lakitu: Uprev grub to pick up security fixes
The addressed CVEs are:
- CVE-2020-14308
- CVE-2020-14311
- CVE-2020-15705
In order to compile grub with the new changes, we needed to switch to
clang. I made the necessary ebuild changes for this to happen. I'm not
worried about clang introducing regressions, since our usage of grub is
pretty predictable. I think our tests are pretty comprehensive for our
relatively simple grub use case.
BUG=b/162782466,b/137884271
TEST=tryjob,shielded_vm_test
RELEASE_NOTE=Backported fixes for CVE-2020-14308, CVE-2020-14311,
and CVE-2020-15705 in grub.
Change-Id: I3f742f8d5503a1bfa6ba10debdb2231a702d3969
2 files changed