diff --git a/0481-script-execute-Don-t-let-trailing-blank-lines-determ.patch b/0481-script-execute-Don-t-let-trailing-blank-lines-determ.patch new file mode 100644 index 0000000..fd2eb2b --- /dev/null +++ b/0481-script-execute-Don-t-let-trailing-blank-lines-determ.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 24 Oct 2024 14:42:46 +0100 +Subject: [PATCH] script/execute: Don't let trailing blank lines determine the + return code + +grub_script_execute_sourcecode() parses and executes code one line at a +time, updating the return code each time because only the last line +determines the final status. However, trailing new lines were also +executed, masking any failure on the previous line. Fix this by only +trying to execute the command when there is actually one present. + +This has presumably never been noticed because this code is not used by +regular functions, only in special cases like eval and menu entries. The +latter generally don't return at all, having booted an OS. When failing +to boot, upstream GRUB triggers the fallback mechanism regardless of the +return code. + +We noticed the problem while using Red Hat's patches, which change this +behaviour to take account of the return code. In that case, a failure +takes you back to the menu rather than triggering a fallback. + +Signed-off-by: James Le Cuirot +--- + grub-core/script/execute.c | 5 ++++- + tests/grub_script_eval.in | 10 +++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 014132703..3d26a3fe4 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -952,7 +952,10 @@ grub_script_execute_sourcecode (const char *source) + break; + } + +- ret = grub_script_execute (parsed_script); ++ /* Don't let trailing blank lines determine the return code. */ ++ if (parsed_script->cmd) ++ ret = grub_script_execute (parsed_script); ++ + grub_script_free (parsed_script); + grub_free (line); + } +diff --git a/tests/grub_script_eval.in b/tests/grub_script_eval.in +index c97b78d77..9c6211042 100644 +--- a/tests/grub_script_eval.in ++++ b/tests/grub_script_eval.in +@@ -3,4 +3,12 @@ + eval echo "Hello world" + valname=tst + eval $valname=hi +-echo $tst +\ No newline at end of file ++echo $tst ++ ++if eval " ++false ++"; then ++ echo should have failed ++else ++ echo failed as expected ++fi +-- +2.48.1 + diff --git a/0482-normal-menu-Check-return-code-of-the-script-when-exe.patch b/0482-normal-menu-Check-return-code-of-the-script-when-exe.patch new file mode 100644 index 0000000..3ce0eec --- /dev/null +++ b/0482-normal-menu-Check-return-code-of-the-script-when-exe.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 24 Oct 2024 15:00:26 +0100 +Subject: [PATCH] normal/menu: Check return code of the script when executing a + menu entry + +Don't rely on grub_errno here because grub_script_execute_new_scope() +calls grub_print_error(), which always resets grub_errno back to +GRUB_ERR_NONE. It may also get reset by grub_wait_after_message(). + +This problem was observed when a "bad signature" error resulted in the +menu being redisplayed rather than the fallback mechanism being +triggered, although another change was also needed to fix it. This only +happens with Red Hat's patches because upstream GRUB triggers the +fallback mechanism regardless of the return code. + +Signed-off-by: James Le Cuirot +--- + grub-core/normal/menu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 97687013c..a2703dabb 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -377,14 +377,14 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) + if (ptr && ptr[0] && ptr[1]) + grub_env_set ("default", ptr + 1); + +- grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); ++ err = grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); + + if (errs_before != grub_err_printed_errors) + grub_wait_after_message (); + + errs_before = grub_err_printed_errors; + +- if (grub_errno == GRUB_ERR_NONE && grub_loader_is_loaded ()) ++ if (err == GRUB_ERR_NONE && grub_loader_is_loaded ()) + /* Implicit execution of boot, only if something is loaded. */ + err = grub_command_execute ("boot", 0, 0); + +-- +2.48.1 + diff --git a/grub.patches b/grub.patches index 87b04a7..41bce4a 100644 --- a/grub.patches +++ b/grub.patches @@ -476,4 +476,6 @@ Patch0476: 0476-efi-Add-efitextmode-command-for-getting-setting-the-.patch Patch0477: 0477-10_linux.in-escape-kernel-option-characters-properly.patch Patch0478: 0478-blscfg-check-if-variable-is-escaped-before-consideri.patch Patch0479: 0479-osdep-linux-getroot-Detect-DDF-container-similar-to-.patch -Patch0480: 0480-Set-correctly-the-memory-attributes-for-the-kernel-P.patch \ No newline at end of file +Patch0480: 0480-Set-correctly-the-memory-attributes-for-the-kernel-P.patch +Patch0481: 0481-script-execute-Don-t-let-trailing-blank-lines-determ.patch +Patch0482: 0482-normal-menu-Check-return-code-of-the-script-when-exe.patch diff --git a/grub2.spec b/grub2.spec index dc2b874..6d580db 100644 --- a/grub2.spec +++ b/grub2.spec @@ -16,7 +16,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 114%{?dist} +Release: 115%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -538,6 +538,10 @@ fi %endif %changelog +* Mon Sep 08 2025 Leo Sandoval 2.06-115 +- Fix the fallback mechanism when menu entries fail to boot +- Resolves: RHEL-109456 + * Thu Aug 28 2025 Leo Sandoval 2.06-114 - 20-grub.install: Skip BLS removal when entry type is type2 - Resolves: #RHEL-108008