Import OL edk2-20231122-6.0.1.el9_4.4

.edk2.metadata

@@ -1,3 +1,3 @@
 de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
 4b2ed0d355d3ef44e21a72573e17017630b6d33c SOURCES/edk2-8736b8fdca.tar.xz
-bf431935cb72db4d80c8435a0956abb25ca71185 SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
+0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

.gitignore

@@ -1,3 +1,3 @@
 SOURCES/DBXUpdate-20230509.x64.bin
 SOURCES/edk2-8736b8fdca.tar.xz
-SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
+SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

SOURCES/1000-replace-upstream-references.patch

@@ -0,0 +1,23 @@
+From a194940b0fc62054430ca36b2bcec473a56745a1 Tue 30 Apr 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 30 Apr 2024 11:58:21 -0700
+Subject: [PATCH] Replace upstream references
+
+Orabug: 36569119
+
+Signed-off-by: John McWalters <john.mcwalters@oracle.com>
+Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c b/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c
+index e978057..67d6957 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c
+@@ -311,7 +311,7 @@ int fipsinstall_main(int argc, char **argv)
+     EVP_MAC *mac = NULL;
+     CONF *conf = NULL;
+ 
+-    BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
++    BIO_printf(bio_err, "This command is not enabled in the Oracle Linux OpenSSL build, please consult Oracle Linux documentation to learn how to enable FIPS mode\n");
+     return 1;
+ 
+     if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)

SPECS/edk2.spec

@@ -5,7 +5,7 @@ ExclusiveArch: x86_64 aarch64
 %define TOOLCHAIN      GCC5
 
 %define OPENSSL_VER    3.0.7
-%define OPENSSL_HASH   db0287935122edceb91dcda8dfb53b4090734e22
+%define OPENSSL_HASH   0205b589887203b065154ddc8e8107c4ac8625a1
 
 %define DBXDATE        20230509
 
@@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    6%{?dist}.3
+Release:    6.0.1%{?dist}.4
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -51,6 +51,9 @@ Source82: edk2-build.rhel-9
 
 Source90: DBXUpdate-%{DBXDATE}.x64.bin
 
+# Oracle patch
+Source1000: 1000-replace-upstream-references.patch
+
 Patch1: 0001-ignore-build-artifacts-generated-files-session-setti.patch
 Patch2: 0002-Remove-submodules.patch
 Patch3: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@@ -409,6 +412,9 @@ cp -a -- %{SOURCE80} %{SOURCE82} .
 cp -a -- %{SOURCE90} .
 tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
 
+#Apply Oracle patches
+patch -p1 < %{SOURCE1000}
+
 # Done by %setup, but we do not use it for the auxiliary tarballs
 chmod -Rf a+rX,u+w,g-w,o-w .
 
@@ -632,6 +638,14 @@ install -m 0644 \
 
 
 %changelog
+* Wed Nov 06 2024 EL Errata <el-errata_ww@oracle.com> - 20231122-6.0.1.el9_4.4
+- Replace upstream references [Orabug:36569119]
+
+* Wed Sep 18 2024 Jon Maloy <jmaloy@redhat.com> - 20231122-6.el9_4.4
+- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55337]
+- Resolves: RHEL-55337
+  (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.4.z])
+
 * Tue Aug 20 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.3
 - edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-46976]
 - edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch [RHEL-54188]