UbuntuUpdates.org

Package "grub-firmware-qemu"

Name: grub-firmware-qemu

Description:

GRUB firmware image for QEMU

Latest version: 2.02~beta2-36ubuntu3.27
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: grub2
Homepage: http://www.gnu.org/software/grub/

Links


Download "grub-firmware-qemu"


Other versions of "grub-firmware-qemu" in Xenial

Repository Area Version
base universe 2.02~beta2-36ubuntu3
security universe 2.02~beta2-36ubuntu3.27
proposed universe 2.02~beta2-36ubuntu3.27
PPA: Mint Upstream 2.02~beta2-36ubuntu3.9+linuxmint1
PPA: Mint Upstream 2.02~beta2-36ubuntu3.14+linuxmint1

Changelog

Version: 2.02~beta2-36ubuntu3.27 2020-07-31 17:06:58 UTC

  grub2 (2.02~beta2-36ubuntu3.27) xenial; urgency=medium

  * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc
    package, since we cannot be certain that it will install to the correct
    disk and a grub-install failure will render the system unbootable.
    LP: #1889556.

 -- Steve Langasek <email address hidden> Thu, 30 Jul 2020 21:27:00 -0700

Source diff to previous version
1889556 grub-install failure does not fail package upgrade (and does not roll back to matching modules)

Version: 2.02~beta2-36ubuntu3.26 2020-07-29 20:06:22 UTC

  grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: Heap buffer overflow when encountering commands that
    cannot be tokenized to less than 8192 characters.
    - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make
      fatal lexer errors actually be fatal
    - CVE-2020-10713
  * SECURITY UPDATE: Multiple integer overflow bugs that could result in
    heap buffer allocations that were too small and subsequent heap buffer
    overflows when handling certain filesystems, font files or PNG images.
    - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add
      arithmetic primitives that allow for overflows to be detected
    - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch:
      Make sure that there is always an overflow checking implementation
      of calloc() available
    - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where
      appropriate
    - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use
      overflow-safe arithmetic primitives when performing allocations
      based on the results of operations that might overflow
    - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in
      hfsplus
    - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix
      more potential integer overflows in lvm
    - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
  * SECURITY UPDATE: Use-after-free when executing a command that causes
    a currently executing function to be redefined.
    - 0092-script-Remove-unused-fields-from-grub_script_functio.patch:
      Remove unused fields from grub_script_function
    - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch:
      Avoid a use-after-free when redefining a function during execution
    - CVE-2020-15706
  * SECURITY UPDATE: Integer overflows that could result in heap buffer
    allocations that were too small and subsequent heap buffer overflows
    during initrd loading.
    - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix
      integer overflows in initrd size handling
    - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix
      integer overflows in linuxefi grub_cmd_initrd
    - CVE-2020-15707
  * Various fixes as a result of code review and static analysis:
    - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a
     memory leak on realloc failures when processing symbolic links
    - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a
      memory leak when processing font files with more than one NAME
      section
    - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap
      after it is freed in order to avoid a potential double free later on
    - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an
      out-of-bounds read in LzmaEncode
    - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use
      priority queues and fix a double free
    - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix
      various arithmetic errors with malformed device paths
    - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix
      a NULL deref in the chainloader command introduced by a previous
      patch
    - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch:
      Avoid a double free in the chainloader command when validation fails
    - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch:
      Protect grub_relocator_alloc_chunk_addr input arguments against
      integer overflow / underflow
    - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch:
      Protect grub_relocator_alloc_chunk_align max_addr argument against
      integer underflow
    - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix
      grub_relocator_alloc_chunk_align top memory allocation
    - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch:
      Avoid overflow on initrd size calculation
  * debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned
    kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled
    and kernel signature verification fails, do not boot the kernel. Patch
    from Linn Crosetto. (LP: #1401532)
  * ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch:
    - Make the linux command in EFI grub always try EFI handover

  [ Dimitri John Ledkov ]
  * SECURITY UPDATE: Grub does not enforce kernel signature validation
    when the shim protocol isn't present.
    - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch:
      Fail kernel validation if the shim protocol isn't available
    - CVE-2020-15705

 -- Chris Coulson <email address hidden> Mon, 20 Jul 2020 21:28:33 +0100

Source diff to previous version
1401532 GRUB's Secure Boot implementation loads unsigned kernel without warning
CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check ...
CVE-2020-15706 GRUB2 contains a race condition in grub_script_function_create() leadi ...
CVE-2020-15707 Integer overflows were discovered in the functions grub_cmd_initrd and ...
CVE-2020-15705 GRUB2 fails to validate kernel signature when booted directly without ...

Version: 2.02~beta2-36ubuntu3.23 2019-11-11 17:06:22 UTC

  grub2 (2.02~beta2-36ubuntu3.23) xenial; urgency=medium

  * d/p/fix_booting_for_large_root_volumes.patch: Cherry pick upstream
    fix for booting on systems with large root volumes, either by default
    or from resizing. (LP: #1840686)

 -- Matthew Ruffell <email address hidden> Sat, 19 Oct 2019 17:47:16 +1300

Source diff to previous version
1840686 Xenial images won't reboot if disk size is \u003e 2TB when using GPT

Version: 2.02~beta2-36ubuntu3.22 2019-05-06 10:07:09 UTC

  grub2 (2.02~beta2-36ubuntu3.22) xenial; urgency=medium

  * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
    'text' payload if it's not supported but present in gfxpayload, such as
    on EFI systems. (LP: #1826453)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 29 Apr 2019 10:04:24 -0400

Source diff to previous version
1826453 Grub2 Booting in blind mode due to \

Version: 2.02~beta2-36ubuntu3.21 2019-04-02 19:09:08 UTC

  grub2 (2.02~beta2-36ubuntu3.21) xenial; urgency=medium

  * debian/patches/squash4-fix-fragments-and-sparse-files.patch: Cherry-pick
    upstream patch to fix handling of fragments and sparse files in squashfs
    filesystems (LP: #1820898).

 -- Colin Watson <email address hidden> Wed, 20 Mar 2019 00:31:55 +0000

1820898 grub in xenial fails to read pc-linux 4.15 kernel snap



About   -   Send Feedback to @ubuntu_updates