Re: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j

From: Laszlo Ersek <lersek@redhat.com>
To: "Long, Qin" <qin.long@intel.com>
Cc: "Ye, Ting" <ting.ye@intel.com>,
	"edk2-devel@ml01.01.org" <edk2-devel@ml01.01.org>,
	"Woodhouse, David" <david.woodhouse@intel.com>
Subject: Re: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j
Date: Thu, 29 Sep 2016 21:26:42 +0200	[thread overview]
Message-ID: <d4e48079-37ed-930c-a780-63222f247820@redhat.com> (raw)
In-Reply-To: <BF2CCE9263284D428840004653A28B6E5153516C@SHSMSX103.ccr.corp.intel.com>

On 09/29/16 16:22, Long, Qin wrote:
> Sure, refer to https://github.com/qloong/edk2/tree/dev-openssl-1.0.2j
> Thanks, Laszlo.

I used the Ia32X64 build of OVMF with a Fedora guest to test this
update. I checked:
- boot with Secure Boot having been enabled previously (using 1.0.2h)
- clearing Secure Boot and booting an unsigned binary
- enrolling certificates again and booting with SB enabled (checking
both unsigned and signed)

Tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo


> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com] 
> Sent: Thursday, September 29, 2016 5:23 PM
> To: Long, Qin <qin.long@intel.com>
> Cc: edk2-devel@ml01.01.org; Ye, Ting <ting.ye@intel.com>; Woodhouse, David <david.woodhouse@intel.com>
> Subject: Re: [edk2] [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j
> 
> On 09/29/16 08:09, Qin Long wrote:
>> Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available with 
>> several severity fixes at 22-Sep-2016 and 26-Sep-2016 with several 
>> security fixes. Refer to 
>> https://www.openssl.org/news/secadv/20160922.txt and 
>> https://www.openssl.org/news/secadv/20160926.txt.
>> This patch is to upgrade the supported OpenSSL version in 
>> CryptoPkg/OpensslLib to catch the latest release 1.0.2j.
>>
>> Cc: Ting Ye <ting.ye@intel.com>
>> Cc: David Woodhouse <David.Woodhouse@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Qin Long <qin.long@intel.com>
>> ---
>>  CryptoPkg/CryptoPkg.dec                            |   2 +-
>>  ...ssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} | 171 ++++++---------------
>>  CryptoPkg/Library/OpensslLib/Install.cmd           |   2 +-
>>  CryptoPkg/Library/OpensslLib/Install.sh            |   2 +-
>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |   2 +-
>>  CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |  26 ++--
>>  6 files changed, 62 insertions(+), 143 deletions(-)  rename 
>> CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2h.patch => 
>> EDKII_openssl-1.0.2j.patch} (92%)
> 
> Can you please push this patch to a personal git repo of yours, and publish the URL and branch name on the list? I'd like to test the patch.
> 
> Thanks!
> Laszlo
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>