From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AD9A0220E8CB3 for ; Fri, 13 Apr 2018 13:07:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DC5E0402290A; Fri, 13 Apr 2018 20:07:39 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-122-26.rdu2.redhat.com [10.10.122.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 309932026980; Fri, 13 Apr 2018 20:07:38 +0000 (UTC) To: Long Qin , ting.ye@intel.com Cc: edk2-devel@lists.01.org References: <20180412030801.14216-1-qin.long@intel.com> <20180412030801.14216-3-qin.long@intel.com> From: Laszlo Ersek Message-ID: Date: Fri, 13 Apr 2018 22:07:38 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180412030801.14216-3-qin.long@intel.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 13 Apr 2018 20:07:39 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 13 Apr 2018 20:07:39 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: Re: [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2018 20:07:40 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 04/12/18 05:08, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > (V2 Update: > Removing the wrong "--remote" option from git submodule update > command in this commit message. Thanks Leszlo's clarification > to correct this) (1) "Laszlo", not "Leszlo" :) > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: > $ git submodule update -–recursive (2) OK, so this is a tricky one. The "--recursive" option starts with two hyphen characters (ASCII 0x2D). However, the string above starts with a hyphen (ASCII 0x2D) and then a unicode EN DASH codepoint (U+2013). Please replace it with a normal hyphen. More below: > > Cc: Laszlo Ersek > Cc: Ye Ting > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > With the commit msg updates: Reviewed-by: Laszlo Ersek I also tested this patch, with an off-disk Secure Boot, and an HTTPS boot. Both worked fine. Tested-by: Laszlo Ersek Thanks! Laszlo