Commit graph

9408 commits

Author SHA1 Message Date
Hector Marco-Gisbert
451d80e52d Fix security issue when reading username and password
This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
2015-12-16 07:57:18 +03:00
Andrei Borzenkov
ff5726b878 NEWS: more additions
Also-By: Robert Elliott <elliott@hpe.com>
2015-12-15 10:43:12 +03:00
Robert Elliott
76ce1de740 Translate UEFI persistent memory type
Define
* GRUB_EFI_PERSISTENT_MEMORY (UEFI memory map type 14) per UEFI 2.5
* GRUB_MEMORY_PERSISTENT (E820 type 7) per ACPI 3.0
* GRUB_MEMORY_PERSISTENT_LEGACY (E820 unofficial type 12) per ACPI 3.0

and translate GRUB_EFI_PERSISTENT_MEMORY to GRUB_MEMORY_PERSISTENT in
grub_efi_mmap_iterate().

Includes
* adding the E820 names to lsmmap
* handling the E820 types in make_efi_memtype()

Suggested-by: Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
Suggested-by: Andrei Borzenkov <arvidjaar@gmail.com>
2015-12-15 10:25:34 +03:00
Vladimir Serbinenko
4803db51ff Document bootlocation discovery limitations and xen platform limitations 2015-12-14 16:21:24 +01:00
Josef Bacik
fb47807918 tcp: ack when we get an OOO/lost packet
While adding tcp window scaling support I was finding that I'd get some packet
loss or reordering when transferring from large distances and grub would just
timeout.  This is because we weren't ack'ing when we got our OOO packet, so the
sender didn't know it needed to retransmit anything, so eventually it would fill
the window and stop transmitting, and we'd time out.  Fix this by ACK'ing when
we don't find our next sequence numbered packet.  With this fix I no longer time
out.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-12-07 20:52:27 +03:00
Michael Chang
a03c1034f6 i386: fix TSC calibration using PIT
Condition was accidentally reversed, so PIT calibration always failed
when PIT was present and always succeeded when PIT was missing, but in
the latter case resulted in absurdly fast clock.

Reported and tested by Vitaly Kuznetsov <vkuznets@redhat.com>
2015-12-01 18:49:38 +03:00
Andrei Borzenkov
346a494d7c Do not include generated gnulib headers in tarball
gnulib files are already handled by recursive make distdir invocation.
Including all generated headers (after make completed) causes build
failure if target system is different (different compile version etc).
2015-11-28 21:11:34 +03:00
Andrei Borzenkov
f4c143789a Replace numbers with grub_memory_type_t enums 2015-11-27 19:52:16 +03:00
Andrei Borzenkov
a261842785 configure: fix macports flex version detection
Macports add extra information after version itself:

$flex --version
flex 2.5.35 Apple(flex-31)

We require at least felx 2.5.35 so do not need to care about prehistoric
"flex version n.n.n"; just use second field always.

Reported by Peter Cheung <mcheung63@hotmail.com>
2015-11-27 19:42:23 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
3d2c8048da efi: really mark memory of unknown type as reserved
9be4c45dbe added switch case between
fall through cases, causing all memory regions of unknown type to be
marked as available.

Move default case into its own block and add explicit FALLTHROUGH
annotation.

Reported by Elliott, Robert (Persistent Memory) <elliott@hpe.com>
2015-11-26 19:50:42 +03:00
Josef Bacik
f9d1b4422e net: reset nb->data per dns record lookup loop
We were resetting nb->data every time we tried a new server, but we need to do
it every time we try for a different record, otherwise we don't end up falling
back to the A record properly.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-11-24 20:48:16 +03:00
Andrei Borzenkov
6a46cbcc5c unix: do not close stdin in grub_passwd_get
This makes it impossible to read from stdin without controlling tty:

10:/mnt # echo -e passwd\\npasswd | setsid ./grub-mkpasswd-pbkdf2
Enter password:
Reenter password: ./grub-mkpasswd-pbkdf2: error: failure to read password.
10:/mnt
2015-11-18 22:23:58 +03:00
Andrei Borzenkov
50d6f38feb lsefisystab: add missing comma after 7994077 2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9 Add some UUIDs found in the hardware 2015-11-14 17:57:35 +03:00
Konstantin Vlasov
5646e03dba gfxterm: fix calculation of terminal-top and terminal-height
They used screen width, not height.
2015-11-13 21:54:19 +03:00
Paulo Flabiano Smorigo
c899d9f42c ofdisk: add sas disks to the device list 2015-11-12 09:23:02 -02:00
Vladimir Serbinenko
e0bd66c314 multiboot: Don't rely on particular ordering of options. 2015-11-12 11:54:38 +01:00
Vladimir Serbinenko
95ba04606f multiboot_mbi: Fix handling of --quirk-bad-kludge. 2015-11-12 11:54:13 +01:00
Fu Wei
a771a7b9f6 xen_boot: Remove useless file_name_index variable. 2015-11-12 11:33:55 +01:00
Fu Wei
fb94736fe8 Document ARM64 xen commands 2015-11-12 11:32:01 +01:00
Vladimir Serbinenko
323ef2bdc3 asm-tests/i386-pc: Check that near jumps are 2 bytes.
We already check that jump over 300 bytes gap is 3 bytes in code16-mode.
Some clang versions generate 3-byte opcode for short jumps which makes
boot.img blow over 512-byte limit. Enforce -no-integrated-as in such cases
2015-11-11 18:14:25 +00:00
Paulo Flabiano Smorigo
a50dbb743e ofdisk: add a comment about vscsi method 2015-11-10 21:20:20 -02:00
Vladimir Serbinenko
25a9b8f208 fdt.mod: Move license tag to the right file. 2015-11-09 16:15:30 +01:00
Fu Wei
372400b419 fdt.mod: Add missing license tag. 2015-11-09 15:27:59 +01:00
Vladimir Serbinenko
254f92815b kern/elf: Ignore cast-align warnings 2015-11-09 11:39:30 +01:00
Vladimir Serbinenko
cb28250cfc cbfs: Fix corner case and compilation with recdent gcc
Accept the header to touch the jump address at 0xfffffff0.

Fix compilation for 64-bit EFI with recent GCC.
2015-11-09 03:24:04 +01:00
Vladimir Serbinenko
4656ced41c fstester: Enforce LC_ALL=C 2015-11-08 22:39:36 +01:00
Vladimir Serbinenko
b2fc9acdc9 Adapt build-system to use imported xen headers. 2015-11-08 21:24:18 +01:00
Vladimir Serbinenko
e07badcc31 Import xen headers directly into GRUB 2015-11-08 21:23:52 +01:00
Vladimir Serbinenko
855fe6869c cbfs: Check for ptr range sanity.
Triaged by Andrei and enhanced with suggestions by Aaron Durbin
Also-By: Andrei Borzenkov <arvidjaar@gmail.com>
2015-11-08 20:34:30 +01:00
Vladimir Serbinenko
a39137aefe Remove reliance C.UTF-8 2015-11-08 20:23:15 +01:00
Vladimir Serbinenko
db97faec91 genmoddep.awk: Add a test that we have no circular dependencies 2015-11-08 20:00:27 +01:00
Vladimir Serbinenko
7cc27aeda9 Makefile.core.def: Break circular dependency on arm64. 2015-11-08 18:47:53 +01:00
Vladimir Serbinenko
ae66efc63b autogen: Use cp instead of ln -s.
libgcrypt-grub shouldn't be modified directly anyway. With this patch
tarball without contrib can be unpacked on FAT and stay usable for
out-of-tree compile on full POSIX FS (compile on FAT not tested).
2015-11-08 18:45:57 +01:00
Andrei Borzenkov
c054020581 partmap_test: check that parted is available
Skip test if parted is unavailable instead of returning false failure.
2015-11-07 23:42:35 +03:00
grub-devel@iam.tj
c7f93a20c4 cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45889)
It is not possible to configure encrypted containers on multiple partitions of
the same disk; after the first one all subsequent fail with

disk/cryptodisk.c:978: already mounted as crypto0

Store partition offset in cryptomount descriptor to distinguish between them.
2015-11-07 18:52:59 +03:00
Andrey Borzenkov
bcf8c5814d doc: document config_directory and config_file variables 2015-11-07 17:03:38 +03:00
Andrei Borzenkov
dff8d0e3f5 unix/getroot: remove unused MAJOR definition
We use major() everywhere, these definitions just add to confusion.
2015-11-07 17:02:21 +03:00
Andrei Borzenkov
c1fbc26203 Add comments to code for commit d313218 2015-11-07 13:01:23 +03:00
Andrei Borzenkov
349a381df0 devmapper/getroot: use makedev instead of direct shift
Fixes device detection with large number of devices.

Reported by Tim Wallberg <twalberg@comcast.net>
2015-11-07 09:46:46 +03:00
Andrei Borzenkov
1018e91dce mkimage: zero fill alignment space
This did not cause real problem but is good for reproducible builds. I hit
it with recent bootinfoscript that displays embedded config; I was puzzled
by random garbage at the end.

Prezero memory buffer used to assemble core.img. This makes individual
memset redundant. Also ensure buffer is filled with zeroes in several other
places.

Also remove redundant zeroing code where we fill in the whole memory block
anyway.
2015-11-06 21:33:28 +03:00
Vladimir Serbinenko
cd6d79cda2 configure.ac: Explicitly add -mno-sse3 on x86. 2015-11-06 04:32:34 +01:00
Vladimir Serbinenko
5b7b4d9781 README: Remove dead link to the wiki 2015-11-06 04:31:23 +01:00
Andrei Borzenkov
33b1103e30 NEWS: mention powerpc64le support 2015-10-29 21:29:12 +03:00
Ignat Korchagin
43c8310244 tcp: Fix uninited mac address when accepting connection. 2015-10-29 16:30:28 +01:00
Fu Wei
83cb45e982 arm64: Add support for xen boot protocol. 2015-10-29 15:24:20 +01:00
Vladimir Serbinenko
4d0cb75538 arm64: Move FDT functions to separate module 2015-10-29 14:06:45 +01:00
Andrei Borzenkov
5fcde03bf1 efi: fix warnings with recent GCC
../../grub-core/term/efi/console.c:128:32: error: suggest parentheses around '&&' within '||' [-Werror=parentheses]
   if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f
2015-10-27 23:30:54 +03:00
Eric Snowberg
0b72543afd ofdisk: Fix devpath freeing logic. 2015-10-26 23:03:06 +01:00