commit ovmf for openSUSE:Factory

2020-11-10 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-11-10 13:38:34

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.11331 (New)


Package is "ovmf"

Tue Nov 10 13:38:34 2020 rev:53 rq:846146 version:202008

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-11-02 
14:04:06.792668677 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.11331/ovmf.changes 2020-11-10 
13:39:18.672490454 +0100
@@ -1,0 +2,7 @@
+Thu Nov  5 07:56:36 UTC 2020 - Gary Ching-Pang Lin 
+
+- Update the json descriptors to address all x86_64 firmware files
+  (jsc#SLE-15915)
+- Remove the executable bit from brotli source code files
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.S87VUk/_old  2020-11-10 13:39:19.46440 +0100
+++ /var/tmp/diff_new_pack.S87VUk/_new  2020-11-10 13:39:19.468488872 +0100
@@ -186,9 +186,13 @@
 # add brotli
 pushd BaseTools/Source/C/BrotliCompress/brotli
 tar -xf %{SOURCE8} --strip 1
+#  remove the executable bit from files
+find . -type f -exec chmod 0644 {} \;
 popd
 pushd MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
 tar -xf %{SOURCE8} --strip 1
+#  remove the executable bit from files
+find . -type f -exec chmod 0644 {} \;
 popd
 
 # add oniguruma


++ descriptors.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-2m-ms.json 
new/descriptors/60-ovmf-x86_64-2m-ms.json
--- old/descriptors/60-ovmf-x86_64-2m-ms.json   1970-01-01 01:00:00.0 
+0100
+++ new/descriptors/60-ovmf-x86_64-2m-ms.json   2020-11-05 07:27:37.143871500 
+0100
@@ -0,0 +1,34 @@
+{
+"description": "UEFI firmware for x86_64, with Secure Boot, and MS certs 
enrolled (legacy 2MB flash size)",
+"interface-types": [
+"uefi"
+],
+"mapping": {
+"device": "flash",
+"executable": {
+"filename": "@DATADIR@/ovmf-x86_64-ms-code.bin",
+"format": "raw"
+},
+"nvram-template": {
+"filename": "@DATADIR@/ovmf-x86_64-ms-vars.bin",
+"format": "raw"
+}
+},
+"targets": [
+{
+"architecture": "x86_64",
+"machines": [
+"pc-i440fx-*",
+"pc-q35-*"
+]
+}
+],
+"features": [
+"acpi-s3",
+"amd-sev",
+"verbose-dynamic"
+],
+"tags": [
+
+]
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-2m-opensuse.json 
new/descriptors/60-ovmf-x86_64-2m-opensuse.json
--- old/descriptors/60-ovmf-x86_64-2m-opensuse.json 1970-01-01 
01:00:00.0 +0100
+++ new/descriptors/60-ovmf-x86_64-2m-opensuse.json 2020-11-05 
07:27:46.151927408 +0100
@@ -0,0 +1,34 @@
+{
+"description": "UEFI firmware for x86_64, with Secure Boot, and openSUSE 
certs enrolled (legacy 2MB flash size)",
+"interface-types": [
+"uefi"
+],
+"mapping": {
+"device": "flash",
+"executable": {
+"filename": "@DATADIR@/ovmf-x86_64-opensuse-code.bin",
+"format": "raw"
+},
+"nvram-template": {
+"filename": "@DATADIR@/ovmf-x86_64-opensuse-vars.bin",
+"format": "raw"
+}
+},
+"targets": [
+{
+"architecture": "x86_64",
+"machines": [
+"pc-i440fx-*",
+"pc-q35-*"
+]
+}
+],
+"features": [
+"acpi-s3",
+"amd-sev",
+"verbose-dynamic"
+],
+"tags": [
+
+]
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-2m-suse.json 
new/descriptors/60-ovmf-x86_64-2m-suse.json
--- old/descriptors/60-ovmf-x86_64-2m-suse.json 1970-01-01 01:00:00.0 
+0100
+++ new/descriptors/60-ovmf-x86_64-2m-suse.json 2020-11-05 07:28:17.640122837 
+0100
@@ -0,0 +1,34 @@
+{
+"description": "UEFI firmware for x86_64, with Secure Boot, and SUSE certs 
enrolled (legacy 2MB flash size)",
+"interface-types": [
+"uefi"
+],
+"mapping": {
+"device": "flash",
+"executable": {
+"filename": "@DATADIR@/ovmf-x86_64-suse-code.bin",
+"format": "raw"
+},
+"nvram-template": {
+"filename": "@DATADIR@/ovmf-x86_64-suse-vars.bin",
+"format": "raw"
+}
+},
+"targets": [
+{
+"architecture": "x86_64",
+"machines": [
+

commit ovmf for openSUSE:Factory

2020-11-02 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-11-02 14:03:53

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3463 (New)


Package is "ovmf"

Mon Nov  2 14:03:53 2020 rev:52 rq:844952 version:202008

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-09-09 
17:49:39.154558706 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3463/ovmf.changes  2020-11-02 
14:04:06.792668677 +0100
@@ -1,0 +2,7 @@
+Fri Oct 30 02:15:13 UTC 2020 - Gary Ching-Pang Lin 
+
+- Add _constraints to request at least 6GB disk (bsc#1178244)
+- Remove the build files after finishing the build to reduce the
+  disk usage (bsc#1178244)
+
+---

New:

  _constraints



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.V0sQ3q/_old  2020-11-02 14:04:07.920669534 +0100
+++ /var/tmp/diff_new_pack.V0sQ3q/_new  2020-11-02 14:04:07.924669536 +0100
@@ -283,6 +283,9 @@
 cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
 cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
 
+# Remove the temporary build files to reduce the disk usage (bsc#1178244)
+rm -rf Build/OvmfIa32/
+
 ### Build x86_64 UEFI Images ###
 %ifarch x86_64
 collect_x86_64_debug_files()
@@ -342,6 +345,9 @@
 find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \;
 %endif
 
+# Remove the temporary build files to reduce the disk usage (bsc#1178244)
+rm -rf Build/OvmfX64/
+
 # Build with keys done later (shared between archs)
 
 ### Build AARCH64 UEFI Images ###
@@ -362,6 +368,9 @@
 cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/Shell.efi AARCH64
 cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi AARCH64
 
+# Remove the temporary build files to reduce the disk usage (bsc#1178244)
+rm -rf Build/ArmVirtQemu-AARCH64/
+
 # Build with keys done later (shared between archs)
 
 ### Build AARCH32 UEFI Images ###
@@ -377,6 +386,9 @@
 dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
 dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
 
+# Remove the temporary build files to reduce the disk usage (bsc#1178244)
+rm -rf Build/ArmVirtQemu-ARM/
+
 ### Build the variable store templates ###
 
 # Default key sources: ms suse opensuse


++ _constraints ++

  

  6

commit ovmf for openSUSE:Factory

2020-09-09 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-09-09 17:48:21

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3399 (New)


Package is "ovmf"

Wed Sep  9 17:48:21 2020 rev:51 rq:832683 version:202008

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-07-26 
16:16:40.496660258 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3399/ovmf.changes  2020-09-09 
17:49:39.154558706 +0200
@@ -1,0 +2,81 @@
+Mon Sep  7 03:55:46 UTC 2020 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable202008
+  + MdeModulePkg/Library: add PEIM and SEC module type to
+TpmMeasurementLibNull
+  + SecurityPkg/DxeImageVerificationLib: catch alignment overflow
+(CVE-2019-14562) (bsc#1175476)
+  + OvmfPkg/CpuHotplugSmm: fix CPU hotplug race before and after
+SMI broadcast
+  + SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
+  + MdePkg/Include: Add missing definition of SMBIOS type 42h in
+SmBios.h
+  + MdePkg: UefiFileHandleLib: fix buffer overrun in
+FileHandleReadLine()
+  + OvmfPkg: Add SEV-ES support
+  + MdeModulePkg/PartitionDxe: Fix the incorrect LBA size in child
+hander
+  + MdeModulePkg/PartitionDxe: Revert changes for the special MBR
+  + MdeModulePkg/PartitionDxe: Put the UDF check ahead of MBR
+  + ShellPkg: smbiosview - Change some type 17 field values format
+  + CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
+  + MdeModulePkg: Upon BootOption failure, Destroy RamDisk memory
+before RSC.
+  + OvmfPkg/LsiScsiDxe: Add support for LSI 53C895A
+  + MdeModulePkg/DisplayEngine: Add Debug message to show mismatch
+menu info
+  + Add New Memory Attributes
+  + MdeModulePkg/PartitionDxe: Add already start check for child
+hanldes
+  + MdeModulePkg/PartitionDxe: Skip the MBR that add for CD-ROM
+  + MdeModulePkg/PartitionDxe: Correct the MBR last block value
+  + MdeModulePkg/Variable/RuntimeDxe: Fix return status from
+Reclaim()
+  + SecurityPkg/Tcg2Pei: Add missing PCRIndex in FvBlob event.
+  + SecurityPkg/Tcg2Dxe: Add PcdTcgPfpMeasurementRevision in
+SpecId event.
+  + CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated
+SHA1 and MD5
+  + ArmVirtPkg/NorFlashQemuLib: disable NOR flash DT nodes upon
+discovery
+  + UefiCpuPkg/SecCore: Add pre-memory AP vector
+  + OvmfPkg: End timer interrupt later to avoid stack overflow
+under load
+  + ArmPkg/PlatformBootManagerLib: regenerate boot options on
+boot failure
+  + MdeModulePkg/StatusCodeHandler: do not output \n\r for string
+data
+  + Revert "OvmfPkg: use generic QEMU image loader for secure boot
+enabled ..."
+  + ArmVirtPkg/PrePi: use standard PeCoff routines for
+self-relocation
+  + ArmVirtPkg: add FDF rule for self-relocating PrePi
+  + ArmPkg/ArmExceptionLib: use static buffer for sp_el0
+  + MdeModulePkg/SetupBrowserDxe: Do not reconnect driver with
+form-update
+  + OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from
+LoadImage()
+  + OvmfPkg/Tcg2ConfigPei: generalize TPM2-only file-top comments
+  + ArmPkg: only attempt buildin MmCommunicationDxe for AArch64
+  + ArmPkg/PlatformBootManagerLib: don't connect all devices on
+each boot
+  + ArmPkg/PlatformBootManagerLib: hide UEFI Shell as a regular
+boot option
+  + MdeModulePkg/BootManagerUiLib: show inactive boot options
+  + ArmPkg/PlatformBootManagerLib: fall back to the UiApp on
+boot failure
+  + ArmPkg/PlatformBootManagerLib: register 's' as UEFI Shell
+hotkey
+  + ArmPkg/PlatformBootManagerLib: connect non-discoverable USB
+hosts
+  + ArmPkg/ArmSvcLib: prevent speculative execution beyond svc
+  + ArmPkg/PlatformBootManagerLib: reject 'default' parity and
+stop bit count
+  + ArmPkg/PlatformBootManagerLib: use static assertion for
+console type
+- Update openssl to 1.1.1g
+- Drop openssl-fix-syntax-error.patch
+  + The new openssl already includes the fix.
+- Refresh ovmf-pie.patch and ovmf-disable-ia32-firmware-piepic.patch
+
+---

Old:

  edk2-stable202005.tar.gz
  openssl-1.1.1d.tar.gz
  openssl-1.1.1d.tar.gz.asc
  openssl-fix-syntax-error.patch

New:

  edk2-stable202008.tar.gz
  openssl-1.1.1g.tar.gz
  openssl-1.1.1g.tar.gz.asc



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.CRcuNM/_old  2020-09-09 17:49:42.034561046 +0200
+++ /var/tmp/diff_new_pack.CRcuNM/_new  2020-09-09 17:49:42.038561050 +0200
@@ -18,7 +18,7 @@
 
 
 %undefine _build_create_debug
-%global openssl_version 1.1.1d
+%global openssl_version 1.1.1g
 %global softfloat_version b64af41c3276f
 
 Name:   ovmf
@@ -26,7 +26,7 @@
 Summary:Open Virtual Machine

commit ovmf for openSUSE:Factory

2020-07-26 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-07-26 16:15:15

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3592 (New)


Package is "ovmf"

Sun Jul 26 16:15:15 2020 rev:50 rq:822306 version:202005

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-06-10 
00:35:36.460946222 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3592/ovmf.changes  2020-07-26 
16:16:40.496660258 +0200
@@ -1,0 +2,6 @@
+Wed Jul 22 16:01:04 UTC 2020 - Kai Liu 
+
+- Fixed TPM support. TPM2_ENABLE & TPM2_CONFIG_ENABLE build flags
+  were changed to TPM_* since upstream commit 07952a962a40.
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.SdeYK7/_old  2020-07-26 16:16:42.048661564 +0200
+++ /var/tmp/diff_new_pack.SdeYK7/_new  2020-07-26 16:16:42.052661567 +0200
@@ -208,8 +208,8 @@
 
 OVMF_FLAGS=" \
-D SECURE_BOOT_ENABLE \
-   -D TPM2_ENABLE \
-   -D TPM2_CONFIG_ENABLE \
+   -D TPM_ENABLE \
+   -D TPM_CONFIG_ENABLE \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
 "

commit ovmf for openSUSE:Factory

2020-06-09 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-06-10 00:35:14

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3606 (New)


Package is "ovmf"

Wed Jun 10 00:35:14 2020 rev:49 rq:812838 version:202005

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-05-29 
21:35:34.922329278 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3606/ovmf.changes  2020-06-10 
00:35:36.460946222 +0200
@@ -1,0 +2,52 @@
+Tue Jun  9 08:06:06 UTC 2020 - Gary Ching-Pang Lin 
+
+- Use the reduced source tarballs since ovmf only needs a portion
+  of the code.
+  + brotli-v1.0.7-17-g666c328.tar.xz ->
+brotli-v1.0.7-17-g666c328-c.tar.xz
+- We only need the "c" directory, not the whole tarball.
+  + oniguruma-v6.9.4_mark1.tar.xz ->
+oniguruma-v6.9.4_mark1-src.tar.xz
+- We only need the "src" directory, not the whole tarball.
+
+---
+Fri Jun  5 06:33:21 UTC 2020 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable202005
+  + RegularExpressionDxe: Use submodule way to access third party
+Oniguruma
+  + BrotliCustomDecompressLib: Use submodule way to access third
+party brotli
+  + BaseTools: Use submodule way to access third party brotli
+  + RISC-V architecture on EDK2
+  + Disabling safe string constraint assertions
+  + ArmVirtPkg Implement support for TPM2 measured boot
+  + OVMF Implement support for Linux v5.7+ initrd and mixed mode
+loading
+  + OVMF Use loadimage/startimage for loading the kernel passed
+via the QEMU command line
+  + OVMF Support booting from Fusion-MPT SCSI controllers
+  + OVMF Support booting from VMware PVSCSI controllers
+  + OVMF RFE: VCPU hotplug with SMM
+  + OVMF PEI phase variable driver / MemoryTypeInfo tracking
+  + ArmVirtPkg, OvmfPkg: Pass parameter from QEMU to control PXE
+IPv4/v6 boot
+  + Remove deprecate APIs in BaseCryptLib
+  + Add UEFI 2.8/2.8a definition in MdePkg
+  + Add PI1.7/PI1.7a definition into MdePkg
+  + BaseCryptoLib MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC
+SHA1 API have been deprecated.
+  + SecurityPkg Tcg2PhysicalPresenceLib library class removes two
+macros TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and
+TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT.
+- Add 2 tarballs from the submodules of edk2:
+  + brotli-v1.0.7-17-g666c328.tar.xz
+  + oniguruma-v6.9.4_mark1.tar.xz
+- Refresh patches:
+  + ovmf-add-exclude-shell-flag.patch
+  + ovmf-gdb-symbols.patch
+- Drop upstream patch: ovmf-bsc1163927-fix-ping-and-ip6dxe.patch
+- Drop ovmf-bsc1171643-workaround-outline-atomics.patch since
+  upstream fixed it in another way.
+
+---

Old:

  edk2-stable202002.tar.gz
  ovmf-bsc1163927-fix-ping-and-ip6dxe.patch
  ovmf-bsc1171643-workaround-outline-atomics.patch

New:

  brotli-v1.0.7-17-g666c328-c.tar.xz
  edk2-stable202005.tar.gz
  oniguruma-v6.9.4_mark1-src.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.4KaMeY/_old  2020-06-10 00:35:38.176950825 +0200
+++ /var/tmp/diff_new_pack.4KaMeY/_new  2020-06-10 00:35:38.180950835 +0200
@@ -26,7 +26,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause-Patent
 Group:  System/Emulators/PC
-Version:202002
+Version:202005
 Release:0
 Source0:
https://github.com/tianocore/edk2/archive/edk2-stable%{version}.tar.gz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
@@ -39,6 +39,10 @@
 # berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3
 Source6:berkeley-softfloat-3-%{softfloat_version}.tar.xz
 Source7:descriptors.tar.xz
+# brotli: https://github.com/google/brotli, "c" directory only
+Source8:brotli-v1.0.7-17-g666c328-c.tar.xz
+# oniguruma: https://github.com/kkos/oniguruma,  "src" directory only
+Source9:oniguruma-v6.9.4_mark1-src.tar.xz
 Source100:  %{name}-rpmlintrc
 Source101:  gdb_uefi.py.in
 Source102:  gen-key-enrollment-iso.sh
@@ -48,8 +52,6 @@
 Patch3: %{name}-pie.patch
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
-Patch6: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch
-Patch7: %{name}-bsc1171643-workaround-outline-atomics.patch
 Patch100:   openssl-fix-syntax-error.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
@@ -168,10 +170,6 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
-%if %{gcc_version} >= 10
-%patch7 -p1
-%endif
 
 # add openssl
 pushd

commit ovmf for openSUSE:Factory

2020-05-29 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-05-29 21:19:52

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3606 (New)


Package is "ovmf"

Fri May 29 21:19:52 2020 rev:48 rq:807896 version:202002

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-04-25 
20:09:21.243675129 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3606/ovmf.changes  2020-05-29 
21:35:34.922329278 +0200
@@ -1,0 +2,6 @@
+Thu May 21 03:36:17 UTC 2020 - Gary Ching-Pang Lin 
+
+- Add ovmf-bsc1171643-workaround-outline-atomics.patch to disable
+  gcc10 outline-atomics in AArch64 (bsc#1171643)
+
+---

New:

  ovmf-bsc1171643-workaround-outline-atomics.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.fQ3DPa/_old  2020-05-29 21:35:35.878332124 +0200
+++ /var/tmp/diff_new_pack.fQ3DPa/_new  2020-05-29 21:35:35.878332124 +0200
@@ -49,6 +49,7 @@
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
 Patch6: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch
+Patch7: %{name}-bsc1171643-workaround-outline-atomics.patch
 Patch100:   openssl-fix-syntax-error.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
@@ -168,6 +169,9 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%if %{gcc_version} >= 10
+%patch7 -p1
+%endif
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl






++ ovmf-bsc1171643-workaround-outline-atomics.patch ++
diff --git a/BaseTools/Conf/tools_def.template 
b/BaseTools/Conf/tools_def.template
index 2b17d3b..cc510ae 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2010,7 +2010,7 @@ DEFINE GCC5_ARM_ASM_FLAGS= 
DEF(GCC49_ARM_ASM_FLAGS)
 DEFINE GCC5_AARCH64_ASM_FLAGS= DEF(GCC49_AARCH64_ASM_FLAGS)
 DEFINE GCC5_ARM_CC_FLAGS = DEF(GCC49_ARM_CC_FLAGS)
 DEFINE GCC5_ARM_CC_XIPFLAGS  = DEF(GCC49_ARM_CC_XIPFLAGS)
-DEFINE GCC5_AARCH64_CC_FLAGS = DEF(GCC49_AARCH64_CC_FLAGS)
+DEFINE GCC5_AARCH64_CC_FLAGS = DEF(GCC49_AARCH64_CC_FLAGS) 
-mno-outline-atomics
 DEFINE GCC5_AARCH64_CC_XIPFLAGS  = DEF(GCC49_AARCH64_CC_XIPFLAGS)
 DEFINE GCC5_ARM_DLINK_FLAGS  = DEF(GCC49_ARM_DLINK_FLAGS)
 DEFINE GCC5_ARM_DLINK2_FLAGS = DEF(GCC49_ARM_DLINK2_FLAGS) -Wno-error

commit ovmf for openSUSE:Factory

2020-04-25 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-04-25 20:09:14

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.2738 (New)


Package is "ovmf"

Sat Apr 25 20:09:14 2020 rev:47 rq:795744 version:202002

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-04-10 
23:52:31.672666899 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.2738/ovmf.changes  2020-04-25 
20:09:21.243675129 +0200
@@ -1,0 +2,11 @@
+Mon Apr 20 06:11:25 UTC 2020 - Gary Ching-Pang Lin 
+
+- Build all non-native firmware files on x86_64 and aarch64 with
+  cross-compilers (bsc#1159134)
+  + Exclude i586 and armv7hl due to the availability of
+cross-compilers
+  + Move some bash functions to ovmf-build-funcs.sh
+- Clean up PKG_TO_REMOVE
+  + Only EmulatorPkg still exists.
+
+---

New:

  ovmf-build-funcs.sh



Other differences:
--
++ ovmf.spec ++
 719 lines (skipped)
 between /work/SRC/openSUSE:Factory/ovmf/ovmf.spec
 and /work/SRC/openSUSE:Factory/.ovmf.new.2738/ovmf.spec






++ ovmf-build-funcs.sh ++
#!/bin/bash

# Generate PK/KEK OEM strings
pkkek_oemstr()
{
local CERT_FILE=$1
sed \
-e 's/^-BEGIN 
CERTIFICATE-$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
-e '/^-END CERTIFICATE-$/d' \
$CERT_FILE \
| tr -d '\n'
}

# Build the varstore template
build_template()
{
local ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
local PREFIX="$2"
local KEY="$3"
local PKKEK_FILE="$4"
local ISO_FILE="$5"
local TYPE="$6"

# QEMU parameters
#  pflash parameters
local PFLASH=""
if [ $TYPE == "separate" ]; then
local FW_CODE_ORIG="${PREFIX}-code.bin"
local FW_VARS_ORIG="${PREFIX}-vars.bin"
local FW_CODE="${PREFIX}-${KEY}-code.bin"
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
local PFLASH_CODE="-drive 
if=pflash,format=raw,unit=0,readonly,file=$FW_CODE"
local PFLASH_VARS="-drive 
if=pflash,format=raw,unit=1,file=$FW_VARS"

ln -s "$FW_CODE_ORIG" "$FW_CODE"
cp "$FW_VARS_ORIG" "$FW_VARS"

PFLASH="$PFLASH_CODE $PFLASH_VARS"
elif [ $TYPE == "unified" ]; then
local UNIFIED_FW_ORIG="${PREFIX}.bin"
local UNIFIED_FW="${PREFIX}-${KEY}.bin"

cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"

PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
fi

#  smbios parameters for PK and KEK
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"

#  memory: 256MB
local MEMORY="-m 256"

#  redirect display to stdio and disable network
local MISC="-display none -no-user-config -nodefaults -smp 1"
MISC="$MISC -serial stdio"

#  set cdrom device
local CDROM="-device virtio-scsi-pci,id=scsi0"
CDROM="$CDROM -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=0"
CDROM="$CDROM -drive media=cdrom,if=none,id=cd0,format=raw,readonly=on"
CDROM="$CDROM,file=${ISO_FILE}"

if [ $ARCH == "X64" ]; then
# qemu command
local QEMU="qemu-system-x86_64"

# machine parameters
local MACHINE="-machine q35"
if [[ "$PREFIX" == *"-smm" ]]; then
MACHINE="$MACHINE,smm=on,accel=tcg"
MACHINE="$MACHINE -global 
driver=cfi.pflash01,property=secure,value=on"
MACHINE="$MACHINE -global ICH9-LPC.disable_s3=1"
fi
MACHINE="$MACHINE -chardev pty,id=charserial1"
MACHINE="$MACHINE -device 
isa-serial,chardev=charserial1,id=serial1"
elif [ $ARCH == "AARCH64" ]; then
# qemu command
local QEMU="qemu-system-aarch64"

# machine parameters
local MACHINE="-cpu cortex-a57 -machine virt"
fi

# Launch the VM
$QEMU $MACHINE $MEMORY $PFLASH $SMBIOS $CDROM $MISC
}

commit ovmf for openSUSE:Factory

2020-04-10 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-04-10 23:52:18

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3248 (New)


Package is "ovmf"

Fri Apr 10 23:52:18 2020 rev:46 rq:791681 version:202002

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-03-11 
18:31:44.522876421 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3248/ovmf.changes  2020-04-10 
23:52:31.672666899 +0200
@@ -1,0 +2,6 @@
+Mon Apr  6 03:37:22 UTC 2020 - Gary Ching-Pang Lin 
+
+- Add ovmf-bsc1163927-fix-ping-and-ip6dxe.patch to fix crash and
+  hang in ShellPkg and Ip6Dxe (bsc#1163927, CVE-2019-14559)
+
+---

New:

  ovmf-bsc1163927-fix-ping-and-ip6dxe.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.BbzN4w/_old  2020-04-10 23:52:32.836667753 +0200
+++ /var/tmp/diff_new_pack.BbzN4w/_new  2020-04-10 23:52:32.836667753 +0200
@@ -49,6 +49,7 @@
 Patch3: %{name}-pie.patch
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
+Patch6: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch
 Patch100:   openssl-fix-syntax-error.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
@@ -172,6 +173,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl






++ ovmf-bsc1163927-fix-ping-and-ip6dxe.patch ++
>From f0f676088e356b8c912922dd2a12de210308befb Mon Sep 17 00:00:00 2001
From: Maciej Rabeda 
Date: Thu, 27 Feb 2020 11:30:43 +0100
Subject: [PATCH 1/3] ShellPkg: Fix 'ping' command Ip4 receive flow.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2032

'ping' command's receive flow utilizes a single Rx token which it
attempts to reuse before recycling the previously received packet.
This causes a situation where under ICMP traffic,
Ping6OnEchoReplyReceived() function will receive an already
recycled packet with EFI_SUCCESS token status and finally
dereference invalid pointers from RxData structure.

Cc: Ray Ni 
Cc: Zhichao Gao 
Signed-off-by: Maciej Rabeda 
Reviewed-by: Siyuan Fu 
Acked-by: Zhichao Gao 
(cherry picked from commit 65c73df44c61235ede84c5aa1d2eab6650844966)
---
 ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c 
b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
index 23567fa2c1bb..a3fa32515192 100644
--- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
+++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
@@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived (
 
 ON_EXIT:
 
+  //
+  // Recycle the packet before reusing RxToken
+  //
+  gBS->SignalEvent (Private->IpChoice == 
PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal);
+
   if (Private->RxCount < Private->SendNum) {
 //
 // Continue to receive icmp echo reply packets.
@@ -632,10 +637,6 @@ ON_EXIT:
 //
 Private->Status = EFI_SUCCESS;
   }
-  //
-  // Singal to recycle the each rxdata here, not at the end of process.
-  //
-  gBS->SignalEvent (Private->IpChoice == 
PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal);
 }
 
 /**
-- 
2.25.1


>From d2f2e106c5f94acb2b1033c2f4324aa46b4b Mon Sep 17 00:00:00 2001
From: Maciej Rabeda 
Date: Mon, 2 Mar 2020 13:25:20 +0100
Subject: [PATCH 2/3] NetworkPkg/Ip6Dxe: Improve Neightbor Discovery message
 validation.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2174

Problem has been identified with Ip6ProcessRouterAdvertise() when
Router Advertise packet contains options with malicious/invalid
'Length' field. This can lead to platform entering infinite loop
when processing options from that packet.

Cc: Jiaxin Wu 
Cc: Siyuan Fu 
Signed-off-by: Maciej Rabeda 
Reviewed-by: Siyuan Fu 
(cherry picked from commit 9c20342eed70ec99ec50cd73cb81804299f05403)
---
 NetworkPkg/Ip6Dxe/Ip6Nd.c | 44 ---
 NetworkPkg/Ip6Dxe/Ip6Nd.h | 13 
 NetworkPkg/Ip6Dxe/Ip6Option.c | 57 ++-
 3 files changed, 83 insertions(+), 31 deletions(-)

diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
index 4288ef02dd46..fd7f60b2f92c 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c
@@ -1927,7 +1927,7 @@ Ip6ProcessRouterAdvertise (
   UINT32

commit ovmf for openSUSE:Factory

2020-03-11 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-03-11 18:31:36

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.3160 (New)


Package is "ovmf"

Wed Mar 11 18:31:36 2020 rev:45 rq:782009 version:202002

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-02-29 
21:21:37.958174312 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.3160/ovmf.changes  2020-03-11 
18:31:44.522876421 +0100
@@ -1,0 +2,221 @@
+Fri Mar  6 03:11:48 UTC 2020 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable202002
+  + UefiCpuPkg/MpInitLib: Skip reading PlatformId on AMD processors.
+  + BaseTools: Remove invalid leading space before !INCLUDE in Makefile
+  + OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and "bochs-display" support
+  + NetworkPkg/ArpDxe: Recycle invalid ARP packets (CVE-2019-14559)
+  + ShellPkg: acpiview: Prevent infinite loop if structure length is 0
+  + CryptoPkg/BaseHashApiLib: Change PcdHashApiLibPolicy type to FixedAtBuild
+  + CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0 Implementation
+  + MdeModulePkg: Make retval in UninstallMultipleProtocol follow Spec
+  + SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase
+name (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: Differentiate error/search
+result (2) (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: plug Data leak in
+IsForbiddenByDbx() (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: tighten default result
+(CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: Differentiate error/search
+result (1) (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching
+code (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching
+dbx (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in
+IsAllowedByDb (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: reject
+CertStack.CertNumber==0 per DBX (CVE-2019-14575)
+  + SecurityPkg/DxeImageVerificationLib: Fix memory leaks
+(CVE-2019-14575)
+  + NetworkPkg/Ip4Dxe: Check the received package length
+(CVE-2019-14559).
+  + ShellPkg: acpiview: Validate ACPI table 'Length' field
+  + ShellPkg: acpiview: Remove duplicate ACPI structure size definitions
+  + UefiCpuPkg RegisterCpuFeaturesLib: Match data type and format specifier
+  + MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo Unmap in TRB creation
+(CVE-2019-14587)
+  + MdeModulePkg/DisplayEngine: Zero memory before free (CVE-2019-14558)
+  + MdeModulePkg/String.c: Zero memory before free (CVE-2019-14558)
+  + MdeModulePkg/HiiDB: Remove configuration table when it's freed
+(CVE-2019-14586)
+  + MdePkg: Remove FIT table industry standard header file.
+  + UefiCpuPkg: Remove FIT based microcode shadow logic from MpInitLib.
+  + UefiCpuPkg/CpuFeature: Introduce First to indicate 1st unit.
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Rename [Before|After]FeatureBitMask
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Delete CPU_FEATURE_[BEFORE|AFTER]
+  + MdePkg: Add PCCT table signature definition
+  + BaseTools: Fixed build failure when using python38
+  + BaseTools:fix Ecc tool issue for check StructPcd
+  + BaseTools: Remove caret in NASM_INC macro
+  + BaseTools: Rationalise makefile generation
+  + MdePkg: Add PCI Express 5.0 Header File
+  + MdePkg: Disable EBC for unit tests in MdePkg.dsc
+  + MdePkg/SmBios.h: Add two additional DWORD for smbios 3.3.0 type17
+  + UefiCpuPkg/MpInitLib: Not pass microcode info between archs in CPU_MP_DATA
+  + Revert UefiCpuPkg/MpInitLib: Relocate microcode patch fields in CPU_MP_DATA
+  + ShellPkg: acpiview: Validate global pointers before use
+  + ShellPkg: acpiview: Validate System Locality count
+  + ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields
+  + ShellPkg: Document UpdateArgcArgv returns EFI_INVALID_PARAMETER
+  + ShellPkg: Document ParseCommandLineToArgs returns EFI_INVALID_PARAMETER
+  + ShellPkg/UefiShellAcpiViewCommandLib: Fix FADT Parser
+  + SecurityPkg: Fix incorrect return value when File is NULL
+  + BaseTools: Fixed a Incremental build issue
+  + CryptoPkg/CryptoPkg.dsc: Add build of Crypto libraries/modules
+  + CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instances
+  + CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules
+  + CryptoPkg: Add EDK II Crypto Protocols/PPIs/PCDs
+  + CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV().
+  + MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric truncation
+(CVE-2019-14563)
+  + MdeModulePkg/Capsule: Remove RT restriction in UpdateCapsule service.
+  + SecurityPkg/TcgPhysicalPresenceLib: Replace the ASSERT with error code
+  + BaseTools/PcdValueCommon: Fix 64-bit host

commit ovmf for openSUSE:Factory

2020-02-29 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-02-29 21:21:22

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.26092 (New)


Package is "ovmf"

Sat Feb 29 21:21:22 2020 rev:44 rq:779256 version:201911

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-02-20 
15:37:26.382744978 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.26092/ovmf.changes 2020-02-29 
21:21:37.958174312 +0100
@@ -1,0 +2,10 @@
+Mon Feb 24 04:00:24 UTC 2020 - Gary Ching-Pang Lin 
+
+- Add ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch to fix
+  dbx signature check (bsc#1163969, CVE-2019-14575)
+  + Also change the order of several patches to distinguish the
+openssl patch
+- Add ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch to fix memory
+  leakage in Ip4Dxe and ArpDxe (bsc#1163927, CVE-2019-14559)
+
+---

New:

  ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch
  ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.WB2zxY/_old  2020-02-29 21:21:38.830176038 +0100
+++ /var/tmp/diff_new_pack.WB2zxY/_new  2020-02-29 21:21:38.834176046 +0100
@@ -49,8 +49,10 @@
 Patch3: %{name}-pie.patch
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
-Patch6: openssl-fix-syntax-error.patch
-Patch7: 
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+Patch6: 
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch
+Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch
+Patch100:   openssl-fix-syntax-error.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
 BuildRequires:  fdupes
@@ -173,12 +175,14 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl
 tar -xf %{SOURCE1} --strip 1
-%patch6 -p1
+%patch100 -p1
 popd
 
 # add berkeley-softfloat-3






++ ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch ++
>From 7f9f7fccf58af2db5ac8c88801f56f4efe664fcb Mon Sep 17 00:00:00 2001
From: Jiaxin Wu 
Date: Mon, 29 Apr 2019 09:51:53 +0800
Subject: [PATCH 1/2] NetworkPkg/Ip4Dxe: Check the received package length
 (CVE-2019-14559).

v3: correct the coding style.
v2: correct the commit message & add BZ number.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610

This patch is to check the received package length to make sure the package
has a valid length field.

Cc: Fu Siyuan 
Cc: Maciej Rabeda 
Signed-off-by: Wu Jiaxin 
Reviewed-by: Siyuan Fu 
(cherry picked from commit 578bcdc2605e3438b9cbdac4e68339f90f5bf8af)
---
 NetworkPkg/Ip4Dxe/Ip4Input.c | 46 +---
 1 file changed, 37 insertions(+), 9 deletions(-)

diff --git a/NetworkPkg/Ip4Dxe/Ip4Input.c b/NetworkPkg/Ip4Dxe/Ip4Input.c
index 24c584658803..fc1a892f14eb 100644
--- a/NetworkPkg/Ip4Dxe/Ip4Input.c
+++ b/NetworkPkg/Ip4Dxe/Ip4Input.c
@@ -1,7 +1,7 @@
 /** @file
   IP4 input process.
 
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -711,10 +711,6 @@ Ip4PreProcessPacket (
   //
   // Check if the IP4 header is correctly formatted.
   //
-  if ((*Packet)->TotalSize < IP4_MIN_HEADLEN) {
-return EFI_INVALID_PARAMETER;
-  }
-
   HeadLen  = (Head->HeadLen << 2);
   TotalLen = NTOHS (Head->TotalLen);
 
@@ -808,6 +804,30 @@ Ip4PreProcessPacket (
   return EFI_SUCCESS;
 }
 
+/**
+  This function checks the IPv4 packet length.
+
+  @param[in]   Packet  Pointer to the IPv4 Packet to be checked.
+
+  @retval TRUE   The input IPv4 packet length is valid.
+  @retval FALSE  The input IPv4 packet length is invalid.
+
+**/
+BOOLEAN
+Ip4IsValidPacketLength (
+  IN NET_BUF*Packet
+  )
+{
+  //
+  // Check the IP4 packet length.
+  //
+  if (Packet->TotalSize < IP4_MIN_HEADLEN) {
+return FALSE;
+  }
+
+  return TRUE;
+}
+
 /**
   The IP4 input routine. It is called by the IP4_INTERFACE when a
   IP4 fragment is received from MNP.
@@ -844,6 +864,10 @@ Ip4AccpetFrame (
 goto DROP;
   }
 
+  if (!Ip4IsValidPacketLength (Packet)) {
+goto RESTART;
+  }
+
   Head  = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
   ASSERT (Head != NULL);
   OptionLen = (Head->HeadLen << 2) - IP4_MIN_HEADLEN;
@@ -890,10

commit ovmf for openSUSE:Factory

2020-02-20 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-02-20 15:37:21

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.26092 (New)


Package is "ovmf"

Thu Feb 20 15:37:21 2020 rev:43 rq:775106 version:201911

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-02-14 
16:26:47.899237020 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.26092/ovmf.changes 2020-02-20 
15:37:26.382744978 +0100
@@ -1,0 +2,7 @@
+Tue Feb 18 09:24:30 UTC 2020 - Gary Ching-Pang Lin 
+
+- Add ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+  to fix the numeric truncation to avoid the potential memory
+  corruption (bsc#1163959, CVE-2019-14563)
+
+---

New:

  ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.zF9AnQ/_old  2020-02-20 15:37:27.970747752 +0100
+++ /var/tmp/diff_new_pack.zF9AnQ/_new  2020-02-20 15:37:27.974747759 +0100
@@ -50,6 +50,7 @@
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
 Patch6: openssl-fix-syntax-error.patch
+Patch7: 
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
 BuildRequires:  fdupes
@@ -172,6 +173,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch7 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl






++ ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch ++
>From 322ac05f8bbc1bce066af1dabd1b70ccdbe28891 Mon Sep 17 00:00:00 2001
From: Hao A Wu 
Date: Fri, 28 Jun 2019 14:15:55 +0800
Subject: [PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric
 truncation (CVE-2019-14563)

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001

For S3BootScriptLib APIs:

S3BootScriptSaveIoWrite
S3BootScriptSaveMemWrite
S3BootScriptSavePciCfgWrite
S3BootScriptSavePciCfg2Write
S3BootScriptSaveSmbusExecute
S3BootScriptSaveInformation
S3BootScriptSaveInformationAsciiString
S3BootScriptLabel (happen in S3BootScriptLabelInternal())

possible numeric truncations will happen that may lead to S3 boot script
entry with improper size being returned to store the boot script data.
This commit will add checks to prevent this kind of issue.

Please note that the remaining S3BootScriptLib APIs:

S3BootScriptSaveIoReadWrite
S3BootScriptSaveMemReadWrite
S3BootScriptSavePciCfgReadWrite
S3BootScriptSavePciCfg2ReadWrite
S3BootScriptSaveStall
S3BootScriptSaveDispatch2
S3BootScriptSaveDispatch
S3BootScriptSaveMemPoll
S3BootScriptSaveIoPoll
S3BootScriptSavePciPoll
S3BootScriptSavePci2Poll
S3BootScriptCloseTable
S3BootScriptExecute
S3BootScriptMoveLastOpcode
S3BootScriptCompare

are not affected by such numeric truncation.

Signed-off-by: Hao A Wu 
Reviewed-by: Laszlo Ersek 
Reviewed-by: Eric Dong 
Acked-by: Jian J Wang 
---
 .../PiDxeS3BootScriptLib/BootScriptSave.c | 52 ++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c 
b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
index 9106e7d0f9f5..9315fc9f0188 100644
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
@@ -1,7 +1,7 @@
 /** @file
   Save the S3 data to S3 boot script.
 
-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite (
   EFI_BOOT_SCRIPT_IO_WRITE  ScriptIoWrite;
 
   WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+  //
+  // Truncation check
+  //
+  if ((Count > MAX_UINT8) ||
+  (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) {
+return RETURN_OUT_OF_RESOURCES;
+  }
   Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count));
 
   Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite (
   EFI_BOOT_SCRIPT_MEM_WRITE  ScriptMemWrite;
 
   WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+  //
+  // Truncation check
+  //
+  if ((Count > MAX_UINT8) ||
+  (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) {
+return RETURN_OUT_OF_RESOURCES;
+  }
   Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count));
 
   Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite (
   }

commit ovmf for openSUSE:Factory

2020-02-14 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-02-14 16:26:44

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.26092 (New)


Package is "ovmf"

Fri Feb 14 16:26:44 2020 rev:42 rq:770415 version:201911

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2020-01-01 
14:57:29.221905672 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.26092/ovmf.changes 2020-02-14 
16:26:47.899237020 +0100
@@ -1,0 +2,6 @@
+Mon Feb  3 02:14:23 UTC 2020 - Gary Ching-Pang Lin 
+
+- Build the unified firmware with preloaded keys for backward
+  compatibility (bsc#1159793)
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.zfP4i5/_old  2020-02-14 16:26:48.979237606 +0100
+++ /var/tmp/diff_new_pack.zfP4i5/_new  2020-02-14 16:26:48.979237606 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -360,19 +360,31 @@
local KEY="$3"
local PKKEK_FILE="$4"
local ISO_FILE="$5"
+   local TYPE="$6"
 
+   # QEMU parameters
+   #  pflash parameters
+   local PFLASH=""
+   if [ $TYPE == "separate" ]; then
local FW_CODE_ORIG="${PREFIX}-code.bin"
local FW_VARS_ORIG="${PREFIX}-vars.bin"
local FW_CODE="${PREFIX}-${KEY}-code.bin"
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
+   local PFLASH_CODE="-drive 
if=pflash,format=raw,unit=0,readonly,file=$FW_CODE"
+   local PFLASH_VARS="-drive 
if=pflash,format=raw,unit=1,file=$FW_VARS"
 
ln -s "$FW_CODE_ORIG" "$FW_CODE"
cp "$FW_VARS_ORIG" "$FW_VARS"
 
-   # QEMU parameters
-   #  pflash parameters
-   local PFLASH_CODE="-drive 
if=pflash,format=raw,unit=0,readonly,file=$FW_CODE"
-   local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS"
+   PFLASH="$PFLASH_CODE $PFLASH_VARS"
+   elif [ $TYPE == "unified" ]; then
+   local UNIFIED_FW_ORIG="${PREFIX}.bin"
+   local UNIFIED_FW="${PREFIX}-${KEY}.bin"
+
+   cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"
+
+   PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
+   fi
 
#  smbios parameters for PK and KEK
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"
@@ -412,7 +424,7 @@
fi
 
# Launch the VM
-   $QEMU $MACHINE $MEMORY $PFLASH_CODE $PFLASH_VARS $SMBIOS $CDROM $MISC
+   $QEMU $MACHINE $MEMORY $PFLASH $SMBIOS $CDROM $MISC
 }
 
 # Assign the default PK/KEK
@@ -459,11 +471,22 @@
 for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do
build_template "$BUILD_ARCH" "$flavor" "$key" \
-   "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}"
+   "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
+   "separate"
done
 done
 
 %ifarch x86_64
+# Generate the unified firmware with preloaded keys for backward
+# compatibility. (bsc#1159793)
+for flavor in ${FLAVORS[@]}; do
+   for key in ${KEY_SOURCES[@]}; do
+   build_template "$BUILD_ARCH" "$flavor" "$key" \
+   "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
+   "unified"
+   done
+done
+
 # Rename the x86_64 4MB firmware
 #  We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the
 #  version < stable201905. Rename the 4MB firmware files for backward

commit ovmf for openSUSE:Factory

2020-01-01 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2020-01-01 14:56:56

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.6675 (New)


Package is "ovmf"

Wed Jan  1 14:56:56 2020 rev:41 rq:758466 version:201911

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-12-07 
15:17:42.171776174 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.6675/ovmf.changes  2020-01-01 
14:57:29.221905672 +0100
@@ -1,0 +2,5 @@
+Fri Dec 20 09:11:37 UTC 2019 - Dirk Mueller 
+
+- only build -aarch32 Cortex-A15 EFI on armv7hl
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.iMmP8x/_old  2020-01-01 14:57:33.073907684 +0100
+++ /var/tmp/diff_new_pack.iMmP8x/_new  2020-01-01 14:57:33.073907684 +0100
@@ -58,7 +58,7 @@
 BuildRequires:  iasl
 BuildRequires:  libuuid-devel
 BuildRequires:  python3
-%ifnarch %arm
+%ifnarch armv7hl
 BuildRequires:  nasm
 %endif
 %ifarch %{secureboot_archs}
@@ -75,7 +75,7 @@
 %endif
 BuildRequires:  unzip
 %endif
-ExclusiveArch:  %ix86 x86_64 aarch64 %arm
+ExclusiveArch:  %ix86 x86_64 aarch64 armv7hl
 
 %description
 The Open Virtual Machine Firmware (OVMF) project aims to support
@@ -144,7 +144,7 @@
 virt board.
 %endif
 
-%ifarch %arm
+%ifarch armv7hl
 %package -n qemu-uefi-aarch32
 Summary:UEFI QEMU rom image (AArch32)
 Group:  System/Emulators/PC
@@ -231,7 +231,7 @@
BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b 
DEBUG -t $TOOL_CHAIN_TAG"
ARCH=AARCH64 make -C BaseTools
 %else
-%ifarch %arm
+%ifarch armv7hl
# Flavors for arm
FLAVORS=("aavmf-aarch32")
BUILD_ARCH="AARCH32"
@@ -324,7 +324,7 @@
 cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi .
 
 %else
-%ifarch %arm
+%ifarch armv7hl
 
 # Build the UEFI image
 build $BUILD_OPTIONS
@@ -525,7 +525,7 @@
 install -m 0644 -D descriptors/*-aarch64*.json \
-t %{buildroot}/%{_datadir}/qemu/firmware
 %else
-%ifarch %arm
+%ifarch armv7hl
 install -m 0644 -D qemu-uefi-aarch32.bin -t %{buildroot}/%{_datadir}/qemu/
 install -m 0644 -D aavmf-aarch32-*.bin -t %{buildroot}/%{_datadir}/qemu/
 install -m 0644 -D descriptors/*-aarch32*.json \
@@ -597,7 +597,7 @@
 %{_datadir}/qemu/firmware/*-aarch64*.json
 %endif
 
-%ifarch %arm
+%ifarch armv7hl
 %files -n qemu-uefi-aarch32
 %defattr(-,root,root)
 %license License.txt

commit ovmf for openSUSE:Factory

2019-12-07 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-12-07 15:15:50

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.4691 (New)


Package is "ovmf"

Sat Dec  7 15:15:50 2019 rev:40 rq:753074 version:201911

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-11-08 
15:23:45.434869808 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.4691/ovmf.changes  2019-12-07 
15:17:42.171776174 +0100
@@ -1,0 +2,68 @@
+Tue Dec  3 02:35:19 UTC 2019 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable201911
+  + SecurityPkg: Fix TPM2 ACPI measurement
+  + MdeModulePkg: Enable variable runtime cache by default
+  + OvmfPkg: Disable variable runtime cache
+  + MdeModulePkg/Variable: Add RT GetVariable() cache support
+  + CryptoPkg: Upgrade OpenSSL to 1.1.1d
+  + MdePkg-UefiSpec.h: Add UEFI 2.8 new memory attributes
+  + MdePkg/UefiFileHandleLib: Fix potential NULL dereference
+  + NetworkPkg/HttpDxe: Set the HostName for the verification
+(CVE-2019-14553)
+  + NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe
+driver (CVE-2019-14553)
+  + CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals
+as such (CVE-2019-14553)
+  + CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"
+(CVE-2019-14553)
+  + MdePkg/Include/Protocol/Tls.h: Add the data type of
+EfiTlsVerifyHost (CVE-2019-14553)
+  + MdeModulePkg/BdsDxe: Fix PlatformRecovery issue
+  + NetworkPkg/SnpDxe: Add PCD to remove ExitBootServices event
+from SNP driver
+  + MdeModulePkg: Update to support SmBios 3.3.0
+  + UefiCpuPkg/MpInitLib: honor the platform's boot CPU count in AP
+detection
+  + SecurityPkg/Tcg2: Add Support Laml, Lasa for TPM2 ACPI
+  + OvmfPkg/PlatformDxe: fix EFI_HII_HANDLE parameters of internal
+functions
+  + OvmfPkg/VirtioNetDxe: fix SignalEvent() call
+  + OvmfPkg/XenBusDxe: fix UninstallMultipleProtocolInterfaces()
+call
+  + NetworkPkg/Ip4Dxe: fix NetLibDestroyServiceChild() call
+  + MdeModulePkg/ScsiDiskDxe: Support Storage Security Command
+Protocol
+  + MdePkg: Implement SCSI commands for Security Protocol In/Out
+  + MdeModulePkg/TerminalDxe: Enhance the arrow keys support
+  + MdeModulePkg/UefiBootManager: Unload image on
+EFI_SECURITY_VIOLATION
+  + MdeModulePkg/DxeCapsuleLibFmp: Unload image on
+EFI_SECURITY_VIOLATION
+  + MdeModulePkg: Extend the support keyboard type of Terminal
+console
+  + UefiCpuPkg/CpuExceptionHandlerLib: Fix split lock
+  + UefiCpuPkg: Fix potential spinLock issue in SmmStartupThisAp
+  + UefiCpuPkg/PiSmmCpu: Enable 5L paging only when phy addr line
+> 48
+  + OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval
+handling
+  + ArmVirtPkg/PlatformBootManagerLib: unload image on
+EFI_SECURITY_VIOLATION
+  + ShellPkg/ShellPkg.dsc AARCH64: enable stack protector
+  + ArmVirtPkg/ArmVirtPrePiUniCoreRelocatable: revert to PIE
+linking
+  + BaseTools/GenFw AARCH64: fix up GOT based relative relocations
+  + ShellPkg/Pci.c: Update supported link speed to PCI5.0
+  + PcAtChipsetPkg: add PcdRealTimeClockUpdateTimeout
+  + UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess
+  + ShellPkg/CommandLib: avoid NULL derefence and memory leak
+  + MdePkg/DxeHstiLib: Added checks to improve error handling
+  + BaseTools: Support more file types in build cache
+  + UefiCpuPkg/SecCore: get AllSecPpiList after SecPlatformMain
+- Update openssl to 1.1.1d
+  + Add openssl-fix-syntax-error.patch to fix a syntax error
+- Drop ovmf-bsc1153072-fix-invalid-https-cert.patch
+  + Already upstreamed
+
+---

Old:

  edk2-stable201908.tar.gz
  openssl-1.1.1b.tar.gz
  openssl-1.1.1b.tar.gz.asc
  ovmf-bsc1153072-fix-invalid-https-cert.patch

New:

  edk2-stable201911.tar.gz
  openssl-1.1.1d.tar.gz
  openssl-1.1.1d.tar.gz.asc
  openssl-fix-syntax-error.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.b7wBZ5/_old  2019-12-07 15:17:47.331775444 +0100
+++ /var/tmp/diff_new_pack.b7wBZ5/_new  2019-12-07 15:17:47.367775439 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,15 +20,15 @@
 %define secureboot_archs x86_64 aarch64
 
 %undefine _build_create_debug
-%global openssl_version 1.1.1b
+%global openssl_version 1.1.1d
 %global softfloat_version b64af41c3276f
 
 Name:   ovmf
-Url:

commit ovmf for openSUSE:Factory

2019-11-08 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-11-08 15:23:40

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.2990 (New)


Package is "ovmf"

Fri Nov  8 15:23:40 2019 rev:39 rq:746484 version:201908

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-10-23 
15:33:18.725506691 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.2990/ovmf.changes  2019-11-08 
15:23:45.434869808 +0100
@@ -1,0 +2,19 @@
+Fri Nov  8 04:09:48 UTC 2019 - Gary Ching-Pang Lin 
+
+- Use the same x86 4MB firmware names as the ones in the previous
+  version (< stable201905) for backward compatibility
+
+---
+Wed Nov  6 06:28:25 UTC 2019 - Gary Ching-Pang Lin 
+
+- Disable TLS for IA32(i586) to avoid exceeding the size limitation
+  while using the tool chain from SLE15-SP2/openSUSE Leap 15.2
+
+---
+Mon Nov  4 06:44:03 UTC 2019 - Gary Ching-Pang Lin 
+
+- Add ovmf-bsc1153072-fix-invalid-https-cert.patch to reject the
+  invalid server certificates for HTTPS Boot
+  (bsc#1153072, CVE-2019-14553)
+
+---

New:

  ovmf-bsc1153072-fix-invalid-https-cert.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.bWcxRR/_old  2019-11-08 15:23:47.422871911 +0100
+++ /var/tmp/diff_new_pack.bWcxRR/_new  2019-11-08 15:23:47.426871915 +0100
@@ -49,6 +49,7 @@
 Patch3: %{name}-pie.patch
 Patch4: %{name}-disable-ia32-firmware-piepic.patch
 Patch5: %{name}-set-fixed-enroll-time.patch
+Patch6: %{name}-bsc1153072-fix-invalid-https-cert.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bc
 BuildRequires:  fdupes
@@ -171,6 +172,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib/openssl
@@ -208,7 +210,7 @@
FLAVORS=("ovmf-ia32")
BUILD_ARCH="IA32"
 
-   OVMF_FLAGS="$OVMF_FLAGS -D NETWORK_TLS_ENABLE -D FD_SIZE_2MB"
+   OVMF_FLAGS="$OVMF_FLAGS -D FD_SIZE_2MB"
BUILD_OPTIONS="$OVMF_FLAGS -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -b DEBUG 
-t $TOOL_CHAIN_TAG"
make -C BaseTools
 %else
@@ -461,6 +463,16 @@
done
 done
 
+%ifarch x86_64
+# Rename the x86_64 4MB firmware
+#  We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the
+#  version < stable201905. Rename the 4MB firmware files for backward
+#  compatibility.
+for key in ${KEY_SOURCES[@]}; do
+   rename "4m-$key" "$key-4m" *"4m-$key"*.bin
+done
+%endif #x86_64
+
 %endif #secureboot_archs
 
 %install






++ ovmf-bsc1153072-fix-invalid-https-cert.patch ++
 1129 lines (skipped)

commit ovmf for openSUSE:Factory

2019-10-23 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-10-23 15:33:16

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.2352 (New)


Package is "ovmf"

Wed Oct 23 15:33:16 2019 rev:38 rq:739020 version:201908

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-09-07 
11:29:55.302460539 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.2352/ovmf.changes  2019-10-23 
15:33:18.725506691 +0200
@@ -1,0 +2,6 @@
+Thu Oct 17 06:25:01 UTC 2019 - Gary Ching-Pang Lin 
+
+- Add the firmware descriptors for QEMU
+- Tweak the install commands
+
+---

New:

  descriptors.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.McDequ/_old  2019-10-23 15:33:19.989508143 +0200
+++ /var/tmp/diff_new_pack.McDequ/_new  2019-10-23 15:33:19.993508148 +0200
@@ -40,6 +40,7 @@
 Source5:openSUSE-UEFI-SIGN-Certificate-2048.crt
 # berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3
 Source6:berkeley-softfloat-3-%{softfloat_version}.tar.xz
+Source7:descriptors.tar.xz
 Source100:  %{name}-rpmlintrc
 Source101:  gdb_uefi.py.in
 Source102:  gen-key-enrollment-iso.sh
@@ -181,6 +182,9 @@
 tar -xf %{SOURCE6} --strip 1
 popd
 
+# prepare the firmware descriptors for qemu
+tar -xf %{SOURCE7}
+
 chmod +x %{SOURCE102}
 
 %build
@@ -469,20 +473,25 @@
 install -d %{buildroot}/%{_bindir}
 install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir}
 
+# Replace @DATADIR@ in the firmware descriptors
+sed -i "s:@DATADIR@:%{_datadir}/qemu:" descriptors/*.json
+
 %ifarch %ix86
 tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
-install -m 0644 -D ovmf-ia32.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32.bin
-install -m 0644 -D ovmf-ia32-code.bin 
%{buildroot}/%{_datadir}/qemu/ovmf-ia32-code.bin
-install -m 0644 -D ovmf-ia32-vars.bin 
%{buildroot}/%{_datadir}/qemu/ovmf-ia32-vars.bin
+install -m 0644 -D ovmf-ia32*.bin -t %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D descriptors/*-ia32*.json \
+   -t %{buildroot}/%{_datadir}/qemu/firmware
 %else
 %ifarch x86_64
 tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
 
 # Install firmware files
-install -m 0644 -D ovmf-x86_64.bin 
%{buildroot}/%{_datadir}/qemu/ovmf-x86_64.bin
-install -m 0644 ovmf-x86_64-*.bin %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D ovmf-x86_64*.bin -t %{buildroot}/%{_datadir}/qemu/
 %fdupes %{buildroot}/%{_datadir}/qemu/
 
+install -m 0644 -D descriptors/*-x86_64*.json \
+   -t %{buildroot}/%{_datadir}/qemu/firmware
+
 # Install debug symbols, gdb-uefi.py
 install -d %{buildroot}/%{_datadir}/ovmf-x86_64/
 install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/
@@ -497,16 +506,18 @@
 %ifarch aarch64
 # Install firmware files
 install -d %{buildroot}/%{_datadir}/qemu/
-install -m 0644 -D qemu-uefi-aarch64*.bin %{buildroot}/%{_datadir}/qemu/
-install -m 0644 -D aavmf-aarch64-*code.bin %{buildroot}/%{_datadir}/qemu/
-install -m 0644 -D aavmf-aarch64-*vars.bin %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D qemu-uefi-aarch64*.bin -t %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D aavmf-aarch64-*.bin -t %{buildroot}/%{_datadir}/qemu/
 %fdupes %{buildroot}/%{_datadir}/qemu/
 
+install -m 0644 -D descriptors/*-aarch64*.json \
+   -t %{buildroot}/%{_datadir}/qemu/firmware
 %else
 %ifarch %arm
-install -m 0644 -D qemu-uefi-aarch32.bin 
%{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin
-install -m 0644 -D aavmf-aarch32-code.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch32-code.bin
-install -m 0644 -D aavmf-aarch32-vars.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch32-vars.bin
+install -m 0644 -D qemu-uefi-aarch32.bin -t %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D aavmf-aarch32-*.bin -t %{buildroot}/%{_datadir}/qemu/
+install -m 0644 -D descriptors/*-aarch32*.json \
+   -t %{buildroot}/%{_datadir}/qemu/firmware
 %endif #arm
 %endif #aarch64
 %endif #x86_64
@@ -540,6 +551,8 @@
 %license License.txt License-ovmf.txt 
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/ovmf-ia32*.bin
+%dir %{_datadir}/qemu/firmware
+%{_datadir}/qemu/firmware/*-ia32*.json
 %endif
 
 %ifarch x86_64
@@ -548,6 +561,8 @@
 %license License.txt License-ovmf.txt
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/ovmf-x86_64*.bin
+%dir %{_datadir}/qemu/firmware
+%{_datadir}/qemu/firmware/*-x86_64*.json
 
 %files -n qemu-ovmf-x86_64-debug
 %defattr(-,root,root)
@@ -566,6 +581,8 @@
 %{_datadir}/qemu/qemu-uefi-aarch64*.bin
 %{_datadir}/qemu/aavmf-aarch64-*code.bin
 %{_datadir}/qemu/aavmf-aarch64-*vars.bin
+%dir %{_datadir}/qemu/firmware
+%{_datadir}/qemu/firmware/*-aarch64*.json

commit ovmf for openSUSE:Factory

2019-09-07 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-09-07 11:29:46

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.7948 (New)


Package is "ovmf"

Sat Sep  7 11:29:46 2019 rev:37 rq:727926 version:201908

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-07-08 
15:00:25.866480680 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.7948/ovmf.changes  2019-09-07 
11:29:55.302460539 +0200
@@ -1,0 +2,108 @@
+Tue Sep  3 02:08:57 UTC 2019 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable201908
+  + OvmfPkg: Introduce platform OvmfXen
+  + OvmfPkg/ResetSystemLib: Add missing dependency on PciLib
+  + MdeModulePkg DxeCore: Fix for missing Memory Attributes Table
+(MAT) update
+  + BaseTools: Fixed issue of incorrect Module Unique Name
+  + CryptoPkg/OpensslLib: Add missing header files in INF file
+  + SecurityPkg/SecurityPkg.uni: Add missing strings for new PCDs
+  + MdeModulePkg/DxeIplPeim: Initialize pointer PageMapLevel5Entry
+  + MdeModulePkg/MdeModulePkg.dec: Remove gEfiDpcProtocolGuid
+  + Readme.md: add submodule policy and clone commands
+  + MdeModulePkg/DxeIplPeim: Relocate operation of
+PageMapLevel5Entry++
+  + MdeModulePkg: Add missing header files in INF files
+  + MdePkg: Add MmAccess and MmControl definition.
+  + CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
+  + MdeModulePkg/DxeIpl: Create 5-level page table for long mode
+  + MdeModulePkg/DxeIpl: Introduce PCD PcdUse5LevelPageTable
+  + UefiCpuPkg/CpuDxe: Support parsing 5-level page table
+  + UefiCpuPkg/MpInitLib: Enable 5-level paging for AP when BSP's
+enabled
+  + OvmfPkg/PlatformPei: Change referenced MSR name.
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Add check for pointer Pml5Entry
+  + SecurityPkg/SecurityPkg.dec: Remove trailing white space
+  + MdeModulePkg/PiSmmCore: Use unique structure signatures
+  + UefiCpuPkg/MpInitLib: don't shadow the microcode patch twice.
+  + ShellPkg: improve acpiview
+  + MdePkg: Add PI 1.5 SmramMemoryReserve HOB file
+  + MdePkg/PciExpress21.h: Fix the PCI industry standard register
+defines
+  + CryptoPkg/BaseCryptLib: Use cmp-operator for non-Boolean
+comparisons
+  + ArmPkg: DebugPeCoffExtraActionLib: fix trivial comment typos
+  + ArmPkg: DebugPeCoffExtraActionLib: debugger commands are not
+errors
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Start all processors
+simultaneously.
+  + UefiCpuPkg: Add new EDKII_PEI_MP_SERVICES2_PPI
+  + list module-internal header files in INF [Sources]
+  + SecurityPkg: introduce the SM3 digest algorithm
+  + BaseTools: Fix python3.8 SyntaxWarning
+  + BaseTools: Add HOST_APPLICATION module type.
+  + UefiCpuPkg/PiSmmCpu: Enable 5 level paging when CPU supports
+  + MdePkg/BaseLib.h: Update IA32_CR4 structure for 5-level paging
+  + UefiCpuPkg RegisterCpuFeaturesLib: Fix an ASSERTION issue
+  + ArmPlatformPkg: Actually disable PL031 interrupts
+  + UefiCpuPkg/PiSmmCpu: Change variable names and comments to follow
+SDM
+  + OvmfPkg: use DxeTpmMeasurementLib if and only if TPM2_ENABLE
+  + ArmPlatformPkg: Fix various typos
+  + ArmPkg: Fix various typos
+  + Remove IntelFrameworkPkg
+  + Remove IntelFrameworkModulePkg
+  + MdeModulePkg/BdsDxe: Use a pcd to control PlatformRecovery
+  + MdeModulePkg: Add a pcd to set the OS indications bit
+  + SecurityPkg: Remove DxeDeferImageLoadLib in DSC
+  + BaseTools:Linux changes the way the latest version is judged
+  + Fix indentation in edksetup.sh SetupPython3
+  + MdeModulePkg/SdMmcHcDxe: Implement revision 3 of
+SdMmcOverrideProtocol
+  + MdeModulePkg/SdMmcOverride: Add GetOperatingParam notify phase
+  + MdeModulePkg/UfsPassThruDxe: Fix unaligned data transfer
+handling
+  + ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
+  + UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is
+valid
+  + MdeModulePkg/UfsPassThruDxe: Refactor UFS device presence
+detection
+  + PcAtChipsetPkg: Remove framework modules
+  + SecurityPkg: add FvReportPei.inf in dsc for build validation
+  + SecurityPkg/FvReportPei: implement a common FV verifier and
+reporter
+  + SecurityPkg: add definitions for OBB verification
+  + OvmfPkg: don't assign PCI BARs above 4GiB when CSM enabled
+  + OvmfPkg: Don't build in QemuVideoDxe when we have CSM
+  + OvmfPkg/LegacyBbs: Add boot entries for VirtIO and NVME
+devices
+  + OvmfPkg/LegacyBios: set NumberBbsEntries to the size of
+BbsTable
+  + SecurityPkg: Add missing instances for build only
+  + BaseTools: Move Build Cache related function out of
+CreateAsBuiltInf
+  + BaseTools: refine CreateAsBuiltInf function
+  + BaseTools:Add DetectNotUsedItem.py to Edk2\BaseTools\Scripts
+  + BaseTools:Add import in FvImageSection
+  + MdeModulePkg/PeiMain: PeiAllocatePool:

commit ovmf for openSUSE:Factory

2019-07-08 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-07-08 15:00:25

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.4615 (New)


Package is "ovmf"

Mon Jul  8 15:00:25 2019 rev:36 rq:713568 version:201905

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-06-24 
21:50:15.959961881 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.4615/ovmf.changes  2019-07-08 
15:00:25.866480680 +0200
@@ -1,0 +2,5 @@
+Fri Jul  5 07:15:55 UTC 2019 - Gary Ching-Pang Lin 
+
+- Reset BootOrder after enrolling the default keys (boo#1140195)
+
+---



Other differences:
--

++ gen-key-enrollment-iso.sh ++
--- /var/tmp/diff_new_pack.AQENtI/_old  2019-07-08 15:00:27.354482930 +0200
+++ /var/tmp/diff_new_pack.AQENtI/_new  2019-07-08 15:00:27.354482930 +0200
@@ -69,12 +69,17 @@
 ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
 START_SCRIPT=$TMP_DIR/"startup.nsh"
 
+# Enter the first ESP
 echo "fs0:" > $START_SCRIPT
+# Enroll the keys
 if [ $TYPE == "default" ]; then
echo "EnrollDefaultKeys.efi" >> $START_SCRIPT
 else
echo "EnrollDefaultKeys.efi --no-default" >> $START_SCRIPT
 fi
+# Reset BootOrder
+echo "setvar BootOrder -guid 8be4df61-93ca-11d2-aa0d-00e098032b8c -bs -rt -nv 
=" >> $START_SCRIPT
+# Shutdown the system
 echo "reset -s" >> $START_SCRIPT
 
 UEFI_SHELL_IMAGE=uefi_shell_${ARCH}_${TYPE}.img

commit ovmf for openSUSE:Factory

2019-06-24 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-06-24 21:50:05

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.4615 (New)


Package is "ovmf"

Mon Jun 24 21:50:05 2019 rev:35 rq:710231 version:201905

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-05-08 
15:15:13.016821620 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.4615/ovmf.changes  2019-06-24 
21:50:15.959961881 +0200
@@ -1,0 +2,61 @@
+Mon Jun 17 03:32:51 UTC 2019 - Gary Ching-Pang Lin 
+
+- Update to edk2-stable201905
+  + Update OpenSSL version to upcoming 1.1.1
+  + Delete EdkCompatibilityPkg from edk2/master
+  + Remove .S assembly code for IA32 and X64 arch
+  + Replace BSD 2-Clause License with BSD + Patent Licence
+  + Recovery PEI BlockIO support for ATA device
+  + Add PCD to Enabled/Disabled IPv4/IPv6 PXE Support in NetworkPkg
+  + Remove NetworkPkg/IpSecDxe
+  + Add api to DebubLib to expose a print routine with VaList
+parameter
+  + Introduce DebugPpi to save the image size with the debug
+message
+  + ResetSystemLib Adds a new API ResetSystem
+  + ResetUtilityLib Add a new API ResetSystemWithSubtype
+  + Add support for get organization name to x509 in BaseCryptLib
+  + Add support for checking x509 EKUs in BaseCryptLib
+  + Add support for PKCS 1v2 RSAES-OAEP PKI encryption in
+BaseCryptLib
+  + Remove ShellBinPkg from edk2/master
+  + Enable multiple thread /MP option for MSVC compiler
+  + Upstream the EnrollDefaultKeys application to OvmfPkg
+  + Share code for BaseUefiDecompressLib in MdePkg and MdeModulePkg
+  + Move network related components from MdeModulePkg to NetworkPkg
+  + Move BeagleBoardPkg and Omap35xxPkg from edk2 to edk2-platforms
+repo
+  + Move MinnowMax and Quark platform to edk2-platforms repo
+  + Move OptionRomPkg into new Drivers directory edk2-platforms
+repo
+  + Add ACPI6.3 definition
+  + Remove Nt32Pkg from edk2/master
+  + update ArmSoftFloatLib to latest upstream version (= 3e)
+- Update openssl to 1.1.1b
+  + Add berkeley-softfloat-3-b64af41c3276f.tar.xz since arm7 needs
+the softfloat implementation for openssl 1.1.1b
+- Build the varstore templates with EnrollDefaultKeys.efi
+  + Create the iso files for key enrollment
+- Add gen-key-enrollment-iso.sh to generate the iso file
+  + Drop the non-upstream ovmf-embed-default-keys.patch 
+- Also drop owner-guid-zero.h
+  + Drop the MS keys and dbx since they are already in
+EnrollDefaultKeys.efi: MicCorKEKCA2011_2011-06-24.crt,
+MicCorUEFCA2011_2011-06-27.crt, MicWinProPCA2011_2011-10-19.crt,
+and dbxupdate.zip
+- Also drop the related script strip_authinfo.pl
+  + Add ovmf-set-fixed-enroll-time.patch to set the fixed enrolling
+time to make the varstore template reproducible
+  + Require qemu 3.0.0 for fw_cfg
+- Update the build flags for network functions
+  + For x86_64, only enable TLS for the 4MB image since the code
+size exceeds the boundary of 2MB image
+- Refresh patches:
+  + ovmf-add-exclude-shell-flag.patch
+  + ovmf-disable-ia32-firmware-piepic.patch
+  + ovmf-pie.patch
+- Drop the requirement of xxd
+- Update README
+- Update the License tag to BSD-2-Clause-Patent 
+
+---

Old:

  MicCorKEKCA2011_2011-06-24.crt
  MicCorUEFCA2011_2011-06-27.crt
  MicWinProPCA2011_2011-10-19.crt
  dbxupdate.zip
  openssl-1.1.0j.tar.gz
  openssl-1.1.0j.tar.gz.asc
  ovmf-2019+git1552059899.89910a39dcfd.tar.xz
  ovmf-embed-default-keys.patch
  owner-guid-zero.h
  strip_authinfo.pl

New:

  berkeley-softfloat-3-b64af41c3276f.tar.xz
  edk2-stable201905.tar.gz
  gen-key-enrollment-iso.sh
  openssl-1.1.1b.tar.gz
  openssl-1.1.1b.tar.gz.asc
  ovmf-set-fixed-enroll-time.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.OS7tNc/_old  2019-06-24 21:50:19.067964300 +0200
+++ /var/tmp/diff_new_pack.OS7tNc/_new  2019-06-24 21:50:19.079964309 +0200
@@ -20,36 +20,34 @@
 %define secureboot_archs x86_64 aarch64
 
 %undefine _build_create_debug
-%global openssl_version 1.1.0j
+%global openssl_version 1.1.1b
+%global softfloat_version b64af41c3276f
 
 Name:   ovmf
 Url:
http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
 Summary:Open Virtual Machine Firmware
-License:BSD-2-Clause
+License:BSD-2-Clause-Patent
 Group:  System/Emulators/PC
-Version:2019+git1552059899.89910a39dcfd
+Version:201905
 Release:0
-Source0:%{name}-%{version}.tar.xz
+Source0:
https://github.com/tianocore/edk2/archive/edk2-stable%{version}.tar.gz
 Source1:

commit ovmf for openSUSE:Factory

2019-05-08 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-05-08 15:15:09

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.5148 (New)


Package is "ovmf"

Wed May  8 15:15:09 2019 rev:34 rq:701162 
version:2019+git1552059899.89910a39dcfd

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-03-22 
14:53:23.546095871 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.5148/ovmf.changes  2019-05-08 
15:15:13.016821620 +0200
@@ -1,0 +2,5 @@
+Mon May  6 09:46:22 UTC 2019 - Guillaume GARDET 
+
+- Build SecureBoot firmwares for aarch64
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.bwt65u/_old  2019-05-08 15:15:14.444824800 +0200
+++ /var/tmp/diff_new_pack.bwt65u/_new  2019-05-08 15:15:14.448824809 +0200
@@ -17,6 +17,8 @@
 # needssslcertforbuild
 
 
+%define secureboot_archs x86_64 aarch64
+
 %undefine _build_create_debug
 %global openssl_version 1.1.0j
 
@@ -59,7 +61,7 @@
 %ifnarch %arm
 BuildRequires:  nasm
 %endif
-%ifarch x86_64
+%ifarch %{secureboot_archs}
 BuildRequires:  openssl
 BuildRequires:  unzip
 %if 0%{?suse_version}
@@ -160,6 +162,8 @@
 
 %ifarch x86_64
 %patch1 -p1
+%endif
+%ifarch %{secureboot_archs}
 %patch2 -p1
 %endif
 %patch3 -p1
@@ -297,6 +301,60 @@
done
 }
 
+# Build with keys done later (shared between archs)
+
+%else
+%ifarch aarch64
+
+# Build the UEFI image without keys
+build $BUILD_OPTIONS
+
+cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
+dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
+dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
+dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
+
+build_with_keys()
+{
+   suffix_base="$1"
+   xxd -i Default_PK >  SecurityPkg/Library/AuthVariableLib/Default_PK.h
+   xxd -i Default_KEK > SecurityPkg/Library/AuthVariableLib/Default_KEK.h
+   xxd -i Default_DB >  SecurityPkg/Library/AuthVariableLib/Default_DB.h
+   xxd -i Default_DB_EX > 
SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
+   xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h
+   cat Default_Owner > SecurityPkg/Library/AuthVariableLib/Default_Owner.h
+
+   for suffix in $suffix_base; do
+   build $BUILD_OPTIONS
+   cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/QEMU_EFI.fd 
qemu-uefi-aarch64-$suffix.bin
+dd of="aavmf-aarch64-$suffix-code.bin" if="/dev/zero" bs=1M count=64
+dd of="aavmf-aarch64-$suffix-code.bin" 
if="qemu-uefi-aarch64-$suffix.bin" conv=notrunc
+dd of="aavmf-aarch64-$suffix-vars.bin" if="/dev/zero" bs=1M count=64
+
+   done
+}
+
+# Build with keys done later (shared between archs)
+
+%else
+%ifarch %arm
+
+# Build the UEFI image
+build $BUILD_OPTIONS
+
+cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
+dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64
+dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
+dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
+%endif #arm
+%endif #aarch64
+%endif #x86_64
+%endif #ix86
+
+# Builds with keys is shared between archs
+%ifarch %{secureboot_archs}
+# Each arch must define its own build_with_keys() function
+
 # OVMF with SUSE keys
 openssl x509 -in %{SOURCE3} -outform DER > Default_PK
 openssl x509 -in %{SOURCE3} -outform DER > Default_KEK
@@ -343,31 +401,7 @@
build_with_keys devel
fi
 fi
-
-%else
-%ifarch aarch64
-
-# Build the UEFI image
-build $BUILD_OPTIONS
-
-cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
-dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
-dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
-dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
-%else
-%ifarch %arm
-
-# Build the UEFI image
-build $BUILD_OPTIONS
-
-cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
-dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64
-dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
-dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
-%endif #arm
-%endif #aarch64
-%endif #x86_64
-%endif #ix86
+%endif
 
 %install
 rm -rf %{buildroot}
@@ -401,9 +435,11 @@
 %fdupes -s %{buildroot}/usr/src/debug/ovmf-x86_64
 %else
 %ifarch aarch64
-install -m 0644 -D qemu-uefi-aarch64.bin 
%{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin
-install -m 0644 -D aavmf-aarch64-code.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin
-install -m 0644 -D aavmf-aarch64-vars.bin

commit ovmf for openSUSE:Factory

2019-03-22 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-03-22 14:53:20

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.25356 (New)


Package is "ovmf"

Fri Mar 22 14:53:20 2019 rev:33 rq:686884 
version:2019+git1552059899.89910a39dcfd

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-03-14 
14:54:35.751767745 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.25356/ovmf.changes 2019-03-22 
14:53:23.546095871 +0100
@@ -1,0 +2,6 @@
+Wed Mar 20 08:31:11 UTC 2019 - Guillaume GARDET 
+
+- Enable debug for aarch32
+- Add aavmf-aarch32-code.bin and aavmf-aarch32-vars.bin files
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.T5We1c/_old  2019-03-22 14:53:24.774095128 +0100
+++ /var/tmp/diff_new_pack.T5We1c/_new  2019-03-22 14:53:24.774095128 +0100
@@ -201,7 +201,7 @@
ARCH=AARCH64 make -C BaseTools
 %else
 %ifarch %arm
-   BUILD_OPTIONS="-a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t 
$TOOL_CHAIN_TAG"
+   BUILD_OPTIONS="-a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -b DEBUG -t 
$TOOL_CHAIN_TAG"
ARCH=ARM make -C BaseTools
 %else
echo "ERROR: unsupported architecture"
@@ -360,7 +360,10 @@
 # Build the UEFI image
 build $BUILD_OPTIONS
 
-cp Build/ArmVirtQemu-ARM/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
+cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
+dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64
+dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
+dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
 %endif #arm
 %endif #aarch64
 %endif #x86_64
@@ -404,6 +407,8 @@
 %else
 %ifarch %arm
 install -m 0644 -D qemu-uefi-aarch32.bin 
%{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin
+install -m 0644 -D aavmf-aarch32-code.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch32-code.bin
+install -m 0644 -D aavmf-aarch32-vars.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch32-vars.bin
 %endif #arm
 %endif #aarch64
 %endif #x86_64
@@ -458,6 +463,8 @@
 %doc License.txt
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/qemu-uefi-aarch32.bin
+%{_datadir}/qemu/aavmf-aarch32-code.bin
+%{_datadir}/qemu/aavmf-aarch32-vars.bin
 %endif
 
 %changelog

commit ovmf for openSUSE:Factory

2019-03-14 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-03-14 14:54:32

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.28833 (New)


Package is "ovmf"

Thu Mar 14 14:54:32 2019 rev:32 rq:684137 
version:2019+git1552059899.89910a39dcfd

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-02-24 
18:04:02.695761401 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.28833/ovmf.changes 2019-03-14 
14:54:35.751767745 +0100
@@ -1,0 +2,60 @@
+Tue Mar 12 03:18:33 UTC 2019 - Gary Ching-Pang Lin 
+
+- Update to 2019+git1552059899.89910a39dcfd (edk2-stable201903)
+  + MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP
+is parsed (bsc#1128503, CVE-2018-12181)
+  + MdeModulePkg/HiiDatabase: Fix potential integer overflow
+(bsc#1128503, CVE-2018-12181)
+  + UefiCpuPkg/Microcode.c: Add verification before calculate
+CheckSum32
+  + UefiCpuPkg/Microcode: Fix InComplete CheckSum32 issue
+  + UefiCpuPkg: restore strict page attributes via #DB in nonstop
+mode only
+  + IntelFrameworkModulePkg/FwVolDxe: Ensure FfsFileHeader 8 bytes
+aligned (bsc#1127822, CVE-2018-3630)
+  + MdeModulePkg/DxeCore: Ensure FfsFileHeader 8 bytes aligned
+(bsc#1127822, CVE-2018-3630)
+  + MdeModulePkg/PeiCore: Ensure FfsFileHeader 8 bytes aligned
+(bsc#1127822, CVE-2018-3630)
+  + NetworkPkg: Add WiFi Connection Manager to NetworkPkg
+  + UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM
+  + MdePkg/BaseLib: Add Shadow Stack Support for X86
+  + NetworkPkg/DnsDxe: Check the received packet size before
+parsing the message (bsc#1127821, CVE-2018-12178)
+  + MdeModulePkg/RamDiskDxe: Restrict on RAM disk size
+(bsc#1127820, CVE-2018-12180)
+  + MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR
+(bsc#1127820, CVE-2018-12180)
+  + ArmVirtPkg/PlatformBootManagerLib: display boot option
+loading/starting
+  + ArmVirtPkg/ArmVirtQemu*: enable minimal Status Code Routing 
+in DXE
+  + OvmfPkg/PlatformBootManagerLib: display boot option
+loading/starting
+  + OvmfPkg: add library to track boot option loading/starting on
+the console
+  + MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage
+status code rep
+  + MdeModulePkg/AhciPei: Add AHCI mode ATA device support in PEI
+  + MdeModulePkg: Add definitions for EDKII PEI ATA PassThru PPI
+  + MdeModulePkg: Add definitions for ATA AHCI host controller PPI
+  + MdePkg/UefiDevicePathLib: Add sanity check for FilePath device
+path 
+  + UefiCpuPkg/Microcode: Fix incorrect checksum issue for
+extended table
+  + SecurityPkg/TcgConfigDxe: Allow enabling TPM 1.2 device from
+disabled state
+  + UefiCpuPkg/SecCore: Wrong Debug Information for SecCore
+  + Various bug fixes in BaseTools
+  + DynamicTablesPkg: Dynamic Tables Framework
+  + MdeModulePkg: Remove EmuVariableRuntimeDxe
+  + UefiCpuPkg/MtrrLib: Fix a bug that may wrongly set memory <1MB
+to UC
+  + MdeModulePkg/BmBoot: Report status when fail to load/start
+boot option
+  + MdeModulePkg/ReportStatusCodeLib: Avoid using AllocatePool if
+possible
+  + NetworkPkg/Ip6Dxe: Clean the invalid IPv6 configuration during
+driver start
+
+---

Old:

  ovmf-2019+git1550452308.c417c1b33d06.tar.xz

New:

  ovmf-2019+git1552059899.89910a39dcfd.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.EtW3TT/_old  2019-03-14 14:54:37.843767424 +0100
+++ /var/tmp/diff_new_pack.EtW3TT/_new  2019-03-14 14:54:37.843767424 +0100
@@ -25,7 +25,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2019+git1550452308.c417c1b33d06
+Version:2019+git1552059899.89910a39dcfd
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz










++ ovmf-2019+git1550452308.c417c1b33d06.tar.xz -> 
ovmf-2019+git1552059899.89910a39dcfd.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2019+git1550452308.c417c1b33d06.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new.28833/ovmf-2019+git1552059899.89910a39dcfd.tar.xz
 differ: char 28, line 1

commit ovmf for openSUSE:Factory

2019-02-24 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-02-24 18:03:58

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.28833 (New)


Package is "ovmf"

Sun Feb 24 18:03:58 2019 rev:31 rq:677952 
version:2019+git1550452308.c417c1b33d06

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2019-01-03 
18:03:40.936297518 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.28833/ovmf.changes 2019-02-24 
18:04:02.695761401 +0100
@@ -1,0 +2,57 @@
+Thu Feb 21 09:55:47 UTC 2019 - Gary Ching-Pang Lin 
+
+- Add TPM2_CONFIG_ENABLE build flag to enable TPM2 config menu
+
+---
+Mon Feb 18 09:00:09 UTC 2019 - Gary Ching-Pang Lin 
+
+- Update to 2019+git1550452308.c417c1b33d06
+  + BaseTools: Fixed an issue about StructurePcd
+  + UefiCpuPkg/SecCore: Support EFI_PEI_CORE_FV_LOCATION_PPI
+  + OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
+  + FatPkg/FatPei/Gpt.c: Fix uninitialized variable issue
+  + Make BaseTools compatible with python3
+  + CryptoPkg/BaseCryptLib: split CryptPkcs7Verify.c on behalf
+of runtime
+  + MdeModulePkg/UefiBootManagerLib: Match the nested partitions
+  + ArmPkg/ArmMmuLib AARCH64: get rid of needless TLB invalidation
+  + Upgrade UEFI supporting TCG spec info
+  + MdeModulePkg Variable: Add emulated variable NV mode support
+  + Code clean-up in the network packages
+  + OvmfPkg: add MmServicesTableLib resolution
+  + ArmPkg/ArmMmuLib AARCH64: fix out of bounds access
+  + BaseTools/VfrCompile: report error for Integer overflow
+  + OvmfPkg: require GCC48 or later
+  + MdePkg/BaseLib: Introduce new SpeculationBarrier API
+  + Remove the obsolete network packages in MdeModulePkg
+  + Upgrade OpenSSL to 1.1.0j
+  + MdePkg/Base: introduce MAX_ALLOC_ADDRESS
+  + MdeModulePkg/PciBus: Fix system hang when no PCI Option ROM exists
+  + BaseTools/tools_def AARCH64 RELEASE: move GCC49/GGC5 to 4 KB
+alignment
+  + SecurityPkg: Remove dead code and inf redundant definitions
+  + UefiCpuPkg/Cpuid.h: Sync CPUID definition to latest SDM
+  + MdeModulePkg/PciBus: Shadow option ROM after BARs are programmed
+  + ArmVirtPkg/QemuVirtMemInfoLib: trim the MMIO region mapping
+  + ArmVirtPkg/XenVirtMemInfoLib: refactor reading of the PA space
+size
+  + ArmVirtPkg/QemuVirtMemInfoLib: remove 1:1 mapping of top of
+PA range
+  + ArmVirtPkg/NorFlashQemuLib: discover NOR flash banks dynamically
+  + ArmPkg/ArmSmcPsciResetSystemLib: add missing call to
+ExitBootServices()
+  + SecurityPkg: Update TCG PFP spec revision.
+  + OvmfPkg: simply use the Bochs interface for vmsvga 
+  + ArmPlatformPkg & ArmVirtPkg: clear frame pointer in startup
+code
+  + Remove unused DuetPkg, EdkShellBinPkg, and UnixPkg
+  + ArmPkg/ArmGicDxe ARM: fix encoding for GICv3 interrupt
+acknowledge
+  + MdePkg/BaseIoLibIntrinsicArmVirt ARM: avoid double word loads
+and stores
+- Refresh patches
+  + ovmf-add-exclude-shell-flag.patch
+  + ovmf-disable-ia32-firmware-piepic.patch
+- Enable Python3 support in BaseTools (bsc#1075770)
+
+---

Old:

  openssl-1.1.0h.tar.gz
  openssl-1.1.0h.tar.gz.asc
  ovmf-2018+git1542164568.85588389222a.tar.xz

New:

  openssl-1.1.0j.tar.gz
  openssl-1.1.0j.tar.gz.asc
  ovmf-2019+git1550452308.c417c1b33d06.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.ygfNTP/_old  2019-02-24 18:04:03.703761057 +0100
+++ /var/tmp/diff_new_pack.ygfNTP/_new  2019-02-24 18:04:03.707761057 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,14 +18,14 @@
 
 
 %undefine _build_create_debug
-%global openssl_version 1.1.0h
+%global openssl_version 1.1.0j
 
 Name:   ovmf
 Url:
http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2018+git1542164568.85588389222a
+Version:2019+git1550452308.c417c1b33d06
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
@@ -49,12 +49,13 @@
 Patch4: %{name}-pie.patch
 Patch5: %{name}-disable-ia32-firmware-piepic.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  bc

commit ovmf for openSUSE:Factory

2019-01-03 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2019-01-03 18:03:39

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.28833 (New)


Package is "ovmf"

Thu Jan  3 18:03:39 2019 rev:30 rq:661570 
version:2018+git1542164568.85588389222a

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-12-11 
15:41:58.966591929 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.28833/ovmf.changes 2019-01-03 
18:03:40.936297518 +0100
@@ -1,0 +2,11 @@
+Thu Dec 27 07:43:41 UTC 2018 - Gary Ching-Pang Lin 
+
+- Add a new "smm" flavor to enable System Management Mode
+  + Also add ovmf-add-exclude-shell-flag.patch to exclude shell
+from the resultant SMM firmware files
+- Retire the old openSUSE 4096 bit certificates since all those
+  programs are unmaintained.
+- Amend the numbering of patches and sources
+- Update README to reflect the current status
+
+---

Old:

  openSUSE-UEFI-CA-Certificate-4096.crt
  openSUSE-UEFI-SIGN-Certificate-4096.crt

New:

  ovmf-add-exclude-shell-flag.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.HhHIGf/_old  2019-01-03 18:03:41.836296718 +0100
+++ /var/tmp/diff_new_pack.HhHIGf/_new  2019-01-03 18:03:41.836296718 +0100
@@ -33,18 +33,17 @@
 Source112:  openssl.keyring
 Source2:README
 Source3:SLES-UEFI-CA-Certificate-2048.crt
-Source5:MicCorKEKCA2011_2011-06-24.crt
-Source6:MicCorUEFCA2011_2011-06-27.crt
-Source7:openSUSE-UEFI-CA-Certificate-2048.crt
-Source8:openSUSE-UEFI-SIGN-Certificate-2048.crt
-Source9:openSUSE-UEFI-CA-Certificate-4096.crt
-Source10:   openSUSE-UEFI-SIGN-Certificate-4096.crt
-Source11:   http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
-Source12:   strip_authinfo.pl
-Source13:   MicWinProPCA2011_2011-10-19.crt
-Source14:   owner-guid-zero.h
+Source4:MicCorKEKCA2011_2011-06-24.crt
+Source5:MicCorUEFCA2011_2011-06-27.crt
+Source6:MicWinProPCA2011_2011-10-19.crt
+Source7:http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
+Source8:openSUSE-UEFI-CA-Certificate-2048.crt
+Source9:openSUSE-UEFI-SIGN-Certificate-2048.crt
+Source10:   strip_authinfo.pl
+Source11:   owner-guid-zero.h
 Source100:  %{name}-rpmlintrc
 Source101:  gdb_uefi.py.in
+Patch1: %{name}-add-exclude-shell-flag.patch
 Patch2: %{name}-embed-default-keys.patch
 Patch3: %{name}-gdb-symbols.patch
 Patch4: %{name}-pie.patch
@@ -159,6 +158,7 @@
 rm -rf $PKG_TO_REMOVE
 
 %ifarch x86_64
+%patch1 -p1
 %patch2 -p1
 %endif
 %patch3 -p1
@@ -218,9 +218,6 @@
 %else
 %ifarch x86_64
 
-# Build the 2MB UEFI image for the backward compatibility
-build $BUILD_OPTIONS -D FD_SIZE_2MB
-
 collect_debug_files()
 {
target="$1"
@@ -242,12 +239,32 @@
  %{SOURCE101} > gdb_uefi-$target.py
 }
 
-cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64.bin
-cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-code.bin
-cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-vars.bin
+build_ovmf()
+{
+   name="$1"
+   case $name in
+   *-smm)
+   build $BUILD_OPTIONS -D FD_SIZE_4MB -D SMM_REQUIRE -D 
EXCLUDE_SHELL
+   ;;
+   *-4m)
+   build $BUILD_OPTIONS -D FD_SIZE_4MB
+   ;;
+   *)
+   build $BUILD_OPTIONS -D FD_SIZE_2MB
+   ;;
+   esac
+}
+
+# OVMF without any default keys
+for name in ovmf-x86_64 ovmf-x86_64-4m ovmf-x86_64-smm; do
+   build_ovmf $name
+   cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd $name.bin
+   cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd $name-code.bin
+   cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd $name-vars.bin
+
+   collect_debug_files $name
+done
 
-# Collect the debug files
-collect_debug_files ovmf-x86_64
 # Collect the source
 mkdir -p source/ovmf-x86_64
 #   TODO get the source list from debug files
@@ -255,14 +272,6 @@
 find $src_list \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a 
{} source/ovmf-x86_64 \;
 find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \;
 
-# Build the 4MB UEFI image
-build $BUILD_OPTIONS -D FD_SIZE_4MB
-cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-4m.bin
-cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-4m-code.bin
-cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-4m-vars.bin
-
-collect_debug_files ovmf-x86_64-4m
-
 build_with_keys()
 {
suffix_base="$1"
@@ -273,12 +282,8 @@
xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h
cat Default_Owner >

commit ovmf for openSUSE:Factory

2018-12-11 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-12-11 15:41:53

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new.19453 (New)


Package is "ovmf"

Tue Dec 11 15:41:53 2018 rev:29 rq:655463 
version:2018+git1542164568.85588389222a

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-11-18 
23:24:34.958033759 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new.19453/ovmf.changes 2018-12-11 
15:41:58.966591929 +0100
@@ -1,0 +2,9 @@
+Mon Dec  3 08:05:38 UTC 2018 - Gary Ching-Pang Lin 
+
+- Update ovmf-embed-default-keys.patch and add owner-guid-zero.h to
+  set the default owner of PK/KEK/db/dbx and make the
+  auto-enrollment only happen at the very first boot. (bsc#1117998)
+- Change the group of qemu-ovmf-x86_64-debug to Development/Sources
+  since there is no Development/Debug anymore
+
+---

New:

  owner-guid-zero.h



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.M6iKkb/_old  2018-12-11 15:42:01.258589420 +0100
+++ /var/tmp/diff_new_pack.M6iKkb/_new  2018-12-11 15:42:01.258589420 +0100
@@ -42,6 +42,7 @@
 Source11:   http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
 Source12:   strip_authinfo.pl
 Source13:   MicWinProPCA2011_2011-10-19.crt
+Source14:   owner-guid-zero.h
 Source100:  %{name}-rpmlintrc
 Source101:  gdb_uefi.py.in
 Patch2: %{name}-embed-default-keys.patch
@@ -114,7 +115,7 @@
 
 %package -n qemu-ovmf-x86_64-debug
 Summary:Open Virtual Machine Firmware - debug symbols (x86_64)
-Group:  Development/Debug
+Group:  Development/Sources
 Requires:   qemu
 
 %description -n qemu-ovmf-x86_64-debug
@@ -270,6 +271,7 @@
xxd -i Default_DB >  SecurityPkg/Library/AuthVariableLib/Default_DB.h
xxd -i Default_DB_EX > 
SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h
+   cat Default_Owner > SecurityPkg/Library/AuthVariableLib/Default_Owner.h
 
for suffix in $suffix_base $suffix_base-4m; do
if [ "$suffix" = "$suffix_base-4m" ]; then
@@ -290,6 +292,7 @@
 openssl x509 -in %{SOURCE3} -outform DER > Default_DB
 truncate -s 0 Default_DB_EX
 truncate -s 0 Default_DBX
+cat %{SOURCE14} > Default_Owner
 build_with_keys suse
 
 #unpack the UEFI revocation list
@@ -302,6 +305,8 @@
 cat %{SOURCE13} > Default_DB_EX
 chmod 755 %{SOURCE12}
 %{SOURCE12} dbxupdate.bin Default_DBX
+echo "EFI_GUID DefaultOwnerGUID = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 
0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}};" > \
+Default_Owner
 build_with_keys ms
 
 # OVMF with openSUSE keys
@@ -310,6 +315,7 @@
 openssl x509 -in %{SOURCE8} -outform DER > Default_DB
 truncate -s 0 Default_DB_EX
 truncate -s 0 Default_DBX
+cat %{SOURCE14} > Default_Owner
 build_with_keys opensuse
 
 # OVMF with openSUSE keys (4096 bit CA)
@@ -318,6 +324,7 @@
 openssl x509 -in %{SOURCE10} -outform DER > Default_DB
 truncate -s 0 Default_DB_EX
 truncate -s 0 Default_DBX
+cat %{SOURCE14} > Default_Owner
 build_with_keys opensuse-4096
 
 if [ -e %{_sourcedir}/_projectcert.crt ]; then
@@ -330,6 +337,7 @@
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > 
Default_DB
truncate -s 0 Default_DB_EX
truncate -s 0 Default_DBX
+   cat %{SOURCE14} > Default_Owner
build_with_keys devel
fi
 fi











++ ovmf-embed-default-keys.patch ++
--- /var/tmp/diff_new_pack.M6iKkb/_old  2018-12-11 15:42:01.354589316 +0100
+++ /var/tmp/diff_new_pack.M6iKkb/_new  2018-12-11 15:42:01.358589310 +0100
@@ -1,16 +1,16 @@
-From 933284f94b8bffb7d3d81152e0b5f49c46a9f787 Mon Sep 17 00:00:00 2001
+From 9263239b037b71f81b14ac86746dafd582527b98 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin 
 Date: Fri, 10 May 2013 10:27:51 +0800
-Subject: [PATCH 1/3] Add a stub to allow keys to be embedded at build time
+Subject: [PATCH 1/5] Add a stub to allow keys to be embedded at build time
 
 Signed-off-by: Gary Ching-Pang Lin 
 ---
- .../Library/AuthVariableLib/AuthVariableLib.c  | 180 +
- .../Library/AuthVariableLib/AuthVariableLib.inf|   4 +
- SecurityPkg/Library/AuthVariableLib/Default_DB.h   |   2 +
- SecurityPkg/Library/AuthVariableLib/Default_DBX.h  |   2 +
- SecurityPkg/Library/AuthVariableLib/Default_KEK.h  |   2 +
- SecurityPkg/Library/AuthVariableLib/Default_PK.h   |   2 +
+ .../Library/AuthVariableLib/AuthVariableLib.c | 180 ++
+ .../AuthVariableLib/AuthVariableLib.inf   |   4 +
+

commit ovmf for openSUSE:Factory

2018-11-18 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-11-18 23:24:10

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Sun Nov 18 23:24:10 2018 rev:28 rq:649206 
version:2018+git1542164568.85588389222a

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-10-15 
10:04:33.905979681 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-11-18 
23:24:34.958033759 +0100
@@ -1,0 +2,152 @@
+Thu Nov 15 07:25:30 UTC 2018 - Gary Ching-Pang Lin 
+
+- Update to 2018+git1542164568.85588389222a (edk2-stable201811)
+  + UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
+  + MdeModulePkg/NvmExpressPei: Refine data buffer & len check in
+PassThru
+  + OvmfPkg/QemuVideoDxe: list "UnalignedIoInternal.h" in the INF
+file
+  + OvmfPkg/QemuVideoDxe: VMWare SVGA device support
+  + OvmfPkg/QemuVideoDxe: Helper functions for unaligned port I/O
+  + OvmfPkg: VMWare SVGA display device register definitions
+  + Fix UEFI and Tiano Decompression logic issue
+  + MdePkg: Fix incorrect check for DisplayOnly text format in
+AcpiEx
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Separate semaphore container
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Separate semaphore container
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Adjust Order
+  + MdePkg/BaseSynchronizationLib: Fix InternalSync[De|In]crement
+  + UefiCpuPkg/SmmCpu: Block access-out only when static paging is
+used
+  + MdeModulePkg/Core: fix ineffective guard page issue
+  + MdeModulePkg/Core: fill logic hole in
+MemoryProtectionCpuArchProtocolNotify 
+  + MdeModulePkg/Mtftp4Dxe: Fix invalid configuration of MTFTP
+local port
+  + OvmfPkg: Replace obsoleted network drivers from platform DSC/FDF
+  + MdePkg/Base.h: Implement BASE_CR() via OFFSET_OF()
+  + MdeModulePkg/PiSmmIpl: Do not reset SMRAM to UC when CPU driver
+runs
+  + NetworkPkg/TlsDxe: Fix failure to process multiple TLS records
+  + BaseTools ConvertFceToStructurePcd: Fix the array value with
+empty string
+  + CryptoPkg/BaseCryptLib: Fix potential integer overflow issue
+  + ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Fix ASSERT for success
+  + UefiCpuPkg/MpInitLib: Fix ASSERT for success
+  + MdeModulePkg/Core: fix an issue of potential NULL pointer access
+  + NetworkPkg/Mtftp6Dxe: Correct the total received and saved
+block number
+  + MdeModulePke/Mtftp4Dxe: Correct the total received and saved
+block number
+  + MdeModulePkg EhciDxe: Extract new EhciInsertAsyncIntTransfer
+function
+  + MdeModulePkg XhciDxe: Extract new XhciInsertAsyncIntTransfer
+function
+  + BaseTools: Sync the DevicePath Function update from MdePkg
+  + MdeModulePkg/HiiDB: Make sure database update behaviors are
+atomic
+  + MdeModulePkg/HiiDB: Reorganize codes of exporting HII settings
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Support combo CPU feature
+style
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Fix ECC issues
+  + MdeModulePkg/Core: add freed-memory guard feature
+  + MdeModulePkg/Core: prevent re-acquire GCD memory lock
+  + UefiCpuPkg/CpuDxe: prevent recursive calling of
+InitializePageTablePool
+  + UefiCpuPkg/CpuDxe: consider freed-memory guard in non-stop mode
+  + MdeModulePkg: introduce UEFI freed-memory guard bit in HeapGuard
+PCD
+  + MdeModulePkg/NvmExpressDxe: Refine PassThru IO queue creation
+behavior
+  + MdeModulePkg/NvmExpressDxe: Always copy CQ entry to PassThru
+packet
+  + MdeModulePkg/NvmExpressDxe: Refine data buffer & len check in
+PassThru
+  + MdePkg: Handle various device path when optional para is not
+specified
+  + FatPkg: Correct the line ending to CRLF
+  + MdePkg-BaseLib: Fix PathCleanUpDirectories() issue with
+"\\..\\.."
+  + FatPkg/EnhancedFatDxe Fix Double Cluster Allocation
+  + FatBinPkg: Remove FatBinPkg and refresh document
+  + ShellPkg/dmem: Only dump sizeof (EFI_SYSTEM_TABLE) bytes for gST
+  + MdeModulePkg/UsbMass: Fix USB key write failure
+  + IntelFrameworkModulePkg: Add more checker in
+UefiTianoDecompressLib (CVE FIX)
+  + MdePkg: Add more checker in UefiDecompressLib to access the
+valid buffer only (CVE FIX)
+  + MdeModulePkg/PartitionDxe: Add check for underlying device
+block size
+  + MdeModulePkg Xhci: Handle value 5 in Port Speed field of PORTSC
+  + MdeModulePkg XhciDxe: Assign Usb2Hc.XXXRevision based on SBRN
+  + MdePkg/BaseLib: AsciiStrToUnicodeStr(S) not handle EASCII
+properly
+  + UefiCpuPkg/CpuCommonFeaturesLib: Register MSR base on scope Info
+  + UefiCpuPkg/CpuS3DataDxe: Keep old data if value already existed
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Add logic to support semaphore type
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Add logic to support 
+

commit ovmf for openSUSE:Factory

2018-10-15 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-10-15 10:04:15

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Mon Oct 15 10:04:15 2018 rev:27 rq:640028 
version:2018+git1538590187.c0b1f749ef13

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-08-28 
09:20:52.244157990 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-10-15 
10:04:33.905979681 +0200
@@ -1,0 +2,127 @@
+Fri Oct  5 04:04:38 UTC 2018 - Gary Ching-Pang Lin 
+
+- Update to 2018+git1538590187.c0b1f749ef13
+  + ShellPkg: Create a homefilesystem environment variable
+  + NetworkPkg/HttpUtilitiesDxe: fix read memory access overflow
+  + NetworkPkg/HttpDxe: fix read memory access overflow in HTTPBoot
+  + PcAtChipsetPkg PcRtc: Use new EfiLocateFirstAcpiTable()
+  + MdeModulePkg S3SaveStateDxe: Use new EfiLocateFirstAcpiTable()
+  + MdePkg UefiLib: Add new EfiLocateXXXAcpiTable() APIs
+  + NetworkPkg/UefiPxeBcDxe: Add the clarification compared to
+UefiPxeBcDxe in MdeModulePkg
+  + NetworkPkg/IScsiDxe: Add the clarification compared to
+IScsiDxe in MdeModulePkg
+  + NetworkPkg/TcpDxe: Add the clarification compared to Tcp4Dxe
+in MdeModulePkg
+  + MdeModulePkg/UefiPxeBcDxe: Add the clarification compared
+to UefiPxeBcDxe in NetworkPkg
+  + MdeModulePkg/IScsiDxe: Add the clarification compared to
+IScsiDxe in NetworkPkg
+  + MdeModulePkg/Tcp4Dxe: Add the clarification compared to TcpDxe
+in NetworkPkg
+  + NetworkPkg/UefiPxeBcDxe: Use the specified MTFTP windowsize
+  + NetworkPkg: Define one PCD for PXE to specify MTFTP windowsize
+  + NetworkPkg/Mtftp6Dxe: Support windowsize in read request
+operation
+  + MdeModulePke/Mtftp4Dxe: Support windowsize in read request
+operation
+  + MdePkg/BaseSynchronizationLib: fix XADD operands in GCC
+IA32/X64 assembly
+  + MdeModulePkg/PciHostBridge: Fix a bug that prevents PMEM
+access
+  + MdeModulePkg/PciHostBridge: Enhance boundary check in
+Io/Mem.Read/Write
+  + MdeModulePkg/DxeIpl: support more NX related PCDs
+  + MdeModulePkg: XhciDxe: Prevent illegal memory access in
+XhcSetHsee
+  + SecurityPkg/TcgStorageOpalLib: Fixed correct user password
+not works issue
+  + MdeModulePkg/SdMmcPciHcDxe: Execute card detect only for
+RemovableSlot
+  + MdeModulePkg/SdMmcPciHcDxe: Fix SdMmcHcReset to set only
+necesery bits
+  + NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE attribute when opening
+SNP protocol installed by PXE
+  + BaseTools: Check GUID C structure format
+  + MdeModulePkg: Avoid key notification called more than once
+  + IntelFrameworkModulePkg: Avoid key notification called more
+than once
+  + MdeModulePkg/Library/DxeHttpLib: Handle the blank value in
+HTTP header
+  + MdeModulePkg/Ip4Dxe: Sync the direct route entry setting
+  + MdeModulePkg XhciDxe: Set HSEE Bit if SERR# Enable Bit is set
+  + BaseTools: Correct DXE_PCD_DATABASE_INIT
+  + BaseTools: Check PcdNvStoreDefaultValueBuffer
+  + BaseTools: Involve Dec default value to calculate Maxsize
+  + BaseTools: Structure Pcd value override incorrect
+  + BaseTools: Report error for incorrect hex value format
+  + MdeModulePkg/ConPlatform: Support short-form USB device path
+  + UefiCpuPkg/CpuDxe: fix an incorrect bit-wise operation
+  + UefiCpuPkg/CpuDxe: fix ECC reported issues
+  + UefiCpuPkg/CpuMpPei: support stack guard feature
+  + UefiCpuPkg/MpInitLib: fix register restore issue in AP wakeup
+  + UefiCpuPkg/CpuExceptionHandlerLib: support stack switch for
+PEI exceptions
+  + MdeModulePkg/DxeIpl: disable paging before creating new page
+table
+  + MdeModulePkg PeiCore: Always use PeiImageRead() function to
+load PEI image
+  + MdeModulePkg/EhciDxe: factor out EhcIsDebugPortInUse()
+  + BaseTools/PatchCheck.py: Fix error when run with Python3
+  + BaseTools: Report more clear error message for PCD used in
+expression
+  + BaseTools: Fix a bug about list the PCD in "not used" section
+  + UefiCpuPkg/MpInitLib: Fix ECC issues
+  + MdeModulePkg/EhciDxe: fix host controller reset condition in
+BindingStart
+  + BaseTools: Extend the keyword "!include"/"!if" to
+case-insensitive
+  + MdeModulePkg/Setup: Fix incorrect size used in AllocateCopyPool
+  + MdeModulePkg DxeCore: Handle multiple FV images in one FV file
+  + MdeModulePkg PeiCore: Handle multiple FV images in one FV file
+  + UefiCpuPkg/CpuExceptionHandlerLib: Avoid calling PEI services
+from AP
+  + CpuExceptionHandlerLib: Add comments to make code more readable
+  + BaseTools: Fixed the PcdValue trailing zero issue
+  + BaseTools: Dynamic Pcd value override from command line
+  + BaseTools: Check pcd DefaultValue and SkuId EBNF
+  + ShellPkg: Update Ifconfig command to

commit ovmf for openSUSE:Factory

2018-08-28 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-08-28 09:20:21

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Tue Aug 28 09:20:21 2018 rev:26 rq:630483 
version:2018+git1534736099.43fe4c405292

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-07-17 
09:38:25.446146711 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-08-28 
09:20:52.244157990 +0200
@@ -1,0 +2,62 @@
+Mon Aug 20 06:59:05 UTC 2018 - g...@suse.com
+
+- Update to 2018+git1534736099.43fe4c405292
+  + BaseTools: AutoGen refactor ModuleAutoGen caching
+  + OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe
+  + MdePkg/UefiLib: introduce EfiOpenFileByDevicePath()
+  + BaseTools: Update the rule to remove .lib before link it for GCC
+  + BaseTools: Add Dns and BluetoothLE DevicePath
+  + MdeModulePkg SmmLockBox: Return actual data length in
+SmmLockBoxRestore
+  + UefiCpuPkg/RegisterCpuFeaturesLib: Combine implementation
+  + UefiCpuPkg/CpuS3DataDxe: Remove below 4G limitation
+  + UefiCpuPkg/CpuS3DataDxe: Change Memory Type and address
+limitation
+  + UefiCpuPkg/AcpiCpuData.h: Remove AcpiNVS and Below 4G limitation
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Use GDT/IDT saved in Smram
+  + SecurityPkg/TcgStorageCoreLib.h: Use ascii instead of unicode
+  + BaseTool: Fixed the bug of Boolean Hii Pcd packing
+  + SecurityPkg: HashLib: Update HashLib file GUID
+  + SecurityPkg/Library/Tpm2DeviceLibDTpm: fix s/Constructor/CONSTRUCTOR
+  + OvmfPkg/PlatformDebugLibIoPort: fix port detection for use in
+the DXE Core
+  + NetworkPkg/HttpDxe: Strip square brackets in IPv6 expressed
+HostName
+  + MdeModulePkg/BdsDxe: Move display of test key usage into BDS
+module
+  + ArmPkg: Add initial OpteeLib implementation
+  + SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
+  + MdeModulePkg/BdsDxe: Call PlatformBootManagerUnableToBoot()
+  + MdeModulePkg/BdsDxe: Revert "fall back to UI loop before hanging"
+  + ArmVirtPkg/PlatformBDS: Implement PlatformBootManagerUnableToBoot
+  + OvmfPkg/PlatformBds: Implement PlatformBootManagerUnableToBoot
+  + MdeModulePkg/PciBusDxe: Fix small memory leak in FreePciDevice
+  + MdeModulePkg/DxeCore: Not update RtCode in MemAttrTable after
+EndOfDxe
+  + UefiCpuPkg/MpInitLib: Not use disabled AP when call StartAllAPs
+  + UefiCpuPkg/MpInitLib: Remove redundant CpuStateFinished State
+  + MdeModulePkg/DxeLoadFunc: Add use case for new Perf macro
+  + SecurityPkg/Tcg: Add use case for new Perf macro
+  + ArmVirtPkg: remove wrong and superfluous ResourcePublicationLib
+resolution
+  + OvmfPkg: Correct ResourcePublicationLib class name in DSC/INF
+file
+  + MdeModulePkg CapsuleApp: Do not parse bits in CapsuleFlags of
+ESRT
+  + MdeModulePkg, TpmMeasureLib: Variable: Re-prioritize TCG/TCG2
+protocol
+  + SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handler
+  + OvmfPkg/XenPvBlkDxe: remove gEfiDevicePathProtocolGuid from
+[Protocols]
+  + StandaloneMmPkg/Core: Implementation of Standalone MM Core Module
+  + UefiCpuPkg/CpuDxe: fix incorrect check of SMM mode
+  + UefiCpuPkg/MpInitLib: Optimize get processor number performance
+  + OvmfPkg/AcpiPlatformDxe: clean up libs and protos in
+"AcpiPlatformDxe.inf"
+  + UefiCpuPkg/MpInitLib: Fix S3 resume hang issue
+  + UefiCpuPkg/MpInitLib: Use BSP uCode for APs if possible
+  + UefiCpuPkg/MpInitLib: Relocate uCode to memory to save time
+  + Update BaseTools for the preparation of python3 adoption
+- Refresh ovmf-pie.patch and ovmf-gdb-symbols.patch
+
+---

Old:

  ovmf-2018+git1531464032.ae08ea246fe9.tar.xz

New:

  ovmf-2018+git1534736099.43fe4c405292.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.2Rnk23/_old  2018-08-28 09:20:53.272161260 +0200
+++ /var/tmp/diff_new_pack.2Rnk23/_new  2018-08-28 09:20:53.272161260 +0200
@@ -25,7 +25,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2018+git1531464032.ae08ea246fe9
+Version:2018+git1534736099.43fe4c405292
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz











++ ovmf-2018+git1531464032.ae08ea246fe9.tar.xz -> 
ovmf-2018+git1534736099.43fe4c405292.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2018+git1531464032.ae08ea246fe9.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2018+git1534736099.43fe4c405292.tar.xz
 differ: char 29, line 1

++ ovmf-gdb-symbols.patch

commit ovmf for openSUSE:Factory

2018-07-17 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-07-17 09:38:20

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Tue Jul 17 09:38:20 2018 rev:25 rq:622961 
version:2018+git1531464032.ae08ea246fe9

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-06-22 
13:13:47.950562128 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-07-17 
09:38:25.446146711 +0200
@@ -1,0 +2,57 @@
+Fri Jul 13 08:32:57 UTC 2018 - g...@suse.com
+
+- Update to 2018+git1531464032.ae08ea246fe9
+  + ArmVirtPkg/ArmVirtQemu: enable the IPv6 stack
+  + SecurityPkg: Fix assert when setting key from eMMC/SD/USB
+  + UefiCpuPkg/MpInitLib: Avoid calling PEI services from AP
+  + NetworkPkg/HttpDxe: Fix the bug when parsing HTTP(S) message
+body
+  + SecurityPkg/OpalPassword: Fixed input correct password not
+works issue
+  + SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error
+  + OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Restore C-bit when SEV
+is active
+  + OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not expose MMIO in
+SMM build
+  + OvmfPkg/QemuFlashFvbServicesRuntimeDxe: mark Flash memory
+range as MMIO
+  + MdeModulePkg/Variable: Check EFI_MEMORY_RUNTIME attribute
+before setting it
+  + MdeModulePkg SataControllerDxe: Calculate ChannelCount based
+ on PI value
+  + SecurityPkg Tpm2DeviceLibDTpm: Update enum type name to match
+the one in lib
+  + MdeModulePkg UsbBusDxe: Fix wrong buffer length used to read
+hub desc
+  + SecurityPkg: Tpm2DeviceLib: Enable CapCRBIdleBypass support
+  + SecurityPkg: Cache TPM interface type info
+  + FatPkg/FatPei: Add the recognition of recovery capsule on NVME
+device
+  + MdeModulePkg/NvmExpressPei: Add the NVME device PEI BlockIo
+support
+  + MdeModulePkg: Add definitions for EDKII PEI NVME host
+controller PPI
+  + ArmPkg/ArmMmuLib ARM: fix Mva to use idx instead of table base
+  + ArmPkg/ArmMmuLib ARM: assume page tables are in writeback
+cacheable memory
+  + ArmPkg/ArmMmuLib ARM: remove cache maintenance of block mapping
+contents
+  + MdeModulePkg: Enable SATA Controller PCI mem space
+  + MdeModulePkg/NetworkPkg: Checking for NULL pointer before use
+  + MdeModulePkg/Core: remove SMM check for Heap Guard feature
+detection
+  + UefiCpuPkg/CpuDxe: allow accessing (DXE) page table in SMM mode
+  + BaseTools/tools_def IA32: drop -no-pie linker option for GCC49
+  + SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue
+  + ArmVirtPkg: add QemuRamfbDxe
+  + OvmfPkg: add QemuRamfbDxe
+  + BaseTools/tools_def IA32: disable PIE code generation explicitly
+  + MdePkg UefiLib: Use comparison logic to check UINTN parameter
+  + ArmVirtPkg: switch to KVM safe IoLib implementation
+  + MdePkg/BaseIoLibIntrinsic: make BaseIoLibIntrinsic safe for
+ArmVirt/KVM
+  + ArmPkg/CompilerIntrinsicsLib: fix GCC8 warning for
+__aeabi_memcpy aliases
+- The IP6 stack of AAVMF is enabled
+
+---

Old:

  ovmf-2018+git1528497654.eb5943134630.tar.xz

New:

  ovmf-2018+git1531464032.ae08ea246fe9.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.8ymrK1/_old  2018-07-17 09:38:26.562142825 +0200
+++ /var/tmp/diff_new_pack.8ymrK1/_new  2018-07-17 09:38:26.562142825 +0200
@@ -25,7 +25,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2018+git1528497654.eb5943134630
+Version:2018+git1531464032.ae08ea246fe9
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz











++ ovmf-2018+git1528497654.eb5943134630.tar.xz -> 
ovmf-2018+git1531464032.ae08ea246fe9.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2018+git1528497654.eb5943134630.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2018+git1531464032.ae08ea246fe9.tar.xz
 differ: char 27, line 1

commit ovmf for openSUSE:Factory

2018-06-22 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-06-22 13:13:42

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Fri Jun 22 13:13:42 2018 rev:24 rq:616176 
version:2018+git1528497654.eb5943134630

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-05-23 
16:07:31.945430868 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-06-22 
13:13:47.950562128 +0200
@@ -1,0 +2,39 @@
+Mon Jun 11 08:38:33 UTC 2018 - g...@suse.com
+
+- Update to 2018+git1528497654.eb5943134630
+  + CryptoPkg PeiCryptLib: Enable SHA384/512 support
+  + MdePkg/UefiRuntimeLib: Do not allow to be linked by DXE driver
+  + CryptoPkg: Remove deprecated function usage in
+X509GetCommonName()
+  + PlatformBootManagerLib: add missing report status code call
+  + OvmfPkg: raise DXEFV size to 11 MB
+  + SignedCapsulePkg/PlatformFlashAccessLib: Add progress API
+  + MdeModulePkg: Add DisplayUpdateProgressLib class
+  + PcAtChipsetPkg/PcRtc: Add two new PCD for RTC Index/Target
+registers
+  + OvmfPkg/Virtio10Dxe: convert to PciCapLib
+  + OvmfPkg/PciHotPlugInitDxe: convert to PciCapLib
+  + ArmVirtPkg: resolve PciCapLib, PciCapPciSegmentLib,
+PciCapPciIoLib
+  + OvmfPkg: resolve PciCapLib, PciCapPciSegmentLib, PciCapPciIoLib
+  + OvmfPkg: introduce PciCapPciIoLib
+  + OvmfPkg: introduce PciCapPciSegmentLib
+  + OvmfPkg: introduce PciCapLib
+  + BaseTools/tools_def: add "-fno-unwind-tables" to
+GCC_AARCH64_CC_FLAGS
+  + OvmfPkg/PlatformBootManagerLib: process TPM PPI request
+  + OvmfPkg: add Tcg2PhysicalPresenceLibQemu
+  + OvmfPkg/IndustryStandard: add QemuTpm.h header
+  + OvmfPkg: add Tcg2PhysicalPresenceLibNull when !TPM2_ENABLE
+  + MdePkg/SmmPeriodicSmiLib: Get Periodic SMI Context More Robustly
+  + OvmfPkg/PlatformBootManagerLib: connect Virtio RNG devices again
+  + ArmVirtPkg/PlatformBootManagerLib: connect Virtio RNG devices
+again
+  + OvmfPkg/QemuVideoDxe: Enable DISPLAY_OTHER pci class for qemu
+stdvga
+  + OvmfPkg/QemuVideoDxe: Add SubClass field to QEMU_VIDEO_CARD
+  + OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally
+  + BaseTools: Fix generating array's size is incorrect in AutoGen.c
+  + BaseTools: incorrect calculation for 16M
+
+---

Old:

  ovmf-2018+git1525854636.13e3f8c03339.tar.xz

New:

  ovmf-2018+git1528497654.eb5943134630.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.eEsJdu/_old  2018-06-22 13:13:49.926488856 +0200
+++ /var/tmp/diff_new_pack.eEsJdu/_new  2018-06-22 13:13:49.930488708 +0200
@@ -25,7 +25,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2018+git1525854636.13e3f8c03339
+Version:2018+git1528497654.eb5943134630
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz











++ ovmf-2018+git1525854636.13e3f8c03339.tar.xz -> 
ovmf-2018+git1528497654.eb5943134630.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2018+git1525854636.13e3f8c03339.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2018+git1528497654.eb5943134630.tar.xz
 differ: char 67, line 2

commit ovmf for openSUSE:Factory

2018-05-23 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-05-23 16:07:27

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Wed May 23 16:07:27 2018 rev:23 rq:610819 
version:2018+git1525854636.13e3f8c03339

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-05-13 
15:57:59.209826991 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-05-23 
16:07:31.945430868 +0200
@@ -1,0 +2,10 @@
+Fri May 18 01:49:10 UTC 2018 - g...@suse.com
+
+- Enable TLS support correctly
+
+---
+Thu May 17 06:54:38 UTC 2018 - g...@suse.com
+
+- Enable TPM 2.0 support
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.OPt7Ig/_old  2018-05-23 16:07:34.853324359 +0200
+++ /var/tmp/diff_new_pack.OPt7Ig/_new  2018-05-23 16:07:34.857324213 +0200
@@ -172,7 +172,7 @@
 
 %build
 
-OVMF_FLAGS="-D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D HTTP_BOOT_ENABLE -D 
ENABLE_TLS"
+OVMF_FLAGS="-D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D HTTP_BOOT_ENABLE -D 
TLS_ENABLE -D TPM2_ENABLE"
 
 %if 0%{?suse_version} > 1320
 TOOL_CHAIN_TAG=GCC5

commit ovmf for openSUSE:Factory

2018-05-13 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-05-13 15:57:58

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Sun May 13 15:57:58 2018 rev:22 rq:606304 
version:2018+git1525854636.13e3f8c03339

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-03-24 
16:05:07.597674915 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-05-13 
15:57:59.209826991 +0200
@@ -1,0 +2,71 @@
+Thu May 10 08:05:16 UTC 2018 - g...@suse.com
+
+- Update to 2018+git1525854636.13e3f8c03339
+  + BaseTools/VfrCompile: Avoid using uninitialized pointer
+  + MdeModulePkg/PciHostBridge: Count the (mm)io overhead when polling
+  + UefiCpuPkg/SecMain: Add NORETURN decorator to SecStartup()
+  + CryptoPkg/CrtLibSupport: add secure_getenv() stub function
+  + MdeModulePkg/AcpiPlatformDxe: Unload after execution
+  + SecurityPkg/OpalPassword: Add support for pyrite 2.0 devices
+  + NetworkPkg/NetworkPkg.dsc: Add the instance of library class
+[SafeIntLib]
+  + ArmVirtPkg: use protocol-based DevicePathLib instance for most
+DXE modules
+  + OvmfPkg/QemuVideoDxe: round up FrameBufferSize to full page
+  + ArmVirtPkg: reinstate timer unmask quirk for Xen
+  + ArmPkg/TimerDxe: remove workaround for KVM timer handling
+  + FatPkg/EnhancedFatDxe: Ensure traverse of subtasks is
+delete-safe
+  + OvmfPkg/PlatformBootManagerLib: add USB keyboard to ConIn
+  + CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
+  + OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for
+HTTPS boot
+  + ArmVirtPkg/ArmVirtQemu: hook NvVarStoreFormattedLib into
+VariableRuntimeDxe
+  + ArmPlatformPkg/NorFlashDxe: cue the variable driver with
+NvVarStoreFormatted
+  + ArmPlatformPkg/NorFlashDxe: initialize varstore headers eagerly
+  + OvmfPkg: remove BLOCK_MMIO_PROTOCOL and BlockMmioToBlockIoDxe
+  + OvmfPkg/TlsAuthConfigLib: configure trusted CA certs for
+HTTPS boot
+  + MdeModulePkg/Variable/RuntimeDxe: introduce
+PcdMaxVolatileVariableSize
+  + NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable
+attributes
+  + NetworkPkg/HttpDxe: drop misleading comment / status code in
+cert config
+  + NetworkPkg/HttpDxe: use error handler epilogue in
+TlsConfigCertificate()
+  + NetworkPkg/HttpBootDxe: fix typo in DHCPv4 packet parsing
+  + OvmfPkg/QemuVideoDxe: handle invalid BltOperation gracefully
+  + NetworkPkg/UefiPxeBcDxe: Configure the ARP Instance/RouteTable
+with new address
+  + NetworkPkg/HttpDxe: Handle the large data request via HTTPS
+channel
+  + NetworkPkg/TlsDxe: Handle the multiple TLS record messages
+encryption/decryption
+  + SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response
+error
+  + SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow
+  + MdeModulePkg/DxeMain: Fix BSP interrupts reenabled in
+ExitBootServices
+  + UefiCpuPkg/MpInitLib: Disable interrupt at ExitBootServices AP
+Mwait
+  + OvmfPkg/PlatformBootManagerLib: process "-kernel" before boot
+devices
+  + OvmfPkg/PlatformBootManagerLib: hoist PciAcpiInitialization()
+  + ArmVirtPkg/PlatformBootManagerLib: return to "-kernel before
+boot devices"
+  + MdeModulePkg/Core: allow HeapGuard even before CpuArchProtocol
+installed
+  + UefiCpuPkg CpuExceptionHandlerLib: use FixedPcdGetSize() as the
+macro value
+  + remove TrEE
+  + MdeModulePkg/PciBus: return CPU address for GetBarAttributes
+  + MdeModulePkg/PciBus: convert host address to device address
+  + MdeModulePkg/PciHostBridgeDxe: Add support for address translation
+  + OvmfPkg/PciHostBridgeLib: clear PCI aperture vars for (re)init
+  + ArmPkg/TimerDxe: Add ISB for timer compare value reload
+  + BaseTools code refactoring
+
+---

Old:

  openssl-1.1.0g.tar.gz
  openssl-1.1.0g.tar.gz.asc
  ovmf-2018+git1521096615.b3fa393f477a.tar.xz

New:

  openssl-1.1.0h.tar.gz
  openssl-1.1.0h.tar.gz.asc
  ovmf-2018+git1525854636.13e3f8c03339.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.31DtEZ/_old  2018-05-13 15:58:01.237752992 +0200
+++ /var/tmp/diff_new_pack.31DtEZ/_new  2018-05-13 15:58:01.241752846 +0200
@@ -18,14 +18,14 @@
 
 
 %undefine _build_create_debug
-%global openssl_version 1.1.0g
+%global openssl_version 1.1.0h
 
 Name:   ovmf
 Url:
http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2018+git1521096615.b3fa393f477a
+Version:

commit ovmf for openSUSE:Factory

2018-03-24 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-03-24 16:04:58

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Sat Mar 24 16:04:58 2018 rev:21 rq:587704 
version:2018+git1521096615.b3fa393f477a

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2018-01-26 
13:56:00.383045505 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-03-24 
16:05:07.597674915 +0100
@@ -1,0 +2,119 @@
+Thu Mar 15 08:40:01 UTC 2018 - g...@suse.com
+
+- Update to 2018+git1521096615.b3fa393f477a
+  + OvmfPkg/QemuBootOrderLib: add ConnectDevicesFromQemu()
+  + NetworkPkg/IScsiDxe: Fix the ISCSI connection failure in
+certain case
+  + OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is
+active
+  + OvmfPkg: include Tcg2Dxe module
+  + OvmfPkg: simplify SecurityStubDxe.inf inclusion
+  + OvmfPkg/AmdSevDxe: decrypt the pages of the initial SMRAM save
+state map
+  + OvmfPkg/SmmCpuFeaturesLib: SEV: encrypt+free pages of init.
+save state map
+  + OvmfPkg/PlatformPei: SEV: allocate pages of initial SMRAM save
+state map
+  + OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save
+state map
+  + MdeModulePkg/UsbMass: Retry CMD for MediaChanged sense key 
+  + NetworkPkg/HttpDxe: Support HTTP Delete Method
+  + NetworkPkg/HttpBootDxe: Fix the incorrect error message output
+  + MdeModulePkg: Add Boot Logo 2 Protocol
+  + MdeModulePkg/UsbMass: Fix hot-plug USB CDROM can't be recognized
+  + NetworkPkg: Read HttpTlsCipherList variable and configure it
+for HTTPS session
+  + NetworkPkg: Define one private variable for HTTPS to set Tls
+CipherList
+  + ArmVirtPkg: Add SafeIntLib and BmpSupportLib to DSC files
+  + OvmfPkg: Add SafeIntLib and BmpSupportLib to DSC files
+  + UefiCpuPkg/PiSmmCpuDxeSmm: fix infinite loop issue in SMM profile
+  + MdeModulePkg Ppi/IoMmu.h: Add EFI_NOT_AVAILABLE_YET return
+status code
+  + MdeModulePkg/Core: fix feature conflict between NX and heap guard
+  + ReadKeyStrokeEx always return key state
+  + SecurityPkg: Tcg2Smm: Enable TPM2.0 interrupt support
+  + MdeModulePkg/Partition: Fix media probe
+  + NetworkPkg/HttpBootDxe: Avoid to corrupt HttpBootDxe setup screen
+  + MdeModulePkg/UefiBootManagerLib: Skip the DNS device path node check
+  + MdeModulePkg/Core: fix a logic hole in page free
+  + OvmfPkg/BaseMemEncryptSevLib: Enable protection for newly
+added page table
+  + MdeModulePkg/Ip4Dxe: Add an independent timer for reconfig checking
+  + NetworkPkg: Fix a memory leak issue in UDP6 driver
+  + UefiCpuPkg/MtrrLib: Fix bug that may calculate wrong MTRR result
+  + MdeModulePkg/DxeNetLib: Fix an error in packet length counting
+  + NetworkPkg: Fix memory leak problem in PXE driver
+  + MdeModulePkg/DxeHttpLib: Add boundary condition check
+  + CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g
+  + MdeModulePkg/Core: Fix heap guard issues
+  + NetworkPkg/HttpBootDxe: Break the HttpBoot Callback function
+when meet redirect status
+  + NetworkPkg/HttpBootDxe: Avoid the potential memory leak when
+eror happen
+  + MdeModulePkg/DxeIplPeim: fix incorrect page table split during
+protecting
+  + NetworkPkg/UefiPxeBcDxe: Allow the NULL configuration for
+NewStationIP/NewSubnetMask
+  + NetworkPkg/UefiPxeBcDxe: Fix Pxe.Dhcp() return status code
+  + MdeModulePkg/Dhcp*: Check Media status before starting DHCP process
+  + MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
+  + NetworkPkg/DnsDxe: Update RetryCount/RetryInterval to comply
+with UEFI spec
+  + MdeModulePkg/TcpIoLib: Cancel TCP token if connect/accept is
+timeout
+  + MdeModulePkg/TcpIoLib: Check input Timeout before calling
+CheckEvent() service
+  + MdeModulePkg/DxeIpl: Mark page table as read-only
+  + SecurityPkg:Tcg2Smm:Enabling TPM SIRQ interrupt support
+  + MdeModulePkg/ScsiDisk: Return EFI_NO_MEDIA when no media presents
+  + BaseTool/tools_def GCC5: enable optimization for ARM/AARCH64
+DEBUG builds
+  + UefiCpuPkg/CpuDxe: Initialize stack switch for MP
+  + UefiCpuPkg/CpuExceptionHandlerLib: Add stack switch support
+  + UefiCpuPkg PiSmmCpuDxeSmm: SMM profile and static paging mutual
+exclusion
+  + MdeModulePkg/NetLib: Fix an error when AIP doesn't support
+network media state detection
+  + MdeModulePkg/NetLib: Add NetLibDetectMediaWaitTimeout() API to
+support EFI_NOT_READY media state detection
+  + MdeModulePkg/Core/Dxe: log informative memprotect msgs at
+DEBUG_INFO level
+  + ArmVirtPkg/ArmVirtXen: move from Intel to generic BDS 
+  + MdeModulePkg/SerialDxe: Do not fail reset when SetAttributes is
+not supported
+  + MdeModulePkg/DxeCorePerformanceLib: add lock protection
+  + OvmfPkg/QemuBootOrderLib: let an

commit ovmf for openSUSE:Factory

2018-01-26 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2018-01-26 13:55:59

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Fri Jan 26 13:55:59 2018 rev:20 rq:568815 version:2017+git1510945757.b2662641d5

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-11-23 
09:37:11.996307734 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2018-01-26 
13:56:00.383045505 +0100
@@ -1,0 +2,6 @@
+Wed Jan 24 06:31:21 UTC 2018 - g...@suse.com
+
+- Only use SLES-UEFI-CA-Certificate-2048.crt for the suse flavor to
+  provide the better compatibility (bsc#1077330)
+
+---

Old:

  SLES-UEFI-SIGN-Certificate-2048.crt



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.b1jspE/_old  2018-01-26 13:56:02.750934947 +0100
+++ /var/tmp/diff_new_pack.b1jspE/_new  2018-01-26 13:56:02.754934759 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -33,7 +33,6 @@
 Source112:  openssl.keyring
 Source2:README
 Source3:SLES-UEFI-CA-Certificate-2048.crt
-Source4:SLES-UEFI-SIGN-Certificate-2048.crt
 Source5:MicCorKEKCA2011_2011-06-24.crt
 Source6:MicCorUEFCA2011_2011-06-27.crt
 Source7:openSUSE-UEFI-CA-Certificate-2048.crt
@@ -288,7 +287,7 @@
 # OVMF with SUSE keys
 openssl x509 -in %{SOURCE3} -outform DER > Default_PK
 openssl x509 -in %{SOURCE3} -outform DER > Default_KEK
-openssl x509 -in %{SOURCE4} -outform DER > Default_DB
+openssl x509 -in %{SOURCE3} -outform DER > Default_DB
 truncate -s 0 Default_DB_EX
 truncate -s 0 Default_DBX
 build_with_keys suse

commit ovmf for openSUSE:Factory

2017-11-23 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-11-23 09:36:59

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Thu Nov 23 09:36:59 2017 rev:19 rq:543002 version:2017+git1510945757.b2662641d5

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-10-23 
16:39:01.292755474 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-11-23 
09:37:11.996307734 +0100
@@ -1,0 +2,104 @@
+Mon Nov 20 04:23:04 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1510945757.b2662641d5
+  + ArmPlatformPkg/ArmPlatformLibNull: remove bogus PCD dependencies
+  + MdeModulePkg/UsbMassStorageDxe: Enhance Request Sense Handling
+  + OvmfPkg: save on I/O port accesses when the debug port is not
+in use
+  + OvmfPkg: create a separate PlatformDebugLibIoPort instance for
+SEC
+  + OvmfPkg: make PlatformDebugLibIoPort a proper BASE library
+  + OvmfPkg: restore temporary SEC/PEI RAM size to 64KB
+  + OvmfPkg/Sec/X64: seed the temporary RAM with PcdInitValueInTempStack
+  + ArmVirtPkg: switch to new PL011UartLib implementation
+  + OvmfPkg/XenHypercallLib: enable virt extensions for ARM
+  + MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode
+  + MdeModulePkg/DxeCore: Implement heap guard feature for UEFI
+  + ArmVirtPkg/ArmVirtQemu: use non-accelerated CopyMem for
+VariableRuntimeDxe
+  + NetworkPkg: Fix incorrect SizeofHeaders returned from
+HttpTcpReceiveHeader()
+  + NetworkPkg: Print error message to screen if error occurs
+during HTTP boot
+  + MdeModulePkg/PartitionDxe: Fix UDF fs access on certain CD/DVD
+medias
+  + MdeModulePkg/UsbMassStorageDxe: Fix USB Mass Storage detection
+  + MdeModulePkg SerialDxe: Handle Timeout change more robustly
+  + CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free
+  + CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc
+wrapper
+  + ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the
+boot mode
+  + Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  + SecurityPkg: Remove Counter Based AuthVariable support
+  + BaseTools/tools_def AARCH64 ARM: disable PIE linking
+  + NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool
+  + NetworkPkg/HttpBootDxe: Add IPv6 support condition check
+  + NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process
+  + MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
+  + UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang
+  + NetworkPkg: Remove ping6 and ifconfig shell application
+  + OvmfPkg: fix dynamic default for oprom verification policy PCD
+without SB
+  + OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when
+SEV is active
+  + SecurityPkg\Tcg2Pei: FV measure performance enhancement
+  + SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth
+Variable
+  + ArmPlatformPkg: Store initial timer value
+  + ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob
+  +  MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created
+ MOR variable
+  + ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation
+  + OvmfPkg/PciHotPlugInitDxe: translate QEMU's resource 
+reservation hints
+  + OvmfPkg/PciHotPlugInitDxe: generalize RESOURCE_PADDING
+composition
+  + OvmfPkg/IndustryStandard: define PCI Capabilities for QEMU's
+PCI Bridges
+  + MdeModulePkg/BdsDxe: Don't delete "BootNext" until booting it
+  + Clarify the usage of HttpConfigData in HTTP protocol
+  + SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI
+Enhancement
+  + MdeModulePkg/UDF: Fix creation of UDF logical partition
+  + CryptoPkg: Add new API to retrieve commonName of X.509 certificate
+  + OvmfPkg/VirtioNetDxe: log debug message in VirtioNetExitBoot()
+  + OvmfPkg/QemuBootOrderLib: recognize "usb-storage" devices in
+XHCI ports
+  + MdeModulePkg/Core: Fix out-of-sync issue in GCD
+  + UefiCpuPkg/CpuDxe: Fix out-of-sync issue in page attributes
+  + OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35
+correctly
+  + OvmfPkg/QemuVideoDxe/VbeShim: rename Status to
+Segment0AllocationStatus
+  + OvmfPkg/CsmSupportLib: move PAM register addresses to
+IndustryStandard
+  + NetworkPkg/IScsiDxe: Remove redundant call to StrLen
+  + BaseTools/tools_def AARCH64: enable frame pointers for RELEASE
+builds
+  + ArmPkg/PlatformBootManagerLib: process pending capsules
+  + MdeModulePkg/Udf: Avoid declaring and initializing local GUID
+variable
+  + MdeModulePkg/UdfDxe: Avoid short (single character) variable name
+  + MdeModulePkg/UdfDxe: Use compare operator for non-boolean
+comparisons
+  + MdeModulePkg/UdfDxe: Fix operands of different size in bitwise
+OP
+  + MdeModulePkg/UdfDxe: Add checks to ensure no

commit ovmf for openSUSE:Factory

2017-10-23 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-10-23 16:39:00

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Mon Oct 23 16:39:00 2017 rev:18 rq:534326 version:2017+git1505340320.5afa5b8159

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-09-15 
21:05:47.918092492 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-10-23 
16:39:01.292755474 +0200
@@ -1,0 +2,7 @@
+Mon Oct 16 09:02:28 UTC 2017 - g...@suse.com
+
+- Update ovmf-gdb-symbols.patch to avoid some symbols from being
+  removed (bsc#1063463)
+- Add needssslcertforbuild back. It's useful for the devel projects.
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.M2Nrbc/_old  2017-10-23 16:39:02.532697446 +0200
+++ /var/tmp/diff_new_pack.M2Nrbc/_new  2017-10-23 16:39:02.536697259 +0200
@@ -14,6 +14,7 @@
 
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
+# needssslcertforbuild
 
 
 %undefine _build_create_debug












++ ovmf-gdb-symbols.patch ++
--- /var/tmp/diff_new_pack.M2Nrbc/_old  2017-10-23 16:39:02.684690334 +0200
+++ /var/tmp/diff_new_pack.M2Nrbc/_new  2017-10-23 16:39:02.688690146 +0200
@@ -1,7 +1,7 @@
-From 983c7fbc2444cbbbf3b82ae07a56232075a412bb Mon Sep 17 00:00:00 2001
+From 6f04d3c7e2fd042e1d367d9c4c0a9d19080f0e19 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin 
 Date: Tue, 24 Jun 2014 11:57:32 +0800
-Subject: [PATCH 1/2] Add DebugPkg
+Subject: [PATCH 1/3] Add DebugPkg
 
 ---
  DebugPkg/DebugPkg.dec|  34 +
@@ -14,10 +14,11 @@
  create mode 100644 DebugPkg/GdbSyms/GdbSyms.inf
  create mode 100644 DebugPkg/Scripts/gdb_uefi.py
 
-Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/DebugPkg.dec
-===
+diff --git a/DebugPkg/DebugPkg.dec b/DebugPkg/DebugPkg.dec
+new file mode 100644
+index 00..e12401de3e
 --- /dev/null
-+++ ovmf-2017+git1472049752.ea2f21e/DebugPkg/DebugPkg.dec
 b/DebugPkg/DebugPkg.dec
 @@ -0,0 +1,34 @@
 +## @file
 +#  Debug package - various useful stuff for debugging.
@@ -53,10 +54,11 @@
 +
 +[LibraryClasses]
 +
-Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.c
-===
+diff --git a/DebugPkg/GdbSyms/GdbSyms.c b/DebugPkg/GdbSyms/GdbSyms.c
+new file mode 100644
+index 00..2551dfab90
 --- /dev/null
-+++ ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.c
 b/DebugPkg/GdbSyms/GdbSyms.c
 @@ -0,0 +1,70 @@
 +/** @file
 +
@@ -128,10 +130,11 @@
 +}
 +
 +
-Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.inf
-===
+diff --git a/DebugPkg/GdbSyms/GdbSyms.inf b/DebugPkg/GdbSyms/GdbSyms.inf
+new file mode 100644
+index 00..afb78871b8
 --- /dev/null
-+++ ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.inf
 b/DebugPkg/GdbSyms/GdbSyms.inf
 @@ -0,0 +1,57 @@
 +## @file
 +#
@@ -190,11 +193,12 @@
 +[Depex]
 +  TRUE
 +
-Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/Scripts/gdb_uefi.py
-===
+diff --git a/DebugPkg/Scripts/gdb_uefi.py b/DebugPkg/Scripts/gdb_uefi.py
+new file mode 100644
+index 00..dac215c538
 --- /dev/null
-+++ ovmf-2017+git1472049752.ea2f21e/DebugPkg/Scripts/gdb_uefi.py
-@@ -0,0 +1,350 @@
 b/DebugPkg/Scripts/gdb_uefi.py
+@@ -0,0 +1,348 @@
 +"""
 +Allows loading TianoCore symbols into a GDB session attached to EFI
 +Firmware.
@@ -215,7 +219,6 @@
 +import array
 +import getopt
 +import binascii
-+import re
 +
 +__license__ = "BSD"
 +__version = "1.0.0"
@@ -441,7 +444,6 @@
 +base = base + opt['SizeOfHeaders']
 +if sym_name != self.EINVAL:
 +sym_name = sym_name.cast (self.ptype('CHAR8')).string ()
-+sym_name = re.sub(r"\.dll$", ".debug", sym_name)
 +syms.append ("add-symbol-file %s 0x%x" % \
 + (sym_name,
 +  long (base)))
@@ -545,12 +547,85 @@
 +ReloadUefi ()
 +
 +
-Index: ovmf-2017+git1472049752.ea2f21e/OvmfPkg/OvmfPkgX64.dsc
-===
 ovmf-2017+git1472049752.ea2f21e.orig/OvmfPkg/OvmfPkgX64.dsc
-+++ ovmf-2017+git1472049752.ea2f21e/OvmfPkg/OvmfPkgX64.dsc
-@@ -821,3 +821,4 @@
+-- 
+2.14.2
+
+
+From 670d526765a9b0f3f6b3f64f4f51a3aa03028e88 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin 
+Date: Tue, 24 Jun 2014 11:59:02 +0800
+Subject: [PATCH

commit ovmf for openSUSE:Factory

2017-09-15 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-09-15 21:05:38

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Fri Sep 15 21:05:38 2017 rev:17 rq:526242 version:2017+git1505340320.5afa5b8159

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-09-04 
12:28:32.833106144 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-09-15 
21:05:47.918092492 +0200
@@ -1,0 +2,166 @@
+Thu Sep 14 02:20:26 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1505340320.5afa5b8159
+  + MdeModulePkg/UdfDxe: suppress incorrect compiler warning in
+ReadFile()
+  + MdeModulePkg/UdfDxe: reject reserved values in ICB.Flags[2:0]
+  + MdeModulePkg: Add UdfDxe to the dsc file
+  + MdeModulePkg: Update PiDxeS3BootScriptLib Internal function name
+  + MdeModulePkg/UdfDxe: Remove negative comparison of unsigned
+number
+  + ArmVirtPkg/ArmVirtQemu: port HTTP_BOOT_ENABLE from OvmfPkg
+  + ArmVirtPkg: don't build the network stack uselessly for Xen
+  + MdeModulePkg/PartitionDxe: remove always false comparison
+  + MdeModulePkg/PartitionDxe: don't divide 64-bit values with C
+operators
+  + MdeModulePkg/UdfDxe: replace zero-init of local variables with
+ZeroMem()
+  + MdeModulePkg/UdfDxe: don't return unset Status if INLINE_DATA
+req succeeds
+  + MdeModulePkg/UdfDxe: ASSERT() valid ReadFileInfo Flags for
+INLINE_DATA req
+  + MdeModulePkg/UdfDxe: Initialize the array after declaration
+  + ShellPkg/Ifconfig6: Update error message and add a new line
+  + NetworkPkg/IScsiDxe: Fix the incorrect max length of IP_ADDRESS
+  + OvmfPkg/SataControllerDxe: log informative message at
+DEBUG_INFO level
+  + OvmfPkg/PlatformBootManagerLib: log informative message at
+DEBUG_INFO lvl
+  + OvmfPkg/PlatformPei: log informative message at DEBUG_INFO level
+  + UefiCpuPkg/CpuDxe: log informative message at DEBUG_INFO level
+  + MdeModulePkg/UsbBusDxe: log warning message at DEBUG_WARN level
+  + OvmfPkg/PlatformDebugLibIoPort: write messages with IoWriteFifo8()
+  + MdePkg/BaseIoLibIntrinsic: fix SEV (=unrolled) variants of IoWriteFifoXX()
+  + MdeModulePkg Xhci: Correct description of Timeout param in XhciReg.h
+  + BaseTools/GCC: set -Wno-unused-const-variable on RELEASE builds
+  + ArmVirtPkg: Enable UDF file system support
+  + OvmfPkg: Enable UDF file system support
+  + MdeModulePkg/PartitionDxe: Add UDF file system support
+  + OvmfPkg/IoMmuDxe: unmap all IOMMU mappings at ExitBootServices()
+  + OvmfPkg/IoMmuDxe: generalize IoMmuUnmap() to IoMmuUnmapWorker()
+  + OvmfPkg/IoMmuDxe: track all mappings
+  + OvmfPkg/VirtioScsiDxe: don't unmap VRING at ExitBootServices()
+  + OvmfPkg/VirtioRngDxe: don't unmap VRING at ExitBootServices()
+  + OvmfPkg/VirtioGpuDxe: don't unmap VRING & BackingStore at ExitBootServices
+  + OvmfPkg/VirtioBlkDxe: don't unmap VRING at ExitBootServices()
+  + MdeModulePkg/AtaAtapiPassThru: disable the device at ExitBootServices()
+  + MdeModulePkg/AtaAtapiPassThru: unmap DMA buffers after disabling
+BM DMA
+  + MdeModulePkg/AtaAtapiPassThru: cache EnabledPciAttributes
+  + OvmfPkg/SecMain: Fix stack switching to permanent memory
+  + ArmPkg: add ArmCrashDumpDxe driver
+  + MdeModulePkg, NetworkPkg: Fix GCC build error
+  + NetworkPkg/Ip6Dxe: fix a bug in IP6 driver for IpSec protocol
+notify
+  + MdeModulePkg/Ip4Dxe: fix a bug in IP4 driver for IpSec protocol
+notify
+  + MdePkg: Add UEFI 2.7 defined GUID and structure for AIP network
+media type
+  + MdeModulePkg/UefiBootManagerLib: Generate boot description for
+SD/eMMC
+  + Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice
+  + SecurityPkg/Pkcs7Verify: Complete the Pkcs7VerifyDxe protocol
+  + MdePkg PeiMemoryAllocationLib: Update InternalAllocateAlignedPages
+  + MdePkg PeiMemoryAllocationLib: Update Free(Aligned)Pages
+  + MdeModule PeiCore: Support pre memory page allocation
+  + OvmfPkg/VirtioGpuDxe: negotiate VIRTIO_F_IOMMU_PLATFORM
+  + OvmfPkg/VirtioGpuDxe: map backing store to bus master device address
+  + OvmfPkg/VirtioGpuDxe: helpers for backing store (de)allocation+(un)mapping
+  + OvmfPkg/VirtioGpuDxe: take EFI_PHYSICAL_ADDRESS in ResourceAttachBacking()
+  + OvmfPkg/VirtioGpuDxe: map virtio GPU command objects to device
+addresses
+  + OvmfPkg/VirtioGpuDxe: map VRING for bus master common buffer
+operation
+  + OvmfPkg/IoMmuDxe: IoMmuFreeBuffer(): clean up DEBUG message
+  + OvmfPkg/IoMmuDxe: IoMmuAllocateBuffer(): nicer and more
+informative DEBUGs
+  + OvmfPkg/IoMmuDxe: IoMmuUnmap(): clean up DEBUG message
+  + OvmfPkg/IoMmuDxe: IoMmuMap(): log nicer and more informative
+DEBUG msgs
+  + OvmfPkg/BaseMemEncryptSevLib: clean up upper-case / lower-case
+in DEBUGs

commit ovmf for openSUSE:Factory

2017-09-04 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-09-04 12:28:30

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Mon Sep  4 12:28:30 2017 rev:16 rq:519253 version:2017+git1502826981.a136bc3ccf

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-08-22 
11:05:20.536595743 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-09-04 
12:28:32.833106144 +0200
@@ -1,0 +2,6 @@
+Mon Aug 28 08:54:14 UTC 2017 - g...@suse.com
+
+- Update ovmf-embed-default-keys.patch to handle the empty
+  certificate files correctly
+
+---



Other differences:
--











++ ovmf-embed-default-keys.patch ++
--- /var/tmp/diff_new_pack.jQ0PSf/_old  2017-09-04 12:28:34.928811497 +0200
+++ /var/tmp/diff_new_pack.jQ0PSf/_new  2017-09-04 12:28:34.936810372 +0200
@@ -1,7 +1,7 @@
-From 6bf96df236dbe46c1e4591b6a59553928bfd603c Mon Sep 17 00:00:00 2001
+From b967e8dc2bea98736d8544d9ee2565f71ac06d08 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin 
 Date: Fri, 10 May 2013 10:27:51 +0800
-Subject: [PATCH 1/2] Add a stub to allow keys to be embedded at build time
+Subject: [PATCH 1/3] Add a stub to allow keys to be embedded at build time
 
 Signed-off-by: Gary Ching-Pang Lin 
 ---
@@ -18,7 +18,7 @@
  create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_PK.h
 
 diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c 
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
-index c4fbb64..9e12588 100644
+index 792a1232ae..f5f954e534 100644
 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
 +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
 @@ -23,6 +23,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
@@ -223,7 +223,7 @@
// Reserve runtime buffer for public key database. The size excludes 
variable header and name size.
//
 diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf 
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-index 572ba4e..1a46019 100644
+index 572ba4e120..1a46019a5f 100644
 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 @@ -33,6 +33,10 @@ [Sources]
@@ -239,7 +239,7 @@
MdePkg/MdePkg.dec
 diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DB.h 
b/SecurityPkg/Library/AuthVariableLib/Default_DB.h
 new file mode 100644
-index 000..4d13894
+index 00..4d13894216
 --- /dev/null
 +++ b/SecurityPkg/Library/AuthVariableLib/Default_DB.h
 @@ -0,0 +1,2 @@
@@ -247,7 +247,7 @@
 +unsigned int Default_DB_len = 0;
 diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DBX.h 
b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h
 new file mode 100644
-index 000..5fd3cdc
+index 00..5fd3cdc0f4
 --- /dev/null
 +++ b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h
 @@ -0,0 +1,2 @@
@@ -255,7 +255,7 @@
 +unsigned int Default_DBX_len = 0;
 diff --git a/SecurityPkg/Library/AuthVariableLib/Default_KEK.h 
b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h
 new file mode 100644
-index 000..80883de
+index 00..80883de1ae
 --- /dev/null
 +++ b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h
 @@ -0,0 +1,2 @@
@@ -263,20 +263,20 @@
 +unsigned int Default_KEK_len = 0;
 diff --git a/SecurityPkg/Library/AuthVariableLib/Default_PK.h 
b/SecurityPkg/Library/AuthVariableLib/Default_PK.h
 new file mode 100644
-index 000..23b90e4
+index 00..23b90e45f0
 --- /dev/null
 +++ b/SecurityPkg/Library/AuthVariableLib/Default_PK.h
 @@ -0,0 +1,2 @@
 +unsigned char *Default_PK = NULL;
 +unsigned int Default_PK_len = 0;
 -- 
-2.8.1
+2.14.1
 
 
-From a627dbe16f6ebe1a1f294c82c30f7ad9745baf04 Mon Sep 17 00:00:00 2001
+From 5e76fc193363471e9720005bdb8e4c62fb15de6b Mon Sep 17 00:00:00 2001
 From: Gary Lin 
 Date: Tue, 15 Dec 2015 16:54:54 +0800
-Subject: [PATCH 2/2] Add DB_EX to include one more DB cert
+Subject: [PATCH 2/3] Add DB_EX to include one more DB cert
 
 Signed-off-by: Gary Lin 
 ---
@@ -286,7 +286,7 @@
  create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
 
 diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c 
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
-index 9e12588..523b0e4 100644
+index f5f954e534..803b77d178 100644
 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
 +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
 @@ -26,6 +26,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
@@ -353,12

commit ovmf for openSUSE:Factory

2017-08-22 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-08-22 11:05:10

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Tue Aug 22 11:05:10 2017 rev:15 rq:517308 version:2017+git1502826981.a136bc3ccf

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-06-17 
10:19:09.768138196 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-08-22 
11:05:20.536595743 +0200
@@ -1,0 +2,361 @@
+Thu Aug 17 04:10:00 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1502826981.a136bc3ccf
+  + OvmfPkg/Protocol/VirtioDevice: fix comment style
+  + OvmfPkg/VirtioMmioDeviceLib: add missing IN and OUT decoration
+  + OvmfPkg/VirtioPciDeviceDxe: add missing IN and OUT decoration
+  + OvmfPkg/Virtio10Dxe: supply missing BUS_MASTER attribute
+  + OvmfPkg/VirtioPciDeviceDxe: supply missing BUS_MASTER attribute
+  + UefiCpuPkg MpInitLib: Save/restore original WakeupBuffer for
+DxeMpLib
+  + ShellPkg UefiDpLib: Init CustomCumulativeData.MinDur
+  + MdeModulePkg DxeCore: Enhance "ConvertPages: Incompatible
+memory types"
+  + MdeModulePkg DxeCore: Fix double free pages on LoadImage
+failure path
+  + NetworkPkg/HttpBootDxe: Update device path node to include DNS
+information
+  + MdeModulePkg/UefiBootManagerLib: Support DNS device path
+description
+  + MdePkg/UefiDevicePathLib: Add DevPathFromTextDns and
+DevPathToTextDns libraries
+  + MdePkg/DevicePath.h: Add DNS Device Path definition
+  + NetworkPkg/HttpDxe: Handle the HttpVersionUnsupported in the
+HttpConfigData
+  + BaseTools: Support TabSpace between section tag in DEC file
+  + BaseTools: Don't need to add extra quotes when UI string from
+file
+  + BaseTools/UPT: Support Multiple Installation
+  + BaseTools/Scripts: Add sample makefile for use with
+RunMakefile.py
+  + BaseTools/Scripts: Add python script to run a makefile
+  + BaseTools/build: Expand PREBUILD/POSTBUILD DSC actions
+  + NetworkPkg/Ip6Dxe: Support SetData interface to clear specific
+configuration
+  + MdeModulePkg/Ip4Dxe: Support SetData interface to clear
+specific configuration
+  + ShellPkg/drivers: Fix GCC build failure
+  + BaseTools/edksetup.sh: fix invalid test for current working
+directory
+  + ShellPkg/driver: Show "-" in non-SFO mode
+  + ShellPkg/drivers: Show Image Name in non-SFO mode
+  + MdeModulePkg: Variable: Fix typo in variable measure
+  + MdeModulePkg/NvmExpressDxe: Notify NVME HW when system reset
+happens
+  + MdePkg/Nvme: Add NVME shutdown notification related macros
+  + NetworkPkg/HttpBootDxe: Refine the coding style.
+  + OvmfPkg/AcpiPlatformDxe: short-circuit the transfer of an empty
+S3_CONTEXT
+  + MdeModulePkg SerialDxe: Process timeout consistently in
+SerialRead
+  + UefiCpuPkg MtrrLib: Remove deprecated micro.
+  + UefiCpuPkg CpuDxe: Remove reference deprecated macro.
+  + UefiCpuPkg CpuDxe: Enhance get mtrr mask logic.
+  + BaseTools/Conf: apply nasmb, asm16 build rule order
+  + NetworkPkg/HttpDxe: Support HTTP Patch method
+  + OvmfPkg/PlatformPei: support >=1TB high RAM, and discontiguous
+high RAM
+  + OvmfPkg/QemuFwCfgLib: Use BusMasterCommonBuffer to map
+FW_CFG_DMA_ACCESS
+  + OvmfPkg/IoMmuDxe: Unmap(): recycle MAP_INFO after
+BusMasterCommonBuffer[64]
+  + OvmfPkg/IoMmuDxe: abort harder on memory encryption mask
+failures
+  + OvmfPkg/IoMmuDxe: implement in-place decryption/encryption for
+Map/Unmap
+  + OvmfPkg/IoMmuDxe: rework setup of "MapInfo->PlainTextAddress"
+in Map()
+  + OvmfPkg/IoMmuDxe: zero out pages before releasing them
+  + OvmfPkg/IoMmuDxe: clean up used library classes
+  + OvmfPkg/IoMmuDxe: propagate errors from AmdSevInstallIoMmuProtocol()
+  + OvmfPkg/IoMmuDxe: don't initialize local variables
+  + OvmfPkg/IoMmuDxe: convert UINTN arguments to UINT64 for the
+%Lx fmt spec
+  + OvmfPkg/IoMmuDxe: rename HostAddress to CryptedAddress in
+MAP_INFO
+  + OvmfPkg/IoMmuDxe: rename DeviceAddress to PlainTextAddress in
+MAP_INFO
+  + OvmfPkg/IoMmuDxe: rewrap source code to 79 characters
+  + OvmfPkg/IoMmuDxe: Fix header guard macro
+  + MdeModulePkg/DisplayEngine: Fix incorrect display issue
+  + BaseTools/VfrCompile: Remove the MAX_PATH limitation
+  + BaseTools/VfrCompile: Fix segmentation fault issues
+  + NetworkPkg: iSCSI should allow to set 6 or 12 length of ISID
+keyword.
+  + UefiCpuPkg: Enable Processor Trace feature.
+  + UefiCpuPkg: Add Processor Trace feature definition.
+  + UefiCpuPkg: Add Pcds used by processor trace feature.
+  + UefiCpuPkg/Msr: Add a missing IvyBridge processor signature
+  + MdeModulePkg PeiCore: Install SEC HOB data
+  + MdePkg: Add definition for SecHobData PPI
+  + UefiCpuPkg PiSmmCpuDxeSmm: Check LMCE capability when

commit ovmf for openSUSE:Factory

2017-06-17 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-06-17 10:19:03

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Sat Jun 17 10:19:03 2017 rev:14 rq:501237 version:2017+git1496630893.7ec69844b8

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-05-27 
13:06:00.556317490 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-06-17 
10:19:09.768138196 +0200
@@ -1,0 +2,77 @@
+Mon Jun  5 09:34:28 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1496630893.7ec69844b8
+  + ShellPkg/alias: Fix bug to support upper-case alias
+  + BaseTools/GCC ARM/AARCH64: Force disable PIE
+  + BaseTools/Scripts: discard .gnu.hash section in GCC builds
+  + OvmfPkg: make the 4MB flash size the default
+  + MdeModulePkg/BDS: Fix a buffer overflow bug
+  + CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
+  + UefiCpuPkg/BaseUefiCpuLib: Use NASM read-only data section name
+  + OvmfPkg/PlatformPei: align EmuVariableNvStore at any page boundary
+  + OvmfPkg/EmuVariableFvbRuntimeDxe: change block size to 4KB
+  + OvmfPkg/EmuVariableFvbRuntimeDxe: correct NumOfLba vararg type
+in EraseBlocks()
+  + ArmPlatformPkg/NorFlashDxe: correct NumOfLba vararg type in
+EraseBlocks()
+  + OvmfPkg/EmuVariableFvbRuntimeDxe: always format an auth
+varstore header
+  + MdeModulePkg/PciBus: Add IOMMU support
+  + MdeModulePkg/PciHostBridge: Add IOMMU support
+  + MdeModulePkg/Include: Add IOMMU protocol definition
+  + ShellPkg/HandleParsingLib: Show LoadedImageProtocol file path
+as text
+  + NetworkPkg: Fix issue in dns driver when building DHCP packet
+  + Addressing TCP Window Retraction when window scale factor is used
+  + Add wnd scale check before shrinking window
+  + UefiCpuPkg/MtrrLib: Don't report OutOfResource when MTRR is enough
+  + MdePkg DxeServicesLib: Handle potential NULL FvHandle
+  + OvmfPkg/PlatformPei: handle non-power-of-two spare size for
+emu variables
+  + SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contents
+  + OvmfPkg: raise max variable size (auth & non-auth) to 33KB for
+FD_SIZE_4MB
+  + OvmfPkg: introduce 4MB flash image (mainly) for Windows HCK
+  + OvmfPkg/OvmfPkg.fdf.inc: extract VARS_LIVE_SIZE and
+VARS_SPARE_SIZE macros
+  + OvmfPkg: introduce the FD_SIZE_IN_KB macro / build flag
+  + ArmVirtPkg: install EdkiiPlatformHasDeviceTree proto in the
+32-bit builds
+  + NetworkPkg: Fix PXEv6 boot failure when DhcpBinl offer received
+  + NetworkPkg: Fix bug in iSCSI mode ipv6 when enabling target DHCP
+  + Fix issue the iSCSI client can not send reset packet
+  + CryptoPkg/SmmCryptLib: Enable HMAC-SHA256 support for SMM
+  + ShellPkg/Shell: eliminate double-free in RunSplitCommand()
+  + ShellPkg/Shell: clean up bogus member types in SPLIT_LIST
+  + MdeModulePKg/BDS: Build meaningful description for Wi-Fi boot
+option
+  + MdeModulePkg/DeviceManagerUiLib: Fix the network device MAC
+display issue
+  + MdeModulePkg/Mtftp4Dxe: Add invalid ServerIp check during MTFTP
+configuration
+  + NetworkPkg/TlsAuthConfigDxe: Close and free the file related
+resource
+  + NetworkPkg: Correct the proxy DHCP offer handing
+  + NetworkPkg/HttpDxe: Fix HTTP download OS image over 4G size
+failure
+  + MdeModulePkg/UefiBootManagerLib: Avoid buggy USB short-form
+expanding
+  + NetworkPkg: Fix bug related DAD issue in IP6 driver
+  + NetworkPkg: Add check logic for iSCSI driver
+  + MdeModulePkg PiSmmCore: Enhance SMM FreePool to catch buffer
+overflow
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Lock should be acquired
+  + MdeModulePkg/BootManagerMenu: Add assertion to indicate no DIV
+by 0
+  + CryptoPkg: Correct some minor issues in function comments
+  + MdePkg/UefiLib: Avoid mis-calculate of graphic console size
+  + MdeModulePkg/PiSmmCore: Fix potentially uninitialized local
+variable
+  + MdeModulePkg DxeCore: Fix issue to print GUID value %g without
+pointer
+  + ArmVirtPkg/ArmVirtXen: remove ARM BdsLib library class resolution
+- Add ovmf-disable-ia32-firmware-piepic.patch to disable pic/pie
+  explicitly since gcc7 in Factory enables pic/pie by default but
+  GenFw cannot handle the GOT sections and failed the build.
+
+---

Old:

  ovmf-2017+git1492060560.b6d11d7c46.tar.xz

New:

  ovmf-2017+git1496630893.7ec69844b8.tar.xz
  ovmf-disable-ia32-firmware-piepic.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.mZrIbY/_old  2017-06-17 10:19:11.123946942 +0200
+++ /var/tmp/diff_new_pack.mZrIbY/_new  2017-06-17 10:19:11.127946378 +0200
@@ -24,7

commit ovmf for openSUSE:Factory

2017-05-27 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-05-27 13:05:59

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Sat May 27 13:05:59 2017 rev:13 rq:493403 version:2017+git1492060560.b6d11d7c46

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-05-03 
15:57:55.298029805 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-05-27 
13:06:00.556317490 +0200
@@ -1,0 +2,6 @@
+Sat May  6 20:34:20 UTC 2017 - meiss...@suse.com
+
+- ovmf-pie.patch: add -fPIE to the Common build Makefile to 
+  allow a global PIE build.
+
+---
@@ -137,0 +144 @@
+(bsc#1030565)
@@ -442,0 +450 @@
+(bsc#1013603)
@@ -451 +459 @@
-vblk prefix
+vblk prefix (bsc#1009707)

New:

  ovmf-pie.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.P6n86Q/_old  2017-05-27 13:06:02.963977074 +0200
+++ /var/tmp/diff_new_pack.P6n86Q/_new  2017-05-27 13:06:02.967976508 +0200
@@ -14,7 +14,6 @@
 
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
-# needssslcertforbuild
 
 
 %undefine _build_create_debug
@@ -47,6 +46,7 @@
 Source101:  gdb_uefi.py.in
 Patch2: %{name}-embed-default-keys.patch
 Patch3: %{name}-gdb-symbols.patch
+Patch4: %{name}-pie.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  fdupes
 BuildRequires:  gcc
@@ -160,6 +160,7 @@
 %patch2 -p1
 %endif
 %patch3 -p1
+%patch4 -p1
 
 # add openssl
 pushd CryptoPkg/Library/OpensslLib












++ ovmf-pie.patch ++
Index: 
ovmf-2017+git1492060560.b6d11d7c46/BaseTools/Source/C/Makefiles/header.makefile
===
--- 
ovmf-2017+git1492060560.b6d11d7c46.orig/BaseTools/Source/C/Makefiles/header.makefile
+++ 
ovmf-2017+git1492060560.b6d11d7c46/BaseTools/Source/C/Makefiles/header.makefile
@@ -49,7 +49,7 @@ ifeq ($(DARWIN),Darwin)
 # assume clang or clang compatible flags on OS X
 BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror 
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
 else
-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror 
-Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror 
-Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g -fPIE
 endif
 BUILD_LFLAGS =
 BUILD_CXXFLAGS = -Wno-unused-result

commit ovmf for openSUSE:Factory

2017-05-03 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-05-03 15:57:50

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Wed May  3 15:57:50 2017 rev:12 rq:492421 version:2017+git1492060560.b6d11d7c46

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-04-24 
09:46:43.305456052 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-05-03 
15:57:55.298029805 +0200
@@ -4 +4 @@
-- Update to 2017+git1492060560.b6d11d7c46
+- Update to 2017+git1492060560.b6d11d7c46 (fate#322331, bsc#1032659)



Other differences:
--

commit ovmf for openSUSE:Factory

2017-04-24 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-04-24 09:46:39

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Mon Apr 24 09:46:39 2017 rev:11 rq:487904 version:2017+git1492060560.b6d11d7c46

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2017-03-10 
21:09:33.454888394 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-04-24 
09:46:43.305456052 +0200
@@ -1,0 +2,118 @@
+Thu Apr 13 07:13:09 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1492060560.b6d11d7c46
+  + MdePkg: BaseIoLibIntrinsic (IoLib class) library
+  + MdeModulePkg/IdeBusPei: Fix undefined behavior in signed left
+shift
+  + MdeModulePkg/ScsiDiskDxe: Fix undefined behavior in signed left
+shift
+  + OvmfPkg/QemuVideoDxe: VMWare SVGA device support
+  + MdeModulePkg/UefiBootManagerLib: Enhance short-form expanding
+logic
+  + CryptoPkg/BaseCryptLib: Adding NULL checking in time() wrapper
+  + CryptoPkg: Fix possible unresolved external symbol issue.
+  + CryptoPkg/OpensslLib: Suppress extra build warnings in openssl
+source
+  + CryptoPkg: Move openssl and CRT headers to private include
+section
+  + BaseTools: Update tools_def.template to add -fno-builtin in GCC
+tool chain
+  + SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to
+DBX
+  + MdeModulePkg/UefiHiiLib:Fix incorrect comparison expression
+  + ArmVirtPkg/ArmVirtQemuKernel: increase slack space for DTB
+  + ArmVirtPkg/FdtClientDxe: honor memory DT node 'status' property
+  + NetworkPkg: Fix some bugs related to iSCSI keyword configuration
+  + MdeModulePkg/DxeHttpLib: Avoid the pointless comparison of
+UINTN with zero
+  + BaseTools: Enhance expression to support some more operation
+  + MdePkg/Shell.h: Update Shell version from 2.1 to 2.2
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Update saved SMM ranges check in
+SmmProfile
+  + ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
+override
+  + BaseTools/GCC AARCH64: force disable PIC code generation
+  + UefiCpuPkg/MtrrLib: Use a better algorithm to calculate MTRR
+  + MdeModulePkg/SmmCore: Fix memory leak on Profile unregistered
+  + OvmfPkg: Allow multiple add-pointer linker commands to same
+ACPI table
+- Drop upstream patch: ovmf-bsc1031336-fix-hii-gcc7-build.patch
+
+---
+Wed Apr  5 04:43:20 UTC 2017 - g...@suse.com
+
+- Add ovmf-bsc1031336-fix-hii-gcc7-build.patch to fix gcc7 build
+  (bsc#1031336)
+
+---
+Thu Mar 30 08:31:38 UTC 2017 - g...@suse.com
+
+- Update to 2017+git1490844769.d3017dd96b
+  + MdeModulePkg/DxeHttpLib: Fix the incorrect return status if URI
+port is invalid
+  + NetworkPkg/DnsDxe: Fix zero StationIp configuration failure of
+DNSv6
+  + CryptoPkg: Clean-up CRT Library Wrapper
+  + CryptoPkg: Fix handling of  function pointers
+  + CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x
+build
+  + ArmVirtPkg/PlatformHasAcpiDtDxe: don't expose DT if QEMU
+provides ACPI
+  + ArmVirtPkg: enable AcpiTableDxe and EFI_ACPI_TABLE_PROTOCOL
+dynamically
+  + ArmVirtPkg: add XenPlatformHasAcpiDtDxe
+  + ArmVirtPkg: add PlatformHasAcpiDtDxe
+  + UefiCpuPkg/AcpiCpuData.h: Support >4GB MMIO address
+  + NetworkPkg/IScsiDxe: Fix the incorrect error handling in
+DriverEntryPoint
+  + Fix potential ASSERT if NetIp4IsUnicast is called
+  + ArmPkg/PlatformBootManagerLib: move to BootLogoLib for boot
+splash support
+  + UefiCpuPkg: Add CPU Features PEI/DXE drivers
+  + ArmVirtPkg/HighMemDxe: use CPU arch protocol to apply memprotect
+policy
+  + MdeModulePkg/BootGraphicsResourceTableDxe: don't allocate below
+4 GB
+  + MdeModulePkg/DxeCore: deal with allocations spanning several
+memmap entries
+  + MdeModulePkg/AcpiTableDxe: Not make FADT.{DSDT,X_DSDT} mutual
+exclusion
+  + NetworkPkg: Fix service binding issue in TCP dxe
+  + MdeModulePkg: Fix service binding issue in TCP4 and Ip4 dxe
+  + MdeModulePkg: Fix bug in DxeHttplib when converting port number
+  + MdeModulePkg/Ip4Dxe: Add Ip/Netmask pair check for Ip4Config2
+  + ArmPkg/UncachedMemoryAllocationLib: set XP bit via CPU arch
+protocol
+  + MdeModulePkg DxeCore: Remove unreferenced symbol for memory
+profile
+  + MdeModulePkg PiSmmCore: Remove unreferenced symbol for SMRAM
+profile
+  + NetworkPkg: Fix potential bug if the iSCSI use dns protocol
+  + MdePkg/UefiDevicePathLib: Fix the wrong MAC address length
+  + OvmfPkg/AcpiPlatformDxe: save fw_cfg boot script with QemuFwCfgS3Lib
+  + ArmVirtPkg, OvmfPkg: retire QemuFwCfgS3Enabled() from QemuFwCfgLib
+  + OvmfPkg: resolve QemuFwCfgS3Lib
+  + ArmVirtPkg:

commit ovmf for openSUSE:Factory

2017-01-25 Thread root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2017-01-25 22:39:45

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-12-02 
16:37:06.0 +0100
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2017-01-25 
22:39:47.129323003 +0100
@@ -1,0 +2,77 @@
+Tue Jan 24 04:04:31 UTC 2017 - g...@suse.com
+
+- update to 2017+git1485224553.6671cd7444
+  + NetworkPkg: Fix protocol handler service in HttpDxe
+  + OvmfPkg: Allow HTTP connections if HTTP Boot enabled
+  + NetworkPkg: Add PCD to enable the HTTP connections switch
+  + MdePkg: Add definitions for SMBIOS spec 3.1.0 
+  + ArmPlatformPkg/NorFlashDxe: Change Flash memory attributes
+before writes
+  + MdePkg DxeHobLib: Make GetHobList working before Constructor
+is called
+  + NetworkPkg: Add dns support for target URL configuration in
+ISCSI
+  + MdeModulePkg/FileExplorer: Enable functionality of creating
+new file/folder
+  + OvmfPkg: pull in TLS modules with -D TLS_ENABLE (also enabling
+HTTPS)
+  + OvmfPkg: correct the IScsiDxe module included for the IPv6 stack
+  + OvmfPkg: always resolve OpenSslLib, IntrinsicLib and
+BaseCryptLib
+  + OvmfPkg: Modify QemuFwCfgLib to use new IoLib class library
+  + OvmgPkg/PlatformBootManagerLib: Add Debug Agent console
+  + OvmfPkg/SmmControl2Dxe: correct PCI_CONFIG_READ_WRITE in S3
+boot script
+  + OvmfPkg: Install BGRT ACPI table
+  + MdeModulePkg/Bds: Fix a bug that may causes S4 fails to resume
+  + MdePkg, MdeModulePkg: S3BootScriptSaveMemPoll(): accept 64-bit
+LoopTimes
+  + NetworkPkg/HttpDxe: Fix the potential NULL dereference
+  + NetworkPkg/HttpDxe: HTTPS support over IPv4 and IPv6
+  + NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS
+auth configuration
+  + NetworkPkg/TlsDxe: TlsDxe driver implementation over OpenSSL
+  + MdePkg: Add TLS related protocol definition
+  + MdePkg/MemoryLib: Refine InternalMemSetMem16|32|64 functions
+logic
+  + NetworkPkg: Replace ASSERT with error return code in PXE and
+HTTP boot driver
+  + MdeModulePkg: Replace ASSERT with error return code in PXE
+driver
+  + UefiCpuPkg/Cpuid.h: Update CPUID definitions with SDM (Sep.2016)
+  + UefiCpuPkg/Include: Update MSR header files with SDM (Sep.2016)
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Always initialze PSD
+  + MdeModulePkg/PiSmmCore: MemoryAttributeTable need keep non-PE
+record
+  + MdeModulePkg/PiSmmCore: AllocatePool should use MemoryType
+  + OvmfPkg/XenHypercallLib: Add EFIAPI
+  + OvmfPkg/QemuFwCfgLib: support QEMU's DMA-like fw_cfg access
+method
+  + ArmVirtPkg/QemuFwCfgLib: rebase lib instance to updated lib
+class header
+  + OvmfPkg/QemuFwCfgLib: extend lib class header with more
+definitions
+  + ArmVirtPkg, OvmfPkg: QemuFwCfgLib: move DMA-related defs to lib
+class
+  + OvmfPkg/QemuFwCfgLib: move InternalQemuFwCfgIsAvailable() to
+lib instances
+  + ArmVirtPkg/QemuFwCfgLib: remove superfluous InternalQemuFwCfgIsAvailable()
+  + OvmfPkg: Remove use of IntelFrameworkModulePkg legacy libs
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Remove MTRRs from PSD structure
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Clear some semaphores on S3 boot
+path
+  + ArmPkg/ArmDmaLib: add support for fixed host-to-device DMA
+offset
+  + ArmPkg/ArmDmaLib: clean up abuse of device address
+  + ArmPkg/ArmDmaLib: fix incorrect device address of double buffer
+  + ArmPkg/ArmDmaLib: use DMA buffer alignment from CPU arch
+protocol
+  + ArmPkg/ArmMmuLib: support page tables in cacheable memory only
+  + UefiCpuPkg/PiSmmCpu: relax superpage protection on page split
+  + OvmfPkg/PlatformPei: take VCPU count from QEMU and configure
+MpInitLib
+  + UefiCpuPkg/MpInitLib: wait no longer than necessary for initial
+AP startup
+- Enable TLS support by default (for HTTPS)
+
+---

Old:

  ovmf-2017+git1480394913.2b2efe3.tar.xz

New:

  ovmf-2017+git1485224553.6671cd7444.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.Pxqcnd/_old  2017-01-25 22:39:48.849063188 +0100
+++ /var/tmp/diff_new_pack.Pxqcnd/_new  2017-01-25 22:39:48.861061376 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 Summary:Open Virtual Machine Firmware
 License:

commit ovmf for openSUSE:Factory

2016-12-02 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-12-02 16:37:04

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-10-18 
10:09:16.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-12-02 
16:37:06.0 +0100
@@ -1,0 +2,149 @@
+Tue Nov 29 07:07:40 UTC 2016 - g...@suse.com
+
+- update to 2017+git1480394913.2b2efe3:
+  + UefiCpuPkg/PiSmmCpuDxeSmm: handle dynamic
+PcdCpuMaxLogicalProcessorNumber
+  + SecurityPkg Tcg2ConfigDxe: Align Attempt TPM Device help with
+options
+  + SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related
+strings
+  + SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
+  + SecurityPkg Tcg2PPLib: Support BlockSID related actions
+  + MdeModulePkg/NetLib: Handle an invalid IPv6 address case
+  + UefiCpuPkg/DxeMpLib: Fix bug when getting target C-State from
+eax
+  + UefiCpuPkg/DxeMpLib: Make sure APs in safe loop code
+  + UefiCpuPkg/DxeMpLib: Allocate new safe stack < 4GB
+  + UefiCpuPkg/DxeMpLib: Get safe AP loop handler from global
+variable
+  + ArmPlatformPkg: Fix VE RTSM mem map descriptor count
+  + ArmPlatformPkg: Reformat VE Memory Map code
+  + ArmPkg: remove the LinuxLoader application
+  + MdeModulePkg/SetupBrowser:Don't support password without
+interactive flag
+  + MdeModulePkg/DisplayEngine: Popup dialogue when password is
+not supported
+  + MdeModulePkg/AtaAtapiPassThru: Ensure GHC.AE bit is always set
+in Ahci
+  + MdeModulePkg/Xhci: Add 10ms delay before sending SendAddr cmd
+to dev
+  + UefiCpuPkg/PiSmmCpu: Correct exception message
+  + UefiCpuPkg: fix feature test for Extended Topology CPUID leaf
+  + SecurityPkg DxeTcg2PPLib: Lock Tcg2PhysicalPresenceFlags
+variable on S4
+  + MdeModulePkg/DxeNetLib: Allow the IPv4/prefix case when
+AsciiStrToIp4
+  + ShellPkg: update ping6 to use timer service instead of timer
+arch protocol
+  + MdeModulePkg/DisplayEngine: Return the selectable menu
+correctly
+  + SecurityPkg Tcg2Dxe: ASSERT to ensure 'VarData' is not NULL
+  + SecurityPkg TcgStorageCoreLib: ASSERT to ensure 'ByteSeq' is
+not NULL
+  + UefiCpuPkg/PiSmmCpuDxeSmm: dynamic PcdCpuSmmApSyncTimeout,
+PcdCpuSmmSyncMode
+  + MdeModulePkg/PiSmmCore: Cache CommunicationBuffer info before
+using it
+  + Check for the max DHCP packet length before use it
+  + OvmfPkg: Add 4K PE alignment to enable SMM page level
+protection
+  + UefiCpuPkg/PiSmmCpu: Check XdSupport before set NX
+  + MdeModulePkg/BdsDxe: Avoid overwriting PlatformRecovery
+  + MdeModulePkg/BdsDxe: Fix bug to run non-first
+PlatformRecovery
+  + PcAtChipsetPkg/PcRtc: Handle NULL table entry in RSDT/XSDT
+  + UefiCpuPkg/SecCore: Correct print format for stack information
+  + MdeModulePkg/PiSmmCpuDxeSmm: Check RegisterCpuInterruptHandler
+status
+  + MdeModulePkg/CpuExceptionHanderLibNull:
+RegisterCpuInterruptHandler()
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Add volatile to mNumberToFinish
+  + UefiCpuPkg/PiSmmCpuDxeSmm: TransferApToSafeState() use UINTN
+params
+  + MdePkg/BaseSynchronizationLib: Fix function names in function
+headers
+  + MdePkg/BaseSynchronizationLib: Add volatile Interlocked*() APIs
+  + MdePkg/Include: Add volatile to SynchronizationLib parameters
+  + UefiCpuPkg/MpInitLib: support 64-bit AP stack addresses
+  + UefiCpuPkg/MpInitLib/X64/MpFuncs.nasm: fix fatal typo
+  + UefiCpuPkg/MpInitLib/X64/MpFuncs.nasm: remove superfluous
+instruction
+  + UefiCpuPkg/DxeMpInitLib: remove duplicate HobLib class
+dependency
+  + MdeModulePkg/Include: Add PiSmmMemoryAttributesTable.h
+  + MdeModulePkg HiiDatabase: Remove extra memory initialization
+  + UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection
+  + UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable
+  + MdeModulePkg/PiSmmCore: Add MemoryAttributes support
+  + ArmVirtPkg DxeHobLib: Update func header description of
+BuildFv(2)Hob()
+  + IntelFrameworkPkg PeiHobLib: Check FV alignment when building
+FV HOB
+  + MdePkg HobLib: Check FV alignment when building FV HOB
+  + MdeModulePkg DxeCore: Show error message on unaligned FvImage
+issue
+  + MdeModulePkg/Ip4Dxe: Correct the return status
+  + MdeModulePkg/Ip4Dxe: Add wrong/invalid subnet check
+  + OvmfPkg AcpiTables: Use PcdDebugIoPort to describe QEMU debug
+console
+  + MdePkg/BaseLib: Add one wrapper on RdRand access for parameter
+check
+  + UefiCpuPkg/MpInitLib: Update AP information when BSP switched
+  + UefiCpuPkg/MpInitLib: Program AP stack in fixed address
+  + UefiCpuPkg/MpInitLib: Add InitFlag and CpuInfo in
+MP_CPU_EXCHANGE_INFO
+  + UefiCpuPkg/MpInitLib: Remove CPU

commit ovmf for openSUSE:Factory

2016-10-18 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-10-18 10:09:14

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-09-25 
14:29:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-10-18 
10:09:16.0 +0200
@@ -1,0 +2,34 @@
+Thu Oct 13 07:07:04 UTC 2016 - g...@suse.com
+
+- update to 2017+git1476331065.08354c3:
+  + OvmfPkg: add NOOPT build target for source level debugging
+  + OvmfPkg: QemuVideoDxe uses MdeModulePkg/FrameBufferLib
+  + BaseTools: support the NOOPT target with the GCC tool chains
+  + BaseTools Makefile: Enable O2 option for GCC tool chain
+  + CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j
+  + MdeModulePkg/Logo: Add LogoDxe module
+  + MdeModulePkg/HiiDatabase: Add HiiImageEx implementation
+  + MdeModulePkg/PciBusDxe: make OPROM BAR degradation configurable
+  + NetworkPkg: Correct the DNS token return status by RCODE
+  + BaseTools/EfiRom: supply missing machine type lookup strings
+  + ArmVirtPkg: restrict mapping attributes of normal memory to
+EFI_MEMORY_WB
+  + OvmfPkg/QemuBootOrderLib: drop too strict "/HD(" suffix from
+vblk prefix
+  + NetworkPkg/DnsDxe: Handle CNAME type responded from the name
+server
+  + ArmVirtPkg/FdtPciHostBridgeLib: enable 64-bit PCI DMA
+  + MdeModulePkg: Support classless IP for DHCPv4 TransmitReceive()
+  + ArmVirtPkg: implement FdtPciHostBridgeLib
+  + OvmfPkg: Use MdeModulePkg/ResetSystemRuntimeDxe
+  + OvmfPkg/VirtioGpuDxe: implement EFI_GRAPHICS_OUTPUT_PROTOCOL
+  + include VirtioGpuDxe in the platform DSC/FDF files
+  + OvmfPkg/Virtio10Dxe: don't bind virtio-vga
+  + OvmfPkg/QemuVideoDxe: don't incorrectly bind virtio-gpu-pci
+  + BaseTools/GenFw: ignore dynamic RELA sections 
+  + Add implementations of API IsZeroBuffer()
+  + ArmVirtPkg: Add Ramdisk support to ArmVirtPkg platforms
+  + ArmVirtPkg: Move inclusion of AcpiTableDxe.inf to ArmVirt.dsc.inc 
+- Drop upstreamed ArmVirtPkg-Enable-PCI-bus-probing-again.patch
+
+---

Old:

  ArmVirtPkg-Enable-PCI-bus-probing-again.patch
  openssl-1.0.2h.tar.gz
  openssl-1.0.2h.tar.gz.asc
  ovmf-2017+git1472049752.ea2f21e.tar.xz

New:

  openssl-1.0.2j.tar.gz
  openssl-1.0.2j.tar.gz.asc
  ovmf-2017+git1476331065.08354c3.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.jZzWbo/_old  2016-10-18 10:09:18.0 +0200
+++ /var/tmp/diff_new_pack.jZzWbo/_new  2016-10-18 10:09:18.0 +0200
@@ -19,14 +19,14 @@
 # needssslcertforbuild
 
 %undefine _build_create_debug
-%define   openssl_version 1.0.2h
+%define   openssl_version 1.0.2j
 
 Name:   ovmf
 Url:
http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2017+git1472049752.ea2f21e
+Version:2017+git1476331065.08354c3
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
@@ -48,7 +48,6 @@
 Source101:  gdb_uefi.py.in
 Patch2: %{name}-embed-default-keys.patch
 Patch3: %{name}-gdb-symbols.patch
-Patch4: ArmVirtPkg-Enable-PCI-bus-probing-again.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  fdupes
 BuildRequires:  gcc
@@ -164,7 +163,6 @@
 %patch2 -p1
 %endif
 %patch3 -p1
-%patch4 -p1
 # Intel has special patches for openssl
 pushd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version}
 patch -p1 -i ../EDKII_openssl-%{openssl_version}.patch






++ ovmf-2017+git1472049752.ea2f21e.tar.xz -> 
ovmf-2017+git1476331065.08354c3.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2017+git1472049752.ea2f21e.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2017+git1476331065.08354c3.tar.xz 
differ: char 25, line 1

commit ovmf for openSUSE:Factory

2016-09-25 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-09-25 14:28:59

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-08-26 
23:14:07.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-09-25 
14:29:01.0 +0200
@@ -1,0 +2,10 @@
+Wed Sep 14 10:13:49 UTC 2016 - dmuel...@suse.com
+
+- update to 2017+git1472049752.ea2f21e:
+  + switches git branch from an (outdated) master tree
+  to the UDK2017 branch, which provides an insane amount of
+  changes. for details please look at 
https://github.com/tianocore/edk2/commits/UDK2017
+- unify build flags with aarch64 build for increased compatibility with
+  openSUSE installation medias
+
+---

Old:

  ovmf-2015+git1471575292.00bcb5c.tar.xz

New:

  ovmf-2017+git1472049752.ea2f21e.tar.xz



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.UxH8fY/_old  2016-09-25 14:29:03.0 +0200
+++ /var/tmp/diff_new_pack.UxH8fY/_new  2016-09-25 14:29:03.0 +0200
@@ -26,7 +26,7 @@
 Summary:Open Virtual Machine Firmware
 License:BSD-2-Clause
 Group:  System/Emulators/PC
-Version:2015+git1471575292.00bcb5c
+Version:2017+git1472049752.ea2f21e
 Release:0
 Source0:%{name}-%{version}.tar.xz
 Source1:
https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
@@ -53,10 +53,10 @@
 BuildRequires:  fdupes
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
+BuildRequires:  iasl
 BuildRequires:  libuuid-devel
 BuildRequires:  python
-%ifnarch aarch64 %arm
-BuildRequires:  iasl
+%ifnarch %arm
 BuildRequires:  nasm
 %endif
 %ifarch x86_64
@@ -193,7 +193,7 @@
make -C BaseTools
 %else
 %ifarch aarch64
-   BUILD_OPTIONS="-D SECURE_BOOT_ENABLE -a AARCH64 -p 
ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t $TOOL_CHAIN_TAG"
+   BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b 
DEBUG -t $TOOL_CHAIN_TAG"
ARCH=AARCH64 make -C BaseTools
 %else
 %ifarch %arm
@@ -316,7 +316,7 @@
 
 %else
 %ifarch aarch64
-cp Build/ArmVirtQemu-AARCH64/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
+cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
 dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
 dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
 dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64




++ _service ++
--- /var/tmp/diff_new_pack.UxH8fY/_old  2016-09-25 14:29:03.0 +0200
+++ /var/tmp/diff_new_pack.UxH8fY/_new  2016-09-25 14:29:03.0 +0200
@@ -1,7 +1,8 @@
 
   
 ovmf
-2015+git%at.%h
+2017+git%at.%h
+UDK2017
 https://github.com/tianocore/edk2.git
 git
   




++ ovmf-2015+git1471575292.00bcb5c.tar.xz -> 
ovmf-2017+git1472049752.ea2f21e.tar.xz ++
/work/SRC/openSUSE:Factory/ovmf/ovmf-2015+git1471575292.00bcb5c.tar.xz 
/work/SRC/openSUSE:Factory/.ovmf.new/ovmf-2017+git1472049752.ea2f21e.tar.xz 
differ: char 25, line 1

++ ovmf-gdb-symbols.patch ++
--- /var/tmp/diff_new_pack.UxH8fY/_old  2016-09-25 14:29:03.0 +0200
+++ /var/tmp/diff_new_pack.UxH8fY/_new  2016-09-25 14:29:03.0 +0200
@@ -14,11 +14,10 @@
  create mode 100644 DebugPkg/GdbSyms/GdbSyms.inf
  create mode 100644 DebugPkg/Scripts/gdb_uefi.py
 
-diff --git a/DebugPkg/DebugPkg.dec b/DebugPkg/DebugPkg.dec
-new file mode 100644
-index 000..e12401d
+Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/DebugPkg.dec
+===
 --- /dev/null
-+++ b/DebugPkg/DebugPkg.dec
 ovmf-2017+git1472049752.ea2f21e/DebugPkg/DebugPkg.dec
 @@ -0,0 +1,34 @@
 +## @file
 +#  Debug package - various useful stuff for debugging.
@@ -54,11 +53,10 @@
 +
 +[LibraryClasses]
 +
-diff --git a/DebugPkg/GdbSyms/GdbSyms.c b/DebugPkg/GdbSyms/GdbSyms.c
-new file mode 100644
-index 000..2551dfa
+Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.c
+===
 --- /dev/null
-+++ b/DebugPkg/GdbSyms/GdbSyms.c
 ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.c
 @@ -0,0 +1,70 @@
 +/** @file
 +
@@ -130,11 +128,10 @@
 +}
 +
 +
-diff --git a/DebugPkg/GdbSyms/GdbSyms.inf b/DebugPkg/GdbSyms/GdbSyms.inf
-new file mode 100644
-index 000..afb7887
+Index: ovmf-2017+git1472049752.ea2f21e/DebugPkg/GdbSyms/GdbSyms.inf
+===
 --- /dev/null
-+++ b/DebugPkg/GdbSyms/GdbSyms.inf

commit ovmf for openSUSE:Factory

2016-08-26 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-08-26 23:14:04

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-08-03 
11:36:53.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-08-26 
23:14:07.0 +0200
@@ -1,0 +2,132 @@
+Fri Aug 19 06:30:05 UTC 2016 - g...@suse.com
+
+- Update to 2015+git1471575292.00bcb5c
+  + NetworkPkg/IpSecDxe: Fix UEFI IKE Initial Exchange failure
+  + MdeModulePkg: Fix potential failure if UseDefaultAddress
+configured
+  + OvmfPkg: Add MpInitLib reference in DSC files
+  + SecurityPkg: AuthVariableLib: Fix inconsistent CertDB case
+  + OvmfPkg: use StatusCode Router and Handler from MdeModulePkg
+  + ArmVirtPkg/ArmVirtPrePiUniCoreRelocatable: deal with relaxed
+XIP alignment
+  + BaseTools GCC: introduce GCC5 toolchain to support GCC v5.x in
+LTO mode
+  + BaseTools GCC: use 'gcc' as the linker command for GCC44 and
+later
+  + ArmVirtPkg/ArmVirtPrePiUniCoreRelocatable: ignore .hash and
+.note sections
+  + OvmfPkg/Sec: Support SECTION2 DXEFV types
+  + Preserve hii section in GCC binaries
+  + Fix IPv6 HTTPClient vendor class data
+  + CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2h
+  + NetworkPkg: Fix bug in TCP which not sending out ACK in
+certain circumstance
+  + OvmfPkg: include UefiCpuPkg/CpuMpPei
+  + OvmfPkg/PlatformPei: rebase and resize the permanent PEI memory
+for S3
+  + SecurityPkg SecureBootConfigDxe: Add check for the external
+PE/COFF image
+  + ArmVirtPkg/PlatformBootManagerLib: remove stale FvFile boot
+options
+  + OvmfPkg/PlatformPei: add missing auto variable initialization
+  + OvmfPkg: add PciHotPlugInitDxe
+  + MdeModulePkg/PciBusDxe: recognize hotplug-capable PCIe ports
+  + OvmfPkg/PlatformBootManagerLib: remove stale FvFile boot
+options
+  + OvmfPkg: add a Name GUID to each Firmware Volume
+  + CryptoPkg BaseCryptLib: Init the content of struct 'CertCtx'
+before use
+  + CryptoPkg BaseCryptLib: Avoid passing NULL ptr to function
+BN_bn2bin()
+  + MdeModulePkg/Bds: MemoryTypeInformation excludes boot option
+mem use
+  + MdeModulePkg: Fix IPv4 stack potential disappeared issue
+  + NetworkPkg: Stop the HTTP Boot service after the boot image
+download complete
+  + ArmVirtPkg: Re-add the Driver Health Manager
+  + OvmfPkg: Re-add the Driver Health Manager
+  + ArmVirtPkg/ArmVirtXen: Add ACPI support for Virt Xen ARM
+  + Massive conversion of assembly code to NASM
+  + MdeModulePkg/UefiBootManagerLib: Fix data in
+MemoryTypeInformation
+  + ArmVirtPkg: add FDF definition for empty varstore
+  + ArmVirtPkg/ArmVirtQemu: switch secure boot build to NorFlashDxe
+  + NetworkPkg: Handling timeout case in httpboot driver
+  + NetworkPkg: HttpDxe response/cancel issue fix
+  + NetworkPkg: Support TCP Cancel function
+  + MdeModulePkg/RamDiskDxe: Add Memory Type selection support in
+Ramdisk HII
+  + MdeModulePkg RamDiskDxe: Do not save 'Size' numeric value by
+varstore
+  + MdeModulePkg: Fix IPv4 UseDefaultAddress failure case
+  + MdeModulePkg/AtaBusDxe: Fix some ATA hard drives cannot be
+discovered
+  + ArmVirtPkg/PlatformBootManagerLib: rebase boot logo display to
+BootLogoLib
+  + OvmfPkg: set SMM stack size to 16KB
+  + OvmfPkg/PlatformBootManagerLib: Connect the Xen drivers before
+loading NvVars
+  + MdeModulePkg: Fix SNP.Initialize() spec conformance issue
+  + OvmfPkg: raise DXEFV size to 10 MB
+  + MdeModulePkg: Stop the timer before clean IP service
+  + OvmfPkg/PlatformBootManagerLib: rebase boot logo display to
+BootLogoLib
+  + OvmfPkg/SerializeVariablesLib: Relax check for the read-only
+variable
+  + OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM
+  + OvmfPkg, ArmVirtPkg: rename QemuNewBootOrderLib to
+QemuBootOrderLib
+  + MdeModulePkg/PciBus: do not improperly degrade resource
+  + NetworkPkg/HttpDxe: Don't free Wrap in HttpTcpReceiveNotifyDpc
+  + NetworkPkg/TcpDxe: Remove the status check of
+SockProcessRcvToken
+  + UefiCpuPkg/SmmCpuFeaturesLib: Add SMRR PhysBase/PhysMask
+fields check
+  + MdeModulePkg: Skip invalid bus number scanning in PciBusDxe
+driver
+  + OvmfPkg/PlatformPei: provide 10 * 4KB of PCI IO Port space on
+Q35
+  + OvmfPkg: introduce ICH9_PMBASE_VALUE
+  + OvmfPkg: replace PcdAcpiPmBaseAddress with PIIX4_PMBA_VALUE
+  + OvmfPkg/AcpiTimerLib: don't use possibly unset PMBA register
+(PEI phase)
+  + MdeModulePkg: Refine the code for DxeHttpLib
+  + OvmfPkg/XenBusDxe: duplicate twice-iterated VA_LIST in
+XenStoreVSPrint()
+  + SecurityPkg: Use PcdGet32() to access PcdPeiCoreMaxFvSupported
+  +

commit ovmf for openSUSE:Factory

2016-08-03 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-08-03 11:36:51

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-07-01 
09:51:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-08-03 
11:36:53.0 +0200
@@ -1,0 +2,9 @@
+Wed Jul 27 04:13:18 UTC 2016 - g...@suse.com
+
+- Update openssl to 1.0.2h (bsc#990612)
+  + Add the patch: ovmf-bsc990612-update-openssl-1.0.2h.patch
+  + Update the openssl tarball
+- Add ovmf-bsc990773-remove-stale-boot-options.patch to remove the
+  stale boot options (bsc#990773)
+
+---

Old:

  openssl-1.0.2g.tar.gz
  openssl-1.0.2g.tar.gz.asc

New:

  openssl-1.0.2h.tar.gz
  openssl-1.0.2h.tar.gz.asc
  ovmf-bsc990612-update-openssl-1.0.2h.patch
  ovmf-bsc990773-remove-stale-boot-options.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.HlhCzv/_old  2016-08-03 11:36:55.0 +0200
+++ /var/tmp/diff_new_pack.HlhCzv/_new  2016-08-03 11:36:55.0 +0200
@@ -19,7 +19,7 @@
 # needssslcertforbuild
 
 %undefine _build_create_debug
-%define   openssl_version 1.0.2g
+%define   openssl_version 1.0.2h
 
 Name:   ovmf
 Url:
http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
@@ -54,6 +54,15 @@
 Patch7: %{name}-bsc980635-fix-http-crash.patch
 Patch8: %{name}-bsc982193-dont-restore-readonly-var.patch
 Patch9: %{name}-bsc982193-connect-xen-drivers.patch
+# NOTE: edk2 retired NO_BUILTIN_VA_FUNCS right after the 1.0.2h patch, so the
+# following commits may be necessary for the next openssl update:
+# b2dc04a87fab89307240dc0f30b9a23bb5726c81 CryptoPkg: set new define to avoid 
MS ABI VA_LIST on GCC/X64
+# 48d5f9a551a93acb45f272dda879b0ab5a504e36 MdePkg: Enable new MS VA intrinsics 
for GNUC x86 64bits build
+# 0676c285ba518ae81ca7f06278d4cc4958660864 EdkCompatibilityPkg: Enable new MS 
VA intrinsics for GNUC x86 64bits build
+# 247093f45d94a3956cdd15c357fe7d6dca878df9 BaseTools/tools_def: enable Os 
optimization for GCC X64 builds
+# 17ab1ec5accc866b77446f4e336e982bb5e1cc9f MdePkg CryptoPkg 
EdkCompatibilityPkg: retire NO_BUILTIN_VA_FUNCS define
+Patch10:%{name}-bsc990612-update-openssl-1.0.2h.patch
+Patch11:%{name}-bsc990773-remove-stale-boot-options.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  fdupes
 BuildRequires:  gcc
@@ -175,6 +184,8 @@
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+%patch11 -p1
 # Intel has special patches for openssl
 pushd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version}
 patch -p1 -i ../EDKII_openssl-%{openssl_version}.patch






++ ovmf-bsc990612-update-openssl-1.0.2h.patch ++
>From 535421d25307a1c212a5f514048229b8ab429d5d Mon Sep 17 00:00:00 2001
From: Qin Long 
Date: Wed, 13 Jul 2016 13:27:11 +0800
Subject: [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2h

OpenSSL 1.0.2h was released with several severity fixes at
03-May-2016 (https://www.openssl.org/news/secadv/20160503.txt).
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to
catch the latest release 1.0.2h.

Cc: Ting Ye 
Cc: David Woodhouse 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long 
Reviewed-by: Ye Ting 
Tested-by: Laszlo Ersek 
---
 CryptoPkg/CryptoPkg.dec|  2 +-
 ...ssl-1.0.2g.patch => EDKII_openssl-1.0.2h.patch} | 97 ++
 CryptoPkg/Library/OpensslLib/Install.cmd   |  2 +-
 CryptoPkg/Library/OpensslLib/Install.sh|  2 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf|  2 +-
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt   | 26 +++---
 6 files changed, 62 insertions(+), 69 deletions(-)
 rename CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2g.patch => 
EDKII_openssl-1.0.2h.patch} (95%)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index e1cdb8e..c0885bb 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -24,7 +24,7 @@ [Defines]
 
 [Includes]
   Include
-  Library/OpensslLib/openssl-1.0.2g/include
+  Library/OpensslLib/openssl-1.0.2h/include
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic 
primitives.
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2g.patch 
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch
similarity index 95%
rename from

commit ovmf for openSUSE:Factory

2016-07-01 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-07-01 09:51:44

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-06-07 
23:47:28.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-07-01 
09:51:46.0 +0200
@@ -1,0 +2,12 @@
+Tue Jun 14 03:16:27 UTC 2016 - g...@suse.com
+
+- Generate the varstore template for AArch64 (bsc#983747,
+  bsc#981836)
+
+---
+Mon Jun  6 13:20:59 UTC 2016 - jeng...@inai.de
+
+- Keep %prep minimal to shorten quilt setup run.
+  Adjust RPM group. Drop redundant 4th defattr argument.
+
+---



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.KJ3Ka7/_old  2016-07-01 09:51:47.0 +0200
+++ /var/tmp/diff_new_pack.KJ3Ka7/_new  2016-07-01 09:51:48.0 +0200
@@ -120,7 +120,7 @@
 
 %package -n qemu-ovmf-x86_64-debug
 Summary:Open Virtual Machine Firmware - debug symbols (x86_64)
-Group:  System/Emulators/PC
+Group:  Development/Debug
 Requires:   qemu
 
 %description -n qemu-ovmf-x86_64-debug
@@ -178,11 +178,13 @@
 # Intel has special patches for openssl
 pushd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version}
 patch -p1 -i ../EDKII_openssl-%{openssl_version}.patch
-cd ..
-./Install.sh
 popd
 
 %build
+pushd CryptoPkg/Library/OpensslLib/
+./Install.sh
+popd
+
 OVMF_FLAGS="-D FD_SIZE_2MB -D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D 
HTTP_BOOT_ENABLE"
 
 %if 0%{?suse_version} > 1320
@@ -325,6 +327,9 @@
 %else
 %ifarch aarch64
 cp Build/ArmVirtQemu-AARCH64/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
+dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
+dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
+dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
 %else
 %ifarch %arm
 cp Build/ArmVirtQemu-ARM/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
@@ -366,6 +371,8 @@
 %ifarch aarch64
 tr -d '\r' < ArmPlatformPkg/License.txt > License.txt
 install -m 0644 -D qemu-uefi-aarch64.bin 
%{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin
+install -m 0644 -D aavmf-aarch64-code.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin
+install -m 0644 -D aavmf-aarch64-vars.bin 
%{buildroot}/%{_datadir}/qemu/aavmf-aarch64-vars.bin
 %else
 %ifarch %arm
 tr -d '\r' < ArmPlatformPkg/License.txt > License.txt
@@ -376,17 +383,17 @@
 %endif #ix86
 
 %files
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc README
 
 %files tools
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
 %{_bindir}/EfiRom
 
 %ifarch %ix86
 %files -n qemu-ovmf-ia32
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc License.txt License-fat-driver.txt 
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/ovmf-ia32*.bin
@@ -394,13 +401,13 @@
 
 %ifarch x86_64
 %files -n qemu-ovmf-x86_64
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc License.txt License-fat-driver.txt 
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/ovmf-x86_64*.bin
 
 %files -n qemu-ovmf-x86_64-debug
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %{_datadir}/ovmf-x86_64/
 %dir /usr/lib/debug/
 /usr/lib/debug/ovmf-x86_64*
@@ -410,15 +417,17 @@
 
 %ifarch aarch64
 %files -n qemu-uefi-aarch64
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc License.txt License-fat-driver.txt 
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/qemu-uefi-aarch64.bin
+%{_datadir}/qemu/aavmf-aarch64-code.bin
+%{_datadir}/qemu/aavmf-aarch64-vars.bin
 %endif
 
 %ifarch %arm
 %files -n qemu-uefi-aarch32
-%defattr(-,root,root,-)
+%defattr(-,root,root)
 %doc License.txt License-fat-driver.txt 
 %dir %{_datadir}/qemu/
 %{_datadir}/qemu/qemu-uefi-aarch32.bin

commit ovmf for openSUSE:Factory

2016-06-07 Thread h_root 
Hello community,

here is the log from the commit of package ovmf for openSUSE:Factory checked in 
at 2016-06-07 23:47:27

Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
 and  /work/SRC/openSUSE:Factory/.ovmf.new (New)


Package is "ovmf"

Changes:

--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes2016-05-25 
21:28:43.0 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes   2016-06-07 
23:47:28.0 +0200
@@ -1,0 +2,7 @@
+Fri Jun  3 03:08:39 UTC 2016 - g...@suse.com
+
+- Add ovmf-bsc982193-dont-restore-readonly-var.patch and
+  ovmf-bsc982193-connect-xen-drivers.patch to fix the file-based
+  NvVars restoring. (bsc#982193) 
+
+---

New:

  ovmf-bsc982193-connect-xen-drivers.patch
  ovmf-bsc982193-dont-restore-readonly-var.patch



Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.WKqNRP/_old  2016-06-07 23:47:29.0 +0200
+++ /var/tmp/diff_new_pack.WKqNRP/_new  2016-06-07 23:47:29.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 # needssslcertforbuild
 
 %undefine _build_create_debug
@@ -51,11 +52,13 @@
 Patch5: %{name}-dxe-10mb.patch
 Patch6: %{name}-bsc976253-postpone-shell.patch
 Patch7: %{name}-bsc980635-fix-http-crash.patch
+Patch8: %{name}-bsc982193-dont-restore-readonly-var.patch
+Patch9: %{name}-bsc982193-connect-xen-drivers.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  libuuid-devel
 BuildRequires:  fdupes
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
+BuildRequires:  libuuid-devel
 BuildRequires:  python
 %ifnarch aarch64 %arm
 BuildRequires:  iasl
@@ -170,6 +173,8 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 # Intel has special patches for openssl
 pushd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version}
 patch -p1 -i ../EDKII_openssl-%{openssl_version}.patch







++ ovmf-bsc982193-connect-xen-drivers.patch ++
>From da2369d21d2e57a0de8fa7ae954812122c87326e Mon Sep 17 00:00:00 2001
From: Gary Lin 
Date: Wed, 1 Jun 2016 18:26:20 +0800
Subject: [PATCH] OvmfPkg/PlatformBootManagerLib: Connect the Xen drivers
 before loading NvVars

When OVMF tried to load the file-based NvVars, it checked all the PCI
instances and connected the drivers to the mass storage device. However,
Xen registered its PCI device with a special class id (0xFF80), so
ConnectRecursivelyIfPciMassStorage() couldn't recognize it and skipped the
driver connecting for Xen PCI devices. In the end, the Xen block device
wasn't initialized until EfiBootManagerConnectAll() was called, and it's
already too late to load NvVars.

This commit connects the Xen drivers in ConnectRecursivelyIfPciMassStorage()
so that Xen can use the file-based NvVars.

v3:
* Introduce XenDetected() to cache the result of Xen detection instead
  of relying on PcdPciDisableBusEnumeration.

v2:
* Cosmetic changes

Cc: Jordan Justen 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin 
Reviewed-by: Jordan Justen 
---
 .../Library/PlatformBootManagerLib/BdsPlatform.c   | 41 --
 .../PlatformBootManagerLib.inf |  1 +
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c 
b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index befcc57..912c5ed 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -13,6 +13,7 @@
 **/
 
 #include "BdsPlatform.h"
+#include 
 #include 
 
 
@@ -1037,6 +1038,37 @@ PciAcpiInitialization (
   IoOr16 ((PciRead32 (Pmba) & ~BIT0) + 4, BIT0);
 }
 
+/**
+  This function detects if OVMF is running on Xen.
+
+**/
+STATIC
+BOOLEAN
+XenDetected (
+  VOID
+  )
+{
+  EFI_HOB_GUID_TYPE *GuidHob;
+  STATIC INTN   FoundHob = -1;
+
+  if (FoundHob == 0) {
+return FALSE;
+  } else if (FoundHob == 1) {
+return TRUE;
+  }
+
+  //
+  // See if a XenInfo HOB is available
+  //
+  GuidHob = GetFirstGuidHob ();
+  if (GuidHob == NULL) {
+FoundHob = 0;
+return FALSE;
+  }
+
+  FoundHob = 1;
+  return TRUE;
+}
 
 EFI_STATUS
 EFIAPI
@@ -1050,7 +1082,11