DescriptionDmitry Belyavskiy
2022-04-01 15:09:14 UTC
Created attachment 1869976[details]
Proposed fix
openssl-1.1.1-cleanup-peer-point-reneg.patch prevents build in no-ec (edk2 firmware does that).
Reported by Gerd Hoffmann
Ping. I'd like sync the openssl source code in the edk2 package for 8.7.
The build failure blocks that though. So far we have been lucky with edk2
that the openssl cve bugs poping up in recent months didn't affect us,
but in case that changes I'd very much prefer pre-existing build problems
not delaying the delivery of security fixes.
So can you please add the patch to the repo (git://pkgs.devel.redhat.com/rpms/openssl)?
rhel-8.7.0 branch is enough. Thanks.
Comment 2Dmitry Belyavskiy
2022-07-20 15:16:49 UTC
Dear Gerd,
Will it be OK if we just add this patch to 8.7.0?
(In reply to Gerd Hoffmann from comment #1)
> rhel-8.7.0 branch is enough.
(In reply to Dmitry Belyavskiy from comment #2)
> Will it be OK if we just add this patch to 8.7.0?
Yes.
Created attachment 1869976 [details] Proposed fix openssl-1.1.1-cleanup-peer-point-reneg.patch prevents build in no-ec (edk2 firmware does that). Reported by Gerd Hoffmann