[OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370

Belal, Awais Awais_Belal at mentor.com
Wed Jan 6 09:43:06 UTC 2016 

Ping!

BR,
Awais

________________________________________
From: openembedded-core-bounces at lists.openembedded.org [openembedded-core-bounces at lists.openembedded.org] on behalf of Belal, Awais
Sent: Monday, January 04, 2016 12:53 PM
To: akuster808
Cc: openembedded-core at lists.openembedded.org
Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370

Hi Armin,

Odd, applies cleanly on dizzy for me. Can you please share the patch log?

On a scratch build dir, I get the following:
--------------------------------------------------------------
awais at alpha:~/yocto/build-dizzy$ bitbake -c patch grub
Parsing recipes: 100% |#############################################################| Time: 00:00:36
Parsing of 1458 .bb files complete (0 cached, 1458 parsed). 1914 targets, 66 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION        = "1.24.0"
BUILD_SYS         = "x86_64-linux"
NATIVELSBSTRING   = "Ubuntu-14.04"
TARGET_SYS        = "x86_64-poky-linux"
MACHINE           = "amdfalconx86"
DISTRO            = "poky"
DISTRO_VERSION    = "1.7.3"
TUNE_FEATURES     = "dbfp4"
TARGET_FPU        = ""
meta
meta-yocto
meta-yocto-bsp    = "(detachedfromorigin/dizzy):6d34267e0a13e10ab91b60590b27a2b5ba3b7da6"
common
meta-amdfalconx86 = "(detachedfromorigin/dizzy):84ae10ad68c7b253ab87558c5a6df057c9a84f08"
meta-oe
meta-python       = "(detachedfromorigin/dizzy):7f1df52e9409edcc4d4cd5f34694f8740f56e1bf"

NOTE: Preparing runqueue
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
NOTE: Tasks Summary: Attempted 10 tasks of which 0 didn't need to be rerun and all succeeded.
awais at alpha:~/yocto/build-dizzy$
--------------------------------------------------------------

BR,
Awais

________________________________________
From: akuster808 [akuster808 at gmail.com]
Sent: Monday, January 04, 2016 7:13 AM
To: Belal, Awais
Cc: openembedded-core at lists.openembedded.org
Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370

On 12/31/15 5:38 AM, Belal, Awais wrote:
Awais,

> Ping!
This patch does not apply to the current dizzy branch.

is there a dependency patch I missed to apply?

regards,
Armin
>
> BR,
> Awais
>
> ________________________________________
> From: openembedded-core-bounces at lists.openembedded.org [openembedded-core-bounces at lists.openembedded.org] on behalf of Belal, Awais
> Sent: Wednesday, December 23, 2015 4:20 PM
> To: openembedded-core at lists.openembedded.org
> Subject: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
>
> http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
>
> Signed-off-by: Awais Belal <awais_belal at mentor.com>
> ---
>  ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 52 ++++++++++++++++++++++
>  meta/recipes-bsp/grub/grub-efi_2.00.bb             |  1 +
>  meta/recipes-bsp/grub/grub_2.00.bb                 |  1 +
>  3 files changed, 54 insertions(+)
>  create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
>
> diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> new file mode 100644
> index 0000000..f9252e9
> --- /dev/null
> +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status: Accepted
> +Signed-off-by: Awais Belal <awais_belal at mentor.com>
> +
> +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
> +From: Hector Marco-Gisbert <hecmargi at upv.es>
> +Date: Wed, 16 Dec 2015 04:57:18 +0000
> +Subject: Fix security issue when reading username and password
> +
> +This patch fixes two integer underflows at:
> +  * grub-core/lib/crypto.c
> +  * grub-core/normal/auth.c
> +
> +CVE-2015-8370
> +
> +Signed-off-by: Hector Marco-Gisbert <hecmargi at upv.es>
> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll at disca.upv.es>
> +Also-By: Andrey Borzenkov <arvidjaar at gmail.com>
> +---
> +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
> +index 010e550..683a8aa 100644
> +--- a/grub-core/lib/crypto.c
> ++++ b/grub-core/lib/crypto.c
> +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
> +
> +       if (key == '\b')
> +       {
> +-        cur_len--;
> ++        if (cur_len)
> ++          cur_len--;
> +         continue;
> +       }
> +
> +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
> +index c6bd96e..8615c48 100644
> +--- a/grub-core/normal/auth.c
> ++++ b/grub-core/normal/auth.c
> +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
> +
> +       if (key == '\b')
> +       {
> +-        cur_len--;
> +-        grub_printf ("\b");
> ++        if (cur_len)
> ++          {
> ++            cur_len--;
> ++            grub_printf ("\b");
> ++          }
> +         continue;
> +       }
> +
> +--
> +cgit v0.9.0.2
> diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> index 7674255..6822e7a 100644
> --- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
> +++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> @@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
>             file://grub-2.00-add-oe-kernel.patch \
>             file://grub-efi-fix-with-glibc-2.20.patch \
>             file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> +           file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
>            "
>  SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
>  SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
> diff --git a/meta/recipes-bsp/grub/grub_2.00.bb b/meta/recipes-bsp/grub/grub_2.00.bb
> index d4df676..94b6da9 100644
> --- a/meta/recipes-bsp/grub/grub_2.00.bb
> +++ b/meta/recipes-bsp/grub/grub_2.00.bb
> @@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
>            file://fix-endianness-problem.patch \
>            file://grub2-remove-sparc64-setup-from-x86-builds.patch \
>            file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> +          file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
>            "
>
>  SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

--
_______________________________________________
Openembedded-core mailing list
Openembedded-core at lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list