Auto sync2gitlab import of edk2-20220126gitbb1bba3d77-4.el8.src.rpm

2023-02-18 00:19:17 +00:00 · 2023-02-18 00:19:17 +00:00 · f10b82c44a
commit f10b82c44a
parent 2c5a603e0a
4 changed files with 63 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /edk2-bb1bba3d77.tar.xz
 /openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
 /openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
--- a/edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
+++ b/edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
@ -0,0 +1,42 @@
+From ec7ff1612b2f5b0075545dc705b7c2610ec83748 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 10 Feb 2023 11:43:06 +0100
+Subject: [PATCH 2/2] rh openssl: add crypto/bn/rsa_sup_mul.c to file list
+
+RH-Author: Gerd Hoffmann <kraxel@redhat.com>
+RH-MergeRequest: 21: openssl update
+RH-Bugzilla: 2164531 2164543 2164558 2164581
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/2] 61acf48e337f04b34c4f309241775b204ae2e54f (kraxel/rhel-edk-2)
+---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 1 +
+ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index 19913a4ac6..4eaa8a756d 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -571,6 +571,7 @@
+   $(OPENSSL_PATH)/ssl/statem/statem_local.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
+  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index 5057857e8d..eec4771f2c 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -520,6 +520,7 @@
+   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
+  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+-- 
+2.37.3
+
--- a/edk2.spec
+++ b/edk2.spec
@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    3%{?dist}
+Release:    4%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@ -19,7 +19,7 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
 Source3: ovmf-vars-generator
 Source4: LICENSE.qosb
 Source5: RedHatSecureBootPkKek1.pem
@ -51,6 +51,11 @@ Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
 Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
 # For bz#2112307 - Mark SEV launch secret area as reserved
 Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
+# For bz#2164531 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8]
+# For bz#2164543 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8]
+# For bz#2164558 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8]
+# For bz#2164581 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8]
+Patch28: edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch


 # python3-devel and libuuid-devel are required for building tools.
@ -495,6 +500,18 @@ true
 %endif

 %changelog
+* Wed Feb 15 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-4
+- edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
+- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
+- Resolves: bz#2164531
+  (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8])
+- Resolves: bz#2164543
+  (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8])
+- Resolves: bz#2164558
+  (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8])
+- Resolves: bz#2164581
+  (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8])
+
 * Tue Aug 02 2022 Camilla Conte <cconte@redhat.com> - 20220126gitbb1bba3d77-3
 - Bumping OpenSSL version [bz# 2074834]
 - Resolves: bz# 2074834
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 SHA512 (edk2-bb1bba3d77.tar.xz) = 3e0deb750d3443f4a2c15a066842e35a05a6dc65ce1869c229a8328d3dba8375949ee3825e16c7fe01bd77516a6717ccbdda1d674a2a862453e5480094c49c4c
-SHA512 (openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz) = 6005e52a174788edc53dea287938546095197ea2d9c4802fae35d6c0eba563496ea25f6ae9f498e6826fca7b753e28a0b8d956f37c8289f20d681c43e6109391
+SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 4962a8d907f2913b80f72508cc688487cf0b38b1d3cd0c934f5307b236cb96d598af8e936d234de02c227795386045b5d19084a22ac447649a0f2b6c9fe753da