pool/grub2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
301279becb
grub2/0001-kern-main-Fix-cmdpath-in-root-directory.patch
Michael Chang d1a4631c13 - Fix grub.cfg is loaded from an unexpected fallback directory instead of the 
root directory during PXE boot when grub is loaded from the tftp root
  directory (bsc#1232391)
  * 0001-kern-main-Fix-cmdpath-in-root-directory.patch
  * grub2.spec: Refine PPC grub.elf early config to derive root from cmdpath
    directly, avoiding the unneeded search 

- Fix CVE-2024-49504 (bsc#1229163) (bsc#1229164)
- Restrict CLI access if the encrypted root device is automatically unlocked by
  the TPM. LUKS password authentication is required for access to be granted
  * 0001-cli_lock-Add-build-option-to-block-command-line-inte.patch
  * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Obsolete, as CLI access is now locked and granted access no longer requires
  the previous restrictions
  * 0002-Restrict-file-access-on-cryptodisk-print.patch
  * 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
- Rediff
  * 0004-Key-revocation-on-out-of-bound-file-access.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=519
2024-11-06 05:53:45 +00:00

67 lines
2.4 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 56b221476d31310de485af26550c8651618832bb Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 29 Oct 2024 11:54:28 +0800
Subject: [PATCH] kern/main: Fix cmdpath in root directory
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The "cmdpath" environment variable is set at startup to the location
from which the grub image is loaded. It includes a device part and,
optionally, an absolute directory name if the grub image is booted as a
file in a local file-system directory, or in a remote server directory,
like TFTP.
This entire process relies on firmware to provide the correct device
path of the booted image.
We encountered an issue when the image is booted from the root
directory, where the absolute directory name "/" is discarded. This
makes it unclear whether the root path was missing in the firmware
provided device path or if it is simply the root directory. This
ambiguity can cause confusion in custom scripts, potentially causing
them to interpret firmware data incorrectly and trigger unintended
fallback measures.
This patch fixes the problem by properly assigning the "fwpath" returned
by "grub_machine_get_bootlocation()" to "cmdpath". The fix is based on
the fact that fwpath is NULL if the firmware didnt provide a path part
or an NUL character, "", if it represents the root directory. With this,
it becomes possible to clearly distinguish:
- cmdpath=(hd0,1) - Either the image is booted from the first (raw)
partition, or the firmware failed to provide the path part.
- cmdpath=(hd0,1)/ - The image is booted from the root directory in the
first partition.
As a side note, the fix is similar to [1], but without the renaming
part.
[1] https://mail.gnu.org/archive/html/grub-devel/2024-10/msg00155.html
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/kern/main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
index ef3b3756d..f9ab12c74 100644
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@@ -136,7 +136,11 @@ grub_set_prefix_and_root (void)
{
char *cmdpath;
- cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : "");
+ if (fwpath && *fwpath == '\0')
+ cmdpath = grub_xasprintf ("(%s)/", fwdevice);
+ else
+ cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : "");
+
if (cmdpath)
{
grub_env_set ("cmdpath", cmdpath);
--
2.47.0
Reference in New Issue View Git Blame Copy Permalink