From d4f967a1a5aecf96518e32987a2a3e9ae3795ded Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sat, 20 Feb 2016 23:23:55 -0500 Subject: Update to latest GRUB secfix directory removed (patches merged upstream) --- (limited to 'resources') diff --git a/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch b/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch index a3b10d4..4523a12 100644 --- a/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch +++ b/resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch @@ -1,15 +1,15 @@ -From f56cc3dc534db469905a4ff33a40e18b4481876e Mon Sep 17 00:00:00 2001 +From f93359e10e720673466fa52ac4814619b3bddc06 Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sat, 14 Feb 2015 01:24:23 +0000 -Subject: [PATCH] grub-core/normal/main.c: Display "FREE AS IN FREEDOM", not - version +Subject: [PATCH 01/11] grub-core/normal/main.c: Display "FREE AS IN FREEDOM", + not version --- grub-core/normal/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 623b93b..659e241 100644 +index 78a70a8..982bde3 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term, diff --git a/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch b/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch index fa3c805..8fdb7b4 100644 --- a/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch +++ b/resources/grub/patch/grub.johnlane.ie/0001-Cryptomount-support-LUKS-detached-header.patch @@ -1,7 +1,7 @@ -From bc2a23386d123d37510c3cff1f7e607e7cf49cb1 Mon Sep 17 00:00:00 2001 +From f19bd8a206682a0d8c8c9650b2d4d171a67a9c1f Mon Sep 17 00:00:00 2001 From: John Lane Date: Tue, 23 Jun 2015 11:16:30 +0100 -Subject: [PATCH 1/6] Cryptomount support LUKS detached header +Subject: [PATCH 02/11] Cryptomount support LUKS detached header --- grub-core/disk/cryptodisk.c | 22 ++++++++++++++++++---- diff --git a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch index 1fe6ef3..ef6f1e2 100644 --- a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch +++ b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch @@ -1,7 +1,7 @@ -From 2883046688f91bd86cfc2d2c38ca53b65e201795 Mon Sep 17 00:00:00 2001 +From 641ff2b2aa380c0b9adbc025eb4af3a0217b577b Mon Sep 17 00:00:00 2001 From: John Lane Date: Fri, 26 Jun 2015 13:37:10 +0100 -Subject: [PATCH 2/6] Cryptomount support key files +Subject: [PATCH 03/11] Cryptomount support key files --- grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++- diff --git a/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch b/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch index e68e5c6..252f76f 100644 --- a/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch +++ b/resources/grub/patch/grub.johnlane.ie/0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch @@ -1,7 +1,7 @@ -From f32a31fd6279114af604a1b4cc33af8d377d2e29 Mon Sep 17 00:00:00 2001 +From b761dd8c48075a285f89ed439a0870879fde6c6e Mon Sep 17 00:00:00 2001 From: John Lane Date: Fri, 26 Jun 2015 13:49:58 +0100 -Subject: [PATCH 3/6] Cryptomount luks allow multiple passphrase attempts +Subject: [PATCH 04/11] Cryptomount luks allow multiple passphrase attempts --- grub-core/disk/luks.c | 278 ++++++++++++++++++++++++++------------------------ diff --git a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch b/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch index f35a393..77722ba 100644 --- a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch +++ b/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch @@ -1,7 +1,7 @@ -From 590e1f484d0e9618882db07786251cdaf6669e9d Mon Sep 17 00:00:00 2001 +From a20258f8afbb3c9e1b3c6735126e7c720fa2459a Mon Sep 17 00:00:00 2001 From: John Lane Date: Fri, 26 Jun 2015 22:09:52 +0100 -Subject: [PATCH 4/6] Cryptomount support plain dm-crypt +Subject: [PATCH 05/11] Cryptomount support plain dm-crypt --- grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++- diff --git a/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch b/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch index 8d49361..a6ccc07 100644 --- a/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch +++ b/resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hyphens-in-UUID.patch @@ -1,7 +1,7 @@ -From ec936adca3370995a5ed5c6e5e99c6e8fa5c25ef Mon Sep 17 00:00:00 2001 +From 6d9ac49d116325c9d29633002ca204f56e8c57f5 Mon Sep 17 00:00:00 2001 From: John Lane Date: Fri, 26 Jun 2015 22:48:03 +0100 -Subject: [PATCH 5/6] Cryptomount support for hyphens in UUID +Subject: [PATCH 06/11] Cryptomount support for hyphens in UUID --- grub-core/disk/cryptodisk.c | 20 +++++++++++++++++--- diff --git a/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch b/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch index 8b94ba4..4ff958c 100644 --- a/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch +++ b/resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch @@ -1,7 +1,7 @@ -From 10d0f5aebea928cc42f6b65598c70343bb6899ca Mon Sep 17 00:00:00 2001 +From 1d3e995f587369b8de6c4a10fe3a7bb0d6ec6ee1 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Tue, 15 Sep 2015 16:00:03 +0200 -Subject: [PATCH 6/6] grub-core/disk/cryptodisk.c: Point to const char +Subject: [PATCH 07/11] grub-core/disk/cryptodisk.c: Point to const char --- grub-core/disk/cryptodisk.c | 2 +- diff --git a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch index c19dd06..939512a 100644 --- a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch +++ b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -1,8 +1,8 @@ -From bf482ae6b4ff54265294e138ac73e8a716023f79 Mon Sep 17 00:00:00 2001 +From 21ae195006adf67a6c6a0de007e7149e6d3dbcf3 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 4 Dec 2015 17:10:42 +0100 -Subject: [PATCH 1/3] mkstandalone: add argument --fixed-time to override mtime - of files +Subject: [PATCH 08/11] mkstandalone: add argument --fixed-time to override + mtime of files mkstandalone adds several files to an archive. Doing this it uses the mtime to give these files a timestamp. diff --git a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch index 24ac1d3..3d3ab6e 100644 --- a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch +++ b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -1,7 +1,7 @@ -From aeb2681fdf889be9725ab8d64896fade960f8bd1 Mon Sep 17 00:00:00 2001 +From 1ad8a4c5d0d6003954d37c4f7eeca0514971f8b4 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 4 Dec 2015 17:10:43 +0100 -Subject: [PATCH 2/3] mkrescue: add argument --fixed-time to get reproducible +Subject: [PATCH 09/11] mkrescue: add argument --fixed-time to get reproducible uuids The uuid generation is based on the time. @@ -10,7 +10,7 @@ The uuid generation is based on the time. 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index 4511826..164c4e1 100644 +index 238d484..a3e0155 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -52,6 +52,7 @@ static int xorriso_arg_alloc; @@ -54,7 +54,7 @@ index 4511826..164c4e1 100644 default: return ARGP_ERR_UNKNOWN; } -@@ -541,7 +554,7 @@ main (int argc, char *argv[]) +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) { time_t tim; struct tm *tmm; diff --git a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch index c91dcdd..4386f0f 100644 --- a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch +++ b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -1,7 +1,7 @@ -From 0a19e32fbb62df69e0dfeb80f0a0672b09930f00 Mon Sep 17 00:00:00 2001 +From 58d54ff1514d83d9e4f77d4374635b1bf705ed81 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 4 Dec 2015 17:10:44 +0100 -Subject: [PATCH 3/3] Makefile: use FIXED_TIMESTAMP for mkstandalone if set +Subject: [PATCH 10/11] Makefile: use FIXED_TIMESTAMP for mkstandalone if set mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. This makes it possible to build reproducible builds for coreboot. @@ -13,15 +13,15 @@ make default_payload.elf FIXED_TIMESTAMP=1134242 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am -index 994ebbd..37a7cc4 100644 +index 288e621..6c786b7 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -403,7 +403,7 @@ bootcheck: $(BOOTCHECKS) - +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) if COND_i386_coreboot - default_payload.elf: grub-mkstandalone grub-mkimage -- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg -+ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + rm $@ +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) endif endif diff --git a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch deleted file mode 100644 index 5701b54..0000000 --- a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Signed-off-by: Hector Marco-Gisbert -Signed-off-by: Ismael Ripoll-Ripoll ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -1.9.1 - diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index b0f825c..a47e113 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -41,7 +41,7 @@ git clone git://git.savannah.gnu.org/grub.git cd "grub/" # reset to known revision -git reset --hard 346a494d7c92fe7c2a89f01be84a7be67bcfbfe7 +git reset --hard e3745f908706c07fa249616255ed993ef5704351y # Apply patches # ------------------------------------------------------------------------------ @@ -63,9 +63,5 @@ git am "../resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixe git am "../resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch" git am "../resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch" -# Patch security vulnerability in GRUB -# See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html -git am "../resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch" - cd "../" printf "\n\n" -- cgit v0.9.1