Commit d35121ea authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import grub2-2.02-81.el8

parent a5b63a99
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 13 Nov 2019 12:15:43 +0100
Subject: [PATCH] grub-set-bootflag: Update comment about running as root
through pkexec
We have stopped using pkexec for grub-set-bootflag, instead it is now
installed suid root, update the comment accordingly.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
util/grub-set-bootflag.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index f8dc310909a..32f1c104a2b 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -18,7 +18,7 @@
*/
/*
- * NOTE this gets run by users as root (through pkexec), so this does not
+ * NOTE this gets run by users as root (its suid root), so this does not
* use any grub library / util functions to allow for easy auditing.
* The grub headers are only included to get certain defines.
*/
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 22 Nov 2019 11:54:27 +0100
Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename
Make the grubenv writing code in grub-set-bootflag more robust by
writing the modified grubenv to a tmpfile first and then renaming the
tmpfile over the old grubenv (following symlinks).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 78 insertions(+), 9 deletions(-)
diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index 32f1c104a2b..d3b80a0d204 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -26,7 +26,9 @@
#include <config-util.h> /* For *_DIR_NAME defines */
#include <grub/types.h>
#include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
+#include <limits.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -52,8 +54,10 @@ int main(int argc, char *argv[])
{
/* NOTE buf must be at least the longest bootflag length + 4 bytes */
char env[GRUBENV_SIZE + 1], buf[64], *s;
+ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */
+ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1];
const char *bootflag;
- int i, len, ret;
+ int i, fd, len, ret;
FILE *f;
if (argc != 2)
@@ -75,7 +79,32 @@ int main(int argc, char *argv[])
bootflag = bootflags[i];
len = strlen (bootflag);
- f = fopen (GRUBENV, "r");
+ /*
+ * Really become root. setuid avoids an user killing us, possibly leaking
+ * the tmpfile. setgid avoids the new grubenv's gid being that of the user.
+ */
+ ret = setuid(0);
+ if (ret)
+ {
+ perror ("Error setuid(0) failed");
+ return 1;
+ }
+
+ ret = setgid(0);
+ if (ret)
+ {
+ perror ("Error setgid(0) failed");
+ return 1;
+ }
+
+ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */
+ if (!realpath(GRUBENV, env_filename))
+ {
+ perror ("Error canonicalizing " GRUBENV " filename");
+ return 1;
+ }
+
+ f = fopen (env_filename, "r");
if (!f)
{
perror ("Error opening " GRUBENV " for reading");
@@ -129,30 +158,70 @@ int main(int argc, char *argv[])
snprintf(buf, sizeof(buf), "%s=1\n", bootflag);
memcpy(s, buf, len + 3);
- /* "r+", don't truncate so that the diskspace stays reserved */
- f = fopen (GRUBENV, "r+");
+
+ /*
+ * Create a tempfile for writing the new env. Use the canonicalized filename
+ * for the template so that the tmpfile is in the same dir / on same fs.
+ */
+ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename);
+ fd = mkstemp(tmp_filename);
+ if (fd == -1)
+ {
+ perror ("Creating tmpfile failed");
+ return 1;
+ }
+
+ f = fdopen (fd, "w");
if (!f)
{
- perror ("Error opening " GRUBENV " for writing");
+ perror ("Error fdopen of tmpfile failed");
+ unlink(tmp_filename);
return 1;
}
ret = fwrite (env, 1, GRUBENV_SIZE, f);
if (ret != GRUBENV_SIZE)
{
- perror ("Error writing to " GRUBENV);
+ perror ("Error writing tmpfile");
+ unlink(tmp_filename);
return 1;
}
ret = fflush (f);
if (ret)
{
- perror ("Error flushing " GRUBENV);
+ perror ("Error flushing tmpfile");
+ unlink(tmp_filename);
return 1;
}
- fsync (fileno (f));
- fclose (f);
+ ret = fsync (fileno (f));
+ if (ret)
+ {
+ perror ("Error syncing tmpfile");
+ unlink(tmp_filename);
+ return 1;
+ }
+
+ ret = fclose (f);
+ if (ret)
+ {
+ perror ("Error closing tmpfile");
+ unlink(tmp_filename);
+ return 1;
+ }
+
+ /*
+ * And finally rename the tmpfile with the new env over the old env, the
+ * linux kernel guarantees that this is atomic (from a syscall pov).
+ */
+ ret = rename(tmp_filename, env_filename);
+ if (ret)
+ {
+ perror ("Error renaming tmpfile to " GRUBENV " failed");
+ unlink(tmp_filename);
+ return 1;
+ }
return 0;
}
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 28 Nov 2019 13:23:59 +0100
Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition
The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8
since in that case the grub_efi_status_t is a grub_int32_t typedef. This
leads to the following covscan warnings:
grub-2.02/include/grub/dl.h:29: included_from: Included from here.
grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here.
grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here.
grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf'
grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=]
grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf'
Related: rhbz#1761811
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
include/grub/efi/api.h | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index b337e1a193d..6c440c61316 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t;
typedef grub_efi_intn_t grub_efi_status_t;
/* Make grub_efi_status_t reasonably printable. */
#if GRUB_CPU_SIZEOF_VOID_P == 8
-#define PRIxGRUB_EFI_STATUS "lx"
-#define PRIdGRUB_EFI_STATUS "ld"
+# if GRUB_CPU_SIZEOF_LONG == 8
+# define PRIxGRUB_EFI_STATUS "lx"
+# define PRIdGRUB_EFI_STATUS "ld"
+# else
+# define PRIxGRUB_EFI_STATUS "llx"
+# define PRIdGRUB_EFI_STATUS "lld"
+# endif
#else
-#define PRIxGRUB_EFI_STATUS "llx"
-#define PRIdGRUB_EFI_STATUS "lld"
+# define PRIxGRUB_EFI_STATUS "x"
+# define PRIdGRUB_EFI_STATUS "d"
#endif
#define GRUB_EFI_ERROR_CODE(value) \
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 16 Oct 2019 15:32:04 +0200
Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of
error
If the calls to EFI services to do TPM measuraments fail, currently error
messages are printed. But this is not a fatal error and just pollutes the
output, so instead just print them as debug messages.
Resolves: rhbz#1761811
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++-----------------------
1 file changed, 30 insertions(+), 28 deletions(-)
diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c
index 0d3ebe22e57..5dc90865242 100644
--- a/grub-core/kern/efi/tpm.c
+++ b/grub-core/kern/efi/tpm.c
@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
}
}
+static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status)
+{
+ switch (status) {
+ case GRUB_EFI_SUCCESS:
+ return 0;
+ case GRUB_EFI_DEVICE_ERROR:
+ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n",
+ status);
+ return GRUB_ERR_IO;
+ case GRUB_EFI_INVALID_PARAMETER:
+ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n",
+ status);
+ return GRUB_ERR_BAD_ARGUMENT;
+ case GRUB_EFI_BUFFER_TOO_SMALL:
+ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n",
+ status);
+ return GRUB_ERR_BAD_ARGUMENT;
+ case GRUB_EFI_NOT_FOUND:
+ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n",
+ status);
+ return GRUB_ERR_UNKNOWN_DEVICE;
+ default:
+ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n",
+ status);
+ return GRUB_ERR_UNKNOWN_DEVICE;
+ }
+}
+
static grub_err_t
grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
grub_size_t size, grub_uint8_t pcr,
@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
(unsigned long) buf, (grub_uint64_t) size,
algorithm, event, &eventnum, &lastevent);
- switch (status) {
- case GRUB_EFI_SUCCESS:
- return 0;
- case GRUB_EFI_DEVICE_ERROR:
- return grub_error (GRUB_ERR_IO, N_("Command failed"));
- case GRUB_EFI_INVALID_PARAMETER:
- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
- case GRUB_EFI_BUFFER_TOO_SMALL:
- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
- case GRUB_EFI_NOT_FOUND:
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
- default:
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
- }
+ return grub_tpm_dprintf(status);
}
static grub_err_t
@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf,
(grub_uint64_t) size, event);
- switch (status) {
- case GRUB_EFI_SUCCESS:
- return 0;
- case GRUB_EFI_DEVICE_ERROR:
- return grub_error (GRUB_ERR_IO, N_("Command failed"));
- case GRUB_EFI_INVALID_PARAMETER:
- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter"));
- case GRUB_EFI_BUFFER_TOO_SMALL:
- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
- case GRUB_EFI_NOT_FOUND:
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
- default:
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
- }
+ return grub_tpm_dprintf(status);
}
grub_err_t
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Tue, 23 Oct 2018 15:00:13 +0200
Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on
UEFI system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On a UEFI system, were no boot entry *grub* is present, currently,
`grub-install` fails with an error.
$ efibootmgr
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0001,0006,0003,0004,0005
Boot0001 Diskette Drive
Boot0003* USB Storage Device
Boot0004* CD/DVD/CD-RW Drive
Boot0005 Onboard NIC
Boot0006* WDC WD2500AAKX-75U6AA0
$ sudo grub-install /dev/sda
Installing for x86_64-efi platform.
grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020.
The error code is always different, and the error message (incorrectly)
points to efibootmgr.
But, the error is in GRUB’s function
`grub_install_remove_efi_entries_by_distributor()`, where the variable
`rc` for the return value, is uninitialized and never set, when no boot
entry for the distributor is found.
The content of that uninitialized variable is then returned as the error
code of efibootmgr.
Set the variable to 0, so that success is returned, when no entry needs
to be deleted.
Tested on Dell OptiPlex 7010 with firmware A28.
$ sudo ./grub-install /dev/sda
Installing for x86_64-efi platform.
Installation finished. No error reported.
[1]: https://github.com/rhboot/efibootmgr/issues/100
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/osdep/unix/platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
index ca448bc11a0..55b8f401624 100644
--- a/grub-core/osdep/unix/platform.c
+++ b/grub-core/osdep/unix/platform.c
@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
char *line = NULL;
size_t len = 0;
- int rc;
+ int rc = 0;
if (!pid)
{
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 26 Nov 2019 09:51:41 +0100
Subject: [PATCH] blscfg: add a space char when appending fields for variable
expansion
The GRUB variables are expanded and replaced by their values before adding
menu entries, but they didn't include space characters after the values so
the result was not correct.
For the common case this wasn't a problem but it is if there are variables
that are part of the values of other variables.
Resolves: rhbz#1669252
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/commands/blscfg.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index 11cc82b6f31..c92e1c84543 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num)
static char *field_append(bool is_var, char *buffer, char *start, char *end)
{
- char *temp = grub_strndup(start, end - start + 1);
- const char *field = temp;
+ char *tmp = grub_strndup(start, end - start + 1);
+ const char *field = tmp;
+ int term = is_var ? 2 : 1;
if (is_var) {
- field = grub_env_get (temp);
+ field = grub_env_get (tmp);
if (!field)
return buffer;
}
- if (!buffer) {
- buffer = grub_strdup(field);
- if (!buffer)
- return NULL;
- } else {
- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field));
- if (!buffer)
- return NULL;
+ if (!buffer)
+ buffer = grub_zalloc (grub_strlen(field) + term);
+ else
+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term);
- grub_stpcpy (buffer + grub_strlen(buffer), field);
- }
+ if (!buffer)
+ return NULL;
+
+ tmp = buffer + grub_strlen(buffer);
+ tmp = grub_stpcpy (tmp, field);
+
+ if (is_var)
+ tmp = grub_stpcpy (tmp, " ");
return buffer;
}
@@ -646,6 +649,8 @@ static char *expand_val(char *value)
buffer = field_append(is_var, buffer, start, end);
is_var = false;
start = value;
+ if (*start == ' ')
+ start++;
}
}
......@@ -263,6 +263,9 @@ Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch
Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch
Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch
Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch
Patch0266: 0266-unix-platform-Initialize-variable-to-fix-grub-instal.patch
Patch0267: 0267-grub-set-bootflag-Update-comment-about-running-as-ro.patch
Patch0268: 0268-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch
Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch
Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch
Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch
Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch
Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch
......@@ -7,7 +7,7 @@
Name: grub2
Epoch: 1
Version: 2.02
Release: 78%{?dist}.1
Release: 81%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
License: GPLv3+
......@@ -498,7 +498,21 @@ fi
%endif
%changelog
* Tue Dec 03 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-78.el8_1.1
* Thu Dec 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-81
- Another fix for blscfg variable expansion support
Related: rhbz#1669252
* Thu Nov 28 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-80
- Fix PRIxGRUB_EFI_STATUS definition
Related: rhbz#1761811
- TPM: Print messages if measuraments fail as debug instead of error
Resolves: rhbz#1761811
- unix/platform: Initialize variable to fix grub-install on UEFI system
Resolves: rhbz#1768689
- blscfg: add a space char when appending fields for variable expansion
Resolves: rhbz#1669252
* Fri Nov 22 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-79
- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede)
Resolves: CVE-2019-14865
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment