diff --git a/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/0001-Fix-security-issue-when-reading-username-and-passwor.patch deleted file mode 100644 index aa07f2f..0000000 --- a/0001-Fix-security-issue-when-reading-username-and-passwor.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e16eeda1200deabd0d3a4af968d526d62845a85f Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert -Signed-off-by: Ismael Ripoll-Ripoll ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -2.6.4 - diff --git a/0005-10_linux-fix-grouping-of-tests.patch b/0005-10_linux-fix-grouping-of-tests.patch deleted file mode 100644 index a57b1ec..0000000 --- a/0005-10_linux-fix-grouping-of-tests.patch +++ /dev/null @@ -1,22 +0,0 @@ -commit 082bc9f77b200eb48a5f1147163dea9c9d02d44c -Author: Mike Gilbert -Date: Sat Mar 5 17:30:48 2016 -0500 - - 10_linux: Fix grouping of tests for GRUB_DEVICE - - Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to - mixing of || and && operators. Add some parens to help with that. - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 5a78513..de9044c 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -47,7 +47,7 @@ esac - # and mounting btrfs requires user space scanning, so force UUID in this case. - if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ - || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ -- || test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm; then -+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then - LINUX_ROOT_DEVICE=${GRUB_DEVICE} - else - LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} diff --git a/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch b/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch deleted file mode 100644 index b796107..0000000 --- a/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ce95549cc54b5d6f494608a7c390dba3aab4fba7 Mon Sep 17 00:00:00 2001 -From: Andrei Borzenkov -Date: Thu, 15 Dec 2016 16:07:00 +0300 -Subject: efi: properly terminate filepath with NULL in chainloader - -EFI File Path Media Device Path is defined as NULL terminated string; -but chainloader built file paths without final NULL. This caused error -with Secure Boot and Linux Foundation PreLoader on Acer with InsydeH20 BIOS. -Apparently firmware failed verification with EFI_INVALID_PARAMETER which is -considered fatal error by PreLoader. - -Reported and tested by Giovanni Santini ---- - grub-core/loader/efi/chainloader.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 522a716..adc8563 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -122,6 +122,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, - if (*p == '/') - *p = '\\'; - -+ /* File Path is NULL terminated */ -+ fp->path_name[size++] = '\0'; - fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); - } - -@@ -156,8 +158,10 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - d = GRUB_EFI_NEXT_DEVICE_PATH (d); - } - -+ /* File Path is NULL terminated. Allocate space for 2 extra characters */ -+ /* FIXME why we split path in two components? */ - file_path = grub_malloc (size -- + ((grub_strlen (dir_start) + 1) -+ + ((grub_strlen (dir_start) + 2) - * GRUB_MAX_UTF16_PER_UTF8 - * sizeof (grub_efi_char16_t)) - + sizeof (grub_efi_file_path_device_path_t) * 2); --- -cgit v1.0 - diff --git a/PKGBUILD b/PKGBUILD index 3c53a53..422ca30 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -9,7 +9,7 @@ _IA32_EFI_IN_ARCH_X64="1" _GRUB_EMU_BUILD="0" _pkgver="2.02" -_GRUB_GIT_TAG="grub-2.02-beta3" +_GRUB_GIT_TAG="2.02-rc1" _GRUB_EXTRAS_COMMIT="f2a079441939eee7251bf141986cdd78946e1d20" _UNIFONT_VER="9.0.06" @@ -22,8 +22,8 @@ _UNIFONT_VER="9.0.06" pkgname="grub" pkgdesc="GNU GRand Unified Bootloader (2)" -pkgver=2.02.beta3 -pkgrel=6 +pkgver=2.02.rc1 +pkgrel=1 epoch=1 url="https://www.gnu.org/software/grub/" arch=('x86_64' 'i686') @@ -59,12 +59,9 @@ source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG} "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=${_GRUB_EXTRAS_COMMIT}" "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz" "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig" - '0001-Fix-security-issue-when-reading-username-and-passwor.patch' '0002-intel-ucode.patch' '0003-10_linux-detect-archlinux-initramfs.patch' '0004-add-GRUB_COLOR_variables.patch' - '0005-10_linux-fix-grouping-of-tests.patch' - '0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch' 'grub.default' 'grub.cfg') @@ -72,12 +69,9 @@ sha256sums=('SKIP' 'SKIP' '4246c4773ed70f78a7e27ff1118fd257a280d1102200265ad5d58bb2011195ef' 'SKIP' - '6a85a2a93a27f64bac68bef513e3239a898a0502221978b3cb99e41994021b05' '37adb95049f6cdcbdbf60ed6b6440c5be99a4cd307a0f96c3c3837b6c2e07f3c' 'b41e4438319136b5e74e0abdfcb64ae115393e4e15207490272c425f54026dd3' 'a5198267ceb04dceb6d2ea7800281a42b3f91fd02da55d2cc9ea20d47273ca29' - 'bf712de689a944ac23a0303bbcc223eedf8d4fcb5c94bdc071c71c2444158a7f' - 'd99f47642d325398873346e25ecb646c387e358e25b05128fa333cc7721a7388' 'df764fbd876947dea973017f95371e53833bf878458140b09f0b70d900235676' 'c5e4f3836130c6885e9273c21f057263eba53f4b7c0e2f111f6e5f2e487a47ad') @@ -89,11 +83,6 @@ _pkgver() { prepare() { cd "${srcdir}/grub-${_pkgver}/" - msg "Patch to fix CVE-2015-8370" - # CVE-2015-8370 - patch -Np1 -i "${srcdir}/0001-Fix-security-issue-when-reading-username-and-passwor.patch" - echo - msg "Patch to load Intel microcode" patch -Np1 -i "${srcdir}/0002-intel-ucode.patch" echo @@ -107,14 +96,6 @@ prepare() { patch -Np1 -i "${srcdir}/0004-add-GRUB_COLOR_variables.patch" echo - msg "Patch to fix grouping of tests for GRUB_DEVICE" - patch -Np1 -i "${srcdir}/0005-10_linux-fix-grouping-of-tests.patch" - echo - - msg "Patch to properly terminate filepath with NULL in chainloader" - patch -Np1 -i "${srcdir}/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch" - echo - msg "Fix DejaVuSans.ttf location so that grub-mkfont can create *.pf2 files for starfield theme" sed 's|/usr/share/fonts/dejavu|/usr/share/fonts/dejavu /usr/share/fonts/TTF|g' -i "${srcdir}/grub-${_pkgver}/configure.ac"