mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-12-01 00:48:18 +00:00
bd7cb174b2
Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
71 lines
3 KiB
Diff
71 lines
3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
Date: Fri, 12 Mar 2021 23:25:01 +0100
|
|
Subject: [PATCH] Revert "templates: Properly disable the os-prober by default"
|
|
|
|
This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925.
|
|
---
|
|
util/grub-mkconfig.in | 5 +----
|
|
util/grub.d/30_os-prober.in | 8 ++++----
|
|
2 files changed, 5 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
|
|
index 1a70b7ea056..f55339a3f64 100644
|
|
--- a/util/grub-mkconfig.in
|
|
+++ b/util/grub-mkconfig.in
|
|
@@ -147,9 +147,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2
|
|
GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
|
|
GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true
|
|
|
|
-# Disable os-prober by default due to security reasons.
|
|
-GRUB_DISABLE_OS_PROBER="true"
|
|
-
|
|
# Filesystem for the device containing our userland. Used for stuff like
|
|
# choosing Hurd filesystem module.
|
|
GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`"
|
|
@@ -213,7 +210,6 @@ export GRUB_DEVICE \
|
|
GRUB_DEVICE_PARTUUID \
|
|
GRUB_DEVICE_BOOT \
|
|
GRUB_DEVICE_BOOT_UUID \
|
|
- GRUB_DISABLE_OS_PROBER \
|
|
GRUB_FS \
|
|
GRUB_FONT \
|
|
GRUB_PRELOAD_MODULES \
|
|
@@ -255,6 +251,7 @@ export GRUB_DEFAULT \
|
|
GRUB_BACKGROUND \
|
|
GRUB_THEME \
|
|
GRUB_GFXPAYLOAD_LINUX \
|
|
+ GRUB_DISABLE_OS_PROBER \
|
|
GRUB_INIT_TUNE \
|
|
GRUB_SAVEDEFAULT \
|
|
GRUB_ENABLE_CRYPTODISK \
|
|
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
|
|
index 21bbace4647..7591edc58ed 100644
|
|
--- a/util/grub.d/30_os-prober.in
|
|
+++ b/util/grub.d/30_os-prober.in
|
|
@@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@"
|
|
|
|
. "$pkgdatadir/grub-mkconfig_lib"
|
|
|
|
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
|
|
- grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")"
|
|
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
|
|
+ gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
|
|
exit 0
|
|
fi
|
|
|
|
@@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
|
|
exit 0
|
|
fi
|
|
|
|
-grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
|
-
|
|
OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
|
|
if [ -z "${OSPROBED}" ] ; then
|
|
# empty os-prober output, nothing doing
|
|
exit 0
|
|
+else
|
|
+ grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
|
|
fi
|
|
|
|
osx_entry() {
|