[AUTO-CHERRYPICK] hvloader: address openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) - branch main (#9303)

Co-authored-by: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
2024-06-04 22:35:59 -07:00 · 2024-06-04 22:35:59 -07:00 · ff0a669b98
--- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec
+++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec
@ -6,7 +6,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           hvloader-signed-%{buildarch}
 Version:        1.0.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -69,6 +69,9 @@ popd
 /boot/efi/HvLoader.efi

 %changelog
+* Fri May 31 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3.cm2
+- Update version for consistency with hvloader spec
+
 * Fri May 10 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-2
 - Update version for consistency with hvloader spec

--- a/SPECS/hvloader/hvloader.signatures.json
+++ b/SPECS/hvloader/hvloader.signatures.json
@ -1,7 +1,7 @@
 {
 "Signatures": {
  "hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
-  "edk2-stable202302-submodules.tar.gz": "6e0c992145070d4f9e907a2baf9441b264927902537e888d20d2749055d52f20",
+  "edk2-stable202305-submodules.tar.gz": "98ad582dde1cedaa1d0767d92968c47c7102a94b1ab1cd6ca5c95eee2acbaa71",
  "target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8"
 }
 }
--- a/SPECS/hvloader/hvloader.spec
+++ b/SPECS/hvloader/hvloader.spec
@ -1,10 +1,10 @@
 %define  debug_package %{nil}
 %define  name_github   HvLoader
-%define  edk2_tag      edk2-stable202302
+%define  edk2_tag      edk2-stable202305
 Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
 Name:           hvloader
 Version:        1.0.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -58,6 +58,11 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{
 /boot/efi/HvLoader.efi

 %changelog
+* Fri May 31 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3
+- Update edk2_tag to edk2-stable202305
+- Publish edk2-stable202305-submodules source 
+- Correct the resolution of openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) that were not successfully addressed in the previous update
+
 * Wed May 08 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-2
 - Update edk2_tag to edk2-stable202302
 - Publish edk2-stable202302-submodules source