diff --git a/05d3698b8b03_patch.patch b/05d3698b8b03_patch.patch new file mode 100644 index 0000000000000000000000000000000000000000..16199bd53d39ab6f51af38803f5ced9a285160d4 --- /dev/null +++ b/05d3698b8b03_patch.patch @@ -0,0 +1,58 @@ +From 05d3698b8b03eccc49e53491bbd75dba15f40917 Mon Sep 17 00:00:00 2001 +From: Alec Brown +Date: Thu, 21 Aug 2025 21:14:07 +0000 +Subject: [PATCH] normal/main: Unregister commands on module unload + +When the normal module is loaded, the normal and normal_exit commands +are registered but aren't unregistered when the module is unloaded. We +need to add calls to grub_unregister_command() when unloading the module +for these commands. + +Fixes: CVE-2025-61663 +Fixes: CVE-2025-61664 + +Reported-by: Alec Brown +Signed-off-by: Alec Brown +Reviewed-by: Daniel Kiper +--- + grub-core/normal/main.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 8c2acf938..de9a3f961 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -510,7 +510,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)), + return 0; + } + +-static grub_command_t cmd_clear; ++static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit; + + static void (*grub_xputs_saved) (const char *str); + static const char *features[] = { +@@ -554,10 +554,10 @@ GRUB_MOD_INIT(normal) + grub_env_export ("pager"); + + /* Register a command "normal" for the rescue mode. */ +- grub_register_command ("normal", grub_cmd_normal, +- 0, N_("Enter normal mode.")); +- grub_register_command ("normal_exit", grub_cmd_normal_exit, +- 0, N_("Exit from normal mode.")); ++ cmd_normal = grub_register_command ("normal", grub_cmd_normal, ++ 0, N_("Enter normal mode.")); ++ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, ++ 0, N_("Exit from normal mode.")); + + /* Reload terminal colors when these variables are written to. */ + grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal); +@@ -599,4 +599,6 @@ GRUB_MOD_FINI(normal) + grub_register_variable_hook ("color_highlight", NULL, NULL); + grub_fs_autoload_hook = 0; + grub_unregister_command (cmd_clear); ++ grub_unregister_command (cmd_normal); ++ grub_unregister_command (cmd_normal_exit); + } +-- +2.47.3 + diff --git a/grub.patches b/grub.patches index 4898a1f51643275ee399904ee9ec300ff62593da..078d3442fdca426ae87a1d1e07b165db5a610234 100644 --- a/grub.patches +++ b/grub.patches @@ -288,3 +288,5 @@ Patch1084: 1084-kern-misc-Add-sanity-check-after-grub_strtoul-call.patch Patch1085: 1085-loader-i386-linux-Cast-left-shift-to-grub_uint32_t.patch Patch1086: 1086-loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch Patch1087: 1087-fix-CVE-2024-56738.patch +# https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=05d3698b8b03eccc49e53491bbd75dba15f40917 +Patch1090: 05d3698b8b03_patch.patch diff --git a/grub2.spec b/grub2.spec index e5a800a564888e73d630f7283d3bab7dd83865b7..ccd3a74aace5b60747f62a1296fb617eb883d1a2 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,4 +1,4 @@ -%define anolis_release 18 +%define anolis_release 19 %global _lto_cflags %{nil} %undefine _hardened_build @@ -510,6 +510,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Thu Nov 20 2025 tomcruiseqi - 1:2.12-19 +- Fix CVE-2025-61664 + * Mon Oct 27 2025 Yihao Yan - 2.12-18 - fix patches index