From ea5eefc94a14a6c0161b3a1e7a792fb8de272dac Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Tue, 22 Dec 2015 10:48:36 -0300
Subject: grub-1:2.02.beta2-6.parabola1: updating revision

* fix CVE-2015-8370: Grub2 Authentication Bypass (FS#47386 -> https://bugs.archlinux.org/task/47386)
* lock grub-extras revision to fix build failure (FS#46165 -> https://bugs.archlinux.org/task/46165)
---
 libre/grub/PKGBUILD | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'libre/grub/PKGBUILD')

diff --git a/libre/grub/PKGBUILD b/libre/grub/PKGBUILD
index 95204924b..5865ab712 100644
--- a/libre/grub/PKGBUILD
+++ b/libre/grub/PKGBUILD
@@ -351,6 +351,7 @@ _GRUB_EMU_BUILD='0'
 
 _pkgver='2.02'
 _GRUB_GIT_TAG='grub-2.02-beta2'
+_GRUB_EXTRAS_COMMIT=4a56e2c2cc3d78f12f1788c27669a651071dee49
 
 _UNIFONT_VER='6.3.20131217'
 
@@ -371,7 +372,7 @@ pkgname=('grub')
                                    'grub-omap3_beagle_xm' 'grub-omap3_beagle_xm_ab')
 pkgdesc='GNU GRand Unified Bootloader (2), (Parabola rebranded)'
 pkgver='2.02.beta2'
-pkgrel='5.parabola10'
+pkgrel='6.parabola1'
 epoch='1'
 url='https://www.gnu.org/software/grub/'
 arch=('x86_64' 'i686' 'armv7h')
@@ -410,9 +411,10 @@ elif [[ "$CARCH" = 'armv7h' ]]; then
 fi
 
 source=("grub-${_pkgver}::git+git://git.sv.gnu.org/grub.git#tag=${_GRUB_GIT_TAG}"
-        "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#branch=master"
+        "grub-extras::git+git://git.sv.gnu.org/grub-extras.git#commit=${_GRUB_EXTRAS_COMMIT}"
         "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz"
         "http://ftp.gnu.org/gnu/unifont/unifont-${_UNIFONT_VER}/unifont-${_UNIFONT_VER}.bdf.gz.sig"
+        '0001-Fix-security-issue-when-reading-username-and-passwor.patch'
         'grub-10_linux-20_linux_xen-detect-parabola-initramfs.patch'
         'grub-add-GRUB_COLOR_variables.patch'
         '60_memtest86+'
@@ -428,6 +430,7 @@ md5sums=('SKIP'
          'SKIP'
          '728b7439ac733a7c0d56049adec364c7'
          'SKIP'
+         '9589ec46a04f9bb4d5da987340a4a324'
          '3a9bb9bafe0062388e11f72f0e80ba7e'
          'e506ae4a9f9f7d1b765febfa84e10d48'
          'be55eabc102f2c60b38ed35c203686d6'
@@ -449,6 +452,9 @@ _pkgver() {
 prepare() {
 	cd "${srcdir}/grub-${_pkgver}/"
 
+	msg 'CVE-2015-8370'
+	patch -Np1 -i "${srcdir}/0001-Fix-security-issue-when-reading-username-and-passwor.patch"
+
 	msg 'Patch to detect of Parabola GNU/Linux-libre initramfs images by grub-mkconfig'
 	patch -Np1 -i "${srcdir}/grub-10_linux-20_linux_xen-detect-parabola-initramfs.patch"
 
-- 
cgit v1.2.3