summaryrefslogtreecommitdiff
path: root/sys-boot/grub
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-09-17 05:16:32 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-09-17 05:16:32 +0100
commit8900e3e6f840b95c1c8126f9c283ca5c99f5f4fd (patch)
tree98a756d04cd2d068833a219fe02a7feaf960f87a /sys-boot/grub
parent3b827127cdc24d49f3dbaa82def6c80501d2cd87 (diff)
gentoo auto-resync : 17:09:2022 - 05:16:32
Diffstat (limited to 'sys-boot/grub')
-rw-r--r--sys-boot/grub/Manifest3
-rw-r--r--sys-boot/grub/files/grub-2.06-grub-mkconfig-restore-umask.patch41
-rw-r--r--sys-boot/grub/grub-2.06-r3.ebuild (renamed from sys-boot/grub/grub-2.06-r2.ebuild)1
3 files changed, 44 insertions, 1 deletions
diff --git a/sys-boot/grub/Manifest b/sys-boot/grub/Manifest
index 1c2573048f26..2b8e78118a9b 100644
--- a/sys-boot/grub/Manifest
+++ b/sys-boot/grub/Manifest
@@ -1,6 +1,7 @@
AUX gfxpayload.patch 1118 BLAKE2B 4104fc696535b1c3feba5876bccc64f9b2e52319ee992c59e7f17b8310cc9addf7545630fff78c73ca3f4b0dcd44e1bf69f4df5264d6f58777f7e5aeae93cbcb SHA512 00324825c369902a0383b792cd21e161853eadccbdc5abe2420f2d443bf6a74f72be6c15243107b936acd38c3547387c3771dc2cb566003c4c754c9260b4aa00
AUX grub-2.02_beta2-KERNEL_GLOBS.patch 2355 BLAKE2B c120f06d3597a2ff9566778afd69d80a814904726e47766b7582626d182a2703e54fd69ecf00b54bcc5541e22a3d93ff8b85c9cf8d0440623454e8e7da3aaa91 SHA512 23416ac17838f101ed73103af6aa7305609667f47288bfa3bd5ae80d1123da664ba6f9b518451b0bd5f528e069893a51444d203953be0b0644790cea0b4b9cf0
AUX grub-2.06-binutils-2.36.patch 1894 BLAKE2B 10bfce5c3c05f711a430a6f1c67e840e7ef0adaf2ecb4825c069106ef9e25f7e1f3bbf07b054cc38cf88fb37bcdfd8d4366548385fdd51a3dc4179177c054984 SHA512 8c35663ef72683bd23c18e75134a0ddb1bb9a7c053ed87691e2ac5c9765fdf802761a6ad54f8bdc7999679d9cc5ebea9c01f1c0f615ac90505f7a398129d157b
+AUX grub-2.06-grub-mkconfig-restore-umask.patch 1377 BLAKE2B ea5369b79a1ec0dbb4e212749a406aa361a5f12baf38737e273b19fb94eba78d7734bd532d91f40889f0cc7f0573d1a247baa548b6ac1963961181a85ff928ce SHA512 e899e6f0575e35b747aae6d14140dcecb453485abf0f7d53649fe35301313d7de16a350301a53e476d4b18ad1909ed4d4ce26cbd986728154137c970c7ce3bca
AUX grub-2.06-test-words.patch 2553 BLAKE2B 21d6167945b461be7cc73198451ae0dc15ce0dfe2a301342f1a3bb75d6fcb5d73da9997fb8a93f36dffb43a351f056a1a4db9eed3147b0f3e77c65034b805c64 SHA512 627422377bdad97d0197f178814d6616a0f7ec07357182b00166a455d38ba0c5a60185c5febf4dfb7a11b35f26c7af607508cb5f418acdb7290517240fbd99e4
AUX grub-2.06-xfs-v4.patch 4440 BLAKE2B 8682d2b9520f96b098160d431906059537a6d09f4af36e4e8453e9fd821f774f49db50b24c16f650eff3ac69848573ed9a988859426829ef5b9f43c7189eead2 SHA512 743203685dca932f2f6c3d6fa85cef8631cfe8dae4afc25e7cfd50de6351e3f5974d4dded5127efb3d7f3b0cf94b60c5435135f05c6c4d9a90eb724b40076dbb
AUX grub.default-3 2528 BLAKE2B c32de43644eca5fae8d8d727ff443600917a93e015f8a83dde555e3bca7506a817b08a2fc926970eeb5b7f40028f4951c6cdcd281f9fc0b6504f26c8e76bf0c5 SHA512 505960e62b44c70af0a90c7ff486bd57101831d7c6e9d80084013e374070ff02b40f77b0790aebb926e1e0854e375867cba1d4977dbb00c2ba54ebaa9f6a1a0b
@@ -8,6 +9,6 @@ DIST dejavu-sans-ttf-2.37.zip 417746 BLAKE2B c8904f3cd5a49370a7dc10e456684c88aea
DIST grub-2.06-backports-r1.tar.xz 31900 BLAKE2B d8320eff8cebc408b7c4845d17adf82470407fd3837ab8508703f0f3b2bf5271d6ea8ec2cdf57461e77dd9b69458e9a9d197b533029df3637aad3656b2968b65 SHA512 2487a305ca3f969ed735df0ef181cc7caceffcfaf0126dbd8cceb19ce1062952404f0e5deeaa4f9431cafa94c40c2d57c77da17ea3da4ff62592e42e852b107a
DIST grub-2.06.tar.xz 6581924 BLAKE2B 2a40b9b03d7bb3b9e7b1309ab274d686f01b3c42e7035ebc6e5a0e59a59c3b7362ba518341664b314cb0dbc8222bb10ea05ce09f08ce9d58a293207cb909e417 SHA512 4f11c648f3078567e53fc0c74d5026fdc6da4be27d188975e79d9a4df817ade0fe5ad2ddd694238a07edc45adfa02943d83c57767dd51548102b375e529e8efe
DIST unifont-12.1.02.pcf.gz 1335424 BLAKE2B 97080312468e3f3c8aa6f49cef08f5622641e8c9c035f3ede1e09d8d98de4e78d3b23c8aba2e8070eb46cbebd2d55e8568e467d7f15f35aa8fc8db792b7e5f14 SHA512 b280b2db7cf5f480b0668c331130dede2c0cc87d5e02e44566b77787113d0f6604d0105522858288f2ac6b8e77df7a2d9878725013a6c778dc5bfb183156e2f0
-EBUILD grub-2.06-r2.ebuild 8048 BLAKE2B 6a8762f62ea69826e60e18960213f170f1441349f67576c32d34f1dd3969d5b95b0fe67ddb7d980b55c6b16455dbc0f84c6221f79211fb9e522bfedd913ec667 SHA512 faec37c131cfcc5473d39454a51ddc45ba4a38b7258888337e02fe01451710da7dcc303703ed02c122cde5b335f8a19fec9d200d69547df510af299dd8d8ce0b
+EBUILD grub-2.06-r3.ebuild 8107 BLAKE2B e108ad246d53fbfc3d1e88561525c0b6b834d07f599496f50fe21b056cf6237797f03952d999a9400fea5387111ed1880bf209d078e0cc9ad0856a79f8475346 SHA512 55fbde5ddf99b192f30eef13dcd096b4888338947cc693a42507ac152cf0652c0321c63a338445190adbad01b4e188d60de2c582763e9188b9e6f3e64a1e88b2
EBUILD grub-9999.ebuild 7940 BLAKE2B ec2c7cd1028e60c13db74c4e8ef1ae0edb2e26c41c03e58567b8431e9d90ca1d564b06a2c13df19f63bfce7e4654ee9a9e368e1f506b0690892326cd43e6ef0c SHA512 d555bf188380574d0ee33c639b60f19dcc6c36faabd984a01188c9aa3fe5f317c0ce0b18a4d11486659bd0f0dca174e6efd3e24c3c2046985c0bff129d4c3f7e
MISC metadata.xml 986 BLAKE2B 7c03fac1bf235c1d82e435926c5a9079a21eb16e9937c0ac4e6297bc2f129bc9022efa11c099df07fd9e3b6c47a13246e25ae1c4cc390878ead82394c9b9ed11 SHA512 eb62f4b746c87bf2756669d57e76e60f24cea493948b19429a45e52d02fc1a501b4465ba52940757409258f7ad0ceef0e0f473aeb80cbd9b693b866ae015f13c
diff --git a/sys-boot/grub/files/grub-2.06-grub-mkconfig-restore-umask.patch b/sys-boot/grub/files/grub-2.06-grub-mkconfig-restore-umask.patch
new file mode 100644
index 000000000000..e2a6414ef05b
--- /dev/null
+++ b/sys-boot/grub/files/grub-2.06-grub-mkconfig-restore-umask.patch
@@ -0,0 +1,41 @@
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea761..62335d0 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+ exit 1
+ else
+ # none of the children aborted with error, install the new grub.cfg
++ oldumask=$(umask)
++ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
++ umask $oldumask
+ rm -f ${grub_cfg}.new
+ fi
+ fi
+--
+cgit v1.1
+
diff --git a/sys-boot/grub/grub-2.06-r2.ebuild b/sys-boot/grub/grub-2.06-r3.ebuild
index 6373aeeb54b7..3331ce3f9b71 100644
--- a/sys-boot/grub/grub-2.06-r2.ebuild
+++ b/sys-boot/grub/grub-2.06-r3.ebuild
@@ -57,6 +57,7 @@ PATCHES=(
"${FILESDIR}"/gfxpayload.patch
"${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch
"${FILESDIR}"/grub-2.06-test-words.patch
+ "${FILESDIR}"/grub-2.06-grub-mkconfig-restore-umask.patch
)
DEJAVU=dejavu-sans-ttf-2.37