commit ovmf for openSUSE:Leap:15.2:Update
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2:Update checked in at 2020-09-25 06:22:42 Comparing /work/SRC/openSUSE:Leap:15.2:Update/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.ovmf.new.4249 (New) Package is "ovmf" Fri Sep 25 06:22:42 2020 rev:2 rq:835942 version:unknown Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.IfjHo5/_old 2020-09-25 06:22:43.543304825 +0200 +++ /var/tmp/diff_new_pack.IfjHo5/_new 2020-09-25 06:22:43.543304825 +0200 @@ -1 +1 @@ - +
commit ovmf for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked in at 2020-04-14 14:20:16 Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.3248 (New) Package is "ovmf" Tue Apr 14 14:20:16 2020 rev:49 rq:792539 version:201911 Changes: --- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-03-01 08:51:33.797295856 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.3248/ovmf.changes2020-04-14 14:20:21.245246409 +0200 @@ -1,0 +2,6 @@ +Mon Apr 6 03:54:48 UTC 2020 - Gary Ching-Pang Lin + +- Add ovmf-bsc1163927-fix-ping-and-ip6dxe.patch to fix crash and + hang in ShellPkg and Ip6Dxe (bsc#1163927, CVE-2019-14559) + +--- New: ovmf-bsc1163927-fix-ping-and-ip6dxe.patch Other differences: -- ++ ovmf.spec ++ --- /var/tmp/diff_new_pack.5cqSPg/_old 2020-04-14 14:20:22.029246994 +0200 +++ /var/tmp/diff_new_pack.5cqSPg/_new 2020-04-14 14:20:22.029246994 +0200 @@ -52,6 +52,7 @@ Patch6: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch +Patch9: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch Patch100: openssl-fix-syntax-error.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bc @@ -178,6 +179,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 # add openssl pushd CryptoPkg/Library/OpensslLib/openssl ++ ovmf-bsc1163927-fix-ping-and-ip6dxe.patch ++ >From 6a5e9bdd108741bcc8fd68276116f41b4a35da75 Mon Sep 17 00:00:00 2001 From: Maciej Rabeda Date: Thu, 27 Feb 2020 11:30:43 +0100 Subject: [PATCH 1/3] ShellPkg: Fix 'ping' command Ip4 receive flow. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2032 'ping' command's receive flow utilizes a single Rx token which it attempts to reuse before recycling the previously received packet. This causes a situation where under ICMP traffic, Ping6OnEchoReplyReceived() function will receive an already recycled packet with EFI_SUCCESS token status and finally dereference invalid pointers from RxData structure. Cc: Ray Ni Cc: Zhichao Gao Signed-off-by: Maciej Rabeda Reviewed-by: Siyuan Fu Acked-by: Zhichao Gao (cherry picked from commit 65c73df44c61235ede84c5aa1d2eab6650844966) --- ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c index 23567fa2c1bb..a3fa32515192 100644 --- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c +++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c @@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived ( ON_EXIT: + // + // Recycle the packet before reusing RxToken + // + gBS->SignalEvent (Private->IpChoice == PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal); + if (Private->RxCount < Private->SendNum) { // // Continue to receive icmp echo reply packets. @@ -632,10 +637,6 @@ ON_EXIT: // Private->Status = EFI_SUCCESS; } - // - // Singal to recycle the each rxdata here, not at the end of process. - // - gBS->SignalEvent (Private->IpChoice == PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private->RxToken.Packet.RxData)->RecycleSignal); } /** -- 2.25.1 >From 35fb4bd10b630663d7eaa6731e15089f2d6091b1 Mon Sep 17 00:00:00 2001 From: Maciej Rabeda Date: Mon, 2 Mar 2020 13:25:20 +0100 Subject: [PATCH 2/3] NetworkPkg/Ip6Dxe: Improve Neightbor Discovery message validation. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2174 Problem has been identified with Ip6ProcessRouterAdvertise() when Router Advertise packet contains options with malicious/invalid 'Length' field. This can lead to platform entering infinite loop when processing options from that packet. Cc: Jiaxin Wu Cc: Siyuan Fu Signed-off-by: Maciej Rabeda Reviewed-by: Siyuan Fu (cherry picked from commit 9c20342eed70ec99ec50cd73cb81804299f05403) --- NetworkPkg/Ip6Dxe/Ip6Nd.c | 44 --- NetworkPkg/Ip6Dxe/Ip6Nd.h | 13 NetworkPkg/Ip6Dxe/Ip6Option.c | 57 ++- 3 files changed, 83 insertions(+), 31 deletions(-) diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c index 67d7022a7673..1254f0fdd921 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c +++
commit ovmf for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked in at 2020-03-01 08:51:14 Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New) Package is "ovmf" Sun Mar 1 08:51:14 2020 rev:48 rq:779695 version:201911 Changes: --- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-02-21 23:49:34.760593623 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-03-01 08:51:33.797295856 +0100 @@ -1,0 +2,10 @@ +Mon Feb 24 04:00:24 UTC 2020 - Gary Ching-Pang Lin + +- Add ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch to fix + dbx signature check (bsc#1163969, CVE-2019-14575) + + Also change the order of several patches to distinguish the +openssl patch +- Add ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch to fix memory + leakage in Ip4Dxe and ArpDxe (bsc#1163927, CVE-2019-14559) + +--- @@ -12,0 +23,5 @@ + +--- +Fri Dec 20 09:11:37 UTC 2019 - Dirk Mueller + +- only build -aarch32 Cortex-A15 EFI on armv7hl New: ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch ovmf-bsc1163969-fix-DxeImageVerificationHandler.patch Other differences: -- ++ ovmf.spec ++ --- /var/tmp/diff_new_pack.H9XxJg/_old 2020-03-01 08:51:34.609297471 +0100 +++ /var/tmp/diff_new_pack.H9XxJg/_new 2020-03-01 08:51:34.613297479 +0100 @@ -1,7 +1,7 @@ # # spec file for package ovmf # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -49,8 +49,10 @@ Patch3: %{name}-pie.patch Patch4: %{name}-disable-ia32-firmware-piepic.patch Patch5: %{name}-set-fixed-enroll-time.patch -Patch6: openssl-fix-syntax-error.patch -Patch7: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch +Patch6: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch +Patch7: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch +Patch8: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch +Patch100: openssl-fix-syntax-error.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bc BuildRequires: fdupes @@ -59,7 +61,7 @@ BuildRequires: iasl BuildRequires: libuuid-devel BuildRequires: python3 -%ifnarch %arm +%ifnarch armv7hl BuildRequires: nasm %endif %ifarch %{secureboot_archs} @@ -76,7 +78,7 @@ %endif BuildRequires: unzip %endif -ExclusiveArch: %ix86 x86_64 aarch64 %arm +ExclusiveArch: %ix86 x86_64 aarch64 armv7hl %description The Open Virtual Machine Firmware (OVMF) project aims to support @@ -145,7 +147,7 @@ virt board. %endif -%ifarch %arm +%ifarch armv7hl %package -n qemu-uefi-aarch32 Summary:UEFI QEMU rom image (AArch32) Group: System/Emulators/PC @@ -173,12 +175,14 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch7 -p1 +%patch8 -p1 # add openssl pushd CryptoPkg/Library/OpensslLib/openssl tar -xf %{SOURCE1} --strip 1 -%patch6 -p1 +%patch100 -p1 popd # add berkeley-softfloat-3 @@ -233,7 +237,7 @@ BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b DEBUG -t $TOOL_CHAIN_TAG" ARCH=AARCH64 make -C BaseTools %else -%ifarch %arm +%ifarch armv7hl # Flavors for arm FLAVORS=("aavmf-aarch32") BUILD_ARCH="AARCH32" @@ -326,7 +330,7 @@ cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi . %else -%ifarch %arm +%ifarch armv7hl # Build the UEFI image build $BUILD_OPTIONS @@ -550,7 +554,7 @@ install -m 0644 -D descriptors/*-aarch64*.json \ -t %{buildroot}/%{_datadir}/qemu/firmware %else -%ifarch %arm +%ifarch armv7hl install -m 0644 -D qemu-uefi-aarch32.bin -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D aavmf-aarch32-*.bin -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D descriptors/*-aarch32*.json \ @@ -622,7 +626,7 @@ %{_datadir}/qemu/firmware/*-aarch64*.json %endif -%ifarch %arm +%ifarch armv7hl %files -n qemu-uefi-aarch32 %defattr(-,root,root) %license License.txt ++ ovmf-bsc1163927-fix-ip4dxe-and-arpdxe.patch ++ >From 7f9f7fccf58af2db5ac8c88801f56f4efe664fcb Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Mon, 29 Apr 2019 09:51:53 +0800 Subject: [PATCH 1/2] NetworkPkg/Ip4Dxe: Check the received package length (CVE-2019-14559). v3: correct the coding style. v2: correct the commit message & add BZ number. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610 This patch is to check the received
commit ovmf for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked in at 2020-02-21 23:49:23 Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New) Package is "ovmf" Fri Feb 21 23:49:23 2020 rev:47 rq:777107 version:201911 Changes: --- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-02-13 14:40:43.193652803 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-02-21 23:49:34.760593623 +0100 @@ -1,0 +2,7 @@ +Tue Feb 18 09:24:30 UTC 2020 - Gary Ching-Pang Lin + +- Add ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch + to fix the numeric truncation to avoid the potential memory + corruption (bsc#1163959, CVE-2019-14563) + +--- New: ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch Other differences: -- ++ ovmf.spec ++ --- /var/tmp/diff_new_pack.yc5zE2/_old 2020-02-21 23:49:37.188598449 +0100 +++ /var/tmp/diff_new_pack.yc5zE2/_new 2020-02-21 23:49:37.196598464 +0100 @@ -50,6 +50,7 @@ Patch4: %{name}-disable-ia32-firmware-piepic.patch Patch5: %{name}-set-fixed-enroll-time.patch Patch6: openssl-fix-syntax-error.patch +Patch7: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bc BuildRequires: fdupes @@ -172,6 +173,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch7 -p1 # add openssl pushd CryptoPkg/Library/OpensslLib/openssl ++ ovmf-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch ++ >From 322ac05f8bbc1bce066af1dabd1b70ccdbe28891 Mon Sep 17 00:00:00 2001 From: Hao A Wu Date: Fri, 28 Jun 2019 14:15:55 +0800 Subject: [PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric truncation (CVE-2019-14563) REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001 For S3BootScriptLib APIs: S3BootScriptSaveIoWrite S3BootScriptSaveMemWrite S3BootScriptSavePciCfgWrite S3BootScriptSavePciCfg2Write S3BootScriptSaveSmbusExecute S3BootScriptSaveInformation S3BootScriptSaveInformationAsciiString S3BootScriptLabel (happen in S3BootScriptLabelInternal()) possible numeric truncations will happen that may lead to S3 boot script entry with improper size being returned to store the boot script data. This commit will add checks to prevent this kind of issue. Please note that the remaining S3BootScriptLib APIs: S3BootScriptSaveIoReadWrite S3BootScriptSaveMemReadWrite S3BootScriptSavePciCfgReadWrite S3BootScriptSavePciCfg2ReadWrite S3BootScriptSaveStall S3BootScriptSaveDispatch2 S3BootScriptSaveDispatch S3BootScriptSaveMemPoll S3BootScriptSaveIoPoll S3BootScriptSavePciPoll S3BootScriptSavePci2Poll S3BootScriptCloseTable S3BootScriptExecute S3BootScriptMoveLastOpcode S3BootScriptCompare are not affected by such numeric truncation. Signed-off-by: Hao A Wu Reviewed-by: Laszlo Ersek Reviewed-by: Eric Dong Acked-by: Jian J Wang --- .../PiDxeS3BootScriptLib/BootScriptSave.c | 52 ++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 9106e7d0f9f5..9315fc9f0188 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -1,7 +1,7 @@ /** @file Save the S3 data to S3 boot script. - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite ( EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + + // + // Truncation check + // + if ((Count > MAX_UINT8) || + (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) { +return RETURN_OUT_OF_RESOURCES; + } Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); @@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite ( EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite; WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + + // + // Truncation check + // + if ((Count > MAX_UINT8) || + (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) { +return RETURN_OUT_OF_RESOURCES; + } Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); @@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite (
commit ovmf for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package ovmf for openSUSE:Leap:15.2 checked in at 2020-02-13 14:40:40 Comparing /work/SRC/openSUSE:Leap:15.2/ovmf (Old) and /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092 (New) Package is "ovmf" Thu Feb 13 14:40:40 2020 rev:46 rq:773406 version:201911 Changes: --- /work/SRC/openSUSE:Leap:15.2/ovmf/ovmf.changes 2020-01-15 15:37:53.719047359 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ovmf.new.26092/ovmf.changes 2020-02-13 14:40:43.193652803 +0100 @@ -1,0 +2,6 @@ +Mon Feb 3 02:14:23 UTC 2020 - Gary Ching-Pang Lin + +- Build the unified firmware with preloaded keys for backward + compatibility (bsc#1159793) + +--- Other differences: -- ++ ovmf.spec ++ --- /var/tmp/diff_new_pack.aAZ5Z1/_old 2020-02-13 14:40:43.981653234 +0100 +++ /var/tmp/diff_new_pack.aAZ5Z1/_new 2020-02-13 14:40:43.981653234 +0100 @@ -360,19 +360,31 @@ local KEY="$3" local PKKEK_FILE="$4" local ISO_FILE="$5" + local TYPE="$6" + # QEMU parameters + # pflash parameters + local PFLASH="" + if [ $TYPE == "separate" ]; then local FW_CODE_ORIG="${PREFIX}-code.bin" local FW_VARS_ORIG="${PREFIX}-vars.bin" local FW_CODE="${PREFIX}-${KEY}-code.bin" local FW_VARS="${PREFIX}-${KEY}-vars.bin" + local PFLASH_CODE="-drive if=pflash,format=raw,unit=0,readonly,file=$FW_CODE" + local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS" ln -s "$FW_CODE_ORIG" "$FW_CODE" cp "$FW_VARS_ORIG" "$FW_VARS" - # QEMU parameters - # pflash parameters - local PFLASH_CODE="-drive if=pflash,format=raw,unit=0,readonly,file=$FW_CODE" - local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS" + PFLASH="$PFLASH_CODE $PFLASH_VARS" + elif [ $TYPE == "unified" ]; then + local UNIFIED_FW_ORIG="${PREFIX}.bin" + local UNIFIED_FW="${PREFIX}-${KEY}.bin" + + cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW" + + PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW" + fi # smbios parameters for PK and KEK local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)" @@ -412,7 +424,7 @@ fi # Launch the VM - $QEMU $MACHINE $MEMORY $PFLASH_CODE $PFLASH_VARS $SMBIOS $CDROM $MISC + $QEMU $MACHINE $MEMORY $PFLASH $SMBIOS $CDROM $MISC } # Assign the default PK/KEK @@ -459,11 +471,22 @@ for flavor in ${FLAVORS[@]}; do for key in ${KEY_SOURCES[@]}; do build_template "$BUILD_ARCH" "$flavor" "$key" \ - "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" + "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \ + "separate" done done %ifarch x86_64 +# Generate the unified firmware with preloaded keys for backward +# compatibility. (bsc#1159793) +for flavor in ${FLAVORS[@]}; do + for key in ${KEY_SOURCES[@]}; do + build_template "$BUILD_ARCH" "$flavor" "$key" \ + "${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \ + "unified" + done +done + # Rename the x86_64 4MB firmware # We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the # version < stable201905. Rename the 4MB firmware files for backward