Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch edk2 for CVE-2025-69419 [HIGH] - branch 3.0-dev" #16198

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>

Author: CBL-Mariner-Bot

SPECS/edk2/CVE-2025-69419.patch

@@ -0,0 +1,56 @@
+From 60c822c3ddd52c1e872b7cd3d89ae3081e455ee3 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Wed, 11 Mar 2026 19:55:36 +0000
+Subject: [PATCH] Check return code of UTF8_putc
+
+Signed-off-by: Norbert Pocs <norbertp@openssl.org>
+
+Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
+
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+
+(Merged from https://github.com/openssl/openssl/pull/29376)
+
+Signed-off-by: rpm-build <rpm-build>
+Upstream-reference: AI Backport of https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296.patch
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c  | 6 ++++--
+ .../Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c      | 5 +++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c
+index b31761a..f4c92fc 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c
+@@ -203,8 +203,10 @@ static int do_buf(unsigned char *buf, int buflen,
+             orflags = CHARTYPE_LAST_ESC_2253;
+         if (type & BUF_TYPE_CONVUTF8) {
+             unsigned char utfbuf[6];
+-            int utflen;
+-            utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++            int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++
++            if (utflen < 0)
++                return -1; /* error happened with UTF8 */
+             for (i = 0; i < utflen; i++) {
+                 /*
+                  * We don't need to worry about setting orflags correctly
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c
+index 3afc8b2..dfd8829 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c
+@@ -212,6 +212,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
+     /* re-run the loop emitting UTF-8 string */
+     for (asclen = 0, i = 0; i < unilen; ) {
+         j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
++        /* when UTF8_putc fails */
++        if (j < 0) {
++            OPENSSL_free(asctmp);
++            return NULL;
++        }
+         if (j == 4) i += 4;
+         else        i += 2;
+         asclen += j;
+-- 
+2.45.4
+

SPECS/edk2/edk2.spec

@@ -55,7 +55,7 @@ ExclusiveArch: x86_64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    14%{?dist}
+Release:    15%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
 URL:        https://www.tianocore.org
@@ -148,6 +148,7 @@ Patch1011: CVE-2025-69418.patch
 Patch1012: CVE-2025-69420.patch
 Patch1013: CVE-2025-69421.patch
 Patch1014: CVE-2026-22796.patch
+Patch1015: CVE-2025-69419.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -809,6 +810,9 @@ done
 /boot/efi/HvLoader.efi
 
 %changelog
+* Wed Mar 11 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 20240524git3e722403cd16-15
+- Patch for CVE-2025-69419
+
 * Tue Feb 03 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 20240524git3e722403cd16-14
 - Patch for CVE-2026-22796, CVE-2025-69421, CVE-2025-69420, CVE-2025-69418, CVE-2025-68160