This is to fix the security issue. I agree it is an import bug fix. I am OK to
push it for edk2-stable201903 tag
Thanks
Liming
> -Original Message-
> From: Wang, Jian J
> Sent: Thursday, March 7, 2019 7:17 PM
> To: Ni, Ray ; edk2-devel@lists.01.org
> Cc: Cetola, Stephano ; Gao, Liming
>
Actually it looks like the the CpuDxe driver is coded to only run if it it is
loaded under 4 GB? Is that following the spec? Is that intentional?
I noticed that SetCodeSelector is coded to use a far jump and that is a 32-bit
absolute value? Note [rsp+4]
https://github.com/tianocore/edk2/blob/mas
Hi all,
This is a very important fix for this issue. If no objection, I'd like the
patch be part of this stable tag.
As to this patch series,
Reviewed-by: Jian J Wang
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ray Ni
> Sent: Fr
Reviewed-by: Jian J Wang
> -Original Message-
> From: Zhang, Chao B
> Sent: Friday, March 08, 2019 10:57 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen ; Wang, Jian J
> Subject: [Patch] Maintainers.txt: Change package maintainer and reviewer of
> SecurityPkg.
>
> Cc: Yao Jiewen
> C
Cc: Yao Jiewen
Cc: Jian Wang
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B
---
Maintainers.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Maintainers.txt b/Maintainers.txt
index 7772926b2f..08a676b236 100644
--- a/Maintainers.txt
Reviewed-by: Hao Wu
Best Regards,
Hao Wu
> -Original Message-
> From: Ni, Ray
> Sent: Friday, March 08, 2019 10:35 AM
> To: edk2-devel@lists.01.org
> Cc: Bi, Dandan; Wu, Hao A
> Subject: [PATCH v2 1/2] MdeModulePkg/HiiDatabase: Fix potential integer
> overflow (CVE-2018-12181)
>
> REF:
Thanks for the comments.
Sent out V2 with correct patch subject.
> -Original Message-
> From: Wu, Hao A
> Sent: Friday, March 8, 2019 10:22 AM
> To: Ni, Ray ; edk2-devel@lists.01.org
> Subject: RE: [edk2] [PATCH 0/2] Fix bugs in HiiDatabase driver
>
> Quick comment, please add the CVE num
v2: put the CVE number in patch title.
Ray Ni (2):
MdeModulePkg/HiiDatabase: Fix potential integer overflow
(CVE-2018-12181)
MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed
(CVE-2018-12181)
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130 ++
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
For 4bit BMP, there are only 2^4 = 16 colors in the palette.
But when a corrupted BMP contains more than 16 colors in the palette,
today's implementation wrongly copies all colors to the local
PaletteValue[16] array which causes stack overfl
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Dandan Bi
Cc: Hao A Wu
---
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 126 ++
1 file changed, 103 insertions(+), 23 deletions(-)
diff
Quick comment, please add the CVE number in the patch subject.
Liming has already documented the new rule for this kind of fix:
https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format
Best Regards,
Hao Wu
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun
Please follow CVE format in
https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ray Ni
> Sent: Thursday, March 7, 2019 6:21 PM
> To: edk2-devel@lists.01.org
> Subject: [ed
Ray Ni (2):
MdeModulePkg/HiiDatabase: Fix potential integer overflow
MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130 ++
1 file changed, 105 insertions(+), 25 deletions(-)
--
2.20.1.windows.1
___
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
CVE number: CVE-2018-12181
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Dandan Bi
Cc: Hao A Wu
---
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 126 ++
1 file changed, 103 insertion
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
CVE number: CVE-2018-12181
For 4bit BMP, there are only 2^4 = 16 colors in the palette.
But when a corrupted BMP contains more than 16 colors in the palette,
today's implementation wrongly copies all colors to the local
PaletteValue[16] arra
On 2/26/19 5:31 AM, Laszlo Ersek wrote:
Sorry for missing this earlier, but the patch misses the
Contributed-under and Signed-off-by lines, from the end of the commit
message.
Please repost like that, and then please also include the Reviewed-by
tags from Jaben and myself.
I'm just catching
The current servers listed appear to be unusable. I suspect most
people will get correct DNS servers via DHCP, but the defaults
should work for anyone.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Rebecca Cran
Reviewed-by: Jaben Carsey
Reviewed-by: Laszlo Ersek
---
St
Hi Kevin:
I'm not a lawyer and even if I were I couldn't give you legal advice of course.
That said, I believe the intent of the BSD+patent license is well stated in the
note that is included immediately above the actual rendition of terms on this
page here: https://opensource.org/licenses/BSDp
I'm trying to understand why gdtPtr.Base is casting to (UINT32)?
1) gdtPtr.Base is a a UINTN
2) It is legal for AllocateRuntimePool() to return an address > 4GB
It seems like the code should just cast to (UINTN)?
https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/CpuDxe/CpuGdt.c#L151
V
On Thu, 2019-03-07 at 09:23 +0800, Eric Jin wrote:
> The intention of test is to validate the signal sequence among
> three events with gEfiEventMemoryMapChangeGuid and different
> Tpl. The call of AllocatePages() causes memorymap change and
> trigger event Notify.
> But the test has an assumption
On Thu, 2019-03-07 at 15:05 +0800, Eric Jin wrote:
> revisit BlueTooth checkpoint for UEFI2.7 spec update
> with LE support
> Change original test to classic/low energy checkpoints
> Add marco MAX_LENGTH for pre-defined string value
> (yes or no) in EfiCompliant.ini.
>
> Cc: Supreeth Venkatesh
>
Laszlo,
The information I provided below is incorrect. The PCD referenced
does support all PCD types as Jiewen noted.
Mike
> -Original Message-
> From: Kinney, Michael D
> Sent: Thursday, March 7, 2019 10:10 AM
> To: Laszlo Ersek ; Vanguput,
> Narendra K ; edk2-
> de...@lists.01.org; Ki
Good catch Laszo!!!
I found PcdCpuSmmStaticPageTable is [PcdsFixedAtBuild, PcdsPatchableInModule,
PcdsDynamic, PcdsDynamicEx].
I think it should only be static, but I am wrong. Thanks to point it out.
Then I think we need get the PCD value at the entrypoint.
Another option is just to move the C
Laszlo,
Good news is that the PCD being used is a Feature Flag.
[PcdsFeatureFlag]
## Indicates if SMM Profile will be enabled.
# If enabled, instruction executions in and data accesses to memory outside
of SMRAM will be logged.
# It could not be enabled at the same time with SMM static p
On 03/07/19 12:14, nkvangup wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1593
>
> For every SMI occurrence, save and restore CR2 register only when SMM
> on-demand paging support is enabled in 64 bit operation mode.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Sign
On 03/07/19 03:53, Dong, Eric wrote:
> Hi Star,
>
> This logic seems much complicated than mine. Also after CSM retired from
> EDKII, we will change this code back to only require allocate buffer below
> 1M. I will add such notes in the code comments. So I prefer to use my change.
I apologize
Hi All,
When one of DHCP cum PXE server which is not configured properly and returns
NACK.
When PxeBcDhcp4Dora() returns EFI_TIME_OUT and PxeBcSelectBootPrompt () returns
EFI_NOT_FOUND, do we need to abort the DHCP transaction or not in
PxeBcDiscoverBootFile()? Or should we retry?
Currently it
Hi,
On 03/07/19 03:30, Shenglei Zhang wrote:
> .nasm file has been added for X86 arch. .S assembly code
> is not required any more.
> https://bugzilla.tianocore.org/show_bug.cgi?id=1594
>
> Cc: Michael D Kinney
> Cc: Liming Gao
> Cc: Eric Dong
> Cc: Ray Ni
> Cc: Laszlo Ersek
> Shenglei Zhang
Reviewed-by: jiewen@intel.com
> -Original Message-
> From: Vanguput, Narendra K
> Sent: Thursday, March 7, 2019 3:15 AM
> To: edk2-devel@lists.01.org
> Cc: Vanguput, Narendra K ; Dong, Eric
> ; Ni, Ray ; Laszlo Ersek
> ; Yao, Jiewen
> Subject: [PATCH v2] UefiCpuPkg\CpuSmm: Save & rest
On Wed, Mar 06, 2019 at 02:22:25PM +0100, Ard Biesheuvel wrote:
> On Wed, 6 Mar 2019 at 13:41, Achin Gupta wrote:
> >
> > On Wed, Mar 06, 2019 at 10:37:58AM +0100, Ard Biesheuvel wrote:
> > > (adding Achin and Charles)
> > >
> > > On Wed, 6 Mar 2019 at 10:16, Ni, Ray wrote:
> > > >
> > > > >
On Thu, Mar 07, 2019 at 11:09:35AM +0100, Ard Biesheuvel wrote:
> On Wed, 6 Mar 2019 at 16:37, Achin Gupta wrote:
> >
> > On Wed, Mar 06, 2019 at 04:17:51PM +0100, Ard Biesheuvel wrote:
> > > On Wed, 6 Mar 2019 at 16:16, Achin Gupta wrote:
> > > >
> > > > Hi Ard,
> > > >
> > > > On Tue, Mar 05, 2
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1593
For every SMI occurrence, save and restore CR2 register only when SMM
on-demand paging support is enabled in 64 bit operation mode.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Vanguput Narendra K
Cc: Eric Dong
Cc
On Wed, 6 Mar 2019 at 16:37, Achin Gupta wrote:
>
> On Wed, Mar 06, 2019 at 04:17:51PM +0100, Ard Biesheuvel wrote:
> > On Wed, 6 Mar 2019 at 16:16, Achin Gupta wrote:
> > >
> > > Hi Ard,
> > >
> > > On Tue, Mar 05, 2019 at 02:32:40PM +0100, Ard Biesheuvel wrote:
> > > > The PCD PcdStandaloneMmEn
Reviewed-by: Yonghong Zhu
Best Regards,
Zhu Yonghong
-Original Message-
From: Feng, Bob C
Sent: Thursday, March 07, 2019 1:42 PM
To: edk2-devel@lists.01.org
Cc: Feng, Bob C ; Gao, Liming ;
Zhu, Yonghong
Subject: [Patch V2 1/1] Document: Add PCD flexible format value EBNF in Fdf.
BZ
34 matches
Mail list logo
