Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2019-11-08 15:23:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Fri Nov 8 15:23:40 2019 rev:39 rq:746484 version:201908 Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2019-10-23 15:33:18.725506691 +0200 +++ /work/SRC/openSUSE:Factory/.ovmf.new.2990/ovmf.changes 2019-11-08 15:23:45.434869808 +0100 @@ -1,0 +2,19 @@ +Fri Nov 8 04:09:48 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Use the same x86 4MB firmware names as the ones in the previous + version (< stable201905) for backward compatibility + +------------------------------------------------------------------- +Wed Nov 6 06:28:25 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Disable TLS for IA32(i586) to avoid exceeding the size limitation + while using the tool chain from SLE15-SP2/openSUSE Leap 15.2 + +------------------------------------------------------------------- +Mon Nov 4 06:44:03 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Add ovmf-bsc1153072-fix-invalid-https-cert.patch to reject the + invalid server certificates for HTTPS Boot + (bsc#1153072, CVE-2019-14553) + +------------------------------------------------------------------- New: ---- ovmf-bsc1153072-fix-invalid-https-cert.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf.spec ++++++ --- /var/tmp/diff_new_pack.bWcxRR/_old 2019-11-08 15:23:47.422871911 +0100 +++ /var/tmp/diff_new_pack.bWcxRR/_new 2019-11-08 15:23:47.426871915 +0100 @@ -49,6 +49,7 @@ Patch3: %{name}-pie.patch Patch4: %{name}-disable-ia32-firmware-piepic.patch Patch5: %{name}-set-fixed-enroll-time.patch +Patch6: %{name}-bsc1153072-fix-invalid-https-cert.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bc BuildRequires: fdupes @@ -171,6 +172,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # add openssl pushd CryptoPkg/Library/OpensslLib/openssl @@ -208,7 +210,7 @@ FLAVORS=("ovmf-ia32") BUILD_ARCH="IA32" - OVMF_FLAGS="$OVMF_FLAGS -D NETWORK_TLS_ENABLE -D FD_SIZE_2MB" + OVMF_FLAGS="$OVMF_FLAGS -D FD_SIZE_2MB" BUILD_OPTIONS="$OVMF_FLAGS -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -b DEBUG -t $TOOL_CHAIN_TAG" make -C BaseTools %else @@ -461,6 +463,16 @@ done done +%ifarch x86_64 +# Rename the x86_64 4MB firmware +# We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the +# version < stable201905. Rename the 4MB firmware files for backward +# compatibility. +for key in ${KEY_SOURCES[@]}; do + rename "4m-$key" "$key-4m" *"4m-$key"*.bin +done +%endif #x86_64 + %endif #secureboot_archs %install ++++++ ovmf-bsc1153072-fix-invalid-https-cert.patch ++++++ ++++ 1129 lines (skipped)
