(https://bugzilla.tianocore.org/show_bug.cgi?id=927)
(V2 Update:
Removing the wrong "--remote" option from git submodule update
command in this commit message. Thanks Leszlo's clarification
to correct this)
Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the
fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1
structures can cause a stack overflow and resulting denial of service,
Refer to https://www.openssl.org/news/secadv/20180327.txt for more
information).
Please note "git pull" will not update the submodule repository.
use the following commend to make your existing submodule track this
update:
$ git submodule update -–recursive
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
---
CryptoPkg/Library/OpensslLib/openssl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index b2758a2292..d4e4bd2a81 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650
+Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7
--
2.16.1.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 04/12/18 05:08, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > (V2 Update: > Removing the wrong "--remote" option from git submodule update > command in this commit message. Thanks Leszlo's clarification > to correct this) (1) "Laszlo", not "Leszlo" :) > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: > $ git submodule update -–recursive (2) OK, so this is a tricky one. The "--recursive" option starts with two hyphen characters (ASCII 0x2D). However, the string above starts with a hyphen (ASCII 0x2D) and then a unicode EN DASH codepoint (U+2013). Please replace it with a normal hyphen. More below: > > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ye Ting <ting.ye@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.long@intel.com> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > With the commit msg updates: Reviewed-by: Laszlo Ersek <lersek@redhat.com> I also tested this patch, with an off-disk Secure Boot, and an HTTPS boot. Both worked fine. Tested-by: Laszlo Ersek <lersek@redhat.com> Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Thanks, Laszlo! Pushed these two fixes with updates by the commits: a701ea0fe1d5178eb4fd2659d83461751cb9e7c9 b85b20fba42e25ff658ed1a470250d530c189027 Best Regards & Thanks, LONG, Qin From: Laszlo Ersek [mailto:lersek@redhat.com] Sent: Saturday, April 14, 2018 4:08 AM To: Long, Qin <qin.long@intel.com>; Ye, Ting <ting.ye@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h On 04/12/18 05:08, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > (V2 Update: > Removing the wrong "--remote" option from git submodule update > command in this commit message. Thanks Leszlo's clarification > to correct this) (1) "Laszlo", not "Leszlo" :) Apology!. ☺ > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: > $ git submodule update -–recursive (2) OK, so this is a tricky one. The "--recursive" option starts with two hyphen characters (ASCII 0x2D). However, the string above starts with a hyphen (ASCII 0x2D) and then a unicode EN DASH codepoint (U+2013). Please replace it with a normal hyphen. More below: > > Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>> > Cc: Ye Ting <ting.ye@intel.com<mailto:ting.ye@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.long@intel.com<mailto:qin.long@intel.com>> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > With the commit msg updates: Reviewed-by: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>> I also tested this patch, with an off-disk Secure Boot, and an HTTPS boot. Both worked fine. Tested-by: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>> Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.