Accepting request 349298 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/349298
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=128
This commit is contained in:
Dominique Leuenberger 2015-12-17 14:53:41 +00:00 committed by Git OBS Bridge
commit 26156b0c31
6 changed files with 110 additions and 58 deletions

View File

@ -0,0 +1,54 @@
From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Wed, 16 Dec 2015 07:57:18 +0300
Subject: [PATCH] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
* grub-core/normal/auth.c
CVE-2015-8370
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
---
grub-core/lib/crypto.c | 3 ++-
grub-core/normal/auth.c | 7 +++++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 010e550..683a8aa 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
if (key == '\b')
{
- cur_len--;
+ if (cur_len)
+ cur_len--;
continue;
}
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index c6bd96e..8615c48 100644
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
if (key == '\b')
{
- cur_len--;
- grub_printf ("\b");
+ if (cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
+ }
continue;
}
--
1.9.1

View File

@ -114,7 +114,7 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
+ chainloader \$cmdpath/${xen_basename} ${xen_basename} $section
+ }
+ EOF
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${rel_dirname}/${basename} ${rel_dirname}/${initrd}; do
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${dirname}/${basename} ${dirname}/${initrd}; do
+ cp --preserve=timestamps $f $efi_dir
+ echo $(basename $f) >> $efi_dir/grub.xen-files
+ done

View File

@ -1,40 +0,0 @@
From 86fdefd6b0d447cd7d3d80f794fcd4df2aa96792 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 30 Aug 2012 15:27:50 +0800
Subject: [PATCH] fix Grub2 with SUSE Xen package install
References: bnc#774666
Patch-Mainline: no
This fixes Grub2 does not offer a Xen entry after installing hypervisor
and tools, which is caused by install sequence of xen-kernel and xen is
unpredictable.
By judging the system is dom0 with xen kernel installed, the xen_list
will be set to /boot/xen.gz if it's empty. Because the xen kernel would
trigger the config updated prior to the xen package installation.
---
util/grub.d/20_linux_xen.in | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
===================================================================
--- grub-2.02~beta2.orig/util/grub.d/20_linux_xen.in
+++ grub-2.02~beta2/util/grub.d/20_linux_xen.in
@@ -182,6 +182,16 @@ else
if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
done`
fi
+
+# bnc#774666 - Grub2 does not offer a Xen entry after installing hypervisor and tools
+# This is a workaround to the install sequence of xen-kernel and xen is unpredictable
+if [ "x${xen_list}" = "x" ]; then
+# If the code reaches here, it means that xen-kernel has been installed, but xen hypervisor
+# is missing. This is not likely a sane condition for dom0. We assume this is xen-kernel
+# triggers config update prior to the xen package.
+ xen_list="/boot/xen.gz"
+fi
+
prepare_boot_cache=
boot_device_id=

View File

@ -41,18 +41,33 @@ if [ -n "${suse_cddev_content}" -a -n "${suse_cddev_product}" -a "${suse_cddev_c
set suse_cddev="${suse_cddev_content}"
fi
hdcfg_lst="/boot/grub2/grub.cfg \
hdcfg_list="/boot/grub2/grub.cfg \
/@/boot/grub2/grub.cfg \
/boot/grub/menu.lst \
/grub2/grub.cfg \
/@/.snapshots/1/snapshot/boot/grub2/grub.cfg \
/.snapshots/1/snapshot/boot/grub2/grub.cfg \
/grub2/grub.cfg"
hdlst_list="/boot/grub/menu.lst \
/grub/menu.lst"
set hdcfg=""
for c in ${hdcfg_lst}; do
for c in ${hdcfg_list}; do
if search -s hddev -f "${c}"; then
set hdcfg="${c}"
menuentry "${hddev} Boot From Hard Disk ($c)" {
set root="${hddev}"
configfile "${c}"
}
break
fi
fi
done
for c in ${hdlst_list}; do
if search -s hddev -f "${c}"; then
menuentry "${hddev} Boot From Hard Disk (${c})" {
set root="${hddev}"
legacy_configfile "${c}"
}
break
fi
done
set timeout=0
@ -113,10 +128,3 @@ if [ -n "${suse_cddev}" ]; then
fi
fi
if [ -n "${hddev}" ] ; then
set default="Boot From Hard Disk"
menuentry "${hddev} Boot From Hard Disk" {
set root="${hddev}"
configfile "${hdcfg}"
}
fi

View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com
- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch
Fix for CVE-2015-8370 [boo#956631]
-------------------------------------------------------------------
Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com
- Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel
and initrd to ESP (boo#958193)
-------------------------------------------------------------------
Mon Dec 7 08:03:41 UTC 2015 - olaf@aepfle.de
- Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795)
-------------------------------------------------------------------
Fri Dec 4 17:06:17 UTC 2015 - olaf@aepfle.de
- grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795)
-------------------------------------------------------------------
Thu Nov 26 10:22:28 UTC 2015 - mchang@suse.com
- Expand list of grub.cfg search path in PV Xen guest for systems
installed to btrfs snapshot. (bsc#946148) (bsc#952539)
* modified grub2-xen.cfg
- drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666)
-------------------------------------------------------------------
Wed Nov 18 19:33:42 UTC 2015 - arvidjaar@gmail.com

View File

@ -146,7 +146,7 @@ Source11: SLES-UEFI-CA-Certificate.crt
Source12: grub2-snapper-plugin.sh
Source14: 80_suse_btrfs_snapshot
Source15: grub2-once.service
Source16: grub2-xen.cfg
Source16: grub2-xen-pv-firmware.cfg
# required hook for systemd-sleep (bsc#941758)
Source17: grub2-systemd-sleep.sh
Source1000: PATCH_POLICY
@ -160,7 +160,6 @@ Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
Patch12: grub2-fix-menu-in-xen-host-server.patch
Patch15: not-display-menu-when-boot-once.patch
Patch16: grub2-fix-Grub2-with-SUSE-Xen-package-install.patch
Patch17: grub2-pass-corret-root-for-nfsroot.patch
Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch
Patch19: grub2-efi-HP-workaround.patch
@ -206,6 +205,7 @@ Patch68: grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch
Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch
Patch70: grub2-default-distributor.patch
Patch71: grub2-menu-unrestricted.patch
Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch
# Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
@ -436,7 +436,6 @@ mv po/grub.pot po/%{name}.pot
%patch10 -p1
%patch12 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
@ -481,6 +480,7 @@ mv po/grub.pot po/%{name}.pot
%patch69 -p1
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1