From 2c9537e27495afdf929975c8a154cc66de902df0 Mon Sep 17 00:00:00 2001 From: Dirk Neukirchen Date: Thu, 10 Jun 2021 12:15:58 +0200 Subject: [PATCH] grub2: update to 2.06 -300-CVE-2015-8370.patch is upstreamed with different code (upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2) - fixup OpenWrts setup_root patch compile tested: x86_64,i386 runtime tested: VM x86_64,VM i386 - booted fine - grub-editenv worked Signed-off-by: Dirk Neukirchen --- package/boot/grub2/Makefile | 6 +-- .../grub2/patches/100-grub_setup_root.patch | 32 +++++++-------- .../grub2/patches/300-CVE-2015-8370.patch | 40 ------------------- 3 files changed, 19 insertions(+), 59 deletions(-) delete mode 100644 package/boot/grub2/patches/300-CVE-2015-8370.patch diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile index 3cdb608cbf6..9c67ff589b1 100644 --- a/package/boot/grub2/Makefile +++ b/package/boot/grub2/Makefile @@ -7,12 +7,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=grub PKG_CPE_ID:=cpe:/a:gnu:grub2 -PKG_VERSION:=2.06~rc1 +PKG_VERSION:=2.06 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub -PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484 +PKG_SOURCE_URL:=@GNU/grub +PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 HOST_BUILD_PARALLEL:=1 PKG_BUILD_DEPENDS:=grub2/host diff --git a/package/boot/grub2/patches/100-grub_setup_root.patch b/package/boot/grub2/patches/100-grub_setup_root.patch index e075d052cbc..f20b310e120 100644 --- a/package/boot/grub2/patches/100-grub_setup_root.patch +++ b/package/boot/grub2/patches/100-grub_setup_root.patch @@ -18,24 +18,24 @@ --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1720,7 +1720,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ +@@ -1721,7 +1721,7 @@ main (int argc, char *argv[]) if (install_bootsector) - grub_util_bios_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, add_rs_codes, - !grub_install_is_short_mbrgap_supported ()); - break; -@@ -1747,7 +1747,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ + { + grub_util_bios_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, add_rs_codes, + !grub_install_is_short_mbrgap_supported ()); + +@@ -1752,7 +1752,7 @@ main (int argc, char *argv[]) if (install_bootsector) - grub_util_sparc_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, - 0 /* unused */, 0 /* unused */ ); - break; + { + grub_util_sparc_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, + 0 /* unused */, 0 /* unused */ ); + --- a/util/grub-setup.c +++ b/util/grub-setup.c @@ -87,6 +87,8 @@ static struct argp_option options[] = { diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch deleted file mode 100644 index 22f6c90928a..00000000000 --- a/package/boot/grub2/patches/300-CVE-2015-8370.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert -Signed-off-by: Ismael Ripoll-Ripoll ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - if (cur_len) - cur_len--; ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned - break; - } - -- if (key == GRUB_TERM_BACKSPACE) -+ if (key == GRUB_TERM_BACKSPACE && cur_len) - { - if (cur_len) - { -- 2.30.2