fix pending SAST issues

Resolves: #RHEL-50504

Signed-off-by: Leo Sandoval <lsandova@redhat.com>

0285-commands-legacycfg-Avoid-closing-file-twice.patch

@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval <lsandova@redhat.com>
+Date: Wed, 16 Oct 2024 11:54:38 -0600
+Subject: [PATCH] commands/legacycfg: Avoid closing file twice
+
+An internal (at Red Hat) static soure code scan detected an
+use-after-free scenario:
+
+  Error: USE_AFTER_FREE (CWE-416):
+  grub-2.06/grub-core/commands/legacycfg.c:194: freed_arg: "grub_file_close" frees "file".
+  grub-2.06/grub-core/commands/legacycfg.c:201: deref_arg: Calling "grub_file_close" dereferences freed pointer "file".
+  #  199|         if (!args)
+  #  200|   	{
+  #  201|-> 	  grub_file_close (file);
+  #  202|   	  grub_free (suffix);
+  #  203|   	  grub_free (entrysrc);
+
+So, remove the extra file close call.
+
+Signed-off-by: Leo Sandoval <lsandova@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/commands/legacycfg.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
+index 2c5d1a0ef..86bcda695 100644
+--- a/grub-core/commands/legacycfg.c
++++ b/grub-core/commands/legacycfg.c
+@@ -198,7 +198,6 @@ legacy_file (const char *filename)
+       const char **args = grub_malloc (sizeof (args[0]));
+       if (!args)
+ 	{
+-	  grub_file_close (file);
+ 	  grub_free (suffix);
+ 	  grub_free (entrysrc);
+ 	  return grub_errno;

0286-disk-ahci.c-remove-conditional-operator-for-endtime.patch

@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval <lsandova@redhat.com>
+Date: Wed, 22 Jan 2025 13:37:42 -0600
+Subject: [PATCH] disk/ahci.c: remove conditional operator for endtime
+
+The conditional makes no sense when the two possible expressions have the same
+value, so remove it (perhaps the compiler does it for us but better to remove
+it).
+
+Signed-off-by: Leo Sandoval <lsandova@redhat.com>
+---
+ grub-core/disk/ahci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/disk/ahci.c b/grub-core/disk/ahci.c
+index e7b5dc5f2..b247161b9 100644
+--- a/grub-core/disk/ahci.c
++++ b/grub-core/disk/ahci.c
+@@ -1038,7 +1038,7 @@ grub_ahci_readwrite_real (struct grub_ahci_device *dev,
+   grub_dprintf ("ahci", "AHCI tfd = %x\n",
+ 		dev->hba->ports[dev->port].task_file_data);
+ 
+-  endtime = grub_get_time_ms () + (spinup ? 20000 : 20000);
++  endtime = grub_get_time_ms () + 20000;
+   while ((dev->hba->ports[dev->port].command_issue & 1))
+     if (grub_get_time_ms () > endtime ||
+ 	(dev->hba->ports[dev->port].intstatus & GRUB_AHCI_HBA_PORT_IS_FATAL_MASK))

grub.patches

@@ -282,3 +282,5 @@ Patch0281: 0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
 Patch0282: 0282-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch
 Patch0283: 0283-fs-xfs-Fix-large-extent-counters-incompat-feature-su.patch
 Patch0284: 0284-term-ns8250-spcr-return-if-redirection-is-disabled.patch
+Patch0285: 0285-commands-legacycfg-Avoid-closing-file-twice.patch
+Patch0286: 0286-disk-ahci.c-remove-conditional-operator-for-endtime.patch

grub2.spec

@@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	7%{?dist}
+Release:	8%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPL-3.0-or-later
 URL:		http://www.gnu.org/software/grub/
@@ -583,6 +583,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Wed Jan 22 2025 Leo Sandoval <lsandova@redhat.com> 2.12-8
+- fix pending SAST issues
+- Resolves: #RHEL-50504
+
 * Fri Jan 17 2025 Leo Sandoval <lsandova@redhat.com> 2.12-7
 - term/ns8250-spcr: return if redirection is disabled
 - Resolves: #RHEL-68622