On 09/29/19 08:09, Wang, Jian J wrote: > For this patch series, > 1. " Contributed-under: TianoCore Contribution Agreement 1.1" is not needed > any more. > Remove it at push time and no need to send a v2. > 2. Since it's security patch which had been reviewed separately, I see no > reason for new r-b > required. Please raise it asap if any objections. > 3. Acked-by: Jian J Wang <jian.j.w...@intel.com>
* Can you please confirm that these patches match those that we discussed here: https://bugzilla.tianocore.org/show_bug.cgi?id=960#c18 https://bugzilla.tianocore.org/show_bug.cgi?id=960#c19 * In the BZ, David and Bret raised some questions: https://bugzilla.tianocore.org/show_bug.cgi?id=960#c31 https://bugzilla.tianocore.org/show_bug.cgi?id=960#c32 https://bugzilla.tianocore.org/show_bug.cgi?id=960#c35 https://bugzilla.tianocore.org/show_bug.cgi?id=960#c36 and https://bugzilla.tianocore.org/show_bug.cgi?id=960#c40 The latest comment in the bug is c#41. I'm not under the impression that all concerns raised by David and Bret have been addressed (or abandoned). I'd like David and Bret to ACK the patches. Thanks, Laszlo >> -----Original Message----- >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wu, Jiaxin >> Sent: Friday, September 27, 2019 11:45 AM >> To: devel@edk2.groups.io >> Cc: Wu, Jiaxin <jiaxin...@intel.com> >> Subject: [edk2-devel] [PATCH v1 0/4] Support HTTPS HostName validation >> feature(CVE-2019-14553) >> >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 >> CVE: CVE-2019-14553 >> The series patches are to support HTTPS hostname validation feature. >> It fixes the issue exposed @ >> https://bugzilla.tianocore.org/show_bug.cgi?id=960. >> In the patches, we add the new data type named "EfiTlsVerifyHost" and >> the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP) to >> enable the host name check so as to avoid the potential >> Man-In-The-Middle attack. >> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> >> Reviewed-by: Ye Ting <ting...@intel.com> >> Reviewed-by: Long Qin <qin.l...@intel.com> >> Reviewed-by: Fu Siyuan <siyuan...@intel.com> >> Acked-by: Laszlo Ersek <ler...@redhat.com> >> >> Jiaxin Wu (4): >> MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost(CVE- >> 2019-14553) >> CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"(CVE-2019-14553) >> NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver(CVE- >> 2019-14553) >> NetworkPkg/HttpDxe: Set the HostName for the verification(CVE-2019-14553) >> >> CryptoPkg/Include/Library/TlsLib.h | 20 ++++++++ >> CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++- >> MdePkg/Include/Protocol/Tls.h | 68 +++++++++++++++++++++++----- >> NetworkPkg/HttpDxe/HttpProto.h | 1 + >> NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++-- >> NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++-- >> 6 files changed, 173 insertions(+), 19 deletions(-) >> >> -- >> 2.17.1.windows.2 >> >> >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48328): https://edk2.groups.io/g/devel/message/48328 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-