diff options
author | foutrelis | 2015-12-15 15:59:37 +0000 |
---|---|---|
committer | svntogit | 2015-12-15 15:59:37 +0000 |
commit | c8829704308eb9a6e6140aa01d987fed1e926985 (patch) | |
tree | 1210ae29541bb90fcde3d3e30bfd3194e35e6706 | |
parent | ac71ff9ed5b3e0db51a6c7b0034d332590d8afdb (diff) | |
download | aur-c8829704308eb9a6e6140aa01d987fed1e926985.tar.gz |
upgpkg: grub 1:2.02.beta2-6
- Fix CVE-2015-8370: Grub2 Authentication Bypass (FS#47386).
- Lock grub-extras revision to fix build failure (FS#46165).
git-svn-id: file:///srv/repos/svn-packages/svn@256230 eb2447ed-0c53-47e4-bac8-5bc4a241df78
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | 0001-Fix-security-issue-when-reading-username-and-passwor.patch | 47 | ||||
-rw-r--r-- | PKGBUILD | 16 |
3 files changed, 62 insertions, 7 deletions
@@ -1,7 +1,7 @@ pkgbase = grub pkgdesc = GNU GRand Unified Bootloader (2) pkgver = 2.02.beta2 - pkgrel = 5 + pkgrel = 6 epoch = 1 url = https://www.gnu.org/software/grub/ install = grub.install @@ -49,9 +49,10 @@ pkgbase = grub backup = etc/default/grub backup = etc/grub.d/40_custom source = grub-2.02::git+git://git.sv.gnu.org/grub.git#tag=grub-2.02-beta2 - source = grub-extras::git+git://git.sv.gnu.org/grub-extras.git#branch=master + source = grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=4a56e2c2cc3d78f12f1788c27669a651071dee49 source = http://ftp.gnu.org/gnu/unifont/unifont-6.3.20131217/unifont-6.3.20131217.bdf.gz source = http://ftp.gnu.org/gnu/unifont/unifont-6.3.20131217/unifont-6.3.20131217.bdf.gz.sig + source = 0001-Fix-security-issue-when-reading-username-and-passwor.patch source = grub-10_linux-detect-archlinux-initramfs.patch source = grub-intel-ucode.patch source = grub-add-GRUB_COLOR_variables.patch @@ -63,6 +64,7 @@ pkgbase = grub md5sums = SKIP md5sums = 728b7439ac733a7c0d56049adec364c7 md5sums = SKIP + md5sums = 9589ec46a04f9bb4d5da987340a4a324 md5sums = 945527e0de8d384166a4cf23439ae9ee md5sums = a678629bc82c4e70c48d28242036d1d7 md5sums = e506ae4a9f9f7d1b765febfa84e10d48 diff --git a/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/0001-Fix-security-issue-when-reading-username-and-passwor.patch new file mode 100644 index 000000000000..aa07f2ffc483 --- /dev/null +++ b/0001-Fix-security-issue-when-reading-username-and-passwor.patch @@ -0,0 +1,47 @@ +From e16eeda1200deabd0d3a4af968d526d62845a85f Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecmargi@upv.es> +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..524a3d8 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +-- +2.6.4 + @@ -10,6 +10,7 @@ _GRUB_EMU_BUILD="0" _pkgver="2.02" _GRUB_GIT_TAG="grub-2.02-beta2" +_GRUB_EXTRAS_COMMIT=4a56e2c2cc3d78f12f1788c27669a651071dee49 _UNIFONT_VER="6.3.20131217" @@ -22,8 +23,8 @@ _UNIFONT_VER="6.3.20131217" pkgname="grub" pkgdesc="GNU GRand Unified Bootloader (2)" pkgver=2.02.beta2 -pkgrel=5 -epoch="1" +pkgrel=6 +epoch=1 url="https://www.gnu.org/software/grub/" arch=('x86_64' 'i686') license=('GPL3') @@ -53,11 +54,12 @@ if [[ "${_GRUB_EMU_BUILD}" == "1" ]]; then fi source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG}" - "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#branch=master" + "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=${_GRUB_EXTRAS_COMMIT}" "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz" "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig" + '0001-Fix-security-issue-when-reading-username-and-passwor.patch' 'grub-10_linux-detect-archlinux-initramfs.patch' - 'grub-intel-ucode.patch' + 'grub-intel-ucode.patch' 'grub-add-GRUB_COLOR_variables.patch' '60_memtest86+' 'grub.default' @@ -67,8 +69,9 @@ md5sums=('SKIP' 'SKIP' '728b7439ac733a7c0d56049adec364c7' 'SKIP' + '9589ec46a04f9bb4d5da987340a4a324' '945527e0de8d384166a4cf23439ae9ee' - 'a678629bc82c4e70c48d28242036d1d7' + 'a678629bc82c4e70c48d28242036d1d7' 'e506ae4a9f9f7d1b765febfa84e10d48' 'be55eabc102f2c60b38ed35c203686d6' 'a03ffd56324520393bf574cefccb893d' @@ -83,6 +86,9 @@ _pkgver() { prepare() { cd "${srcdir}/grub-${_pkgver}/" + + # CVE-2015-8370 + patch -Np1 -i ../0001-Fix-security-issue-when-reading-username-and-passwor.patch msg "Patch to load Intel microcode" patch -Np1 -i "${srcdir}/grub-intel-ucode.patch" |