Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked
in at 2015-12-17 15:53:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2015-11-24
22:30:33.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new/grub2.changes 2015-12-17
15:53:42.000000000 +0100
@@ -1,0 +2,30 @@
+Wed Dec 16 05:04:37 UTC 2015 - arvidj...@gmail.com
+
+- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch
+ Fix for CVE-2015-8370 [boo#956631]
+
+-------------------------------------------------------------------
+Wed Dec 9 18:13:27 UTC 2015 - arvidj...@gmail.com
+
+- Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel
+ and initrd to ESP (boo#958193)
+
+-------------------------------------------------------------------
+Mon Dec 7 08:03:41 UTC 2015 - o...@aepfle.de
+
+- Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795)
+
+-------------------------------------------------------------------
+Fri Dec 4 17:06:17 UTC 2015 - o...@aepfle.de
+
+- grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795)
+
+-------------------------------------------------------------------
+Thu Nov 26 10:22:28 UTC 2015 - mch...@suse.com
+
+- Expand list of grub.cfg search path in PV Xen guest for systems
+ installed to btrfs snapshot. (bsc#946148) (bsc#952539)
+ * modified grub2-xen.cfg
+- drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666)
+
+-------------------------------------------------------------------
Old:
----
grub2-fix-Grub2-with-SUSE-Xen-package-install.patch
grub2-xen.cfg
New:
----
0001-Fix-security-issue-when-reading-username-and-passwor.patch
grub2-xen-pv-firmware.cfg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grub2.spec ++++++
--- /var/tmp/diff_new_pack.tYXzp3/_old 2015-12-17 15:53:45.000000000 +0100
+++ /var/tmp/diff_new_pack.tYXzp3/_new 2015-12-17 15:53:45.000000000 +0100
@@ -146,7 +146,7 @@
Source12: grub2-snapper-plugin.sh
Source14: 80_suse_btrfs_snapshot
Source15: grub2-once.service
-Source16: grub2-xen.cfg
+Source16: grub2-xen-pv-firmware.cfg
# required hook for systemd-sleep (bsc#941758)
Source17: grub2-systemd-sleep.sh
Source1000: PATCH_POLICY
@@ -160,7 +160,6 @@
Patch10: grub2-fix-error-terminal-gfxterm-isn-t-found.patch
Patch12: grub2-fix-menu-in-xen-host-server.patch
Patch15: not-display-menu-when-boot-once.patch
-Patch16: grub2-fix-Grub2-with-SUSE-Xen-package-install.patch
Patch17: grub2-pass-corret-root-for-nfsroot.patch
Patch18: grub2-fix-locale-en.mo.gz-not-found-error-message.patch
Patch19: grub2-efi-HP-workaround.patch
@@ -206,6 +205,7 @@
Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch
Patch70: grub2-default-distributor.patch
Patch71: grub2-menu-unrestricted.patch
+Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch
# Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
@@ -436,7 +436,6 @@
%patch10 -p1
%patch12 -p1
%patch15 -p1
-%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
@@ -481,6 +480,7 @@
%patch69 -p1
%patch70 -p1
%patch71 -p1
+%patch72 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
++++++ 0001-Fix-security-issue-when-reading-username-and-passwor.patch ++++++
>From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
From: Hector Marco-Gisbert <hecma...@upv.es>
Date: Wed, 16 Dec 2015 07:57:18 +0300
Subject: [PATCH] Fix security issue when reading username and password
This patch fixes two integer underflows at:
* grub-core/lib/crypto.c
* grub-core/normal/auth.c
CVE-2015-8370
Signed-off-by: Hector Marco-Gisbert <hecma...@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <irip...@disca.upv.es>
Also-By: Andrey Borzenkov <arvidj...@gmail.com>
---
grub-core/lib/crypto.c | 3 ++-
grub-core/normal/auth.c | 7 +++++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 010e550..683a8aa 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
if (key == '\b')
{
- cur_len--;
+ if (cur_len)
+ cur_len--;
continue;
}
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index c6bd96e..8615c48 100644
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
if (key == '\b')
{
- cur_len--;
- grub_printf ("\b");
+ if (cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
+ }
continue;
}
--
1.9.1
++++++ grub2-efi-xen-chainload.patch ++++++
--- /var/tmp/diff_new_pack.tYXzp3/_old 2015-12-17 15:53:45.000000000 +0100
+++ /var/tmp/diff_new_pack.tYXzp3/_new 2015-12-17 15:53:45.000000000 +0100
@@ -114,7 +114,7 @@
+ chainloader \$cmdpath/${xen_basename} ${xen_basename} $section
+ }
+ EOF
-+ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename}
${rel_dirname}/${basename} ${rel_dirname}/${initrd}; do
++ for f in ${grub_dir}/$xen_cfg ${xen_dir}/${xen_basename}
${dirname}/${basename} ${dirname}/${initrd}; do
+ cp --preserve=timestamps $f $efi_dir
+ echo $(basename $f) >> $efi_dir/grub.xen-files
+ done
++++++ grub2-xen-pv-firmware.cfg ++++++
insmod part_msdos
insmod part_gpt
insmod search
insmod configfile
insmod legacy_configfile
set debian_cddev=""
set debian_cdarch=""
if [ "${grub_cpu}" = "x86_64" ]; then
debian_cdarch="amd"
fi
if [ "${grub_cpu}" = "i386" ]; then
debian_cdarch="i386"
fi
if [ -n "${debian_cdarch}" ]; then
set debian_kern="/install.${debian_cdarch}/xen/vmlinuz"
set debian_initrd="/install.${debian_cdarch}/xen/initrd.gz"
search -s debian_domUcfg -f "/install.${debian_cdarch}/xen/debian.cfg"
search -s debian_cdkern -f "${debian_kern}"
search -s debian_cdinitrd -f "${debian_initrd}"
if [ -n "${debian_domUcfg}" -a -n "${debian_cdinitrd}" -a -n
"${debian_cdkern}" -a "${debian_domUcfg}" = "${debian_cdinitrd}" -a
"${debian_domUcfg}" = "${debian_cdkern}" ]; then
debian_cddev="${debian_domUcfg}"
fi
fi
set fedora_cddev=""
if [ "${grub_cpu}" = "x86_64" ]; then
set fedora_kern="/images/pxeboot/vmlinuz"
set fedora_initrd="/images/pxeboot/initrd.img"
search -s fedora_cdkern -f "${fedora_kern}"
search -s fedora_cdinitrd -f "${fedora_initrd}"
if [ -n "${fedora_cdkern}" -a -n "${fedora_cdinitrd}" -a "${fedora_cdkern}"
= "${fedora_cdinitrd}" ]; then
set fedora_cddev="${fedora_cdkern}"
fi
fi
set suse_cddev=""
search -s suse_cddev_content -f "/content"
search -s suse_cddev_product -f "/media.1/products"
if [ -n "${suse_cddev_content}" -a -n "${suse_cddev_product}" -a
"${suse_cddev_content}" = "${suse_cddev_product}" ]; then
set suse_cddev="${suse_cddev_content}"
fi
hdcfg_list="/boot/grub2/grub.cfg \
/@/boot/grub2/grub.cfg \
/@/.snapshots/1/snapshot/boot/grub2/grub.cfg \
/.snapshots/1/snapshot/boot/grub2/grub.cfg \
/grub2/grub.cfg"
hdlst_list="/boot/grub/menu.lst \
/grub/menu.lst"
for c in ${hdcfg_list}; do
if search -s hddev -f "${c}"; then
menuentry "${hddev} Boot From Hard Disk ($c)" {
set root="${hddev}"
configfile "${c}"
}
break
fi
done
for c in ${hdlst_list}; do
if search -s hddev -f "${c}"; then
menuentry "${hddev} Boot From Hard Disk (${c})" {
set root="${hddev}"
legacy_configfile "${c}"
}
break
fi
done
set timeout=0
if [ -n "${debian_cddev}" ]; then
set timeout=8
menuentry "${debian_cddev} Debian Install" {
set root="${debian_cddev}"
linux "${debian_kern}" ignore_loglevel
initrd "${debian_initrd}"
}
fi
if [ -n "${fedora_cddev}" ]; then
set timeout=8
menuentry "${fedora_cddev} Fedora Install" {
set root="${fedora_cddev}"
linux "${fedora_kern}" ignore_loglevel
initrd "${fedora_initrd}"
}
menuentry "${fedora_cddev} Fedora Rescue" {
set root="${fedora_cddev}"
linux "${fedora_kern}" ignore_loglevel rescue
initrd "${fedora_initrd}"
}
fi
if [ -n "${suse_cddev}" ]; then
if [ "${grub_cpu}" = "i386" ]; then
set suse_cdarch="i586"
else
set suse_cdarch="${grub_cpu}"
fi
set timeout=8
set root="${suse_cddev}"
set suse_cdcfg="/boot/${suse_cdarch}/grub2-xen/grub.cfg"
set suse_cdkern="/boot/${suse_cdarch}/vmlinuz-xen"
set suse_cdinitrd="/boot/${suse_cdarch}/initrd-xen"
if [ -f "${suse_cdcfg}" ]; then
menuentry "${suse_cddev} SUSE Install menu" {
set root="${suse_cddev}"
configfile "${suse_cdcfg}"
}
elif [ -f "${suse_cdkern}" -a -f "$suse_cdinitrd" ]; then
menuentry "${suse_cddev} SUSE Install" {
linux "${suse_cdkern}" linemode=1 xencons=hvc0
initrd "${suse_cdinitrd}"
}
menuentry "${suse_cddev} SUSE Rescue" {
linux "${suse_cdkern}" linemode=1 xencons=hvc0 rescue=1
initrd "${suse_cdinitrd}"
}
menuentry "${suse_cddev} SUSE Upgrade" {
linux "${suse_cdkern}" linemode=1 xencons=hvc0 upgrade=1
initrd "${suse_cdinitrd}"
}
else
echo "the device ${suse_cddev} is not xen pv bootable"
fi
fi
