webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 04:52:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea155e2d2b337366b04979b375251fdac724fcc6
bpfire/lfs/grub
Matthias Fischer 44fb4620ee grub 2.00: Bugfix for CVE-2015-8370 
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
to 2.02 (December, 2015) are affected. The vulnerability can be exploited
under certain circumstances, allowing local attackers to bypass any kind of
authentication (plain or hashed passwords). And so, the attacker may take
control of the computer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2015-12-18 23:40:00 +00:00

114 lines
4.3 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 2.00
THISAPP = grub-$(VER)
DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 i586
CFLAGS =
CXXFLAGS =
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) \
unifont-7.0.03.pcf.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
unifont-7.0.03.pcf.gz = $(DL_FROM)/unifont-7.0.03.pcf.gz
$(DL_FILE)_MD5 = a1043102fbc7bcedbf53e7ee3d17ab91
unifont-7.0.03.pcf.gz_MD5 = f6903ac8c1caeeb30c1e9a2975028401
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
cd $(DIR_APP) && \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--with-platform=pc \
--with-grubdir=grub \
--program-transform-name=s,grub,grub, \
--disable-grub-mount \
--disable-werror
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
-mkdir -pv /boot/grub
touch /boot/grub/grub.cfg
ln -svf ../boot/grub/grub.cfg /etc/grub2.cfg
install -m 644 $(DIR_SRC)/config/grub2/splash.png /boot/grub/splash.png
-mkdir -pv /etc/default
install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub
# Disable hardening.
paxctl -mpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe
# We don't need to install unifont just to generate a grub2 compatible
# font archive for the graphical boot menu. The following command only
# converts Latin-1, Latin Extended A+B, Arrows, Box and Block characters.
/usr/bin/grub-mkfont --output /boot/grub/unifont.pf2 \
--range=0x0000-0x0241,0x2190-0x21FF,0x2500-0x259f \
$(DIR_DL)/unifont-7.0.03.pcf.gz
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink