Hi, On 06/14/15 18:54, Long, Qin wrote: > [NOTE] > Just one day after 1.0.2b release, one new upgrade (1.0.2c) was released > to resolve ABI compatibility problems. This patch has to be updated to > catch this latest release. > No actual changes between this 1.0.2c-patch and the last 1.0.2b-patch series. > ================================================================ > OpenSSL 1.0.2b was just released at 11-Jun-2015. This patch is updated to > catch this latest release. > The changes between 1.0.2a-patch and 1.0.2b-patch is few: > > One memory allocation bug was already fixed in 1.0.2b codes (x509_vpm.c) > Then remove the fix codes from EDKII-openssl-1.0.2b.patch > > Add few missed boundary check in CryptX509.c > ================================================================ > Update the EDKII crypto provider from openssl 0.9.8zf to 1.0.2b. > The OpenSSL Project announced that the support for version 0.9.8 will cease > on 31st December 2015. This patch updates the EDKII openssl support to the > latest 1.0.2 branch. > > Long, Qin (3): > CryptoPkg: Update openssl patch file from 0.9.8zf to 1.0.2c > CryptoPkg: Update OpensslLib module files for openssl-1.0.2c support > CryptoPkg: Wrapper files updates to support openssl-1.0.2c > > CryptoPkg/Include/OpenSslSupport.h | 8 +- > CryptoPkg/Include/memory.h | 16 + > .../Library/BaseCryptLib/Pk/CryptAuthenticode.c | 6 +- > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +- > .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 11 +- > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 12 +- > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 18 +- > .../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ---------- > .../Library/OpensslLib/EDKII_openssl-1.0.2c.patch | 346 ++++++++++++ > CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++--- > CryptoPkg/Library/OpensslLib/Install.sh | 146 ++--- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 > ++++++++++++++------- > CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +- > 13 files changed, 1013 insertions(+), 651 deletions(-) > create mode 100644 CryptoPkg/Include/memory.h > delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch > create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch >
Sorry that I'm late to the party, but this update seems to have broken Secure Boot under OVMF. I started out with a fresh varstore, enrolled the Microsoft keys manually, using the SecureBootConfigDxe forms, and then tried to boot Fedora 20. "Booting fedora shim" appears at the end of the debug log, and the VM spins into an infinite loop. I confirmed that with 0.9.8zf things work. Thanks Laszlo ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
