diff --git a/SPECS/edk2/CVE-2025-69419.patch b/SPECS/edk2/CVE-2025-69419.patch new file mode 100644 index 00000000000..5ae452d0ff9 --- /dev/null +++ b/SPECS/edk2/CVE-2025-69419.patch @@ -0,0 +1,56 @@ +From 60c822c3ddd52c1e872b7cd3d89ae3081e455ee3 Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Wed, 11 Mar 2026 19:55:36 +0000 +Subject: [PATCH] Check return code of UTF8_putc + +Signed-off-by: Norbert Pocs + +Reviewed-by: Nikola Pajkovsky + +Reviewed-by: Viktor Dukhovni + +(Merged from https://github.com/openssl/openssl/pull/29376) + +Signed-off-by: rpm-build +Upstream-reference: AI Backport of https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296.patch +--- + CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c | 6 ++++-- + .../Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c | 5 +++++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c +index b31761a..f4c92fc 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c +@@ -203,8 +203,10 @@ static int do_buf(unsigned char *buf, int buflen, + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; +- int utflen; +- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ ++ if (utflen < 0) ++ return -1; /* error happened with UTF8 */ + for (i = 0; i < utflen; i++) { + /* + * We don't need to worry about setting orflags correctly +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c +index 3afc8b2..dfd8829 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c +@@ -212,6 +212,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) + /* re-run the loop emitting UTF-8 string */ + for (asclen = 0, i = 0; i < unilen; ) { + j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); ++ /* when UTF8_putc fails */ ++ if (j < 0) { ++ OPENSSL_free(asctmp); ++ return NULL; ++ } + if (j == 4) i += 4; + else i += 2; + asclen += j; +-- +2.45.4 + diff --git a/SPECS/edk2/edk2.spec b/SPECS/edk2/edk2.spec index 5184da8c1a8..aa7af0420b6 100644 --- a/SPECS/edk2/edk2.spec +++ b/SPECS/edk2/edk2.spec @@ -55,7 +55,7 @@ ExclusiveArch: x86_64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 14%{?dist} +Release: 15%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain URL: https://www.tianocore.org @@ -148,6 +148,7 @@ Patch1011: CVE-2025-69418.patch Patch1012: CVE-2025-69420.patch Patch1013: CVE-2025-69421.patch Patch1014: CVE-2026-22796.patch +Patch1015: CVE-2025-69419.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -809,6 +810,9 @@ done /boot/efi/HvLoader.efi %changelog +* Wed Mar 11 2026 Azure Linux Security Servicing Account - 20240524git3e722403cd16-15 +- Patch for CVE-2025-69419 + * Tue Feb 03 2026 Azure Linux Security Servicing Account - 20240524git3e722403cd16-14 - Patch for CVE-2026-22796, CVE-2025-69421, CVE-2025-69420, CVE-2025-69418, CVE-2025-68160