PR#84: grub-mkconfig.in: turn off executable owner bit - rpms/grub2

Leo Sandoval • 22 days ago

a137559

file added

+30

		`@@ -0,0 +1,30 @@`
		`+ From 4062ab33c8cd86ac15cefe1b4f2f422b28467f54 Mon Sep 17 00:00:00 2001`
		`+ From: Leo Sandoval <lsandova@redhat.com>`
		`+ Date: Fri, 24 May 2024 18:22:17 -0600`
		`+ Subject: [PATCH] grub-mkconfig.in: turn off executable owner bit`
		`+`
		`+ Stricker permissions are required on the grub.cfg file, resulting in`
		`+ at most 0600 owner's file permissions. This resolves conflicting`
		`+ requirement permissions on grub2-pc package's grub2.cfg file.`
		`+`
		`+ Signed-off-by: Leo Sandoval <lsandova@redhat.com>`
		`+ ---`
		`+ util/grub-mkconfig.in \| 2 +-`
		`+ 1 file changed, 1 insertion(+), 1 deletion(-)`
		`+`
		`+ diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in`
		`+ index 520a672cd..fb382b648 100644`
		`+ --- a/util/grub-mkconfig.in`
		`+ +++ b/util/grub-mkconfig.in`
		`+ @@ -311,7 +311,7 @@ and /etc/grub.d/* files or please file a bug report with`
		`+ exit 1`
		`+ else`
		`+ # none of the children aborted with error, install the new grub.cfg`
		`+ - oldumask=$(umask); umask 077`
		`+ + oldumask=$(umask); umask 177`
		`+ cat ${grub_cfg}.new > ${grub_cfg}`
		`+ umask $oldumask`
		`+ rm -f ${grub_cfg}.new`
		`+ --`
		`+ 2.44.0`
		`+`

grub.macros

file modified

+3 -3

		`@@ -683,7 +683,7 @@`
		`%{expand:%%files %{1}} \`
		`%defattr(-,root,root,-) \`
		`%config(noreplace) %{_sysconfdir}/grub2.cfg \`
		`- %ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \`
		`+ %ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \`
		`%dir %attr(0700,root,root)/boot/loader/entries \`
		`%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \`
		`%ifarch ppc64le \`
		`@@ -718,8 +718,8 @@`
		`%endif \`
		`%attr(0700,root,root)/boot/grub2/fonts \`
		`%dir %attr(0700,root,root)/boot/loader/entries \`
		`- %ghost %config(noreplace) %attr(0700,root,root)/boot/grub2/grub.cfg \`
		`- %ghost %config(noreplace) %verify(not mtime) %attr(0700,root,root)%{efi_esp_dir}/grub.cfg \`
		`+ %ghost %config(noreplace) %attr(0600,root,root)/boot/grub2/grub.cfg \`
		`+ %ghost %config(noreplace) %verify(not mtime) %attr(0600,root,root)%{efi_esp_dir}/grub.cfg \`
		`%config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv \`
		`%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/grub2-%{1}.conf \`
		`%{expand:%if 0%{?without_efi_modules} \`

grub.patches

file modified

		`@@ -359,3 +359,4 @@`
		`Patch0359: 0359-fs-ntfs-Make-code-more-readable.patch`
		`Patch0360: 0360-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch`
		`Patch0361: 0361-cmd-search-Rework-of-CVE-2023-4001-fix.patch`
		`+ Patch0362: 0362-grub-mkconfig.in-turn-off-executable-owner-bit.patch`

grub2.spec

file modified

+5 -1

		`@@ -17,7 +17,7 @@`
		`Name: grub2`
		`Epoch: 1`
		`Version: 2.06`
		`- Release: 122%{?dist}`
		`+ Release: 123%{?dist}`
		`Summary: Bootloader with support for Linux, Multiboot and more`
		`License: GPL-3.0-or-later`
		`URL: http://www.gnu.org/software/grub/`
		`@@ -555,6 +555,10 @@`
		`%endif`

		`%changelog`
		`+ * Tue May 28 2024 Leo Sandoval <lsandova@redhat.com> - 2.06.123`
		`+ - grub-mkconfig.in: turn off executable owner bit`
		`+ - Resolves: #2281464`
		`+`
		`* Thu May 23 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-122`
		`- cmd/search: Rework of CVE-2023-4001 fix`
		`- Related: #2224951`