From f372cfc7301b681531e52775aef9dde34a7b3403 Mon Sep 17 00:00:00 2001
From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Date: Mon, 7 Apr 2025 09:43:28 +0000
Subject: [PATCH] fix CVE-2024-56738

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
(cherry picked from commit aab76ae0eaebd92ac60f8c9f9b07728734b40bfb)
---
 backport-fix-CVE-2024-56738.patch | 42 +++++++++++++++++++++++++++++++
 grub.patches                      |  1 +
 grub2.spec                        |  8 +++++-
 3 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2024-56738.patch

diff --git a/backport-fix-CVE-2024-56738.patch b/backport-fix-CVE-2024-56738.patch
new file mode 100644
index 0000000..6ede75f
--- /dev/null
+++ b/backport-fix-CVE-2024-56738.patch
@@ -0,0 +1,42 @@
+From 8b1b47efd667ea3450681fa0c674045980e25360 Mon Sep 17 00:00:00 2001
+From: Jonathan Bar Or <jonathanbaror@gmail.com>
+Date: Mon, 7 Apr 2025 09:36:34 +0000
+Subject: [PATCH] fix CVE-2024-56738
+
+Reference:https://savannah.gnu.org/bugs/?66603
+Conflict:NA
+
+---
+ grub-core/lib/crypto.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
+index d53ddbe..653aab7 100644
+--- a/grub-core/lib/crypto.c
++++ b/grub-core/lib/crypto.c
+@@ -440,16 +440,16 @@ grub_crypto_gcry_error (gcry_err_code_t in)
+ int
+ grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
+ {
+-  register grub_size_t counter = 0;
+-  const grub_uint8_t *pa, *pb;
++  register grub_uint8_t indicator = 0;
++  const grub_uint8_t *pa = a, *pb = b;
++  grub_size_t i;
+ 
+-  for (pa = a, pb = b; n; pa++, pb++, n--)
++  for (i = 0; i < n; i++)
+     {
+-      if (*pa != *pb)
+-	counter++;
++	indicator |= (pa[i] ^ pb[i]);
+     }
+ 
+-  return !!counter;
++  return !!indicator;
+ }
+ 
+ #ifndef GRUB_UTIL
+-- 
+2.33.0
+
diff --git a/grub.patches b/grub.patches
index 5fd2f6a..ea89ae3 100644
--- a/grub.patches
+++ b/grub.patches
@@ -324,3 +324,4 @@ Patch324:       sw64-Add-Linux-load-logic.patch
 Patch325:       sw64-Add-awareness-for-SW64-reloations.patch
 Patch326:       sw64-Add-auxiliary-files.patch
 Patch327:       sw64-Add-to-build-system.patch
+Patch328:       backport-fix-CVE-2024-56738.patch
diff --git a/grub2.spec b/grub2.spec
index adfd56e..cfa9cce 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -22,7 +22,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	38
+Release:	39
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -464,6 +464,12 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Thu Feb 20 2025 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-39
+- Type:CVE
+- CVE:CVE-2024-56738
+- SUG:NA
+- DESC:fix CVE-2024-56738
+
 * Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-38
 - Type:requirement
 - CVE:NA
-- 
Gitee