diff --git a/.edk2.metadata b/.edk2.metadata index bfd617a..7a94678 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,3 +1,3 @@ de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin 4b2ed0d355d3ef44e21a72573e17017630b6d33c SOURCES/edk2-8736b8fdca.tar.xz -bf431935cb72db4d80c8435a0956abb25ca71185 SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz +0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz diff --git a/.gitignore b/.gitignore index 5561c27..ececa63 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/DBXUpdate-20230509.x64.bin SOURCES/edk2-8736b8fdca.tar.xz -SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz +SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz diff --git a/SOURCES/1000-replace-upstream-references.patch b/SOURCES/1000-replace-upstream-references.patch new file mode 100644 index 0000000..b2eabcd --- /dev/null +++ b/SOURCES/1000-replace-upstream-references.patch @@ -0,0 +1,23 @@ +From a194940b0fc62054430ca36b2bcec473a56745a1 Tue 30 Apr 00:00:00 2001 +From: rpm-build +Date: Tue, 30 Apr 2024 11:58:21 -0700 +Subject: [PATCH] Replace upstream references + +Orabug: 36569119 + +Signed-off-by: John McWalters +Reviewed-by: Laurence Rochfort + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c b/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c +index e978057..67d6957 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/apps/fipsinstall.c +@@ -311,7 +311,7 @@ int fipsinstall_main(int argc, char **argv) + EVP_MAC *mac = NULL; + CONF *conf = NULL; + +- BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); ++ BIO_printf(bio_err, "This command is not enabled in the Oracle Linux OpenSSL build, please consult Oracle Linux documentation to learn how to enable FIPS mode\n"); + return 1; + + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index d48bccd..005a831 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -5,7 +5,7 @@ ExclusiveArch: x86_64 aarch64 %define TOOLCHAIN GCC5 %define OPENSSL_VER 3.0.7 -%define OPENSSL_HASH db0287935122edceb91dcda8dfb53b4090734e22 +%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1 %define DBXDATE 20230509 @@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 6%{?dist}.3 +Release: 6.0.1%{?dist}.4 Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -51,6 +51,9 @@ Source82: edk2-build.rhel-9 Source90: DBXUpdate-%{DBXDATE}.x64.bin +# Oracle patch +Source1000: 1000-replace-upstream-references.patch + Patch1: 0001-ignore-build-artifacts-generated-files-session-setti.patch Patch2: 0002-Remove-submodules.patch Patch3: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -409,6 +412,9 @@ cp -a -- %{SOURCE80} %{SOURCE82} . cp -a -- %{SOURCE90} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x +#Apply Oracle patches +patch -p1 < %{SOURCE1000} + # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . @@ -632,6 +638,14 @@ install -m 0644 \ %changelog +* Wed Nov 06 2024 EL Errata - 20231122-6.0.1.el9_4.4 +- Replace upstream references [Orabug:36569119] + +* Wed Sep 18 2024 Jon Maloy - 20231122-6.el9_4.4 +- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55337] +- Resolves: RHEL-55337 + (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.4.z]) + * Tue Aug 20 2024 Miroslav Rezanina - 20231122-6.el9_4.3 - edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-46976] - edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch [RHEL-54188]