diff --git a/.gitignore b/.gitignore index c9613f0..6d26737 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz grub-2.12.tar.xz +oraclegrubcer.cer +securebootca.cer theme.tar.bz2 unifont-13.0.06.pcf.gz diff --git a/0371-gettext-gettext-Unregister-gettext-command-on-module.patch b/0371-gettext-gettext-Unregister-gettext-command-on-module.patch new file mode 100644 index 0000000..0de2769 --- /dev/null +++ b/0371-gettext-gettext-Unregister-gettext-command-on-module.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alec Brown +Date: Thu, 21 Aug 2025 21:14:06 +0000 +Subject: [PATCH] gettext/gettext: Unregister gettext command on module unload + +When the gettext module is loaded, the gettext command is registered but +isn't unregistered when the module is unloaded. We need to add a call to +grub_unregister_command() when unloading the module. + +Fixes: CVE-2025-61662 + +Reported-by: Alec Brown +Signed-off-by: Alec Brown +Reviewed-by: Daniel Kiper +--- + grub-core/gettext/gettext.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c +index fffe3a05488b..1ca152ddd938 100644 +--- a/grub-core/gettext/gettext.c ++++ b/grub-core/gettext/gettext.c +@@ -509,6 +509,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)), + return 0; + } + ++static grub_command_t cmd; ++ + GRUB_MOD_INIT (gettext) + { + const char *lang; +@@ -528,13 +530,14 @@ GRUB_MOD_INIT (gettext) + grub_register_variable_hook ("locale_dir", NULL, read_main); + grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary); + +- grub_register_command_p1 ("gettext", grub_cmd_translate, +- N_("STRING"), +- /* TRANSLATORS: It refers to passing the string through gettext. +- So it's "translate" in the same meaning as in what you're +- doing now. +- */ +- N_("Translates the string with the current settings.")); ++ cmd = grub_register_command_p1 ("gettext", grub_cmd_translate, ++ N_("STRING"), ++ /* ++ * TRANSLATORS: It refers to passing the string through gettext. ++ * So it's "translate" in the same meaning as in what you're ++ * doing now. ++ */ ++ N_("Translates the string with the current settings.")); + + /* Reload .mo file information if lang changes. */ + grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang); +@@ -551,6 +554,8 @@ GRUB_MOD_FINI (gettext) + grub_register_variable_hook ("secondary_locale_dir", NULL, NULL); + grub_register_variable_hook ("lang", NULL, NULL); + ++ grub_unregister_command (cmd); ++ + grub_gettext_delete_list (&main_context); + grub_gettext_delete_list (&secondary_context); + diff --git a/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch b/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch deleted file mode 100644 index fd2eb2b..0000000 --- a/0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: James Le Cuirot -Date: Thu, 24 Oct 2024 14:42:46 +0100 -Subject: [PATCH] script/execute: Don't let trailing blank lines determine the - return code - -grub_script_execute_sourcecode() parses and executes code one line at a -time, updating the return code each time because only the last line -determines the final status. However, trailing new lines were also -executed, masking any failure on the previous line. Fix this by only -trying to execute the command when there is actually one present. - -This has presumably never been noticed because this code is not used by -regular functions, only in special cases like eval and menu entries. The -latter generally don't return at all, having booted an OS. When failing -to boot, upstream GRUB triggers the fallback mechanism regardless of the -return code. - -We noticed the problem while using Red Hat's patches, which change this -behaviour to take account of the return code. In that case, a failure -takes you back to the menu rather than triggering a fallback. - -Signed-off-by: James Le Cuirot ---- - grub-core/script/execute.c | 5 ++++- - tests/grub_script_eval.in | 10 +++++++++- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 014132703..3d26a3fe4 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -952,7 +952,10 @@ grub_script_execute_sourcecode (const char *source) - break; - } - -- ret = grub_script_execute (parsed_script); -+ /* Don't let trailing blank lines determine the return code. */ -+ if (parsed_script->cmd) -+ ret = grub_script_execute (parsed_script); -+ - grub_script_free (parsed_script); - grub_free (line); - } -diff --git a/tests/grub_script_eval.in b/tests/grub_script_eval.in -index c97b78d77..9c6211042 100644 ---- a/tests/grub_script_eval.in -+++ b/tests/grub_script_eval.in -@@ -3,4 +3,12 @@ - eval echo "Hello world" - valname=tst - eval $valname=hi --echo $tst -\ No newline at end of file -+echo $tst -+ -+if eval " -+false -+"; then -+ echo should have failed -+else -+ echo failed as expected -+fi --- -2.48.1 - diff --git a/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch b/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch deleted file mode 100644 index 3ce0eec..0000000 --- a/0372-normal-menu-Check-return-code-of-the-script-when-exe.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: James Le Cuirot -Date: Thu, 24 Oct 2024 15:00:26 +0100 -Subject: [PATCH] normal/menu: Check return code of the script when executing a - menu entry - -Don't rely on grub_errno here because grub_script_execute_new_scope() -calls grub_print_error(), which always resets grub_errno back to -GRUB_ERR_NONE. It may also get reset by grub_wait_after_message(). - -This problem was observed when a "bad signature" error resulted in the -menu being redisplayed rather than the fallback mechanism being -triggered, although another change was also needed to fix it. This only -happens with Red Hat's patches because upstream GRUB triggers the -fallback mechanism regardless of the return code. - -Signed-off-by: James Le Cuirot ---- - grub-core/normal/menu.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 97687013c..a2703dabb 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -377,14 +377,14 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - if (ptr && ptr[0] && ptr[1]) - grub_env_set ("default", ptr + 1); - -- grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); -+ err = grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); - - if (errs_before != grub_err_printed_errors) - grub_wait_after_message (); - - errs_before = grub_err_printed_errors; - -- if (grub_errno == GRUB_ERR_NONE && grub_loader_is_loaded ()) -+ if (err == GRUB_ERR_NONE && grub_loader_is_loaded ()) - /* Implicit execution of boot, only if something is loaded. */ - err = grub_command_execute ("boot", 0, 0); - --- -2.48.1 - diff --git a/grub.patches b/grub.patches index f4a4658..9049594 100644 --- a/grub.patches +++ b/grub.patches @@ -367,5 +367,4 @@ Patch0367: 0367-Use-medany-instead-of-large-model-for-RISCV.patch Patch0368: 0368-10_linux.in-escape-kernel-option-characters-properly.patch Patch0369: 0369-blscfg-check-if-variable-is-escaped-before-consideri.patch Patch0370: 0370-Set-correctly-the-memory-attributes-for-the-kernel-P.patch -Patch0371: 0371-script-execute-Don-t-let-trailing-blank-lines-determ.patch -Patch0372: 0372-normal-menu-Check-return-code-of-the-script-when-exe.patch +Patch0371: 0371-gettext-gettext-Unregister-gettext-command-on-module.patch diff --git a/grub2.spec b/grub2.spec index 249ebfe..e1afaf4 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 29%{?dist}.alma.1 +Release: 29%{?dist}.2.alma.1 Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later URL: http://www.gnu.org/software/grub/ @@ -44,7 +44,7 @@ Source13: gen_grub_cfgstub %define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer %endif -%define sb_key almalinuxsecurebootca0 +%define sb_key almalinuxsecureboot0 BuildRequires: autoconf BuildRequires: automake @@ -565,13 +565,21 @@ fi %endif %changelog -* Fri Nov 14 2025 Eduard Abdullin - 1:2.12-29.alma.1 +* Wed Mar 18 2026 Eduard Abdullin - 1:2.12-29.2.alma.1 - Debrand for AlmaLinux - Build btrfs module -* Mon Sep 08 2025 Leo Sandoval 2.12-29 -- Fix the fallback mechanism when menu entries fail to boot -- Resolves: RHEL-113024 +* Tue Mar 03 2026 Nicolas Frayer - 2.12-29.2 +- Try to get gating tests running via fmf/tmt +- Resolves: #RHEL-152849 + +* Thu Feb 19 2026 Therese Cornell - 2.12-29.1 +- Fixes CVE-2025-61662 Missing unregister call for gettext command may lead to use-after-free +- Resolves: #RHEL-141580 + +* Wed Oct 8 2025 Nicolas Frayer 2.12-29 +- spec: Update signing key to redhatsecureboot802 +- Resolves: #RHEL-116730 * Thu Aug 21 2025 Leo Sandoval 2.12-28 - Remove strong stack protector on target CFLAGS diff --git a/sources b/sources index cf7ec7d..7f46f3a 100644 --- a/sources +++ b/sources @@ -1,4 +1,6 @@ SHA512 (gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz) = 6887dede2d4a403422ea045329ee9bd7ca4c1561bcaf39e805e1d1ce8f4c050a65ce286e7d8362fb8e815b5fab0b405730a3f93194e343e2aedcf9b4411a285e SHA512 (grub-2.12.tar.xz) = 761c060a4c3da9c0e810b0ea967e3ebc66baa4ddd682a503ae3d30a83707626bccaf49359304a16b3a26fc4435fe6bea1ee90be910c84de3c2b5485a31a15be3 +SHA512 (oraclegrubcer.cer) = 45d6ba3ae6f640fe7c26836e697085b12b39b2aee41ae5c474f00aa68a40d7c0380206f81eab8fc784298e82f8a4d268c38eb3ae9e3c3e80dbabcfc3857c66f3 +SHA512 (securebootca.cer) = f8ef4b87e610b07ef53bcde253469b5316d9ba128357123246c64e4468c13f329d42187503908201d67168e61e5ce5e8a969935087b9bda38eee85d306561050 SHA512 (theme.tar.bz2) = 0f6f914d5f801509403094b28b8cfe5169cb56ae9bdd808ae21a6780a8236b434161a068351508dd78729c25ee2fed066c124c1eef9e15102750b409b4576a5c SHA512 (unifont-13.0.06.pcf.gz) = 25f1ea4e316cd77b65cf4f60aa10ed054db6df2195be7344216673dee6628ab055ebcdeea186996d931fd1e9e4f519f4a2e4b4544b8a9ad2fe410aadc4eecd2d