diff options
Diffstat (limited to 'libre/grub')
4 files changed, 18 insertions, 147 deletions
diff --git a/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch deleted file mode 100644 index aa07f2ffc..000000000 --- a/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e16eeda1200deabd0d3a4af968d526d62845a85f Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -2.6.4 - diff --git a/libre/grub/0005-10_linux-fix-grouping-of-tests.patch b/libre/grub/0005-10_linux-fix-grouping-of-tests.patch deleted file mode 100644 index a57b1ecf8..000000000 --- a/libre/grub/0005-10_linux-fix-grouping-of-tests.patch +++ /dev/null @@ -1,22 +0,0 @@ -commit 082bc9f77b200eb48a5f1147163dea9c9d02d44c -Author: Mike Gilbert <floppym@gentoo.org> -Date: Sat Mar 5 17:30:48 2016 -0500 - - 10_linux: Fix grouping of tests for GRUB_DEVICE - - Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to - mixing of || and && operators. Add some parens to help with that. - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 5a78513..de9044c 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -47,7 +47,7 @@ esac - # and mounting btrfs requires user space scanning, so force UUID in this case. - if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ - || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ -- || test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm; then -+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then - LINUX_ROOT_DEVICE=${GRUB_DEVICE} - else - LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} diff --git a/libre/grub/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch b/libre/grub/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch deleted file mode 100644 index b79610724..000000000 --- a/libre/grub/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ce95549cc54b5d6f494608a7c390dba3aab4fba7 Mon Sep 17 00:00:00 2001 -From: Andrei Borzenkov <arvidjaar@gmail.com> -Date: Thu, 15 Dec 2016 16:07:00 +0300 -Subject: efi: properly terminate filepath with NULL in chainloader - -EFI File Path Media Device Path is defined as NULL terminated string; -but chainloader built file paths without final NULL. This caused error -with Secure Boot and Linux Foundation PreLoader on Acer with InsydeH20 BIOS. -Apparently firmware failed verification with EFI_INVALID_PARAMETER which is -considered fatal error by PreLoader. - -Reported and tested by Giovanni Santini <itachi.sama.amaterasu@gmail.com> ---- - grub-core/loader/efi/chainloader.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 522a716..adc8563 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -122,6 +122,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, - if (*p == '/') - *p = '\\'; - -+ /* File Path is NULL terminated */ -+ fp->path_name[size++] = '\0'; - fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); - } - -@@ -156,8 +158,10 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - d = GRUB_EFI_NEXT_DEVICE_PATH (d); - } - -+ /* File Path is NULL terminated. Allocate space for 2 extra characters */ -+ /* FIXME why we split path in two components? */ - file_path = grub_malloc (size -- + ((grub_strlen (dir_start) + 1) -+ + ((grub_strlen (dir_start) + 2) - * GRUB_MAX_UTF16_PER_UTF8 - * sizeof (grub_efi_char16_t)) - + sizeof (grub_efi_file_path_device_path_t) * 2); --- -cgit v1.0 - diff --git a/libre/grub/PKGBUILD b/libre/grub/PKGBUILD index ba993a8b4..fd0de287d 100644 --- a/libre/grub/PKGBUILD +++ b/libre/grub/PKGBUILD @@ -17,7 +17,7 @@ _IA32_XEN_IN_ARCH_X64='1' _GRUB_EMU_BUILD='0' _pkgver='2.02' -_GRUB_GIT_TAG='grub-2.02-beta3' +_GRUB_GIT_TAG='2.02-rc1' _GRUB_EXTRAS_COMMIT=f2a079441939eee7251bf141986cdd78946e1d20 _UNIFONT_VER='9.0.06' @@ -37,8 +37,8 @@ pkgname=('grub') [[ $CARCH = armv7h ]] && pkgname+=('grub-am335x_bone' 'grub-udoo' 'grub-omap3_beagle' 'grub-omap3_beagle_xm' 'grub-omap3_beagle_xm_ab') pkgdesc='GNU GRand Unified Bootloader (2), (Parabola rebranded)' -pkgver='2.02.beta3' -pkgrel='6.parabola1' +pkgver='2.02.rc1' +pkgrel='1.parabola1' epoch='1' url='https://www.gnu.org/software/grub/' arch=('x86_64' 'i686' 'armv7h') @@ -73,13 +73,10 @@ fi source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG}" "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=${_GRUB_EXTRAS_COMMIT}" - "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz" - "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig" - '0001-Fix-security-issue-when-reading-username-and-passwor.patch' + "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz" + "https://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig" '0003-10_linux-20_linux_xen-detect-parabola-initramfs.patch' '0004-add-GRUB_COLOR_variables.patch' - '0005-10_linux-fix-grouping-of-tests.patch' - '0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch' 'grub.default' '0003-10_linux-20_linux_xen-detect-am335x_bone+am335x_boneblack-devicetree-file.patch' '0003-10_linux-20_linux_xen-detect-omap3_beagle-devicetree-file.patch' @@ -88,22 +85,19 @@ source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG} '0003-10_linux-20_linux_xen-detect-udoo-devicetree-file.patch' '0003-10_linux-20_linux_xen-rebrand-free-distros.patch') -md5sums=('SKIP' - 'SKIP' - 'd849b5922485692d26bb1cb239259274' - 'SKIP' - '9589ec46a04f9bb4d5da987340a4a324' - '3a9bb9bafe0062388e11f72f0e80ba7e' - 'e506ae4a9f9f7d1b765febfa84e10d48' - 'f1999315bbd25b4b9359919ce9b36144' - 'a248d3f53f1fc38cfd7e49b99a559b43' - '8d1dd54ae4a1b550c097e056892ce953' - 'a46695e19b588a53b8bac9e3b3c56096' - '803f5b5f56ba6d74ca84aea67659116e' - 'b2c20ce3aa7944636b3ea499b40f2160' - '7e3245bdd30e291f44ab8a00b8a38f3e' - '95b721dfe74f42df52b7ae94e0e7c067' - 'e0133ad89ab3014210d4599f396a556e') +sha512sums=('SKIP' + 'SKIP' + 'dac2becc7fa76847231ce30a4b9e22fc9d45fb50846fc7f25611c5c2cbedc31e7745d9295bab3eb7a01efad4f1f2f1161c98efa60048e756421075220817f4b8' + 'SKIP' + '3529ab4d08a4165e081c49dfc1cf40079ad9a1b9dd7ab6d39147fc347cb6aa615fd90292ecd5ecbfb543bf444bef27043a2392029d0210f9b4a6369365d3da1b' + '0ae2f50a397268ea0ff46faa180e699ba956acaa68504d9dde7c33ab194430df57c2e2e5f9fe30b6c31e7806666faad4b274747ba151035e338bcaab3d875c3e' + '96e49cf3d783f5c8caffd60ea6e72112a12854519dc89a18938f372f7413b3fe99339ed8ad9d660ba457e67436cf7c444dc852455b90efa5546729180b88c3a8' + '04262a4a95fa58967e147e39ea71b08cc99aa32a1f0357c46292743f3ea8c05a6ff6fcfc3516a9b61a2a3050781017ed2cabf53fc327b39f7e957d0ddf778165' + 'a406ec5a83d1c03dadc1444d91f1b5e682bc74562dcf6e455009d043015dc2316509517f61c76e2ffec4dce5d03702ae47f2dd9b25671a4d7889e2744b090631' + '46fb2eeb2856bbdda8e115fc9beb61744e3a0bc9a178ec5d01c36a429691ca2362925382eca3144f2ee2438e69e508043d8f2445a6bef79e63e455fb08293426' + '55fb8ea488bb0936a4830eab943cdde986f351796cea259403fa947605c9d39526e0aec987da118cc6cf4c3bbe2a56326a218fbb0709ee7717a62a36a3d31697' + '378635a2a8a685f4efd300f19d7f2192dc664fd16811953520e0d49d90a5af377fa0dc45e0d2abc0d9f6750cd4cf885d6ef54445f7e8d3ed0025f2d087351bfc' + 'eced721bab4256b9afb322cda7b599ac1cae9dfe2effd1d86569bd3bef056cab80783da25181e627abc2422f4048200ae8b46c7dfe5df4441a55ae00434cd172') validpgpkeys=('95D2E9AB8740D8046387FD151A09227B1F435A33') #Paul Hardy @@ -115,10 +109,6 @@ _pkgver() { prepare() { cd "${srcdir}/grub-${_pkgver}/" - msg 'Patch to fix CVE-2015-8370' - # CVE-2015-8370 - patch -Np1 -i "${srcdir}/0001-Fix-security-issue-when-reading-username-and-passwor.patch" - msg 'Patch to detect of Parabola GNU/Linux-libre initramfs images by grub-mkconfig' patch -Np1 -i "${srcdir}/0003-10_linux-20_linux_xen-detect-parabola-initramfs.patch" @@ -126,12 +116,6 @@ prepare() { ## Based on http://lists.gnu.org/archive/html/grub-devel/2012-02/msg00021.html patch -Np1 -i "${srcdir}/0004-add-GRUB_COLOR_variables.patch" - msg 'Patch to fix grouping of tests for GRUB_DEVICE' - patch -Np1 -i "${srcdir}/0005-10_linux-fix-grouping-of-tests.patch" - - msg "Patch to properly terminate filepath with NULL in chainloader" - patch -Np1 -i "${srcdir}/0006-efi-properly-terminate-filepath-with-NULL-in-chainloader.patch" - msg 'Fix DejaVuSans.ttf location so that grub-mkfont can create *.pf2 files for starfield theme' sed 's|/usr/share/fonts/dejavu|/usr/share/fonts/dejavu /usr/share/fonts/TTF|g' -i "${srcdir}/grub-${_pkgver}/configure.ac" |