From: Neal Gompa <ngompa13@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
93sam@debian.org, alexander.burmashev@oracle.com,
chrco@microsoft.com, chris.coulson@canonical.com,
cjwatson@debian.org, corsac@debian.org, cperry@redhat.com,
darren.kenny@oracle.com, dja@axtens.net,
eric.snowberg@oracle.com, ilya.okomin@oracle.com,
ivansprundel@ioactive.com, jan.setjeeilers@oracle.com,
jaredz@redhat.com, Javier Martinez Canillas <javierm@redhat.com>,
jerecox@microsoft.com, john.haxby@oracle.com,
joseph.tartaro@ioactive.com,
Julian Andres Klode <julian.klode@canonical.com>,
kanth.ghatraju@oracle.com, km@mkukri.xyz,
konrad.wilk@oracle.com, mario.limonciello@dell.com,
mbenatto@redhat.com, mjg59@google.com, noamr@ssd-disclosure.com,
nyanko@10x.moe, pfsmorigo@canonical.com, phcoder@gmail.com,
Peter Jones <pjones@redhat.com>,
Richard Hughes <rhughes@redhat.com>,
sajacobu@microsoft.com, teddy.reed@gmail.com, tf@miray.de,
u.bauer@miray.de, xnox@ubuntu.com
Subject: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Date: Tue, 9 Mar 2021 10:57:36 -0500 [thread overview]
Message-ID: <CAEg-Je8DUUYQh1G2jxv8kbYrUr1AUhp2zwdqGxhJ3RHqVE-5xA@mail.gmail.com> (raw)
In-Reply-To: <20210302204950.fbppqrmkm5bmhnvz@tomti.i.net-space.pl>
On Tue, Mar 2, 2021 at 4:08 PM Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> Hi Adrian,
>
> On Tue, Mar 02, 2021 at 08:37:14PM +0100, John Paul Adrian Glaubitz wrote:
> > Hi Daniel!
> >
> > On 3/2/21 7:00 PM, Daniel Kiper wrote:
> > > The BootHole vulnerability [1][2] announced last year encouraged many people to
> > > take a closer look at the security of boot process in general and the GRUB
> > > bootloader in particular. Due to that, during past few months we were getting
> > > reports of, and also discovering various security flaws in the GRUB ourselves.
> > > You can find the list of most severe ones which got CVEs assigned at the end of
> > > this message. The patch bundle fixing all these issues in the upstream GRUB
> > > contains 117 patches.
> >
> > Huge thanks and kudos to everyone involved fixing all these vulnerabilities!
> >
> > Given the amount of patches, wouldn't it make sense to push an RC candidate
> > for 2.06 in the near future so that distributions can start shipping the pre-
> > release and avoiding to carry this large amount of patches?
>
> I am planning to cut 2.06-rc1 in matter of days...
>
Any status update on this? The delta between 2.04 and HEAD is huge,
and I'd rather have a release to work from now...
--
真実はいつも一つ!/ Always, there's only one truth!
next prev parent reply other threads:[~2021-03-09 15:58 UTC|newest]
Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-02 18:00 [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 001/117] verifiers: Move verifiers API to kernel image Daniel Kiper
2021-03-18 1:22 ` Colin Watson
2021-03-18 7:04 ` Michael Chang
2021-03-02 18:00 ` [SECURITY PATCH 002/117] efi: Move the shim_lock verifier to the GRUB core Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 003/117] kern: Add lockdown support Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 004/117] kern/lockdown: Set a variable if the GRUB is locked down Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 005/117] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 006/117] efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 007/117] acpi: Don't register the acpi command when locked down Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 008/117] mmap: Don't register cutmem and badram commands when lockdown is enforced Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 009/117] commands: Restrict commands that can load BIOS or DT blobs when locked down Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 010/117] commands/setpci: Restrict setpci command " Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 011/117] commands/hdparm: Restrict hdparm " Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 012/117] gdb: Restrict GDB access " Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 013/117] loader/xnu: Don't allow loading extension and packages " Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 014/117] docs: Document the cutmem command Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 015/117] dl: Only allow unloading modules that are not dependencies Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 017/117] mmap: Fix memory leak when iterating over mapped memory Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 018/117] net/net: Fix possible dereference to of a NULL pointer Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 019/117] net/tftp: Fix dangling memory pointer Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 020/117] kern/parser: Fix resource leak if argc == 0 Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 021/117] kern/efi: Fix memory leak on failure Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 023/117] gnulib/regexec: Resolve unused variable Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 024/117] gnulib/regcomp: Fix uninitialized token structure Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly NULL state Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 026/117] gnulib/regexec: Fix possible null-dereference Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 028/117] io/lzopio: Resolve unnecessary self-assignment errors Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully Daniel Kiper
2021-03-18 8:50 ` Paul Menzel
2021-03-18 9:37 ` Darren Kenny
2021-03-02 18:00 ` [SECURITY PATCH 030/117] kern/partition: Check for NULL before dereferencing input string Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before exiting from make_vg() Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 032/117] disk/ldm: If failed then free vg variable too Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 033/117] disk/ldm: Fix memory leak on uninserted lv references Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 034/117] disk/cryptodisk: Fix potential integer overflow Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 035/117] hfsplus: Check that the volume name length is valid Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 036/117] zfs: Fix possible negative shift operation Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 038/117] zfs: Fix possible integer overflows Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 039/117] zfsinfo: Correct a check for error allocating memory Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 040/117] affs: Fix memory leaks Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 041/117] libgcrypt/mpi: Fix possible unintended sign extension Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 042/117] libgcrypt/mpi: Fix possible NULL dereference Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 043/117] syslinux: Fix memory leak while parsing Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 044/117] normal/completion: Fix leaking of memory when processing a completion Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 046/117] commands/probe: Fix a resource leak when probing disks Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 047/117] video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info() Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 048/117] video/fb/fbfill: Fix potential integer overflow Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 049/117] video/fb/video_fb: Fix multiple integer overflows Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 051/117] video/readers/jpeg: Test for an invalid next marker reference from a jpeg file Daniel Kiper
2021-03-02 18:00 ` [SECURITY PATCH 052/117] gfxmenu/gui_list: Remove code that coverity is flagging as dead Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 053/117] loader/bsd: Check for NULL arg up-front Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 054/117] loader/xnu: Fix memory leak Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 055/117] loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 056/117] loader/xnu: Check if pointer is NULL before using it Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 057/117] util/grub-install: Fix NULL pointer dereferences Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a signed value Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 059/117] util/glue-efi: Fix incorrect use of a possibly negative value Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 060/117] script/execute: Fix NULL dereference in grub_script_execute_cmdline() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 061/117] commands/ls: Require device_name is not NULL before printing Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 062/117] script/execute: Avoid crash when using "$#" outside a function scope Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 063/117] lib/arg: Block repeated short options that require an argument Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 064/117] script/execute: Don't crash on a "for" loop with no items Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 065/117] commands/menuentry: Fix quoting in setparams_prefix() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 066/117] kern/misc: Always set *end in grub_strtoull() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 067/117] video/readers/jpeg: Catch files with unsupported quantization or Huffman tables Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 068/117] video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 069/117] video/readers/jpeg: Don't decode data before start of stream Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 070/117] term/gfxterm: Don't set up a font with glyphs that are too big Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 071/117] fs/fshelp: Catch impermissibly large block sizes in read helper Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 072/117] fs/hfsplus: Don't fetch a key beyond the end of the node Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 073/117] fs/hfsplus: Don't use uninitialized data on corrupt filesystems Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 074/117] fs/hfs: Disable under lockdown Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 075/117] fs/sfs: Fix over-read of root object name Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 076/117] fs/jfs: Do not move to leaf level if name length is negative Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 077/117] fs/jfs: Limit the extents that getblk() can consider Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 078/117] fs/jfs: Catch infinite recursion Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 079/117] fs/nilfs2: Reject too-large keys Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 080/117] fs/nilfs2: Don't search children if provided number is too large Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 082/117] io/gzio: Bail if gzio->tl/td is NULL Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 083/117] io/gzio: Add init_dynamic_block() clean up if unpacking codes fails Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 084/117] io/gzio: Catch missing values in huft_build() and bail Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 085/117] io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 086/117] disk/lvm: Don't go beyond the end of the data we read from disk Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 087/117] disk/lvm: Don't blast past the end of the circular metadata buffer Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 089/117] disk/lvm: Do not crash if an expected string is not found Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 090/117] disk/lvm: Do not overread metadata Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 091/117] disk/lvm: Sanitize rlocn->offset to prevent wild read Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 092/117] disk/lvm: Do not allow a LV to be it's own segment's node's LV Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/parities in RAID5/6 Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 094/117] fs/btrfs: Squash some uninitialized reads Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 095/117] kern/parser: Fix a memory leak Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 096/117] kern/parser: Introduce process_char() helper Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 097/117] kern/parser: Introduce terminate_arg() helper Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 098/117] kern/parser: Refactor grub_parser_split_cmdline() cleanup Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 099/117] kern/buffer: Add variable sized heap buffer Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 100/117] kern/parser: Fix a stack buffer overflow Daniel Kiper
2021-06-10 11:55 ` Paul Menzel
2021-06-28 22:12 ` Paul Menzel
2021-07-20 21:02 ` Chris Coulson
2021-03-02 18:01 ` [SECURITY PATCH 101/117] kern/efi: Add initial stack protector implementation Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 102/117] util/mkimage: Remove unused code to add BSS section Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 103/117] util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 104/117] util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 105/117] util/mkimage: Unify more of the PE32 and PE32+ header set-up Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 106/117] util/mkimage: Reorder PE optional header fields set-up Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 107/117] util/mkimage: Improve data_size value calculation Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 108/117] util/mkimage: Refactor section setup to use a helper Daniel Kiper
2021-03-18 8:38 ` John Paul Adrian Glaubitz
2021-03-20 15:05 ` John Paul Adrian Glaubitz
2021-03-20 15:06 ` John Paul Adrian Glaubitz
2021-03-23 19:16 ` John Paul Adrian Glaubitz
2021-03-23 19:35 ` Daniel Kiper
2021-03-23 20:32 ` John Paul Adrian Glaubitz
2021-03-02 18:01 ` [SECURITY PATCH 109/117] util/mkimage: Add an option to import SBAT metadata into a .sbat section Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 110/117] grub-install-common: Add --sbat option Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent Daniel Kiper
2021-03-02 18:01 ` [SECURITY PATCH 112/117] kern/misc: Split parse_printf_args() into format parsing and va_list handling Daniel Kiper
2021-03-02 18:02 ` [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling Daniel Kiper
2021-03-02 18:02 ` [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format Daniel Kiper
2021-03-18 1:30 ` Colin Watson
2021-03-02 18:02 ` [SECURITY PATCH 115/117] gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label Daniel Kiper
2021-03-02 18:02 ` [SECURITY PATCH 116/117] templates: Disable the os-prober by default Daniel Kiper
2021-03-02 21:49 ` Didier Spaier
2021-03-03 13:13 ` Daniel Kiper
2021-03-03 17:28 ` Lennart Sorensen
2021-03-03 18:43 ` John Paul Adrian Glaubitz
2021-03-03 19:05 ` Lennart Sorensen
2021-03-03 19:11 ` Didier Spaier
2021-03-03 19:38 ` Daniel Kiper
2021-03-03 20:13 ` John Paul Adrian Glaubitz
2021-03-02 18:02 ` [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error Daniel Kiper
2021-03-02 19:37 ` [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round John Paul Adrian Glaubitz
2021-03-02 20:00 ` Bruce Dubbs
2021-03-02 20:49 ` Daniel Kiper
2021-03-09 15:57 ` Neal Gompa [this message]
2021-03-09 16:58 ` Daniel Kiper
2021-03-18 8:58 ` Paul Menzel
2021-03-22 15:50 ` Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEg-Je8DUUYQh1G2jxv8kbYrUr1AUhp2zwdqGxhJ3RHqVE-5xA@mail.gmail.com \
--to=ngompa13@gmail.com \
--cc=93sam@debian.org \
--cc=alexander.burmashev@oracle.com \
--cc=chrco@microsoft.com \
--cc=chris.coulson@canonical.com \
--cc=cjwatson@debian.org \
--cc=corsac@debian.org \
--cc=cperry@redhat.com \
--cc=darren.kenny@oracle.com \
--cc=dja@axtens.net \
--cc=eric.snowberg@oracle.com \
--cc=glaubitz@physik.fu-berlin.de \
--cc=grub-devel@gnu.org \
--cc=ilya.okomin@oracle.com \
--cc=ivansprundel@ioactive.com \
--cc=jan.setjeeilers@oracle.com \
--cc=jaredz@redhat.com \
--cc=javierm@redhat.com \
--cc=jerecox@microsoft.com \
--cc=john.haxby@oracle.com \
--cc=joseph.tartaro@ioactive.com \
--cc=julian.klode@canonical.com \
--cc=kanth.ghatraju@oracle.com \
--cc=km@mkukri.xyz \
--cc=konrad.wilk@oracle.com \
--cc=mario.limonciello@dell.com \
--cc=mbenatto@redhat.com \
--cc=mjg59@google.com \
--cc=noamr@ssd-disclosure.com \
--cc=nyanko@10x.moe \
--cc=pfsmorigo@canonical.com \
--cc=phcoder@gmail.com \
--cc=pjones@redhat.com \
--cc=rhughes@redhat.com \
--cc=sajacobu@microsoft.com \
--cc=teddy.reed@gmail.com \
--cc=tf@miray.de \
--cc=u.bauer@miray.de \
--cc=xnox@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.