first one if found. For now this is done by borrowing prep-bootdev.c from grub-installer, incurring a dependency on libparted. * Drop gcc-4.9-multilib build-dependency on ppc64el again. [ Colin Watson ] * Point Vcs-* fields back at master. * Support grub-emu on x32 (closes: #760428). * Adjust packaging for x32: - Build-depend on cpio on x32 as well. - Make grub-efi-ia32-bin and grub-efi-amd64-bin depend on efibootmgr on any Linux architecture for which they are built (in practice, adding x32). - Build grub-mount-udeb on x32 as well. - Add Lintian binary-from-other-architecture overrides where appropriate. * Apply patches from Paulo Flabiano Smorigo to allow building a 32-bit big-endian loader on ppc64el using -m32 -mbig-endian, replacing the cross-compiler hack. [ Ian Campbell ] * Add dependency on efibootmgr to grub-efi-{arm,arm64}-bin. * Force grub-pc/mixed_legacy_and_grub2 to be reshown, rather than failing when it was already seen (closes: #749571). * Build with GCC 4.9 (closes: #748003). * Build for sparc64 (closes: #753784). * Fix an infinite loop in grub-mkconfig when kernel paths contain regex metacharacters. Thanks to Heimo Stranner for the report. * On upgrade, if we find that one of the install devices no longer exists, ask the debconf question at priority critical rather than high. [ Colin Watson ] * Add the true module to the signed image, since 05_debian_theme uses it. Thanks to Dimitri John Ledkov for the report. * Limit test suite parallelisation to 1; the test suite seems to have some isolation problems at higher levels at the moment (closes: #746856). * Simplify override_dh_install a bit. * Backport patches from upstream to make the network stack more responsive on busy networks (LP: #1314134). [ Dimitri John Ledkov ] * Add support for nvme device in grub-mkdevicemap (closes: #746396, LP: #1275162). [ Debconf translations ] * Korean (Changwoo Ryu, closes: #745559). * Backport from upstream: - Tolerate devices with no filesystem UUID returned by os-prober (LP: #1287436). [ Colin Watson ] * Backport from upstream: - ieee1275: check for IBM pseries emulated machine. - Fix partmap, cryptodisk, and abstraction handling in grub-mkconfig (closes: #735935). - btrfs: fix get_root key comparison failures due to endianness. * Build-depend on automake (>= 1.10.1) to ensure that it meets configure's requirements (LP: #1299041). * When installing an image for use with UEFI Secure Boot, generate a load.cfg even if there are no device abstractions in use (LP: #1298399). [ Jon Severinsson ] * Add Tanglu support, as in Debian except: - Enable splash screen by default (as Ubuntu) - Enable quiet and quick boot (as Ubuntu) - Enable the grub-common init script (as Ubuntu) - Enable dynamic gfxpayload (as Ubuntu) - Enable vt handover (as Ubuntu) - Use monochromatic theme by default (as Ubuntu) - Use Tanglu GRUB wallpaper by default. * Fix shift-held-down test not to clear other modifier key states (LP: #843804). * Explicitly pass an appropriate --target to grub-install in the postinst (suggested by Jordan Uggla). * Backport from upstream: - Use bootaa64.efi instead of bootaarch64.efi on arm64 to comply with EFI specification. Also use grubaa64.efi for consistency. * Install bootinfo.txt and grub.chrp into grub-ieee1275-bin on powerpc and ppc64el. * Port yaboot logic to improve installation for various powerpc machine types. * Improve parsing of /etc/default/grub.d/*.cfg in C utilities (LP: #1273694). * Run grub-install on install or upgrade on grub-ieee1275/ppc64el. * Add a number of EFI debugging commands to the signed image (lsefi, lsefimmap, lsefisystab, lssal). * Add gfxterm_background to the signed image so that background_image works in UEFI Secure Boot mode. Thanks to syscon-hh for the report. * Remove redundant build-dependencies on autoconf and automake, covered by dh-autoreconf. * In --enable-quick-boot mode, restore previous behaviour of using a hidden timeout if GRUB_HIDDEN_TIMEOUT=0 (thanks to Sebastien Bacher for the report). * Disable cpio test on kFreeBSD again for now; it fails within cpio itself with "field width not sufficient for storing rdev minor". * Copy shim.efi.signed to the correct path in UEFI Secure Boot mode. Thanks to syscon-hh for the report. * Pass VERBOSE=1 when running tests so that Automake will print test logs on failure. * Adjust Vcs-* fields to indicate the experimental branch. * Build-depend on cpio on architectures where we run the test suite, for tests/cpio_test.in. * Ignore EPERM when modifying kern.geom.debugflags on FreeBSD, fixing tests. * Convert patch handling to git-dpm. * Add bi-endian support to ELF parser (Tomohiro B Berry). * Adjust restore_mkdevicemap.patch to mark get_kfreebsd_version as static, to appease "gcc -Werror=missing-prototypes". * Cherry-pick from upstream: - Change grub-macbless' manual page section to 8. * Install grub-glue-efi, grub-macbless, grub-render-label, and grub-syslinux2cfg. * grub-shell: Pass -no-pad to xorriso when building floppy images. * New upstream beta release. * Drop qemu-utils build-dependency; the test suite no longer uses qemu-img. * Build grub-common, grub2-common, grub-themes-starfield, and grub-mount on ARM and ARM64 architectures. * Install grub-mkrescue in grub-common on all architectures. * Make grub-efi-ia32, grub-efi-amd64, and grub-efi-ia64 conflict with elilo. * Adjust the postinst of grub-efi-ia64, grub-efi-arm, and grub-efi-arm64 to keep the EFI System Partition up to date with grub-install after it has been run once, like grub-efi-ia32 and grub-efi-amd64 already do. * Regularise indentation of "recordfail" in /etc/grub.d/10_linux. * Add alpha.gnu.org to debian/watch, for pre-releases. * Add OpenPGP signature checking configuration to watch file. * Drop mkconfig_skip_dmcrypt.patch; it breaks GRUB_ENABLE_CRYPTODISK=y, which is a better fix for the original problem (closes: #732245). * Fix mismerge of mkconfig_loopback.patch. * Build for ppc64el, using a powerpc cross-compiler at least for now. * Don't run gettext_strings_test; this test is mainly useful as an upstream maintenance check. * Silence warning if /usr/share/locale-langpack does not exist (closes: #732595). * Remove debian/grub-common.preinst, superseded by .maintscript files. * Install grub-file in grub-common. * Fix crash due to pointer confusion in grub-mkdevicemap, introduced while converting away from nested functions in 2.00+20131208-1. * New upstream snapshot. - Skip issuing cursor on/off sequences on Macs (closes: #683068). - Move grub-mknetdir to /usr/bin (closes: #688799). - Apply program name transformations at build-time rather than at run-time (closes: #696465). - Add info documentation for grub-mount (closes: #666427). - Clean up dangling references to grub-setup (LP: #1082045). - Avoid installing to sectors matching the signature of an Acer registration utility with several sightings in the wild (LP: #987022). - Document the need for GRUB_DEFAULT=saved in grub-set-default(8) (LP: #1102925). - Fix missing PVs if they don't contain an "interesting" LV (probably closes: #650724, #707613). - Reimplement grub-reboot to not depend on saved_entry (closes: #707695, LP: #704406). - Fix Ctrl-u handling to copy the killed characters to the kill buffer as UCS4 stored as grub_uint32_t rather than as 8-bit characters stored as char (closes: #710076). - Fix inconsistent use of GRUB_CRYPTODISK_ENABLE and GRUB_ENABLE_CRYPTODISK (LP: #1232237). - Support GRUB_DISABLE_SUBMENU configuration, and document submenu usage in grub-reboot(8) (closes: #690538). - Don't decompress initrd when booting with Xen (closes: #700197). - Document how to delete the whole environment block (closes: #726265). - Revamp hidden timeout handling by adding a new timeout_style environment variable and a corresponding GRUB_TIMEOUT_STYLE configuration key for grub-mkconfig. This controls hidden-timeout handling more simply than the previous arrangements, and pressing any hotkeys associated with menu entries during the hidden timeout will now boot the corresponding menu entry immediately (LP: #1178618). As part of merging this, radically simplify the mess that quick_boot.patch had made of /etc/grub.d/30_os-prober; if it finds other OSes it can now just set timeout_style=menu and make sure the timeout is non-zero. - On Linux, read partition start offsets from sysfs if possible (LP: #1237519). - New ports to arm-uboot, arm-efi, arm64-efi, i386-xen, and x86_64-xen. * Add grub-uboot*, grub-efi-arm*, and grub-xen* binary packages. * Ignore functional test failures for now as they are broken. * Move working directories around (build/ -> obj/, build/stamps -> debian/stamps) so that "debian/rules build" still works after working directories have been created. * Drop "grub-mkrescue --diet" option; never merged upstream and only matters for floppies. Please let me know if you were using this. Explicitly use -no-pad to build grub-rescue-floppy.img, which has an equivalent effect on size. * Break lupin-support (<< 0.55) due to the rewrite of grub-install in C. * Remove build-dependency on autogen, no longer needed. * Compress GRUB files on grub-rescue-floppy.img using xz. * Build-depend on wamerican, newly required by the test suite. * Run tests with LC_CTYPE=C.UTF-8, so that grub-fs-tester can handle UTF-8 data correctly. * Update debian/legacy/update-grub to the version from grub 0.97-67. * Silence error message on initial installation when /etc/default/grub does not yet exist. * Add GRUB_RECOVERY_TITLE option, to allow the controversial "recovery mode" text to be customised (LP: #1240360). * Backport from upstream: - Sort gnumach kernels in version order (closes: #725451). * Move packaging to git, following upstream. Adjust Vcs-* fields. * Remove obsolete DM-Upload-Allowed field. * Merge (completely!) from Ubuntu: - Handle probing striped DM-RAID devices (thanks, Robert Collins; LP: #803658). - Unconditionally create grub.cfg on our EFI boot partition in Secure Boot mode; GRUB always needs some configuration in this case to find /boot/grub, since we can't modify the signed image at install time (Steve Langasek, LP: #1236625). - If MokManager is present on the host system, copy it onto the EFI boot partition for use (Steve Langasek). - Adjust UEFI installation to cope with Kubuntu setting GRUB_DISTRIBUTOR (LP: #1242417). - If building for Ubuntu: + Bypass menu unless other OSes are installed or Shift is pressed. + Show the boot menu if the previous boot failed. + Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported on the current hardware. + Set vt.handoff=7 for smooth handoff to kernel graphical mode. + In recovery mode, add nomodeset to the Linux kernel arguments, and remove the 'set gfxpayload=keep' command. + Set default timeout to 10 seconds. + Enable hidden timeout support by default. - Migrate timeout settings from menu.lst. - Probe FusionIO devices (LP: #1237519). * Make grub.cfg world-unreadable if even hashed passwords are in use (closes: #632598). [ Colin Watson ] * Merge from Ubuntu: - debian/build-efi-images: Where possible, make use of the device path derived from the EFI Loaded Image Protocol to compute the prefix (LP: #1097570). - debian/build-efi-images: Add a netboot image target to our set of prebuilt EFI images (thanks, Steve Langasek). * Backport from upstream: - Handle partitions on non-512B EFI disks (LP: #1065281). [ Phillip Susi ] * restore_mkdevicemap.patch: Fix dmraid uuid check to look for "DMRAID-" anywhere instead of only at the start, since kpartx prefixes it with "partN-" (LP: #1183915). * Add gettext module to signed UEFI images (LP: #1104627). * Put the preprocessor definition for quiet-boot in the right place so that it actually takes effect. * Really include patches to reduce visual clutter in normal mode when building for Ubuntu. * Make reportbug script file robust against su authentication failures and missing LVM commands. * Backport from upstream: - Move @itemize after @subsection to satisfy texinfo-5.1. - grub-mkconfig: Fix detection of Emacs autosave files. - Fix spurious failure on Xen partition devices without disk devices (closes: #708614). * Merge from Ubuntu: - Treat Kubuntu as an alias for Ubuntu in GRUB_DISTRIBUTOR (Harald Sitter). - Make any EFI system boot into the shim (if installed) even if SecureBoot is disabled (Stphane Graber). - Allow Shift to interrupt 'sleep --interruptible'. - If building for Ubuntu: + Reduce visual clutter in normal mode. + Remove verbose messages printed before reading configuration. + Suppress kernel/initrd progress messages, except in recovery mode. + Suppress "GRUB loading" message unless Shift is held down. - Skip Windows os-prober entries on Wubi systems. * Consolidate debian/rules logic for when to build signed images. [ Colin Watson ] * Install reportbug presubj and script files in all binary packages. * Make grub-yeeloong.postinst explicitly install with --target=mipsel-loongson (closes: #708204). * Make grub-script-check fail on scripts containing no commands (closes: #713886). * Make the description of grub-firmware-qemu a little more generic, rather than assuming that bochsbios provides qemu's default BIOS image (closes: #714277). * Don't assume that the presence of /etc/default/grub or /etc/default/grub.d/*.cfg means that any particular item is set in it (LP: #1199731). [ Debconf translations ] * Hungarian (Dr. Nagy Elemr Kroly). * Merge from Ubuntu: - Don't call update-grub in the zz-update-grub kernel hook if /boot/grub/grub.cfg doesn't exist. - acpihalt: expand parser to handle SSDTs and some more opcodes. Fixes test suite hang with current seabios. * Remove kernel-specific grub.d conffiles that were dropped from packages built for all but their corresponding kernel type in 1.96+20090307-1 (closes: #703539). * Look for grub-bios-setup in /usr/lib/grub/i386-pc/ as well (closes: #705636). * Merge 1.99-27.1 (thanks, Steve McIntyre): - Add entries for Windows Boot Manager found via UEFI in os-prober (closes: #698914). * Backport from upstream: - Fix booting FreeBSD >= 9.1 amd64 kernels (closes: #699002). * Merge from Ubuntu: - Stop using the /usr/share/images/desktop-base/desktop-grub.png alternative as the fallback background if GRUB_DISTRIBUTOR is "Ubuntu". - source_grub2.py: Use attach_default_grub from apport's hookutils. - Output a menu entry for firmware setup on UEFI FastBoot systems. - Set a monochromatic theme and an appropriate background for Ubuntu. - Remove "GNU/Linux" from default distributor string for Ubuntu. - Apply Ubuntu GRUB Legacy changes to legacy update-grub script. - Apply patch from Fedora to add a "linuxefi" loader which boots kernels with EFI handover patches, avoiding ExitBootServices. - Temporarily make linuxefi refuse to validate kernels in the absence of a shim, until we get some other details worked out. - Automatically call linuxefi from linux if secure boot is enabled and the kernel is signed, to hand over to the kernel without calling ExitBootServices. Otherwise, linux will fall through to previous code, call ExitBootServices itself, and boot the kernel normally. - Generate configuration for signed UEFI kernels if available. - On Ubuntu amd64, add a raw-uefi custom upload tarball for signing. - Install signed images if available and UEFI Secure Boot is enabled. - Add "splash" to default boot options on Ubuntu. * Silence output from running-in-container. * Also skip update-grub when running in a container (LP: #1060404). [ Adam Conrad ] * debian/{postinst,config}.in: Don't fail if /etc/default/grub.d configuration snippets exist, but /etc/default/grub does not. [ Colin Watson ] * Merge wheezy branch up to 1.99-27, fixing overzealous removal of load_video call when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789). * Merge from Ubuntu: - If the postinst is running in a container, skip grub-install and all its associated questions (LP: #1060404). - Fix backslash-escaping in merge_debconf_into_conf (LP: #448413). Note that this differs slightly from the fix in Ubuntu, which corrected behaviour when amending an existing configuration item but accidentally over-escaped when adding a new one. - Replace "single" with "recovery" when friendly-recovery is installed (LP: #575469). - Adjust versions of grub-doc and grub-legacy-doc conflicts to tolerate Ubuntu's backport of the grub-doc split (LP: #493968). * Support parallel builds. * Remove /boot/grub/unicode.pf2 on purge of grub-efi-{amd64,i386} (closes: #697183). * Build with GCC 4.7. * Merge from Ubuntu: - Don't permit loading modules on UEFI Secure Boot (since in such a setup the GRUB core image must be signed but it has no provision for verifying module signatures). - Read /etc/default/grub.d/*.cfg after /etc/default/grub (LP: #901600). - Blacklist 1440x900x32 from VBE preferred mode handling until a better solution is available (LP: #701111). * Ensure /boot/grub exists before copying files to it for EFI installs (closes: #696962). * debian/apport/source_grub2.py: - Use context managers to avoid (harmless) file descriptor leaks. - Set a file encoding, per PEP 0263. * Drop grub-ieee1275-bin's dependency on bc in favour of powerpc-ibm-utils (>= 1.2.12-1) (cf. #625728). * Move powerpc-ibm-utils and powerpc-utils dependencies from grub-ieee1275-bin to grub-ieee1275 (closes: #693400). * Merge from Ubuntu: - Ignore symlink traversal failures in grub-mount readdir (LP: #1051306). - Fix incorrect initrd minimum address calculation (LP: #1055686). - Avoid assuming that gets is declared. * Copy unicode.pf2 to /boot/grub/ for EFI installs so that it is more likely to be readable by GRUB (closes: #661789). * Backport from upstream: - Fix stderr leakage from grub-probe in is_path_readable_by_grub. - Fix tftp endianness problem. * Merge from Ubuntu: - Prefer translations from language packs (LP: #537998). (No-op for Debian, but harmless.) - Avoid getting confused by inaccessible loop device backing paths (LP: #938724). [ Colin Watson ] * Adjust package descriptions to talk about update-grub, not update-grub2. * Backport from upstream: - Fix grub-emu build on FreeBSD. * Revert gcc-4.6-multilib build-dependency change from 2.00-1, since kfreebsd-i386 and hurd-i386 don't have gcc-4.6-multilib. Instead, make sure to only install efiemu32.o and efiemu64.o on (linux-)i386, kopensolaris-i386, and any-amd64. * Manually expand @PACKAGE@ symbols in grub-efi.postinst (closes: #688725), grub-linuxbios.postinst (closes: #688726), and grub2.postinst (closes: #688724). [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). [ Cyril Brulebois ] * Use xz compression for all binaries to save up some space on CD images (closes: #688773). * Backport from upstream: - Remove extra layer of escaping from grub_probe. - Add efifwsetup module to reboot into firmware setup menu. - Revert incorrect off-by-one fix when embedding in MBR (LP: #1051154). * Switch watch file to point to ftp.gnu.org. * Build-depend on liblzma-dev, enabling 'grub-mkimage -C xz'. * Adjust /etc/grub.d/30_os-prober to detect Ubuntu's use of "recovery" rather than "single". * Fix platform postinsts to handle new core.img location. * Only fix up powerpc key repeat on IEEE1275 machines. Fixes powerpc-emu compilation. * Move grub-install to grub2-common, since it's now common across platforms but clashes with grub-legacy. * Move grub-mknetdir to grub-common, since it's now common across platforms. * Make grub-install fall back to i386-pc if booted using EFI but the relevant *-efi target is not available (because only grub-pc is installed). * Use dh-autoreconf. * Bail out if trying to run grub-mkconfig during upgrade to 2.00 (e.g. while configuring a kernel image), since the old /etc/grub.d/00_header conffile breaks until such time as grub-common is configured. * Add -Wno-error=unused-result to HOST_CFLAGS for the moment, since at least grub-core/lib/crypto.c fails to compile on Ubuntu otherwise. * Update default/grub.md5sum to include Ubuntu maverick's default md5sum. * Autogenerate packaging files for grub-emu, in order that its postinst does not contain unexpanded @PACKAGE@ symbols. * Only try to install efiemu*.o into grub-emu on *-i386. [ Jordi Mallach, Colin Watson ] * New upstream release. - Add LUKS and GELI encrypted disk support (closes: #463107). - Lazy scanning to avoid accessing devices which aren't really used. This avoids boot delay due to slow device scanning (closes: #549905, #550015, #550083, #564252, #595059, #632408). - Don't override more informative errors when loading kernel/initrd (closes: #551630). - Support 4K-sector NTFS (closes: #567728). - Unify grub-mkrescue interface on powerpc with that on other architectures (closes: #570119). - Fix infinite recursion in gettext when translation fails (closes: #611537, #612454, #616487, #619618, #626853, #643608). - Add more missing quotes to grub-mkconfig (closes: #612417). - Import gnulib change to fix argp_help segfault with help filter (closes: #612692). - Support %1$d syntax in grub_printf (closes: #630647). - Use write-combining MTRR to speed up video with buggy BIOSes (closes: #630926). - Remove multiboot header from PXE images to avoid confusing ipxe (closes: #635877). - Fix crash when attempting to install to a non-BIOS disk (closes: #637208). - Fix handling of grub-mkrescue --xorriso= option (closes: #646788). - Use umask rather than chmod to create grub.cfg.new to avoid insecure grub.cfg (closes: #654599). - Improve font installation logic (closes: #654645). - Add grub-probe info documentation (closes: #666031). - Don't crash on canonicalize_file_name failure in grub-probe (closes: #677211). [ Colin Watson ] * Adjust debian/watch to point to xz-compressed tarballs. * debian/grub.d/05_debian_theme: Source grub-mkconfig_lib from /usr/share/grub, not the /usr/lib/grub compatibility link. * Convert to source format 3.0 (quilt). Developers, note that patches are stored applied in bzr; you may want to 'quilt pop -a' / 'quilt push -a' around merges. * Remove pointless debian/grub-mount-udeb.install.hurd-i386; grub-mount-udeb is not built on the Hurd. * Refactor debian/grub-common.install.hurd-i386 into .in files so that it imposes less of a maintenance burden. * Restore grub-mkdevicemap for now. While it's kind of a mess, requiring lots of OS-specific code to iterate over all possible devices, we use it in a number of scripts to discover devices and reimplementing those in terms of something else would be very complicated. * Add grub-efi-ia64-bin and grub-efi-ia64 packages. These are currently experimental, and grub-efi-ia64 does not automatically run grub-install. * Build-depend on gcc-4.6-multilib on kfreebsd-i386 and hurd-i386 as well as the other i386 architectures, since we need it to build efiemu32.o and efiemu64.o. * Add per-platform *-dbg packages containing files needed to use GRUB's GDB stub. These are relatively large and thus worth splitting out. * Build-depend on ttf-dejavu-core for the starfield theme. * Add a grub-theme-starfield package containing the starfield theme. * Backport from upstream: - Don't decrease efi_mmap_size (LP: #1046429). * grub-common Suggests: console-setup for grub-kbdcomp (closes: #686815). * Silence error messages when translations are unavailable. * Don't pass *.module to dpkg-shlibdeps, avoiding lots of build-time warnings. * Move transitional package to Section: oldlibs. * Acknowledge NMU (closes: #676609). [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). * NMU * Add entries for Windows Boot Manager found via UEFI in os-prober. Closes: #698914 before the Wheezy release. * Amend gfxpayload_keep_default.patch to no longer remove the call to load_video when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789). * Remove /boot/grub/unicode.pf2 on purge of grub-efi-{amd64,i386} (closes: #697183). * Ensure /boot/grub exists before copying files to it for EFI installs (closes: #696962). * Acknowledge NMU with thanks. * Fix namespace of EFI boot failure patch file added in NMU. * Copy unicode.pf2 to /boot/grub/ for EFI installs so that it is more likely to be readable by GRUB (closes: #661789). * Fix infinite recursion in gettext when translation fails (closes: #611537, #612454, #616487, #619618, #626853, #643608). * Fix grammar in Finnish translation (closes: #687681). * Non-maintainer upload. * Apply Ubuntu patch fixing some EFI boot failures (closes: #687320) - Thanks to Colin Watson. [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). [ Cyril Brulebois ] * Use xz compression for all binaries to save up some space on CD images (closes: #688773). [ Colin Watson ] * Autogenerate packaging files for grub-emu (closes: #688727), in order that its postinst does not contain unexpanded @PACKAGE@ symbols. * Manually expand @PACKAGE@ symbols in grub-efi.postinst (closes: #688725), grub-linuxbios.postinst (closes: #688726), and grub2.postinst (closes: #688724). * Non-maintainer upload. * Apply upstream patches for hurd-i386: - Test inode number (Closes: #634799). - Disable zfs code on GNU/Hurd (Closes: #670069). - Add userland partition support (Closes: #670186). * Fix packages build without libfuse (Closes: #670189). [ Debconf translations ] * Khmer added (Khoem Sokhem) * Slovenian (Vanja Cvelbar). Closes: #670616 * Traditional Chinese (Vincent Chen). * Vietnamese (Hai Lang). * Marathi (Sampada Nakhare) * Finnish (Timo Jyrinki). Closes: #673976 * Latvian (Rdolfs Mazurs). Closes: #674697 [ Colin Watson ] * Make apport hook compatible with Python 3. * Add upstream r3476 (fix memory leak in grub_disk_read_small) to 4k_sectors.patch, otherwise the larger disk cache due to efi_disk_cache.patch can cause EFI systems to run out of memory. * Backport from upstream: - Fix hook calling for unaligned segments (closes: #666992, LP: #972250). * Backport kFreeBSD support from upstream to 4k_sectors.patch. [ Colin Watson ] * Add grub-probe to grub-mount-udeb (LP: #963471). * Backport from upstream: - Restore CFLAGS after efiemu check (closes: #665772). - Include __ctzdi2 and __ctzsi2 from libgcc if present (closes: #665993). - Support non-512B sectors and agglomerate reads. [ Debconf translations ] * Croatian (Tomislav Krznar). [ Colin Watson ] * Ensure that /sbin and /usr/sbin are in $PATH when running tests (closes: #662916). * mkconfig_loopback.patch: Use different GRUB loop devices for different OS loop devices (thanks, bcbc; LP: #888281). * Backport from upstream: - Add support for LZO compression in btrfs (LP: #727535). - Fix efiemu configure check. [ Ilya Yanok ] * Backport from upstream: - Make FAT UUID uppercase to match Linux (LP: #948716). [ Debconf translations ] * Norwegian Bokml (Hans Fredrik Nordhaug). * Gujarati (Kartik Mistry). Closes: #663542 * efi_disk_cache.patch: Fix incorrect GRUB_DISK_CACHE_BITS (LP: #944347). * Backport from upstream: - Build with -fno-asynchronous-unwind-tables to save space (closes: #662787). [ Adam Conrad ] * grub.cfg_400.patch: Redirect grep stdout to /dev/null since grub-mkconfig is "exec > grub.cfg.new", which causes grep's input and output to be the same FD (LP: #934269) (closes: #652972) * efi_disk_cache.patch: Bump the disk cache on EFI systems to dramatically reduce load times for vmlinux/initrd (LP: #944347) [ Colin Watson ] * no_libzfs.patch: Use xasprintf rather than asprintf. * Backport from upstream: - Rewrite XFS btree parsing; fixes invalid BMAP (closes: #657776). - Handle newer autotools, and add some missing quotes in the process. (Note that this moves grub-mkconfig_lib and update-grub_lib to /usr/share/grub; I added links in /usr/lib/grub for compatibility.) - Fix incorrect identifiers in bash-completion (closes: #661415). - Add support for GRUB_CMDLINE_GNUMACH (closes: #660493). * Build with GCC 4.6 (closes: #654727). [ Debconf translations ] * Dutch (Jeroen Schot). Closes: #651275 * Bulgarian (Damyan Ivanov). Closes: #653356 * Icelandic (Sveinn Felli). * Ukrainian (Yatsenko Alexandr). Closes: #654294 * Italian (Luca Monducci). Closes: #654304 * Thai (Theppitak Karoonboonyanan). Closes: #656551 * Uyghur (Abduqadir Abliz) * Indonesian (Mahyuddin Susanto). Closes: #656705 * Hebrew (Omer Zak). Closes: #656852 * Turkish (Atila KO). Closes: #656907 * Polish (Micha Kuach). Closes: #657265 * Asturian (Mikel Gonzlez). * Dzongkha (Dawa Pemo) * Tamil (Dr.T.Vasudevan). * Belarusian (Viktar Siarhiejczyk). Closes: #662615 * Rewrite no_libzfs.patch using a different approach. (Closes: #648539) [ Debconf translations ] * Portuguese (Miguel Figueiredo). Closes: #641226 * German (Martin Eberhard Schauer). Closes: #641630 * Sinhala (Danishka Navin). Closes: #644080 * Uyghur (Gheyret Tohti). Closes: #627011 [ Robert Millan ] * LVM support for GNU/kFreeBSD. - kfreebsd_lvm.patch * Cherry-pick several ZFS updates from upstream Bazaar. - zfs_update.patch * Build without libzfs. [ Robert Millan ] * Fix grub-probe detection for LSI MegaRAID SAS devices on kFreeBSD. - kfreebsd_mfi_devices.patch [ Colin Watson ] * Backport from upstream: - Canonicalise the path argument to grub-probe (closes: #637768). - Skip */README* as well as README* (LP: #537123). * Backport from upstream: - Honour GRUB_CMDLINE_LINUX_XEN_REPLACE and GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT, which replace GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT (complementing the existing options which append; closes: #617538). * Mark la_array as packed. - zfs_packed_la_array.patch [ Colin Watson ] * Adjust apport hook to attach /boot/grub/device.map if it exists. * Fix regression in gfxterm background_color handling. * Improve detection of invalid shell syntax in apport hook. [ Debconf translations ] * Esperanto (Felipe E. F. de Castro). Closes: #632157 * Slovak (Slavko). [ Robert Millan ] * Enable grub-mount on kfreebsd-any. * Build grub-mount-udeb on kfreebsd-i386 and kfreebsd-amd64. [ Robert Millan ] * Avoid buggy versions of libgeom-dev (see #630107). Closes: #630197 * Fix grub-probe detection for ATA devices using `ata' driver on kFreeBSD 9. - kfreebsd-9_ada_devices.patch [ Colin Watson ] * Update ntldr-img from grub-extras: - Handle ext3 inode sizes other than 128. [ Debconf translations ] * Kazakh (Baurzhan Muftakhidinov). Closes: #630915 [ Debconf translations ] * Basque (Iaki Larraaga Murgoitio). Closes: #628716 * Swedish (Martin Bagge / brother). Closes: #628866 * Czech (Miroslav Kure). Closes: #628978 * Brazilian Portuguese (Flamarion Jorge). Closes: #629135 * Spanish (Francisco Javier Cuadrado). Closes: #629633 [ Colin Watson ] * Cope with btrfs / inside an encrypted block device (thanks, alexeagar; LP: #757631). * Merge from Ubuntu: - Give up scanning partitions after ten consecutive open failures (LP: #787461). [ Colin Watson ] * Update Vcs-* fields for Alioth changes. * Backport from upstream, removing the need for Breaks: udev (<< 168-1): - Don't stat devices unless we have to. [ Debconf translations ] * Catalan (Jordi Mallach). * Farsi (Behrad Eslamifar). Closes: #628648 [ Colin Watson ] * Change grub2/linux_cmdline and grub2/kfreebsd_cmdline descriptions to indicate that the command line is allowed to be empty, since this is a common source of confusion (thanks, Jordan Uggla). * On non-Ubuntu-derived systems, add Breaks: udev (<< 168-1) to grub-common, for the sake of (some?) users without initrds (closes: #627587). [ Debconf translations ] * French (Christian Perrier) * Russian (Yuri Kozlov). Closes: #628196 * Simplified Chinese (YunQiang Su). Closes: #628210 * Japanese (Hideki Yamane). Closes: #628382 * Danish (Joe Hansen). Closes: #628427 * Make grub--bin packages depend on grub-common rather than grub2-common, and add grub2-common dependencies to grub-. This ensures that grub--bin packages are coinstallable with grub-legacy, making it easier to use them as build-dependencies. * Stop trying to install the non-existent grub-ofpathname(8) on sparc for now. It will exist in the next upstream snapshot. * Ship grub-mkrescue on non-Linux amd64/i386 architectures. * Don't try to ship grub-mkrescue on sparc. * Drop boot_blocklist_hack.patch, fixed differently upstream some time ago by being smarter about filesystem-root-relative path conversion. * Include both old and new Lintian override styles for statically-linked-binary tag, since ftp-master has not yet been updated to 2.5.0~rc1. * New upstream release. - Ensure uniqueness of RAID array numbers even if some elements have a name (closes: #609804). - Remove unnecessary brackets from tr arguments (closes: #612564). - Add grub-mkrescue info documentation (closes: #612585). - Avoid generating invalid configuration when something that looks like a Xen hypervisor is present without any Xen kernels (closes: #612898). - Fix memory alignment when calling 'linux' multiple times on EFI (closes: #616638). - Fix grub-install on amd64 EFI systems (closes: #617388). - Automatically export pager variable (closes: #612995). - Fix parser error with "time" (closes: #612991). - Ignore case of bitmap extensions (closes: #611123). - Skip vmlinux-* on x86 platforms (closes: #536846, #546008). - Accept old-style Xen kernels (closes: #610428). - Skip damaged LVM volumes (closes: #544731). - Handle LVM mirroring (closes: #598441). - Detect spares and report them as not RAID members (closes: #611561). - Don't enable localisation unless gfxterm is available (closes: #604609). - Fix partitioned RAID support (closes: #595071, #613444). - Dynamically count the number of lines for the lower banner (closes: #606494). - Improve quoting in grub-mkconfig, to support background image file names containing spaces (closes: #612417). - Flush BIOS disk devices more accurately (closes: #623124). - Identify RAID devices by their UUID rather than by their guessed name (closes: #624232). - Add "SEE ALSO" sections to most man pages (closes: #551428). [ Christian Perrier ] * Drop extra word in French debconf translation. Thanks to David Prvt. * Fix spelling error in French debconf translation. Thanks to David Prvt. [ Colin Watson ] * Set PACKAGE_VERSION and PACKAGE_STRING using configure arguments rather than sedding configure.ac in debian/rules (which sometimes has annoying interactions with quilt, etc.). * Update branch_embed-sectors.patch: - Detect sector used by HighPoint RAID controller (closes: #394868). * Add debian/README.source (from quilt). * Make debian/rules more explicit about when autogen.sh is run. We need to be careful that all full builds run it, since we use GRUB extras. * Merge from Ubuntu: - Handle filesystems loop-mounted on file images. - On Wubi, don't ask for an install device, but just update wubildr using the diverted grub-install. - Add grub-mount-udeb, containing just grub-mount. This can be used by os-prober and other parts of d-i. - Artificially bump Replaces: grub-common versioning to account for grub-reboot/grub-set-default movement in Ubuntu. * Don't do a separate build pass for grub-common. It will be identical to the build for the default platform for the CPU architecture anyway, so reuse that. * Build with GCC 4.5 on all architectures. * Update Lintian overrides for changes in Lintian 2.5.0~rc1. * Invert how files are split among binary packages: rather than code in debian/rules to remove files we don't want, add dh_install configuration to declare the files we do want. This means a little more repetition for platform-specific programs, but it seems less confusing and easier to extend. * Drop versioned dependencies on base-files. GPL-3 has been there for two Debian releases now, and the dependency was never upgrade-critical anyway. * Create grub2-common package containing files that are common among GRUB platform packages but that would break GRUB Legacy, or that are too confusing when coinstalled with GRUB Legacy (closes: #564167). * Drop conflict on an ancient (pre-lenny/hardy) version of desktop-base. * Move /etc/grub.d/05_debian_theme to grub-common, to go with the other /etc/grub.d/* files. * Drop redundant Suggests: os-prober from several platform packages, as grub-common already Recommends: os-prober. * Create grub--bin packages corresponding to all grub- packages (except for grub-emu). These do not automatically install the boot loader or update grub.cfg, and they install their binaries to /usr/lib/grub/-/; this means that they can be installed in parallel, making it easier to use them to build GRUB-based disk images (e.g. d-i). The grub- packages now depend on these and include symlinks, so their behaviour will remain as before. * Make grub-emu depend on grub-common. * Make the documentation directory in most binary packages be a symlink to that in grub-common. * Drop lenny compatibility from grub2-common's dpkg/install-info dependency, since it produces a Lintian warning and using the current packaging on lenny is probably rather a stretch anyway. [ Updated translations ] * Belarusian (Viktar Siarheichyk). Closes: #606864 * Danish (Joe Hansen). Closes: #606879 * Romanian (Andrei POPESCU). Closes: #606888 * Italian (Luca Monducci). Closes: #606891 * Brazilian Portuguese (Flamarion Jorge). Closes: #610613 * Greek (Emmanuel Galatoulas). Closes: #604847 * Cherry-pick from upstream: - Use correct limits for mips initrd. * Run grub-install on install or upgrade of grub-yeeloong. * Update branch_fuse.patch: - Tell FUSE to run single-threaded, since GRUB code is not thread-safe (LP: #756297). * Update branch_butter.patch: - Fix filename comparison. - Take extent offset in account on uncompressed extents. - Use filled extent size if available. * Allow use of first sector on btrfs (LP: #757446). * Merge from Ubuntu: - Build part_msdos and vfat into EFI boot images (LP: #677758). * Update branch_fuse.patch: - Make grub-mount exit non-zero if opening the device or filesystem fails. - Translate GRUB error codes into OS error codes for FUSE (LP: #756456). * Merge from Ubuntu: - Fix use of freed memory when replacing existing loopback device (LP: #742967). * Update branch_butter.patch, fixing RAID1/duplicated chunk size calculation (thanks, Vladimir Serbinenko; LP: #732149). * Update branch_parse-color.patch, to blend text when any background is set as opposed to only when a stretched background is set (closes: #613120). * Make update-grub2 a symlink to update-grub, rather than bothering with a wrapper script. * Cherry-pick from upstream: - Check RAID superblock offset (closes: #610184). - Flush buffer cache on close and not on open (closes: #620663). - Handle special naming of yeeloong directory (closes: #620420). * Add grub-mount utility, from the upstream 'fuse' branch. * efibootmgr is only available on Linux architectures, so only make grub-efi-ia32 and grub-efi-amd64 depend on it on Linux. * Cherry-pick from upstream: - Fix FreeBSD compilation problem. * Add /proc/mdstat, LVM information, and listings of /dev/disk/by-id/ and /dev/disk/by-uuid/ to bug reports, by request of upstream. * Cherry-pick from upstream: - Use libgeom on FreeBSD to detect partitions (closes: #612128). - Copy the partition table zone if floppy support is disabled, even if no partition table is found (LP: #741867). - Fix an ext2 overflow affecting inodes past 2TiB. - Fix RAID-0 disk size calculation for metadata 1.x (LP: #743136). * Merge from Ubuntu: - Build with gcc-4.5 on ppc64. - Add apport hook for ProblemType = 'Package', thanks to Jean-Baptiste Lallement (LP: #591753). * Cherry-pick from upstream: - Fix crash when extending menu entry line beyond 79 characters (closes: #615893). - Account for FreeBSD module headers when calculating allocation size. - Switch back to framebuffer page zero before loading the kernel (thanks, Felix Kuehling). * Merge from Ubuntu: - If we're upgrading and /boot/grub/core.img doesn't exist, then don't ask where to install GRUB, since it probably means we're in some kind of specialised environment such as a live USB stick (LP: #591202). - Drop the default priority of grub2/linux_cmdline to medium. We only need to ask it if we're upgrading from GRUB Legacy and found an empty kopt in menu.lst (LP: #591202). * Update branch_embed-sectors.patch, avoiding consuming lots of space and time if the first partition is not near the start of the disk (closes: #619458, LP: #691569). * Update debian/legacy/update-grub to the version from grub 0.97-65. * Mark binary packages as Multi-Arch: foreign (for example, an amd64 kernel installed on an i386 system could use the native architecture's GRUB). * Rewrite find_root_device_from_mountinfo to cope with move-mounts (LP: #738345). [ Updated translations ] * Esperanto (Felipe Castro). Closes: #606524 * Thai (Theppitak Karoonboonyanan). Closes: #607706 * Don't touch /boot/grub/grub2-installed if using the --root-directory option to grub-install (thanks, Nicolas George; closes: #614927). * Update branch_devmapper.patch, adding partitioned MD RAID support (untested) and support for probing multipath disks. * Update ntldr-img from grub-extras: - Only call ntfs_fix_mmft if the attribute to find is AT_DATA. This matches GRUB's NTFS module. - Install grubinst as grub-ntldr-img. * Fix loading GRUB from lnxboot (LP: #693671). * Update branch_embed-sectors.patch to avoid straying into first partition when embedding-area sectors are in use (closes: #613409, LP: #730225). * Build for ppc64 (except for grub-emu, which doesn't build cleanly yet). * Suppress output from debconf-communicate in upgrade-from-grub-legacy. * Refer to the info documentation at the top of /etc/default/grub (closes: #612538). * We need at least freebsd-utils (>= 8.0-4) on kFreeBSD architectures for camcontrol, so depend on it. * Tolerate camcontrol failing to read capacity of IDE devices, until such time as we know how to do this properly (see #612128). * Adjust /etc/default/grub for rename of GRUB_DISABLE_LINUX_RECOVERY to GRUB_DISABLE_RECOVERY (closes: #612777). * Update ntldr-img from grub-extras: - Install g2hdr.bin and g2ldr.mbr (closes: #613245). * Merge 1.98+20100804-13 and 1.98+20100804-14, updating translations: - Kazakh (Baurzhan Muftakhidinov / Timur Birsh). * mkconfig_skip_dmcrypt.patch: Refer to GRUB_PRELOAD_MODULES rather than suggesting people write a /etc/grub.d/01_modules script (thanks, Jordan Uggla). * Handle empty dir passed to grub_find_root_device_from_mountinfo; fixes grub-mkrelpath on btrfs subvolumes (LP: #712029). * Add rootflags=subvol= if / is on a btrfs subvolume (LP: #712029). * Upload to unstable. [ Colin Watson ] * New upstream release candidate. [ Alexander Kurtz ] * 05_debian_theme: - If we find a background image and no colours were specified, use upstream defaults for color_normal and color_highlight rather than setting color_normal to black/black. - Make the code more readable by replacing code for handling alternatives. - Make the code for searching for pictures in /boot/grub more readable and robust (for example against newlines in the filename). - Don't try the other alternatives when $GRUB_BACKGROUND is set; you can now add GRUB_BACKGROUND= to /etc/default/grub to force no background image (closes: #608263). * New Bazaar snapshot. - Disable ieee1275_fb on sparc (closes: #560823). - Fix pf2 font generation on big-endian platforms (closes: #609818). * branch_butter.patch: Resolve the device returned by grub_find_root_device_from_mountinfo or find_root_device_from_libzfs using grub_find_device (closes: #609590, #609814, LP: #700147). * New Bazaar snapshot. - Don't check amount of low memory, as reportedly INT 12h can be broken and if low memory is too low we wouldn't have gotten into grub_machine_init anyway (closes: #588293, LP: #513528). - Submenu default support (LP: #691878). - Fix optimisation-dependent grub-mklayout crash (closes: #609584). * branch_butter.patch: Don't free an uninitialised pointer if /proc is unmounted (LP: #697493). * Add a po/LINGUAS file listing the translations we've synced from the TP (closes: #609671). * New Bazaar snapshot. - Check that named RAID array devices exist before using them (closes: #606035). - Clear terminfo output on initialisation (closes: #569678). - Fix grub-probe when btrfs is on / without a separate /boot. * Support long command lines as per the 2.06 Linux boot protocol, from the upstream 'longlinuxcmd' branch. * Add a background_color command, from the upstream 'parse-color' branch. * Update branch_devmapper.patch, adding a #include to fix a build failure on Ubuntu amd64. * When embedding the core image in a post-MBR gap, check for and avoid sectors matching any of a number of known signatures, from the upstream 'embed-sectors' branch. * New Bazaar snapshot. - Don't emit drivemap directive for Windows Server 2008 (closes: #607687). - Don't add spurious RAID array members (closes: #605357). - Improve presentation of Xen menu entries (closes: #607867). - Fix PCI probing hangs by skipping remaining functions on devices that do not implement function 0 (closes: #594967). - Fix typo in descriptions of extract_legacy_entries_source and extract_legacy_entries_configfile (LP: #696721). * Merge 1.98+20100804-12: - Use semicolons rather than commas to separate size from model in debconf disk and partition descriptions. * Add full btrfs support, from the upstream 'butter' branch. * Support partitioned loop devices and improve devmapper support, from the upstream 'devmapper' branch. * Add squashfs 4 support, from the upstream 'squash' branch. * New Bazaar snapshot. - Initialise next pointer when creating multiboot module (closes: #605567). - Fix gettext quoting to work with bash as /bin/sh, and make echo UTF-8-clean so that (at least) Catalan boot messages are displayed properly (closes: #605615). - Fix use of uninitialised memory in Reed-Solomon recovery code (LP: #686705). * Automatically remove MD devices from device.map on upgrade, since the BIOS cannot read from these and including them in device.map will break GRUB's ability to read from such devices (LP: #690030). * Merge 1.98+20100804-9, 1.98+20100804-10, and 1.98+20100804-11: - Apply debconf template review by debian-l10n-english and mark several more strings for translation, thanks to David Prvot and Justin B Rye. - Incorporate rewritten 05_debian_theme by Alexander Kurtz, which works when /usr is inaccessible by GRUB. * New Bazaar snapshot. - ZFS moved into grub-core. - Extend gettext to fall back from ll_CC to ll, and set lang to include country part by default so that Chinese works (LP: #686788). * Remove grub-mknetdir from grub-emu. * Exit silently from zz-update-grub kernel hook if update-grub does not exist (e.g. if grub-pc has been removed but not purged; closes: #606184). * New Bazaar snapshot (mipsel build fix, LVM-on-RAID probing fix). * Fix comma-separation in handling of grub-pc/install_devices. * New Bazaar snapshot (command priorities, build fixes, grub-mkdevicemap segfault). * Don't try to build grub-efi-amd64 on kfreebsd-i386 or hurd-i386 (requires gcc-4.4-multilib). * New Bazaar snapshot (build fixes). * Build-depend on qemu-utils and parted on non-Hurd architectures. * qemu_img_exists.patch: Skip partmap test if qemu-img doesn't exist (as is the case on the Hurd). * Make grub-efi-ia32 and grub-efi-amd64 depend on efibootmgr so that grub-install works properly. * Upgrade the installed core image when upgrading grub-efi-ia32 or grub-efi-amd64, although only if /boot/efi/EFI/ (where is an identifier based on GRUB_DISTRIBUTOR, e.g. 'debian') already exists. * Re-expand a couple of dpkg architecture wildcards to exclude certain special cases: gcc-4.4-multilib is not available on kfreebsd-i386 or hurd-i386, and qemu-system is not available on hurd-i386. [ Colin Watson ] * New Bazaar snapshot. Too many changes to list in full, but some of the more user-visible ones are as follows: - GRUB script: + Function parameters, "break", "continue", "shift", "setparams", "return", and "!". + "export" command supports multiple variable names. + Multi-line quoted strings support. + Wildcard expansion. - sendkey support. - USB hotunplugging and USB serial support. - Rename CD-ROM to cd on BIOS. - Add new --boot-directory option to grub-install, grub-reboot, and grub-set-default; the old --root-directory option is still accepted but was often confusing. - Basic btrfs detection/UUID support (but no file reading yet). - bash-completion for utilities. - If a device is listed in device.map, always assume that it is BIOS-visible rather than using extra layers such as LVM or RAID. - Add grub-mknetdir script (closes: #550658). - Remove deprecated "root" command. - Handle RAID devices containing virtio components. - GRUB Legacy configuration file support (via grub-menulst2cfg). - Keyboard layout support (via grub-mklayout and grub-kbdcomp). - Check generated grub.cfg for syntax errors before saving. - Pause execution for at most ten seconds if any errors are displayed, so that the user has a chance to see them. - Support submenus. - Write embedding zone using Reed-Solomon, so that it's robust against being partially overwritten (closes: #550702, #591416, #593347). - GRUB_DISABLE_LINUX_RECOVERY and GRUB_DISABLE_NETBSD_RECOVERY merged into a single GRUB_DISABLE_RECOVERY variable. - Fix loader memory allocation failure (closes: #551627). - Don't call savedefault on recovery entries (closes: #589325). - Support triple-indirect blocks on ext2 (closes: #543924). - Recognise DDF1 fake RAID (closes: #603354). [ Robert Millan ] * Use dpkg architecture wildcards. [ Updated translations ] * Slovenian (Vanja Cvelbar). Closes: #604003 * Dzongkha (dawa pemo via Tenzin Dendup). Closes: #604102 [ Updated translations ] * Kazakh (Baurzhan Muftakhidinov / Timur Birsh). Closes: #609187 [ Alexander Kurtz ] * 05_debian_theme: - If we find a background image and no colours were specified, use upstream defaults for color_normal and color_highlight rather than setting color_normal to black/black. - Don't try the other alternatives when $GRUB_BACKGROUND is set; you can now add GRUB_BACKGROUND= to /etc/default/grub to force no background image (closes: #608263). * Backport from upstream: - Don't add spurious RAID array members (closes: #605357). * Backport from upstream: - Support big ext2 files (closes: #543924). - Fix gettext quoting to work with bash as /bin/sh, and make echo UTF-8-clean so that (at least) Catalan boot messages are displayed properly (closes: #605615). - Initialise next pointer when creating multiboot module (closes: #605567). - Fix PCI probing hangs by skipping remaining functions on devices that do not implement function 0 (closes: #594967). * Use semicolons rather than commas to separate size from model in debconf disk and partition descriptions; commas are too easily confused with the multiselect choice separator, and in particular make it impossible to answer questions properly in the editor frontend (closes: #608449). Unfuzzy all translations where possible. * Exit silently from zz-update-grub kernel hook if update-grub does not exist (e.g. if grub-pc has been removed but not purged; closes: #606184). * Apply debconf template review by debian-l10n-english and mark several more strings for translation, thanks to David Prvot and Justin B Rye (closes: #605748). * Unfuzzy some translations that were not updated in this round (thanks, David Prvot; closes: #606921). * Incorporate rewritten 05_debian_theme by Alexander Kurtz, which works when /usr is inaccessible by GRUB (closes: #605705). * Backport from upstream: - Recognise DDF1 DM-RAID (closes: #603354). [ Updated translations ] * Chinese (YunQiang Su). Closes: #606426 * Indonesian (Arief S Fitrianto). Closes: #606431 * Slovenian (Vanja Cvelbar). Closes: #606445 * Swedish (Martin Bagge / brother). Closes: #606455 * Ukrainian (Yatsenko Alexandr). Closes: #606538 * Basque (Iaki Larraaga Murgoitio). Closes: #606644 * Slovak (Slavko). Closes: #606663 * Catalan (Jordi Mallach). * Bulgarian (Damyan Ivanov). Closes: #606452 * Persian (Morteza Fakhraee). Closes: #606672 * Russian (Yuri Kozlov). Closes: #606753 * Dutch (Paul Gevers). Closes: #606807 * Japanese (Hideki Yamane). Closes: #606836 * French (Christian Perrier). Closes: #606842 * Czech (Miroslav Kure). Closes: #606854 * Spanish (Francisco Javier Cuadrado). Closes: #606903 * Portuguese (Tiago Fernandes / Miguel Figueiredo). Closes: #606908 * German (Martin Eberhard Schauer). Closes: #606896 * fix_crash_condition_in_kfreebsd_loader.patch: Import from upstream. Fixes crash condition in case kfreebsd_* commands are used after kfreebsd has (gracefully) failed. [ Robert Millan ] * Import from upstream: - refuse_embedingless_cross_disk.patch: Refuse to do a cross-disk embeddingless install rather than creating a broken install. - fix_grub_install_error_msg.patch: Replace useless recomendation to pass --modules with a recomendation to report a bug. - message_refresh.patch: Make error messages visible again. (Closes: #605485) [ Jordi Mallach ] * Update Catalan translation with latest file from the Translation Project. [ Updated translations ] * Slovenian (Vanja Cvelbar). Closes: #604003 * Dzongkha (dawa pemo via Tenzin Dendup). Closes: #604102 [ Robert Millan ] * increase_disk_limit.patch: Increase SCSI/IDE disk limits to cope with Sun Fire X4500. * linux_mdraid_1x.patch: Support for Linux MD RAID v1.x. (Closes: #593652) * yeeloong_boot_info.patch: On Yeeloong, pass machine type information to Linux. [ Updated translations ] * Portuguese fixed by Christian Perrier (variable names were translated) [ Robert Millan ] * zfs_fix_mkrelpath.patch: Replace with proper fix from upstream Bazaar. (Closes: #601087) [ Updated translations ] * Vietnamese (Clytie Siddall). Closes: #598327 * Icelandic (Sveinn Felli). Closes: #600126 [ Robert Millan ] * zfs_v23.patch: Accept ZFS up to v23 (no changes required). * fix_usb_boot.patch: Fix boot on USB devices, for BIOSes that expose them as floppies. (Closes: #600580) * zfs_fix_mkrelpath.patch: Fix grub-mkrelpath for non-root ZFS. (Closes: #600578) [ Updated translations ] * Kazakh (kk.po) by Baurzhan Muftakhidinov via Timur Birsh (closes: #598188). * Portuguese (pt.po) by Tiago Fernandes via Rui Branco (closes: #599767). * Catalan (ca.po) by Jordi Mallach. [ Updated translations ] * Hebrew (he.po) by Omer Zak and Lior Kaplan (closes: #593855). * Romanian (ro.po) by ioan-eugen STAN (closes: #595727). * Esperanto (eo.po) by Felipe Castro (closes: #596171). [ Colin Watson ] * Make grub-efi-amd64 conflict with grub-pc as well as the other way round. * Backport upstream patches to fix DM-RAID support (closes: #594221, LP: #634840). [ Robert Millan ] * enable_zfs.patch: Fix grub-fstest build problem. * zfs_fix_label_arg.patch: Fix kfreebsd_device initialization on ZFS for non-main filesystems. [ Updated translations ] * Italian (it.po) by Luca Monducci (closes: #593685). * Finnish (fi.po) by Esko Arajrvi (closes: #593921). [ Colin Watson ] * Run update-grub from kernel hooks if DEB_MAINT_PARAMS is unset, for compatibility with old kernel packages. This may produce duplicate runs of update-grub, but that's better than not running it at all (closes: #594037). [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge (closes: #592156). * Asturian (ast.po) by Maacub (closes: #592313). * Galician (gl.po) by Jorge Barreiro (closes: #592816). [ Robert Millan ] * Backport ZFS bugfixes from upstream Bazaar: - zfs_fix_chroot.patch: Fix breakage when running grub-probe inside chroot. - zfs_fix_label_arg.patch: Fix grub-probe fs_label argument. - zfs_fix_pathname.patch: Fix pathname for non-root ZFS filesystems. - zfs_fix_segfault.patch: Fix segfault when /dev is not mounted. [ Colin Watson ] * Escape single quotes when removing them from $mode in zz-update-grub, so that this works when /bin/sh is bash (thanks, Will Dyson; closes: #593242). * Add support for ext2 root on GNU/kFreeBSD (thanks, Aurelien Jarno; closes: #593467). [ Colin Watson ] * Make /etc/kernel/postrm.d/zz-update-grub a real file rather than a symlink (closes: #592076). [ Updated translations ] * Norwegian Bokml (nb.po) by Hans Nordhaug (closes: #591569). * New Bazaar snapshot. - Fix grub-emu build on GNU/kFreeBSD (closes: #591490). [ Colin Watson ] * Add kernel hook scripts and remove any uses of update-grub as a postinst_hook or postrm_hook in /etc/kernel-img.conf (closes: #554175). Thanks to Ben Hutchings for advice and to Harald Braumann for an early implementation. * Extend the existing GRUB_LEGACY_0_BASED_PARTITIONS handling to avoid new-style partition naming when generating output for GRUB Legacy (closes: #590554). [ Updated translations ] * Slovak (sk.po) by Slavko (closes: #591458). * New Bazaar snapshot. - Remove compatibility with terminal.mod prior to terminal_input/terminal_output separation (LP: #519358). - Enable `grub-probe -t device' resolution on ZFS. - Don't use UUID for LVM root when generating Xen entries (closes: #591093). - Restore missing whitespace to commands' --help output (closes: #590874). - Select unique numbers for named RAID arrays, for use as keys in the disk cache. [ Updated translations ] * German (Martin Eberhard Schauer). Closes: #590108 * Spanish (Francisco Javier Cuadrado). Closes: #590448 * Traditional Chinese (Tetralet). Closes: #591191 * Danish (Joe Hansen). Closes: #591223 * Dutch (Paul Gevers). Closes: #590864 * Japanese (Hideki Yamane). Closes: #591058 [ Robert Millan ] * postinst.in: Fill in device size and model information on GNU/kFreeBSD, using camcontrol. * patches/enable_zfs.patch: New patch. Link ZFS from grub-extras into grub-probe and grub-setup. * control: Build-Depend on libzfs-dev and libnvpair-dev on kfreebsd-*. [ Colin Watson ] * Offer RAID devices as GRUB installation targets if they contain /, /boot, or /boot/grub. * New Bazaar snapshot. - Don't count named RAID arrays when looking for unused array numbers. [ Colin Watson ] * Merge from Ubuntu: - grub-common Breaks: lupin-support (<< 0.30) due to a grub-mkimage syntax change (lupin-support isn't in Debian, but this is harmless anyway). * New Bazaar snapshot. - Link to Info documentation on changes from GRUB Legacy in README (closes: #502623). - Add support for mdadm metadata formats 1.x (closes: #492897). [ Aaron M. Ucko ] * Compare -trunk kernels earlier than numeric ABIs (closes: #568160). [ Colin Watson ] * Remove /boot/grub/device.map, /boot/grub/grubenv, /boot/grub/installed-version, and /boot/grub/locale/ on purge, if permitted (closes: #547679). * Convert from CDBS to dh. * Use exact-version dependencies in grub2 and grub-efi, to reduce potential confusion. * Raise priority of grub-common and grub-pc to optional (also done in archive overrides). * Copy-edit debian/presubj. * Use 'mktemp -t' rather than hardcoding /tmp (closes: #589537). [ Mario 'BitKoenig' Holbe ] * Update /etc/grub.d/05_debian_theme to handle multiple entries in GRUB_TERMINAL_OUTPUT (closes: #589322). [ Updated translations ] * Simplified Chinese (zh_CN.po) by YunQiang Su (closes: #589013). * Russian (ru.po) by Yuri Kozlov (closes: #589244). * Swedish (sv.po) by Martin Bagge / brother (closes: #589259). * Bulgarian (bg.po) by Damyan Ivanov (closes: #589272). * Indonesian (id.po) by Arief S Fitrianto (closes: #589318). * Arabic (ar.po) by Ossama M. Khayat. * Basque (eu.po) by Iaki Larraaga Murgoitio (closes: #589489). * Persian (fa.po) by Bersam Karbasion (closes: #589544). * Czech (cs.po) by Miroslav Kure (closes: #589568). * Belarusian (be.po) by Viktar Siarheichyk (closes: #589634). * New Bazaar snapshot. - Handle degraded RAID arrays in grub-probe and grub-setup. - Fix gfxterm pager handling. [ Fabian Greffrath ] * Get value of correct debconf question when deciding whether to purge /boot/grub (closes: #588331). [ Colin Watson ] * Generate device.map in something closer to the old ordering (thanks, Vadim Solomin). [ Updated translations ] * Croatian (hr.po) by Josip Rodin, closes: #588350. * French (fr.po) by Christian Perrier (closes: #588695). * New Bazaar snapshot. - USB hub support. - Fix GRUB_BACKGROUND configuration ordering. - Fix corruption of first entry name in a reiserfs directory. - Don't include MD devices when generating device.map (if you're using RAID and upgraded through 1.98+20100702-1 or 1.98+20100705-1, you may need to fix this up manually). * New Bazaar snapshot. - Bidi and diacritics support. + Use terminfo for ieee1275 terminals (closes: #586953). - Don't use empty grub_device in EFI grub-install (closes: #587838). - Fix grub-setup core.img comparison when not embedding (thanks, Matt Kraai and M. Vefa Bicakci; closes: #586621). * Update Source: in debian/copyright (thanks, Jrg Sommer). * Convert by-id disk device names from device.map to traditional device names for display (closes: #587951). * Set urgency=medium. We've cleared out most of the apparent regressions at this point, and #550704 is getting more and more urgent to fix in testing. * New Bazaar snapshot. - Use video functions in Linux loader rather than hardcoding UGA; load all available video backends (closes: #565576, probably). - Add support for initrd images on Fedora 13. - Output grub.cfg stanzas for Xen (closes: #505517). - Add 'cat --dos' option to treat DOS-style "\r\n" line endings as simple newlines (closes: #586358). - Change grub-mkdevicemap to emit /dev/disk/by-id/ names where possible on Linux. - Return CF correctly in mmap e820/e801 int15 hook (closes: #584846). - The info documentation now has no broken references, although of course it could still use more work (closes: #553460). - Support GRUB_BADRAM in grub-mkconfig. - Skip LVM snapshots (closes: #574863). [ Colin Watson ] * Mention grub-rescue-usb.img in grub-rescue-pc description (closes: #586462). * Add instructions for using grub-rescue-usb.img (closes: #586463). * Remove /usr/lib/grub/mips-* from grub-common rather than the incorrect /usr/lib/grub/mipsel-*, so that it stops clashing with grub-yeeloong; add a versioned Replaces to grub-yeeloong just in case (closes: #586526). * Remove qemu-system build-dependency on hurd-i386, where it doesn't seem to exist. Disable tests if qemu-system-i386 isn't available. * Mark "upgrade-from-grub-legacy" paragraph in grub-pc/chainload_from_menu.lst as untranslatable. * Update Homepage field (thanks, Sedat Dilek). * On Linux, if /boot/grub/device.map exists on upgrade to this version, regenerate it to use stable device names in /dev/disk/by-id/. If it had more than one entry, then display a critical-priority debconf note (sorry, but it's better than silently breaking boot menu entries) advising people to check custom boot menu entries and update them if necessary (closes: #583271). * Use 'set -e' rather than '#! /bin/sh -e' or '#! /bin/bash -e', to avoid accidents when debugging with 'sh -x'. * Store grub-pc/install_devices as persistent device names under /dev/disk/by-id/ (closes: #554790). Migrate previous device names to that, with explicit confirmation in non-trivial cases to make sure we got the right ones. If the devices we were told to install to ever go away, ask again. (This is based on the implementation in Ubuntu.) * If grub-install fails during upgrade-from-grub-legacy, allow the user to try again with a different device, but failing that cancel the upgrade (closes: #587790). * Remove numbering from patch files. The order is now explicit in a quilt series file, and renumbering from time to time is tedious. [ Updated translations ] * Ukrainian (uk.po) by Yatsenko Alexandr / Borys Yanovych (closes: #586611). * Indonesian (id.po) by Arief S Fitrianto (closes: #586799). * Swedish (sv.po) by Martin Bagge (closes: #586827). * Persian (fa.po) by Behrad Eslamifar (closes: #587085). * French (fr.po) by Christian Perrier (closes: #587383). * Galician (gl.po) by Jorge Barreiro (closes: #587796). [ Robert Millan ] * Add commented GRUB_BADRAM example in debian/default/grub. * New Bazaar snapshot. - Fix i386-pc prefix handling with nested partitions (closes: #585068). * When running grub-pc.postinst from upgrade-from-grub-legacy, tell it to disregard the fact that /boot/grub/stage2 and /boot/grub/menu.lst still exist (closes: #550477). * Touch a marker file when grub-install is run but GRUB Legacy files are still around. If that marker file is present, pretend that GRUB Legacy files are missing when upgrading. * If GRUB Legacy files are present when upgrading, scan boot sectors of all disks for GRUB 2. If we find GRUB 2 installed anywhere, then ask the user if they want to finish conversion to GRUB 2, and warn them that not doing so may render the system unbootable (closes: #586143). Thanks to Sedat Dilek for helping to narrow down this bug. * Leaving grub-pc/install_devices empty makes sense in some situations, but more often than not is a mistake. On the other hand, automatically selecting all disk devices would upset some people too. Compromise by simply asking for explicit confirmation if grub-pc/install_devices is left empty, defaulting to false so that simply selecting all the defaults in debconf can't leave you with an unbootable system (closes: #547944, #557425). * Build-depend on gcc-4.4-multilib on i386 and kopensolaris-i386 too, in order to build grub-efi-amd64. * Ignore non-option arguments in grub-mkconfig (closes: #586056). * New Bazaar snapshot. - Make target-related error messages from grub-mkimage slightly more helpful (closes: #584415). - Fix underquoting that broke savedefault (thanks, Mario 'BitKoenig' Holbe; closes: #584812). - Expand 'info grub' substantially, including a new section on configuring authentication (closes: #584822). - Give all manual pages proper NAME sections (closes: #496706). * Update 915resolution from grub-extras: - Fix a hang with 945GME (thanks, Sergio Perticone; closes: #582142). [ Colin Watson ] * Disable grub-emu on sparc for the time being. We're currently trying to use TARGET_* flags to build it, which won't work. * Don't build-depend on libsdl1.2-dev on hurd-i386. Although libsdl1.2-dev exists there, it's currently uninstallable due to missing libpulse-dev, and we can happily live without it for now. * kfreebsd-amd64 needs gcc-4.4-multilib too (closes: #585668). * Warn and return without error from prepare_grub_to_access_device if /boot is a dm-crypt device (thanks, Marc Haber; closes: #542165). * Make /etc/grub.d/05_debian_theme usable by shells other than bash (thanks, Alex Chiang; closes: #585561). * Remove grub-mkisofs leftovers from debian/copyright. * Fix reversed sense of DEB_BUILD_OPTIONS=nocheck handling. * Build-depend on qemu-system for grub-pc tests. * Only build-depend on libdevmapper-dev on Linux architectures. * Don't build-depend on libusb-dev on hurd-i386, where it doesn't seem to be available. * Fix printf format mismatch in disk/usbms.c (closes: #584474). * Fix verbose error output when device-mapper isn't supported by the running kernel (closes: #584196). * Prepend "part_" to partmap module names in grub-mkconfig, in line with grub-install (closes: #584426). * New Bazaar snapshot. - Add btrfs probing support, currently only in the single-device case (closes: #540786). - Fix grub-emu build on mips/powerpc/sparc. - Add safety check to make sure that /boot/grub/locale exists before trying to probe it (closes: #567211). - Several 'info grub' improvements, including a new section on configuration file generation using grub-mkconfig which documents the available keys in /etc/default/grub (closes: #497085). - Many USB fixes. [ Colin Watson ] * Reorganise configure and build targets in debian/rules to use stamp files. configure/* never existed and build/* was always a directory, so make never considered either of them up to date (closes: #450505). * Remove config.h.in from AUTOGEN_FILES, since autoheader doesn't necessarily update it. * Remove conf/gcry.mk from AUTOGEN_FILES, and conf/gcry.rmk from their dependencies. autogen.sh runs util/import_gcry.py after autoconf et al, so conf/gcry.rmk's timestamp will be later than some of the autogenerated outputs. * Go back to shipping rescue images in the grub-rescue-pc .deb itself rather than generating them in the postinst. This means that (a) they get removed when the package is removed (closes: #584176); (b) they are listed in package metadata, as is proper for files in /usr (closes: #584218); (c) grub-rescue-pc can potentially be used as a build-dependency for other packages that need to build GRUB images into installation media etc., without having to build-depend on grub-pc which isn't coinstallable with other platform variants and does invasive things in its postinst. * Add grub-mkrescue patch from Thomas Schmitt to allow reducing the size of xorriso-created images. Use this to ensure that grub-rescue-floppy.img fits well within size limits (closes: #548320). * Always override statically-linked-binary Lintian tag for kernel.img; dynamic linking makes no sense here. * kernel.img is stripped upstream where it can be, but override Lintian's error for the cases where it can't. * Override binary-from-other-architecture for kernel.img as well as *.mod when building grub-efi-amd64 on i386. * New Bazaar snapshot. - Support multiple terminals in grub-mkconfig, e.g. GRUB_TERMINAL='serial console' (closes: #506707). - Speed up consecutive hostdisk operations on the same device (closes: #508834, #574088). - Fix grammar error in grub-setup warning (closes: #559005). - Use xorriso for image creation rather than embedding a modified copy of mkisofs (closes: #570156). - Issue an error rather than segfaulting if only some LVM component devices are in device.map (closes: #577808). - Fix typo in make_device_name which caused grub-probe problems on systems with BSD disk labels (closes: #578201). - Add DM-RAID probe support (closes: #579919). - Include all gnumach kernels on Hurd, not just gnumach and gnumach.gz (closes: #581584). [ Colin Watson ] * Restore TEXTDOMAINDIR correction in grub.d files, lost by mistake in a merge. Noticed by Anthony Fok. * Don't fail on purge if the ucf association has already been taken over by a different grub package (closes: #574176). * Add debian/grub-extras/*/conf/*.mk to AUTOGEN_FILES. * Remove support for the lpia architecture, now removed from Ubuntu. * Conflict with grub (<< 0.97-54) as well as grub-legacy. * Build-depend on libdevmapper-dev for DM-RAID probe support. * Switch to quilt. * Suggest xorriso (>= 0.5.6.pl00) in grub-common, since grub-mkrescue now needs it. Depend on it in grub-rescue-pc. * Move grub-mkimage to grub-common, now that it only has one implementation. * Clean up temporary files used while building grub-firmware-qemu. * Make grub-probe work with symlinks under /dev/mapper (closes: #550704). * When upgrading a system where GRUB 2 is chainloaded from GRUB Legacy and upgrade-from-grub-legacy has not been run, upgrade the chainloaded image rather than confusing the user by prompting them where they want to install GRUB (closes: #546822). * Build-depend on libsdl1.2-dev for SDL support in grub-emu. * Don't leak debconf's file descriptor to update-grub, so that the LVM tools called from os-prober don't complain about it (closes: #549976). Other leaks are not this package's fault, may not be bugs at all, and in any case os-prober 1.36 suppresses the warnings. * Build-depend on flex (>= 2.5.35). * Build-depend on gcc-4.4-multilib on amd64. [ Updated translations ] * Slovenian (sl.po) by Vanja Cvelbar (closes: #570110). * Vietnamese (vi.po) by Clytie Siddall (closes: #574578). * Tamil (ta.po) by Tirumurti Vasudevan (closes: #578282). * Portuguese (pt.po) by Tiago Fernandes (closes: #580140). * Romanian (ro.po) by Eddy Petrior / Andrei Popescu (closes: #583185). * New upstream release (closes: #572898). - Fix grub-script-check to handle empty lines (closes: #572302). - Fix offset computation when reading last sectors. Partition reads and writes within and outside a partition (closes: #567469, #567884). - Fix script execution error handling bug that meant that an error in a menuentry's last statement caused the whole menuentry to fail (closes: #566538, LP: #464743). - Support GRUB_GFXPAYLOAD_LINUX (closes: #536453, LP: #416772). [ Samuel Thibault ] * Add GRUB_INIT_TUNE example to /etc/default/grub (closes: #570340). [ Colin Watson ] * Build-depend on libusb-dev so that grub-emu is reliably built with USB support (closes: #572854). * Update directions in debian/rules on exporting grub-extras to account for it being maintained in Bazaar nowadays. * Add myself to Uploaders. * Acknowledge NMUs, thanks to Torsten Landschoff and Julien Cristau. * Non-maintainer upload. * Stop setting gfxpayload=keep (closes: #567245). * Non-maintainer upload. * Apply trivial patch (already merged upstream) fixing the offset computation for non-cached reads (closes: #567637). * New Bazaar snapshot. - Fix corruption problem when reading files from CDROM. (Closes: #567219) [ Felix Zielcke ] * Never strip kernel.img in rules. Upstream already does it when it can be done. (Closes: #561933) * Bump Standards-Version to 3.8.4. [ Robert Millan ] * rules: Run the testsuite (make check) when building grub-pc. * New Bazaar snapshot. - Includes mipsel-yeeloong port. [ Robert Millan ] * config.in: Lower priority of grub2/linux_cmdline_default. [ Felix Zielcke ] * Drop `CFLAGS=-O0' workaround on powerpc. Should be fixed correctly now. * Ship grub-bin2h and grub-script-check in grub-common. * Terminate NEWS.Debian with a blank line like lintian would suggest if that check would be working correctly. * New Bazaar snapshot. - Includes savedefault / grub-reboot branch. - Includes Multiboot video support (from latest 1.x draft). * New Bazaar snapshot. [ Robert Millan ] * grub-rescue-pc.postinst: Fix image generation during upgrades. (Closes: #564261) * New Bazaar snapshot. [ Robert Millan ] * grub-rescue-pc.postinst: Use grub-mkrescue for floppy as well. [ Updated translations ] * Chinese (zh_TW.po) by Tetralet. (Closes: #564044) * New Bazaar snapshot. - Fix FTBS on sparc. [ Robert Millan ] * rules: Auto-update version from debian/changelog. [ Felix Zielcke ] * Add -O0 to CFLAGS on powerpc to avoid the `_restgpr_31_x in boot is not defined' FTBFS. * New Bazaar snapshot. - Fix slowness when $prefix uses an UUID. (Closes: #541145, LP: #420933) - Correctly set TARGET_CFLAGS. (Closes: #562953) [ Robert Millan ] * grub-rescue-pc.postinst: Build USB rescue image. * rules: Invoke configure with relative path. This makes binaries smaller, since dprintf strings are constructed using this path. [ Felix Zielcke ] * Urgency=high due to RC bug fix. * Fix version comparison in grub-common.preinst for handling obsolete /etc/grub.d/10_freebsd. (Closes: #562921) * New Baazar snapshot. - Make 30_os-prober again dash compatible. (Closes: #562034) * New Bazaar snapshot. - Fix search command failing on some broken BIOSes. (Closes: #530357) [ Felix Zielcke ] * Add Replaces:/Conflicts: grub-linuxbios to grub-coreboot. (Closes: #561811) * Delete obsolete /etc/grub.d/10_freebsd if it has not been modified, else disable it. (Closes: #560346) * Version bump. * New Bazaar snapshot. - patches/02_fix_mountpoints_in_mkrelpath.diff: Remove (merged). - Fixes FTBFS on powerpc (again) and sparc. - patches/903_grub_legacy_0_based_partitions.diff: Resync (merged into debian branch). * Fix dpkg dependency for lenny compatibility. * New Bazaar snapshot. * Enable ntldr-img from grub-extras. [ Updated translations ] * Bulgarian (bg.po) by Damyan Ivanovi (Closes: #558039) [ Robert Millan ] * control: Remove genisoimage from Build-Depends/Suggests (no longer used). * grub.d/05_debian_theme: Make output string distro-agnostic. [ Felix Zielcke ] * patches/02_fix_mountpoints_in_mkrelpath.diff: New patch to handle mount points like the old shell function did. (Closes: #558042) [ Robert Millan ] * New upstream snapshot. - Fixes script parser load error. * Add gettext to Build-Depends and gettext-base to grub-common's Depends. * New upstream snapshot. - Fix grub-mkisofs related FTBFS on powerpc. (Closes: #557704) - Create fake GRUB devices for devices not listed in device.map. This also makes dmraid and multipath work as long as search --fs-uuid works. (Closes: #442382, #540549, LP: #392136) - rules: grub-emu is now built as a port. [ Felix Zielcke ] * Change the bt-utf-source build dependency to xfonts-unifont. It's more complete, better maintained and grub-mkfont supports actually more then BDF fonts as input, thanks to libfreetype. * Use grub-probe to get the GRUB device of /boot/grub instead of passing (hd0) to grub-install when creating the core.img with chainloading. This avoids the (UUID=) hack slowness in case /boot/grub is on a different disk then (hd0) in device.map. * patches/903_grub_legacy_0_based_partitions.diff: Update. * Add a build dependency on automake and python. * Set TARGET_CC=$(CC) to really use gcc-4.4 everywhere. Also pass it and CC as arguments to ./configure instead of env vars so they get preserved. * Ship grub-mkrelpath in grub-common. * Ship the locale files in grub-common. * Add a dependency on 'dpkg (>= 1.15.4) | install-info' for grub-common as recommended by Policy and lintian. * New upstream snapshot. - Fix security problem with password checking. (Closes: #555195) - Fix the generated GNU/Hurd menu entries and also add support for it in 30_os-prober. (Closes: #555188) - Same grub-mkrescue for grub-pc and grub-coreboot, used by grub-rescue-pc during postinst now. (Closes: #501867) [ Felix Zielcke ] * Ship grub-mkisofs in grub-common. * patches/002_grub.d_freebsd.in.diff: Remove (merged upstream). * patches/906_grub_extras.diff: Remove. Superseded by GRUB_CONTRIB variable in recent upstream trunk. * rules: Export GRUB_CONTRIB to enable grub-extras add-ons. * Pass --force to grub-install in the postinst. (Closes: #553415) * Don't strip debug symbols from grub-emu. It's meant for debugging and with them it's much more useful. * Ship grub-mkfloppy in grub-pc. * Revert the Replaces: grub-common to (<= 1.96+20080413-1) on the grub-pc package. It was wrongly modified long ago. [ Robert Millan ] * copyright: Document mkisofs. * control: Update Vcs- fields (moved to Bazaar). * rules: Update debian/legacy/update-grub rule to Bazaar. [ Robert Millan ] * patches/905_setup_force.diff: Remove, no longer needed as of grub-installer >= 1.47. * grub.d/05_debian_theme: Attempt to source grub_background.sh from desktop-base (Needed for #495282, #495616, #500134, see also #550984). [ Felix Zielcke ] * Add a build dependency on texinfo. * Fix little typo in /etc/default/grub. (LP: #457703) [ Updated translations ] * Finnish (fi.po) by Esko Arajrvi. (Closes: #551912) * New upstream beta release. [ Felix Zielcke ] * Change the Recommends: os-prober to (>= 1.33). * patches/907_grub.cfg_400.diff: Really add it. Somehow it was a 0 byte file. (Closes: #547409) * Convert newlines back to spaces when parsing kopt from GRUB Legacy's menu.lst, before giving the value to Debconf. Thanks to Colin Watson. (Closes: #547649) * Ship the info docs in grub-common. (Closes: #484074) * Remove generated /usr/share/info/dir* files. * Update the presubj bug file and also install it for grub-common. [ Robert Millan ] * Enable ZFS and 915resolution in grub-extras (now requires explicit switch). * grub-common conflicts with grub-doc (<< 0.97-32) and grub-legacy-doc (<< 0.97-59). * Move grub-emu to a separate package. [ Updated translations ] * Japanese (ja.po) by Hideki Yamane. (Closes: #549599) * New upstream beta release. - Make it more clear how to use /etc/grub.d/40_custom. (Closes: #545153) - fix a serious memory corruption in the graphical subsystem. (Closes: #545364, #544155, #544639, #544822, LP: #424503) - patches/003_grub_probe_segfault.diff: Remove (merged). * Change the watch file so upstream beta releases are recognized. * Include /etc/default/grub in bug reports. * Recommend os-prober (>= 1.32). (Closes: #491872) * Change the gcc-multilib [sparc] build dependency to gcc-4.4-multilib [sparc]. * patches/907_grub.cfg_400.diff: New patch to make grub.cfg again mode 444 if it does not contain a password line. * Use `su' in the bug reporting script to read grub.cfg in case the user is not allowed to read it. * Readd grub-pc/kopt-extracted template. [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. * Japanese (ja.po) by Hideki Yamane. (Closes: #545331) * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #545566) * Italian (it.po) by Luca Monducci. (Closes: #546035) [ Updated translations ] * Dutch (nl.po) by Paul Gevers. (Closes: #545050) [ Felix Zielcke ] * Move GRUB Legacy's grub-set-default to /usr/lib/grub-legacy in preparation for GRUB 2's grub-set-default. * Remove password lines in bug script. [ Robert Millan ] * Do not conflict with `grub' dummy package (this prevented upgrades). * patches/003_grub_probe_segfault.diff: Disable file test codepath, which wasn't normally used before. * New upstream beta release. - Fix loading of FreeBSD modules. (Closes: #544305) [ Updated translations ] * French (fr.po) by Christian Perrier. (Closes: #544320) * Czech (cs.po) by Miroslav Kure. (Closes: #544327) * Belarusian (be.po) by Hleb Rubanau. * Arabic (ar.po) by Ossama M. Khayat. * Catalan (ca.po) by Juan Andrs Gimeno Crespo. * Russian (ru.po) by Yuri Kozlov. (Closes: #544730) * Swedish (sv.po) by Martin gren. (Closes: #544759) * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #544810) * German (de.po) by Helge Kreutzmann. (Closes: #544912) [ Robert Millan ] * Build with GCC 4.4. * New upstream beta release. [ Updated translations ] * German (de.po) by Helge Kreutzmann. (Closes: #544261) * Asturian (ast.po) by Marcos. * Georgian (ka.po) by Aiet Kolkhi. [ Robert Millan ] * Merge config, templates, postinst, postrm, dirs and install files into a single source. * Disable Linux-specific strings on GNU/kFreeBSD. Enable translations in grub2/linux_cmdline_default. Add grub2/kfreebsd_* strings (still unused). * New SVN snapshot. - Fix filesystem mapping on GNU/kFreeBSD. (Closes: #543950) * New grub-extras SVN snapshot. - Add 915resolution support to the GMA500 (poulsbo) graphics chipset. Thanks to Pedro Bulach Gapski. (Closes: #543917) * Use `cp -p' to copy /usr/share/grub/default/grub to the temporary file to preverse permissions. * Remove also efiemu files from /boot/grub on purge if requested. * Check that GRUB_CMDLINE_LINUX and GRUB_CMDLINUX_LINUX_DEFAULT is at the start of line in *.postinst. * Don't check that $GRUB_CMDLINE_LINUX{,DEFAULT} are non empty strings in *.config. * Add empty GRUB_CMDLINE_LINUX to /usr/share/grub/default/grub. * Factorise the editing of the temporary file. Thanks to Martin F Krafft. * Read in /etc/default/grub in *.config files. [ Updated translations ] * French (fr.po) by Christian Perrier. (Closes: #544023) * Russian (ru.po) by Yuri Kozlov. (Closes: #544077) * Italian (it.po) by Luca Monducci. (Closes: #544200) * Add missing quotes in grub-pc.config and *.postinst. * Really use the correct templates in grub-pc.config. ARGS. * New SVN snapshot. * Use the right templates in grub-pc.config. (Closes: #543615) * New SVN snapshot. - Enable gfxterm only if there's a suitable video backend and don't print an error if not. (Closes: #520846) [ Felix Zielcke ] * Copy unicode.pf2 instead of ascii.pf2 to /boot/grub in grub-pc postinst (Closes: #542314). * Update Standards version to 3.8.3. * Use DEB_HOST_ARCH_CPU for the generation of the lintian overrides. * Fix calling the grub-pc/postrm_purge_boot_grub template in grub-pc.postinst. * Handle GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT via debconf. Thanks to Martin F. Krafft and Colin Watson for idea and hints. * Use ucfr --force when /etc/default/grub is registered to a grub-* package. * Use #!/bin/sh in *.config and fix a small bashism in grub-pc.config. [ Robert Millan ] * patches/907_terminal_output_workaround.diff: Remove. It seems that it wasn't really necessary. * grub-pc.postinst: Avoid printing an error if /etc/kernel-img.conf doesn't exist, because it is misleading. We simply refrain from fixing it and move along. * grub-pc.postinst: Don't schedule generation of grub.cfg via "grub-install" code path unless we actually run grub-install. * grub-pc.postinst: Only copy unicode.pf2 and moreblue-orbit-grub.png when /boot/grub/grub.cfg is scheduled to be generated. * legacy/upgrade-from-grub-legacy: Reset grub-pc/install_devices. Thanks Colin Watson. (Closes: #541230) * New SVN snapshot. - Fix XFS with inode size different then 256. (Closes: #528761) - Add support for multiple LVM metadata areas. (LP: #408580) - patches/008_dac_palette_width.diff: Remove. (merged) - Prefer unicode over ascii font. (LP: #352034) [ Felix Zielcke ] * Fix the generation of the lintian override for efiemu64.o. * Remove the Conflicts dmsetup. * Use ?= for setting DEB_HOST_ARCH. * Document GRUB_DISABLE_LINUX_RECOVERY in /etc/default/grub. (Closes: #476536 LP: #190207) * Add docs/grub.cfg to examples. * patches/01_uuids_and_lvm_dont_play_along_nicely.diff: Updated to also disable UUIDs on LVM over RAID. * Add a debconf prompt to remove all grub2 files from /boot/grub on purge. (Closes: #527068, #470400) * Move the Suggests: os-prober from grub-pc to grub-common. * patches/901_dpkg_version_comparison.diff: Updated. * Update the Replaces on grub-common for the other packages to (<< 1.96+20080831-1). (Closes: #540492) [ Robert Millan ] * Reorganize grub-pc.{config,postinst} logic. The idea being that if there's no trace of GRUB Legacy, the grub-pc/install_devices template will be shown even if this is the first install. * When setting grub-pc/install_devices, obtain input dynamically from grub-mkdevicemap (rather than devices.map). (Closes: #535525) * Add a note to grub-pc/install_devices template that it's also possible to install GRUB to a partition boot record. * patches/002_grub.d_freebsd.in.diff: New patch. Reimplement 10_freebsd.in to handle multiple kernel versions & acpi.ko. * New SVN snapshot. - Don't add drivemap call with Windows Vista/7. It breaks Win 7. (LP: #402154) [ Felix Zielcke ] * Don't build grub-efi-amd64 on hurd-i386. * Change DEB_BUILD_ARCH to DEB_HOST_ARCH in the check for sparc. * Don't add the lintian override for kernel.img for sparc and grub-pc. * Add a lintian override for binary-from-other-architecture for grub-efi-amd64 and grub-pc on i386. * Use wildcards in the lintian overrides. * Add a Conflicts/Replaces for all packages except grub-common. (Closes: #538177) [ Robert Millan ] * 008_dac_palette_width.diff: New patch. Fix blank screen when booting Linux with vga= parameter set to a packed color mode (<= 8-bit). (Closes: #535026) * Set urgency=high because #535026 affects 1.96+20090709-1 which is in testing now. * patches/907_terminal_output_workaround.diff: Work around recent regression with terminal_output command (not critical, just breaks gfxterm). * Place grub-ofpathname only in grub-common. (Closes: #537999) * Don't strip kernel.img on sparc. * Suggest efibootmgr on grub-efi-{amd64,ia32}. * Pass --disable-grub-fstest to configure. (Closes: #537897) * Add back Conflicts/Replaces grub. * New SVN snapshot. * Change License of my update-grub(8) and update-grub2(8) manpages to GPL3+ to match new copyright file. * Merge from Ubuntu: Don't build grub-efi-amd64 on lpia. * Don't pass `--enable-efiemu' to configure. On kfreebsd-i386 it won't compile and it should be now auto detected if it's compilable. (Closes: #536783) * Don't build grub-efi-amd64 on kfreebsd-i386. It lacks 64bit compiler support. * Rename the lintian override for kernel.elf to kernel.img. * Strip kernel.img not kernel.elf, but not in the case of grub-pc. * Rename the Conflicts/Replaces grub to grub-legacy. (Closes: #537824) * New SVN snapshot. * control (Build-Depends): Add gcc-multilib [sparc]. * copyright: Rewrite using DEP-5 format. * Merge grub-extras into the package, and integrate it with GRUB's build system. - patches/906_grub_extras.diff - rules - copyright * New SVN snapshot. * rules: Remove duplicated files in sparc64-ieee1275 port. * rules: Comment out -DGRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 setting. We'll re-evaluate using it when it's more mature. (Closes: #535026). * New SVN snapshot. - Misc fixes in Linux loader. * control (grub-firmware-qemu): Make it buildable only on i386/amd64. * control: Add sparc (grub-ieee1275), remove remnants of ppc64. * rules: Include all modules in grub-firmware-qemu build. * New SVN snapshot. * Re-enable QEMU port. * Disable QEMU port untill it goes through NEW. * Upload to unstable. * New SVN snapshot. - Fix parsing of --output in grub-mkconfig. (Closes: #532956) [ Felix Zielcke ] * Use ucfr --force in grub-ieee1275.postinst in case we're upgrading from previous version. It registered /etc/default/grub wrongly with package iee1275. * Drop the build dependency on libc6-dev-i386. * Remove ppc64 from the Architectures. It's totally dead. * Add a note to /etc/default/grub that update-grub needs to be run to update grub.cfg. (Closes: #533026) * Fix the svn-snapshot rule. * Update Standards version to 3.8.2. No changes needed. [ Robert Millan ] * legacy/upgrade-from-grub-legacy: Invoke grub-pc.postinst directly rather than dpkg-reconfigure. Since we pretend we're upgrading, it will DTRT. * Add grub-firmware-qemu package. - patches/008_qemu.diff: QEMU port (patch from upstream). - control (grub-firmware-qemu): New package. - rules: Add grub-firmware-qemu targets. - debian/grub-firmware-qemu.dirs - debian/grub-firmware-qemu.install * patches/906_revert_to_linux16.diff: Remove, now that gfxpayload is supported. * New SVN snapshot. * Append .diff to patches/01_uuids_and_lvm_dont_play_along_nicely so it gets really applied. * Drop completely the build dependency on gcc-multilib. * Instead of arborting in the preinst if /etc/kernel-img.conf still contains /sbin/update-grub, change the file with sed. Policy allows thisi, because it's not a conffile, according to Colin Watson. * Change /etc/default/grub to an ucf managed file instead of dpkg conffile. * New SVN snapshot. - Fix variable parsing inside strings. (Closes: #486180) - Add `true' command. (Closes: #530736) [ Robert Millan ] * Split grub-efi in grub-efi-ia32 and grub-efi-amd64, both available on i386 and amd64. (Closes: #524756) * Add kopensolaris-i386 to arch list. [ Felix Zielcke ] * Add a NEWS entry about the grub-efi split. * Drop the build dependency on gcc-multilib for all *i386. * Change upgrade-from-grub-legacy to use `dpkg-reconfigure grub-pc' to install grub2 into MBR. [ New translations ] * Catalan (ca.po) by Jordi Mallach. [ Updated translations ] * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #532407) * New SVN snapshot. * Abort the install of grub-pc if /etc/kernel-img.conf still contains /sbin/update-grub (Closes: #500631). * New SVN snapshot. [ Felix Zielcke ] * Skip floopies in the grub-install debconf prompt in grub-pc postinst. Patch by Fabian Greffrath. (Closes: #530848) [ Robert Millan ] * Change Vcs-Browser field to viewsvn. [ Felix Zielcke ] * Change Vcs-Svn field to point to the trunk. (Closes: #531391) * patches/01_uuids_and_lvm_dont_play_along_nicely: New patch. On Debian root=UUID= with lvm still doestn't work so disable it. (Closes: #530357) * Remove Otavio Salvador from Uploaders with his permission. * add grub-pc.preinst * New SVN snapshot. - Add drivemap command, similar to grub-legacy's map command. (Closes: 503630) - Export GRUB_TERMINAL_INPUT in grub-mkconfig. (Closes: #526741) [ Robert Millan ] * rules: Set GRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 in CFLAGS. * patches/905_setup_force.diff: Relax blocklist warnings. * patches/906_revert_to_linux16.diff: Keep using linux16 for now. [ Felix Zielcke ] * patches/07_core_in_fs.diff: Updated. * Remove /etc/grub.d/10_hurd on non-Hurd systems in the grub-common preinst. Likewise for 10_freebsd for non kFreebsd and 10_linux on kFreebsd and Hurd. (Closes: #523777) * New SVN snapshot. - Add support for parttool command, which can be used to hide partitions. (Closes: #505905) - Fix a segfault with LVM on RAID. (Closes: #520637) - Add support for char devices on (k)FreeBSD. (Closes: #521292) - patches/08_powerpc-ieee1275_build_fix.patch: Remove (merged). [ Updated translations ] * Basque (eu.po) by Piarres Beobide. (Closes: #522457) * German (de.po) by Helge Kreutzmann. (Closes: #522815) [ Robert Millan ] * Update my email address. * Remove 04_uuids_and_abstraction_dont_play_along_nicely.diff now that bugs #435983 and #455746 in mdadm and dmsetup have been fixed. [ Felix Zielcke ] * Place new grub-dumpbios in grub-common. * Add lpia to the archictectures to reduce the ubuntu delta. * Add a manpage for the update-grub and update-grub2 stubs, written by me. (Closes: #523876) * Suggest genisoimage on grub-pc and grub-ieee1275, because grub-mkrescue needs it to create a cd image. (Closes: #525845) * Add a dependency on $(AUTOGEN_FILES) for the configure/grub-common target, this is needed now that upstream removed the autogenerated files from SVN. * Add `--enable-efiemu to' `./configure' flags. * Add a build dependency on gcc-multilib for i386. * Drop alternate build dependency on gcc-4.1 (<< 4.1.2). * New SVN snapshot. - Fix regression in disk/raid.c. (Closes: #521897, #514338) - Fix handling of filename string lengths in HFS. (Really closes: #516458). * Add myself to Uploaders. * Add patch 08_powerpc-ieee1275_build_fix.patch to fix powerpc-ieee1275 builds which were lacking header files for kernel_elf_HEADERS. Thanks Vladimir Serbinenko. [ Felix Zielcke ] * New SVN snapshot. - Pass grub's gfxterm mode to Linux kernel. (Closes: #519506) - Fix ext4 extents on powerpc. (Closes: #520286) [ Robert Millan ] * Remove grub-of transitional package (Lenny had grub-ieee1275 already). * Fix kopt parsing in grub-pc.config. Thanks Marcus Obst. (Closes: #514837) * Add debconf template to automatically run grub-install during upgrades (prior user confirmation). (Closes: #514705) * New SVN snapshot. - Fix loading of files with underscore in HFS. (Closes: #516458) * Update Standards version to 3.8.1. No changes needed. [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #519417) * New SVN snapshot. * New SVN snapshot. - Add support for /dev/md/dNNpNN mdraid devices. (Closes: #509960) - Add new PF2 fontengine. (Closes: #510344) - Avoid mounting ext2 partitions with backward-incompatible features. (Closes: #502333) - Try to avoid false positives with FAT. (Closes: #514263) [ Felix Zielcke ] * Remove build-dependency on unifont package and add one for bf-utf-source package and libfreetype6-dev * grub-pc.postinst: Copy new ascii.pf2 instead of old ascii.pff to /boot/grub. * Add `--enable-grub-mkfont' to configure flags. * Put new grub-mkfont in grub-common package. * Add a dependency for ${misc:Depends} to all packages to make lintian a bit more happy. * Detect when grub-setup leaves core.img in filesystem, and include that info in bug report templates. - debian/patches/07_core_in_fs.diff - debian/script * Add myself to Uploads and add `DM-Upload-Allowed: yes' tag. [ Updated translations ] * Asturian (ast.po) by Marcos Alvarez Costales. (Closes: #511144) * Traditional Chinese (zh_TW.po) by Tetralet. (Closes: #513918) * Belarusian (be.po) by Pavel Piatruk. (Closes: #516243) * New SVN snapshot. * New SVN snapshot. * Update to new debian theme. - grub-pc.postinst: Switch to moreblue-orbit-grub.png. - grub.d/05_debian_theme: Likewise. * grub.d/05_debian_theme: - Update to use new grub-mkconfig_lib instead of the deprecated update-grub_lib. - Update to check if `GRUB_TERMINAL_OUTPUT' is `gfxterm' instead of `GRUB_TERMINAL'. [ Updated translations ] * Romanien (ro.po) by Eddy Petrior. (Closes: #506039) * New SVN snapshot. - Add support for /dev/md/N style mdraid devices. (Closes: #475585) - Handle LVM dash escaping. (Closes: #464215) - Use case insensitive match in NTFS. (Closes: #497889) - Use hd%d drive names in grub-mkdevicemap for all architectures. (Closes: #465365) - Handle LVM circular metadata. (Closes: #462835, #502953) - Fix NULL dereference and failure paths in LVM. Thanks Guillem Jover. (Closes: #500482) - Provides GRUB header files (only in grub-common). [ Updated translations ] * Dutch (nl.po) by Paul Gevers. (Closes: #500514) * French (fr.po) by Christian Perrier. (Closes: #503708) * Georgian (ka.po) by Aiet Kolkhi. (Closes: #503715) * Czech (cs.po) by Miroslav Kure. (Closes: #503809) * German (de.po) by Helge Kreutzmann. (Closes: #503841) * Japanese (ja.po) by Hideki Yamane. (Closes: #503869) * Italian (it.po) by Luca Monducci. (Closes: #504076) * Swedish (sv.po) by Martin gren. (Closes: #504207) * Arabic (ar.po) by Ossama Khayat. (Closes: #504254) * Portuguese (pt.po) by Miguel Figueiredo. (Closes: #504280) * Russian (ru.po) by Yuri Kozlov. (Closes: #504324) * Finnish (fi.po) by Esko Arajrvi. (Closes: #504310) * Basque (eu.po) by Piarres Beobide. (Closes: #504466) * Dutch (nl.po) by Paul Gevers. (Closes: #504683) [ Felix Zielcke ] * patches/01_grub_legacy_0_based_partitions.diff: Rename to * patches/903_grub_legacy_0_based_partitions.diff: this and adapt for s/biosdisk.c/hostdisk.c/ rename upstream. * patches/03_disable_floppies.diff patches/904_disable_floppies.diff: Likewise. * update-grub has been renamed to grub-mkconfig, so provide a stub for compatibility. * Make grub-pc/linux_cmdline debconf template translatable. (Closes: #503478) * Remove ro.po and ta.po. They don't contain a single translated message. [ Robert Millan ] * control: Make grub-common dependency = ${binary:Version}. * default/grub: Set GRUB_CMDLINE_LINUX=quiet to syncronize with default D-I settings. * New SVN snapshot. - patches/00_fix_double_prefix.diff: Remove (merged). (Closes: #487565) - patches/00_getline.diff: Remove (merged). (Closes: #493289) - Handle errors in RAID/LVM scan routine (rather than letting the upper layer cope with them). (Closes: #494501, #495049) - patches/901_linux_coreboot.diff: Remove (replaced). - Add support for GFXMODE variable (Closes: #493106) - Skips /dev/.* in grub-probe. (Closes: #486624) - RAID code has various fixes. (Closes: #496573) - Buffered file read is now used to read the background image faster. (Closes: #490584) * We are already using LZMA, because upstream includes it's own lzma encoder, so drop completely the liblzo handling in control and rules files. [ Felix Zielcke ] * Remove the 1.95 partition numbering transition debconf warning from grub2 package and removed it from all languages (*.po). (Closes: #493744) * Add a comment for the new GFXMODE in default/grub. * debian/rules: - Remove 2 ./configure options which it didn't understand. - New grub-mkelfimage belongs to grub-common. * debian/control: - Change debhelper compat level to 7 and build depend on it >= 7. - Remove ${misc:Depend} dependency on all packages except grub-pc which is the only one using debconf. - Replace deprecated ${Source-Version} with ${source:Version} for << dependency and with ${build:Version} for = ones. - Remove versioned dependency of Build-Depends patchutils and cdbs, because etch has newer versions then the one used. - Remove dpkg-dev completely from Build-Depends because it's build-essentail and a non versioned dependency results in a lintian error. - Remove Conflict/Replaces pupa, it has been removed from Debian 2004. - Change build-dependency of unifont-bin to unifont (>= 1:5.1.20080820), it's the new package containing unifont.hex and that version to avoid licensing problems (Closes: #496061) - Remove Jason Thomas from Uploaders with his permission. * Preserve arguments in update-grub2 stub. (Closes: #496610) [ Updated translations ] * Japanese (ja.po) by Hideki Yamane (Closes: #493347) [ Robert Millan ] * Move a few files to grub-common and remove them from the arch- specific packages. * patches/02_old_linux_version_comparison.diff: Replace with ... * patches/901_dpkg_version_comparison.diff: ... this. Use dpkg --compare-versions in update-grub. (Closes: #494158) * patches/03_disable_floppies.diff: Free .drive struct member when skipping floppy drives. (Closes: #496040) * patches/902_boot_blocklist_hack.diff: Support separate /boot when using blocklists. (Closes: #496820, #489287, #494589) * New SVN snapshot. - patches/00_fix_overflow.diff: Remove (merged). - patches/00_uuid_boot.diff: Remove (merged). - patches/00_raid_duped_disks.diff: Remove (merged). - patches/00_xfs.diff: Remove (merged). - patches/00_strengthen_apple_partmap_check.diff: Remove (merged). - patches/00_skip_dev_dm.diff: Remove (merged). * patches/901_linux_coreboot.diff: Implements Linux load on Coreboot (patch from Coresystems). * grub-linuxbios -> grub-coreboot rename again. * patches/00_fix_overflow.diff: fix overflow with a big grub.cfg. (Closes: #473543) [ Felix Zielcke ] * changed dependency for debconf to also support debconf-2.0. (Closes: #492543) * patches/00_xfs.diff: Fix "out of partition" error with XFS. (Closes: #436943) [ Robert Millan ] * patches/00_raid_duped_disks.diff: Do not abort when two RAID disks with the same number are found. (Closes: #492656) * patches/00_strengthen_apple_partmap_check.diff: Be more strict when probing for Apple partition maps (this prevents false positives on i386-pc installs). (Closes: #475718) [ Felix Zielcke ] * fixed lintian override for kernel.elf * debian/rules: changed cvs targets to use svn [ Robert Millan ] * patches/00_skip_dev_dm.diff: Skip /dev/dm-[0-9] devices also (implicitly) for RAID. (Closes: #491977) * patches/00_uuid_boot.diff: Fix cross-disk installs by using UUIDs. (Closes: #492204) * New SVN snapshot. - Support for ext4dev extents. - patches/00_speed_up_font_load.diff: Remove (merged). [ Felix Zielcke ] * upgrade-from-grub-legacy now calls update-grub if grub.cfg doestn't exist and prints a big warning if it failed. * Update Standards version to 3.8.0. No changes need. * Added Build-Dep for po-debconf and a lintian override, to make it happy. [ Updated translations ] * Swedish (sv.po) by Martin gren (Closes: #492056) [ Robert Millan ] * Revert r844. grub-coreboot is stuck on NEW, and it was too early for branching. * New SVN snapshot. - Provides LZMA support (not yet used in the package). - Fix grub-mkrescue manpage generation. (Closes: #489440) * Rename grub-linuxbios to grub-coreboot (and leave a dummy grub-linuxbios package to handle upgrades). [ Updated translations ] * Spanish (es.po) by Maria Germana Oliveira Blazetic (Closes: #489877) * Portuguese (pt.po) by Ricardo Silva (Closes: #489807) * patches/02_old_linux_version_comparison.diff: Set interpreter to /bin/bash. (Closes: #489426, #489446) * New SVN snapshot. * default/grub: Add commented example to disable graphical terminal. * Use substvars to support linking with liblzo1. * Bring 03_disable_floppies.diff to pre-r805 state. (Closes: #488375) * patches/02_old_linux_version_comparison.diff: New patch. Steal version comparison code from GRUB Legacy's update-grub. (Closes: #464086, #489133) * patches/00_speed_up_font_load.diff: New patch. Generate font files with only the needed characters. (Closes: #476479, #477083) * New CVS snapshot. - Avoids passing UUID to Linux when not using initrd. (Closes: #484228) - patches/04_uuids_and_abstraction_dont_play_along_nicely.diff: Resync. * Urgency set to "high" because of #482688. * New CVS snapshot. - Fix module load hook in prepare_grub_to_access_device(). (Closes: #486804) - Call prepare_grub_to_access_device() before accessing devices, never afterwards. (Closes: #487198) * grub.d/05_debian_theme: Prefer /boot/grub over /usr for image loading, since chances are it's less LVMed. * New CVS snapshot. - Supports IDA block devices. (Closes: #483858) - Fixes some problems in ext2/ext3. (Closes: #485068, #485065) - Uses EUID instead of UID in update-grub. (Closes: #486043, #486039, #486040, #486041). - Fixes incomplete I2O device support. Thanks Sven Mueller. (Closes: #486505) - Fixes recent regressions in fs/ext2.c. (Closes: #485279) - Only use UUIDs when requested device is not the same as the one providing /boot. (Closes: #486119) - patches/02_libgcc_powerpc_hack.diff: Remove. Probably not needed anymore. - patches/04_uuids_and_abstraction_dont_play_along_nicely.diff: Update. * patches/06_olpc_prefix_hack.diff: Hardcode prefix to (sd,1) on OLPC. * Refurbish 03_disable_floppy_support_in_util_biosdisk.diff into 03_disable_floppies.diff. * 04_run_grub_mkdevicemap_when_grub_probe_fails.diff: Remove. Argueably makes grub-probe unreliable and is quite annoying. * 04_uuids_and_abstraction_dont_play_along_nicely.diff: New patch. Disable UUID parameter to Linux when LVM or dmRAID is in use. (Closes: #484228) This is a workaround for bug #484297 in udev. * New CVS snapshot. - patches/06_backward_compat_in_uuid_support.diff: Merged. - Fixes NULL pointer dereference in biosdisk.c. (Closes: #483895, #483900) - Extends UUID support for XFS and ReiserFS. * New CVS snapshot. - Work around BIOS bug affecting keyboard on macbooks. (Closes: #482860) - Adjust grub.d/05_debian_theme to use the new UUID-compatible API. - default/grub: Add commented GRUB_DISABLE_LINUX_UUID variable. - patches/06_backward_compat_in_uuid_support.diff: New. Make update-grub generate code that is compatible with older GRUB installs. - util/biosdisk.c no longer complains about duplicated device.map entries. (Closes: #481236) [ Updated translations ] * Galician (gl.po) by Jacobo Tarrio (Closes: #480977) * New CVS snapshot. - Adds support for default-only Linux cmdline options. (Closes: #460843) - Supports Xen virtual block devices. (Closes: #456777) - Supports Virtio block devices. (Closes: #479056) - Supports CCISS block devices. (Closes: #479735) - Fixes handling of more LVM abnormal conditions. (Closes: #474343, #474931, #477175) * Switch to liblzo2 now that it's GPLv3-compatible. (Closes: #466375) * grub-pc.postinst: Escape \ and / in cmdline sed invokation. (Closes: #479279) [ Updated translations ] * Italian (it.po) by Luca Monducci (Closes: #480740) * New CVS snapshot. - Includes sample grub.cfg file; we use it for grub-rescue-pc. (Closes: #478324) * grub-common: Upgrade Replaces to << 1.96+20080426-3. (Closes: #478224, #478353, #478144) [ Updated translations ] * French (fr.po) by Christian Perrier (Closes: #471291) * New CVS snapshot. - Fixes syntax error when setting GRUB_PRELOAD_MODULES. (Closes: #476517) * Move os-prober to Suggests, to avoid trouble with #476184. (Closes: #476684) * patches/04_run_grub_mkdevicemap_when_grub_probe_fails.diff: New patch, does what its name says. (Closes: #467127) - Also move grub-mkdevicemap from grub-pc to grub-common, so that GRUB Legacy can use it. [ Updated translations ] * Basque (eu.po) by Piarres Beobide (Closes: #476708) * New CVS snapshot. - Provides 30_os-prober update-grub add-on. Thanks Fabian Greffrath. (Closes: #461442) - Improves robustness when handling LVM. (Closes: #474931, #474343) * patches/03_disable_floppy_support_in_util_biosdisk.diff: New. Does what its name says. (Closes: #475177) * New CVS snapshot. - grub-probe skips non-existant devices when processing device.map. (Closes: #473209) * control: Fix syntax error. [ Updated translations ] * Finnish (fi.po) by Esko Arajrvi (Closes: #468641) * New CVS snapshot. * Split grub-probe into grub-common package. Make all flavours depend on it. (Closes: #241972) * Suggest multiboot-doc. * patches/01_grub_legacy_0_based_partitions.diff: New patch. Add a hack that tells grub-probe you want 0-based partition count (GRUB_LEGACY_0_BASED_PARTITIONS variable) * Stop depending on lsb-release (too heavy! we don't need python in base). Instead of assuming it's there, try calling it and otherwise just echo Debian. * default/grub: Use lsb_release to support Debian derivatives. (Closes: #466561) * grub.d/05_debian_theme: Only setup background image when a reader for it is present in /boot/grub. (Closes: #467111) [ Updated translations ] * Russian (ru.po) by Yuri Kozlov (Closes: #467181) * grub-pc.postinst: Create /boot/grub if it doesn't exist. * New CVS snapshot. - Improves GPT support, allowing it to work without blocklists. * New CVS snapshot. - Fixes offset calculation issue when installing on GPT (urgency set to high because of this). * Fix Vcs-Browser tag. Thanks James. (Closes: #465697) * Only process grub-pc/linux_cmdline if /boot/grub/menu.lst exists. (Closes: #465708) [ Updated translations ] * French (fr.po) by Christian Perrier (Closes: #465706) * New CVS snapshot. - Failure to read one device in a RAID-1 array no longer causes boot to fail (so long as there's a member that works). (Closes: #426341) * script: For /proc/mounts, only report lines that start with /dev/. * Add new upgrade-from-grub-legacy script for the user to complete the upgrade process from GRUB Legacy, and advertise it prominently in menu.lst. (Closes: #464912) * Add a hack to support gfxterm / background_image on systems where /usr isn't accessible. (Closes: #464911, #463144) - grub-pc.postinst - grub.d/05_debian_theme * Fix a pair of spelling mistakes in debconf. (Closes: #465296) * Migrate kopt from menu.lst. (Closes: #461164, #464918) [ Updated translations ] * Portuguese (pt.po) by Ricardo Silva (Closes: #465137) * German (de.po) by Helge Kreutzmann (Closes: #465295) * New CVS snapshot. - Errors that cause GRUB to enter rescue mode are displayed now. (Closes: #425149) - Build LVM/RAID modules into a few commands that were missing them (notably, grub-setup). (Closes: #465033) * Fix license violation (incompatibility between GRUB and LZO2). (Closes: #465056) - Urgency set to high. - control: Move liblzo2-dev from Build-Depends to Build-Conflicts (leaving liblzo-dev as the only option). * New CVS snapshot. - Fix a root device setting issue in grub-setup. (Closes: #463391) - Fix partmap detection under LVM/RAID. - Add scripting commands that would allow user to implement hiddenmenu-like functionality (http://grub.enbug.org/Hiddenmenu). - Provide manpages for grub-setup, grub-emu, grub-mkimage and others. (Closes: #333516, #372890) * Fix a pair of spelling errors in debconf templates. Thanks Christian Perrier. (Closes: #464133) * Run debconf-updatepo. (Closes: #463918) * Lower base-files versioned dependency to >= 4.0.1~bpo40+1. * New CVS snapshot (and release, but we skipped that ;-)) - patches/01_regparm.diff: Delete. - Improved XFS support. - util/grub.d/00_header.in: Add runtime error detection (for gfxterm). - Fixes problem when chainloading to Vista. * Fix po-debconf errors. Thanks Thomas Huriaux. (Closes: #402972) * grub.d/05_debian_theme: - Add runtime error detection. - Detect/Enable PNG background when it is present. * control (grub-ieee1275): Remove versioned dependency on powerpc-ibm-utils. * New CVS snapshot. * presubj: Improve notice. * patches/01_regparm.diff: Fix CPU context corruption affecting fs/xfs.c. (Closes: #463081, #419766, #462159) * patches/02_libgcc_powerpc_hack.diff: Fix FTBFS on powerpc. (Closes: #457491) * patches/disable_xfs.diff: Actually remove this time... * New CVS snapshot. - Fixes bogus CLAIM problems on Apple firmware. (Closes: #449135, #422729) - grub-probe performs sanity checks to make sure our filesystem drivers are usable. (Closes: #462449) - patches/disable_ata.diff: Remove. ATA module isn't auto-loaded in rescue floppies now. - patches/disable_xfs.diff: Remove. See above (about grub-probe). * Bring back grub-emu; it can help a lot with debugging feedback. - control - rules * grub.d/05_debian_theme: Enable swirlish beauty. * rules: Obtain debian/legacy/update-grub dynamicaly from GRUB Legacy svn. * New CVS snapshot. - update-grub ignores stale *.dpkg-* files. (Closes: #422708, #424223) - LVM/RAID now working properly (except when it affects /boot). (Closes: #425666) - Fixes flickery in timeout message. (Closes: #437275) * grub-pc.postinst: Use `--no-floppy' whenever possible. Die, floppies, die! * Resync with latest version of GRUB Legacy's update-grub. This time, using the $LET_US_TRY_GRUB_2 hack to reuse the same script both for addition of core.img and its removal. * grub-*.install: Add update-grub2 stub. Packages providing /etc/grub.d/ scripts should invoke update-grub2 in both postinst and postrm (whenever it is found, of course). * control: Reorganize a bit, including a complete rewrite of the package descriptions. * control (grub-ieee1275): Enable for i386/amd64. * New CVS snapshot. - Supports ReiserFS. (Closes: #430742) - patches/disable_ata.diff: Resync. * grub-pc.postinst: Fix covered assumption that menu.lst exists. (Closes: #459247) * copyright: Fix copyright/license reference. * New CVS snapshot. - Fixes install on non-devfs systems with devfs-style paths (ouch). (Closes: #450709). - Fixes boot of "Linux" zImages (including memtest86+). (Closes: #436113). - Corrects usage message in grub-setup. (Closes: #458600). - patches/menu_color.diff: Remove. Made obsolete by `menu_color_normal' and `menu_color_highlight' variables. Add/install grub.d/05_debian_theme to make use of them. * Reestructure grub-pc.postinst. Notably: - Do not touch menu.lst unless user has confirmed it (via debconf). (Closes: #459247) - When we do, keep a backup in /boot/grub/menu.lst_backup_by_grub2_postinst. * New CVS snapshot. - patches/disable_xfs.diff: Rewrite in a way that won't collide with upstream changes so often. - unifont.hex now processed by upstream. - rules: Disable build of unifont.pff. - *.install: Remove build/unifont.pff line. - patches/menu_color.diff: Change menu color to our traditional blue theme. * Support new dpkg fields (Homepage, Vcs-Svn, Vcs-Browser). * patches/disable_ata.diff: Prevent ATA module from being built on i386-pc. * New CVS snapshot. - patches/linuxbios.diff: Remove (supported in upstream now). * Rename debian/grub-of.* to debian/grub-ieee1275.*. * Add debian/grub-linuxbios.{postinst,dirs,install}. * rules: Fix/Overrride lintian warnings (unstripped-binary-or-object). * Remove grub-linuxbios.postinst. * New CVS snapshot. * Add grub-linuxbios package. - patches/linuxbios.diff - control - rules * Rename grub-of to grub-ieee1275 to match with upstream conventions. - control - rules * New CVS snapshot. - Includes fix for parallel builds. * rules: Append -j flag to $(MAKE) to take advantage of >1 processors. * Add reference to /usr/share/common-licenses. - debian/copyright - debian/control (all packages): Add base-files (>= 4.0.1) dependency. * control (grub-of): Make depends on powerpc-ibm-utils versioned as >= 1.0.6 (older versions don't have -a flag). * New CVS snapshot. - Adds ntfs support. - Fixes a pair of issues indirectly breaking grub-probe on powerpc. (Closes: #431488) - patches/disable_xfs.diff: Resync. - copyright: License upgraded to GPLv3. * control (grub-of Depends): Add powerpc-utils (for nvsetenv) and bc. * New CVS snapshot. - More fixes to cope with unreadable /. (Closes: #427289) - update-grub supports multiple terminals. * control (Build-Depends): Add genisoimage. * patches/partmap_fallback.diff: Remove. It didn't archieve anything as it also needs support for proper identification of raid / lvm (this is being worked on). * patches/disable_xfs.diff: Disable xfs in grub-probe. * grub-rescue-pc.README.Debian: New. Explain how to use the rescue images. * New CVS snapshot. - update-grub is tollerant to unreadable / (as long as /boot is accessible). (Closes: #427289) * grub-pc.postinst: Generate new grub.cfg when menu.lst exists. * New package grub-rescue-pc. - control: Add it. - README.Debian.in: Remove obsolete documentation. - rules: Build rescue images using grub-mkrescue. - grub-rescue-pc.dirs: Prepare their directory. - grub-rescue-pc.install: Install them. * legacy/update-grub: Fix core.img detection on separate /boot. * New CVS snapshot. - patches/grub_probe_for_everyone.diff: Remove (merged). - update-grub exports user-defined GRUB_CMDLINE_LINUX. (Closes: #425453) - Fix those nasty powerpc bugs. (Closes: #422729) * New CVS snapshot. - LVM / RAID fixes. (Closes: #423648, #381150) - Fix memory management bug. (Closes: #423409) - patches/efi.diff: Remove (merged). - patches/grub_probe_for_everyone.diff: Use the new paths for util/grub-probe.c, util/biosdisk.c, util/getroot.c. Enable grub-mkdevicemap. (Closes: #424985) * legacy/update-grub: Get rid of all grub-set-default calls. (Closes: #425054) * grub-{pc,efi,of}.postinst: Only run update-grub if grub.cfg already exists. * grub-pc.postinst: Only run GRUB Legacy compat stuff if menu.lst is found. * patches/partmap_fallback.diff: New. Implement fallback "pc gpt" for partmap detection failures. (Closes: #423022) * control: Update XS-Vcs-* fields. Thanks Sam Morris . (Closes: #425146) * grub-{pc,efi,of}.{dirs,postinst}: Move unifont.pff to /usr/share/grub. * New CVS snapshot. - Fix assumptions about /, /boot and /boot/grub being the same device. (Closes: #423268, #422459) - Proper sorting of Linux images. (Closes: #422580) - update-grub lets /etc/default/grub override its variables now. (Closes: #423649) - update-grub mentions /etc/default/grub in the grub.cfg header. (Closes: #423651) - update-grub sets 800x600x16 as the default gfxmode. (Closes: #422794) - update-grub runs grub-mkdevicemap before attempting to use grub-probe (part of #423217) [ Otavio Salvador ] * Add support to DEB_BUILD_OPTIONS=noopt. Thanks to Sam Morris for the patch. (Closes: #423005) * Add Robert Millan as uploader. * Change build-dependency from liblzo-dev to liblzo2-dev. (Closes: #423358) [ Robert Millan ] * grub-pc.postinst: - Remove /boot/grub/device.map before running grub-install. (Closes: #422851) - Always run update-grub after grub-install. (part of #423217) - Use grub-mkdevicemap instead of removing device.map, since update-grub needs it but grub-install is not run unconditionaly. - Redirect grub-install invocation to /dev/null, since it can mislead users into thinking that MBR was overwritten. (part of #423217) * default/grub: Stop exporting the variables (update-grub does that now). * Misc EFI fixes, including new grub-install. - patches/efi.diff: New. - patches/grub_probe_for_everyone.diff: Move some bits to efi.diff. - grub-efi.install: Stop installing dummy grub-install. - grub-install: Remove. * grub-pc.postinst: Avoid generating core.img when menu.lst is not present, to avoid duplicated work (this is specialy important for d-i). (part of #423217). * See multiple references above. (Closes: #423217) * grub-{pc,efi,of}.{dirs,install}: Install presubj in the right directory to make it work again (oops). * Add reportbug script to gather debugging information. (Closes: #423218) - script: New. - grub-{pc,efi,of}.install: Install it. * Install the reportbug scripts for grub2 too, since users might still use it for bugfiling. - grub2.dirs - grub2.install * Fix some lintian warnings. - control (grub2): Depend on debconf. - README.Debian.in: Fix mispell. - grub2.templates: Remove extra dot. [ Robert Millan ] * New CVS snapshot. - patches/build_neq_src.diff: Remove (merged). * Fix debhelper files to ensure each package gets the right thing. * Enable gfxterm/unifont support. * On grub-pc, if there's no core.img setup, create one (but do not risk writing to MBR). * On grub-pc, if menu.lst is found, regenerate it to include our core.img. [ Otavio Salvador ] * Move debian/update-grub to debian/legacy/update-grub otherwise the source gets messy. * Split postinst into grub2.postinst (with the transition warning) and postinst.in, with update-grub invocation for grub-{pc,efi,of}. - postinst.in - grub2.postinst - rules * Add EFI build of GRUB. - control: Restructure to provide 3 packages: grub-pc (x86), grub-efi (x86) and grub-of (powerpc). - rules: Handle a separate build for each package. - patches/build_neq_src.diff: Fix builddir == srcdir assumptions. - patches/grub_probe_for_everyone.diff: New (superceds powerpc_probe.diff). Enable grub-probe on powerpc and i386-efi. - grub-install: Dummy informational grub-install for EFI. - grub-efi.install: Installs it. * New CVS snapshot. * patches/powerpc_probe.diff: Add partmap/gpt.c to grub-probe. * control (Architecture): Temporarily disable powerpc. Sorry, but runtime is currently broken and we don't have the hardware to debug it. Will be re-enabled in next upload. * New CVS snapshot. - Improved grub.cfg parser. (Closes: #381215) - patches/fix-grub-install.diff: Remove (merged). - control (Build-Depends): Remove libncurses5-dev (no longer needed). - provides update-grub2. (Closes: #419151) - Supports GPT in PC/BIOS systems. (Closes: #409073) * control (Build-Depends): Add gcc-multilib to fix FTBFS. * control (Description): Make it less scary, and more informative. * postinst: Run update-grub to ensure the latest improvements always are applied. * patches/powerpc_probe.diff: Attempt at making grub-probe build/install on powerpc (and hopefuly update-grub). * Fix FTBFS on kFreeBSD. Thanks to Aurelien Jarno by providing the patch. Closes: #416408 * Fix powerpc grub-install binary path. Closes: #402838 [ Christian Perrier ] * Switch to po-debconf for debconf templates. Closes: #402972 * Depend on ${misc:Depends} and not "debconf" to allow cdebconf to be used * Debconf translations: - French - Czech. Closes: #413327 - Galician. Closes: #413323 - Swedish. Closes: #413325 - Portuguese. Closes: #413332 - German. Closes: #413365 - Tamil. Closes: #413478 - Russian. Closes: #413542 - Italian. Closes: #413904 - Romanian. Closes: #414443 [ Robert Millan ] * update-grub: Fix for Xen hypervisor entries, thanks Aaron Schrab. (Closes: #394706) * Transition to new numbering scheme for partitions. (Closes: #395019) - update-grub: Don't substract 1 when converting partition device names to grub drives. - Add debconf warning explaining the situation. * Rewrite Architecture line back to hardcoded list :(. (Closes: #398060) * New upstream release. - patches/03_revert_partition_numbering.diff: Delete (obsoleted). * New CVS snapshot. [ Otavio Salvador ] * Change debhelper compatibility mode to 5: - debian/compat: setted to 5; * control (Build-Depends): Add lib32ncurses5-dev for ppc64. Closes: #389873 * Set urgency=high since it's experimental stuff and tagged likewise. It also solved a serious bug on PowerPC that leave users with a black screen. [ Robert Millan ] * control (Depends): Add powerpc-ibm-utils for powerpc/ppc64. (Closes: #372186) * New CVS snapshot. - Command-line editting fix (Closes: #381214). - Fixes runtime breakage on amd64 (not in BTS). - Delete a few patches (merged). [ Robert Millan ] * Set urgency=high. Might seem like a rush, but it can't possibly be worse than 1.94-5 (broken on systems that use udev, broken on amd64...). * Pure ppc64 support. - control (Architecture): Add any-ppc64. - control (Build-Depends): Add libc6-dev-powerpc [ppc64]. * rules: Remove moddep.lst install command (no longer needed). * patches/03_revert_partition_numbering.diff: New. Revert a commit that broke grub-probefs. * Add bug template to encourage sending upstream stuff directly to upstream. - presubj: New. [ Otavio Salvador ] * Add XS-X-Vcs-Svn on control file and point it to our current svn repository. * Add cvs-snapshot to rules. [ Robert Millan ] * update-grub: Set interpreter to /bin/bash to cope with non-POSIX extensions. (mentioned in #361929) * patches/03_avoid_recursing_into_dot_static.diff: New. Avoid recursing into dotdirs (e.g. ".static"). * patches/04_mkdevicemap_dont_assume_floppies.diff: New. Don't assume /dev/fd0 exists when generating device.map. [ Robert Millan ] * control (Build-Depends): s/any-amd64/amd64 kfreebsd-amd64/g (this seems to confuse buildds). * 02_not_remove_menu_lst.patch: New patch. Skip menu.lst removal in grub-install. (Closes: #372934) [ Otavio Salvador ] * 01_fix_amd64_building.patch: dropped since it now supports amd64 native building. * Remove convert_kernel26 usage since it's not necessary anymore and due initramfs-tools changes it's bug too. [ Robert Millan ] * Fork update-grub from grub legacy, and tweak a few commands in output to make it work for grub2. * Update README.Debian.in with more recent (and easier) install instructions. * Add grub to Conflicts/Replaces. Too many commands with the same name, even if they don't use the same path yet (but will likely do in the future, see #361929). * Get rid of control.in, which I introduced in 0.6+20040805-1 and turned out to be an endless source of problems (and forbidden by policy as well). * Fix FTBFS on amd64. Really closes: #372548. * Fix FTBFS in amd64. Closes: 372548 * Update grub images paths in README.Debian * 01_fix_grub-install.patch: add to fix a problem with PowerPC installation. Refs: #371069 * Fix FTBFS in amd64. Closes: #370803 * New upstream release. - Fix powerpc building. Closes: #370259 - 01_fix_grub-install.patch: merged upstream. - Moved modules to /usr/lib/grub since they are architecture dependent. * Leave CDBS set debhelper compatibility level. * Allow amd64 build to happen. Closes: #364956 * Enforce building in 32bits while running in x86_64 machines. * Update Standards version to 3.7.2. No changes need. * New upstream release. - Added support to PowerPC. Closes: #357853 - 01_fix_grub-install.patch: rediff. * Update Standards version to 3.6.2. No changes need. * Start to use new dpkg architecture definition. Closes: #360134 * Add bison on build-depends field. Closes: #346178 * Add more fixes in 01_fix_grub-install.patch. Closes: #346177 * New upstream release. - Add support for GPT partition table format. - Add a new command "play" to play an audio file on PC. - Add support for Linux/ADFS partition table format. - Add support for BASH-like scripting. - Add support for Apple HFS+ filesystems. * 01_fix_grub-install.patch: Added. Fix grub-install to use /bin/grub-mkimage instead of /sbin/grub-mkimage. Closes: #338824 * Do not use CDBS tarball mode anymore. Closes: #344272 * New upstream release. Closes: #331211 * debian/watch: added. * debian/control.in, debian/control: Add libncurses5-dev in Build-Depends. Closes: #304638 * Remove Robert Millan as uploader; * Add myself as uploader; * Disable for powerpc. Reportedly it fails to boot. * New upstream snapshot. * Install moddep.lst properly in a cpu-independant way. (Closes: #264115) * Use cdbs debian/control autogeneration. - Set DEB_AUTO_UPDATE_DEBIAN_CONTROL = yes. - Move control to control.in. - Add a @cdbs@ tag and replace Architecture with Cpu/System. * control.in (Build-Depends): Add ruby. * New upstream snapshot. * Uploading to unstable so that powerpc users can be blessed by GRUB too. * Use type-handling to generate dpkg arch list. - control.in - rules * New upstream snapshot. - Fix FTBFS on powerpc. * New upstream snapshot. - control (Architecture): Add powerpc. * New upstream snapshot. - patches/multiboot.diff: Nuked. - install,docs: Update directory name. * control (Maintainer): Set to pkg-grub-devel mailing list. * control (Uploaders): Add myself. * control (Architecture): Add freebsd-i386 and netbsd-i386. * New upstream snapshot. - README.Debian: s/fat/ext2/g (We now have ext2fs support). * Add multiboot support, thanks to Jeroen Dekkers for his patch. - patches/multiboot.diff: New. - control (Architecture): Add hurd-i386 (which needed multiboot). * Rename package to grub2 (to follow upstream tendency). - control: Ditto. - README.Debian: Likewise. * Switch to tarball mode. - rules: Ditto. - docs: Prefix paths in order to workaround dh_installdocs bug. - install: Likewise, but not because of bug (should be in rules, actualy). * Fix FTBFS. (Closes: #213868) - control (Build-Depends): Add autoconf. - control (Build-Conflicts): Add autoconf2.13. * New upstream snapshot. * Uploading to experimental. * debian/control: Add Jason Thomas to Uploaders. * Initial Release. (Closes: #211030) ==== heimdal: 7.5.0+dfsg-1ubuntu0.2 => 7.5.0+dfsg-1ubuntu0.4 ==== ==== libasn1-8-heimdal:amd64 libgssapi3-heimdal:amd64 libhcrypto4-heimdal:amd64 libheimbase1-heimdal:amd64 libheimntlm0-heimdal:amd64 libhx509-5-heimdal:amd64 libkrb5-26-heimdal:amd64 libroken18-heimdal:amd64 libwind0-heimdal:amd64 * SECURITY UPDATE: signature validation failure - debian/patches/CVE-2022-45142.patch: fix logic inversion issue caused by the fix for CVE-2022-3437 when using memcmp in _gssapi_verify_mic_arcfour() and _gssapi_unwrap_arcfour() in lib/gssapi/krb5/arcfour.c. - CVE-2022-45142 * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2021-44758.patch: add a call to send_reject() when preferred_mech_type is GSS_C_NO_OID in lib/gssapi/spnego/accept_sec_context.c. - debian/patches/CVE-2021-44758-post.patch: remove grep command in test file tests/gss/check-context.in to prevent FTBFS. - CVE-2021-44758 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2022-3437-1.patch: change calls to memcmp with ct_memcmp in lib/gssapi/krb5/arcfour.c. - debian/patches/CVE-2022-3437-2.patch: change calls to memcmp with ct_memcmp in lib/gssapi/krb5/unwrap.c - debian/patches/CVE-2022-3437-3.patch: add NULL pointer checks before memcpy in lib/gssapi/krb5/unwrap.c. - debian/patches/CVE-2022-3437-4.patch: change logic on pad buffer hanlding in _gssapi_verify_pad() in lib/gssapi/krb5/decapsulate.c. - debian/patches/CVE-2022-3437-5.patch: add buffer boundary checks in _gssapi_verify_mech_header() in lib/gssapi/krb5/decapsulate.c - debian/patches/CVE-2022-3437-6.patch: add buffer length checks in lib/gssapi/krb5/unwrap.c. - debian/patches/CVE-2022-3437-7.patch: add buffer length checks in _gsskrb5_get_mech() in lib/gssapi/krb5/decapsulate.c. - debian/patches/CVE-2022-3437-8.patch: change buffer length parameter when calling _gssapi_verify_pad() in lib/gssapi/krb5/unwrap.c. - CVE-2022-3437 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2022-42898-1.patch: change logic on PAC buffer parsing in lib/krb5/pac.c. - debian/patches/CVE-2022-42898-2.patch: change variable type from unsigned long to uint64_t in lib/krb5/store-int.c. - CVE-2022-42898 * SECURITY UPDATE: invalid free - debian/patches/CVE-2022-44640.patch: relocates a call to fprintf and parameters when calling it in decode_type() in lib/asn1/gen_decode.c and add a call to fprintf in free_type() in lib/asn1/gen_free.c. - CVE-2022-44640 ==== krb5: 1.16-2ubuntu0.2 => 1.16-2ubuntu0.3 ==== ==== krb5-locales libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 * SECURITY UPDATE: DoS (crash) the KDC by making an S4U2Self request - debian/patches/CVE-2018-20217-1.patch: Ignore password attributes for S4U2Self requests. - debian/patches/CVE-2018-20217-2.patch: remove incorrect KDC assertion. - CVE-2018-20217 ==== linux-meta: 4.15.0.202.185 => 4.15.0.204.187 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-204 * Bump ABI 4.15.0-203 ==== linux-signed: 4.15.0-202.213 => 4.15.0-204.215 ==== ==== linux-image-4.15.0-204-generic * Master version: 4.15.0-204.215 * SIGNEDv3: add a linux-generate ancillary package (LP: #1989705) - [Packaging] add linux-generate* direct ancillary * Miscellaneous Ubuntu changes - debian/tracking-bug -- update from master * Master version: 4.15.0-203.214 ==== openssl: 1.1.1-1ubuntu2.1~18.04.20 => 1.1.1-1ubuntu2.1~18.04.21 ==== ==== libssl1.1:amd64 openssl * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_lcl.h, crypto/bn/rsa_sup_mul.c, crypto/err/openssl.txt, crypto/rsa/rsa_ossl.c, include/openssl/bnerr.h, crypto/include/internal/bn_int.h, crypto/bn/build.info. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h, test/v3nametest.c. - CVE-2023-0286 ==== openssl1.0: 1.0.2n-1ubuntu5.10 => 1.0.2n-1ubuntu5.11 ==== ==== libssl1.0.0:amd64 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - CVE-2023-0215 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, crypto/x509v3/x509v3.h. - CVE-2023-0286 ==== pam: 1.1.8-3.6ubuntu2.18.04.3 => 1.1.8-3.6ubuntu2.18.04.6 ==== ==== libpam-modules-bin libpam-modules:amd64 libpam-runtime libpam0g:amd64 * SECURITY REGRESSION: fix CVE-2022-28321 patch location - debian/patches-applied/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 * SECURITY UPDATE: authentication bypass vulnerability - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 ==== python-setuptools: 39.0.1-2 => 39.0.1-2ubuntu0.1 ==== ==== python3-pkg-resources * SECURITY UPDATE: ReDOS in package_index.py - debian/patches/CVE-2022-40897.patch: Limit the amount of whitespace to search/backtrack in setuptools/package_index.py. - CVE-2022-40897 ==== snapd: 2.57.5+18.04ubuntu0.1 => 2.58+18.04 ==== ==== snapd * New upstream release, LP: #1998462 - many: Use /tmp/snap-private-tmp for per-snap private tmps - data: Add systemd-tmpfiles configuration to create private tmp dir - cmd/snap: test allowed and forbidden refresh hold values - cmd/snap: be more consistent in --hold help and err messages - cmd/snap: error on refresh holds that are negative or too short - o/homedirs: make sure we do not write to /var on build time - image: make sure file customizations happen also when we have defaultscause - tests/fde-on-classic: set ubuntu-seed label in seed partitions - gadget: system-seed-null should also have fs label ubuntu-seed - many: gadget.HasRole, ubuntu-seed can come also from system-seed- null - o/devicestate: fix paths for retrieving recovery key on classic - cmd/snap-confine: do not discard const qualifier - interfaces: allow python3.10+ in the default template - o/restart: fix PendingForSystemRestart - interfaces: allow wayland slot snaps to access shm files created by Firefox - o/assertstate: add Sequence() to val set tracking - o/assertstate: set val set 'Current' to pinned sequence - tests: tweak the libvirt interface test to work on 22.10 - tests: use system-seed-null role on classic with modes tests - boot: add directory for data on install - o/devicestate: change some names from esp to seed/seed-null - gadget: add system-seed-null role - o/devicestate: really add error to new error message - restart,snapstate: implement reboot-required notifications on classic - many: avoid automatic system restarts on classic through new overlord/restart logic - release: Fix WSL detection in LXD - o/state: introduce WaitStatus - interfaces: Fix desktop interface rules for document portal - client: remove classic check for `snap recovery --show- keys` - many: create snapd.mounts targets to schedule mount units - image: enable sysfs overlay for UC preseeding - i/b/network-control: add permissions for using AF_XDP - i/apparmor: move mocking of home and overlay conditions to osutil - tests/main/degraded: ignore man-db update failures in CentOS - cmd/snap: fix panic when running snap w/ flag but w/o subcommand - tests: save snaps generated during image preaparation - tests: skip building snapd based on new env var - client: remove misleading comments in ValidateApplyOptions - boot/seal: add debug traces for bootchains - bootloader/assets: fix grub.cfg when there are no labels - cmd/snap: improve refresh hold's output - packaging: enable BPF in RHEL9 - packaging: do not traverse filesystems in postrm script - tests: get microk8s from another branch - bootloader: do not specify Core version in grub entry - many: refresh --hold follow-up - many: support refresh hold/unhold to API and CLI - many: expand fully handling links mapping in all components, in the API and in snap info - snap/system_usernames,tests: Azure IoT Edge system usernames - interface: Allow access to org.freedesktop.DBus.ListActivatableNames via system-observe interface - o/devicestate,daemon: use the expiration date from the assertion in user-state and REST api (user-removal 4/n) - gadget: add unit tests for new install functions for FDE on classic - cmd/snap-seccomp: fix typo in AF_XDP value - tests/connected-after-reboot-revert: run also on UC16 - kvm: allow read of AMD-SEV parameters - data: tweak apt integration config var - o/c/configcore: add faillock configuration - tests: use dbus-daemon instead of dbus-launch - packaging: remove unclean debian-sid patch - asserts: add keyword 'user-presence' keyword in system-user assertion (auto-removal 3/n) - interfaces: steam-support allow pivot /run/media and /etc/nvidia mount - aspects: initial code - overlord: process auto-import assertion at first boot - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 - tests: fix lxd-mount-units in ubuntu kinetic - tests: new variable used to configure the kernel command line in nested tests - go.mod: update to newer secboot/uc22 branch - autopkgtests: fix running autopkgtest on kinetic - tests: remove squashfs leftovers in fakeinstaller - tests: create partition table in fakeinstaller - o/ifacestate: introduce DebugAutoConnectCheck hook - tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested helper - interfaces/polkit: do not require polkit directory if no file is needed - o/snapstate: be consistent not creating per-snap save dirs for classic models - inhibit: use hintFile() - tests: use `snap prepare-image` in fde-on-classic mk-image.sh - interfaces: add microceph interface - seccomp: allow opening XDP sockets - interfaces: allow access to icon subdirectories - tests: add minimal-smoke test for UC22 and increase minimal RAM - overlord: introduce hold levels in the snapstate.Hold* API - o/devicestate: support mounting ubuntu-save also on classic with modes - interfaces: steam-support allow additional mounts - fakeinstaller: format SystemDetails result with %+v - cmd/libsnap-confine-private: do not panic on chmod failure - tests: ensure that fakeinstaller put the seed into the right place - many: add stub services for prompting - tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies - o/snapstate: fix snaps-hold pruning/reset in the presence of system holding - many: add support for setting up encryption from installer - many: support classic snaps in the context of classic and extended models - cmd/snap,daemon: allow zero values from client to daemon for journal rate limit - boot,o/devicestate: extend HasFDESetupHook to consider unrelated kernels - cmd/snap: validation set refresh-enforce CLI support + spread test - many: fix filenames written in modeenv for base/gadget plus drive- by TODO - seed: fix seed test to use a pseudo-random byte sequence - cmd/snap-confine: remove setuid calls from cgroup init code - boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem - devicestate,boot,tests: make `fakeinstaller` test work - store: send Snap-Device-Location header with cloud information - overlord: fix unit tests after merging master in - o/auth: move HasUserExpired into UserState and name it HasExpired, and add unit tests for this - o/auth: rename NewUserData to NewUserParams - many: implementation of finish install step handlers - overlord: auto-resolve validation set enforcement constraints - i/backends,o/ifacestate: cleanup backends.All - cmd/snap-confine: move bind-mount setup into separate function - tests/main/mount-ns: update namespace for 18.04 - o/state: Hold pseudo-error for explicit holding, concept of pending changes in prune logic - many: support extended classic models that omit kernel/gadget - data/selinux: allow snapd to detect WSL - overlord: add code to remove users that has an expiration date set - wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces - daemon: move user add, remove operations to overlord device state - gadget: implement write content from gadget information - {device,snap}state: fix ineffectual assignments - daemon: support validation set refresh+enforce in API - many: rename AddAffected* to RegisterAffected*, add Change|State.Has, fix a comment - many: reset store session when setting proxy.store - overlord/ifacestate: fix conflict detection of auto-connection - interfaces: added read/write access to /proc/self/coredump_filter for process-control - interfaces: add read access to /proc/cgroups and /proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with `DefaultDependencies=no` - many: don't concatenate non-constant format strings - o/devicestate: fix non-compiling test - release, snapd-apparmor: fixed outdated WSL detection - many: add todos discussed in the review in tests/nested/manual/fde-on-classic, snapstate cleanups - overlord: run install-device hook during factory reset - i/b/mount-control: add optional `/` to umount rules - gadget/install: split Run in several functions - o/devicestate: refactor some methods as preparation for install steps implementation - tests: fix how snaps are cached in uc22 - tests/main/cgroup-tracking-failure: fix rare failure in Xenial and Bionic - many: make {Install,Initramfs}{{,Host},Writable}Dir a function - tests/nested/manual/core20: fix manual test after changes to 'tests.nested exec' - tests: move the unit tests system to 22.04 in github actions workflow - tests: fix nested errors uc20 - boot: rewrite switch in SnapTypeParticipatesInBoot() - gadget: refactor to allow usage from the installer - overlord/devicestate: support for mounting ubuntu-save before the install-device hook - many: allow to install/update kernels/gadgets on classic with modes - tests: fix issues related to dbus session and localtime in uc18 - many: support home dirs located deeper under /home - many: refactor tests to use explicit strings instead of boot.Install{Initramfs,Host}{Writable,FDEData}Dir - boot: add factory-reset cases for boot-flags - tests: disable quota tests on arm devices using ubuntu core - tests: fix unbound SPREAD_PATH variable on nested debug session - overlord: start turning restart into a full state manager - boot: apply boot logic also for classic with modes boot snaps - tests: fix snap-env test on debug section when no var files were created - overlord,daemon: allow returning errors when requesting a restart - interfaces: login-session-control: add further D-Bus interfaces - snapdenv: added wsl to userAgent - o/snapstate: support running multiple ops transactionally - store: use typed valset keys in store package - daemon: add `ensureStateSoon()` when calling systems POST api - gadget: add rules for validating classic with modes gadget.yaml files - wrappers: journal namespaces did not honor journal.persistent - many: stub devicestate.Install{Finish,SetupStorageEncryption}() - sandbox/cgroup: don't check V1 cgroup if V2 is active - seed: add support to load auto import assertion - tests: fix preseed tests for arm systems - include/lk: update LK recovery environment definition to include device lock state used by bootloader - daemon: return `storage-encryption` in /systems/