From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9D26C742563 for ; Wed, 7 Feb 2024 14:26:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ZW+8K2SIOodyTWO7wgn24FQLaS+0wdGRg4h7vRs9BHo=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1707315986; v=1; b=JlFjVJ7kFLcgnuLUZbg+vVB5y+4I5RfayhIPZtmj0oDnlm5ca5AyIwD9l7ShAeh7m8SiIl83 HMXOP0xOE1Bb1YMrD/CmAFMktmDpos0JC2fDEzPKHywyypDeJdbugFesrLpDAn5kauVNdR6iuGk 84T/o73Ed6qDrCYH3AFPE90o= X-Received: by 127.0.0.2 with SMTP id zFEFYY7687511xlQcy5JBit4; Wed, 07 Feb 2024 06:26:26 -0800 X-Received: from zrleap.intel-email.com (zrleap.intel-email.com [114.80.218.36]) by mx.groups.io with SMTP id smtpd.web10.21633.1707315984379667112 for ; Wed, 07 Feb 2024 06:26:25 -0800 X-Received: from zrleap.intel-email.com (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 4ED27A32E097 for ; Wed, 7 Feb 2024 22:26:21 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 3D951A32E08E for ; Wed, 7 Feb 2024 22:26:21 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by zrleap.intel-email.com (Postfix) with SMTP id 3117BA32E099 for ; Wed, 7 Feb 2024 22:26:17 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([39.149.62.99]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Wed, 07 Feb 2024 22:26:15 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 39.149.62.99 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , , "'Douglas Flick [MSFT]'" , "'Saloni Kasbekar'" , "'Zachary Clark-williams'" Cc: "'Michael D Kinney'" , "'Zhiguang Liu'" , "'Laszlo Ersek'" , "'Leif Lindholm'" , "'Gerd Hoffmann'" References: <17AF5718015C1866.16460@groups.io> In-Reply-To: <17AF5718015C1866.16460@groups.io> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0g5Zue5aSNOiBbZWRrMi1zdGFibGUyMDI0MDJdW1BBVENIIHYyIDAwLzE1XSBTZWN1cml0eSBQYXRjaGVzIGZvciBFREsgSUkgTmV0d29yayBTdGFjaw==?= Date: Wed, 7 Feb 2024 22:26:17 +0800 Message-ID: <002701da59d1$9d54fac0$d7fef040$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQIDWkryk2f5YMWftjDhr80MEtzzrAIlzkv8sJu/8EA= Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 6B6Oxm27MjdbPG8XWOGUXzHYx7686176AA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=JlFjVJ7k; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi, all This patch set has passed reviewed. I create PR https://github.com/tianocore/edk2/pull/5352 to merge it for stable 202402 tag. Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: devel@edk2.groups.io =B4=FA=B1= =ED gaoliming via > groups.io > =B7=A2=CB=CD=CA=B1=BC=E4: 2024=C4=EA1=D4=C231=C8=D5 13:22 > =CA=D5=BC=FE=C8=CB: 'Douglas Flick [MSFT]' ; > devel@edk2.groups.io; 'Saloni Kasbekar' ; > 'Zachary Clark-williams' > =B3=AD=CB=CD: 'Michael D Kinney' ; 'Zhiguang = Liu' > ; 'Laszlo Ersek' ; 'Leif > Lindholm' ; 'Gerd Hoffmann' > > =D6=F7=CC=E2: [edk2-devel] =BB=D8=B8=B4: [edk2-stable202402][PATCH v2 00/= 15] Security > Patches for EDK II Network Stack >=20 > Saloni and William: > Can you help review this patch set about Security Patches for EDK II > Network Stack? This patch set plans to catch edk2-stable202402 tag. And, > edk2-stable202402 will come soon. >=20 > edk2-stable202402 tag planning > Proposed Schedule > Date (00:00:00 UTC-8) Description > 2023-11-24 Beginning of development > 2024-02-05 Soft Feature Freeze > 2024-02-09 Hard Feature Freeze > 2024-02-23 Release >=20 > Thanks > Liming > > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > > =B7=A2=BC=FE=C8=CB: Douglas Flick [MSFT] > > =B7=A2=CB=CD=CA=B1=BC=E4: 2024=C4=EA1=D4=C226=C8=D5 5:55 > > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > > =B3=AD=CB=CD: Douglas Flick [MSFT] ; Saloni Kasbek= ar > > ; Zachary Clark-williams > > ; Michael D Kinney > > ; Liming Gao ; > > Zhiguang Liu > > =D6=F7=CC=E2: [PATCH v2 00/15] Security Patches for EDK II Network Stac= k > > > > The security patches contained in this series with the exception of > > "MdePkg/Test: Add gRT_GetTime Google Test Mock" and > > "NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed > > during GHSA-hc6x-cw6p-gj7h infosec review. > > > > This patch series contains the following security patches for the > > security vulnerabilities found by QuarksLab in the EDK II Network > > Stack: > > > > CVE-2023-45229 > > CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > > CWE-125 Out-of-bounds Read > > > > CVE-2023-45230 > > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > > CWE-119 Improper Restriction of Operations within the Bounds > > of a Memory Buffer > > > > CVE-2023-45231 > > CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > > CWE-125 Out-of-bounds Read > > > > CVE-2023-45232 > > CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > > CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') > > > > CVE-2023-45233 > > CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > > CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') > > > > CVE-2023-45234 > > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > > CWE-119 Improper Restriction of Operations within the Bounds > > of a Memory Buffer > > > > CVE-2023-45235 > > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > > CWE-119 Improper Restriction of Operations within the Bounds > > of a Memory Buffer > > > > NetworkPkg: > > Cc: Saloni Kasbekar > > Cc: Zachary Clark-williams > > > > MdePkg: > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Zhiguang Liu > > > > Doug Flick (8): > > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch > > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests > > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch > > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests > > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch > > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit > Tests > > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch > > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit > Tests > > > > Douglas Flick [MSFT] (7): > > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch > > NetworkPkg: : Add Unit tests to CI and create Host Test DSC > > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests > > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch > > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests > > MdePkg: Test: Add gRT_GetTime Google Test Mock > > NetworkPkg: : Adds a SecurityFix.yaml file > > > > NetworkPkg/Test/NetworkPkgHostTest.dsc | 105 +++ > > .../GoogleTest/Dhcp6DxeGoogleTest.inf | 44 + > > .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 44 + > > .../GoogleTest/UefiPxeBcDxeGoogleTest.inf | 48 + > > .../Library/MockUefiRuntimeServicesTableLib.h | 7 + > > NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 143 +++ > > NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 78 +- > > .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h | 58 ++ > > .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 + > > NetworkPkg/Ip6Dxe/Ip6Nd.h | 35 + > > NetworkPkg/Ip6Dxe/Ip6Option.h | 71 ++ > > .../GoogleTest/PxeBcDhcp6GoogleTest.h | 68 ++ > > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 + > > NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 612 > ++++++++----- > > NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 ++++++-- > > NetworkPkg/Ip6Dxe/Ip6Option.c | 84 +- > > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 148 ++- > > .../MockUefiRuntimeServicesTableLib.cpp | 5 +- > > .../GoogleTest/Dhcp6DxeGoogleTest.cpp | 20 + > > .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 > > ++++++++++++++++++ > > .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 + > > .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 407 +++++++++ > > NetworkPkg/NetworkPkg.ci.yaml | 7 +- > > NetworkPkg/SecurityFixes.yaml | 123 +++ > > .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 574 ++++++++++++ > > .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp | 19 + > > 26 files changed, 3650 insertions(+), 339 deletions(-) > > create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc > > create mode 100644 > > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf > > create mode 100644 > NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf > > create mode 100644 > > NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf > > create mode 100644 > > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h > > create mode 100644 > > NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h > > create mode 100644 > > NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h > > create mode 100644 > > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp > > create mode 100644 > > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp > > create mode 100644 > NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp > > create mode 100644 > > NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp > > create mode 100644 NetworkPkg/SecurityFixes.yaml > > create mode 100644 > > NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp > > create mode 100644 > > NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp > > > > -- > > 2.43.0 >=20 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115236): https://edk2.groups.io/g/devel/message/115236 Mute This Topic: https://groups.io/mt/104218918/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-