import edk2-20220126gitbb1bba3d77-4.el8

This commit is contained in:
CentOS Sources 2023-03-28 13:35:26 +00:00 committed by root
parent 9d13c29e10
commit 03568541f8
5 changed files with 65 additions and 26 deletions

View File

@ -1,2 +1,3 @@
fdcb04021414cdd5a7e286058ca36aca359d323d SOURCES/RedHatSecureBootPkKek1.pem
ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
50747c8a7bb55619b69e95683c7c4172d52d1974 SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
df2e14a45d968b590194d82736fcbfe2be10d1b0 SOURCES/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
SOURCES/RedHatSecureBootPkKek1.pem
SOURCES/edk2-bb1bba3d77.tar.xz
SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
SOURCES/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz

View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
R+SqIs/vdWGA40O3SFdzET14m2k=
-----END CERTIFICATE-----

View File

@ -0,0 +1,42 @@
From ec7ff1612b2f5b0075545dc705b7c2610ec83748 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 10 Feb 2023 11:43:06 +0100
Subject: [PATCH 2/2] rh openssl: add crypto/bn/rsa_sup_mul.c to file list
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 21: openssl update
RH-Bugzilla: 2164531 2164543 2164558 2164581
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [2/2] 61acf48e337f04b34c4f309241775b204ae2e54f (kraxel/rhel-edk-2)
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 +
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 +
2 files changed, 2 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 19913a4ac6..4eaa8a756d 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -571,6 +571,7 @@
$(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
$(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
$(OPENSSL_PATH)/crypto/kdf/kbkdf.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 5057857e8d..eec4771f2c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -520,6 +520,7 @@
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
# Autogenerated files list ends here
# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
$(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
$(OPENSSL_PATH)/crypto/kdf/kbkdf.c
--
2.37.3

View File

@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}git%{GITCOMMIT}
Release: 3%{?dist}
Release: 4%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
Group: Applications/Emulators
License: BSD-2-Clause-Patent and OpenSSL and MIT
@ -19,7 +19,7 @@ URL: http://www.tianocore.org
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
Source3: ovmf-vars-generator
Source4: LICENSE.qosb
Source5: RedHatSecureBootPkKek1.pem
@ -51,6 +51,11 @@ Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
# For bz#2112307 - Mark SEV launch secret area as reserved
Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
# For bz#2164531 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8]
# For bz#2164543 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8]
# For bz#2164558 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8]
# For bz#2164581 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8]
Patch28: edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
# python3-devel and libuuid-devel are required for building tools.
@ -495,6 +500,18 @@ true
%endif
%changelog
* Wed Feb 15 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-4
- edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- Resolves: bz#2164531
(CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8])
- Resolves: bz#2164543
(CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8])
- Resolves: bz#2164558
(CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8])
- Resolves: bz#2164581
(CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8])
* Tue Aug 02 2022 Camilla Conte <cconte@redhat.com> - 20220126gitbb1bba3d77-3
- Bumping OpenSSL version [bz# 2074834]
- Resolves: bz# 2074834