diff --git a/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch b/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch new file mode 100644 index 0000000..fd2eb2b --- /dev/null +++ b/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 24 Oct 2024 14:42:46 +0100 +Subject: [PATCH] script/execute: Don't let trailing blank lines determine the + return code + +grub_script_execute_sourcecode() parses and executes code one line at a +time, updating the return code each time because only the last line +determines the final status. However, trailing new lines were also +executed, masking any failure on the previous line. Fix this by only +trying to execute the command when there is actually one present. + +This has presumably never been noticed because this code is not used by +regular functions, only in special cases like eval and menu entries. The +latter generally don't return at all, having booted an OS. When failing +to boot, upstream GRUB triggers the fallback mechanism regardless of the +return code. + +We noticed the problem while using Red Hat's patches, which change this +behaviour to take account of the return code. In that case, a failure +takes you back to the menu rather than triggering a fallback. + +Signed-off-by: James Le Cuirot +--- + grub-core/script/execute.c | 5 ++++- + tests/grub_script_eval.in | 10 +++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 014132703..3d26a3fe4 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -952,7 +952,10 @@ grub_script_execute_sourcecode (const char *source) + break; + } + +- ret = grub_script_execute (parsed_script); ++ /* Don't let trailing blank lines determine the return code. */ ++ if (parsed_script->cmd) ++ ret = grub_script_execute (parsed_script); ++ + grub_script_free (parsed_script); + grub_free (line); + } +diff --git a/tests/grub_script_eval.in b/tests/grub_script_eval.in +index c97b78d77..9c6211042 100644 +--- a/tests/grub_script_eval.in ++++ b/tests/grub_script_eval.in +@@ -3,4 +3,12 @@ + eval echo "Hello world" + valname=tst + eval $valname=hi +-echo $tst +\ No newline at end of file ++echo $tst ++ ++if eval " ++false ++"; then ++ echo should have failed ++else ++ echo failed as expected ++fi +-- +2.48.1 + diff --git a/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch b/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch new file mode 100644 index 0000000..3ce0eec --- /dev/null +++ b/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 24 Oct 2024 15:00:26 +0100 +Subject: [PATCH] normal/menu: Check return code of the script when executing a + menu entry + +Don't rely on grub_errno here because grub_script_execute_new_scope() +calls grub_print_error(), which always resets grub_errno back to +GRUB_ERR_NONE. It may also get reset by grub_wait_after_message(). + +This problem was observed when a "bad signature" error resulted in the +menu being redisplayed rather than the fallback mechanism being +triggered, although another change was also needed to fix it. This only +happens with Red Hat's patches because upstream GRUB triggers the +fallback mechanism regardless of the return code. + +Signed-off-by: James Le Cuirot +--- + grub-core/normal/menu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 97687013c..a2703dabb 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -377,14 +377,14 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) + if (ptr && ptr[0] && ptr[1]) + grub_env_set ("default", ptr + 1); + +- grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); ++ err = grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); + + if (errs_before != grub_err_printed_errors) + grub_wait_after_message (); + + errs_before = grub_err_printed_errors; + +- if (grub_errno == GRUB_ERR_NONE && grub_loader_is_loaded ()) ++ if (err == GRUB_ERR_NONE && grub_loader_is_loaded ()) + /* Implicit execution of boot, only if something is loaded. */ + err = grub_command_execute ("boot", 0, 0); + +-- +2.48.1 + diff --git a/grub.patches b/grub.patches index 1c3c893..f4a4658 100644 --- a/grub.patches +++ b/grub.patches @@ -367,3 +367,5 @@ Patch0367: 0367-Use-medany-instead-of-large-model-for-RISCV.patch Patch0368: 0368-10_linux.in-escape-kernel-option-characters-properly.patch Patch0369: 0369-blscfg-check-if-variable-is-escaped-before-consideri.patch Patch0370: 0370-Set-correctly-the-memory-attributes-for-the-kernel-P.patch +Patch0371: 0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch +Patch0372: 0372-normal-menu-Check-return-code-of-the-script-when-exe.patch diff --git a/grub2.spec b/grub2.spec index 1bf4619..2a67eab 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 28%{?dist} +Release: 29%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later URL: http://www.gnu.org/software/grub/ @@ -574,6 +574,10 @@ fi %endif %changelog +* Mon Sep 08 2025 Leo Sandoval 2.12-29 +- Fix the fallback mechanism when menu entries fail to boot +- Resolves: RHEL-113024 + * Thu Aug 21 2025 Leo Sandoval 2.12-28 - Remove strong stack protector on target CFLAGS - Related: #RHEL-89464