Hello community, here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2015-10-22 12:58:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grub2 (Old) and /work/SRC/openSUSE:Factory/.grub2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2" Changes: -------- --- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2015-10-02 09:22:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.grub2.new/grub2.changes 2015-10-22 12:58:20.000000000 +0200 @@ -1,0 +2,23 @@ +Sun Oct 18 11:45:10 UTC 2015 - [email protected] + +- Include custom.cfg into the files scanned by grub2-once. + Allows to chose manually added entries as well (FATE#319632). + +------------------------------------------------------------------- +Wed Oct 7 09:01:37 UTC 2015 - [email protected] + +- Upstream patches for fixing file descriptor leakage (bsc#943784) + * added 0001-unix-password-Fix-file-descriptor-leak.patch + * added 0002-linux-getroot-fix-descriptor-leak.patch + * added 0003-util-grub-mount-fix-descriptor-leak.patch + * added 0004-linux-ofpath-fix-descriptor-leak.patch + * added 0005-grub-fstest-fix-descriptor-leak.patch + +------------------------------------------------------------------- +Tue Oct 6 07:59:47 UTC 2015 - [email protected] + +- Do not force ro option in linuxefi patch (bsc#948555) + * modified grub2-secureboot-use-linuxefi-on-uefi.patch + * refrehed grub2-secureboot-provide-linuxefi-config.patch + +------------------------------------------------------------------- New: ---- 0001-unix-password-Fix-file-descriptor-leak.patch 0002-linux-getroot-fix-descriptor-leak.patch 0003-util-grub-mount-fix-descriptor-leak.patch 0004-linux-ofpath-fix-descriptor-leak.patch 0005-grub-fstest-fix-descriptor-leak.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grub2.spec ++++++ --- /var/tmp/diff_new_pack.DnCmJc/_old 2015-10-22 12:58:23.000000000 +0200 +++ /var/tmp/diff_new_pack.DnCmJc/_new 2015-10-22 12:58:23.000000000 +0200 @@ -253,6 +253,12 @@ Patch239: grub2-arm64-set-correct-length.patch Patch240: grub2-arm64-setjmp-Add-missing-license-macro.patch Patch241: grub2-arm64-efinet-handle-get_status-on-buggy-firmware-properly.patch +# Upstream patches for fixing file descriptor leakage (bsc#943784) +Patch260: 0001-unix-password-Fix-file-descriptor-leak.patch +Patch261: 0002-linux-getroot-fix-descriptor-leak.patch +Patch262: 0003-util-grub-mount-fix-descriptor-leak.patch +Patch263: 0004-linux-ofpath-fix-descriptor-leak.patch +Patch264: 0005-grub-fstest-fix-descriptor-leak.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140 @@ -517,6 +523,11 @@ %patch239 -p1 %patch240 -p1 %patch241 -p1 +%patch260 -p1 +%patch261 -p1 +%patch262 -p1 +%patch263 -p1 +%patch264 -p1 # Generate po/LINGUAS for message catalogs ... ./linguas.sh ++++++ 0001-unix-password-Fix-file-descriptor-leak.patch ++++++ >From 810254093959708aa6a260c59ad3cf3a1d250755 Mon Sep 17 00:00:00 2001 From: Vladimir Serbinenko <[email protected]> Date: Mon, 26 Jan 2015 09:53:03 +0100 Subject: [PATCH] unix/password: Fix file descriptor leak. Found by: Coverity scan. --- grub-core/osdep/unix/password.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) Index: grub-2.02~beta2/grub-core/osdep/unix/password.c =================================================================== --- grub-2.02~beta2.orig/grub-core/osdep/unix/password.c 2013-12-25 00:29:26.000000000 +0800 +++ grub-2.02~beta2/grub-core/osdep/unix/password.c 2015-09-22 17:10:01.109530851 +0800 @@ -53,7 +53,10 @@ tty_changed = 0; grub_memset (buf, 0, buf_size); if (!fgets (buf, buf_size, stdin)) - return 0; + { + fclose (in); + return 0; + } ptr = buf + strlen (buf) - 1; while (buf <= ptr && (*ptr == '\n' || *ptr == '\r')) *ptr-- = 0; @@ -64,5 +67,7 @@ grub_xputs ("\n"); grub_refresh (); + fclose (in); + return 1; } ++++++ 0002-linux-getroot-fix-descriptor-leak.patch ++++++ >From 6704abade6674a91d8c652a7e4596ca3421411b6 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov <[email protected]> Date: Mon, 26 Jan 2015 21:38:40 +0300 Subject: [PATCH] linux/getroot: fix descriptor leak. Found by: Coverity scan. --- grub-core/osdep/linux/getroot.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Index: grub-2.02~beta2/grub-core/osdep/linux/getroot.c =================================================================== --- grub-2.02~beta2.orig/grub-core/osdep/linux/getroot.c 2015-09-22 17:10:33.177530851 +0800 +++ grub-2.02~beta2/grub-core/osdep/linux/getroot.c 2015-09-22 17:13:27.269530851 +0800 @@ -368,7 +368,8 @@ ret[1+namelen] = '\0'; } if (!ret) - return xstrdup ("/"); + ret = xstrdup ("/"); + close (fd); return ret; } ++++++ 0003-util-grub-mount-fix-descriptor-leak.patch ++++++ >From 1a87156e01e3cb873f3479c31c34c97fb690eb71 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov <[email protected]> Date: Mon, 26 Jan 2015 22:24:28 +0300 Subject: [PATCH] util/grub-mount: fix descriptor leak. Found by: Coverity scan. --- util/grub-mount.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) Index: grub-2.02~beta2/util/grub-mount.c =================================================================== --- grub-2.02~beta2.orig/util/grub-mount.c 2013-12-25 00:29:28.000000000 +0800 +++ grub-2.02~beta2/util/grub-mount.c 2015-09-22 17:15:44.525530851 +0800 @@ -511,6 +511,7 @@ return 0; } grub_zfs_add_key (buf, real_size, 0); + fclose (f); } return 0; ++++++ 0004-linux-ofpath-fix-descriptor-leak.patch ++++++ >From 637fc62699e7ae3f0057e1c56d330eb193fd40b6 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov <[email protected]> Date: Tue, 27 Jan 2015 20:29:00 +0300 Subject: [PATCH] linux/ofpath: fix descriptor leak Found by: Coverity scan --- grub-core/osdep/linux/ofpath.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Index: grub-2.02~beta2/grub-core/osdep/linux/ofpath.c =================================================================== --- grub-2.02~beta2.orig/grub-core/osdep/linux/ofpath.c 2013-12-25 00:29:26.000000000 +0800 +++ grub-2.02~beta2/grub-core/osdep/linux/ofpath.c 2015-09-22 17:16:06.869530851 +0800 @@ -122,6 +122,8 @@ fd = open(path, O_RDONLY); if (fd < 0 || fstat (fd, &st) < 0) { + if (fd >= 0) + close (fd); snprintf(path, path_size, "%s/devspec", sysfs_path); fd = open(path, O_RDONLY); } ++++++ 0005-grub-fstest-fix-descriptor-leak.patch ++++++ >From 151c19a42a8ea76395fdb579221198156da9c026 Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov <[email protected]> Date: Fri, 30 Jan 2015 22:45:58 +0300 Subject: [PATCH] grub-fstest: fix descriptor leak Found by: Coverity scan. --- util/grub-fstest.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Index: grub-2.02~beta2/util/grub-fstest.c =================================================================== --- grub-2.02~beta2.orig/util/grub-fstest.c 2013-12-25 00:40:31.000000000 +0800 +++ grub-2.02~beta2/util/grub-fstest.c 2015-09-22 17:16:23.177530851 +0800 @@ -570,12 +570,12 @@ return 0; } real_size = fread (buf, 1, 1024, f); + fclose (f); if (real_size < 0) { printf (_("%s: error:"), program_name); printf (_("cannot read `%s': %s"), arg, strerror (errno)); printf ("\n"); - fclose (f); return 0; } grub_zfs_add_key (buf, real_size, 0); ++++++ grub2-once ++++++ --- /var/tmp/diff_new_pack.DnCmJc/_old 2015-10-22 12:58:23.000000000 +0200 +++ /var/tmp/diff_new_pack.DnCmJc/_new 2015-10-22 12:58:23.000000000 +0200 @@ -89,6 +89,13 @@ close (MENU); +if (open(MENU, "<$grub2_dir/custom.cfg")) { + while (<MENU>) { + &parse_menuentry ("", $_); + } + close (MENU); +} + my $ret = ""; my $name = ""; my $id = -1; ++++++ grub2-secureboot-provide-linuxefi-config.patch ++++++ --- /var/tmp/diff_new_pack.DnCmJc/_old 2015-10-22 12:58:23.000000000 +0200 +++ /var/tmp/diff_new_pack.DnCmJc/_new 2015-10-22 12:58:23.000000000 +0200 @@ -51,7 +51,7 @@ + if [ -d /sys/firmware/efi ] && [ "x${GRUB_USE_LINUXEFI}" = "xtrue" ]; then sed "s/^/$submenu_indentation/" << EOF echo '$message' - linuxefi ${rel_dirname}/${basename} ${root_device} ro ${args} + linuxefi ${rel_dirname}/${basename} ${root_device} ${args} @@ -147,7 +147,7 @@ EOF if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. ++++++ grub2-secureboot-use-linuxefi-on-uefi.patch ++++++ --- /var/tmp/diff_new_pack.DnCmJc/_old 2015-10-22 12:58:23.000000000 +0200 +++ /var/tmp/diff_new_pack.DnCmJc/_new 2015-10-22 12:58:23.000000000 +0200 @@ -23,7 +23,7 @@ + if [ -d /sys/firmware/efi ]; then + sed "s/^/$submenu_indentation/" << EOF + echo '$message' -+ linuxefi ${rel_dirname}/${basename} ${root_device} ro ${args} ++ linuxefi ${rel_dirname}/${basename} ${root_device} ${args} +EOF + else + sed "s/^/$submenu_indentation/" << EOF
