On Thu, 2016-02-18 at 00:33 +0800, Qin Long wrote: > > ---- crypto/pkcs7/pk7_smime.c Thu Jun 11 21:01:06 2015 > -+++ crypto/pkcs7/pk7_smime.c Fri Jun 12 11:23:38 2015 > +--- crypto/pkcs7/pk7_smime.c Thu Jan 28 21:56:08 2016 > ++++ crypto/pkcs7/pk7_smime.c Wed Feb 17 16:22:45 2016 > @@ -254,7 +254,8 @@ > STACK_OF(PKCS7_SIGNER_INFO) *sinfos; > PKCS7_SIGNER_INFO *si; > @@ -114,20 +114,19 @@ diff U3 crypto/pkcs7/pk7_smime.c > crypto/pkcs7/pk7_smime.c > if (i <= 0) > break; > if (tmpout) > -@@ -394,6 +394,10 @@ > +@@ -394,6 +394,9 @@ > } > BIO_free_all(p7bio); > sk_X509_free(signers); > -+ > + if (buf != NULL) { > -+ OPENSSL_free(buf); > ++ OPENSSL_free(buf); > + } > return ret; > } >
This bit of code addresses OpenSSL RT#3955, although you don't actually *mention* that fact anywhere. A different fix has been committed to OpenSSL to close that RT. We should not be carrying patches which *differ* from the fixes that went into OpenSSL upstream. That's why part of my patch series (qv) actually *replaces* this whole EDKII_openssl-1.0.2X.patch with a cleanly generated one from a 1.0.2- based git tree, *with* its full changelog: http://git.infradead.org/users/dwmw2/edk2.git/commitdiff/cf8dd4aee409 I mention this just to reinforce the need for that change, even before we make the switch to OpenSSL 1.1. FWIW I was unable to apply the patch from your email; if there was ever a trick to managing the bogus line endings, I've forgotten it. Can we *please* keep native line endings in the git tree and let it be checked out into the native form — like everyone else does? -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel