[git.ipfire.org] IPFire 2.x development tree branch, next, updated. b84a9b078dae234641a3708fbd7c1624c0731468

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 5851 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  b84a9b078dae234641a3708fbd7c1624c0731468 (commit)
       via  44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 (commit)
      from  1e1b03d5819269184a85dc5bcc042c978666bc08 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b84a9b078dae234641a3708fbd7c1624c0731468
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Fri Dec 18 23:42:15 2015 +0000

    core96: Ship updated grub
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Fri Dec 18 21:28:52 2015 +0100

    grub 2.00: Bugfix for CVE-2015-8370
    
    See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
    
    "A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
    to 2.02 (December, 2015) are affected. The vulnerability can be exploited
    under certain circumstances, allowing local attackers to bypass any kind of
    authentication (plain or hashed passwords). And so, the attacker may take
    control of the computer."
    
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 .../{oldcore/87 => core/96}/filelists/i586/grub    |  0
 config/rootfiles/core/96/filelists/x86_64/grub     |  1 +
 lfs/grub                                           |  3 +-
 ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 45 ++++++++++++++++++++++
 4 files changed, 48 insertions(+), 1 deletion(-)
 copy config/rootfiles/{oldcore/87 => core/96}/filelists/i586/grub (100%)
 create mode 120000 config/rootfiles/core/96/filelists/x86_64/grub
 create mode 100644 src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch

Difference in files:
diff --git a/config/rootfiles/core/96/filelists/i586/grub b/config/rootfiles/core/96/filelists/i586/grub
new file mode 120000
index 0000000..feb236a
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/i586/grub
@@ -0,0 +1 @@
+../../../../common/i586/grub
\ No newline at end of file
diff --git a/config/rootfiles/core/96/filelists/x86_64/grub b/config/rootfiles/core/96/filelists/x86_64/grub
new file mode 120000
index 0000000..78d3bd7
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/x86_64/grub
@@ -0,0 +1 @@
+../../../../common/x86_64/grub
\ No newline at end of file
diff --git a/lfs/grub b/lfs/grub
index bcbcbd0..3e613a8 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_fallback.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
 	cd $(DIR_APP) && \
 		./configure \
 			--prefix=/usr \
diff --git a/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 0000000..2eef1ae
--- /dev/null
+++ b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,45 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi(a)upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+  This patch fixes two integer underflows at:
+    * grub-core/lib/crypto.c
+    * grub-core/normal/auth.c
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi(a)upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll(a)disca.upv.es>
+---
+ grub-core/lib/crypto.c  | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index 010e550..524a3d8 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size)
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  continue;
+diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
+index c6bd96e..5782ec5 100644
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
+ 	  break;
+ 	}
+ 
+-      if (key == '\b')
++      if (key == '\b' && cur_len)
+ 	{
+ 	  cur_len--;
+ 	  grub_printf ("\b");
+-- 
+1.9.1
+


hooks/post-receive
--
IPFire 2.x development tree