From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sat, 5 Jul 2025 01:32:54 +0000 (+0100)
Subject: Merge version 2.12-5+rpi1 and 2.12-8 to produce 2.12-8+rpi1
X-Git-Tag: archive/raspbian/2.12-8+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6d68dc0f928c9549dadde51c9b7c4a3d895c624c;p=grub2.git

Merge version 2.12-5+rpi1 and 2.12-8 to produce 2.12-8+rpi1
---

5b328b0d9d0aa895d6999dd45d9b661713e10282
diff --cc debian/changelog
index c6679fe,e631eb7..5b2505b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,85 +1,94 @@@
- grub2 (2.12-5+rpi1) trixie-staging; urgency=medium
++grub2 (2.12-8+rpi1) trixie-staging; urgency=medium
 +
++  [changes brought forward from 2.12-5+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 28 Jul 2024 22:42:11 +0000]
 +  * Treat system as Debian, since we don't have any specific config for
 +    raspbian.
 +  * Fix clean target.
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Sun, 28 Jul 2024 22:42:11 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sat, 05 Jul 2025 01:32:54 +0000
++
+ grub2 (2.12-8) unstable; urgency=medium
+ 
+   [ Mate Kukri ]
+   * d/default/grub: Always get distributor string from `/etc/os-release`
+   * Avoid adding extra GNU/Linux suffix to menu entries (Closes: #1076723)
+ 
+  -- Felix Zielcke <fzielcke@z-51.de>  Wed, 11 Jun 2025 17:42:34 +0200
+ 
+ grub2 (2.12-7) unstable; urgency=medium
+ 
+   [ Mate Kukri ]
+   * Drop NTFS patches that seem to be causing regressions
+     (Closes: #1100486, #1100470)
+ 
+  -- Felix Zielcke <fzielcke@z-51.de>  Sat, 15 Mar 2025 14:55:29 +0100
+ 
+ grub2 (2.12-6) unstable; urgency=medium
+ 
+   [ Mate Kukri ]
+   * Fix out of bounds XSDT access, re-enable ACPI SPCR table support
+ 
+   [ Miroslav Kure ]
+   * Updated Czech translation of grub debconf messages. (Closes: #1035052)
+ 
+   [ Viktar Siarheichyk ]
+   * Updated Belarusian translation. (Closes: #1034905)
+ 
+   [ Carles Pina i Estany ]
+   * Update translation
+ 
+   [ Felix Zielcke ]
+   * Move d/legacy/* files to grub-legacy.
+   * Remove traces of ../legacy/ dir in d/rules.
+ 
+   [ Mate Kukri ]
+   * Cherry-pick upstream security patches
+   * Bump SBAT level to grub,5
+   * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
+     - CVE-2024-45774
+   * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
+     - CVE-2024-45775
+   * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read
+     - CVE-2024-45776
+   * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
+     - CVE-2024-45777
+   * SECURITY UPDATE: fs/bfs: Integer overflow
+     - CVE-2024-45778
+   * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
+     - CVE-2024-45779
+   * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
+     - CVE-2024-45780
+   * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
+     - CVE-2024-45781
+   * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
+     - CVE-2024-45782
+   * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
+     - CVE-2024-45783
+   * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload
+     - CVE-2025-0622
+   * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file()
+     - CVE-2025-0624
+   * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
+     - CVE-2025-0677
+   * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
+     - CVE-2025-0678
+   * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
+     - CVE-2025-0684
+   * SECURITY UODATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
+     - CVE-2025-0685
+   * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
+     - CVE-2025-0686
+   * SECURITY UPDATE: udf: Heap based buffer overflow  in grub_udf_read_block() may lead to arbitrary code execution
+     - CVE-2025-0689
+   * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
+     - CVE-2025-0690
+   * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled
+     - CVE-2025-1118
+   * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write
+     - CVE-2025-1125
+   * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835]
+ 
+  -- Mate Kukri <mate.kukri@canonical.com>  Sat, 15 Feb 2025 17:17:14 +0000
  
  grub2 (2.12-5) unstable; urgency=medium