* Mon Nov 17 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-8

- edk2-openssl-flatten-contents-of-openssl-tarball.patch [RHEL-115922] - edk2-Bumped-openssl-submodule-to-version-3.0.7-29.1.patch [RHEL-115922] - Resolves: RHEL-115922 (CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-9.8])
2025-11-17 20:45:50 -05:00 · 2025-11-17 20:45:50 -05:00 · ec623498fa
commit ec623498fa
parent 61ee16bc63
3 changed files with 10 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,3 +18,4 @@
 /openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
 /DBXUpdate-20250610.x64.bin
 /DBXUpdate-20251016.x64.bin
+/openssl-rhel-4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19.tar.xz
--- a/edk2.spec
+++ b/edk2.spec
@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64
 %define TOOLCHAIN      GCC

 %define OPENSSL_VER    3.0.7
-%define OPENSSL_HASH   0205b589887203b065154ddc8e8107c4ac8625a1
+%define OPENSSL_HASH   4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19

 %define DBXDATE        20251016

@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}
-Release:    7%{?dist}
+Release:    8%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@ -444,6 +444,12 @@ install -m 0644 \


 %changelog
+* Mon Nov 17 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-8
+- edk2-openssl-flatten-contents-of-openssl-tarball.patch [RHEL-115922]
+- edk2-Bumped-openssl-submodule-to-version-3.0.7-29.1.patch [RHEL-115922]
+- Resolves: RHEL-115922
+  (CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-9.8])
+
 * Mon Nov 17 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-7
 - edk2-make-dbxupdate.sh-get-version-tag-add-to-commit-mess.patch [RHEL-126100]
 - edk2-update-dbx-to-20251016-v1.6.1.patch [RHEL-126100]
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 SHA512 (DBXUpdate-20251016.x64.bin) = 0452d2c302f702eeb2d549fd5ac4b3c3623172de9559a881bc92875590f3c5b65e301b880f5f76786e22b1af145b2aa6e58c74fef00a279950f3d6641aef484e
 SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb
 SHA512 (edk2-0f3867fa6ef0.tar.xz) = 256280ea6f777d1c0f6b803ec791b28955d6568128f303bbf1447f512dc808c5a72f1e8074d9cebb89605c330569fcdcf2d5fdf5611bf3c442c72c67a5a100e0
-SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9
+SHA512 (openssl-rhel-4000c8f49c400db3c5b4e8ccdd9af6cc3d04da19.tar.xz) = d8799124732c376b1712d571fd41b959d68888205ee31f62cc0aec5af30906346db0bd37fa4e418e5594eda4c03db2d0c4d127b469e946a15de330865b0ac5d2