domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

grub2: update to 2.06

Browse Source 
-300-CVE-2015-8370.patch is upstreamed with different code
(upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2)

- fixup OpenWrts setup_root patch

compile tested: x86_64,i386
runtime tested: VM x86_64,VM i386

- booted fine
- grub-editenv worked

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
This commit is contained in:
Dirk Neukirchen
2021-06-10 12:15:58 +02:00
committed by Paul Spooren
parent f1e41155c9
commit 2c9537e274
3 changed files with 19 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
package/boot/grub2/Makefile
View File

@@ -7,12 +7,12 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=grub PKG_NAME:=grub
PKG_CPE_ID:=cpe:/a:gnu:grub2 PKG_CPE_ID:=cpe:/a:gnu:grub2
PKG_VERSION:=2.06~rc1 PKG_VERSION:=2.06
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub PKG_SOURCE_URL:=@GNU/grub
PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484 PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1
HOST_BUILD_PARALLEL:=1 HOST_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=grub2/host PKG_BUILD_DEPENDS:=grub2/host

12
package/boot/grub2/patches/100-grub_setup_root.patch
View File

@@ -18,24 +18,24 @@
--- a/util/grub-install.c --- a/util/grub-install.c
+++ b/util/grub-install.c +++ b/util/grub-install.c
@@ -1720,7 +1720,7 @@ main (int argc, char *argv[]) @@ -1721,7 +1721,7 @@ main (int argc, char *argv[])
/* Now perform the installation. */
if (install_bootsector) if (install_bootsector)
{
grub_util_bios_setup (platdir, "boot.img", "core.img", grub_util_bios_setup (platdir, "boot.img", "core.img",
- install_drive, force, - install_drive, force,
+ NULL, install_drive, force, + NULL, install_drive, force,
fs_probe, allow_floppy, add_rs_codes, fs_probe, allow_floppy, add_rs_codes,
!grub_install_is_short_mbrgap_supported ()); !grub_install_is_short_mbrgap_supported ());
break;
@@ -1747,7 +1747,7 @@ main (int argc, char *argv[]) @@ -1752,7 +1752,7 @@ main (int argc, char *argv[])
/* Now perform the installation. */
if (install_bootsector) if (install_bootsector)
{
grub_util_sparc_setup (platdir, "boot.img", "core.img", grub_util_sparc_setup (platdir, "boot.img", "core.img",
- install_drive, force, - install_drive, force,
+ NULL, install_drive, force, + NULL, install_drive, force,
fs_probe, allow_floppy, fs_probe, allow_floppy,
0 /* unused */, 0 /* unused */ ); 0 /* unused */, 0 /* unused */ );
break;
--- a/util/grub-setup.c --- a/util/grub-setup.c
+++ b/util/grub-setup.c +++ b/util/grub-setup.c
@@ -87,6 +87,8 @@ static struct argp_option options[] = { @@ -87,6 +87,8 @@ static struct argp_option options[] = {

40
package/boot/grub2/patches/300-CVE-2015-8370.patch
View File

@@ -1,40 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Fri, 13 Nov 2015 16:21:09 +0100
Subject: [PATCH] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
* grub-core/normal/auth.c
Resolves: CVE-2015-8370
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
---
grub-core/lib/crypto.c | 2 +-
grub-core/normal/auth.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
break;
}
- if (key == '\b')
+ if (key == '\b' && cur_len)
{
if (cur_len)
cur_len--;
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
break;
}
- if (key == GRUB_TERM_BACKSPACE)
+ if (key == GRUB_TERM_BACKSPACE && cur_len)
{
if (cur_len)
{