import grub2-2.02-81.el8

SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 13 Nov 2019 12:15:43 +0100
+Subject: [PATCH] grub-set-bootflag: Update comment about running as root
+ through pkexec
+
+We have stopped using pkexec for grub-set-bootflag, instead it is now
+installed suid root, update the comment accordingly.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub-set-bootflag.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
+index f8dc310909a..32f1c104a2b 100644
+--- a/util/grub-set-bootflag.c
++++ b/util/grub-set-bootflag.c
+@@ -18,7 +18,7 @@
+  */
+ 
+ /*
+- * NOTE this gets run by users as root (through pkexec), so this does not
++ * NOTE this gets run by users as root (its suid root), so this does not
+  * use any grub library / util functions to allow for easy auditing.
+  * The grub headers are only included to get certain defines.
+  */

SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Fri, 22 Nov 2019 11:54:27 +0100
+Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename
+
+Make the grubenv writing code in grub-set-bootflag more robust by
+writing the modified grubenv to a tmpfile first and then renaming the
+tmpfile over the old grubenv (following symlinks).
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 78 insertions(+), 9 deletions(-)
+
+diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
+index 32f1c104a2b..d3b80a0d204 100644
+--- a/util/grub-set-bootflag.c
++++ b/util/grub-set-bootflag.c
+@@ -26,7 +26,9 @@
+ #include <config-util.h>     /* For *_DIR_NAME defines */
+ #include <grub/types.h>
+ #include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
++#include <limits.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+ 
+@@ -52,8 +54,10 @@ int main(int argc, char *argv[])
+ {
+   /* NOTE buf must be at least the longest bootflag length + 4 bytes */
+   char env[GRUBENV_SIZE + 1], buf[64], *s;
++  /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */
++  char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1];
+   const char *bootflag;
+-  int i, len, ret;
++  int i, fd, len, ret;
+   FILE *f;
+ 
+   if (argc != 2)
+@@ -75,7 +79,32 @@ int main(int argc, char *argv[])
+   bootflag = bootflags[i];
+   len = strlen (bootflag);
+ 
+-  f = fopen (GRUBENV, "r");
++  /*
++   * Really become root. setuid avoids an user killing us, possibly leaking
++   * the tmpfile. setgid avoids the new grubenv's gid being that of the user.
++   */
++  ret = setuid(0);
++  if (ret)
++    {
++      perror ("Error setuid(0) failed");
++      return 1;
++    }
++
++  ret = setgid(0);
++  if (ret)
++    {
++      perror ("Error setgid(0) failed");
++      return 1;
++    }
++
++  /* Canonicalize GRUBENV filename, resolving symlinks, etc. */
++  if (!realpath(GRUBENV, env_filename))
++    {
++      perror ("Error canonicalizing " GRUBENV " filename");
++      return 1;
++    }
++
++  f = fopen (env_filename, "r");
+   if (!f)
+     {
+       perror ("Error opening " GRUBENV " for reading");
+@@ -129,30 +158,70 @@ int main(int argc, char *argv[])
+   snprintf(buf, sizeof(buf), "%s=1\n", bootflag);
+   memcpy(s, buf, len + 3);
+ 
+-  /* "r+", don't truncate so that the diskspace stays reserved */
+-  f = fopen (GRUBENV, "r+");
++
++  /*
++   * Create a tempfile for writing the new env.  Use the canonicalized filename
++   * for the template so that the tmpfile is in the same dir / on same fs.
++   */
++  snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename);
++  fd = mkstemp(tmp_filename);
++  if (fd == -1)
++    {
++      perror ("Creating tmpfile failed");
++      return 1;
++    }
++
++  f = fdopen (fd, "w");
+   if (!f)
+     {
+-      perror ("Error opening " GRUBENV " for writing");
++      perror ("Error fdopen of tmpfile failed");
++      unlink(tmp_filename);
+       return 1;     
+     }
+ 
+   ret = fwrite (env, 1, GRUBENV_SIZE, f);
+   if (ret != GRUBENV_SIZE)
+     {
+-      perror ("Error writing to " GRUBENV);
++      perror ("Error writing tmpfile");
++      unlink(tmp_filename);
+       return 1;     
+     }
+ 
+   ret = fflush (f);
+   if (ret)
+     {
+-      perror ("Error flushing " GRUBENV);
++      perror ("Error flushing tmpfile");
++      unlink(tmp_filename);
+       return 1;     
+     }
+ 
+-  fsync (fileno (f));
+-  fclose (f);
++  ret = fsync (fileno (f));
++  if (ret)
++    {
++      perror ("Error syncing tmpfile");
++      unlink(tmp_filename);
++      return 1;
++    }
++
++  ret = fclose (f);
++  if (ret)
++    {
++      perror ("Error closing tmpfile");
++      unlink(tmp_filename);
++      return 1;
++    }
++
++  /*
++   * And finally rename the tmpfile with the new env over the old env, the
++   * linux kernel guarantees that this is atomic (from a syscall pov).
++   */
++  ret = rename(tmp_filename, env_filename);
++  if (ret)
++    {
++      perror ("Error renaming tmpfile to " GRUBENV " failed");
++      unlink(tmp_filename);
++      return 1;
++    }
+ 
+   return 0;
+ }

SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 28 Nov 2019 13:23:59 +0100
+Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition
+
+The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8
+since in that case the grub_efi_status_t is a grub_int32_t typedef. This
+leads to the following covscan warnings:
+
+grub-2.02/include/grub/dl.h:29: included_from: Included from here.
+grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here.
+grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here.
+grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf'
+grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=]
+grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf'
+
+Related: rhbz#1761811
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ include/grub/efi/api.h | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
+index b337e1a193d..6c440c61316 100644
+--- a/include/grub/efi/api.h
++++ b/include/grub/efi/api.h
+@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t;
+ typedef grub_efi_intn_t grub_efi_status_t;
+ /* Make grub_efi_status_t reasonably printable. */
+ #if GRUB_CPU_SIZEOF_VOID_P == 8
+-#define PRIxGRUB_EFI_STATUS "lx"
+-#define PRIdGRUB_EFI_STATUS "ld"
++# if GRUB_CPU_SIZEOF_LONG == 8
++#  define PRIxGRUB_EFI_STATUS "lx"
++#  define PRIdGRUB_EFI_STATUS "ld"
++# else
++#  define PRIxGRUB_EFI_STATUS "llx"
++#  define PRIdGRUB_EFI_STATUS "lld"
++# endif
+ #else
+-#define PRIxGRUB_EFI_STATUS "llx"
+-#define PRIdGRUB_EFI_STATUS "lld"
++# define PRIxGRUB_EFI_STATUS "x"
++# define PRIdGRUB_EFI_STATUS "d"
+ #endif
+ 
+ #define GRUB_EFI_ERROR_CODE(value)	\

SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 16 Oct 2019 15:32:04 +0200
+Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of
+ error
+
+If the calls to EFI services to do TPM measuraments fail, currently error
+messages are printed. But this is not a fatal error and just pollutes the
+output, so instead just print them as debug messages.
+
+Resolves: rhbz#1761811
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++-----------------------
+ 1 file changed, 30 insertions(+), 28 deletions(-)
+
+diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
+index 0d3ebe22e57..5dc90865242 100644
+--- a/grub-core/kern/efi/tpm.c
++++ b/grub-core/kern/efi/tpm.c
+@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
+   }
+ }
+ 
++static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status)
++{
++  switch (status) {
++  case GRUB_EFI_SUCCESS:
++    return 0;
++  case GRUB_EFI_DEVICE_ERROR:
++    grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n",
++                  status);
++    return GRUB_ERR_IO;
++  case GRUB_EFI_INVALID_PARAMETER:
++    grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n",
++                  status);
++    return GRUB_ERR_BAD_ARGUMENT;
++  case GRUB_EFI_BUFFER_TOO_SMALL:
++    grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n",
++                  status);
++    return GRUB_ERR_BAD_ARGUMENT;
++  case GRUB_EFI_NOT_FOUND:
++    grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n",
++                  status);
++    return GRUB_ERR_UNKNOWN_DEVICE;
++  default:
++    grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n",
++                  status);
++    return GRUB_ERR_UNKNOWN_DEVICE;
++  }
++}
++
+ static grub_err_t
+ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+ 		    grub_size_t size, grub_uint8_t pcr,
+@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+                        (unsigned long) buf, (grub_uint64_t) size,
+ 		       algorithm, event, &eventnum, &lastevent);
+ 
+-  switch (status) {
+-  case GRUB_EFI_SUCCESS:
+-    return 0;
+-  case GRUB_EFI_DEVICE_ERROR:
+-    return grub_error (GRUB_ERR_IO, N_("Command failed"));
+-  case GRUB_EFI_INVALID_PARAMETER:
+-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+-  case GRUB_EFI_BUFFER_TOO_SMALL:
+-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+-  case GRUB_EFI_NOT_FOUND:
+-    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+-  default:
+-    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+-  }
++  return grub_tpm_dprintf(status);
+ }
+ 
+ static grub_err_t
+@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
+   status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf,
+ 		       (grub_uint64_t) size, event);
+ 
+-  switch (status) {
+-  case GRUB_EFI_SUCCESS:
+-    return 0;
+-  case GRUB_EFI_DEVICE_ERROR:
+-    return grub_error (GRUB_ERR_IO, N_("Command failed"));
+-  case GRUB_EFI_INVALID_PARAMETER:
+-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
+-  case GRUB_EFI_BUFFER_TOO_SMALL:
+-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
+-  case GRUB_EFI_NOT_FOUND:
+-    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+-  default:
+-    return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+-  }
++  return grub_tpm_dprintf(status);
+ }
+ 
+ grub_err_t

SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paul Menzel <pmenzel@molgen.mpg.de>
+Date: Tue, 23 Oct 2018 15:00:13 +0200
+Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on
+ UEFI system
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On a UEFI system, were no boot entry *grub* is present, currently,
+`grub-install` fails with an error.
+
+    $ efibootmgr
+    BootCurrent: 0000
+    Timeout: 0 seconds
+    BootOrder: 0001,0006,0003,0004,0005
+    Boot0001  Diskette Drive
+    Boot0003* USB Storage Device
+    Boot0004* CD/DVD/CD-RW Drive
+    Boot0005  Onboard NIC
+    Boot0006* WDC WD2500AAKX-75U6AA0
+    $ sudo grub-install /dev/sda
+    Installing for x86_64-efi platform.
+    grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020.
+
+The error code is always different, and the error message (incorrectly)
+points to efibootmgr.
+
+But, the error is in GRUB’s function
+`grub_install_remove_efi_entries_by_distributor()`, where the variable
+`rc` for the return value, is uninitialized and never set, when no boot
+entry for the distributor is found.
+
+The content of that uninitialized variable is then returned as the error
+code of efibootmgr.
+
+Set the variable to 0, so that success is returned, when no entry needs
+to be deleted.
+
+Tested on Dell OptiPlex 7010 with firmware A28.
+
+    $ sudo ./grub-install /dev/sda
+    Installing for x86_64-efi platform.
+    Installation finished. No error reported.
+
+[1]: https://github.com/rhboot/efibootmgr/issues/100
+
+Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/osdep/unix/platform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
+index ca448bc11a0..55b8f401624 100644
+--- a/grub-core/osdep/unix/platform.c
++++ b/grub-core/osdep/unix/platform.c
+@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
+   pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
+   char *line = NULL;
+   size_t len = 0;
+-  int rc;
++  int rc = 0;
+ 
+   if (!pid)
+     {

SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch

+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 26 Nov 2019 09:51:41 +0100
+Subject: [PATCH] blscfg: add a space char when appending fields for variable
+ expansion
+
+The GRUB variables are expanded and replaced by their values before adding
+menu entries, but they didn't include space characters after the values so
+the result was not correct.
+
+For the common case this wasn't a problem but it is if there are variables
+that are part of the values of other variables.
+
+Resolves: rhbz#1669252
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grub-core/commands/blscfg.c | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 11cc82b6f31..c92e1c84543 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num)
+ 
+ static char *field_append(bool is_var, char *buffer, char *start, char *end)
+ {
+-  char *temp = grub_strndup(start, end - start + 1);
+-  const char *field = temp;
++  char *tmp = grub_strndup(start, end - start + 1);
++  const char *field = tmp;
++  int term = is_var ? 2 : 1;
+ 
+   if (is_var) {
+-    field = grub_env_get (temp);
++    field = grub_env_get (tmp);
+     if (!field)
+       return buffer;
+   }
+ 
+-  if (!buffer) {
+-    buffer = grub_strdup(field);
+-    if (!buffer)
+-      return NULL;
+-  } else {
+-    buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
+-    if (!buffer)
+-      return NULL;
++  if (!buffer)
++    buffer = grub_zalloc (grub_strlen(field) + term);
++  else
++    buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term);
+ 
+-    grub_stpcpy (buffer + grub_strlen(buffer), field);
+-  }
++  if (!buffer)
++    return NULL;
++
++  tmp = buffer + grub_strlen(buffer);
++  tmp = grub_stpcpy (tmp, field);
++
++  if (is_var)
++      tmp = grub_stpcpy (tmp, " ");
+ 
+   return buffer;
+ }
+@@ -646,6 +649,8 @@ static char *expand_val(char *value)
+ 	buffer = field_append(is_var, buffer, start, end);
+ 	is_var = false;
+ 	start = value;
++	if (*start == ' ')
++	  start++;
+       }
+     }
+ 

SOURCES/grub.patches

@@ -263,6 +263,9 @@ Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
 Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
 Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
 Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
-Patch0266: 0266-unix-platform-Initialize-variable-to-fix-grub-instal.patch
-Patch0267: 0267-grub-set-bootflag-Update-comment-about-running-as-ro.patch
-Patch0268: 0268-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
+Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
+Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
+Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
+Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
+Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
+Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch

SPECS/grub2.spec

@@ -7,7 +7,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	78%{?dist}.1
+Release:	81%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@@ -498,7 +498,21 @@ fi
 %endif
 
 %changelog
-* Tue Dec 03 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-78.el8_1.1
+* Thu Dec 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-81
+- Another fix for blscfg variable expansion support
+  Related: rhbz#1669252
+
+* Thu Nov 28 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-80
+- Fix PRIxGRUB_EFI_STATUS definition
+  Related: rhbz#1761811
+- TPM: Print messages if measuraments fail as debug instead of error
+  Resolves: rhbz#1761811
+- unix/platform: Initialize variable to fix grub-install on UEFI system
+  Resolves: rhbz#1768689
+- blscfg: add a space char when appending fields for variable expansion
+  Resolves: rhbz#1669252
+
+* Fri Nov 22 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-79
 - grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
   Resolves: CVE-2019-14865