Thanks, Laszlo! Pushed these two fixes with updates by the commits: a701ea0fe1d5178eb4fd2659d83461751cb9e7c9 b85b20fba42e25ff658ed1a470250d530c189027
Best Regards & Thanks, LONG, Qin From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Saturday, April 14, 2018 4:08 AM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h On 04/12/18 05:08, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > (V2 Update: > Removing the wrong "--remote" option from git submodule update > command in this commit message. Thanks Leszlo's clarification > to correct this) (1) "Laszlo", not "Leszlo" :) Apology!. ☺ > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: > $ git submodule update -–recursive (2) OK, so this is a tricky one. The "--recursive" option starts with two hyphen characters (ASCII 0x2D). However, the string above starts with a hyphen (ASCII 0x2D) and then a unicode EN DASH codepoint (U+2013). Please replace it with a normal hyphen. More below: > > Cc: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> > Cc: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 160000 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > With the commit msg updates: Reviewed-by: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> I also tested this patch, with an off-disk Secure Boot, and an HTTPS boot. Both worked fine. Tested-by: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
