rpm/ovmf
SHA256
1
0
Fork 0
forked from pool/ovmf
Code Pull Requests Activity

Accepting request 782008 from home:gary_lin:branches:Virtualization

Browse Source 
- Update to edk2-stable202002

OBS-URL: https://build.opensuse.org/request/show/782008
OBS-URL: https://build.opensuse.org/package/show/Virtualization/ovmf?expand=0&rev=155
This commit is contained in:
Gary Ching-Pang Lin 2020-03-06 06:45:54 +00:00 committed by Git OBS Bridge
parent c84b2be525
commit f3acec1435
8 changed files with 235 additions and 2224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
edk2-stable201911.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23affd4ca2ba526747e72cbb350a4c95d192ac14eeb616778b1976577ed06001
size 13821169

3
edk2-stable202002.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:284eb25bdd78e40a969f3fd35e96c7c2a2a5903106ddf08282c194cb561400f4
size 13988974

168
ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch
View File

@ -1,168 +0,0 @@
From 7f9f7fccf58af2db5ac8c88801f56f4efe664fcb Mon Sep 17 00:00:00 2001
From: Jiaxin Wu <Jiaxin.wu@intel.com>
Date: Mon, 29 Apr 2019 09:51:53 +0800
Subject: [PATCH 1/2] NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559).
v3: correct the coding style.
v2: correct the commit message & add BZ number.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610
This patch is to check the received package length to make sure the package
has a valid length field.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
(cherry picked from commit 578bcdc2605e3438b9cbdac4e68339f90f5bf8af)
---
NetworkPkg/Ip4Dxe/Ip4Input.c | 46 +++++++++++++++++++++++++++++-------
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/NetworkPkg/Ip4Dxe/Ip4Input.c b/NetworkPkg/Ip4Dxe/Ip4Input.c
index 24c584658803..fc1a892f14eb 100644
--- a/NetworkPkg/Ip4Dxe/Ip4Input.c
+++ b/NetworkPkg/Ip4Dxe/Ip4Input.c
@@ -1,7 +1,7 @@
/** @file
IP4 input process.
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -711,10 +711,6 @@ Ip4PreProcessPacket (
//
// Check if the IP4 header is correctly formatted.
//
- if ((*Packet)->TotalSize < IP4_MIN_HEADLEN) {
- return EFI_INVALID_PARAMETER;
- }
-
HeadLen = (Head->HeadLen << 2);
TotalLen = NTOHS (Head->TotalLen);
@@ -808,6 +804,30 @@ Ip4PreProcessPacket (
return EFI_SUCCESS;
}
+/**
+ This function checks the IPv4 packet length.
+
+ @param[in] Packet Pointer to the IPv4 Packet to be checked.
+
+ @retval TRUE The input IPv4 packet length is valid.
+ @retval FALSE The input IPv4 packet length is invalid.
+
+**/
+BOOLEAN
+Ip4IsValidPacketLength (
+ IN NET_BUF *Packet
+ )
+{
+ //
+ // Check the IP4 packet length.
+ //
+ if (Packet->TotalSize < IP4_MIN_HEADLEN) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/**
The IP4 input routine. It is called by the IP4_INTERFACE when a
IP4 fragment is received from MNP.
@@ -844,6 +864,10 @@ Ip4AccpetFrame (
goto DROP;
}
+ if (!Ip4IsValidPacketLength (Packet)) {
+ goto RESTART;
+ }
+
Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
ASSERT (Head != NULL);
OptionLen = (Head->HeadLen << 2) - IP4_MIN_HEADLEN;
@@ -890,10 +914,14 @@ Ip4AccpetFrame (
//
ZeroMem (&ZeroHead, sizeof (IP4_HEAD));
if (0 == CompareMem (Head, &ZeroHead, sizeof (IP4_HEAD))) {
- // Packet may have been changed. Head, HeadLen, TotalLen, and
- // info must be reloaded bofore use. The ownership of the packet
- // is transfered to the packet process logic.
- //
+ // Packet may have been changed. Head, HeadLen, TotalLen, and
+ // info must be reloaded before use. The ownership of the packet
+ // is transferred to the packet process logic.
+ //
+ if (!Ip4IsValidPacketLength (Packet)) {
+ goto RESTART;
+ }
+
Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
ASSERT (Head != NULL);
Status = Ip4PreProcessPacket (
--
2.25.0
From 03225826203c978146e4067e1d14fe66fcb75e22 Mon Sep 17 00:00:00 2001
From: Siyuan Fu <siyuan.fu@intel.com>
Date: Fri, 21 Feb 2020 10:14:18 +0800
Subject: [PATCH 2/2] NetworkPkg/ArpDxe: Recycle invalid ARP packets
(CVE-2019-14559)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
This patch triggers the RecycleEvent for invalid ARP packets.
Prior to this, we would just ignore invalid ARP packets,
and never free them.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Nicholas Armour <nicholas.armour@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
(cherry picked from commit 1d3215fd24f47eaa4877542a59b4bbf5afc0cfe8)
---
NetworkPkg/ArpDxe/ArpImpl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/NetworkPkg/ArpDxe/ArpImpl.c b/NetworkPkg/ArpDxe/ArpImpl.c
index 0e9ef103eff9..c7f770db0734 100644
--- a/NetworkPkg/ArpDxe/ArpImpl.c
+++ b/NetworkPkg/ArpDxe/ArpImpl.c
@@ -1,7 +1,7 @@
/** @file
The implementation of the ARP protocol.
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -113,7 +113,7 @@ ArpOnFrameRcvdDpc (
//
// Restart the receiving if packet size is not correct.
//
- goto RESTART_RECEIVE;
+ goto RECYCLE_RXDATA;
}
//
@@ -125,7 +125,7 @@ ArpOnFrameRcvdDpc (
Head->OpCode = NTOHS (Head->OpCode);
if (RxData->DataLength < (sizeof (ARP_HEAD) + 2 * Head->HwAddrLen + 2 * Head->ProtoAddrLen)) {
- goto RESTART_RECEIVE;
+ goto RECYCLE_RXDATA;
}
if ((Head->HwType != ArpService->SnpMode.IfType) ||
--
2.25.0

166
ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
View File

@ -1,166 +0,0 @@
From 322ac05f8bbc1bce066af1dabd1b70ccdbe28891 Mon Sep 17 00:00:00 2001
From: Hao A Wu <hao.a.wu@intel.com>
Date: Fri, 28 Jun 2019 14:15:55 +0800
Subject: [PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric
truncation (CVE-2019-14563)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001
For S3BootScriptLib APIs:
S3BootScriptSaveIoWrite
S3BootScriptSaveMemWrite
S3BootScriptSavePciCfgWrite
S3BootScriptSavePciCfg2Write
S3BootScriptSaveSmbusExecute
S3BootScriptSaveInformation
S3BootScriptSaveInformationAsciiString
S3BootScriptLabel (happen in S3BootScriptLabelInternal())
possible numeric truncations will happen that may lead to S3 boot script
entry with improper size being returned to store the boot script data.
This commit will add checks to prevent this kind of issue.
Please note that the remaining S3BootScriptLib APIs:
S3BootScriptSaveIoReadWrite
S3BootScriptSaveMemReadWrite
S3BootScriptSavePciCfgReadWrite
S3BootScriptSavePciCfg2ReadWrite
S3BootScriptSaveStall
S3BootScriptSaveDispatch2
S3BootScriptSaveDispatch
S3BootScriptSaveMemPoll
S3BootScriptSaveIoPoll
S3BootScriptSavePciPoll
S3BootScriptSavePci2Poll
S3BootScriptCloseTable
S3BootScriptExecute
S3BootScriptMoveLastOpcode
S3BootScriptCompare
are not affected by such numeric truncation.
Signed-off-by: Hao A Wu <hao.a.wu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
.../PiDxeS3BootScriptLib/BootScriptSave.c | 52 ++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
index 9106e7d0f9f5..9315fc9f0188 100644
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
@@ -1,7 +1,7 @@
/** @file
Save the S3 data to S3 boot script.
- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite (
EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite (
EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite (
}
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1324,6 +1348,14 @@ S3BootScriptSavePciCfg2Write (
}
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1549,6 +1581,12 @@ S3BootScriptSaveSmbusExecute (
return Status;
}
+ //
+ // Truncation check
+ //
+ if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
DataSize = (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLength);
Script = S3BootScriptGetEntryAddAddress (DataSize);
@@ -1736,6 +1774,12 @@ S3BootScriptSaveInformation (
UINT8 *Script;
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
+ //
+ // Truncation check
+ //
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -2195,6 +2239,12 @@ S3BootScriptLabelInternal (
UINT8 *Script;
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
+ //
+ // Truncation check
+ //
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
Script = S3BootScriptGetEntryAddAddress (Length);
--
2.25.0

1870
ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch
View File

File diff suppressed because it is too large Load Diff

20
ovmf-gdb-symbols.patch
View File

@ -1,4 +1,4 @@
From 129c582687484ac3f6aa2d5eeb6e517c053337eb Mon Sep 17 00:00:00 2001
From 7eef4b6160dc5503acdf3b6a5b932085fe67abe6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Jun 2014 11:57:32 +0800
Subject: [PATCH 1/3] Add DebugPkg
@ -548,10 +548,10 @@ index 000000000000..dac215c53893
+
+
--
2.23.0
2.25.1
From 84c13bdbdc050c12c55de76ff62ed3f1b89c8f63 Mon Sep 17 00:00:00 2001
From 91908717fae43b7fa1d4b2e353258b2c93677216 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Jun 2014 11:59:02 +0800
Subject: [PATCH 2/3] Compile DebugPkg and load .debug files
@ -582,20 +582,20 @@ index dac215c53893..3db87a4de430 100644
(sym_name,
long (base)))
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index ba7a75884490..c35371447a75 100644
index f6c1d8d228c6..e886e2468f28 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -923,3 +923,5 @@ [Components]
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
@@ -940,3 +940,5 @@ [Components]
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
+
+ DebugPkg/GdbSyms/GdbSyms.inf
--
2.23.0
2.25.1
From dcbdaa6cccce44133f8cb6a1a78a0cebd10ac172 Mon Sep 17 00:00:00 2001
From 768ec2226be984a63afa9329f183ab74a6671a4b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 16 Oct 2017 16:32:27 +0800
Subject: [PATCH 3/3] DebugPkg: Print the local variables
@ -628,5 +628,5 @@ index 2551dfab90b6..0d591e5a8f22 100644
}
--
2.23.0
2.25.1

221
ovmf.changes
View File

@ -1,3 +1,224 @@
-------------------------------------------------------------------
Fri Mar 6 03:11:48 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
- Update to edk2-stable202002
+ UefiCpuPkg/MpInitLib: Skip reading PlatformId on AMD processors.
+ BaseTools: Remove invalid leading space before !INCLUDE in Makefile
+ OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and "bochs-display" support
+ NetworkPkg/ArpDxe: Recycle invalid ARP packets (CVE-2019-14559)
+ ShellPkg: acpiview: Prevent infinite loop if structure length is 0
+ CryptoPkg/BaseHashApiLib: Change PcdHashApiLibPolicy type to FixedAtBuild
+ CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0 Implementation
+ MdeModulePkg: Make retval in UninstallMultipleProtocol follow Spec
+ SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase
name (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: Differentiate error/search
result (2) (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: plug Data leak in
IsForbiddenByDbx() (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: tighten default result
(CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: Differentiate error/search
result (1) (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching
code (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching
dbx (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in
IsAllowedByDb (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: reject
CertStack.CertNumber==0 per DBX (CVE-2019-14575)
+ SecurityPkg/DxeImageVerificationLib: Fix memory leaks
(CVE-2019-14575)
+ NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559).
+ ShellPkg: acpiview: Validate ACPI table 'Length' field
+ ShellPkg: acpiview: Remove duplicate ACPI structure size definitions
+ UefiCpuPkg RegisterCpuFeaturesLib: Match data type and format specifier
+ MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo Unmap in TRB creation
(CVE-2019-14587)
+ MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558)
+ MdeModulePkg/String.c: Zero memory before free (CVE-2019-14558)
+ MdeModulePkg/HiiDB: Remove configuration table when it's freed
(CVE-2019-14586)
+ MdePkg: Remove FIT table industry standard header file.
+ UefiCpuPkg: Remove FIT based microcode shadow logic from MpInitLib.
+ UefiCpuPkg/CpuFeature: Introduce First to indicate 1st unit.
+ UefiCpuPkg/RegisterCpuFeaturesLib: Rename [Before|After]FeatureBitMask
+ UefiCpuPkg/RegisterCpuFeaturesLib: Delete CPU_FEATURE_[BEFORE|AFTER]
+ MdePkg: Add PCCT table signature definition
+ BaseTools: Fixed build failure when using python38
+ BaseTools:fix Ecc tool issue for check StructPcd
+ BaseTools: Remove caret in NASM_INC macro
+ BaseTools: Rationalise makefile generation
+ MdePkg: Add PCI Express 5.0 Header File
+ MdePkg: Disable EBC for unit tests in MdePkg.dsc
+ MdePkg/SmBios.h: Add two additional DWORD for smbios 3.3.0 type17
+ UefiCpuPkg/MpInitLib: Not pass microcode info between archs in CPU_MP_DATA
+ Revert UefiCpuPkg/MpInitLib: Relocate microcode patch fields in CPU_MP_DATA
+ ShellPkg: acpiview: Validate global pointers before use
+ ShellPkg: acpiview: Validate System Locality count
+ ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields
+ ShellPkg: Document UpdateArgcArgv returns EFI_INVALID_PARAMETER
+ ShellPkg: Document ParseCommandLineToArgs returns EFI_INVALID_PARAMETER
+ ShellPkg/UefiShellAcpiViewCommandLib: Fix FADT Parser
+ SecurityPkg: Fix incorrect return value when File is NULL
+ BaseTools: Fixed a Incremental build issue
+ CryptoPkg/CryptoPkg.dsc: Add build of Crypto libraries/modules
+ CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instances
+ CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
+ CryptoPkg: Add EDK II Crypto Protocols/PPIs/PCDs
+ CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV().
+ MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric truncation
(CVE-2019-14563)
+ MdeModulePkg/Capsule: Remove RT restriction in UpdateCapsule service.
+ SecurityPkg/TcgPhysicalPresenceLib: Replace the ASSERT with error code
+ BaseTools/PcdValueCommon: Fix 64-bit host compiler error
+ BaseTools/Build: Do not use Common.lib in Structured PCD app
+ MdeModulePkg/BaseSerialPortLib16550: Fix Serial Port Ready
+ BaseTools: Script for converting .aml to .hex
+ MdeModulePkg: Perform test only if not ignore memory test
+ UefiCpuPkg/MpInitLib: Always get CPUID & PlatformID in MicrocodeDetect()
+ OvmfPkg/PlatformPei: detect SMRAM at default SMBASE (for real)
+ OvmfPkg: introduce PcdCsmEnable feature flag
+ OvmfPkg/SmmAccess: close and lock SMRAM at default SMBASE
+ OvmfPkg/SEV: don't manage the lifecycle of the SMRAM at the default SMBASE
+ OvmfPkg/PlatformPei: reserve the SMRAM at the default SMBASE, if it exists
+ OvmfPkg/PlatformPei: assert there's no permanent PEI RAM at default SMBASE
+ OvmfPkg/PlatformPei: detect SMRAM at default SMBASE (skeleton)
+ OvmfPkg/PlatformPei: factor out Q35BoardVerification()
+ OvmfPkg/IndustryStandard: add MCH_DEFAULT_SMBASE* register macros
+ OvmfPkg/IndustryStandard: increase vertical whitespace in Q35 macro defs
+ OvmfPkg: introduce PcdQ35SmramAtDefaultSmbase
+ CryptoPkg/BaseCryptLibNull: Add missing HkdfSha256ExtractAndExpand()
+ BaseTools/DscBuildData: Fix PCD autogen include file conflict
+ CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API
+ CryptoPkg: Add CryptoPkg Token Space GUID
+ BaseTools/Conf/gitattributes: fix "--function-context" for C source code
+ SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies
+ SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
+ SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
+ SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
+ SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call
+ SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting
+ SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
+ SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
+ SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal
+ SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
+ SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
+ OvmfPkg/PlatformPei: rewrite MaxCpuCountInitialization() for CPU hotplug
+ OvmfPkg/IndustryStandard: define macros for QEMU's CPU hotplug registers
+ OvmfPkg/OvmfXen.dsc: remove PcdCpu* dynamic defaults
+ CryptoPkg/BaseCryptLib: remove HmacXxxGetContextSize interface
+ CryptoPkg/BaseCryptLib: replace HmacXxxInit API with HmacXxxSetKey
+ BaseTools: Fixed a incremental build bug
+ UefiCpuPkg/MpInitLib: Fix possible uninitialized 'InitFlag' field
+ FmdDevicePkg/FmpDxe: Support Fmp Capsule Dependency.
+ MdeModulePkg/CapsuleApp: Enhance CapsuleApp for Fmp Capsule Dependency
+ MdePkg: Add definition for Fmp Capsule Dependency.
+ MdeModulePkg/SdMmcPciHcDxe: Add retries for async commands
+ MdeModulePkg/SdMmcPciHcDxe: Add retries for sync commands
+ MdeModulePkg/SdMmcPciHcDxe: Refactor command error detection
+ MdeModulePkg/SdMmcPciHcDxe: Fix DAT lane SW reset
+ UefiCpuPkg/PiSmmCpuDxeSmm: fix 2M->4K page splitting regression for PDEs
+ MdeModulePkg/Variable: Fix VarErrorFlag RT cache offset calculation
+ MdePkg Base.h: Use correct style to check the defined macro
+ ShellPkg: acpiview: Update SRAT parser to ACPI 6.3
+ BaseTools/Capsule: Add capsule dependency support
+ MdeModulePkg/Setup: Update opcode number variable type to UINTN
+ ArmPlatformPkg/PrePeiCore: enable VFP at startup
+ ArmPkg/ArmSmcPsciResetSystemLib: remove EnterS3WithImmediateWake ()
+ NetworkPkg/HttpDxe: fix 32-bit truncation in HTTPS download
+ MdeModulePkg/UefiBootManagerLib: log reserved mem allocation failure
+ BaseTools/Scripts/PatchCheck: Address false error conditions
+ BaseTools:Fix GenFds issue for BuildOption replace GenFdsOption
+ BaseTools:Change the case rules for ECC check pointer names
+ MdeModulePkg/SdMmcPciHcDxe: Fix unknown doxygen tag error
+ ArmVirtPkg: remove EnterS3WithImmediateWake () from ResetSystemLib
+ OvmfPkg: remove EnterS3WithImmediateWake () from ResetSystemLib
+ UefiPayloadPkg: remove EnterS3WithImmediateWake () from ResetSystemLib
+ PcAtChipsetPkg: remove EnterS3WithImmediateWake () from ResetSystemLib
+ MdeModulePkg: remove EnterS3WithImmediateWake () from ResetSystemLib
+ UefiCpuPkg: Shadow microcode patch according to FIT microcode entry.
+ MdePkg: Add header file for Firmware Interface Table specification.
+ UefiCpuPkg/CpuCommonFeaturesLib: SMXE bit of CR4 should set
+ MdePkg BaseLib.h: Update IA32_CR4 strut to include all public fields
+ MdePkg: Do not use CreateEventEx unless required
+ UefiCpuPkg/PiSmmCpuDxeSmm: Add missed comments for parameter.
+ OvmfPkg: use HII type PCDs for TPM2 config related variables
+ OvmfPkg: reorganize TPM2 support in DSC/FDF files
+ BaseTools/PatchCheck.py: Ignore CR and LF characters in subject length
+ MdeModulePkg: Add EDK2 Platform Boot Manager Protocol
+ CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
+ UefiCpuPkg: Always load microcode patch on AP processor.
+ UefiCpuPkg: Remove alignment check when calculate microcode size.
+ Revert "UefiCpuPkg/PiSmmCpuDxeSmm: Fix buffer overflow issue."
+ MdeModulePkg/UsbMouseAbsolutePointer: Fix endpoint selection
+ MdeModulePkg/Usb/UsbMouse: Fix endpoint selection
+ MdeModulePkg/Usb/EfiKey: Fix endpoint selection
+ SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
+ MdeModulePkg/Smbios: Add TCG PFP rev 105 support.
+ MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD
+ MdeModulePkg/Smbios: Done measure Smbios multiple times.
+ SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event.
+ SecurityPkg/Guid: Add TCG 800-155 event GUID definition.
+ MdeModulePkg/SdMmcPciHcDxe: Add function to start SD clock
+ MdeModulePkg/SdMmcPciHcDxe: Hook SwitchClockFreq after SD clock start
+ UefiCpuPkg/PiSmmCpuDxeSmm: Pre-allocate PROCEDURE_TOKEN buffer
+ UefiPayloadPkg/BootManager: Add PS2 keyboard support
+ UefiCpuPkg/MpInitLib: Remove redundant microcode fields in CPU_MP_DATA
+ UefiCpuPkg/MpInitLib: Relocate microcode patch fields in CPU_MP_DATA
+ UefiCpuPkg/MpInitLib: Produce EDKII microcode patch HOB
+ UefiCpuPkg: Add definitions for EDKII microcode patch HOB
+ UefiCpuPkg/MpInitLib: Reduce the size when loading microcode patches
+ UefiCpuPkg/MpInitLib: Collect processors' CPUID & Platform ID info
+ BaseTools/Scripts: Add sendemail.transferEncoding to SetupGit.py
+ UefiCpuPkg/PiSmmCpuDxeSmm: Fix buffer overflow issue.
+ UefiCpuPkg/PiSmmCpuDxeSmm: Remove dependence between APs
+ edksetup.bat stuck on unicode locale Windows
+ MdePkg/Tcg: Add new definition in TCG PFP spec.
+ MdePkg: Use __builtin_offset with CLANGPDB toolchain
+ MdePkg PciExpress21: PCI_REG_PCIE_DEVICE_CONTROL2 struct has 17 bits
+ ShellPkg/ShellProtocol: Return error code while fail parsing cmd-line
+ MdePkg/Spdm: fix Nonce structure error.
+ BaseTools: Resolve a issue of Incremental build
+ Maintainers.txt: Update email address and role
+ BaseTools:replaces the two offending quotes by ascii quotes
+ BaseTools: Fix build failure when multiple build targets given
+ MdePkg/Include: Add DCC and BCM2835 SPCR UART types
+ ArmPkg/MmCommunicationDxe: relay architected PI events to MM context
+ SecurityPkg/Tcg2Smm: Measure the table before patch.
+ BaseTools: Remove redundant binary cache file
+ BaseTools: Leverage compiler output to optimize binary cache
+ BaseTools: enhance the CacheCopyFile method arg names
+ BaseTools: store more complete output files in binary cache
+ BaseTools: Enhance Basetool for incremental build
+ BaseTools: Update build_rule.txt to generate dependent files.
+ BaseTools: Generate dependent files for ASL and ASM files
+ BaseTools: Add build option for dependency file generation
+ UefiCpuPkg/PiSmmCpuDxeSmm: Avoid allocate Token every time
+ BaseTools: Avoid "is" with a literal Python 3.8 warnings
+ ArmPkg: Dispatch deferred images after EndOfDxe
+ ShellPkg/UefiHandleParsingLib: Fix error allocate pool
+ ShellPkg/edit: typo "%d Lines Wrote"
+ ShellPkg: acpiview: IORT Spec Rev D updates
+ ShellPkg: acpiview: Add support for parsing FACS
+ MdeModulePkg: Add ARM/Aarch64 support which were missing
+ MdeModulePkg: LzmaCustomDecompressLib.inf don't support EBC anymore
+ BaseTools:Enhance the way to handling included dsc file
+ UefiCpuPkg/UefiCpuPkg.uni: Add missing strings for PCD
+ NetworkPkg/NetworkPkg.uni: Add missing strings for PCD
+ MdeModulePkg/MdeModulePkg.uni: Add missing strings for PCD
+ NetworkPkg: Fixes to static code analysis hits
+ CryptoPkg/OpensslLib.inf: list OpenSSL local header "ms/uplink.h"
+ CryptoPkg/OpensslLib: improve INF file consistency
+ MdeModulePkg/VariableSmmRuntimeDxe.inf: list local header "Variable.h"
- Drop upstreamed fixes
+ ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch
+ ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+ ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch
- Refresh ovmf-gdb-symbols.patch
-------------------------------------------------------------------
Mon Feb 24 04:00:24 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>

8
ovmf.spec
View File

@ -28,7 +28,7 @@ URL: http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=
Summary: Open Virtual Machine Firmware
License: BSD-2-Clause-Patent
Group: System/Emulators/PC
Version: 201911
Version: 202002
Release: 0
Source0: https://github.com/tianocore/edk2/archive/edk2-stable%{version}.tar.gz
Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
@ -49,9 +49,6 @@ Patch2: %{name}-gdb-symbols.patch
Patch3: %{name}-pie.patch
Patch4: %{name}-disable-ia32-firmware-piepic.patch
Patch5: %{name}-set-fixed-enroll-time.patch
Patch6: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch
Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch
Patch100: openssl-fix-syntax-error.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bc
@ -175,9 +172,6 @@ rm -rf $PKG_TO_REMOVE
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib/openssl