Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2017-11-23 09:36:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Thu Nov 23 09:36:59 2017 rev:19 rq:543002 version:2017+git1510945757.b2662641d5 Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2017-10-23 16:39:01.292755474 +0200 +++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes 2017-11-23 09:37:11.996307734 +0100 @@ -1,0 +2,104 @@ +Mon Nov 20 04:23:04 UTC 2017 - g...@suse.com + +- Update to 2017+git1510945757.b2662641d5 + + ArmPlatformPkg/ArmPlatformLibNull: remove bogus PCD dependencies + + MdeModulePkg/UsbMassStorageDxe: Enhance Request Sense Handling + + OvmfPkg: save on I/O port accesses when the debug port is not + in use + + OvmfPkg: create a separate PlatformDebugLibIoPort instance for + SEC + + OvmfPkg: make PlatformDebugLibIoPort a proper BASE library + + OvmfPkg: restore temporary SEC/PEI RAM size to 64KB + + OvmfPkg/Sec/X64: seed the temporary RAM with PcdInitValueInTempStack + + ArmVirtPkg: switch to new PL011UartLib implementation + + OvmfPkg/XenHypercallLib: enable virt extensions for ARM + + MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode + + MdeModulePkg/DxeCore: Implement heap guard feature for UEFI + + ArmVirtPkg/ArmVirtQemu: use non-accelerated CopyMem for + VariableRuntimeDxe + + NetworkPkg: Fix incorrect SizeofHeaders returned from + HttpTcpReceiveHeader() + + NetworkPkg: Print error message to screen if error occurs + during HTTP boot + + MdeModulePkg/PartitionDxe: Fix UDF fs access on certain CD/DVD + medias + + MdeModulePkg/UsbMassStorageDxe: Fix USB Mass Storage detection + + MdeModulePkg SerialDxe: Handle Timeout change more robustly + + CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free + + CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc + wrapper + + ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the + boot mode + + Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + + SecurityPkg: Remove Counter Based AuthVariable support + + BaseTools/tools_def AARCH64 ARM: disable PIE linking + + NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool + + NetworkPkg/HttpBootDxe: Add IPv6 support condition check + + NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process + + MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource + + UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang + + NetworkPkg: Remove ping6 and ifconfig shell application + + OvmfPkg: fix dynamic default for oprom verification policy PCD + without SB + + OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when + SEV is active + + SecurityPkg\Tcg2Pei: FV measure performance enhancement + + SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth + Variable + + ArmPlatformPkg: Store initial timer value + + ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob + + MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created + MOR variable + + ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation + + OvmfPkg/PciHotPlugInitDxe: translate QEMU's resource + reservation hints + + OvmfPkg/PciHotPlugInitDxe: generalize RESOURCE_PADDING + composition + + OvmfPkg/IndustryStandard: define PCI Capabilities for QEMU's + PCI Bridges + + MdeModulePkg/BdsDxe: Don't delete "BootNext" until booting it + + Clarify the usage of HttpConfigData in HTTP protocol + + SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI + Enhancement + + MdeModulePkg/UDF: Fix creation of UDF logical partition + + CryptoPkg: Add new API to retrieve commonName of X.509 certificate + + OvmfPkg/VirtioNetDxe: log debug message in VirtioNetExitBoot() + + OvmfPkg/QemuBootOrderLib: recognize "usb-storage" devices in + XHCI ports + + MdeModulePkg/Core: Fix out-of-sync issue in GCD + + UefiCpuPkg/CpuDxe: Fix out-of-sync issue in page attributes + + OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 + correctly + + OvmfPkg/QemuVideoDxe/VbeShim: rename Status to + Segment0AllocationStatus + + OvmfPkg/CsmSupportLib: move PAM register addresses to + IndustryStandard + + NetworkPkg/IScsiDxe: Remove redundant call to StrLen + + BaseTools/tools_def AARCH64: enable frame pointers for RELEASE + builds + + ArmPkg/PlatformBootManagerLib: process pending capsules + + MdeModulePkg/Udf: Avoid declaring and initializing local GUID + variable + + MdeModulePkg/UdfDxe: Avoid short (single character) variable name + + MdeModulePkg/UdfDxe: Use compare operator for non-boolean + comparisons + + MdeModulePkg/UdfDxe: Fix operands of different size in bitwise + OP + + MdeModulePkg/UdfDxe: Add checks to ensure no possible NULL ptr + deref + + MdeModulePkg/SerialDxe: Fix not able to change serial attributes + + NetworkPkg: Remove the redundant '/' in the end of returned + ISCSIMacAddr keyword + + MdeModulePkg/UdfDxe: Fix NULL pointer dereference + + OvmfPkg/VirtioNetDxe: negotiate VIRTIO_F_IOMMU_PLATFORM + + OvmfPkg/VirtioNetDxe: map caller-supplied Tx packet to + device-address + + OvmfPkg/VirtioNetDxe: add Tx packet map/unmap helper functions + + OvmfPkg/VirtioNetDxe: update TechNotes + + OvmfPkg/VirtioNetDxe: dynamically alloc transmit header + + OvmfPkg/VirtioNetDxe: alloc RxBuf using AllocateSharedPages() + + OvmfPkg/VirtioNetDxe: map VRINGs using VirtioRingMap() + + OvmfPkg/VirtioNetDxe: add helper VirtioNetUninitRing() +- Update openssl to 1.1.0g + +------------------------------------------------------------------- Old: ---- openssl-1.1.0e.tar.gz openssl-1.1.0e.tar.gz.asc ovmf-2017+git1505340320.5afa5b8159.tar.xz New: ---- openssl-1.1.0g.tar.gz openssl-1.1.0g.tar.gz.asc ovmf-2017+git1510945757.b2662641d5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf.spec ++++++ --- /var/tmp/diff_new_pack.nGWtFn/_old 2017-11-23 09:37:13.300260158 +0100 +++ /var/tmp/diff_new_pack.nGWtFn/_new 2017-11-23 09:37:13.300260158 +0100 @@ -18,14 +18,14 @@ %undefine _build_create_debug -%global openssl_version 1.1.0e +%global openssl_version 1.1.0g Name: ovmf Url: http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2 Summary: Open Virtual Machine Firmware License: BSD-2-Clause Group: System/Emulators/PC -Version: 2017+git1505340320.5afa5b8159 +Version: 2017+git1510945757.b2662641d5 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz ++++++ ovmf-2017+git1505340320.5afa5b8159.tar.xz -> ovmf-2017+git1510945757.b2662641d5.tar.xz ++++++ /work/SRC/openSUSE:Factory/ovmf/ovmf-2017+git1505340320.5afa5b8159.tar.xz /work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2017+git1510945757.b2662641d5.tar.xz differ: char 26, line 1 ++++++ ovmf-embed-default-keys.patch ++++++ --- /var/tmp/diff_new_pack.nGWtFn/_old 2017-11-23 09:37:13.484253445 +0100 +++ /var/tmp/diff_new_pack.nGWtFn/_new 2017-11-23 09:37:13.488253299 +0100 @@ -1,4 +1,4 @@ -From b967e8dc2bea98736d8544d9ee2565f71ac06d08 Mon Sep 17 00:00:00 2001 +From 933284f94b8bffb7d3d81152e0b5f49c46a9f787 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Fri, 10 May 2013 10:27:51 +0800 Subject: [PATCH 1/3] Add a stub to allow keys to be embedded at build time @@ -18,7 +18,7 @@ create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_PK.h diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -index 792a1232ae..f5f954e534 100644 +index 00917eb374..a7a46fc648 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -23,6 +23,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -32,7 +32,7 @@ /// /// Global database array for scratch -@@ -147,6 +151,11 @@ AuthVariableLibInitialize ( +@@ -131,6 +135,11 @@ AuthVariableLibInitialize ( UINT8 SecureBootEnable; UINT8 CustomMode; UINT32 ListSize; @@ -44,7 +44,7 @@ if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) { return EFI_INVALID_PARAMETER; -@@ -163,6 +172,177 @@ AuthVariableLibInitialize ( +@@ -147,6 +156,177 @@ AuthVariableLibInitialize ( return EFI_OUT_OF_RESOURCES; } @@ -220,8 +220,8 @@ + +SKIP_KEYS: // - // Reserve runtime buffer for public key database. The size excludes variable header and name size. - // + // Reserve runtime buffer for certificate database. The size excludes variable header and name size. + // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer. diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 572ba4e120..1a46019a5f 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -270,10 +270,10 @@ +unsigned char *Default_PK = NULL; +unsigned int Default_PK_len = 0; -- -2.14.1 +2.15.0 -From 5e76fc193363471e9720005bdb8e4c62fb15de6b Mon Sep 17 00:00:00 2001 +From 72d09098734d00696e0db13d9b84bb01a0c89c76 Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Tue, 15 Dec 2015 16:54:54 +0800 Subject: [PATCH 2/3] Add DB_EX to include one more DB cert @@ -286,7 +286,7 @@ create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -index f5f954e534..803b77d178 100644 +index a7a46fc648..114f3d84c6 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -26,6 +26,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -297,7 +297,7 @@ #include "Default_DBX.h" /// -@@ -283,19 +284,25 @@ AuthVariableLibInitialize ( +@@ -267,19 +268,25 @@ AuthVariableLibInitialize ( &DataSize ); if (Status == EFI_NOT_FOUND) { @@ -326,7 +326,7 @@ SigCert->SignatureHeaderSize = 0; SigCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_len); CopyGuid (&SigCert->SignatureType, &gEfiCertX509Guid); -@@ -304,11 +311,23 @@ AuthVariableLibInitialize ( +@@ -288,11 +295,23 @@ AuthVariableLibInitialize ( CopyGuid (&SigCertData->SignatureOwner, SignatureGUID); CopyMem ((UINT8* ) (SigCertData->SignatureData), Default_DB, Default_DB_len); @@ -360,10 +360,10 @@ +unsigned char *Default_DB_EX = NULL; +unsigned int Default_DB_EX_len = 0; -- -2.14.1 +2.15.0 -From 72543f45511d32c784be63145ff6e9d8697d22c5 Mon Sep 17 00:00:00 2001 +From 5db901016015df0955085003387f52655ed9b964 Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Mon, 28 Aug 2017 16:18:00 +0800 Subject: [PATCH 3/3] Check the length of the certificate instead of the @@ -378,10 +378,10 @@ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -index 803b77d178..9a4a7eda7b 100644 +index 114f3d84c6..641823216a 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -@@ -180,7 +180,7 @@ AuthVariableLibInitialize ( +@@ -164,7 +164,7 @@ AuthVariableLibInitialize ( EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; // PK @@ -390,7 +390,7 @@ goto SKIP_KEYS; Status = AuthServiceInternalFindVariable ( -@@ -227,7 +227,7 @@ AuthVariableLibInitialize ( +@@ -211,7 +211,7 @@ AuthVariableLibInitialize ( } // KEK @@ -399,7 +399,7 @@ goto SKIP_KEYS; Status = AuthServiceInternalFindVariable ( -@@ -274,7 +274,7 @@ AuthVariableLibInitialize ( +@@ -258,7 +258,7 @@ AuthVariableLibInitialize ( } // DB @@ -408,7 +408,7 @@ goto SKIP_KEYS; Status = AuthServiceInternalFindVariable ( -@@ -293,7 +293,7 @@ AuthVariableLibInitialize ( +@@ -277,7 +277,7 @@ AuthVariableLibInitialize ( } SigSize_1 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_len; @@ -417,7 +417,7 @@ SigSize_2 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_EX_len; } Data = AllocateZeroPool (SigSize_1 + SigSize_2); -@@ -311,7 +311,7 @@ AuthVariableLibInitialize ( +@@ -295,7 +295,7 @@ AuthVariableLibInitialize ( CopyGuid (&SigCertData->SignatureOwner, SignatureGUID); CopyMem ((UINT8* ) (SigCertData->SignatureData), Default_DB, Default_DB_len); @@ -426,7 +426,7 @@ SigCert = (EFI_SIGNATURE_LIST*) (Data + SigSize_1); SigCert->SignatureListSize = (UINT32) SigSize_2; SigCert->SignatureHeaderSize = 0; -@@ -339,7 +339,7 @@ AuthVariableLibInitialize ( +@@ -323,7 +323,7 @@ AuthVariableLibInitialize ( } // DBX @@ -436,5 +436,5 @@ Status = AuthServiceInternalFindVariable ( -- -2.14.1 +2.15.0
