[OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
Joshua Lock
joshuagloe at gmail.com
Thu Jan 7 11:06:36 UTC 2016
Hi Awais,
On 28 December 2015 at 10:40, Belal, Awais <Awais_Belal at mentor.com> wrote:
> Hi Joshua,
>
> http://patchwork.openembedded.org/patch/110999/
>
>
Unfortunately this doesn't apply on my fido branch:
ERROR: Command Error: exit status: 1 Output:
Applying patch 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
patching file grub-core/lib/crypto.c
Hunk #1 FAILED at 470.
1 out of 1 hunk FAILED -- rejects in file grub-core/lib/crypto.c
patching file grub-core/normal/auth.c
Hunk #1 FAILED at 174.
1 out of 1 hunk FAILED -- rejects in file grub-core/normal/auth.c
Patch 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch does not
apply (enforce with -f)
ERROR: Function failed: patch_do_patch
ERROR: Logfile of failure stored in:
/home/joshuagl/Projects/poky-fido/build/tmp/work/i586-poky-linux/grub/2.00-r1/temp/log.do_patch.23384
ERROR: Task 1 (/home/joshuagl/Projects/poky-fido/meta/recipes-bsp/grub/
grub_2.00.bb, do_patch) failed with exit code '1'
Regards,
Joshua
> BR,
> Awais
>
> ________________________________________
> From: Joshua Lock [joshua.lock at collabora.co.uk]
> Sent: Wednesday, December 23, 2015 6:24 PM
> To: Belal, Awais; openembedded-core at lists.openembedded.org
> Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
>
> Hi Awais,
>
> Will you be submitting a similar patch for Fido too?
> (neither the dizzy nor jethro versions you've already sent apply
> cleanly).
>
> Regards,
>
> Joshua
>
> On Wed, 2015-12-23 at 16:20 +0500, Awais Belal wrote:
> > http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432
> > e109771bb8febafca7a5f1f2
> >
> > Signed-off-by: Awais Belal <awais_belal at mentor.com>
> > ---
> > ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 52
> > ++++++++++++++++++++++
> > meta/recipes-bsp/grub/grub-efi_2.00.bb | 1 +
> > meta/recipes-bsp/grub/grub_2.00.bb | 1 +
> > 3 files changed, 54 insertions(+)
> > create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-
> > 8370-Grub2-user-pass-vulnerability.patch
> >
> > diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-
> > Grub2-user-pass-vulnerability.patch b/meta/recipes-
> > bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-
> > vulnerability.patch
> > new file mode 100644
> > index 0000000..f9252e9
> > --- /dev/null
> > +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-
> > pass-vulnerability.patch
> > @@ -0,0 +1,52 @@
> > +Upstream-Status: Accepted
> > +Signed-off-by: Awais Belal <awais_belal at mentor.com>
> > +
> > +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00
> > 2001
> > +From: Hector Marco-Gisbert <hecmargi at upv.es>
> > +Date: Wed, 16 Dec 2015 04:57:18 +0000
> > +Subject: Fix security issue when reading username and password
> > +
> > +This patch fixes two integer underflows at:
> > + * grub-core/lib/crypto.c
> > + * grub-core/normal/auth.c
> > +
> > +CVE-2015-8370
> > +
> > +Signed-off-by: Hector Marco-Gisbert <hecmargi at upv.es>
> > +Signed-off-by: Ismael Ripoll-Ripoll <iripoll at disca.upv.es>
> > +Also-By: Andrey Borzenkov <arvidjaar at gmail.com>
> > +---
> > +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
> > +index 010e550..683a8aa 100644
> > +--- a/grub-core/lib/crypto.c
> > ++++ b/grub-core/lib/crypto.c
> > +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned
> > buf_size)
> > +
> > + if (key == '\b')
> > + {
> > +- cur_len--;
> > ++ if (cur_len)
> > ++ cur_len--;
> > + continue;
> > + }
> > +
> > +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
> > +index c6bd96e..8615c48 100644
> > +--- a/grub-core/normal/auth.c
> > ++++ b/grub-core/normal/auth.c
> > +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
> > buf_size)
> > +
> > + if (key == '\b')
> > + {
> > +- cur_len--;
> > +- grub_printf ("\b");
> > ++ if (cur_len)
> > ++ {
> > ++ cur_len--;
> > ++ grub_printf ("\b");
> > ++ }
> > + continue;
> > + }
> > +
> > +--
> > +cgit v0.9.0.2
> > diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-
> > bsp/grub/grub-efi_2.00.bb
> > index 7674255..6822e7a 100644
> > --- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
> > +++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> > @@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.ta
> > r.gz \
> > file://grub-2.00-add-oe-kernel.patch \
> > file://grub-efi-fix-with-glibc-2.20.patch \
> > file://0001-parse_dhcp_vendor-Add-missing-const-
> > qualifiers.patch \
> > + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-
> > vulnerability.patch \
> > "
> > SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> > SRC_URI[sha256sum] =
> > "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
> > diff --git a/meta/recipes-bsp/grub/grub_2.00.bb b/meta/recipes-
> > bsp/grub/grub_2.00.bb
> > index d4df676..94b6da9 100644
> > --- a/meta/recipes-bsp/grub/grub_2.00.bb
> > +++ b/meta/recipes-bsp/grub/grub_2.00.bb
> > @@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.ta
> > r.gz \
> > file://fix-endianness-problem.patch \
> > file://grub2-remove-sparc64-setup-from-x86-builds.patch \
> > file://0001-parse_dhcp_vendor-Add-missing-const-
> > qualifiers.patch \
> > + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-
> > vulnerability.patch \
> > "
> >
> > SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> > --
> > 1.9.1
> >
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160107/c6070623/attachment-0002.html>
More information about the Openembedded-core
mailing list