diff --git a/0194-backport-CVE-2024-56738.patch b/0194-backport-CVE-2024-56738.patch new file mode 100644 index 0000000000000000000000000000000000000000..00ef5ebb75dde663bc73d0b68cc82e50e5558a60 --- /dev/null +++ b/0194-backport-CVE-2024-56738.patch @@ -0,0 +1,41 @@ +From 8b1b47efd667ea3450681fa0c674045980e25360 Mon Sep 17 00:00:00 2001 +From: Jonathan Bar Or +Date: Mon, 7 Apr 2025 09:36:34 +0000 +Subject: [PATCH] fix CVE-2024-56738 + +Reference:https://savannah.gnu.org/bugs/?66603 +Conflict:NA + +--- + grub-core/lib/crypto.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index d53ddbe..653aab7 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -440,16 +440,16 @@ grub_crypto_gcry_error (gcry_err_code_t in) + int + grub_crypto_memcmp (const void *a, const void *b, grub_size_t n) + { +- register grub_size_t counter = 0; +- const grub_uint8_t *pa, *pb; ++ register grub_uint8_t indicator = 0; ++ const grub_uint8_t *pa = a, *pb = b; ++ grub_size_t i; + +- for (pa = a, pb = b; n; pa++, pb++, n--) ++ for (i = 0; i < n; i++) + { +- if (*pa != *pb) +- counter++; ++ indicator |= (pa[i] ^ pb[i]); + } + +- return !!counter; ++ return !!indicator; + } + + #ifndef GRUB_UTIL +-- +2.33.0 diff --git a/grub.patches b/grub.patches index 0bbaf27be3d384c3ec465a7f6ad81e97112b3b95..92be5b7f4218667a9484252672e44ffcb1bda231 100644 --- a/grub.patches +++ b/grub.patches @@ -178,6 +178,8 @@ Patch0188: 0188-Suppress-gettext-error-message.patch Patch0189: 0189-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch ##Patch0192: 0192-arm64-Fix-EFI-loader-kernel-image-allocation.patch Patch0193: 0193-normal-main-Discover-the-device-to-read-the-config-f.patch +# https://savannah.gnu.org/bugs/?66603 +Patch0194: 0194-backport-CVE-2024-56738.patch Patch0212: 1000-efi-new-connectefi-command.patch Patch0213: 1000-rpm-sort-add-prereqs-for-declaration-of-strchrnul.patch Patch0215: 1000-make-ofdisk_retries-optional.patch diff --git a/grub2.spec b/grub2.spec index 3e561cb110545ce623b4f5316904bd174c90318f..6d96f87aca81edaea9aa485dfb3975dbd28e1e72 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,4 +1,4 @@ -%define anolis_release 13 +%define anolis_release 14 %global _lto_cflags %{nil} %undefine _hardened_build @@ -506,6 +506,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Mon Jul 07 2025 wenxin - 2.12-14 +- Add patch to Fix CVE-2024-56738 + * Thu Jun 5 2025 Xue Liu - 2.12-13 - Disable vector instructions for loongarch