From 28bb39e83ad2bb5be7fd77856fb6880d482d49ba Mon Sep 17 00:00:00 2001 From: anolis-bot Date: Tue, 16 May 2023 20:46:24 +0800 Subject: [PATCH] update to edk2-20220126gitbb1bba3d77-4.el8 Signed-off-by: anolis-bot --- download | 2 +- ...crypto-bn-rsa_sup_mul.c-to-file-list.patch | 42 +++++++++++++++++++ edk2.spec | 21 +++++++++- 3 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch diff --git a/download b/download index f44a45f..47caf93 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ cab67318629b34c331bf8ec6436203f4 edk2-bb1bba3d77.tar.xz -333f2a7a683c6c70d14782ca996fe0f6 openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz +c55f8ad4ab029b5d187cc3c20dfe12f0 openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz diff --git a/edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch b/edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch new file mode 100644 index 0000000..f0ee17f --- /dev/null +++ b/edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch @@ -0,0 +1,42 @@ +From ec7ff1612b2f5b0075545dc705b7c2610ec83748 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 10 Feb 2023 11:43:06 +0100 +Subject: [PATCH 2/2] rh openssl: add crypto/bn/rsa_sup_mul.c to file list + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 21: openssl update +RH-Bugzilla: 2164531 2164543 2164558 2164581 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/2] 61acf48e337f04b34c4f309241775b204ae2e54f (kraxel/rhel-edk-2) +--- + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 + + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index 19913a4ac6..4eaa8a756d 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -571,6 +571,7 @@ + $(OPENSSL_PATH)/ssl/statem/statem_local.h + # Autogenerated files list ends here + # RHEL8-specific OpenSSL file list starts here ++ $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c + $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c + $(OPENSSL_PATH)/crypto/kdf/kbkdf.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index 5057857e8d..eec4771f2c 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -520,6 +520,7 @@ + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + # Autogenerated files list ends here + # RHEL8-specific OpenSSL file list starts here ++ $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c + $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c + $(OPENSSL_PATH)/crypto/kdf/kbkdf.c +-- +2.37.3 + diff --git a/edk2.spec b/edk2.spec index 95ba556..c430c1c 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 3%{?dist} +Release: 4%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT @@ -19,7 +19,7 @@ URL: http://www.tianocore.org # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz +Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb Source5: RedHatSecureBootPkKek1.pem @@ -51,6 +51,11 @@ Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch # For bz#2112307 - Mark SEV launch secret area as reserved Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch +# For bz#2164531 - CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8] +# For bz#2164543 - CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8] +# For bz#2164558 - CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8] +# For bz#2164581 - CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8] +Patch28: edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch # python3-devel and libuuid-devel are required for building tools. @@ -495,6 +500,18 @@ true %endif %changelog +* Wed Feb 15 2023 Jon Maloy - 20220126gitbb1bba3d77-4 +- edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] +- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581] +- Resolves: bz#2164531 + (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8]) +- Resolves: bz#2164543 + (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8]) +- Resolves: bz#2164558 + (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8]) +- Resolves: bz#2164581 + (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8]) + * Tue Aug 02 2022 Camilla Conte - 20220126gitbb1bba3d77-3 - Bumping OpenSSL version [bz# 2074834] - Resolves: bz# 2074834 -- Gitee