webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 01:12:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

grub: update to 2.02

Browse Source 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
2018-04-17 06:10:06 +02:00
parent cd99c47371
commit 20406699e3
8 changed files with 1167 additions and 1034 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
View File

@@ -1,45 +0,0 @@
From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Fri, 13 Nov 2015 16:21:09 +0100
Subject: [PATCH] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
* grub-core/normal/auth.c
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
---
grub-core/lib/crypto.c | 2 +-
grub-core/normal/auth.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 010e550..524a3d8 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size)
break;
}
- if (key == '\b')
+ if (key == '\b' && cur_len)
{
cur_len--;
continue;
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index c6bd96e..5782ec5 100644
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
break;
}
- if (key == '\b')
+ if (key == '\b' && cur_len)
{
cur_len--;
grub_printf ("\b");
--
1.9.1

15
src/patches/grub-2.00_disable_vga_fallback.patch
View File

@@ -1,15 +0,0 @@
We have to remove the vga fallback because this not work on bay-trail and other
new intel onboard graphics.
diff -Naur grub-2.00.org/grub-core/video/i386/pc/vga.c grub-2.00/grub-core/video/i386/pc/vga.c
--- grub-2.00.org/grub-core/video/i386/pc/vga.c 2012-06-06 23:21:02.000000000 +0200
+++ grub-2.00/grub-core/video/i386/pc/vga.c 2014-09-05 21:41:04.790870375 +0200
@@ -122,7 +122,7 @@
{
grub_err_t err;
- if ((width && width != VGA_WIDTH) || (height && height != VGA_HEIGHT))
+// if ((width && width != VGA_WIDTH) || (height && height != VGA_HEIGHT))
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching mode found");
framebuffer.temporary_buffer = grub_malloc (VGA_HEIGHT * VGA_WIDTH);

40
src/patches/grub-2.00_ignore_missing_symtab.patch
View File

@@ -1,40 +0,0 @@
diff -Naur grub-2.00.org/grub-core/kern/dl.c grub-2.00/grub-core/kern/dl.c
--- grub-2.00.org/grub-core/kern/dl.c 2012-06-22 17:26:38.000000000 +0200
+++ grub-2.00/grub-core/kern/dl.c 2017-07-05 10:45:25.501645684 +0200
@@ -354,8 +354,11 @@
if (s->sh_type == SHT_SYMTAB)
break;
+ /* Module without symbol table may still be used to pull in dependencies.
+ We verify at build time that such modules do not contain any relocations
+ that may reference symbol table. */
if (i == e->e_shnum)
- return grub_error (GRUB_ERR_BAD_MODULE, N_("no symbol table"));
+ return GRUB_ERR_NONE;
#ifdef GRUB_MODULES_MACHINE_READONLY
mod->symtab = grub_malloc (s->sh_size);
diff -Naur grub-2.00.org/grub-core/kern/i386/dl.c grub-2.00/grub-core/kern/i386/dl.c
--- grub-2.00.org/grub-core/kern/i386/dl.c 2012-02-26 12:14:21.000000000 +0100
+++ grub-2.00/grub-core/kern/i386/dl.c 2017-07-05 17:01:43.333955065 +0200
@@ -55,7 +55,7 @@
break;
if (i == e->e_shnum)
- return grub_error (GRUB_ERR_BAD_MODULE, N_("no symbol table"));
+ return GRUB_ERR_NONE;
entsize = s->sh_entsize;
diff -Naur grub-2.00.org/grub-core/kern/x86_64/dl.c grub-2.00/grub-core/kern/x86_64/dl.c
--- grub-2.00.org/grub-core/kern/x86_64/dl.c 2012-02-26 12:14:56.000000000 +0100
+++ grub-2.00/grub-core/kern/x86_64/dl.c 2017-07-05 17:02:23.374574458 +0200
@@ -55,7 +55,7 @@
break;
if (i == e->e_shnum)
- return grub_error (GRUB_ERR_BAD_MODULE, N_("no symbol table"));
+ return GRUB_ERR_NONE;
entsize = s->sh_entsize;

15
src/patches/grub-2.02_disable_vga_fallback.patch Normal file
View File

@@ -0,0 +1,15 @@
We have to remove the vga fallback because this not work on bay-trail and other
new intel onboard graphics.
diff -Naur grub-2.02.org/grub-core/video/i386/pc/vga.c grub-2.02/grub-core/video/i386/pc/vga.c
--- grub-2.02.org/grub-core/video/i386/pc/vga.c 2015-05-21 17:50:29.000000000 +0200
+++ grub-2.02/grub-core/video/i386/pc/vga.c 2018-04-15 22:24:41.686842878 +0200
@@ -122,7 +122,7 @@
{
grub_err_t err;
- if ((width && width != VGA_WIDTH) || (height && height != 350 && height != 480))
+// if ((width && width != VGA_WIDTH) || (height && height != 350 && height != 480))
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching mode found");
vga_height = height ? : 480;

21
src/patches/grub2-remove-gets.patch
View File

@@ -1,21 +0,0 @@
ISO C11 removes the specification of gets() from the C language, eglibc 2.16+ removed it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream-Status: Pending
Index: grub-1.99/grub-core/gnulib/stdio.in.h
===================================================================
--- grub-1.99.orig/grub-core/gnulib/stdio.in.h 2010-12-01 06:45:43.000000000 -0800
+++ grub-1.99/grub-core/gnulib/stdio.in.h 2012-07-04 12:25:02.057099107 -0700
@@ -140,8 +140,10 @@
/* It is very rare that the developer ever has full control of stdin,
so any use of gets warrants an unconditional warning. Assume it is
always declared, since it is required by C89. */
+#if defined gets
#undef gets
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@