mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-11-24 06:22:43 +00:00
grub-mkconfig.in: turn off executable owner bit
Resolves: #2281464 Signed-off-by: Leo Sandoval <lsandova@redhat.com>
This commit is contained in:
parent
92efc5d3cd
commit
a137559e71
4 changed files with 39 additions and 4 deletions
30
0362-grub-mkconfig.in-turn-off-executable-owner-bit.patch
Normal file
30
0362-grub-mkconfig.in-turn-off-executable-owner-bit.patch
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
From 4062ab33c8cd86ac15cefe1b4f2f422b28467f54 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Leo Sandoval <lsandova@redhat.com>
|
||||||
|
Date: Fri, 24 May 2024 18:22:17 -0600
|
||||||
|
Subject: [PATCH] grub-mkconfig.in: turn off executable owner bit
|
||||||
|
|
||||||
|
Stricker permissions are required on the grub.cfg file, resulting in
|
||||||
|
at most 0600 owner's file permissions. This resolves conflicting
|
||||||
|
requirement permissions on grub2-pc package's grub2.cfg file.
|
||||||
|
|
||||||
|
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
|
||||||
|
---
|
||||||
|
util/grub-mkconfig.in | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
|
||||||
|
index 520a672cd..fb382b648 100644
|
||||||
|
--- a/util/grub-mkconfig.in
|
||||||
|
+++ b/util/grub-mkconfig.in
|
||||||
|
@@ -311,7 +311,7 @@ and /etc/grub.d/* files or please file a bug report with
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
# none of the children aborted with error, install the new grub.cfg
|
||||||
|
- oldumask=$(umask); umask 077
|
||||||
|
+ oldumask=$(umask); umask 177
|
||||||
|
cat ${grub_cfg}.new > ${grub_cfg}
|
||||||
|
umask $oldumask
|
||||||
|
rm -f ${grub_cfg}.new
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
|
@ -683,7 +683,7 @@ ln -s ../boot/grub2/grub.cfg \\\
|
||||||
%{expand:%%files %{1}} \
|
%{expand:%%files %{1}} \
|
||||||
%defattr(-,root,root,-) \
|
%defattr(-,root,root,-) \
|
||||||
%config(noreplace) %{_sysconfdir}/grub2.cfg \
|
%config(noreplace) %{_sysconfdir}/grub2.cfg \
|
||||||
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
%ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \
|
||||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
||||||
%ifarch ppc64le \
|
%ifarch ppc64le \
|
||||||
|
@ -718,8 +718,8 @@ ln -s ../boot/grub2/grub.cfg \\\
|
||||||
%endif \
|
%endif \
|
||||||
%attr(0700,root,root)/boot/grub2/fonts \
|
%attr(0700,root,root)/boot/grub2/fonts \
|
||||||
%dir %attr(0700,root,root)/boot/loader/entries \
|
%dir %attr(0700,root,root)/boot/loader/entries \
|
||||||
%ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \
|
%ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \
|
||||||
%ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \
|
%ghost %config(noreplace) %verify(not mtime) %attr(0600,root,root)%{efi_esp_dir}/grub.cfg \
|
||||||
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
|
%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \
|
||||||
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \
|
||||||
%{expand:%if 0%{?without_efi_modules} \
|
%{expand:%if 0%{?without_efi_modules} \
|
||||||
|
|
|
@ -359,3 +359,4 @@ Patch0358: 0358-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
|
||||||
Patch0359: 0359-fs-ntfs-Make-code-more-readable.patch
|
Patch0359: 0359-fs-ntfs-Make-code-more-readable.patch
|
||||||
Patch0360: 0360-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch
|
Patch0360: 0360-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch
|
||||||
Patch0361: 0361-cmd-search-Rework-of-CVE-2023-4001-fix.patch
|
Patch0361: 0361-cmd-search-Rework-of-CVE-2023-4001-fix.patch
|
||||||
|
Patch0362: 0362-grub-mkconfig.in-turn-off-executable-owner-bit.patch
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.06
|
Version: 2.06
|
||||||
Release: 122%{?dist}
|
Release: 123%{?dist}
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
|
@ -555,6 +555,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 28 2024 Leo Sandoval <lsandova@redhat.com> - 2.06.123
|
||||||
|
- grub-mkconfig.in: turn off executable owner bit
|
||||||
|
- Resolves: #2281464
|
||||||
|
|
||||||
* Thu May 23 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-122
|
* Thu May 23 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-122
|
||||||
- cmd/search: Rework of CVE-2023-4001 fix
|
- cmd/search: Rework of CVE-2023-4001 fix
|
||||||
- Related: #2224951
|
- Related: #2224951
|
||||||
|
|
Loading…
Reference in a new issue