.edk2.metadata

@@ -1,2 +0,0 @@
-ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
-85388ae6525650667302c6b553894430197d9e0d SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz

.gitignore

@@ -1,2 +1,6 @@
+SOURCES/RedHatSecureBootPkKek1.pem
 SOURCES/edk2-bb1bba3d77.tar.xz
-SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
+SOURCES/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+/edk2-bb1bba3d77.tar.xz
+/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz

edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch

@@ -0,0 +1,63 @@
+From 30da4837584643c637eea751dbb01e0718fa764d Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Mon, 21 Oct 2024 14:45:37 -0400
+Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 96: MdePkg: Fix overflow issue in BasePeCoffLib
+RH-Jira: RHEL-60830
+RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
+RH-Commit: [1/1] 5406406ac2711215ec2bd3d9c1a2e6bb268dda38 (jmaloy/jons_fork)
+
+JIRA: https://issues.redhat.com/browse/RHEL-60830
+CVE: CVE-2024-38796
+Upstream: Merged
+
+commit c95233b8525ca6828921affd1496146cff262e65
+Author: Doug Flick <dougflick@microsoft.com>
+Date:   Fri Sep 27 12:08:55 2024 -0700
+
+    MdePkg: Fix overflow issue in BasePeCoffLib
+
+    The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
+    also a UINT32 value. The current code does not check for overflow when
+    adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
+    check to ensure that the addition does not overflow.
+
+    Signed-off-by: Doug Flick <dougflick@microsoft.com>
+    Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+index 1102833b94..6b1ccc7217 100644
+--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+@@ -991,13 +991,14 @@ PeCoffLoaderRelocateImage (
+     RelocDir = &Hdr.Te->DataDirectory[0];
+   }
+ 
+-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+-    RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
+-    RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
+-                                                                            RelocDir->VirtualAddress + RelocDir->Size - 1,
+-                                                                            TeStrippedOffset
+-                                                                            );
+-    if (RelocBase == NULL || RelocBaseEnd == NULL || (UINTN) RelocBaseEnd < (UINTN) RelocBase) {
++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
++    RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
++    RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
++                                                  ImageContext,
++                                                  RelocDir->VirtualAddress + RelocDir->Size - 1,
++                                                  TeStrippedOffset
++                                                  );
++    if ((RelocBase == NULL) || (RelocBaseEnd == NULL) || ((UINTN)RelocBaseEnd < (UINTN)RelocBase)) {
+       ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+       return RETURN_LOAD_ERROR;
+     }
+-- 
+2.45.2
+