From 5db4bc774e6074c63ff9833024811dc51bd59fc6 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Wed, 27 Nov 2019 12:10:51 +0100 Subject: [PATCH] Fix a grub hidden-menu regression and a bug in blscfg variable expansion Signed-off-by: Javier Martinez Canillas --- ...ce-char-when-appending-fields-for-va.patch | 51 +++++++++++++ ...indeterminate-getting-set-on-boot_su.patch | 75 +++++++++++++++++++ grub.patches | 2 + grub2.spec | 6 +- 4 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch create mode 100644 0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch diff --git a/0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch new file mode 100644 index 0000000..30314a5 --- /dev/null +++ b/0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] blscfg: add a space char when appending fields for variable + expansion + +The GRUB variables are expanded and replaced by their values before adding +menu entries, but they didn't include space characters after the values so +the result was not correct. + +For the common case this wasn't a problem but it is if there are variables +that are part of the values of other variables. + +Resolves: rhbz#1669252 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 471975fd2e5..32d3252502e 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -602,17 +602,16 @@ static char *field_append(bool is_var, char *buffer, char *start, char *end) + return buffer; + } + +- if (!buffer) { +- buffer = grub_strdup(field); +- if (!buffer) +- return NULL; +- } else { +- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); +- if (!buffer) +- return NULL; ++ if (!buffer) ++ buffer = grub_zalloc (grub_strlen(field) + 1); ++ else ++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + 1); + +- grub_stpcpy (buffer + grub_strlen(buffer), field); +- } ++ if (!buffer) ++ return NULL; ++ ++ grub_stpcpy (buffer + grub_strlen(buffer), field); ++ grub_stpcpy (buffer + grub_strlen(buffer), " "); + + return buffer; + } diff --git a/0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch new file mode 100644 index 0000000..54b73e6 --- /dev/null +++ b/0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0 + boot + +The "grub.d: Split out boot success reset from menu auto hide script" +not only moved the code to clear boot_success and boot_indeterminate +but for some reason also mixed in some broken changes to the +boot_indeterminate handling. + +The boot_indeterminate var is meant to suppress the boot menu after +a reboot from either a selinux-relabel or offline-updates. These +2 special boot scenarios do not set boot_success since there is no +successfull interaction with the user. Instead they increment +boot_indeterminate, and if it is 1 and only when it is 1, so the +first reboot after a "special" boot we suppress the menu. + +To ensure that we do show the menu if we somehow get stuck in a +"special" boot loop where we do special-boots without them +incrementing boot_indeterminate, the code before the +"grub.d: Split out boot success reset from menu auto hide script" +commit would increment boot_indeterminate once when it is 1, so that +even if the "special" boot reboot-loop immediately we would show the +menu on the next boot. + +That commit broke this however, because it not only moves the code, +it also changes it from only "incrementing" boot_indeterminate once to +always incrementing it, except when boot_success == 1 (and we reset it). + +This broken behavior causes the following problem: + +1. Boot a broken kernel, system hangs, power-cycle +2. boot_success now != 1, so we increment boot_indeterminate from 0 + (unset!) to 1. User either simply tries again, or makes some changes + but the end-result still is a system hang, power-cycle +3. Now boot_indeterminate==1 so we do not show the menu even though the + previous boot failed -> BAD + +This commit fixes this by restoring the behavior of setting +boot_indeterminate to 2 when it was 1 before. + +Fixes: "grub.d: Split out boot success reset from menu auto hide script" +Signed-off-by: Hans de Goede +--- + util/grub.d/10_reset_boot_success.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +index 6c88d933dde..737e1ae5b68 100644 +--- a/util/grub.d/10_reset_boot_success.in ++++ b/util/grub.d/10_reset_boot_success.in +@@ -6,18 +6,18 @@ + # + # The boot_success var needs to be set to 1 from userspace to mark a boot successful. + cat << EOF +-insmod increment + # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry + if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then + set menu_hide_ok=1 + else + set menu_hide_ok=0 + fi +-# Reset boot_indeterminate after a successful boot, increment otherwise ++# Reset boot_indeterminate after a successful boot + if [ "\${boot_success}" = "1" ] ; then + set boot_indeterminate=0 +-else +- increment boot_indeterminate ++# Avoid boot_indeterminate causing the menu to be hidden more then once ++elif [ "\${boot_indeterminate}" = "1" ]; then ++ set boot_indeterminate=2 + fi + # Reset boot_success for current boot + set boot_success=0 diff --git a/grub.patches b/grub.patches index ca20509..afac643 100644 --- a/grub.patches +++ b/grub.patches @@ -185,3 +185,5 @@ Patch0184: 0184-10_linux.in-Also-use-GRUB_CMDLINE_LINUX_DEFAULT-to-s.patch Patch0185: 0185-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch Patch0186: 0186-grub-set-bootflag-Update-comment-about-running-as-ro.patch Patch0187: 0187-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +Patch0188: 0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch +Patch0189: 0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch diff --git a/grub2.spec b/grub2.spec index 27d050c..cfa434b 100644 --- a/grub2.spec +++ b/grub2.spec @@ -9,7 +9,7 @@ Name: grub2 Epoch: 1 Version: 2.04 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -515,6 +515,10 @@ rm -r /boot/grub2.tmp/ || : %endif %changelog +* Wed Nov 27 2019 Javier Martinez Canillas - 2.04-5 +- blscfg: add a space char when appending fields for variable expansion +- grub.d: Fix boot_indeterminate getting set on boot_success=0 boot + * Tue Nov 26 2019 Javier Martinez Canillas - 2.04-4 - grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede) Resolves: CVE-2019-14865