a0b2acecaa
Avoid to the heap-based buffer overflow. Upgrade to the below package to fix the CVE issue: grub2-2.02-0.86.el7.centos.src.rpm At the same time adjust the context and drop 0004-grub2-remove-32b-requirements.patch since it already had been included in the new version. Story: 2008532 Task: 41664 Change-Id: I7943127323ee28457ffe0a4ece54764633f86d9f Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
58 lines
2.7 KiB
Diff
58 lines
2.7 KiB
Diff
From fadbfe260a2678e1a6e79f8df4372b2eaee5dc9f Mon Sep 17 00:00:00 2001
|
|
From: root <root@yow-cgts4-lx.wrs.com>
|
|
Date: Tue, 23 Jan 2018 14:46:01 -0500
|
|
Subject: add unsigned package
|
|
|
|
---
|
|
SOURCES/grub.macros | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros
|
|
index 075727c..5581deb 100644
|
|
--- a/SOURCES/grub.macros
|
|
+++ b/SOURCES/grub.macros
|
|
@@ -235,6 +235,13 @@ Requires: %{name}-common = %{evr} \
|
|
%{expand:%%description %{1}-cdboot} \
|
|
%{desc} \
|
|
This subpackage provides optional components of grub used with removeable media on %{1} systems.\
|
|
+ \
|
|
+%{expand:%%package %{1}-unsigned} \
|
|
+Summary: Unsigned versions of GRUB EFI binaries \
|
|
+ \
|
|
+%{expand:%%description %{1}-unsigned} \
|
|
+This package contains unsigned version of GRUB EFI binaries. \
|
|
+ \
|
|
%{nil}
|
|
|
|
%global do_common_setup() \
|
|
@@ -309,6 +316,8 @@ done \
|
|
-p /EFI/%{efidir} -d grub-core ${GRUB_MODULES} \
|
|
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
|
|
-p /EFI/BOOT -d grub-core ${GRUB_MODULES} \
|
|
+cp %{2}.orig %{2}.unsigned \
|
|
+cp %{3}.orig %{3}.unsigned \
|
|
%{expand:%%{pesign -s -i %{2}.orig -o %{2}.one -a %{5} -c %{6} -n %{7}}} \
|
|
%{expand:%%{pesign -s -i %{3}.orig -o %{3}.one -a %{5} -c %{6} -n %{7}}} \
|
|
%{expand:%%{pesign -s -i %{2}.one -o %{2} -a %{8} -c %{9} -n %{10}}} \
|
|
@@ -403,6 +412,8 @@ find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \
|
|
touch $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/grub.cfg \
|
|
ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/%{name}-efi.cfg \
|
|
+install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \
|
|
+install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \
|
|
install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \
|
|
install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \
|
|
install -D -m 700 unicode.pf2 \\\
|
|
@@ -490,4 +501,8 @@ cd .. \
|
|
%defattr(-,root,root,-) \
|
|
%verify(not mtime) %attr(0700,root,root)/boot/efi/EFI/%{efidir}/%{3} \
|
|
%verify(not mtime) %attr(0700,root,root)/boot/efi/EFI/%{efidir}/fonts \
|
|
+ \
|
|
+%{expand:%%files %{1}-unsigned} \
|
|
+/boot/efi/EFI/%{efidir}/%{grubefiname}.unsigned \
|
|
+/boot/efi/EFI/%{efidir}/%{grubeficdname}.unsigned \
|
|
%{nil}
|
|
--
|
|
2.7.4
|
|
|