diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2016-06-30 20:26:57 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-05-31 23:31:18 +0200 |
| commit | d31c50870d0bee042ce660e445c9294a59a3a65b (patch) | |
| tree | 6bfc0de3c95267b401b620c2c67859557dc60f97 /source/a/grub | |
| parent | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff) | |
| download | current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.xz | |
Slackware 14.2slackware-14.2
Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!
The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
Diffstat (limited to 'source/a/grub')
| -rw-r--r-- | source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | 45 | ||||
| -rw-r--r-- | source/a/grub/etc.default.grub | 4 | ||||
| -rwxr-xr-x | source/a/grub/grub.SlackBuild | 50 |
3 files changed, 84 insertions, 15 deletions
diff --git a/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch new file mode 100644 index 000000000..5701b5475 --- /dev/null +++ b/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch @@ -0,0 +1,45 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecmargi@upv.es> +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..524a3d8 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +-- +1.9.1 + diff --git a/source/a/grub/etc.default.grub b/source/a/grub/etc.default.grub index f612a35a7..b2d4080a0 100644 --- a/source/a/grub/etc.default.grub +++ b/source/a/grub/etc.default.grub @@ -24,5 +24,5 @@ GRUB_CMDLINE_LINUX="" # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux #GRUB_DISABLE_LINUX_UUID=true -# Uncomment to disable generation of recovery mode menu entrys -#GRUB_DISABLE_LINUX_RECOVERY="true" +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY="true" diff --git a/source/a/grub/grub.SlackBuild b/source/a/grub/grub.SlackBuild index 5a0c27e81..ba7ecd8b1 100755 --- a/source/a/grub/grub.SlackBuild +++ b/source/a/grub/grub.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2013, 2016 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -20,16 +20,17 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# Modified 2016 by Eric Hameleers <alien@slackware.com> for Slackware Live Edition. PKGNAM=grub VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i486 ;; - arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7lh ;; + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; esac @@ -43,18 +44,22 @@ if [ "$ARCH" = "i386" ]; then LIBDIRSUFFIX="" elif [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" + EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= " LIBDIRSUFFIX="" elif [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" + EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= " LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686" + EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= " LIBDIRSUFFIX="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2" + EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= " EFI_FLAGS=" --with-platform=efi --target=x86_64 --program-prefix= " LIBDIRSUFFIX="64" elif [ "$ARCH" = "armv7hl" ]; then @@ -96,12 +101,11 @@ zcat $CWD/grub.dejavusansmono.gfxterm.font.diff.gz | patch -p1 --verbose || exit # Terminate EFI several times. This is a workaround for broken UEFI firmware. zcat $CWD/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff.gz | patch -p1 --verbose || exit 1 -for i in 1 2 ; do - # Skip to regular build if EFI support is not requested: - if [ i = 1 -a -z "$EFI_FLAGS" ]; then - continue; - fi +# Fix security issue when reading username and password: +zcat $CWD/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch.gz | patch -p1 --verbose || exit 1 +build_grub() { + EFI_DO="$*" # Configure: CFLAGS="$SLKCFLAGS" \ ./configure \ @@ -112,16 +116,26 @@ for i in 1 2 ; do --infodir=/usr/info \ --mandir=/usr/man \ --disable-werror \ - $EFI_FLAGS + $EFI_DO # Build and install: make clean make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 - # Clear $EFI_FLAGS for a regular build: - unset EFI_FLAGS -done + # Clear $EFI_DO : + unset EFI_DO +} + +# Build 32bit and 64bit efi targets if requested: +if [ -n "$EFI32_FLAGS" ]; then + build_grub $EFI32_FLAGS +fi +if [ -n "$EFI_FLAGS" ]; then + build_grub $EFI_FLAGS +fi +# Always end with regular build: +build_grub # Preserve the contents of /etc/grub.d/40_custom: mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new @@ -132,9 +146,19 @@ mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ) +# Put bash-completion file in system directory: +mkdir -p $PKG/usr/share/bash-completion/completions/ +mv $PKG/etc/bash_completion.d/grub \ + $PKG/usr/share/bash-completion/completions/grub +rmdir --parents $PKG/etc/bash_completion.d 2>/dev/null + +# Install default options file: mkdir -p $PKG/etc/default cat $CWD/etc.default.grub > $PKG/etc/default/grub.new +# Create a directory for grub.cfg: +mkdir -p $PKG/boot/grub + # Add fonts, if found on the system: FONT_SIZE=${FONT_SIZE:-19} if [ -r /usr/share/fonts/TTF/unifont.ttf ]; then |