[OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
Joshua Lock
joshuagloe at gmail.com
Mon Jan 11 11:14:59 UTC 2016
On 8 January 2016 at 10:45, Belal, Awais <Awais_Belal at mentor.com> wrote:
> Hi Armin,
>
> Thanks a lot.
>
> Can you please share the diff? I am just asking because Joshua is seeing
> the same sort of issue with the fido branch while my local setup does not
> complain there either.
>
I've cherry-picked the change from Armin's branch onto my
joshuagl/fido-next branch.
Thanks,
Joshua
> BR,
> Awais
>
> ________________________________________
> From: akuster808 [akuster808 at gmail.com]
> Sent: Friday, January 08, 2016 7:32 AM
> To: Belal, Awais
> Cc: openembedded-core at lists.openembedded.org
> Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
>
> Awais,
>
>
>
> hand applied. merged and pushed to
>
> git.yoctoproject.org/poky-contrib.git akuster/dizzy-next
>
> thanks,
> Armin
>
> On 01/07/2016 01:56 AM, Belal, Awais wrote:
> > Hi Armin,
> >
> > With dizzy-next from your fork
> >
> > awais at alpha:~/yocto/build-dizzy-akuster$ bitbake -c patch grub
> > Parsing recipes: 100%
> |##############################################################| Time:
> 00:00:46
> > Parsing of 1458 .bb files complete (0 cached, 1458 parsed). 1914
> targets, 66 skipped, 0 masked, 0 errors.
> > NOTE: Resolving any missing task queue dependencies
> >
> > Build Configuration:
> > BB_VERSION = "1.24.0"
> > BUILD_SYS = "x86_64-linux"
> > NATIVELSBSTRING = "Ubuntu-14.04"
> > TARGET_SYS = "x86_64-poky-linux"
> > MACHINE = "amdfalconx86"
> > DISTRO = "poky"
> > DISTRO_VERSION = "1.7.3"
> > TUNE_FEATURES = "dbfp4"
> > TARGET_FPU = ""
> > meta
> > meta-yocto
> > meta-yocto-bsp =
> "akuster/dizzy-next:4807ff0ca0abf085e6b81257534a4a62fde88d16"
> > common
> > meta-amdfalconx86 =
> "(detachedfromorigin/dizzy):84ae10ad68c7b253ab87558c5a6df057c9a84f08"
> > meta-oe
> > meta-python =
> "(detachedfromorigin/dizzy):7f1df52e9409edcc4d4cd5f34694f8740f56e1bf"
> >
> > NOTE: Preparing runqueue
> > NOTE: Executing SetScene Tasks
> > NOTE: Executing RunQueue Tasks
> > NOTE: Tasks Summary: Attempted 10 tasks of which 0 didn't need to be
> rerun and all succeeded.
> > awais at alpha:~/yocto/build-dizzy-akuster$ ls
> tmp/work/dbfp4-poky-linux/grub/2.00-r1/
> > 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> > 0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch
> > check-if-liblzma-is-disabled.patch
> > fix-endianness-problem.patch
> > fix-issue-with-flex-2.5.37.patch
> > grub-2.00
> > grub-2.00-add-oe-kernel.patch
> > grub-2.00-fpmath-sse-387-fix.patch
> > grub2-remove-sparc64-setup-from-x86-builds.patch
> > grub-install.in.patch
> > remove-gets.patch
> > temp
> > awais at alpha:~/yocto/build-dizzy-akuster$
> >
> > Pretty odd what's happening :)
> >
> > BR,
> > Awais
> >
> > ________________________________________
> > From: akuster808 [akuster808 at gmail.com]
> > Sent: Wednesday, January 06, 2016 10:15 PM
> > To: Belal, Awais
> > Cc: openembedded-core at lists.openembedded.org
> > Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
> >
> > Awais,
> >
> > this is what I am seeing.
> >
> > NOTE: Executing RunQueue Tasks
> > ERROR: Command Error: exit status: 1 Output:
> > Applying patch 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> > patching file grub-core/lib/crypto.c
> > Hunk #1 FAILED at 470.
> > 1 out of 1 hunk FAILED -- rejects in file grub-core/lib/crypto.c
> > patching file grub-core/normal/auth.c
> > Hunk #1 FAILED at 174.
> > 1 out of 1 hunk FAILED -- rejects in file grub-core/normal/auth.c
> > Patch 0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch does
> > not apply (enforce with -f)
> > ERROR: Function failed: patch_do_patch
> > ERROR: Logfile of failure stored in:
> >
> /home/akuster/oss/maint/mylayers/poky/build/tmp/work/i586-poky-linux/grub/2.00-r1/temp/log.do_patch.3029
> > ERROR: Task 1
> > (/home/akuster/oss/maint/mylayers/poky/meta/recipes-bsp/grub/
> grub_2.00.bb,
> > do_patch) failed with exit code '1'
> >
> >
> > I am using my contrib akuster/dizzy-next.
> >
> > I will hand fixup the changes. please give me a few days.
> >
> > - armin
> >
> >
> > On 01/06/2016 01:43 AM, Belal, Awais wrote:
> >> Ping!
> >>
> >> BR,
> >> Awais
> >>
> >> ________________________________________
> >> From: openembedded-core-bounces at lists.openembedded.org [
> openembedded-core-bounces at lists.openembedded.org] on behalf of Belal,
> Awais
> >> Sent: Monday, January 04, 2016 12:53 PM
> >> To: akuster808
> >> Cc: openembedded-core at lists.openembedded.org
> >> Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
> >>
> >> Hi Armin,
> >>
> >> Odd, applies cleanly on dizzy for me. Can you please share the patch
> log?
> >>
> >> On a scratch build dir, I get the following:
> >> --------------------------------------------------------------
> >> awais at alpha:~/yocto/build-dizzy$ bitbake -c patch grub
> >> Parsing recipes: 100%
> |#############################################################| Time:
> 00:00:36
> >> Parsing of 1458 .bb files complete (0 cached, 1458 parsed). 1914
> targets, 66 skipped, 0 masked, 0 errors.
> >> NOTE: Resolving any missing task queue dependencies
> >>
> >> Build Configuration:
> >> BB_VERSION = "1.24.0"
> >> BUILD_SYS = "x86_64-linux"
> >> NATIVELSBSTRING = "Ubuntu-14.04"
> >> TARGET_SYS = "x86_64-poky-linux"
> >> MACHINE = "amdfalconx86"
> >> DISTRO = "poky"
> >> DISTRO_VERSION = "1.7.3"
> >> TUNE_FEATURES = "dbfp4"
> >> TARGET_FPU = ""
> >> meta
> >> meta-yocto
> >> meta-yocto-bsp =
> "(detachedfromorigin/dizzy):6d34267e0a13e10ab91b60590b27a2b5ba3b7da6"
> >> common
> >> meta-amdfalconx86 =
> "(detachedfromorigin/dizzy):84ae10ad68c7b253ab87558c5a6df057c9a84f08"
> >> meta-oe
> >> meta-python =
> "(detachedfromorigin/dizzy):7f1df52e9409edcc4d4cd5f34694f8740f56e1bf"
> >>
> >> NOTE: Preparing runqueue
> >> NOTE: Executing SetScene Tasks
> >> NOTE: Executing RunQueue Tasks
> >> NOTE: Tasks Summary: Attempted 10 tasks of which 0 didn't need to be
> rerun and all succeeded.
> >> awais at alpha:~/yocto/build-dizzy$
> >> --------------------------------------------------------------
> >>
> >> BR,
> >> Awais
> >>
> >> ________________________________________
> >> From: akuster808 [akuster808 at gmail.com]
> >> Sent: Monday, January 04, 2016 7:13 AM
> >> To: Belal, Awais
> >> Cc: openembedded-core at lists.openembedded.org
> >> Subject: Re: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
> >>
> >> On 12/31/15 5:38 AM, Belal, Awais wrote:
> >> Awais,
> >>
> >>> Ping!
> >> This patch does not apply to the current dizzy branch.
> >>
> >> is there a dependency patch I missed to apply?
> >>
> >> regards,
> >> Armin
> >>>
> >>> BR,
> >>> Awais
> >>>
> >>> ________________________________________
> >>> From: openembedded-core-bounces at lists.openembedded.org [
> openembedded-core-bounces at lists.openembedded.org] on behalf of Belal,
> Awais
> >>> Sent: Wednesday, December 23, 2015 4:20 PM
> >>> To: openembedded-core at lists.openembedded.org
> >>> Subject: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
> >>>
> >>>
> http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
> >>>
> >>> Signed-off-by: Awais Belal <awais_belal at mentor.com>
> >>> ---
> >>> ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 52
> ++++++++++++++++++++++
> >>> meta/recipes-bsp/grub/grub-efi_2.00.bb | 1 +
> >>> meta/recipes-bsp/grub/grub_2.00.bb | 1 +
> >>> 3 files changed, 54 insertions(+)
> >>> create mode 100644
> meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> >>>
> >>> diff --git
> a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> >>> new file mode 100644
> >>> index 0000000..f9252e9
> >>> --- /dev/null
> >>> +++
> b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> >>> @@ -0,0 +1,52 @@
> >>> +Upstream-Status: Accepted
> >>> +Signed-off-by: Awais Belal <awais_belal at mentor.com>
> >>> +
> >>> +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
> >>> +From: Hector Marco-Gisbert <hecmargi at upv.es>
> >>> +Date: Wed, 16 Dec 2015 04:57:18 +0000
> >>> +Subject: Fix security issue when reading username and password
> >>> +
> >>> +This patch fixes two integer underflows at:
> >>> + * grub-core/lib/crypto.c
> >>> + * grub-core/normal/auth.c
> >>> +
> >>> +CVE-2015-8370
> >>> +
> >>> +Signed-off-by: Hector Marco-Gisbert <hecmargi at upv.es>
> >>> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll at disca.upv.es>
> >>> +Also-By: Andrey Borzenkov <arvidjaar at gmail.com>
> >>> +---
> >>> +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
> >>> +index 010e550..683a8aa 100644
> >>> +--- a/grub-core/lib/crypto.c
> >>> ++++ b/grub-core/lib/crypto.c
> >>> +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
> >>> +
> >>> + if (key == '\b')
> >>> + {
> >>> +- cur_len--;
> >>> ++ if (cur_len)
> >>> ++ cur_len--;
> >>> + continue;
> >>> + }
> >>> +
> >>> +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
> >>> +index c6bd96e..8615c48 100644
> >>> +--- a/grub-core/normal/auth.c
> >>> ++++ b/grub-core/normal/auth.c
> >>> +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
> >>> +
> >>> + if (key == '\b')
> >>> + {
> >>> +- cur_len--;
> >>> +- grub_printf ("\b");
> >>> ++ if (cur_len)
> >>> ++ {
> >>> ++ cur_len--;
> >>> ++ grub_printf ("\b");
> >>> ++ }
> >>> + continue;
> >>> + }
> >>> +
> >>> +--
> >>> +cgit v0.9.0.2
> >>> diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb
> b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> >>> index 7674255..6822e7a 100644
> >>> --- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
> >>> +++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> >>> @@ -30,6 +30,7 @@ SRC_URI = "
> ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
> >>> file://grub-2.00-add-oe-kernel.patch \
> >>> file://grub-efi-fix-with-glibc-2.20.patch \
> >>>
> file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> >>> +
> file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
> >>> "
> >>> SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> >>> SRC_URI[sha256sum] =
> "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
> >>> diff --git a/meta/recipes-bsp/grub/grub_2.00.bb
> b/meta/recipes-bsp/grub/grub_2.00.bb
> >>> index d4df676..94b6da9 100644
> >>> --- a/meta/recipes-bsp/grub/grub_2.00.bb
> >>> +++ b/meta/recipes-bsp/grub/grub_2.00.bb
> >>> @@ -25,6 +25,7 @@ SRC_URI = "
> ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
> >>> file://fix-endianness-problem.patch \
> >>> file://grub2-remove-sparc64-setup-from-x86-builds.patch \
> >>>
> file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> >>> +
> file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
> >>> "
> >>>
> >>> SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> >>> --
> >>> 1.9.1
> >>>
> >>> --
> >>> _______________________________________________
> >>> Openembedded-core mailing list
> >>> Openembedded-core at lists.openembedded.org
> >>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >>
> >> --
> >> _______________________________________________
> >> Openembedded-core mailing list
> >> Openembedded-core at lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160111/05e04117/attachment-0002.html>
More information about the Openembedded-core
mailing list