mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-12-01 00:48:18 +00:00
Fix a grub hidden-menu regression and a bug in blscfg variable expansion
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
parent
eeeca9c900
commit
5db4bc774e
4 changed files with 133 additions and 1 deletions
|
@ -0,0 +1,51 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||||
|
Date: Tue, 26 Nov 2019 09:51:41 +0100
|
||||||
|
Subject: [PATCH] blscfg: add a space char when appending fields for variable
|
||||||
|
expansion
|
||||||
|
|
||||||
|
The GRUB variables are expanded and replaced by their values before adding
|
||||||
|
menu entries, but they didn't include space characters after the values so
|
||||||
|
the result was not correct.
|
||||||
|
|
||||||
|
For the common case this wasn't a problem but it is if there are variables
|
||||||
|
that are part of the values of other variables.
|
||||||
|
|
||||||
|
Resolves: rhbz#1669252
|
||||||
|
|
||||||
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
||||||
|
---
|
||||||
|
grub-core/commands/blscfg.c | 19 +++++++++----------
|
||||||
|
1 file changed, 9 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
|
||||||
|
index 471975fd2e5..32d3252502e 100644
|
||||||
|
--- a/grub-core/commands/blscfg.c
|
||||||
|
+++ b/grub-core/commands/blscfg.c
|
||||||
|
@@ -602,17 +602,16 @@ static char *field_append(bool is_var, char *buffer, char *start, char *end)
|
||||||
|
return buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!buffer) {
|
||||||
|
- buffer = grub_strdup(field);
|
||||||
|
- if (!buffer)
|
||||||
|
- return NULL;
|
||||||
|
- } else {
|
||||||
|
- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
|
||||||
|
- if (!buffer)
|
||||||
|
- return NULL;
|
||||||
|
+ if (!buffer)
|
||||||
|
+ buffer = grub_zalloc (grub_strlen(field) + 1);
|
||||||
|
+ else
|
||||||
|
+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + 1);
|
||||||
|
|
||||||
|
- grub_stpcpy (buffer + grub_strlen(buffer), field);
|
||||||
|
- }
|
||||||
|
+ if (!buffer)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ grub_stpcpy (buffer + grub_strlen(buffer), field);
|
||||||
|
+ grub_stpcpy (buffer + grub_strlen(buffer), " ");
|
||||||
|
|
||||||
|
return buffer;
|
||||||
|
}
|
|
@ -0,0 +1,75 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hans de Goede <hdegoede@redhat.com>
|
||||||
|
Date: Tue, 26 Nov 2019 09:51:41 +0100
|
||||||
|
Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0
|
||||||
|
boot
|
||||||
|
|
||||||
|
The "grub.d: Split out boot success reset from menu auto hide script"
|
||||||
|
not only moved the code to clear boot_success and boot_indeterminate
|
||||||
|
but for some reason also mixed in some broken changes to the
|
||||||
|
boot_indeterminate handling.
|
||||||
|
|
||||||
|
The boot_indeterminate var is meant to suppress the boot menu after
|
||||||
|
a reboot from either a selinux-relabel or offline-updates. These
|
||||||
|
2 special boot scenarios do not set boot_success since there is no
|
||||||
|
successfull interaction with the user. Instead they increment
|
||||||
|
boot_indeterminate, and if it is 1 and only when it is 1, so the
|
||||||
|
first reboot after a "special" boot we suppress the menu.
|
||||||
|
|
||||||
|
To ensure that we do show the menu if we somehow get stuck in a
|
||||||
|
"special" boot loop where we do special-boots without them
|
||||||
|
incrementing boot_indeterminate, the code before the
|
||||||
|
"grub.d: Split out boot success reset from menu auto hide script"
|
||||||
|
commit would increment boot_indeterminate once when it is 1, so that
|
||||||
|
even if the "special" boot reboot-loop immediately we would show the
|
||||||
|
menu on the next boot.
|
||||||
|
|
||||||
|
That commit broke this however, because it not only moves the code,
|
||||||
|
it also changes it from only "incrementing" boot_indeterminate once to
|
||||||
|
always incrementing it, except when boot_success == 1 (and we reset it).
|
||||||
|
|
||||||
|
This broken behavior causes the following problem:
|
||||||
|
|
||||||
|
1. Boot a broken kernel, system hangs, power-cycle
|
||||||
|
2. boot_success now != 1, so we increment boot_indeterminate from 0
|
||||||
|
(unset!) to 1. User either simply tries again, or makes some changes
|
||||||
|
but the end-result still is a system hang, power-cycle
|
||||||
|
3. Now boot_indeterminate==1 so we do not show the menu even though the
|
||||||
|
previous boot failed -> BAD
|
||||||
|
|
||||||
|
This commit fixes this by restoring the behavior of setting
|
||||||
|
boot_indeterminate to 2 when it was 1 before.
|
||||||
|
|
||||||
|
Fixes: "grub.d: Split out boot success reset from menu auto hide script"
|
||||||
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||||
|
---
|
||||||
|
util/grub.d/10_reset_boot_success.in | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
|
||||||
|
index 6c88d933dde..737e1ae5b68 100644
|
||||||
|
--- a/util/grub.d/10_reset_boot_success.in
|
||||||
|
+++ b/util/grub.d/10_reset_boot_success.in
|
||||||
|
@@ -6,18 +6,18 @@
|
||||||
|
#
|
||||||
|
# The boot_success var needs to be set to 1 from userspace to mark a boot successful.
|
||||||
|
cat << EOF
|
||||||
|
-insmod increment
|
||||||
|
# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
|
||||||
|
if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
|
||||||
|
set menu_hide_ok=1
|
||||||
|
else
|
||||||
|
set menu_hide_ok=0
|
||||||
|
fi
|
||||||
|
-# Reset boot_indeterminate after a successful boot, increment otherwise
|
||||||
|
+# Reset boot_indeterminate after a successful boot
|
||||||
|
if [ "\${boot_success}" = "1" ] ; then
|
||||||
|
set boot_indeterminate=0
|
||||||
|
-else
|
||||||
|
- increment boot_indeterminate
|
||||||
|
+# Avoid boot_indeterminate causing the menu to be hidden more then once
|
||||||
|
+elif [ "\${boot_indeterminate}" = "1" ]; then
|
||||||
|
+ set boot_indeterminate=2
|
||||||
|
fi
|
||||||
|
# Reset boot_success for current boot
|
||||||
|
set boot_success=0
|
|
@ -185,3 +185,5 @@ Patch0184: 0184-10_linux.in-Also-use-GRUB_CMDLINE_LINUX_DEFAULT-to-s.patch
|
||||||
Patch0185: 0185-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
|
Patch0185: 0185-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
|
||||||
Patch0186: 0186-grub-set-bootflag-Update-comment-about-running-as-ro.patch
|
Patch0186: 0186-grub-set-bootflag-Update-comment-about-running-as-ro.patch
|
||||||
Patch0187: 0187-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
|
Patch0187: 0187-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
|
||||||
|
Patch0188: 0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch
|
||||||
|
Patch0189: 0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.04
|
Version: 2.04
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
|
@ -515,6 +515,10 @@ rm -r /boot/grub2.tmp/ || :
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 27 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.04-5
|
||||||
|
- blscfg: add a space char when appending fields for variable expansion
|
||||||
|
- grub.d: Fix boot_indeterminate getting set on boot_success=0 boot
|
||||||
|
|
||||||
* Tue Nov 26 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.04-4
|
* Tue Nov 26 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.04-4
|
||||||
- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
|
- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
|
||||||
Resolves: CVE-2019-14865
|
Resolves: CVE-2019-14865
|
||||||
|
|
Loading…
Reference in a new issue