[AUTO-CHERRYPICK] hvloader: address openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) - branch main (#9303)

CBL-Mariner-Bot · arc9693 · web-flow · commit ff0a669b98e6 · 2024-06-05T11:05:59.000+05:30
Co-authored-by: Archana Choudhary &lt;36061892+arc9693@users.noreply.github.com&gt;
diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           hvloader-signed-%{buildarch}
 Version:        1.0.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -69,6 +69,9 @@ popd
 /boot/efi/HvLoader.efi
 
 %changelog
+* Fri May 31 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3.cm2
+- Update version for consistency with hvloader spec
+
 * Fri May 10 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-2
 - Update version for consistency with hvloader spec
 
diff --git a/SPECS/hvloader/hvloader.signatures.json b/SPECS/hvloader/hvloader.signatures.json
@@ -1,7 +1,7 @@
 {
  "Signatures": {
   "hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
-  "edk2-stable202302-submodules.tar.gz": "6e0c992145070d4f9e907a2baf9441b264927902537e888d20d2749055d52f20",
+  "edk2-stable202305-submodules.tar.gz": "98ad582dde1cedaa1d0767d92968c47c7102a94b1ab1cd6ca5c95eee2acbaa71",
   "target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8"
 }
 }
diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec
@@ -1,10 +1,10 @@
 %define  debug_package %{nil}
 %define  name_github   HvLoader
-%define  edk2_tag      edk2-stable202302
+%define  edk2_tag      edk2-stable202305
 Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
 Name:           hvloader
 Version:        1.0.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -58,6 +58,11 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{
 /boot/efi/HvLoader.efi
 
 %changelog
+* Fri May 31 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3
+- Update edk2_tag to edk2-stable202305
+- Publish edk2-stable202305-submodules source 
+- Correct the resolution of openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304) that were not successfully addressed in the previous update
+
 * Wed May 08 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-2
 - Update edk2_tag to edk2-stable202302
 - Publish edk2-stable202302-submodules source

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`	`3`	`"hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",`
`4`		`- "edk2-stable202302-submodules.tar.gz": "6e0c992145070d4f9e907a2baf9441b264927902537e888d20d2749055d52f20",`
	`4`	`+ "edk2-stable202305-submodules.tar.gz": "98ad582dde1cedaa1d0767d92968c47c7102a94b1ab1cd6ca5c95eee2acbaa71",`
`5`	`5`	`"target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8"`
`6`	`6`	`}`
`7`	`7`	`}`