StarlingX

  1. Bug #2020730
  2. Comment #2

Comment 2 for bug 2020730

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/c/starlingx/integ/+/885008
Committed: https://opendev.org/starlingx/integ/commit/d10d6fb1870c09bebb2a39e644c0edcbc26999b3
Submitter: "Zuul (22348)"
Branch: master

commit d10d6fb1870c09bebb2a39e644c0edcbc26999b3
Author: Li Zhou <email address hidden>
Date: Tue May 30 16:49:58 2023 +0800

    grub2/grub-efi: fix CVE-2022-2601/CVE-2022-3775

    Porting patches from grub2_2.06-3~deb11u4 to fix
    CVE-2022-2601/CVE-2022-3775.

    The source code of grub2_2.06-3~deb11u4 is from:
    https://snapshot.debian.org/archive/debian/20221124T030451Z/
    pool/main/g/grub2/grub2_2.06-3~deb11u4.debian.tar.xz

    Refer to above source code and this link for the fix:
    https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html

    The 1st patch in the list is for making proper context for the 14
    patches of the 2 CVEs. No content changes for all the patches from
    debian release.

    We do this because grub2/grub-efi is ported from wrlinux for
    secure boot bringing up.

    Test plan:
     - PASS: build grub2/grub-efi.
     - PASS: build-image and install and boot up on lab/qemu.
     - PASS: check that the "stx.N" version number is right for both
             bios(grub2 ver) and uefi(grub-efi ver) boot.

    Closes-bug: 2020730

    Signed-off-by: Li Zhou <email address hidden>
    Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7