spec: Added more code for the previous CVE fix

Related: #RHEL-56733
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>

grub2.spec

@@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	130%{?dist}
+Release:	131%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPL-3.0-or-later
 URL:		http://www.gnu.org/software/grub/
@@ -376,6 +376,8 @@ fi
 if test ! -f ${GRUB_HOME}/grub.cfg; then
     # there's no config in GRUB_HOME, create one
     grub2-mkconfig -o ${GRUB_HOME}/grub.cfg
+    cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave
+    cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
 else
     # otherwise just check mode is correct, if not, fix it
     GRUB_CFG_MODE=$(stat --format="%a" ${GRUB_HOME}/grub.cfg)
@@ -386,7 +388,7 @@ fi
 
 # make sure ${EFI_HOME}/grub.cfg is present before grepping it
 if test -f ${EFI_HOME}/grub.cfg; then
-    if ((grep -q "configfile" ${EFI_HOME}/grub.cfg || grep -q "source" ${EFI_HOME}/grub.cfg) && ! grep -q "# It is automatically generated by grub2-mkconfig using templates" ${EFI_HOME}/grub.cfg); then
+    if grep -q "configfile" ${EFI_HOME}/grub.cfg && grep -q "root-dev-only" ${EFI_HOME}/grub.cfg; then
         exit 0 #Already unified
     fi
 fi
@@ -407,8 +409,6 @@ if test -f ${EFI_HOME}/grubenv; then
     mv --force ${EFI_HOME}/grubenv ${GRUB_HOME}/grubenv
 fi
 
-cp -a ${EFI_HOME}/grub.cfg ${EFI_HOME}/grub.cfg.rpmsave
-cp -a ${EFI_HOME}/grub.cfg ${GRUB_HOME}/
 mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 
 %files common -f grub.lang
@@ -582,6 +582,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Mon Sep 23 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-131
+- Added more code for the previous CVE fix (CVE-2023-4001)
+- Related: #RHEL-56733
+
 * Wed Sep 18 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-130
 - aarch64/macros: Re-added flags that disappeared with previous commit
 - Related: #RHEL-58821