From adaa841fcaff16f020da58ae6272b6acd1e30818 Mon Sep 17 00:00:00 2001 From: Leo Sandoval Date: Thu, 21 Nov 2024 12:46:44 -0600 Subject: [PATCH] 10_linux.in: escape semicolon and ampersand on BLS upddate Resolves: #RHEL-68531 Signed-off-by: Leo Sandoval --- ...pe-semicolon-and-ampersand-on-BLS-up.patch | 31 +++++++++++++++++++ grub.patches | 1 + grub2.spec | 6 +++- 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch diff --git a/0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch b/0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch new file mode 100644 index 0000000..cbb1ffe --- /dev/null +++ b/0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marta Lewandowska +Date: Thu, 21 Nov 2024 11:32:18 -0600 +Subject: [PATCH] 10_linux.in: escape semicolon and ampersand on BLS upddate + +Besides escaping the character '/', escape ';' and '&' which may be set on on +kernel parameters. + +Resolves: #RHEL-68531 +Signed-off-by: Marta Lewandowska +Reviewed-by: Leo Sandoval +--- + util/grub.d/10_linux.in | 2 ++ + 1 file changed, 2 insertions(+) + mode change 100644 => 100755 util/grub.d/10_linux.in + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +old mode 100644 +new mode 100755 +index 041a11529..7754ef853 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -176,6 +176,8 @@ update_bls_cmdline() + options="${options} ${GRUB_CMDLINE_LINUX_DEBUG}" + fi + options="$(echo "${options}" | sed -e 's/\//\\\//g')" ++ options="$(echo "${options}" | sed -e 's/\;/\\\;/g')" ++ options="$(echo "${options}" | sed -e 's/\\&/\\\\&/g')" + sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf" + done + } diff --git a/grub.patches b/grub.patches index 303e447..5d466f3 100644 --- a/grub.patches +++ b/grub.patches @@ -278,3 +278,4 @@ Patch0277: 0277-Stop-grub.efi-from-always-printing-dynamic_load_symb.patch Patch0278: 0278-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch Patch0279: 0279-grub-mkconfig-dont-overwrite-BLS-cmdline-if-BLSCFG.patch Patch0280: 0280-grub2-mkconfig-Pass-all-boot-params-when-used-by-ana.patch +Patch0281: 0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch \ No newline at end of file diff --git a/grub2.spec b/grub2.spec index 48b3526..cd237c1 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later URL: http://www.gnu.org/software/grub/ @@ -583,6 +583,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Thu Nov 21 2024 Leo Sandoval - 2.12-2 +- 10_linux.in: escape semicolon and ampersand on BLS upddate +- Resolves: #RHEL-68531 + * Wed Nov 6 2024 Leo Sandoval - 2.12-1 - Rebased to release grub-2.12 - Resolves: #RHEL-15032