10_linux.in: escape semicolon and ampersand on BLS upddate

Resolves: #RHEL-25558 Signed-off-by: Leo Sandoval <lsandova@redhat.com>
2024-11-21 11:45:28 -06:00 · 2024-11-21 11:45:28 -06:00 · 69027610fe
commit 69027610fe
parent 0e73191379
3 changed files with 37 additions and 1 deletions
--- a/0353-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
+++ b/0353-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marta Lewandowska <mlewando@redhat.com>
+Date: Thu, 21 Nov 2024 11:32:18 -0600
+Subject: [PATCH] 10_linux.in: escape semicolon and ampersand on BLS upddate
+
+Besides escaping the character '/', escape ';' and '&' which may be set on on
+kernel parameters.
+
+Resolves: #RHEL-25558
+Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
+Reviewed-by: Leo Sandoval <lsandova@redhat.com>
+---
+ util/grub.d/10_linux.in | 2 ++
+ 1 file changed, 2 insertions(+)
+ mode change 100644 => 100755 util/grub.d/10_linux.in
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+old mode 100644
+new mode 100755
+index 041a11529..7754ef853
+--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
+@@ -176,6 +176,8 @@ update_bls_cmdline()
+             options="${options} ${GRUB_CMDLINE_LINUX_DEBUG}"
+         fi
+         options="$(echo "${options}" | sed -e 's/\//\\\//g')"
+        options="$(echo "${options}" | sed -e 's/\;/\\\;/g')"
+        options="$(echo "${options}" | sed -e 's/\\&/\\\\&/g')"
+         sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf"
+     done
+ }
--- a/grub.patches
+++ b/grub.patches
@ -350,3 +350,4 @@ Patch0349: 0349-grub2-mkconfig-Simplify-os_name-detection.patch
 Patch0350: 0350-grub-mkconfig-Remove-check-for-mount-point-for-grub-.patch
 Patch0351: 0351-arm64-Use-proper-memory-type-for-kernel-allocation.patch
 Patch0352: 0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
+Patch0353: 0353-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
--- a/grub2.spec
+++ b/grub2.spec
@ -16,7 +16,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	93%{?dist}
+Release:	94%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@ -547,6 +547,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif

 %changelog
+* Thu Nov 21 2024 Leo Sandoval <lsandova@redhat.com> - 2.06-94
+- 10_linux.in: escape semicolon and ampersand on BLS upddate
+- Resolves: #RHEL-25558
+
 * Wed Oct 16 2024 Nicolas Frayer <nfrayer@redhat.com> 2.06-93
 - cmd/search: Fix a possible NULL ptr dereference
 - Resolves: #RHEL-61263