From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. b84a9b078dae234641a3708fbd7c1624c0731468 Date: Sat, 19 Dec 2015 00:43:09 +0100 Message-ID: <20151218234310.C235021332@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0597561321768272536==" List-Id: --===============0597561321768272536== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via b84a9b078dae234641a3708fbd7c1624c0731468 (commit) via 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 (commit) from 1e1b03d5819269184a85dc5bcc042c978666bc08 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b84a9b078dae234641a3708fbd7c1624c0731468 Author: Michael Tremer Date: Fri Dec 18 23:42:15 2015 +0000 core96: Ship updated grub =20 Signed-off-by: Michael Tremer commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 Author: Matthias Fischer Date: Fri Dec 18 21:28:52 2015 +0100 grub 2.00: Bugfix for CVE-2015-8370 =20 See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html =20 "A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2= 009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind = of authentication (plain or hashed passwords). And so, the attacker may take control of the computer." =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: .../{oldcore/87 =3D> core/96}/filelists/i586/grub | 0 config/rootfiles/core/96/filelists/x86_64/grub | 1 + lfs/grub | 3 +- ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 45 ++++++++++++++++++++= ++ 4 files changed, 48 insertions(+), 1 deletion(-) copy config/rootfiles/{oldcore/87 =3D> core/96}/filelists/i586/grub (100%) create mode 120000 config/rootfiles/core/96/filelists/x86_64/grub create mode 100644 src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulner= ability.patch Difference in files: diff --git a/config/rootfiles/core/96/filelists/i586/grub b/config/rootfiles/= core/96/filelists/i586/grub new file mode 120000 index 0000000..feb236a --- /dev/null +++ b/config/rootfiles/core/96/filelists/i586/grub @@ -0,0 +1 @@ +../../../../common/i586/grub \ No newline at end of file diff --git a/config/rootfiles/core/96/filelists/x86_64/grub b/config/rootfile= s/core/96/filelists/x86_64/grub new file mode 120000 index 0000000..78d3bd7 --- /dev/null +++ b/config/rootfiles/core/96/filelists/x86_64/grub @@ -0,0 +1 @@ +../../../../common/x86_64/grub \ No newline at end of file diff --git a/lfs/grub b/lfs/grub index bcbcbd0..3e613a8 100644 --- a/lfs/grub +++ b/lfs/grub @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2014 IPFire Team = # +# Copyright (C) 2007-2015 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.00_disable_vga_= fallback.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/0001-Fix-CVE-2015-8370= -Grub2-user-pass-vulnerability.patch cd $(DIR_APP) && \ ./configure \ --prefix=3D/usr \ diff --git a/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability= .patch b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.pat= ch new file mode 100644 index 0000000..2eef1ae --- /dev/null +++ b/src/patches/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch @@ -0,0 +1,45 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..524a3d8 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } +=20 +- if (key =3D=3D '\b') ++ if (key =3D=3D '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } +=20 +- if (key =3D=3D '\b') ++ if (key =3D=3D '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +--=20 +1.9.1 + hooks/post-receive -- IPFire 2.x development tree --===============0597561321768272536==--