[git.ipfire.org] IPFire 2.x development tree branch, next, updated. b84a9b078dae234641a3708fbd7c1624c0731468 - IPFire-SCM

18 Dec 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  b84a9b078dae234641a3708fbd7c1624c0731468 (commit)
       via  44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 (commit)
      from  1e1b03d5819269184a85dc5bcc042c978666bc08 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b84a9b078dae234641a3708fbd7c1624c0731468
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 18 23:42:15 2015 +0000
core96: Ship updated grub
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Fri Dec 18 21:28:52 2015 +0100
grub 2.00: Bugfix for CVE-2015-8370
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
    to 2.02 (December, 2015) are affected. The vulnerability can be exploited
    under certain circumstances, allowing local attackers to bypass any kind of
    authentication (plain or hashed passwords). And so, the attacker may take
    control of the computer."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes:
 .../{oldcore/87 => core/96}/filelists/i586/grub    |  0
 config/rootfiles/core/96/filelists/x86_64/grub     |  1 +
 lfs/grub                                           |  3 +-
 ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 45 ++++++++++++++++++++++
 4 files changed, 48 insertions(+), 1 deletion(-)
 copy config/rootfiles/{oldcore/87 => core/96}/filelists/i586/grub (100%)
 create mode 120000 config/rootfiles/core/96/filelists/x86_64/grub
 create mode 100644 src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
Difference in files:

diff --git a/config/rootfiles/core/96/filelists/i586/grub b/config/rootfiles/core/96/filelists/i586/grub
new file mode 120000
index 0000000..feb236a
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/i586/grub
@@ -0,0 +1 @@
+../../../../common/i586/grub
\ No newline at end of file
diff --git a/config/rootfiles/core/96/filelists/x86_64/grub b/config/rootfiles/core/96/filelists/x86_64/grub
new file mode 120000
index 0000000..78d3bd7
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/x86_64/grub
@@ -0,0 +1 @@
+../../../../common/x86_64/grub
\ No newline at end of file
diff --git a/lfs/grub b/lfs/grub
index bcbcbd0..3e613a8 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  info@ipfire.org                     #
+# Copyright (C) 2007-2015  IPFire Team  info@ipfire.org                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
    cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
    cd $(DIR_APP) && \
    	./configure \
    		--prefix=/usr \
diff --git a/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 0000000..2eef1ae
--- /dev/null
+++ b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,45 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert hecmargi@upv.es
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+  This patch fixes two integer underflows at:
+    * grub-core/lib/crypto.c
+    * grub-core/normal/auth.c
+
+Signed-off-by: Hector Marco-Gisbert hecmargi@upv.es
+Signed-off-by: Ismael Ripoll-Ripoll iripoll@disca.upv.es
+---
+ grub-core/lib/crypto.c  | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index 010e550..524a3d8 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size)
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  continue;
+diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
+index c6bd96e..5782ec5 100644
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  grub_printf ("\b");
+-- 
+1.9.1
+
hooks/post-receive
--
IPFire 2.x development tree

    