Accepting request 349298 from Base:System
1 OBS-URL: https://build.opensuse.org/request/show/349298 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grub2?expand=0&rev=128
This commit is contained in:
commit
26156b0c31
@ -0,0 +1,54 @@
|
|||||||
|
From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||||
|
Date: Wed, 16 Dec 2015 07:57:18 +0300
|
||||||
|
Subject: [PATCH] Fix security issue when reading username and password
|
||||||
|
|
||||||
|
This patch fixes two integer underflows at:
|
||||||
|
* grub-core/lib/crypto.c
|
||||||
|
* grub-core/normal/auth.c
|
||||||
|
|
||||||
|
CVE-2015-8370
|
||||||
|
|
||||||
|
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
||||||
|
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
||||||
|
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
|
||||||
|
---
|
||||||
|
grub-core/lib/crypto.c | 3 ++-
|
||||||
|
grub-core/normal/auth.c | 7 +++++--
|
||||||
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
||||||
|
index 010e550..683a8aa 100644
|
||||||
|
--- a/grub-core/lib/crypto.c
|
||||||
|
+++ b/grub-core/lib/crypto.c
|
||||||
|
@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
|
||||||
|
|
||||||
|
if (key == '\b')
|
||||||
|
{
|
||||||
|
- cur_len--;
|
||||||
|
+ if (cur_len)
|
||||||
|
+ cur_len--;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
||||||
|
index c6bd96e..8615c48 100644
|
||||||
|
--- a/grub-core/normal/auth.c
|
||||||
|
+++ b/grub-core/normal/auth.c
|
||||||
|
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
|
||||||
|
|
||||||
|
if (key == '\b')
|
||||||
|
{
|
||||||
|
- cur_len--;
|
||||||
|
- grub_printf ("\b");
|
||||||
|
+ if (cur_len)
|
||||||
|
+ {
|
||||||
|
+ cur_len--;
|
||||||
|
+ grub_printf ("\b");
|
||||||
|
+ }
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.9.1
|
||||||
|
|
@ -114,7 +114,7 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
|||||||
+ chainloader \$cmdpath/${xen_basename} ${xen_basename} $section
|
+ chainloader \$cmdpath/${xen_basename} ${xen_basename} $section
|
||||||
+ }
|
+ }
|
||||||
+ EOF
|
+ EOF
|
||||||
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${rel_dirname}/${basename} ${rel_dirname}/${initrd}; do
|
+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename} ${dirname}/${basename} ${dirname}/${initrd}; do
|
||||||
+ cp --preserve=timestamps $f $efi_dir
|
+ cp --preserve=timestamps $f $efi_dir
|
||||||
+ echo $(basename $f) >> $efi_dir/grub.xen-files
|
+ echo $(basename $f) >> $efi_dir/grub.xen-files
|
||||||
+ done
|
+ done
|
||||||
|
@ -1,40 +0,0 @@
|
|||||||
From 86fdefd6b0d447cd7d3d80f794fcd4df2aa96792 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Chang <mchang@suse.com>
|
|
||||||
Date: Thu, 30 Aug 2012 15:27:50 +0800
|
|
||||||
Subject: [PATCH] fix Grub2 with SUSE Xen package install
|
|
||||||
|
|
||||||
References: bnc#774666
|
|
||||||
Patch-Mainline: no
|
|
||||||
|
|
||||||
This fixes Grub2 does not offer a Xen entry after installing hypervisor
|
|
||||||
and tools, which is caused by install sequence of xen-kernel and xen is
|
|
||||||
unpredictable.
|
|
||||||
|
|
||||||
By judging the system is dom0 with xen kernel installed, the xen_list
|
|
||||||
will be set to /boot/xen.gz if it's empty. Because the xen kernel would
|
|
||||||
trigger the config updated prior to the xen package installation.
|
|
||||||
---
|
|
||||||
util/grub.d/20_linux_xen.in | 13 +++++++++++++
|
|
||||||
1 files changed, 13 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
|
||||||
===================================================================
|
|
||||||
--- grub-2.02~beta2.orig/util/grub.d/20_linux_xen.in
|
|
||||||
+++ grub-2.02~beta2/util/grub.d/20_linux_xen.in
|
|
||||||
@@ -182,6 +182,16 @@ else
|
|
||||||
if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
|
|
||||||
done`
|
|
||||||
fi
|
|
||||||
+
|
|
||||||
+# bnc#774666 - Grub2 does not offer a Xen entry after installing hypervisor and tools
|
|
||||||
+# This is a workaround to the install sequence of xen-kernel and xen is unpredictable
|
|
||||||
+if [ "x${xen_list}" = "x" ]; then
|
|
||||||
+# If the code reaches here, it means that xen-kernel has been installed, but xen hypervisor
|
|
||||||
+# is missing. This is not likely a sane condition for dom0. We assume this is xen-kernel
|
|
||||||
+# triggers config update prior to the xen package.
|
|
||||||
+ xen_list="/boot/xen.gz"
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
prepare_boot_cache=
|
|
||||||
boot_device_id=
|
|
||||||
|
|
@ -41,18 +41,33 @@ if [ -n "${suse_cddev_content}" -a -n "${suse_cddev_product}" -a "${suse_cddev_c
|
|||||||
set suse_cddev="${suse_cddev_content}"
|
set suse_cddev="${suse_cddev_content}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
hdcfg_lst="/boot/grub2/grub.cfg \
|
hdcfg_list="/boot/grub2/grub.cfg \
|
||||||
/@/boot/grub2/grub.cfg \
|
/@/boot/grub2/grub.cfg \
|
||||||
/boot/grub/menu.lst \
|
/@/.snapshots/1/snapshot/boot/grub2/grub.cfg \
|
||||||
/grub2/grub.cfg \
|
/.snapshots/1/snapshot/boot/grub2/grub.cfg \
|
||||||
|
/grub2/grub.cfg"
|
||||||
|
|
||||||
|
hdlst_list="/boot/grub/menu.lst \
|
||||||
/grub/menu.lst"
|
/grub/menu.lst"
|
||||||
|
|
||||||
set hdcfg=""
|
for c in ${hdcfg_list}; do
|
||||||
for c in ${hdcfg_lst}; do
|
|
||||||
if search -s hddev -f "${c}"; then
|
if search -s hddev -f "${c}"; then
|
||||||
set hdcfg="${c}"
|
menuentry "${hddev} Boot From Hard Disk ($c)" {
|
||||||
|
set root="${hddev}"
|
||||||
|
configfile "${c}"
|
||||||
|
}
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
for c in ${hdlst_list}; do
|
||||||
|
if search -s hddev -f "${c}"; then
|
||||||
|
menuentry "${hddev} Boot From Hard Disk (${c})" {
|
||||||
|
set root="${hddev}"
|
||||||
|
legacy_configfile "${c}"
|
||||||
|
}
|
||||||
|
break
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
set timeout=0
|
set timeout=0
|
||||||
@ -113,10 +128,3 @@ if [ -n "${suse_cddev}" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${hddev}" ] ; then
|
|
||||||
set default="Boot From Hard Disk"
|
|
||||||
menuentry "${hddev} Boot From Hard Disk" {
|
|
||||||
set root="${hddev}"
|
|
||||||
configfile "${hdcfg}"
|
|
||||||
}
|
|
||||||
fi
|
|
@ -1,3 +1,33 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com
|
||||||
|
|
||||||
|
- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch
|
||||||
|
Fix for CVE-2015-8370 [boo#956631]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com
|
||||||
|
|
||||||
|
- Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel
|
||||||
|
and initrd to ESP (boo#958193)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 7 08:03:41 UTC 2015 - olaf@aepfle.de
|
||||||
|
|
||||||
|
- Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 4 17:06:17 UTC 2015 - olaf@aepfle.de
|
||||||
|
|
||||||
|
- grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 26 10:22:28 UTC 2015 - mchang@suse.com
|
||||||
|
|
||||||
|
- Expand list of grub.cfg search path in PV Xen guest for systems
|
||||||
|
installed to btrfs snapshot. (bsc#946148) (bsc#952539)
|
||||||
|
* modified grub2-xen.cfg
|
||||||
|
- drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 18 19:33:42 UTC 2015 - arvidjaar@gmail.com
|
Wed Nov 18 19:33:42 UTC 2015 - arvidjaar@gmail.com
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ Source11: SLES-UEFI-CA-Certificate.crt
|
|||||||
Source12: grub2-snapper-plugin.sh
|
Source12: grub2-snapper-plugin.sh
|
||||||
Source14: 80_suse_btrfs_snapshot
|
Source14: 80_suse_btrfs_snapshot
|
||||||
Source15: grub2-once.service
|
Source15: grub2-once.service
|
||||||
Source16: grub2-xen.cfg
|
Source16: grub2-xen-pv-firmware.cfg
|
||||||
# required hook for systemd-sleep (bsc#941758)
|
# required hook for systemd-sleep (bsc#941758)
|
||||||
Source17: grub2-systemd-sleep.sh
|
Source17: grub2-systemd-sleep.sh
|
||||||
Source1000: PATCH_POLICY
|
Source1000: PATCH_POLICY
|
||||||
@ -160,7 +160,6 @@ Patch9: grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
|
|||||||
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
|
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
|
||||||
Patch12: grub2-fix-menu-in-xen-host-server.patch
|
Patch12: grub2-fix-menu-in-xen-host-server.patch
|
||||||
Patch15: not-display-menu-when-boot-once.patch
|
Patch15: not-display-menu-when-boot-once.patch
|
||||||
Patch16: grub2-fix-Grub2-with-SUSE-Xen-package-install.patch
|
|
||||||
Patch17: grub2-pass-corret-root-for-nfsroot.patch
|
Patch17: grub2-pass-corret-root-for-nfsroot.patch
|
||||||
Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch
|
Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch
|
||||||
Patch19: grub2-efi-HP-workaround.patch
|
Patch19: grub2-efi-HP-workaround.patch
|
||||||
@ -206,6 +205,7 @@ Patch68: grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch
|
|||||||
Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch
|
Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch
|
||||||
Patch70: grub2-default-distributor.patch
|
Patch70: grub2-default-distributor.patch
|
||||||
Patch71: grub2-menu-unrestricted.patch
|
Patch71: grub2-menu-unrestricted.patch
|
||||||
|
Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch
|
||||||
# Btrfs snapshot booting related patches
|
# Btrfs snapshot booting related patches
|
||||||
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
|
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
|
||||||
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
|
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
|
||||||
@ -436,7 +436,6 @@ mv po/grub.pot po/%{name}.pot
|
|||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
%patch16 -p1
|
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
%patch18 -p1
|
%patch18 -p1
|
||||||
%patch19 -p1
|
%patch19 -p1
|
||||||
@ -481,6 +480,7 @@ mv po/grub.pot po/%{name}.pot
|
|||||||
%patch69 -p1
|
%patch69 -p1
|
||||||
%patch70 -p1
|
%patch70 -p1
|
||||||
%patch71 -p1
|
%patch71 -p1
|
||||||
|
%patch72 -p1
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
%patch103 -p1
|
%patch103 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user