Accepting request 349298 from Base:System
1 OBS-URL: https://build.opensuse.org/request/show/349298 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=128
This commit is contained in:
commit
26156b0c31
@ -0,0 +1,54 @@
|
||||
From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
|
||||
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Date: Wed, 16 Dec 2015 07:57:18 +0300
|
||||
Subject: [PATCH] Fix security issue when reading username and password
|
||||
|
||||
This patch fixes two integer underflows at:
|
||||
* grub-core/lib/crypto.c
|
||||
* grub-core/normal/auth.c
|
||||
|
||||
CVE-2015-8370
|
||||
|
||||
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
||||
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
|
||||
---
|
||||
grub-core/lib/crypto.c | 3 ++-
|
||||
grub-core/normal/auth.c | 7 +++++--
|
||||
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
||||
index 010e550..683a8aa 100644
|
||||
--- a/grub-core/lib/crypto.c
|
||||
+++ b/grub-core/lib/crypto.c
|
||||
@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
|
||||
|
||||
if (key == '\b')
|
||||
{
|
||||
- cur_len--;
|
||||
+ if (cur_len)
|
||||
+ cur_len--;
|
||||
continue;
|
||||
}
|
||||
|
||||
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
||||
index c6bd96e..8615c48 100644
|
||||
--- a/grub-core/normal/auth.c
|
||||
+++ b/grub-core/normal/auth.c
|
||||
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
|
||||
|
||||
if (key == '\b')
|
||||
{
|
||||
- cur_len--;
|
||||
- grub_printf ("\b");
|
||||
+ if (cur_len)
|
||||
+ {
|
||||
+ cur_len--;
|
||||
+ grub_printf ("\b");
|
||||
+ }
|
||||
continue;
|
||||
}
|
||||
|
||||
--
|
||||
1.9.1
|
||||
|
@ -114,7 +114,7 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
||||
+ chainloader \$cmdpath/${xen_basename} ${xen_basename} $section
|
||||
+ }
|
||||
+ EOF
|
||||
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${rel_dirname}/${basename} ${rel_dirname}/${initrd}; do
|
||||
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${dirname}/${basename} ${dirname}/${initrd}; do
|
||||
+ cp --preserve=timestamps $f $efi_dir
|
||||
+ echo $(basename $f) >> $efi_dir/grub.xen-files
|
||||
+ done
|
||||
|
@ -1,40 +0,0 @@
|
||||
From 86fdefd6b0d447cd7d3d80f794fcd4df2aa96792 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Chang <mchang@suse.com>
|
||||
Date: Thu, 30 Aug 2012 15:27:50 +0800
|
||||
Subject: [PATCH] fix Grub2 with SUSE Xen package install
|
||||
|
||||
References: bnc#774666
|
||||
Patch-Mainline: no
|
||||
|
||||
This fixes Grub2 does not offer a Xen entry after installing hypervisor
|
||||
and tools, which is caused by install sequence of xen-kernel and xen is
|
||||
unpredictable.
|
||||
|
||||
By judging the system is dom0 with xen kernel installed, the xen_list
|
||||
will be set to /boot/xen.gz if it's empty. Because the xen kernel would
|
||||
trigger the config updated prior to the xen package installation.
|
||||
---
|
||||
util/grub.d/20_linux_xen.in | 13 +++++++++++++
|
||||
1 files changed, 13 insertions(+), 0 deletions(-)
|
||||
|
||||
Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
||||
===================================================================
|
||||
--- grub-2.02~beta2.orig/util/grub.d/20_linux_xen.in
|
||||
+++ grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
||||
@@ -182,6 +182,16 @@ else
|
||||
if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
|
||||
done`
|
||||
fi
|
||||
+
|
||||
+# bnc#774666 - Grub2 does not offer a Xen entry after installing hypervisor and tools
|
||||
+# This is a workaround to the install sequence of xen-kernel and xen is unpredictable
|
||||
+if [ "x${xen_list}" = "x" ]; then
|
||||
+# If the code reaches here, it means that xen-kernel has been installed, but xen hypervisor
|
||||
+# is missing. This is not likely a sane condition for dom0. We assume this is xen-kernel
|
||||
+# triggers config update prior to the xen package.
|
||||
+ xen_list="/boot/xen.gz"
|
||||
+fi
|
||||
+
|
||||
prepare_boot_cache=
|
||||
boot_device_id=
|
||||
|
@ -41,18 +41,33 @@ if [ -n "${suse_cddev_content}" -a -n "${suse_cddev_product}" -a "${suse_cddev_c
|
||||
set suse_cddev="${suse_cddev_content}"
|
||||
fi
|
||||
|
||||
hdcfg_lst="/boot/grub2/grub.cfg \
|
||||
hdcfg_list="/boot/grub2/grub.cfg \
|
||||
/@/boot/grub2/grub.cfg \
|
||||
/boot/grub/menu.lst \
|
||||
/grub2/grub.cfg \
|
||||
/@/.snapshots/1/snapshot/boot/grub2/grub.cfg \
|
||||
/.snapshots/1/snapshot/boot/grub2/grub.cfg \
|
||||
/grub2/grub.cfg"
|
||||
|
||||
hdlst_list="/boot/grub/menu.lst \
|
||||
/grub/menu.lst"
|
||||
|
||||
set hdcfg=""
|
||||
for c in ${hdcfg_lst}; do
|
||||
for c in ${hdcfg_list}; do
|
||||
if search -s hddev -f "${c}"; then
|
||||
set hdcfg="${c}"
|
||||
menuentry "${hddev} Boot From Hard Disk ($c)" {
|
||||
set root="${hddev}"
|
||||
configfile "${c}"
|
||||
}
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
for c in ${hdlst_list}; do
|
||||
if search -s hddev -f "${c}"; then
|
||||
menuentry "${hddev} Boot From Hard Disk (${c})" {
|
||||
set root="${hddev}"
|
||||
legacy_configfile "${c}"
|
||||
}
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
set timeout=0
|
||||
@ -113,10 +128,3 @@ if [ -n "${suse_cddev}" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${hddev}" ] ; then
|
||||
set default="Boot From Hard Disk"
|
||||
menuentry "${hddev} Boot From Hard Disk" {
|
||||
set root="${hddev}"
|
||||
configfile "${hdcfg}"
|
||||
}
|
||||
fi
|
@ -1,3 +1,33 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com
|
||||
|
||||
- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch
|
||||
Fix for CVE-2015-8370 [boo#956631]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com
|
||||
|
||||
- Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel
|
||||
and initrd to ESP (boo#958193)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 7 08:03:41 UTC 2015 - olaf@aepfle.de
|
||||
|
||||
- Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 4 17:06:17 UTC 2015 - olaf@aepfle.de
|
||||
|
||||
- grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 26 10:22:28 UTC 2015 - mchang@suse.com
|
||||
|
||||
- Expand list of grub.cfg search path in PV Xen guest for systems
|
||||
installed to btrfs snapshot. (bsc#946148) (bsc#952539)
|
||||
* modified grub2-xen.cfg
|
||||
- drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 18 19:33:42 UTC 2015 - arvidjaar@gmail.com
|
||||
|
||||
|
@ -146,7 +146,7 @@ Source11: SLES-UEFI-CA-Certificate.crt
|
||||
Source12: grub2-snapper-plugin.sh
|
||||
Source14: 80_suse_btrfs_snapshot
|
||||
Source15: grub2-once.service
|
||||
Source16: grub2-xen.cfg
|
||||
Source16: grub2-xen-pv-firmware.cfg
|
||||
# required hook for systemd-sleep (bsc#941758)
|
||||
Source17: grub2-systemd-sleep.sh
|
||||
Source1000: PATCH_POLICY
|
||||
@ -160,7 +160,6 @@ Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
|
||||
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
|
||||
Patch12: grub2-fix-menu-in-xen-host-server.patch
|
||||
Patch15: not-display-menu-when-boot-once.patch
|
||||
Patch16: grub2-fix-Grub2-with-SUSE-Xen-package-install.patch
|
||||
Patch17: grub2-pass-corret-root-for-nfsroot.patch
|
||||
Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch
|
||||
Patch19: grub2-efi-HP-workaround.patch
|
||||
@ -206,6 +205,7 @@ Patch68: grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch
|
||||
Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch
|
||||
Patch70: grub2-default-distributor.patch
|
||||
Patch71: grub2-menu-unrestricted.patch
|
||||
Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch
|
||||
# Btrfs snapshot booting related patches
|
||||
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
|
||||
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
|
||||
@ -436,7 +436,6 @@ mv po/grub.pot po/%{name}.pot
|
||||
%patch10 -p1
|
||||
%patch12 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
@ -481,6 +480,7 @@ mv po/grub.pot po/%{name}.pot
|
||||
%patch69 -p1
|
||||
%patch70 -p1
|
||||
%patch71 -p1
|
||||
%patch72 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user