The 1st patch in the list is for making proper context for the 14
patches of the 2 CVEs. No content changes for all the patches from
debian release.
We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.
Test plan:
- PASS: build grub2/grub-efi.
- PASS: build-image and install and boot up on lab/qemu.
- PASS: check that the "stx.N" version number is right for both bios(grub2 ver) and uefi(grub-efi ver) boot.
Closes-bug: 2020730
Signed-off-by: Li Zhou <email address hidden>
Change-Id: Ia6c58a2021a786ef92f760b3cfe035fbccedacf7
Reviewed: https:/ /review. opendev. org/c/starlingx /integ/ +/885008 /opendev. org/starlingx/ integ/commit/ d10d6fb1870c09b ebb2a39e644c0ed cbc26999b3
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit d10d6fb1870c09b ebb2a39e644c0ed cbc26999b3
Author: Li Zhou <email address hidden>
Date: Tue May 30 16:49:58 2023 +0800
grub2/grub-efi: fix CVE-2022- 2601/CVE- 2022-3775
Porting patches from grub2_2. 06-3~deb11u4 to fix 2022-2601/ CVE-2022- 3775.
CVE-
The source code of grub2_2. 06-3~deb11u4 is from: /snapshot. debian. org/archive/ debian/ 20221124T030451 Z/ main/g/ grub2/grub2_ 2.06-3~ deb11u4. debian. tar.xz
https:/
pool/
Refer to above source code and this link for the fix: /lists. gnu.org/ archive/ html/grub- devel/2022- 11/msg00059. html
https:/
The 1st patch in the list is for making proper context for the 14
patches of the 2 CVEs. No content changes for all the patches from
debian release.
We do this because grub2/grub-efi is ported from wrlinux for
secure boot bringing up.
Test plan:
bios( grub2 ver) and uefi(grub-efi ver) boot.
- PASS: build grub2/grub-efi.
- PASS: build-image and install and boot up on lab/qemu.
- PASS: check that the "stx.N" version number is right for both
Closes-bug: 2020730
Signed-off-by: Li Zhou <email address hidden> ef92f760b3cfe03 5fbccedacf7
Change-Id: Ia6c58a2021a786