[openwrt/openwrt] grub2: update to 2.06

LEDE Commits lede-commits at lists.infradead.org
Mon Jun 21 12:02:41 PDT 2021 

aparcar pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/2c9537e27495afdf929975c8a154cc66de902df0

commit 2c9537e27495afdf929975c8a154cc66de902df0
Author: Dirk Neukirchen <plntyk.lede at plntyk.name>
AuthorDate: Thu Jun 10 12:15:58 2021 +0200

    grub2: update to 2.06
    
    -300-CVE-2015-8370.patch is upstreamed with different code
    (upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2)
    
    - fixup OpenWrts setup_root patch
    
    compile tested: x86_64,i386
    runtime tested: VM x86_64,VM i386
    
    - booted fine
    - grub-editenv worked
    
    Signed-off-by: Dirk Neukirchen <plntyk.lede at plntyk.name>
---
 package/boot/grub2/Makefile                        |  6 ++--
 .../boot/grub2/patches/100-grub_setup_root.patch   | 32 ++++++++---------
 package/boot/grub2/patches/300-CVE-2015-8370.patch | 40 ----------------------
 3 files changed, 19 insertions(+), 59 deletions(-)

diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile
index 3cdb608cbf..9c67ff589b 100644
--- a/package/boot/grub2/Makefile
+++ b/package/boot/grub2/Makefile
@@ -7,12 +7,12 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=grub
 PKG_CPE_ID:=cpe:/a:gnu:grub2
-PKG_VERSION:=2.06~rc1
+PKG_VERSION:=2.06
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub
-PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484
+PKG_SOURCE_URL:=@GNU/grub
+PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1
 
 HOST_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=grub2/host
diff --git a/package/boot/grub2/patches/100-grub_setup_root.patch b/package/boot/grub2/patches/100-grub_setup_root.patch
index e075d052cb..f20b310e12 100644
--- a/package/boot/grub2/patches/100-grub_setup_root.patch
+++ b/package/boot/grub2/patches/100-grub_setup_root.patch
@@ -18,24 +18,24 @@
  
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
-@@ -1720,7 +1720,7 @@ main (int argc, char *argv[])
- 	/*  Now perform the installation.  */
+@@ -1721,7 +1721,7 @@ main (int argc, char *argv[])
  	if (install_bootsector)
- 	  grub_util_bios_setup (platdir, "boot.img", "core.img",
--				install_drive, force,
-+				NULL, install_drive, force,
- 				fs_probe, allow_floppy, add_rs_codes,
- 				!grub_install_is_short_mbrgap_supported ());
- 	break;
-@@ -1747,7 +1747,7 @@ main (int argc, char *argv[])
- 	/*  Now perform the installation.  */
+ 	  {
+ 	    grub_util_bios_setup (platdir, "boot.img", "core.img",
+-				  install_drive, force,
++				  NULL, install_drive, force,
+ 				  fs_probe, allow_floppy, add_rs_codes,
+ 				  !grub_install_is_short_mbrgap_supported ());
+ 
+@@ -1752,7 +1752,7 @@ main (int argc, char *argv[])
  	if (install_bootsector)
- 	  grub_util_sparc_setup (platdir, "boot.img", "core.img",
--				 install_drive, force,
-+				 NULL, install_drive, force,
- 				 fs_probe, allow_floppy,
- 				 0 /* unused */, 0 /* unused */ );
- 	break;
+ 	  {
+ 	    grub_util_sparc_setup (platdir, "boot.img", "core.img",
+-				   install_drive, force,
++				   NULL, install_drive, force,
+ 				   fs_probe, allow_floppy,
+ 				   0 /* unused */, 0 /* unused */ );
+ 
 --- a/util/grub-setup.c
 +++ b/util/grub-setup.c
 @@ -87,6 +87,8 @@ static struct argp_option options[] = {
diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch
deleted file mode 100644
index 22f6c90928..0000000000
--- a/package/boot/grub2/patches/300-CVE-2015-8370.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hector Marco-Gisbert <hecmargi at upv.es>
-Date: Fri, 13 Nov 2015 16:21:09 +0100
-Subject: [PATCH] Fix security issue when reading username and password
-
-  This patch fixes two integer underflows at:
-    * grub-core/lib/crypto.c
-    * grub-core/normal/auth.c
-
-Resolves: CVE-2015-8370
-
-Signed-off-by: Hector Marco-Gisbert <hecmargi at upv.es>
-Signed-off-by: Ismael Ripoll-Ripoll <iripoll at disca.upv.es>
----
- grub-core/lib/crypto.c  | 2 +-
- grub-core/normal/auth.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
---- a/grub-core/lib/crypto.c
-+++ b/grub-core/lib/crypto.c
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
- 	  break;
- 	}
- 
--      if (key == '\b')
-+      if (key == '\b' && cur_len)
- 	{
- 	  if (cur_len)
- 	    cur_len--;
---- a/grub-core/normal/auth.c
-+++ b/grub-core/normal/auth.c
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
- 	  break;
- 	}
- 
--      if (key == GRUB_TERM_BACKSPACE)
-+      if (key == GRUB_TERM_BACKSPACE && cur_len)
- 	{
- 	  if (cur_len)
- 	    {

More information about the lede-commits mailing list