commit ovmf for openSUSE:Leap:15.2:Update
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2:Update checked in at 2020-09-25 06:22:42 Comparing /work/SRC/openSUSE:Leap:15.2:Update/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.ovmf.new.4249 (New) Package is "ovmf" Fri Sep 25 06:22:42 2020 rev:2 rq:835942 version:unknown Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.IfjHo5/_old 2020-09-25 06:22:43.543304825 +0200 +++ /var/tmp/diff_new_pack.IfjHo5/_new 2020-09-25 06:22:43.543304825 +0200 @@ -1 +1 @@ - +
commit ovmf for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked
in at 2020-04-14 14:20:16
Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old)
and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.3248 (New)
Package is "ovmf"
Tue Apr 14 14:20:16 2020 rev:49 rq:792539 version:201911
Changes:
--- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-03-01
08:51:33.797295856 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.3248/ovmf.changes2020-04-14
14:20:21.245246409 +0200
@@ -1,0 +2,6 @@
+Mon Apr 6 03:54:48 UTC 2020 - Gary Ching-Pang Lin
+
+- Add ovmf-bsc1163927-fix-ping-and-ip6dxe.patch to fix crash and
+ hang in ShellPkg and Ip6Dxe (bsc#1163927, CVE-2019-14559)
+
+---
New:
ovmf-bsc1163927-fix-ping-and-ip6dxe.patch
Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.5cqSPg/_old 2020-04-14 14:20:22.029246994 +0200
+++ /var/tmp/diff_new_pack.5cqSPg/_new 2020-04-14 14:20:22.029246994 +0200
@@ -52,6 +52,7 @@
Patch6:
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch
Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch
+Patch9: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch
Patch100: openssl-fix-syntax-error.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bc
@@ -178,6 +179,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib/openssl
++ ovmf-bsc1163927-fix-ping-and-ip6dxe.patch ++
>From 6a5e9bdd108741bcc8fd68276116f41b4a35da75 Mon Sep 17 00:00:00 2001
From: Maciej Rabeda
Date: Thu, 27 Feb 2020 11:30:43 +0100
Subject: [PATCH 1/3] ShellPkg: Fix 'ping' command Ip4 receive flow.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2032
'ping' command's receive flow utilizes a single Rx token which it
attempts to reuse before recycling the previously received packet.
This causes a situation where under ICMP traffic,
Ping6OnEchoReplyReceived() function will receive an already
recycled packet with EFI_SUCCESS token status and finally
dereference invalid pointers from RxData structure.
Cc: Ray Ni
Cc: Zhichao Gao
Signed-off-by: Maciej Rabeda
Reviewed-by: Siyuan Fu
Acked-by: Zhichao Gao
(cherry picked from commit 65c73df44c61235ede84c5aa1d2eab6650844966)
---
ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
index 23567fa2c1bb..a3fa32515192 100644
--- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
+++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
@@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived (
ON_EXIT:
+ //
+ // Recycle the packet before reusing RxToken
+ //
+ gBS->SignalEvent (Private->IpChoice ==
PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal);
+
if (Private->RxCount < Private->SendNum) {
//
// Continue to receive icmp echo reply packets.
@@ -632,10 +637,6 @@ ON_EXIT:
//
Private->Status = EFI_SUCCESS;
}
- //
- // Singal to recycle the each rxdata here, not at the end of process.
- //
- gBS->SignalEvent (Private->IpChoice ==
PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal);
}
/**
--
2.25.1
>From 35fb4bd10b630663d7eaa6731e15089f2d6091b1 Mon Sep 17 00:00:00 2001
From: Maciej Rabeda
Date: Mon, 2 Mar 2020 13:25:20 +0100
Subject: [PATCH 2/3] NetworkPkg/Ip6Dxe: Improve Neightbor Discovery message
validation.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2174
Problem has been identified with Ip6ProcessRouterAdvertise() when
Router Advertise packet contains options with malicious/invalid
'Length' field. This can lead to platform entering infinite loop
when processing options from that packet.
Cc: Jiaxin Wu
Cc: Siyuan Fu
Signed-off-by: Maciej Rabeda
Reviewed-by: Siyuan Fu
(cherry picked from commit 9c20342eed70ec99ec50cd73cb81804299f05403)
---
NetworkPkg/Ip6Dxe/Ip6Nd.c | 44 ---
NetworkPkg/Ip6Dxe/Ip6Nd.h | 13
NetworkPkg/Ip6Dxe/Ip6Option.c | 57 ++-
3 files changed, 83 insertions(+), 31 deletions(-)
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
index 67d7022a7673..1254f0fdd921 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
+++
commit ovmf for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked
in at 2020-03-01 08:51:14
Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old)
and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New)
Package is "ovmf"
Sun Mar 1 08:51:14 2020 rev:48 rq:779695 version:201911
Changes:
--- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-02-21
23:49:34.760593623 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-03-01
08:51:33.797295856 +0100
@@ -1,0 +2,10 @@
+Mon Feb 24 04:00:24 UTC 2020 - Gary Ching-Pang Lin
+
+- Add ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch to fix
+ dbx signature check (bsc#1163969, CVE-2019-14575)
+ + Also change the order of several patches to distinguish the
+openssl patch
+- Add ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch to fix memory
+ leakage in Ip4Dxe and ArpDxe (bsc#1163927, CVE-2019-14559)
+
+---
@@ -12,0 +23,5 @@
+
+---
+Fri Dec 20 09:11:37 UTC 2019 - Dirk Mueller
+
+- only build -aarch32 Cortex-A15 EFI on armv7hl
New:
ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch
ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch
Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.H9XxJg/_old 2020-03-01 08:51:34.609297471 +0100
+++ /var/tmp/diff_new_pack.H9XxJg/_new 2020-03-01 08:51:34.613297479 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ovmf
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -49,8 +49,10 @@
Patch3: %{name}-pie.patch
Patch4: %{name}-disable-ia32-firmware-piepic.patch
Patch5: %{name}-set-fixed-enroll-time.patch
-Patch6: openssl-fix-syntax-error.patch
-Patch7:
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+Patch6:
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch
+Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch
+Patch100: openssl-fix-syntax-error.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bc
BuildRequires: fdupes
@@ -59,7 +61,7 @@
BuildRequires: iasl
BuildRequires: libuuid-devel
BuildRequires: python3
-%ifnarch %arm
+%ifnarch armv7hl
BuildRequires: nasm
%endif
%ifarch %{secureboot_archs}
@@ -76,7 +78,7 @@
%endif
BuildRequires: unzip
%endif
-ExclusiveArch: %ix86 x86_64 aarch64 %arm
+ExclusiveArch: %ix86 x86_64 aarch64 armv7hl
%description
The Open Virtual Machine Firmware (OVMF) project aims to support
@@ -145,7 +147,7 @@
virt board.
%endif
-%ifarch %arm
+%ifarch armv7hl
%package -n qemu-uefi-aarch32
Summary:UEFI QEMU rom image (AArch32)
Group: System/Emulators/PC
@@ -173,12 +175,14 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%patch7 -p1
+%patch8 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib/openssl
tar -xf %{SOURCE1} --strip 1
-%patch6 -p1
+%patch100 -p1
popd
# add berkeley-softfloat-3
@@ -233,7 +237,7 @@
BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b
DEBUG -t $TOOL_CHAIN_TAG"
ARCH=AARCH64 make -C BaseTools
%else
-%ifarch %arm
+%ifarch armv7hl
# Flavors for arm
FLAVORS=("aavmf-aarch32")
BUILD_ARCH="AARCH32"
@@ -326,7 +330,7 @@
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi .
%else
-%ifarch %arm
+%ifarch armv7hl
# Build the UEFI image
build $BUILD_OPTIONS
@@ -550,7 +554,7 @@
install -m 0644 -D descriptors/*-aarch64*.json \
-t %{buildroot}/%{_datadir}/qemu/firmware
%else
-%ifarch %arm
+%ifarch armv7hl
install -m 0644 -D qemu-uefi-aarch32.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D aavmf-aarch32-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D descriptors/*-aarch32*.json \
@@ -622,7 +626,7 @@
%{_datadir}/qemu/firmware/*-aarch64*.json
%endif
-%ifarch %arm
+%ifarch armv7hl
%files -n qemu-uefi-aarch32
%defattr(-,root,root)
%license License.txt
++ ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch ++
>From 7f9f7fccf58af2db5ac8c88801f56f4efe664fcb Mon Sep 17 00:00:00 2001
From: Jiaxin Wu
Date: Mon, 29 Apr 2019 09:51:53 +0800
Subject: [PATCH 1/2] NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559).
v3: correct the coding style.
v2: correct the commit message & add BZ number.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610
This patch is to check the received
commit ovmf for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked
in at 2020-02-21 23:49:23
Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old)
and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New)
Package is "ovmf"
Fri Feb 21 23:49:23 2020 rev:47 rq:777107 version:201911
Changes:
--- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-02-13
14:40:43.193652803 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-02-21
23:49:34.760593623 +0100
@@ -1,0 +2,7 @@
+Tue Feb 18 09:24:30 UTC 2020 - Gary Ching-Pang Lin
+
+- Add ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
+ to fix the numeric truncation to avoid the potential memory
+ corruption (bsc#1163959, CVE-2019-14563)
+
+---
New:
ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.yc5zE2/_old 2020-02-21 23:49:37.188598449 +0100
+++ /var/tmp/diff_new_pack.yc5zE2/_new 2020-02-21 23:49:37.196598464 +0100
@@ -50,6 +50,7 @@
Patch4: %{name}-disable-ia32-firmware-piepic.patch
Patch5: %{name}-set-fixed-enroll-time.patch
Patch6: openssl-fix-syntax-error.patch
+Patch7:
%{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bc
BuildRequires: fdupes
@@ -172,6 +173,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch7 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib/openssl
++ ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch ++
>From 322ac05f8bbc1bce066af1dabd1b70ccdbe28891 Mon Sep 17 00:00:00 2001
From: Hao A Wu
Date: Fri, 28 Jun 2019 14:15:55 +0800
Subject: [PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric
truncation (CVE-2019-14563)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001
For S3BootScriptLib APIs:
S3BootScriptSaveIoWrite
S3BootScriptSaveMemWrite
S3BootScriptSavePciCfgWrite
S3BootScriptSavePciCfg2Write
S3BootScriptSaveSmbusExecute
S3BootScriptSaveInformation
S3BootScriptSaveInformationAsciiString
S3BootScriptLabel (happen in S3BootScriptLabelInternal())
possible numeric truncations will happen that may lead to S3 boot script
entry with improper size being returned to store the boot script data.
This commit will add checks to prevent this kind of issue.
Please note that the remaining S3BootScriptLib APIs:
S3BootScriptSaveIoReadWrite
S3BootScriptSaveMemReadWrite
S3BootScriptSavePciCfgReadWrite
S3BootScriptSavePciCfg2ReadWrite
S3BootScriptSaveStall
S3BootScriptSaveDispatch2
S3BootScriptSaveDispatch
S3BootScriptSaveMemPoll
S3BootScriptSaveIoPoll
S3BootScriptSavePciPoll
S3BootScriptSavePci2Poll
S3BootScriptCloseTable
S3BootScriptExecute
S3BootScriptMoveLastOpcode
S3BootScriptCompare
are not affected by such numeric truncation.
Signed-off-by: Hao A Wu
Reviewed-by: Laszlo Ersek
Reviewed-by: Eric Dong
Acked-by: Jian J Wang
---
.../PiDxeS3BootScriptLib/BootScriptSave.c | 52 ++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
index 9106e7d0f9f5..9315fc9f0188 100644
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
@@ -1,7 +1,7 @@
/** @file
Save the S3 data to S3 boot script.
- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite (
EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) {
+return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite (
EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) {
+return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite (
commit ovmf for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked
in at 2020-02-13 14:40:40
Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old)
and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New)
Package is "ovmf"
Thu Feb 13 14:40:40 2020 rev:46 rq:773406 version:201911
Changes:
--- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-01-15
15:37:53.719047359 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-02-13
14:40:43.193652803 +0100
@@ -1,0 +2,6 @@
+Mon Feb 3 02:14:23 UTC 2020 - Gary Ching-Pang Lin
+
+- Build the unified firmware with preloaded keys for backward
+ compatibility (bsc#1159793)
+
+---
Other differences:
--
++ ovmf.spec ++
--- /var/tmp/diff_new_pack.aAZ5Z1/_old 2020-02-13 14:40:43.981653234 +0100
+++ /var/tmp/diff_new_pack.aAZ5Z1/_new 2020-02-13 14:40:43.981653234 +0100
@@ -360,19 +360,31 @@
local KEY="$3"
local PKKEK_FILE="$4"
local ISO_FILE="$5"
+ local TYPE="$6"
+ # QEMU parameters
+ # pflash parameters
+ local PFLASH=""
+ if [ $TYPE == "separate" ]; then
local FW_CODE_ORIG="${PREFIX}-code.bin"
local FW_VARS_ORIG="${PREFIX}-vars.bin"
local FW_CODE="${PREFIX}-${KEY}-code.bin"
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
+ local PFLASH_CODE="-drive
if=pflash,format=raw,unit=0,readonly,file=$FW_CODE"
+ local PFLASH_VARS="-drive
if=pflash,format=raw,unit=1,file=$FW_VARS"
ln -s "$FW_CODE_ORIG" "$FW_CODE"
cp "$FW_VARS_ORIG" "$FW_VARS"
- # QEMU parameters
- # pflash parameters
- local PFLASH_CODE="-drive
if=pflash,format=raw,unit=0,readonly,file=$FW_CODE"
- local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS"
+ PFLASH="$PFLASH_CODE $PFLASH_VARS"
+ elif [ $TYPE == "unified" ]; then
+ local UNIFIED_FW_ORIG="${PREFIX}.bin"
+ local UNIFIED_FW="${PREFIX}-${KEY}.bin"
+
+ cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"
+
+ PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
+ fi
# smbios parameters for PK and KEK
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"
@@ -412,7 +424,7 @@
fi
# Launch the VM
- $QEMU $MACHINE $MEMORY $PFLASH_CODE $PFLASH_VARS $SMBIOS $CDROM $MISC
+ $QEMU $MACHINE $MEMORY $PFLASH $SMBIOS $CDROM $MISC
}
# Assign the default PK/KEK
@@ -459,11 +471,22 @@
for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do
build_template "$BUILD_ARCH" "$flavor" "$key" \
- "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}"
+ "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
+ "separate"
done
done
%ifarch x86_64
+# Generate the unified firmware with preloaded keys for backward
+# compatibility. (bsc#1159793)
+for flavor in ${FLAVORS[@]}; do
+ for key in ${KEY_SOURCES[@]}; do
+ build_template "$BUILD_ARCH" "$flavor" "$key" \
+ "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
+ "unified"
+ done
+done
+
# Rename the x86_64 4MB firmware
# We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the
# version < stable201905. Rename the 4MB firmware files for backward
