Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2020-02-22 18:56:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2" Sat Feb 22 18:56:29 2020 rev:215 rq:777573 version:2.04 Changes: -------- --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2020-02-14 16:26:53.127239858 +0100 +++ /work/SRC/openSUSE:Factory/.grub2.new.26092/grub2.changes 2020-02-22 18:56:31.505184534 +0100 @@ -1,0 +2,7 @@ +Tue Feb 18 08:43:30 UTC 2020 - Michael Chang <mch...@suse.com> + +- Fix grub hangs after loading rogue image without valid signature for uefi + secure boot (bsc#1159102) + * grub2-verifiers-fix-system-freeze-if-verify-failed.patch + +------------------------------------------------------------------- New: ---- grub2-verifiers-fix-system-freeze-if-verify-failed.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grub2.spec ++++++ --- /var/tmp/diff_new_pack.LKrt1z/_old 2020-02-22 18:56:33.461188323 +0100 +++ /var/tmp/diff_new_pack.LKrt1z/_new 2020-02-22 18:56:33.461188323 +0100 @@ -223,6 +223,7 @@ Patch92: grub2-util-30_os-prober-multiple-initrd.patch Patch93: grub2-getroot-support-nvdimm.patch Patch94: grub2-install-fix-not-a-directory-error.patch +Patch95: grub2-verifiers-fix-system-freeze-if-verify-failed.patch # Btrfs snapshot booting related patches Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch Patch102: grub2-btrfs-02-export-subvolume-envvars.patch @@ -508,6 +509,7 @@ %patch92 -p1 %patch93 -p1 %patch94 -p1 +%patch95 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 ++++++ grub2-verifiers-fix-system-freeze-if-verify-failed.patch ++++++ >From d0de8b37f651e13886ef0e0fda285a1294adafe8 Mon Sep 17 00:00:00 2001 From: Michael Chang <mch...@suse.com> Date: Tue, 18 Feb 2020 18:08:18 +0800 Subject: [PATCH] verifiers: Fix calling uninitialized function pointer The necessary check for NULL before use of function ver->close is not taking place in the failure path. This patch simply adds the missing check and fixes the problem that GRUB hangs indefinitely after booting rogue image without valid signature if secure boot is turned on. Now it displays like this for booting rogue UEFI image: error: bad shim signature error: you need to load the kernel first Press any key to continue... and then you can go back to boot menu by pressing any key or after a few seconds expired. Signed-off-by: Michael Chang <mch...@suse.com> Reviewed-by: Javier Martinez Canillas <javi...@redhat.com> Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> --- grub-core/commands/verifiers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c index 0dde48182..7b9297cd3 100644 --- a/grub-core/commands/verifiers.c +++ b/grub-core/commands/verifiers.c @@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) return ret; fail: - ver->close (context); + if (ver->close) + ver->close (context); fail_noclose: verified_free (verified); grub_free (ret); -- 2.16.4