grub2 (2.14-1~bpo12u2.1) bookworm-backports; urgency=medium

  * Rebuild for bookworm-backports.
  * ported from trixie

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 18 Jan 2026 09:54:50 -0800

grub2 (2.14-1+deb13u2.1) trixie; urgency=medium

  * HEAD @ d38d6a1a9b79427848
    Release 2.14-2026-01-14 16:46
  - initial build

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 17 Jan 2026 09:12:53 -0800

grub2 (2.14~rc1-1+deb13u2.4) trixie; urgency=medium

  * work with tarball @ head

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 08 Nov 2025 18:48:31 -0800

grub2 (2.14~git20250718.0e36779-1) experimental; urgency=medium

  [ Mate Kukri ]
  * Import git snapshot of upcoming GRUB 2.14 upstream release
  * d/patches: rebase patches for 2.14 git snapshot
  * d/rules: add erofs_test to XFAIL test
  * peimage: add NX support, fix some bugs (LP: #2104316)
  * Fix ipconfig2 route table parsing (LP: #2088181)

  [ Luca Boccassi ]
  * efi images: enable 'bli' module

  [ Graham Inggs ]
  * debian/control: mark qemu-system build-dependency <!nocheck>

  [ Pascal Hambourg ]
  * debian/grub.d/05_debian_theme: quote background image pathname in output

  [ Mate Kukri ]
  * Resolve zfs root identification (Closes: #848945)
  * Check out missing distfiles from upstream git branch
  * d/build-efi-images: Remove filesystems no longer allowed under lockdown
  * debian: Remove references to dead ports kfreebsd-* and kopensolaris-*
  * d/control: Sync dependencies of grub-efi-{riscv64,loong64} with grub-efi-*
  * d/control: Clean up package relations
  * debian: Tanglu is a dead distro, drop references to it
  * debian: Get rid of non-systemd init scripts
  * debian: Merge grub-common into grub2-common
  * debian: Get rid of update-grub script for grub-legacy
  * debian: Remove support for the yeeloong target
  * Remove support for WUBI (Windows Based Ubuntu Installer)
  * debian/patches: Drop a number of obsolete patches
  * Add "noescape" argument to cmdline creation (LP: #2112179)
  * d/control: Cleanup more package relations
  * Remove IA64 support
  * Remove old maintscripts
  * d/postinst.in: remove grub legacy related functionality
  * Add Provides grub-common to merged grub2-common
  * Update Debian specific SBAT line to grub.debian14 for forky

 -- Mate Kukri <mate.kukri@canonical.com>  Tue, 12 Aug 2025 11:51:55 +0100

grub2 (2.12-9) unstable; urgency=medium

  * Apply patch by Ben Hutchings to not strip .exec or .image files
    (Closes: #1072167)

 -- Felix Zielcke <fzielcke@z-51.de>  Thu, 03 Jul 2025 18:35:51 +0200

grub2 (2.12-8) unstable; urgency=medium

  [ Mate Kukri ]
  * d/default/grub: Always get distributor string from `/etc/os-release`
  * Avoid adding extra GNU/Linux suffix to menu entries (Closes: #1076723)

 -- Felix Zielcke <fzielcke@z-51.de>  Wed, 11 Jun 2025 17:42:34 +0200

grub2 (2.12-7) unstable; urgency=medium

  [ Mate Kukri ]
  * Drop NTFS patches that seem to be causing regressions
    (Closes: #1100486, #1100470)

 -- Felix Zielcke <fzielcke@z-51.de>  Sat, 15 Mar 2025 14:55:29 +0100

grub2 (2.12-6) unstable; urgency=medium

  [ Mate Kukri ]
  * Fix out of bounds XSDT access, re-enable ACPI SPCR table support

  [ Miroslav Kure ]
  * Updated Czech translation of grub debconf messages. (Closes: #1035052)

  [ Viktar Siarheichyk ]
  * Updated Belarusian translation. (Closes: #1034905)

  [ Carles Pina i Estany ]
  * Update translation

  [ Felix Zielcke ]
  * Move d/legacy/* files to grub-legacy.
  * Remove traces of ../legacy/ dir in d/rules.

  [ Mate Kukri ]
  * Cherry-pick upstream security patches
  * Bump SBAT level to grub,5
  * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
    - CVE-2024-45774
  * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
    - CVE-2024-45775
  * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read
    - CVE-2024-45776
  * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
    - CVE-2024-45777
  * SECURITY UPDATE: fs/bfs: Integer overflow
    - CVE-2024-45778
  * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
    - CVE-2024-45779
  * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
    - CVE-2024-45780
  * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
    - CVE-2024-45781
  * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
    - CVE-2024-45782
  * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
    - CVE-2024-45783
  * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload
    - CVE-2025-0622
  * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file()
    - CVE-2025-0624
  * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
    - CVE-2025-0677
  * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
    - CVE-2025-0678
  * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
    - CVE-2025-0684
  * SECURITY UODATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
    - CVE-2025-0685
  * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
    - CVE-2025-0686
  * SECURITY UPDATE: udf: Heap based buffer overflow  in grub_udf_read_block() may lead to arbitrary code execution
    - CVE-2025-0689
  * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
    - CVE-2025-0690
  * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled
    - CVE-2025-1118
  * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write
    - CVE-2025-1125
  * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835]

 -- Mate Kukri <mate.kukri@canonical.com>  Sat, 15 Feb 2025 17:17:14 +0000

grub2 (2.12-5) unstable; urgency=medium

  * Build-Depend on pkgconf instead of pkg-config.
  * Update legacy/update-grub to correctly check for grub2 core.img
  * Correct Breaks+Replaces on grub-efi-arm64-unsigned for grub-efi-arm64-bin.
    (Closes: #1076235)

 -- Felix Zielcke <fzielcke@z-51.de>  Mon, 15 Jul 2024 17:05:20 +0200

grub2 (2.12-4) unstable; urgency=medium

  [ Mate Kukri ]
  * Determine GRUB_DISTRIBUTOR from os-release and fall back to build-time dpkg vendor

  [ Felix Zielcke ]
  * Ship gdb_helper.py in dbg packages. (Closes: #1072164)
  * Update README.source to mention that we're now using gbp-pq instead of git-dpm.
  * Add grub-pc+grub2-common Breaks: against grub-legacy (<< 0.97-83~).
  * Upload to unstable.

 -- Felix Zielcke <fzielcke@z-51.de>  Wed, 10 Jul 2024 09:18:01 +0200

grub2 (2.12-3) experimental; urgency=medium

  [ Colin Watson ]
  * Update signing-template Uploaders to match main package.

  [ Mate Kukri ]
  * d/p/mkconfig-ubuntu-recovery.patch: Use "recovery" instead of "single recovery" for recovery mode bootparams
  * d/p/revert-term-ns8250-spcr.patch: Revert ACPI SPCR table support (#1062073)
  * d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches
  * Revert "d/p/efidisk-breakup-large-reads.patch: efidisk: Breakup large reads into batches"

  [ Jiajie Chen ]
  * Enable building for LoongArch64

  [ Heinrich Schuchardt ]
  * d/rules: build monolithic images for all EFI architectures

  [ Julian Andres Klode ]
  * Introduce new -unsigned packages to house the pre-built .efi binaries
  * signing: Use the -unsigned packages as signed build-depends

  [ Jiajie Chen ]
  * d/p/sb/efi-use-peimage-shim.patch: add loong64 suppport

  [ Felix Zielcke ]
  * Update Breaks/Replaces -efi-{ia32,amd64}-bin to << 2.12-3~ at -unsigned packages.

  [ Pascal Hambourg ]
  * 05_debian_theme: cache background picture if not in /boot/grub filesystem
  * debian/default/grub: Replace 'vbeinfo' with 'videoinfo'
  * debian/default/grub: Document /etc/default/grub.d/*.cfg

  [ Tianyu Chen ]
  * Make grub-common Breaks grub-efi-*-signed (<< 1+2.12~rc1)

 -- Julian Andres Klode <juliank@ubuntu.com>  Thu, 25 Apr 2024 16:52:04 +0200

grub2 (2.12-2) unstable; urgency=medium

  [ Mate Kukri ]
  * Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
  * d/build-efi-images: Make sure downstream didn't remove peimage SBAT
    entry
  * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
    - CVE-2024-2312

  [ Julian Andres Klode ]
  * Bump SBAT level to `grub.peimage,2`; and also bump `grub.debian,5` to
    make sure we can revoke any downstream users of peimage that forgot to
    include the grub.peimage component if that should become necessary.

 -- Julian Andres Klode <jak@debian.org>  Fri, 05 Apr 2024 20:45:55 +0200

grub2 (2.12-1) unstable; urgency=medium

  [ Mate Kukri ]
  * New upstream version, 2.12
  * d/patches: Rebase on `upstream/2.12` and drop superseded patches:
    - Dropping patches now included upstream:
      + d/p/ntfs-cve-fixes/*: Fixes for NTFS OOB CVE
      + d/p/upstream/xfs-*: XFS parsing fixes
      + d/p/upstream/unmerged-usr-shebang.patch
    - Dropping patch replaced with configure option:
      + d/p/dejavu-font-path.patch
  * d/rules: Pass configure option '--enable-grub-themes'
  * d/rules: Provide Debian specific DejaVu path via configure
  * d/{control,rules}: Use default gcc version
  * d/p/extra_deps_lst.patch:
    Checkout "extra_deps.lst" from upstream/master
  * d/p/sb/revert-efi-fallback-to-legacy.patch:
    Also revert newer fallback patch

  [ Julian Andres Klode ]
  * Add Mate to Uploaders

 -- Mate Kukri <mate.kukri@canonical.com>  Mon, 15 Jan 2024 09:54:55 +0000
