Your message dated Fri, 10 Jun 2022 09:49:22 +0000
with message-id <[email protected]>
and subject line Bug#952815: fixed in grub2 2.06-3
has caused the Debian Bug report #952815,
regarding grub2: Please drop TARGET_CCASFLAGS from debian/rules for 2.06 release
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
952815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952815
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: grub2
Version: 2.04-5
Severity: normal
User: [email protected]
Usertags: sparc64
Hello!
The upcoming 2.06 release contains a fix to set -no-PIE in TARGET_CCASFLAGS [1]
such that the current workaround in debian/rules will no longer be necessary.
The following patch should be applied to debian/rules once 2.06-1 is uploaded
to the archive:
--- debian/rules.orig 2019-12-16 16:48:45.000000000 +0100
+++ debian/rules 2020-02-29 19:40:17.759252139 +0100
@@ -23,10 +23,6 @@
export TARGET_CPPFLAGS := -Wno-unused-but-set-variable
export TARGET_LDFLAGS := -no-pie
-ifneq (,$(filter sparc sparc64,$(DEB_HOST_ARCH_CPU)))
-export TARGET_CCASFLAGS := -fno-PIE
-endif
-
# Ensure that debhelper doesn't try to set these; we need to be careful
# about HOST_* vs. TARGET_*.
export CPPFLAGS :=
Before 2.06, the workaround in debian/rules needs to be kept.
Thanks,
Adrian
> [1]
> http://git.savannah.gnu.org/cgit/grub.git/commit/?id=c71be831f159ab5b8913132143bdb783a8b4b2a3
---
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - [email protected]
`. `' Freie Universitaet Berlin - [email protected]
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
--- End Message ---
--- Begin Message ---
Source: grub2
Source-Version: 2.06-3
Done: Julian Andres Klode <[email protected]>
We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <[email protected]> (supplier of updated grub2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 10 Jun 2022 11:15:11 +0200
Source: grub2
Architecture: source
Version: 2.06-3
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers <[email protected]>
Changed-By: Julian Andres Klode <[email protected]>
Closes: 952815 1001057 1007706
Changes:
grub2 (2.06-3) unstable; urgency=medium
.
[ Colin Watson ]
* Update a few leftover uses of "which" to use "command -v" instead.
* Remove some old Lintian overrides.
* Trim trailing whitespace.
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Add missing ${misc:Depends} to Depends for grub-efi-ia32-signed-template,
grub-efi-amd64-signed-template, grub-efi-arm64-signed-template.
* Bump debhelper from old 10 to 13.
* Set upstream metadata fields: Bug-Submit (from ./configure), Repository,
Repository-Browse.
* Drop now-unnecessary sparc PIE workaround from debian/rules (thanks,
John Paul Adrian Glaubitz; closes: #952815).
.
[ Debconf translations ]
* [id] Indonesian (Andika Triwidada; closes: #1007706).
.
[ Julian Andres Klode ]
* Add Julian Andres Klode to uploaders
* Disable building with LTO, as used in Ubuntu and possibly other
downstreams (maybe Debian one day), as that breaks the build.
* SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds
write in heap.
- 0070-video-readers-png-Drop-greyscale-support-to-fix-heap.patch:
video/readers/png: Drop greyscale support to fix heap out-of-bounds write
- CVE-2021-3695
* SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during
huffman table handling.
- 0071-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch:
video/readers/png: Avoid heap OOB R/W inserting huff table items
- CVE-2021-3696
* SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in
the heap.
- 0076-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch:
video/readers/jpeg: Block int underflow -> wild pointer write
- CVE-2021-3697
* SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets
- 0079-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment
maths safely
- CVE-2022-28733
* SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers
- 0085-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix
OOB write for split http headers
- CVE-2022-28734
* SECURITY UPDATE: shim_lock verifier allows non-kernel files to be loaded
- 0066-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch:
kern/efi/sb: Reject non-kernel files in the shim_lock verifier
- CVE-2022-28735
- Closes: #1001057
* SECURITY UPDATE: use-after-free in grub_cmd_chainloader()
- 0063-loader-efi-chainloader-Simplify-the-loader-state.patch:
loader/efi/chainloader: simplify the loader state
- 0064-commands-boot-Add-API-to-pass-context-to-loader.patch:
commands/boot:
Add API to pass context to loader
- 0065-loader-efi-chainloader-Use-grub_loader_set_ex.patch:
loader/efi/chainloader: Use grub_loader_set_ex
- 0066-loader-i386-efi-linux-Use-grub_loader_set_ex.patch:
loader/i386/efi/linux: Use grub_loader_set_ex
* Various fixes as a result of fuzzing and static analysis:
- 0067-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch:
kern/file: Do not leak device_name on error in grub_file_open()
- 0068-video-readers-png-Abort-sooner-if-a-read-operation-f.patch:
video/readers/png: Abort sooner if a read operation fails
- 0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch:
video/readers/png: Refuse to handle multiple image headers
- 0072-video-readers-png-Sanity-check-some-huffman-codes.patch:
video/readers/png: Sanity check some huffman codes
- 0073-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch:
video/readers/jpeg: Abort sooner if a read operation fails
- 0074-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch:
video/readers/jpeg: Do not reallocate a given huff table
- 0075-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch:
video/readers/jpeg: Refuse to handle multiple start of streams
- 0077-normal-charset-Fix-array-out-of-bounds-formatting-un.patch:
normal/charset: Fix array out-of-bounds formatting unicode for display
- 0078-net-netbuff-Block-overly-large-netbuff-allocs.patch:
net/netbuff: Block overly large netbuff allocs
- 0080-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch:
net/dns: Fix double-free addresses on corrupt DNS response
- 0081-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch:
net/dns: Don't read past the end of the string we're checking against
- 0082-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch:
net/tftp: Prevent a UAF and double-free from a failed seek
- 0083-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF
- 0084-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch:
net/http: Do not tear down socket if it's already been torn down
- 0086-net-http-Error-out-on-headers-with-LF-without-CR.patch:
net/http: Error out on headers with LF without CR
- 0087-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch:
fs/f2fs: Do not read past the end of nat journal entries
- 0088-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch:
fs/f2fs: Do not read past the end of nat bitmap
- 0089-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch:
fs/f2fs: Do not copy file names that are too long
- 0090-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch:
fs/btrfs: Fix several fuzz issues with invalid dir item sizing
- 0091-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch:
fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
- 0092-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch:
fs/btrfs: Fix more fuzz issues related to chunks
* Bump SBAT generation:
- update debian/sbat.debian.csv.in
Checksums-Sha1:
2f9797dd9c2b2beaeed51cab826cd70a784b826c 7199 grub2_2.06-3.dsc
2dde9f9e9826902f46fb0496f3a1351f9d0e0c61 1084452 grub2_2.06-3.debian.tar.xz
Checksums-Sha256:
46b403dbe0e7f24b0ceebeccc397e88a19fd029c3bc5afdb538580bb3fae3ea1 7199
grub2_2.06-3.dsc
a85896f67cb2ceaf67bf1bcf704223e267e4cc776e002082c27b815ec41acaf7 1084452
grub2_2.06-3.debian.tar.xz
Files:
4d442e1bbe80e5c3d3e6987b5404470f 7199 admin optional grub2_2.06-3.dsc
5d35e3a9cf3f4262580ebf6b62e76ef7 1084452 admin optional
grub2_2.06-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmKjDvIPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xi84P/R7GKKw47HnvlhO+XX5T2JKgdY4iz4eyJ6IX
ikeyQE+If9f9Fihtys34LusTWZf05n3LJrutUPDWB/ukFSu7+2Pn9I+13e8niaEU
XAUj5X0FVNKKw9a3mTo+xHBtZglYFQBIkr2PsqK8B5nhXHP8rHC1poqX/pl+J2SP
jMxlyehjZVypJDqO/Om06+hxaHLOSfJZK+7mMgIz3KN2TcQgyK/CWwkEFlWEQuwn
RUIWVkaGZMQ2H9SIPvvhAKWzei/qC/1xtgBT/JDvQAtDbcpadiLIq3PXTYLce0Ea
VgqC24myr6iYPfVrLWNhLQ/54jHmi4RuHhwPhFzkQwR8neIFvE/7WXTLXydu2PUU
htNIkVad4xXAIKAiZcn3we0SEK1XPucBqs9IptwazGLZ4xufMFJ8f7idwUiZICcM
lSyKrKSRRbrVDI6NfvPBNxCK5s/OiwvJFvBZTgwczTUfoJpri/hRU3xcrU/hlJtS
7LwhAT4+ykaC+CoZChkliGQtlCit0jvchj1/2uRUTJ4wHIuBdjfU9GvFsXffzOZK
DbhPG+bKm9mxMx8cb2lXhg166Xe1gOuxHn3b4cQrXtt5ng5L9obaq9kbdNF9c5AY
GgMJAkTNf/0rLQB8masnwO4D6j1U9eROkItldh2Ja/W+PGobWdBBImz35EEp90j1
3f4/kqSE
=w5AF
-----END PGP SIGNATURE-----
--- End Message ---
