diff options
author | Dirk Neukirchen <plntyk.lede@plntyk.name> | 2021-06-10 12:15:58 +0200 |
---|---|---|
committer | Paul Spooren <mail@aparcar.org> | 2021-06-21 09:02:26 -1000 |
commit | 2c9537e27495afdf929975c8a154cc66de902df0 (patch) | |
tree | 11a2dcaded00aee65bc26d520a0c72e45b2b96bc /package/boot/grub2/patches/300-CVE-2015-8370.patch | |
parent | f1e41155c98cb5f2e0647e064ec0b3cfbf346e41 (diff) | |
download | upstream-2c9537e27495afdf929975c8a154cc66de902df0.tar.gz upstream-2c9537e27495afdf929975c8a154cc66de902df0.tar.bz2 upstream-2c9537e27495afdf929975c8a154cc66de902df0.zip |
grub2: update to 2.06
-300-CVE-2015-8370.patch is upstreamed with different code
(upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2)
- fixup OpenWrts setup_root patch
compile tested: x86_64,i386
runtime tested: VM x86_64,VM i386
- booted fine
- grub-editenv worked
Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
Diffstat (limited to 'package/boot/grub2/patches/300-CVE-2015-8370.patch')
-rw-r--r-- | package/boot/grub2/patches/300-CVE-2015-8370.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch deleted file mode 100644 index 22f6c90928..0000000000 --- a/package/boot/grub2/patches/300-CVE-2015-8370.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - if (cur_len) - cur_len--; ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned - break; - } - -- if (key == GRUB_TERM_BACKSPACE) -+ if (key == GRUB_TERM_BACKSPACE && cur_len) - { - if (cur_len) - { |