summaryrefslogtreecommitdiffstats
path: root/source/a/grub
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/grub')
-rw-r--r--source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch45
-rw-r--r--source/a/grub/etc.default.grub4
-rwxr-xr-xsource/a/grub/grub.SlackBuild50
3 files changed, 84 insertions, 15 deletions
diff --git a/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 000000000..5701b5475
--- /dev/null
+++ b/source/a/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,45 @@
+From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Fri, 13 Nov 2015 16:21:09 +0100
+Subject: [PATCH] Fix security issue when reading username and password
+
+ This patch fixes two integer underflows at:
+ * grub-core/lib/crypto.c
+ * grub-core/normal/auth.c
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+---
+ grub-core/lib/crypto.c | 2 +-
+ grub-core/normal/auth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index 010e550..524a3d8 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ continue;
+diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
+index c6bd96e..5782ec5 100644
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
+ break;
+ }
+
+- if (key == '\b')
++ if (key == '\b' && cur_len)
+ {
+ cur_len--;
+ grub_printf ("\b");
+--
+1.9.1
+
diff --git a/source/a/grub/etc.default.grub b/source/a/grub/etc.default.grub
index f612a35a7..b2d4080a0 100644
--- a/source/a/grub/etc.default.grub
+++ b/source/a/grub/etc.default.grub
@@ -24,5 +24,5 @@ GRUB_CMDLINE_LINUX=""
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true
-# Uncomment to disable generation of recovery mode menu entrys
-#GRUB_DISABLE_LINUX_RECOVERY="true"
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
diff --git a/source/a/grub/grub.SlackBuild b/source/a/grub/grub.SlackBuild
index 5a0c27e81..ba7ecd8b1 100755
--- a/source/a/grub/grub.SlackBuild
+++ b/source/a/grub/grub.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2013, 2016 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -20,16 +20,17 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Modified 2016 by Eric Hameleers <alien@slackware.com> for Slackware Live Edition.
PKGNAM=grub
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-5}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$(uname -m)" in
- i?86) ARCH=i486 ;;
- arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7lh ;;
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) ARCH=$(uname -m) ;;
esac
@@ -43,18 +44,22 @@ if [ "$ARCH" = "i386" ]; then
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686"
+ EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2"
+ EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
EFI_FLAGS=" --with-platform=efi --target=x86_64 --program-prefix= "
LIBDIRSUFFIX="64"
elif [ "$ARCH" = "armv7hl" ]; then
@@ -96,12 +101,11 @@ zcat $CWD/grub.dejavusansmono.gfxterm.font.diff.gz | patch -p1 --verbose || exit
# Terminate EFI several times. This is a workaround for broken UEFI firmware.
zcat $CWD/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff.gz | patch -p1 --verbose || exit 1
-for i in 1 2 ; do
- # Skip to regular build if EFI support is not requested:
- if [ i = 1 -a -z "$EFI_FLAGS" ]; then
- continue;
- fi
+# Fix security issue when reading username and password:
+zcat $CWD/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch.gz | patch -p1 --verbose || exit 1
+build_grub() {
+ EFI_DO="$*"
# Configure:
CFLAGS="$SLKCFLAGS" \
./configure \
@@ -112,16 +116,26 @@ for i in 1 2 ; do
--infodir=/usr/info \
--mandir=/usr/man \
--disable-werror \
- $EFI_FLAGS
+ $EFI_DO
# Build and install:
make clean
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
- # Clear $EFI_FLAGS for a regular build:
- unset EFI_FLAGS
-done
+ # Clear $EFI_DO :
+ unset EFI_DO
+}
+
+# Build 32bit and 64bit efi targets if requested:
+if [ -n "$EFI32_FLAGS" ]; then
+ build_grub $EFI32_FLAGS
+fi
+if [ -n "$EFI_FLAGS" ]; then
+ build_grub $EFI_FLAGS
+fi
+# Always end with regular build:
+build_grub
# Preserve the contents of /etc/grub.d/40_custom:
mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new
@@ -132,9 +146,19 @@ mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
+# Put bash-completion file in system directory:
+mkdir -p $PKG/usr/share/bash-completion/completions/
+mv $PKG/etc/bash_completion.d/grub \
+ $PKG/usr/share/bash-completion/completions/grub
+rmdir --parents $PKG/etc/bash_completion.d 2>/dev/null
+
+# Install default options file:
mkdir -p $PKG/etc/default
cat $CWD/etc.default.grub > $PKG/etc/default/grub.new
+# Create a directory for grub.cfg:
+mkdir -p $PKG/boot/grub
+
# Add fonts, if found on the system:
FONT_SIZE=${FONT_SIZE:-19}
if [ -r /usr/share/fonts/TTF/unifont.ttf ]; then