Re: [edk2] [PATCH] CryptoPkg: update OpenSSL dependency to version 1.0.2d

Ye, Ting Fri, 10 Jul 2015 00:57:07 -0700

Looks good to me.
Reviewed-by: Ye Ting <ting...@intel.com> 

-----Original Message-----
From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] 
Sent: Friday, July 10, 2015 2:54 PM
To: edk2-devel@lists.sourceforge.net; Long, Qin; Dong, Guo; Ye, Ting
Cc: Justen, Jordan L; Gao, Liming; Ard Biesheuvel
Subject: [PATCH] CryptoPkg: update OpenSSL dependency to version 1.0.2d


Upstream OpenSSL version 1.0.2c contained a fatal flaw
[CVE-2015-1793] and is no longer available from the openssl.org
download servers. So upgrade to its replacement, version 1.0.2d.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
 CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2c.patch => 
EDKII_openssl-1.0.2d.patch} |  4 +--
 CryptoPkg/Library/OpensslLib/Install.cmd                                       
         |  2 +-
 CryptoPkg/Library/OpensslLib/Install.sh                                        
         |  2 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf                                    
         |  2 +-
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt                                   
         | 26 ++++++++++----------
 5 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch 
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
similarity index 96%
rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 0d9575e94aef..72e5f3da54c4 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -210,7 +210,7 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
 diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
 --- crypto/x509/x509_vfy.c     Thu Jun 11 21:52:58 2015
 +++ crypto/x509/x509_vfy.c     Fri Jun 12 11:29:37 2015
-@@ -1647,6 +1647,10 @@
+@@ -1653,6 +1653,10 @@
  
  static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
  {
@@ -221,7 +221,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
      time_t *ptime;
      int i;
  
-@@ -1686,6 +1690,7 @@
+@@ -1692,6 +1696,7 @@
      }
  
      return 1;
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd 
b/CryptoPkg/Library/OpensslLib/Install.cmd
index f8d8582d9ef6..ef0a4bdcebc9 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,4 +1,4 @@
-cd openssl-1.0.2c
+cd openssl-1.0.2d
 copy e_os2.h                    ..\..\..\Include\openssl
 copy crypto\crypto.h            ..\..\..\Include\openssl
 copy crypto\opensslv.h          ..\..\..\Include\openssl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh 
b/CryptoPkg/Library/OpensslLib/Install.sh
index 087655d50e2a..877e775b81af 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-cd openssl-1.0.2c
+cd openssl-1.0.2d
 cp e_os2.h                    ../../../Include/openssl
 cp crypto/crypto.h            ../../../Include/openssl
 cp crypto/opensslv.h          ../../../Include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dbf8a9621732..28d3aec00e2a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,7 +20,7 @@ [Defines]
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
-  DEFINE OPENSSL_PATH            = openssl-1.0.2c
+  DEFINE OPENSSL_PATH            = openssl-1.0.2d
   DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI 
-DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE 
-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 
-DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG 
-DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE 
-DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO 
-DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 
-DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING 
-DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA 
-DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA 
-DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP 
-DOPENSSL_NO_ENGINE
 
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt 
b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index 0ea7b8aa0ba5..59e74ee9b0d9 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under 
UEFI environment.
 
================================================================================
                                 OpenSSL-Version
 
================================================================================
-  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2c.
-    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
+  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
 
 
 
================================================================================
                       HOW to Install Openssl for UEFI Building
 
================================================================================
-1.  Download OpenSSL 1.0.2c from official website:
-    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
+1.  Download OpenSSL 1.0.2d from official website:
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
 
-    NOTE: Some web browsers may rename the downloaded TAR file to 
openssl-1.0.2c.tar.tar.
-          When you do the download, rename the "openssl-1.0.2c.tar.tar" to
-          "openssl-1.0.2c.tar.gz" or rename the local downloaded file with 
".tar.tar"
+    NOTE: Some web browsers may rename the downloaded TAR file to 
openssl-1.0.2d.tar.tar.
+          When you do the download, rename the "openssl-1.0.2d.tar.tar" to
+          "openssl-1.0.2d.tar.gz" or rename the local downloaded file with 
".tar.tar"
           extension to ".tar.gz".
 
-2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2c
+2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
 
     NOTE: If you use WinZip to unpack the openssl source in Windows, please
           uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
           Configuration --> Miscellaneous --> "TAR file smart CR/LF 
conversion").
 
-3.  Apply this patch: EDKII_openssl-1.0.2c.patch, and make installation
+3.  Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
 
     For Windows Environment:
     ------------------------
     1) Make sure the patch utility has been installed in your machine.
        Install Cygwin or get the patch utility binary from
           http://gnuwin32.sourceforge.net/packages/patch.htm
-    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2c
-    3) patch -p0 -i ..\EDKII_openssl-1.0.2c.patch
+    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
+    3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
     4) cd ..
     5) Install.cmd
 
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under 
UEFI environment.
     -----------------------
     1) Make sure the patch utility has been installed in your machine.
        Patch utility is available from http://directory.fsf.org/project/patch/
-    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2c
-    3) patch -p0 -i ../EDKII_openssl-1.0.2c.patch
+    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
+    3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
     4) cd ..
     5) ./Install.sh
 
-- 
1.9.1


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Re: [edk2] [PATCH] CryptoPkg: update OpenSSL dependency to version 1.0.2d

Reply via email to