From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118897+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id CE00C740039
	for <rebecca@openfw.io>; Wed, 15 May 2024 00:41:18 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=/Low0AA+XuIZJ4juiKMIKSaO8yNSRAne0KWGYEp9EcE=;
 c=relaxed/simple; d=groups.io;
 h=From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Language;
 s=20240206; t=1715733677; v=1;
 b=ixQBGLN81RKs7jhzbZ5jPx8Hh59AC8B8T+s+pPDOie3nGE7LwvfM3u8Wm5Ijy2tduCR/UTrp
 vxR+TfK0BG17KeVJLueejW/0ujgiA/jWwGuI0uyAVPKRKEso78Q2jR9EKVPyTANR7SbWsC4p4ka
 pvrPGprAt55zJ6uzfPZjYz/bQhLqQytUjZyXDyHKkP508+cpCDuJwOv/6XurSUiGmo2E9TmETeb
 giluvAvwqjb9QRql9+xpSTtAEwltMHZm7bVqhhEtxBMzTOn0Z4Y3aBip51QLIV98zwnwQ1Mmyjq
 Y3rnFhTRBnXqKJJH4AfWc/rL60u3cM5jyuecRQh9E51UA==
X-Received: by 127.0.0.2 with SMTP id 7FC0YY7687511xIJsu3AXekK; Tue, 14 May 2024 17:41:17 -0700
X-Received: from zrleap.intel-email.com (zrleap.intel-email.com [114.80.218.36])
 by mx.groups.io with SMTP id smtpd.web11.3466.1715733670873761064
 for <devel@edk2.groups.io>;
 Tue, 14 May 2024 17:41:11 -0700
X-Received: from zrleap.intel-email.com (localhost [127.0.0.1])
	by zrleap.intel-email.com (Postfix) with ESMTP id BE0C5A32E097
	for <devel@edk2.groups.io>; Wed, 15 May 2024 08:41:08 +0800 (CST)
X-Received: from localhost (localhost [127.0.0.1])
	by zrleap.intel-email.com (Postfix) with ESMTP id A3FE0A32E093
	for <devel@edk2.groups.io>; Wed, 15 May 2024 08:41:08 +0800 (CST)
X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242])
	by zrleap.intel-email.com (Postfix) with SMTP id F152AA32E039
	for <devel@edk2.groups.io>; Wed, 15 May 2024 08:41:05 +0800 (CST)
X-Received: from DESKTOPS6D0PVI ([58.246.60.130])
	(envelope-sender <gaoliming@byosoft.com.cn>)
	by 192.168.6.13 with ESMTP(SSL)
	for <devel@edk2.groups.io>; Wed, 15 May 2024 08:41:02 +0800
X-WM-Sender: gaoliming@byosoft.com.cn
X-Originating-IP: 58.246.60.130
X-WM-AuthFlag: YES
X-WM-AuthUser: gaoliming@byosoft.com.cn
From: "gaoliming via groups.io" <gaoliming=byosoft.com.cn@groups.io>
To: "'Doug Flick'" <dougflick@microsoft.com>,
	<devel@edk2.groups.io>
References: <012c01daa1f4$f141bb80$d3c53280$@byosoft.com.cn> <28286.1715279187867794028@groups.io>
In-Reply-To: <28286.1715279187867794028@groups.io>
Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0g5Zue5aSNOiBbZWRrMi1kZXZlbF1bZWRrMi1zdGFibGUyMDI0MDVdIFtQQVRDSCB2MiAwMC8xM10gTmV0d29ya1BrZzogQ1ZFLTIwMjMtNDUyMzYgYW5kIENWRS0yMDIzLTQ1MjM3?=
Date: Wed, 15 May 2024 08:41:04 +0800
Message-ID: <032b01daa660$91b1f0c0$b515d240$@byosoft.com.cn>
MIME-Version: 1.0
Thread-Index: AQE7OofQA4VcuaLDOv6lDr1Or3n5rQIkIN6AssUqVCA=
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Tue, 14 May 2024 17:41:11 -0700
Resent-From: gaoliming@byosoft.com.cn
Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: VxJpYlBZJJ7dIPIjaVig9NIDx7686176AA=
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_032C_01DAA6A3.9FD530C0"
Content-Language: zh-cn
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=ixQBGLN8;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

------=_NextPart_000_032C_01DAA6A3.9FD530C0
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Doug:

  Thanks for your clarification. For the changes in MdePkg and EmulatorPkg,=
 I have no comments. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

=20

Thanks

Liming

=E5=8F=91=E4=BB=B6=E4=BA=BA: Doug Flick via groups.io <dougflick=3Dmicrosof=
t.com@groups.io>=20
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B45=E6=9C=8810=E6=97=A5 2:=
26
=E6=94=B6=E4=BB=B6=E4=BA=BA: gaoliming <gaoliming@byosoft.com.cn>; devel@ed=
k2.groups.io
=E4=B8=BB=E9=A2=98: Re: [edk2-devel] =E5=9B=9E=E5=A4=8D: [edk2-devel][edk2-=
stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-4523=
7

=20

>From the two CVE patches there should be no functional differences to a pla=
tform assuming the platform provides them with a RNG implementation and HAS=
H2 implementation.

The "NetworkPkg:: SECURITY PATCH CVE-2023-45237" change simply get's it's r=
andom numbers from outside of the NetworkPkg and makes it a platform decisi=
on. The "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236" changes how the=
 TCP Isn number is generated and puts the platform in compliance with the r=
elevant specification.

There is a functional change with "SecurityPkg: RngDxe: Remove incorrect li=
mitation on GetRng" as this will now allow a caller to call less than 32 by=
tes.

The other changes are unit tests and platform integration changes.



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118897): https://edk2.groups.io/g/devel/message/118897
Mute This Topic: https://groups.io/mt/106106240/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-



------=_NextPart_000_032C_01DAA6A3.9FD530C0
Content-Type: text/html;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dutf-8"><meta name=3DGenerator content=3D"Microsoft=
 Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:=E5=AE=8B=E4=BD=93;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:=E7=AD=89=E7=BA=BF;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"\@=E7=AD=89=E7=BA=BF";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"\@=E5=AE=8B=E4=BD=93";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:12.0pt;
	font-family:=E5=AE=8B=E4=BD=93;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:=E7=AD=89=E7=BA=BF;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-ligatures:none;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DZH-CN link=3D"#0563C1=
" vlink=3D"#954F72" style=3D'word-wrap:break-word'><div class=3DWordSection=
1><p class=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt;font-fa=
mily:=E7=AD=89=E7=BA=BF'>Doug:<o:p></o:p></span></p><p class=3DMsoNormal><s=
pan lang=3DEN-US style=3D'font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF'>=
=C2=A0 Thanks for your clarification. For the changes in MdePkg and Emulato=
rPkg, I have no comments. Reviewed-by: Liming Gao &lt;gaoliming@byosoft.com=
.cn&gt;<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US style=
=3D'font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF'><o:p>&nbsp;</o:p></spa=
n></p><p class=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt;fon=
t-family:=E7=AD=89=E7=BA=BF'>Thanks<o:p></o:p></span></p><p class=3DMsoNorm=
al><span lang=3DEN-US style=3D'font-size:10.5pt;font-family:=E7=AD=89=E7=BA=
=BF'>Liming<o:p></o:p></span></p><div style=3D'border:none;border-left:soli=
d blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style=3D'border:none;bord=
er-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNormal>=
<b><span style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'>=E5=8F=
=91=E4=BB=B6=E4=BA=BA<span lang=3DEN-US>:</span></span></b><span lang=3DEN-=
US style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'> Doug Flick vi=
a groups.io &lt;dougflick=3Dmicrosoft.com@groups.io&gt; <br></span><b><span=
 style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'>=E5=8F=91=E9=80=
=81=E6=97=B6=E9=97=B4<span lang=3DEN-US>:</span></span></b><span lang=3DEN-=
US style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'> 2024</span><s=
pan style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'>=E5=B9=B4<spa=
n lang=3DEN-US>5</span>=E6=9C=88<span lang=3DEN-US>10</span>=E6=97=A5<span =
lang=3DEN-US> 2:26<br></span><b>=E6=94=B6=E4=BB=B6=E4=BA=BA<span lang=3DEN-=
US>:</span></b><span lang=3DEN-US> gaoliming &lt;gaoliming@byosoft.com.cn&g=
t;; devel@edk2.groups.io<br></span><b>=E4=B8=BB=E9=A2=98<span lang=3DEN-US>=
:</span></b><span lang=3DEN-US> Re: [edk2-devel] </span>=E5=9B=9E=E5=A4=8D<=
span lang=3DEN-US>: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] Networ=
kPkg: CVE-2023-45236 and CVE-2023-45237<o:p></o:p></span></span></p></div><=
/div><p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p><p=
><span lang=3DEN-US>From the two CVE patches there should be no functional =
differences to a platform assuming the platform provides them with a RNG im=
plementation and HASH2 implementation.<o:p></o:p></span></p><p><span lang=
=3DEN-US>The &quot;NetworkPkg:: SECURITY PATCH CVE-2023-45237&quot; change =
simply get's it's random numbers from outside of the NetworkPkg and makes i=
t a platform decision. The &quot;NetworkPkg: TcpDxe: SECURITY PATCH CVE-202=
3-45236&quot; changes how the TCP Isn number is generated and puts the plat=
form in compliance with the relevant specification.<o:p></o:p></span></p><p=
><span lang=3DEN-US>There is a functional change with &quot;SecurityPkg: Rn=
gDxe: Remove incorrect limitation on GetRng&quot; as this will now allow a =
caller to call less than 32 bytes.<o:p></o:p></span></p><p><span lang=3DEN-=
US>The other changes are unit tests and platform integration changes.<o:p><=
/o:p></span></p></div></div></body></html>


<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>
<hr>


Groups.io Links:<p>


 =20
    You receive all messages sent to this group.
 =20
 =20


<p>
<a target=3D"_blank" href=3D"https://edk2.groups.io/g/devel/message/118897"=
>View/Reply Online (#118897)</a> |


 =20

|

  <a target=3D"_blank" href=3D"https://groups.io/mt/106106240/7686176">Mute=
 This Topic</a>


| <a href=3D"https://edk2.groups.io/g/devel/post">New Topic</a>

<br>




<a href=3D"https://edk2.groups.io/g/devel/editsub/7686176">Your Subscriptio=
n</a> |
<a href=3D"mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |

<a href=3D"https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>

 [rebecca@openfw.io]<br>
<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>


------=_NextPart_000_032C_01DAA6A3.9FD530C0--