* Mon Feb 13 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20221207gitfff6d81270b5-6

- edk2-update-build-script-rhel-only.patch [bz#2168046]
- edk2-update-build-config-rhel-only.patch [bz#2168046]
- edk2-add-release-date-to-builds-rh-only.patch [bz#2168046]
- edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
- Resolves: bz#2168046
  ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022)
- Resolves: bz#2164534
  (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9])
- Resolves: bz#2164550
  (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9])
- Resolves: bz#2164565
  (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9])
- Resolves: bz#2164583
  (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9])

.gitignore

@@ -8,3 +8,4 @@
 /openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
 /openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
 /openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz

edk2-build.py

@@ -9,6 +9,7 @@ import configparser
 
 rebase_prefix    = ""
 version_override = None
+release_date     = None
 
 def check_rebase():
     """ detect 'git rebase -x edk2-build.py master' testbuilds """
@@ -25,7 +26,7 @@ def check_rebase():
         head = f.read().strip().split('/')
 
     rebase_prefix = f'[ {int(msgnum/2)} / {int(end/2)} - {head[-1]} ] '
-    if msgnum != end:
+    if msgnum != end and not version_override:
         # fixed version speeds up builds
         version_override = "test-build-patch-series"
 
@@ -51,13 +52,8 @@ def get_version(cfg):
         return version
     if os.path.exists(coredir + '/.git'):
         cmdline = [ 'git', 'describe', '--tags', '--abbrev=8', '--match=edk2-stable*' ]
-        result = subprocess.run(cmdline, capture_output = True, cwd = coredir)
+        result = subprocess.run(cmdline, stdout = subprocess.PIPE, cwd = coredir)
         version = result.stdout.decode().strip()
-        #cmdline = [ 'git', 'branch', '--show-current']
-        #result = subprocess.run(cmdline, capture_output = True, cwd = coredir)
-        #branch = result.stdout.decode().strip()
-        #if branch != "master":
-        #    version += f' ({branch})'
         print('')
         print(f'### version [git]: {version}')
         return version
@@ -72,7 +68,12 @@ def pcd_version(cfg):
         return []
     return [ '--pcd', pcd_string('PcdFirmwareVersionString', version) ]
 
-def build_message(line):
+def pcd_release_date(cfg):
+    if release_date is None:
+        return []
+    return [ '--pcd', pcd_string('PcdFirmwareReleaseDateString', release_date) ]
+
+def build_message(line, line2 = None):
     if os.environ.get('TERM') in [ 'xterm', 'xterm-256color' ]:
         # setxterm  title
         start  = '\x1b]2;'
@@ -82,11 +83,32 @@ def build_message(line):
     print('')
     print('###')
     print(f'### {rebase_prefix}{line}')
+    if line2:
+        print(f'### {line2}')
     print('###')
 
-def build_run(cmdline, name):
+def build_run(cmdline, name, section, silent = False):
     print(cmdline)
-    result = subprocess.run(cmdline)
+    if silent:
+        print('### building in silent mode ...', flush = True)
+        result = subprocess.run(cmdline,
+                                stdout = subprocess.PIPE,
+                                stderr = subprocess.STDOUT)
+
+        logfile = f'{section}.log'
+        print(f'### writing log to {logfile} ...')
+        with open(logfile, 'wb') as f:
+            f.write(result.stdout)
+
+        if result.returncode:
+            print('### BUILD FAILURE')
+            print('### output')
+            print(result.stdout.decode())
+            print(f'### exit code: {result.returncode}')
+        else:
+            print('### OK')
+    else:
+        result = subprocess.run(cmdline)
     if result.returncode:
         print(f'ERROR: {cmdline[0]} exited with {result.returncode} while building {name}')
         sys.exit(result.returncode)
@@ -101,9 +123,10 @@ def build_copy(plat, tgt, dstdir, copy):
         dstfile = os.path.basename(srcfile)
     print(f'# copy: {srcdir} / {srcfile}  =>  {dstdir} / {dstfile}')
 
-    os.makedirs(dstdir, exist_ok = True)
+    src = srcdir + '/' + srcfile
-    shutil.copy(srcdir + '/' + srcfile,
+    dst = dstdir + '/' + dstfile
-                dstdir + '/' + dstfile)
+    os.makedirs(os.path.dirname(dst), exist_ok = True)
+    shutil.copy(src, dst)
 
 def pad_file(dstdir, pad):
     args = pad.split()
@@ -119,7 +142,7 @@ def pad_file(dstdir, pad):
     print(f'# padding: {dstdir} / {name}  =>  {size}')
     subprocess.run(cmdline)
 
-def build_one(cfg, build, jobs = None):
+def build_one(cfg, build, jobs = None, silent = False):
     cmdline  = [ 'build' ]
     cmdline += [ '-t', 'GCC5' ]
     cmdline += [ '-p', cfg[build]['conf'] ]
@@ -127,6 +150,7 @@ def build_one(cfg, build, jobs = None):
     if (cfg[build]['conf'].startswith('OvmfPkg/') or
         cfg[build]['conf'].startswith('ArmVirtPkg/')):
         cmdline += pcd_version(cfg)
+        cmdline += pcd_release_date(cfg)
 
     if jobs:
         cmdline += [ '-n', jobs ]
@@ -136,15 +160,26 @@ def build_one(cfg, build, jobs = None):
         for name in cfg[build]['opts'].split():
             section = 'opts.' + name
             for opt in cfg[section]:
-                cmdline += [ '-D', opt.upper() + '=' + cfg[section][opt] ]
+                cmdline += [ '-D', opt + '=' + cfg[section][opt] ]
+    if 'pcds' in cfg[build]:
+        for name in cfg[build]['pcds'].split():
+            section = 'pcds.' + name
+            for pcd in cfg[section]:
+                cmdline += [ '--pcd', pcd + '=' + cfg[section][pcd] ]
     if 'tgts' in cfg[build]:
         tgts = cfg[build]['tgts'].split()
     else:
         tgts = [ 'DEBUG' ]
     for tgt in tgts:
-        build_message(f'building: {cfg[build]["conf"]} ({cfg[build]["arch"]}, {tgt})')
+        desc = None
+        if 'desc' in cfg[build]:
+            desc = cfg[build]['desc']
+        build_message(f'building: {cfg[build]["conf"]} ({cfg[build]["arch"]}, {tgt})',
+                      f'description: {desc}')
         build_run(cmdline + [ '-b', tgt ],
-                  cfg[build]['conf'])
+                  cfg[build]['conf'],
+                  build + '.' + tgt,
+                  silent)
 
         if 'plat' in cfg[build]:
             # copy files
@@ -162,11 +197,11 @@ def build_one(cfg, build, jobs = None):
                 pad_file(cfg[build]['dest'],
                          cfg[build][pad])
 
-def build_basetools():
+def build_basetools(silent = False):
     build_message(f'building: BaseTools')
     basedir = os.environ['EDK_TOOLS_PATH']
     cmdline = [ 'make', '-C', basedir ]
-    build_run(cmdline, 'BaseTools')
+    build_run(cmdline, 'BaseTools', 'build.basetools', silent)
 
 def binary_exists(name):
     for dir in os.environ['PATH'].split(':'):
@@ -184,12 +219,12 @@ def prepare_env(cfg):
         'BaseTools/BinWrappers/PosixLike'
     ]
 
-    coredir = get_coredir(cfg)
-    if coredir != workspace:
-        packages.append(coredir)
     if cfg.has_option('global', 'pkgs'):
         for pkgdir in cfg['global']['pkgs'].split():
             packages.append(os.path.abspath(pkgdir))
+    coredir = get_coredir(cfg)
+    if coredir != workspace:
+        packages.append(coredir)
 
     # add basetools to path
     for dir in dirs:
@@ -203,8 +238,9 @@ def prepare_env(cfg):
     # run edksetup if needed
     toolsdef = coredir + '/Conf/tools_def.txt';
     if not os.path.exists(toolsdef):
-        build_message('running edksetup')
+        os.makedirs(os.path.dirname(toolsdef), exist_ok = True)
-        cmdline = [ 'sh', 'edksetup.sh' ]
+        build_message('running BaseTools/BuildEnv')
+        cmdline = [ 'sh', 'BaseTools/BuildEnv' ]
         subprocess.run(cmdline, cwd = coredir)
 
     # set variables
@@ -214,15 +250,19 @@ def prepare_env(cfg):
     os.environ['EDK_TOOLS_PATH'] = coredir + '/BaseTools'
     os.environ['CONF_PATH'] = coredir + '/Conf'
     os.environ['PYTHON_COMMAND'] = '/usr/bin/python3'
+    os.environ['PYTHONHASHSEED'] = '1'
 
     # for cross builds
     if binary_exists('arm-linux-gnu-gcc'):
         os.environ['GCC5_ARM_PREFIX'] = 'arm-linux-gnu-'
     if binary_exists('aarch64-linux-gnu-gcc'):
         os.environ['GCC5_AARCH64_PREFIX'] = 'aarch64-linux-gnu-'
+    if binary_exists('riscv64-linux-gnu-gcc'):
+        os.environ['GCC5_RISCV64_PREFIX'] = 'riscv64-linux-gnu-'
     if binary_exists('x86_64-linux-gnu-gcc'):
         os.environ['GCC5_IA32_PREFIX'] = 'x86_64-linux-gnu-'
         os.environ['GCC5_X64_PREFIX'] = 'x86_64-linux-gnu-'
+        os.environ['GCC5_BIN'] = 'x86_64-linux-gnu-'
 
 def build_list(cfg):
     for build in cfg.sections():
@@ -238,14 +278,22 @@ def main():
     parser = optparse.OptionParser()
     parser.add_option('-c', '--config', dest = 'configfile',
                       type = 'string', default = '.edk2.builds')
+    parser.add_option('-C', '--directory', dest = 'directory', type = 'string')
     parser.add_option('-j', '--jobs', dest = 'jobs', type = 'string')
     parser.add_option('-m', '--match', dest = 'match', type = 'string')
-    parser.add_option('-l', '--list', dest = 'list', action = 'store_true')
+    parser.add_option('-l', '--list', dest = 'list', action = 'store_true', default = False)
+    parser.add_option('--silent', dest = 'silent', action = 'store_true', default = False)
     parser.add_option('--core', dest = 'core', type = 'string')
+    parser.add_option('--pkg', '--package', dest = 'pkgs', type = 'string', action = 'append')
     parser.add_option('--version-override', dest = 'version_override', type = 'string')
+    parser.add_option('--release-date', dest = 'release_date', type = 'string')
     (options, args) = parser.parse_args()
 
+    if options.directory:
+        os.chdir(options.directory)
+
     cfg = configparser.ConfigParser()
+    cfg.optionxform = str
     cfg.read(options.configfile)
 
     if options.list:
@@ -256,21 +304,26 @@ def main():
         cfg.add_section('global')
     if options.core:
         cfg.set('global', 'core', options.core)
+    if options.pkgs:
+        cfg.set('global', 'pkgs', ' '.join(options.pkgs))
 
     global version_override
+    global release_date
     check_rebase()
     if options.version_override:
         version_override = options.version_override
+    if options.release_date:
+        release_date = options.release_date
 
     prepare_env(cfg)
-    build_basetools()
+    build_basetools(options.silent)
     for build in cfg.sections():
         if not build.startswith('build.'):
             continue
         if options.match and options.match not in build:
             print(f'# skipping "{build}" (not matching "{options.match}")')
             continue
-        build_one(cfg, build, options.jobs)
+        build_one(cfg, build, options.jobs, options.silent)
 
 if __name__ == '__main__':
     sys.exit(main())

edk2-build.rhel-9

@@ -8,6 +8,7 @@ NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
 TPM2_ENABLE              = TRUE
 TPM2_CONFIG_ENABLE       = TRUE
 TPM1_ENABLE              = FALSE
+CAVIUM_ERRATUM_27456     = TRUE
 
 [opts.ovmf.4m]
 FD_SIZE_4MB              = TRUE
@@ -34,7 +35,8 @@ DEBUG_PRINT_ERROR_LEVEL  = 0x80000000
 desc = ovmf build (64-bit, 4MB)
 conf = OvmfPkg/OvmfPkgX64.dsc
 arch = X64
-opts = ovmf.common ovmf.4m
+opts = ovmf.common
+       ovmf.4m
 plat = OvmfX64
 dest = RHEL-9/ovmf
 cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd
@@ -45,7 +47,9 @@ cpy3 = X64/Shell.efi
 desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot)
 conf = OvmfPkg/OvmfPkgIa32X64.dsc
 arch = IA32 X64
-opts = ovmf.common ovmf.4m ovmf.sb.smm
+opts = ovmf.common
+       ovmf.4m
+       ovmf.sb.smm
 plat = Ovmf3264
 dest = RHEL-9/ovmf
 cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
@@ -59,7 +63,8 @@ cpy2 = X64/EnrollDefaultKeys.efi
 desc = ovmf build for AmdSev (4MB)
 conf = OvmfPkg/AmdSev/AmdSevX64.dsc
 arch = X64
-opts = ovmf.common ovmf.4m
+opts = ovmf.common
+       ovmf.4m
 plat = AmdSev
 dest = RHEL-9/ovmf
 cpy1 = FV/OVMF.fd OVMF.amdsev.fd
@@ -68,7 +73,8 @@ cpy1 = FV/OVMF.fd OVMF.amdsev.fd
 desc = ovmf build for IntelTdx (4MB)
 conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc
 arch = X64
-opts = ovmf.common ovmf.4m
+opts = ovmf.common
+       ovmf.4m
 plat = IntelTdx
 dest = RHEL-9/ovmf
 cpy1 = FV/OVMF.fd OVMF.inteltdx.fd
@@ -81,7 +87,8 @@ cpy1 = FV/OVMF.fd OVMF.inteltdx.fd
 desc = ArmVirt build for qemu, 64-bit (arm v8), verbose
 conf = ArmVirtPkg/ArmVirtQemu.dsc
 arch = AARCH64
-opts = ovmf.common armvirt.verbose
+opts = ovmf.common
+       armvirt.verbose
 plat = ArmVirtQemu-AARCH64
 dest = RHEL-9/aarch64
 cpy1 = FV/QEMU_EFI.fd
@@ -95,7 +102,8 @@ pad4 = vars-template-pflash.raw 64m
 desc = ArmVirt build for qemu, 64-bit (arm v8), silent
 conf = ArmVirtPkg/ArmVirtQemu.dsc
 arch = AARCH64
-opts = ovmf.common armvirt.silent
+opts = ovmf.common
+       armvirt.silent
 plat = ArmVirtQemu-AARCH64
 dest = RHEL-9/aarch64
 cpy1 = FV/QEMU_EFI.fd  QEMU_EFI.silent.fd

edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch

@@ -0,0 +1,42 @@
+From dca1a100d14056865c7360d80a2a1d1ae4b0de96 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 10 Feb 2023 10:49:44 +0100
+Subject: [PATCH 5/5] rh openssl: add crypto/bn/rsa_sup_mul.c to file list
+
+RH-Author: Gerd Hoffmann <kraxel@redhat.com>
+RH-MergeRequest: 27: openssl update
+RH-Bugzilla: 2164534 2164550 2164565 2164583
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/2] a097fc031b54208e9c8974173784e4c306dbf7a0 (kraxel/centos-edk2)
+---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 1 +
+ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index e446b51e66..7e78255467 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -576,6 +576,7 @@
+   $(OPENSSL_PATH)/ssl/statem/statem_local.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index c207dc8f4c..1c551cb099 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -526,6 +526,7 @@
+   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+-- 
+2.31.1
+

edk2.spec

@@ -16,7 +16,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    5%{?dist}
+Release:    6%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
@@ -27,7 +27,7 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0:edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
 
 # json description files
 Source10: 50-edk2-aarch64.json
@@ -79,6 +79,11 @@ Patch35: edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch
 Patch36: edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch
 # For bz#2157656 - [edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares
 Patch37: edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch
+# For bz#2164534 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9]
+# For bz#2164550 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9]
+# For bz#2164565 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9]
+# For bz#2164583 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9]
+Patch38: edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
 
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -225,11 +230,12 @@ build_iso() {
 
 export EXTRA_OPTFLAGS="%{optflags}"
 export EXTRA_LDFLAGS="%{__global_ldflags}"
+export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')"
 
 touch OvmfPkg/AmdSev/Grub/grub.efi   # dummy
 
 %if %{build_ovmf}
-./edk2-build.py --config edk2-build.rhel-9 -m ovmf
+./edk2-build.py --config edk2-build.rhel-9 -m ovmf --release-date "$RELEASE_DATE"
 build_iso RHEL-9/ovmf
 virt-fw-vars --input   RHEL-9/ovmf/OVMF_VARS.fd \
              --output  RHEL-9/ovmf/OVMF_VARS.secboot.fd \
@@ -237,7 +243,7 @@ virt-fw-vars --input   RHEL-9/ovmf/OVMF_VARS.fd \
 %endif
 
 %if %{build_aarch64}
-./edk2-build.py --config edk2-build.rhel-9 -m armvirt
+./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
 %endif
 
 %install
@@ -383,6 +389,23 @@ install -m 0644 \
 
 
 %changelog
+* Mon Feb 13 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20221207gitfff6d81270b5-6
+- edk2-update-build-script-rhel-only.patch [bz#2168046]
+- edk2-update-build-config-rhel-only.patch [bz#2168046]
+- edk2-add-release-date-to-builds-rh-only.patch [bz#2168046]
+- edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
+- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
+- Resolves: bz#2168046
+  ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022)
+- Resolves: bz#2164534
+  (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9])
+- Resolves: bz#2164550
+  (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9])
+- Resolves: bz#2164565
+  (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9])
+- Resolves: bz#2164583
+  (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9])
+
 * Mon Feb 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20221207gitfff6d81270b5-5
 - edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656]
 - Resolves: bz#2157656

sources

@@ -1,2 +1,2 @@
 SHA512 (edk2-fff6d81270b5.tar.xz) = 3b215ae200c6be355aa937ef933cc636867416a24e159a83852d7972b7b70f712df3773c429ed5ac5cc6e300fd6f733d6a5bc1b54a06fc0bc3f98ea14d7cb068
-SHA512 (openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz) = 8260c5faa963d0fc35ff9b17cacbbe7f7c1251f5b9243d63814313c230f6e0141b92e7a65d5adf5199795779261f738c26b9e93bfc007e96ee207b9a7ec6bea3
+SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a