[Bug 1911440] Re: Build using distro minilzo
Dimitri John Ledkov
1911440 at bugs.launchpad.net
Wed Jan 20 13:23:34 UTC 2021
The above was done using bios / i386-pc.
For grub2-signed verification, I should do this all again using UEFI
with secureboot on.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1911440
Title:
Build using distro minilzo
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2-signed package in Ubuntu:
Fix Released
Status in grub2 source package in Focal:
Fix Committed
Status in grub2-signed source package in Focal:
Fix Committed
Status in grub2 source package in Groovy:
Fix Committed
Status in grub2-signed source package in Groovy:
Fix Committed
Status in grub2 source package in Hirsute:
Fix Released
Status in grub2-signed source package in Hirsute:
Fix Released
Bug description:
[Impact]
* grub2 builds freestanding libc-less minilzo library to be used by the bootloader code.
* It has a vendorized copy of it, whilst the distribution has newer copies of it.
* Specifically distribution build has FTBFS fixes for new compiler and CVE fixes, specifically https://ubuntu.com/security/cve-2014-4607
CVE-2014-4607
* Building grub with minilzo from the archive seems to be the best
way to keep minilzo up to date and secure
[Test Case]
* Check that grub can open lzo compressed files in the command line
prompt, for example by having /boot on btrfs filesystem with
compress=lzo option.
[Where problems could occur]
* Changes limited to lzo compression, so for example grub may fail to
mount / read data off btrfs filesystem with compress=lzo
[Other Info]
Fixed in:
hirsute grub2 2.04-1ubuntu37
hirsute grub2-signed 1.157
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1911440/+subscriptions
More information about the foundations-bugs
mailing list