From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 27 Jun 2022 10:15:29 +0530
Subject: [PATCH] CVE-2021-3981

Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
CVE: CVE-2021-3981
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 util/grub-mkconfig.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..ead94a6 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
     exit 1
   else
     # none of the children aborted with error, install the new grub.cfg
-    mv -f ${grub_cfg}.new ${grub_cfg}
+    oldumask=$(umask)
+    umask 077
+    cat ${grub_cfg}.new > ${grub_cfg}
+    umask $oldumask
+    rm -f ${grub_cfg}.new
   fi
 fi
 
-- 
2.25.1