From 0c1138cf1b63e8c7621566a719d0fd1bba92035f69c139d715acba1205cd15b9 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov Date: Fri, 27 Nov 2015 09:14:56 +0000 Subject: [PATCH 1/5] Accepting request 346456 from home:michael-chang:branches:Base:System - Expand list of grub.cfg search path in PV Xen guest for systems installed to btrfs snapshot. (bsc#946148) (bsc#952539) * modified grub2-xen.cfg - drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666) OBS-URL: https://build.opensuse.org/request/show/346456 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=190 --- ...-Grub2-with-SUSE-Xen-package-install.patch | 40 ------------------- grub2-xen.cfg | 2 + grub2.changes | 8 ++++ grub2.spec | 4 +- 4 files changed, 11 insertions(+), 43 deletions(-) delete mode 100644 grub2-fix-Grub2-with-SUSE-Xen-package-install.patch diff --git a/grub2-fix-Grub2-with-SUSE-Xen-package-install.patch b/grub2-fix-Grub2-with-SUSE-Xen-package-install.patch deleted file mode 100644 index 025410f..0000000 --- a/grub2-fix-Grub2-with-SUSE-Xen-package-install.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 86fdefd6b0d447cd7d3d80f794fcd4df2aa96792 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 30 Aug 2012 15:27:50 +0800 -Subject: [PATCH] fix Grub2 with SUSE Xen package install - -References: bnc#774666 -Patch-Mainline: no - -This fixes Grub2 does not offer a Xen entry after installing hypervisor -and tools, which is caused by install sequence of xen-kernel and xen is -unpredictable. - -By judging the system is dom0 with xen kernel installed, the xen_list -will be set to /boot/xen.gz if it's empty. Because the xen kernel would -trigger the config updated prior to the xen package installation. ---- - util/grub.d/20_linux_xen.in | 13 +++++++++++++ - 1 files changed, 13 insertions(+), 0 deletions(-) - -Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in -=================================================================== ---- grub-2.02~beta2.orig/util/grub.d/20_linux_xen.in -+++ grub-2.02~beta2/util/grub.d/20_linux_xen.in -@@ -182,6 +182,16 @@ else - if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi - done` - fi -+ -+# bnc#774666 - Grub2 does not offer a Xen entry after installing hypervisor and tools -+# This is a workaround to the install sequence of xen-kernel and xen is unpredictable -+if [ "x${xen_list}" = "x" ]; then -+# If the code reaches here, it means that xen-kernel has been installed, but xen hypervisor -+# is missing. This is not likely a sane condition for dom0. We assume this is xen-kernel -+# triggers config update prior to the xen package. -+ xen_list="/boot/xen.gz" -+fi -+ - prepare_boot_cache= - boot_device_id= - diff --git a/grub2-xen.cfg b/grub2-xen.cfg index 5bb3ab8..d703958 100644 --- a/grub2-xen.cfg +++ b/grub2-xen.cfg @@ -43,6 +43,8 @@ fi hdcfg_lst="/boot/grub2/grub.cfg \ /@/boot/grub2/grub.cfg \ +/@/.snapshots/1/snapshot/boot/grub2/grub.cfg \ +/.snapshots/1/snapshot/boot/grub2/grub.cfg \ /boot/grub/menu.lst \ /grub2/grub.cfg \ /grub/menu.lst" diff --git a/grub2.changes b/grub2.changes index 39960cf..49ce92f 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Nov 26 10:22:28 UTC 2015 - mchang@suse.com + +- Expand list of grub.cfg search path in PV Xen guest for systems + installed to btrfs snapshot. (bsc#946148) (bsc#952539) + * modified grub2-xen.cfg +- drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666) + ------------------------------------------------------------------- Wed Nov 18 19:33:42 UTC 2015 - arvidjaar@gmail.com diff --git a/grub2.spec b/grub2.spec index 6e303d1..e5f994c 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,7 +1,7 @@ # # spec file for package grub2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -160,7 +160,6 @@ Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch Patch12: grub2-fix-menu-in-xen-host-server.patch Patch15: not-display-menu-when-boot-once.patch -Patch16: grub2-fix-Grub2-with-SUSE-Xen-package-install.patch Patch17: grub2-pass-corret-root-for-nfsroot.patch Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch Patch19: grub2-efi-HP-workaround.patch @@ -436,7 +435,6 @@ mv po/grub.pot po/%{name}.pot %patch10 -p1 %patch12 -p1 %patch15 -p1 -%patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 From 763229aac066f79b074bdc732d9ca3d13be4f19d325eb0ec20195bd10257ed3d Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Tue, 8 Dec 2015 07:55:20 +0000 Subject: [PATCH 2/5] Accepting request 347723 from home:olh:branches:Base:System - Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795) - grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795) OBS-URL: https://build.opensuse.org/request/show/347723 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=191 --- grub2-xen.cfg => grub2-xen-pv-firmware.cfg | 34 +++++++++++++--------- grub2.changes | 10 +++++++ grub2.spec | 4 +-- 3 files changed, 32 insertions(+), 16 deletions(-) rename grub2-xen.cfg => grub2-xen-pv-firmware.cfg (88%) diff --git a/grub2-xen.cfg b/grub2-xen-pv-firmware.cfg similarity index 88% rename from grub2-xen.cfg rename to grub2-xen-pv-firmware.cfg index d703958..788ed86 100644 --- a/grub2-xen.cfg +++ b/grub2-xen-pv-firmware.cfg @@ -41,20 +41,33 @@ if [ -n "${suse_cddev_content}" -a -n "${suse_cddev_product}" -a "${suse_cddev_c set suse_cddev="${suse_cddev_content}" fi -hdcfg_lst="/boot/grub2/grub.cfg \ +hdcfg_list="/boot/grub2/grub.cfg \ /@/boot/grub2/grub.cfg \ /@/.snapshots/1/snapshot/boot/grub2/grub.cfg \ /.snapshots/1/snapshot/boot/grub2/grub.cfg \ -/boot/grub/menu.lst \ -/grub2/grub.cfg \ +/grub2/grub.cfg" + +hdlst_list="/boot/grub/menu.lst \ /grub/menu.lst" -set hdcfg="" -for c in ${hdcfg_lst}; do +for c in ${hdcfg_list}; do if search -s hddev -f "${c}"; then - set hdcfg="${c}" + menuentry "${hddev} Boot From Hard Disk ($c)" { + set root="${hddev}" + configfile "${c}" + } break - fi + fi +done + +for c in ${hdlst_list}; do + if search -s hddev -f "${c}"; then + menuentry "${hddev} Boot From Hard Disk (${c})" { + set root="${hddev}" + legacy_configfile "${c}" + } + break + fi done set timeout=0 @@ -115,10 +128,3 @@ if [ -n "${suse_cddev}" ]; then fi fi -if [ -n "${hddev}" ] ; then - set default="Boot From Hard Disk" - menuentry "${hddev} Boot From Hard Disk" { - set root="${hddev}" - configfile "${hdcfg}" - } -fi diff --git a/grub2.changes b/grub2.changes index 49ce92f..38667da 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Dec 7 08:03:41 UTC 2015 - olaf@aepfle.de + +- Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795) + +------------------------------------------------------------------- +Fri Dec 4 17:06:17 UTC 2015 - olaf@aepfle.de + +- grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795) + ------------------------------------------------------------------- Thu Nov 26 10:22:28 UTC 2015 - mchang@suse.com diff --git a/grub2.spec b/grub2.spec index e5f994c..e393132 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,7 +1,7 @@ # # spec file for package grub2 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -146,7 +146,7 @@ Source11: SLES-UEFI-CA-Certificate.crt Source12: grub2-snapper-plugin.sh Source14: 80_suse_btrfs_snapshot Source15: grub2-once.service -Source16: grub2-xen.cfg +Source16: grub2-xen-pv-firmware.cfg # required hook for systemd-sleep (bsc#941758) Source17: grub2-systemd-sleep.sh Source1000: PATCH_POLICY From 6af81371e59330fbbea1d0ec70ea71d34e2a9123429cea80752350a61c37b482 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 10 Dec 2015 03:21:58 +0000 Subject: [PATCH 3/5] Accepting request 348163 from home:arvidjaar:branches:Base:System - Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel and initrd to ESP (boo#958193) OBS-URL: https://build.opensuse.org/request/show/348163 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=192 --- grub2-efi-xen-chainload.patch | 2 +- grub2.changes | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/grub2-efi-xen-chainload.patch b/grub2-efi-xen-chainload.patch index 6702593..f0c1196 100644 --- a/grub2-efi-xen-chainload.patch +++ b/grub2-efi-xen-chainload.patch @@ -114,7 +114,7 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in + chainloader \$cmdpath/${xen_basename} ${xen_basename} $section + } + EOF -+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${rel_dirname}/${basename} ${rel_dirname}/${initrd}; do ++ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${dirname}/${basename} ${dirname}/${initrd}; do + cp --preserve=timestamps $f $efi_dir + echo $(basename $f) >> $efi_dir/grub.xen-files + done diff --git a/grub2.changes b/grub2.changes index 38667da..6b946e6 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com + +- Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel + and initrd to ESP (boo#958193) + ------------------------------------------------------------------- Mon Dec 7 08:03:41 UTC 2015 - olaf@aepfle.de From bc2335ce74b2f7405bcf41c5e7f0385320df8a0fe7260b6dbf971149f271ee8f Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 17 Dec 2015 02:45:19 +0000 Subject: [PATCH 4/5] Accepting request 349095 from home:arvidjaar:branches:Base:System - Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch Fix for CVE-2015-8370. OBS-URL: https://build.opensuse.org/request/show/349095 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=193 --- ...ue-when-reading-username-and-passwor.patch | 54 +++++++++++++++++++ grub2.changes | 6 +++ grub2.spec | 2 + 3 files changed, 62 insertions(+) create mode 100644 0001-Fix-security-issue-when-reading-username-and-passwor.patch diff --git a/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/0001-Fix-security-issue-when-reading-username-and-passwor.patch new file mode 100644 index 0000000..9a93256 --- /dev/null +++ b/0001-Fix-security-issue-when-reading-username-and-passwor.patch @@ -0,0 +1,54 @@ +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Wed, 16 Dec 2015 07:57:18 +0300 +Subject: [PATCH] Fix security issue when reading username and password + +This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +Also-By: Andrey Borzenkov +--- + grub-core/lib/crypto.c | 3 ++- + grub-core/normal/auth.c | 7 +++++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..683a8aa 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; ++ if (cur_len) ++ cur_len--; + continue; + } + +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..8615c48 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; +- grub_printf ("\b"); ++ if (cur_len) ++ { ++ cur_len--; ++ grub_printf ("\b"); ++ } + continue; + } + +-- +1.9.1 + diff --git a/grub2.changes b/grub2.changes index 6b946e6..f8d5ed2 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com + +- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch + Fix for CVE-2015-8370. + ------------------------------------------------------------------- Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com diff --git a/grub2.spec b/grub2.spec index e393132..7d8bebb 100644 --- a/grub2.spec +++ b/grub2.spec @@ -205,6 +205,7 @@ Patch68: grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch Patch70: grub2-default-distributor.patch Patch71: grub2-menu-unrestricted.patch +Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch # Btrfs snapshot booting related patches Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch Patch102: grub2-btrfs-02-export-subvolume-envvars.patch @@ -479,6 +480,7 @@ mv po/grub.pot po/%{name}.pot %patch69 -p1 %patch70 -p1 %patch71 -p1 +%patch72 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 From a92ea02ca411427476b234b6eb8a21084dd2f68903be1b8474efc5dbaf01e83a Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 17 Dec 2015 09:06:16 +0000 Subject: [PATCH 5/5] Accepting request 349296 from home:AndreasStieger:branches:Base:System Add bug number for CVE-2015-8370 [boo#956631] OBS-URL: https://build.opensuse.org/request/show/349296 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=194 --- grub2.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub2.changes b/grub2.changes index f8d5ed2..55ca0ac 100644 --- a/grub2.changes +++ b/grub2.changes @@ -2,7 +2,7 @@ Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com - Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch - Fix for CVE-2015-8370. + Fix for CVE-2015-8370 [boo#956631] ------------------------------------------------------------------- Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com