On 09/29/16 16:22, Long, Qin wrote: > Sure, refer to https://github.com/qloong/edk2/tree/dev-openssl-1.0.2j > Thanks, Laszlo.
I used the Ia32X64 build of OVMF with a Fedora guest to test this update. I checked: - boot with Secure Boot having been enabled previously (using 1.0.2h) - clearing Secure Boot and booting an unsigned binary - enrolling certificates again and booting with SB enabled (checking both unsigned and signed) Tested-by: Laszlo Ersek <[email protected]> Thanks Laszlo > -----Original Message----- > From: Laszlo Ersek [mailto:[email protected]] > Sent: Thursday, September 29, 2016 5:23 PM > To: Long, Qin <[email protected]> > Cc: [email protected]; Ye, Ting <[email protected]>; Woodhouse, David > <[email protected]> > Subject: Re: [edk2] [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to > 1.0.2j > > On 09/29/16 08:09, Qin Long wrote: >> Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available with >> several severity fixes at 22-Sep-2016 and 26-Sep-2016 with several >> security fixes. Refer to >> https://www.openssl.org/news/secadv/20160922.txt and >> https://www.openssl.org/news/secadv/20160926.txt. >> This patch is to upgrade the supported OpenSSL version in >> CryptoPkg/OpensslLib to catch the latest release 1.0.2j. >> >> Cc: Ting Ye <[email protected]> >> Cc: David Woodhouse <[email protected]> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Qin Long <[email protected]> >> --- >> CryptoPkg/CryptoPkg.dec | 2 +- >> ...ssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} | 171 >> ++++++--------------- >> CryptoPkg/Library/OpensslLib/Install.cmd | 2 +- >> CryptoPkg/Library/OpensslLib/Install.sh | 2 +- >> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- >> CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 26 ++-- >> 6 files changed, 62 insertions(+), 143 deletions(-) rename >> CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2h.patch => >> EDKII_openssl-1.0.2j.patch} (92%) > > Can you please push this patch to a personal git repo of yours, and publish > the URL and branch name on the list? I'd like to test the patch. > > Thanks! > Laszlo > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
