Fix a grub hidden-menu regression and a bug in blscfg variable expansion
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
parent
eeeca9c900
commit
5db4bc774e
@ -0,0 +1,51 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Date: Tue, 26 Nov 2019 09:51:41 +0100
|
||||
Subject: [PATCH] blscfg: add a space char when appending fields for variable
|
||||
expansion
|
||||
|
||||
The GRUB variables are expanded and replaced by their values before adding
|
||||
menu entries, but they didn't include space characters after the values so
|
||||
the result was not correct.
|
||||
|
||||
For the common case this wasn't a problem but it is if there are variables
|
||||
that are part of the values of other variables.
|
||||
|
||||
Resolves: rhbz#1669252
|
||||
|
||||
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
||||
---
|
||||
grub-core/commands/blscfg.c | 19 +++++++++----------
|
||||
1 file changed, 9 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
|
||||
index 471975fd2e5..32d3252502e 100644
|
||||
--- a/grub-core/commands/blscfg.c
|
||||
+++ b/grub-core/commands/blscfg.c
|
||||
@@ -602,17 +602,16 @@ static char *field_append(bool is_var, char *buffer, char *start, char *end)
|
||||
return buffer;
|
||||
}
|
||||
|
||||
- if (!buffer) {
|
||||
- buffer = grub_strdup(field);
|
||||
- if (!buffer)
|
||||
- return NULL;
|
||||
- } else {
|
||||
- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
|
||||
- if (!buffer)
|
||||
- return NULL;
|
||||
+ if (!buffer)
|
||||
+ buffer = grub_zalloc (grub_strlen(field) + 1);
|
||||
+ else
|
||||
+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + 1);
|
||||
|
||||
- grub_stpcpy (buffer + grub_strlen(buffer), field);
|
||||
- }
|
||||
+ if (!buffer)
|
||||
+ return NULL;
|
||||
+
|
||||
+ grub_stpcpy (buffer + grub_strlen(buffer), field);
|
||||
+ grub_stpcpy (buffer + grub_strlen(buffer), " ");
|
||||
|
||||
return buffer;
|
||||
}
|
@ -0,0 +1,75 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Tue, 26 Nov 2019 09:51:41 +0100
|
||||
Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0
|
||||
boot
|
||||
|
||||
The "grub.d: Split out boot success reset from menu auto hide script"
|
||||
not only moved the code to clear boot_success and boot_indeterminate
|
||||
but for some reason also mixed in some broken changes to the
|
||||
boot_indeterminate handling.
|
||||
|
||||
The boot_indeterminate var is meant to suppress the boot menu after
|
||||
a reboot from either a selinux-relabel or offline-updates. These
|
||||
2 special boot scenarios do not set boot_success since there is no
|
||||
successfull interaction with the user. Instead they increment
|
||||
boot_indeterminate, and if it is 1 and only when it is 1, so the
|
||||
first reboot after a "special" boot we suppress the menu.
|
||||
|
||||
To ensure that we do show the menu if we somehow get stuck in a
|
||||
"special" boot loop where we do special-boots without them
|
||||
incrementing boot_indeterminate, the code before the
|
||||
"grub.d: Split out boot success reset from menu auto hide script"
|
||||
commit would increment boot_indeterminate once when it is 1, so that
|
||||
even if the "special" boot reboot-loop immediately we would show the
|
||||
menu on the next boot.
|
||||
|
||||
That commit broke this however, because it not only moves the code,
|
||||
it also changes it from only "incrementing" boot_indeterminate once to
|
||||
always incrementing it, except when boot_success == 1 (and we reset it).
|
||||
|
||||
This broken behavior causes the following problem:
|
||||
|
||||
1. Boot a broken kernel, system hangs, power-cycle
|
||||
2. boot_success now != 1, so we increment boot_indeterminate from 0
|
||||
(unset!) to 1. User either simply tries again, or makes some changes
|
||||
but the end-result still is a system hang, power-cycle
|
||||
3. Now boot_indeterminate==1 so we do not show the menu even though the
|
||||
previous boot failed -> BAD
|
||||
|
||||
This commit fixes this by restoring the behavior of setting
|
||||
boot_indeterminate to 2 when it was 1 before.
|
||||
|
||||
Fixes: "grub.d: Split out boot success reset from menu auto hide script"
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
util/grub.d/10_reset_boot_success.in | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in
|
||||
index 6c88d933dde..737e1ae5b68 100644
|
||||
--- a/util/grub.d/10_reset_boot_success.in
|
||||
+++ b/util/grub.d/10_reset_boot_success.in
|
||||
@@ -6,18 +6,18 @@
|
||||
#
|
||||
# The boot_success var needs to be set to 1 from userspace to mark a boot successful.
|
||||
cat << EOF
|
||||
-insmod increment
|
||||
# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
|
||||
if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then
|
||||
set menu_hide_ok=1
|
||||
else
|
||||
set menu_hide_ok=0
|
||||
fi
|
||||
-# Reset boot_indeterminate after a successful boot, increment otherwise
|
||||
+# Reset boot_indeterminate after a successful boot
|
||||
if [ "\${boot_success}" = "1" ] ; then
|
||||
set boot_indeterminate=0
|
||||
-else
|
||||
- increment boot_indeterminate
|
||||
+# Avoid boot_indeterminate causing the menu to be hidden more then once
|
||||
+elif [ "\${boot_indeterminate}" = "1" ]; then
|
||||
+ set boot_indeterminate=2
|
||||
fi
|
||||
# Reset boot_success for current boot
|
||||
set boot_success=0
|
@ -185,3 +185,5 @@ Patch0184: 0184-10_linux.in-Also-use-GRUB_CMDLINE_LINUX_DEFAULT-to-s.patch
|
||||
Patch0185: 0185-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch
|
||||
Patch0186: 0186-grub-set-bootflag-Update-comment-about-running-as-ro.patch
|
||||
Patch0187: 0187-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
|
||||
Patch0188: 0188-blscfg-add-a-space-char-when-appending-fields-for-va.patch
|
||||
Patch0189: 0189-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch
|
||||
|
@ -9,7 +9,7 @@
|
||||
Name: grub2
|
||||
Epoch: 1
|
||||
Version: 2.04
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: Bootloader with support for Linux, Multiboot and more
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/grub/
|
||||
@ -515,6 +515,10 @@ rm -r /boot/grub2.tmp/ || :
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Nov 27 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.04-5
|
||||
- blscfg: add a space char when appending fields for variable expansion
|
||||
- grub.d: Fix boot_indeterminate getting set on boot_success=0 boot
|
||||
|
||||
* Tue Nov 26 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.04-4
|
||||
- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
|
||||
Resolves: CVE-2019-14865
|
||||
|
Loading…
Reference in New Issue
Block a user