* new upstream release
* remove patch no longer required
This commit is contained in:
Christian Hesse
parent
3de274eef4
commit
82f5802843
@ -1,47 +0,0 @@
|
||||
From e16eeda1200deabd0d3a4af968d526d62845a85f Mon Sep 17 00:00:00 2001
|
||||
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Date: Fri, 13 Nov 2015 16:21:09 +0100
|
||||
Subject: [PATCH] Fix security issue when reading username and password
|
||||
|
||||
This patch fixes two integer underflows at:
|
||||
* grub-core/lib/crypto.c
|
||||
* grub-core/normal/auth.c
|
||||
|
||||
Resolves: CVE-2015-8370
|
||||
|
||||
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
||||
---
|
||||
grub-core/lib/crypto.c | 2 +-
|
||||
grub-core/normal/auth.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
||||
index 010e550..524a3d8 100644
|
||||
--- a/grub-core/lib/crypto.c
|
||||
+++ b/grub-core/lib/crypto.c
|
||||
@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
|
||||
break;
|
||||
}
|
||||
|
||||
- if (key == '\b')
|
||||
+ if (key == '\b' && cur_len)
|
||||
{
|
||||
cur_len--;
|
||||
continue;
|
||||
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
||||
index c6bd96e..5782ec5 100644
|
||||
--- a/grub-core/normal/auth.c
|
||||
+++ b/grub-core/normal/auth.c
|
||||
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
|
||||
break;
|
||||
}
|
||||
|
||||
- if (key == '\b')
|
||||
+ if (key == '\b' && cur_len)
|
||||
{
|
||||
cur_len--;
|
||||
grub_printf ("\b");
|
||||
--
|
||||
2.6.4
|
||||
|
||||
@ -1,22 +0,0 @@
|
||||
commit 082bc9f77b200eb48a5f1147163dea9c9d02d44c
|
||||
Author: Mike Gilbert <floppym@gentoo.org>
|
||||
Date: Sat Mar 5 17:30:48 2016 -0500
|
||||
|
||||
10_linux: Fix grouping of tests for GRUB_DEVICE
|
||||
|
||||
Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to
|
||||
mixing of || and && operators. Add some parens to help with that.
|
||||
|
||||
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
|
||||
index 5a78513..de9044c 100644
|
||||
--- a/util/grub.d/10_linux.in
|
||||
+++ b/util/grub.d/10_linux.in
|
||||
@@ -47,7 +47,7 @@ esac
|
||||
# and mounting btrfs requires user space scanning, so force UUID in this case.
|
||||
if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
|
||||
|| ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
|
||||
- || test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm; then
|
||||
+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
|
||||
LINUX_ROOT_DEVICE=${GRUB_DEVICE}
|
||||
else
|
||||
LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
|
||||
@ -1,44 +0,0 @@
|
||||
From ce95549cc54b5d6f494608a7c390dba3aab4fba7 Mon Sep 17 00:00:00 2001
|
||||
From: Andrei Borzenkov <arvidjaar@gmail.com>
|
||||
Date: Thu, 15 Dec 2016 16:07:00 +0300
|
||||
Subject: efi: properly terminate filepath with NULL in chainloader
|
||||
|
||||
EFI File Path Media Device Path is defined as NULL terminated string;
|
||||
but chainloader built file paths without final NULL. This caused error
|
||||
with Secure Boot and Linux Foundation PreLoader on Acer with InsydeH20 BIOS.
|
||||
Apparently firmware failed verification with EFI_INVALID_PARAMETER which is
|
||||
considered fatal error by PreLoader.
|
||||
|
||||
Reported and tested by Giovanni Santini <itachi.sama.amaterasu@gmail.com>
|
||||
---
|
||||
grub-core/loader/efi/chainloader.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
||||
index 522a716..adc8563 100644
|
||||
--- a/grub-core/loader/efi/chainloader.c
|
||||
+++ b/grub-core/loader/efi/chainloader.c
|
||||
@@ -122,6 +122,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
|
||||
if (*p == '/')
|
||||
*p = '\\';
|
||||
|
||||
+ /* File Path is NULL terminated */
|
||||
+ fp->path_name[size++] = '\0';
|
||||
fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
|
||||
}
|
||||
|
||||
@@ -156,8 +158,10 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
|
||||
}
|
||||
|
||||
+ /* File Path is NULL terminated. Allocate space for 2 extra characters */
|
||||
+ /* FIXME why we split path in two components? */
|
||||
file_path = grub_malloc (size
|
||||
- + ((grub_strlen (dir_start) + 1)
|
||||
+ + ((grub_strlen (dir_start) + 2)
|
||||
* GRUB_MAX_UTF16_PER_UTF8
|
||||
* sizeof (grub_efi_char16_t))
|
||||
+ sizeof (grub_efi_file_path_device_path_t) * 2);
|
||||
--
|
||||
cgit v1.0
|
||||
|
||||
25
PKGBUILD
25
PKGBUILD
@ -9,7 +9,7 @@ _IA32_EFI_IN_ARCH_X64="1"
|
||||
_GRUB_EMU_BUILD="0"
|
||||
|
||||
_pkgver="2.02"
|
||||
_GRUB_GIT_TAG="grub-2.02-beta3"
|
||||
_GRUB_GIT_TAG="2.02-rc1"
|
||||
_GRUB_EXTRAS_COMMIT="f2a079441939eee7251bf141986cdd78946e1d20"
|
||||
|
||||
_UNIFONT_VER="9.0.06"
|
||||
@ -22,8 +22,8 @@ _UNIFONT_VER="9.0.06"
|
||||
|
||||
pkgname="grub"
|
||||
pkgdesc="GNU GRand Unified Bootloader (2)"
|
||||
pkgver=2.02.beta3
|
||||
pkgrel=6
|
||||
pkgver=2.02.rc1
|
||||
pkgrel=1
|
||||
epoch=1
|
||||
url="https://www.gnu.org/software/grub/"
|
||||
arch=('x86_64' 'i686')
|
||||
@ -59,12 +59,9 @@ source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG}
|
||||
"grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=${_GRUB_EXTRAS_COMMIT}"
|
||||
"https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz"
|
||||
"https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig"
|
||||
'0001-Fix-security-issue-when-reading-username-and-passwor.patch'
|
||||
'0002-intel-ucode.patch'
|
||||
'0003-10_linux-detect-archlinux-initramfs.patch'
|
||||
'0004-add-GRUB_COLOR_variables.patch'
|
||||
'0005-10_linux-fix-grouping-of-tests.patch'
|
||||
'0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch'
|
||||
'grub.default'
|
||||
'grub.cfg')
|
||||
|
||||
@ -72,12 +69,9 @@ sha256sums=('SKIP'
|
||||
'SKIP'
|
||||
'4246c4773ed70f78a7e27ff1118fd257a280d1102200265ad5d58bb2011195ef'
|
||||
'SKIP'
|
||||
'6a85a2a93a27f64bac68bef513e3239a898a0502221978b3cb99e41994021b05'
|
||||
'37adb95049f6cdcbdbf60ed6b6440c5be99a4cd307a0f96c3c3837b6c2e07f3c'
|
||||
'b41e4438319136b5e74e0abdfcb64ae115393e4e15207490272c425f54026dd3'
|
||||
'a5198267ceb04dceb6d2ea7800281a42b3f91fd02da55d2cc9ea20d47273ca29'
|
||||
'bf712de689a944ac23a0303bbcc223eedf8d4fcb5c94bdc071c71c2444158a7f'
|
||||
'd99f47642d325398873346e25ecb646c387e358e25b05128fa333cc7721a7388'
|
||||
'df764fbd876947dea973017f95371e53833bf878458140b09f0b70d900235676'
|
||||
'c5e4f3836130c6885e9273c21f057263eba53f4b7c0e2f111f6e5f2e487a47ad')
|
||||
|
||||
@ -89,11 +83,6 @@ _pkgver() {
|
||||
prepare() {
|
||||
cd "${srcdir}/grub-${_pkgver}/"
|
||||
|
||||
msg "Patch to fix CVE-2015-8370"
|
||||
# CVE-2015-8370
|
||||
patch -Np1 -i "${srcdir}/0001-Fix-security-issue-when-reading-username-and-passwor.patch"
|
||||
echo
|
||||
|
||||
msg "Patch to load Intel microcode"
|
||||
patch -Np1 -i "${srcdir}/0002-intel-ucode.patch"
|
||||
echo
|
||||
@ -107,14 +96,6 @@ prepare() {
|
||||
patch -Np1 -i "${srcdir}/0004-add-GRUB_COLOR_variables.patch"
|
||||
echo
|
||||
|
||||
msg "Patch to fix grouping of tests for GRUB_DEVICE"
|
||||
patch -Np1 -i "${srcdir}/0005-10_linux-fix-grouping-of-tests.patch"
|
||||
echo
|
||||
|
||||
msg "Patch to properly terminate filepath with NULL in chainloader"
|
||||
patch -Np1 -i "${srcdir}/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch"
|
||||
echo
|
||||
|
||||
msg "Fix DejaVuSans.ttf location so that grub-mkfont can create *.pf2 files for starfield theme"
|
||||
sed 's|/usr/share/fonts/dejavu|/usr/share/fonts/dejavu /usr/share/fonts/TTF|g' -i "${srcdir}/grub-${_pkgver}/configure.ac"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user