diff --git a/.edk2.metadata b/.edk2.metadata index e053625..3ad7168 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ -858fffdab12810fb170144ffe1a9c39e9fface80 SOURCES/edk2-e1999b264f1f.tar.xz -4c1a80504b0bd3ce87fd9baa30836142620af1eb SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz +ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz +801c454f41332e2dcc783983e65a6930ee7cb810 SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/.gitignore b/.gitignore index ffcb5d4..345e141 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/edk2-e1999b264f1f.tar.xz +SOURCES/edk2-bb1bba3d77.tar.xz SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch index 78d65ea..fcfa987 100644 --- a/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch +++ b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch @@ -1,4 +1,4 @@ -From dca56cf4d28bbbb1d3be029ce9a6710cb3f6cd2f Mon Sep 17 00:00:00 2001 +From 0790c9c4f796fdce8ba6618359b78e1d0b331c95 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:34:12 +0200 Subject: BaseTools: do not build BrotliCompress (RH only) diff --git a/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch index 6046944..a8ef274 100644 --- a/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch +++ b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch @@ -1,4 +1,4 @@ -From 9729dd1d6b83961d531e29777d0cc4a610b108be Mon Sep 17 00:00:00 2001 +From df9e25b7e6179a7764d44f915de95af5f850a020 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:39:08 +0200 Subject: MdeModulePkg: remove package-private Brotli include path (RH only) @@ -31,7 +31,7 @@ Signed-off-by: Laszlo Ersek 1 file changed, 3 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index 8d38383915..ba2d0290e7 100644 +index 463e889e9a..9d69fb86ed 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -24,9 +24,6 @@ diff --git a/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch similarity index 97% rename from SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch rename to SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch index ad9dd72..4107e96 100644 --- a/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +++ b/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -1,4 +1,4 @@ -From ed975a4db7c55e49ab9de1a0919baafdce9661e3 Mon Sep 17 00:00:00 2001 +From 1a1bdd69fad22bbf48e3906bb73b33ede6632102 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 20 Feb 2014 22:54:45 +0100 Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) diff --git a/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch deleted file mode 100644 index 6fb626e..0000000 --- a/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ /dev/null @@ -1,659 +0,0 @@ -From 8c815e04dda7897899dfa011063f779280cd4d5d Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 11 Jun 2014 23:33:33 +0200 -Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) - -Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> -RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: - -- Extend the DSC/FDF change to the new OvmfPkg/AmdSev platform, which has - been introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base - commit to build encrypted boot specific OVMF", 2020-12-14), for - TianoCore#3077. - - We've always patched all those DSC/FDF files in OvmfPkg down-stream that - made sense at least in theory on QEMU. (For example, we've always - patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never - build or ship the pure IA32 firmware platform.) Follow suit with - "AmdSevX64.dsc" and "AmdSevX64.fdf". - - "AmdSevX64.dsc" consumes OpenSSL when built with "-D TPM_ENABLE". - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- Replace the open-coded BSDL with "SPDX-License-Identifier: - BSD-2-Clause-Patent" in the following files: - - - MdeModulePkg/Logo/Logo-OpenSSL.idf - - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - MdeModulePkg/Logo/LogoOpenSSLDxe.uni - - (This should have been done in the previous rebase, because the same - license block changes had been applied to MdeModulePkg/Logo/ in upstream - commit 9d510e61fcee ("MdeModulePkg: Replace BSD License with BSD+Patent - License", 2019-04-09), part of tag edk2-stable201905.) - -Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> -RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: - -- trivial context update (performed silently by git-cherry-pick) for - upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume - CSM components in OvmfPkg", 2019-06-14) - -- A note for the future: the logo could change completely in a subsequent - rebase. See (in - CONFIRMED status at the time of writing). - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The - OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace - obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The - ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg: - Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14). - - Consequently, because the NetworkPkg iSCSI driver requires OpenSSL - unconditionally, as explained in - , this patch now - builds LogoOpenSSLDxe unconditionally, squashing and updating previous - downstream commits - - - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo - (RHEL only) - - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove - incorrect comments.", 2018-02-28) - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- After picking previous downstream-only commit 32192c62e289, carry new - upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing - dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to - "LogoOpenSSLDxe.inf". - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- For more fun, upstream completely changed the way logo bitmaps are - embedded in the firmware binary (see for example commit ab970515d2c6, - "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this - rebase, we reimplement the previous downstream-only commit e775fb20c999, - as described below. - -- Beyond the new bitmap file (which we preserve intact from the last - downstream branch), we introduce: - - - a new IDF (image description file) referencing the new BMP, - - - a new driver INF file, referencing the new BMP and new IDF (same C - source code though), - - - a new UNI (~description) file for the new driver INF file. - -- In the OVMF DSC and FDF files, we select the new driver INF for - inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they - both make use of OpenSSL (although different subsets of it). - -- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE, - because the ArmVirtQemu platform does not support TLS_ENABLE yet. - -- This patch is best displayed with "git show --find-copies-harder". - -Notes about the d7c0dfa -> 90bb4c5 rebase: - -- squash in the following downstream-only commits (made originally for - ): - - - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment - (RHEL only) - - - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure - Boot (RH only) - - The reason is that ideas keep changing when and where to include the - Secure Boot feature, so the logo must be controllable directly on the - build command line, from the RPM spec file. See the following - references: - - - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html - - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html - - https://bugzilla.redhat.com/show_bug.cgi?id=1323363 - -- This squashed variant should remain the final version of this patch. - -Notes about the c9e5618 -> b9ffeab rebase: -- AAVMF gained Secure Boot support, therefore the logo is again modified - in the common location, and no FDF changes are necessary. - -Notes about the 9ece15a -> c9e5618 rebase: -- Logo.bmp is no longer modified in-place; instead a modified copy is - created. That's because AAVMF includes the logo too, but it doesn't - include OpenSSL / Secure Boot, so we need the original copy too. - -Because we may include the OpenSSL library in our OVMF and AAVMF builds -now, we should advertise it as required by its license. This patch takes -the original TianoCore logo, shifts it up by 20 pixels, and adds the -horizontally centered message - - This product includes software developed by the OpenSSL Project - for use in the OpenSSL Toolkit (http://www.openssl.org/) - -below. - -Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24 -Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8 - -Downstream only because upstream edk2 does not intend to release a -secure-boot-enabled OVMF build. (However the advertising requirement in -the OpenSSL license, -"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed -nonetheless, which is why I'm changing the logo.) - -Signed-off-by: Laszlo Ersek -(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) -(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be) -(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3) -(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) -(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849) -(cherry picked from commit 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2) -(cherry picked from commit cee80878b19e51d9b3c63335c681f152dcc59764) ---- - ArmVirtPkg/ArmVirtQemu.dsc | 2 +- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- - MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes - MdeModulePkg/Logo/Logo-OpenSSL.idf | 10 +++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 56 +++++++++++++++++++++++++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 17 ++++++++ - OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- - OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 15 files changed, 94 insertions(+), 11 deletions(-) - create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp - create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf - create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf - create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 7ef5e7297b..54d637163c 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -433,7 +433,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 5b1d100575..6cdbfc39be 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -196,7 +196,7 @@ READ_LOCK_STATUS = TRUE - # - # TianoCore logo (splash screen) - # -- INF MdeModulePkg/Logo/LogoDxe.inf -+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Ramdisk support -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index a542fcb157..f598ac6a85 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -369,7 +369,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp -new file mode 100644 -index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29 -GIT binary patch -literal 156342 -zcmeI5d(>~$xW~&aw_M64NYZ7LkVerMIgB$pYT%5)88Oa?KguvP -zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY -zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l -zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12 -zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo* -z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t -z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw -z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8 -zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&ns#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a? -zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE -z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb -zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK -zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI -zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W) -ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN -z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5& -z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc -z(W5B_Snb5D<LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2` -zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC -z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr -zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O -ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm -zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y -z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn7Jr_# -zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT -zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL -z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7 -zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9 -zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO -zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ -zZ)HZA9HQN?fBowS=bd-nQAZucL9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT -zMP`$;+{w6 -zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts -zL;~RA-VBcb3QU(O`l6 -zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e -zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3HMf%xC9#(>mO=IFj^}NHV#Lj -z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt -zeC{#^7{VZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb -zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y -z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A -zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH -z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q -z#U5^JZ4wkHy#0}}mC!ZV}nnU^RZ+|=Y -zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg| -zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz -z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~z)>P3# -z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3 -z-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq -zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1 -zxc%ShrZ`6<0RHgQodrAoh -zSgFbiHWu-)l-PgPQu`y9%`-LB*)t -z0JfJO;vrkhX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgBgk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD -zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Qp|I9?%YE^} -zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc -z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$ -zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG -zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ -z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY -zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf -z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;4>S -zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl> -z7^rJH4OAO`j``+-dZ#@M60IS}YFFFf)W&VY -za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R) -zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y -zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp -zKFQt>Vbm=t6%*pub_){ -zCA$l<)_b;6)NnQ04>SzuFu1i70ta6~A`DdXC=j -zVqk`4D7>weC&k1#JZWL!jyLuB?XwXz%QkDF -zYqrr5PP5vlI>ta<(`lgE@N@8+3#4^wr`@sI7!sJZ -zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6 -zsm0{}`|r=14;04_w9-uBbSZj=1wN7F69NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+ -zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV -zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B -zp7K{7GJLB2)HbE_`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE -z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K% -zcXytO^3f -zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW -zvK_w54ib*s{pCdx`+U+ -zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK -zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_gaB`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g -zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5vhUWL{rld#LnSaW -zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgMChaRR3Q`NWYVa52T-<54&6jk -z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi}i57aDByd`it`*14L?zOuC7O`Zb -zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6 -zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=| -zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQfr!>mb@vk@wzKEOR -zUl^giiGN`YjEEEA6vzVN5FLCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6 -zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox -z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@ -z;@R>q?8C{=X3m9KyurT&nC9FPkxLoM|ZfkdD{z-Jwk38Gqf -zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZsiV>B`L?96ui-1pi)&}t0pQmuO -zjkyJsVOUMgmwe@7qN10I9 -zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q -z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{ -zrxeRA9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH -zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$ -zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW) -z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw -z3l@f;rKYP((H5Gr$(|rLmcp6r6t4$t%^Y9|aV;zhXpXG7(4w#v;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_ -z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C -zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk -zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y -zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA -zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr= -zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W -z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_ -zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO -z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPTzaT>uOf~q|a}+cx{*6-y -z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB -zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9 -zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^ -zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095 -zOig9PT5`Z>N@_#zD%)aez~YZ -z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{ -z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r -zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^ -zgdamB9JKZss5qfIuEVafQ{8IFHZ(DOQ1 -zL2xbpxXzOgb_Q=@TibUgI`Lgj(=e> -zMU)Nx~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo -zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh -z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{RlEdP#0v4%e#ImMtXlgq`3qxe(=XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE -zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr -zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?Dc?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7> -zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a -z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q -zf7)`qfCKTHn1cVw*|W7Di!H#8j2>&Lm&Lm -z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K -zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@ -z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33Wf`WzQnLf`< -zN(2&t(Fph~a{Oz~wUF}&Lm -+// -+// SPDX-License-Identifier: BSD-2-Clause-Patent -+// -+// **/ -+ -+#image IMG_LOGO Logo-OpenSSL.bmp -diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf -new file mode 100644 -index 0000000000..d1207663b2 ---- /dev/null -+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf -@@ -0,0 +1,56 @@ -+## @file -+# The default logo bitmap picture shown on setup screen. -+# -+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
-+# -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# -+## -+ -+[Defines] -+ INF_VERSION = 0x00010005 -+ BASE_NAME = LogoOpenSSLDxe -+ MODULE_UNI_FILE = LogoOpenSSLDxe.uni -+ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF -+ MODULE_TYPE = DXE_DRIVER -+ VERSION_STRING = 1.0 -+ -+ ENTRY_POINT = InitializeLogo -+# -+# This flag specifies whether HII resource section is generated into PE image. -+# -+ UEFI_HII_RESOURCE_SECTION = TRUE -+ -+# -+# The following information is for reference only and not required by the build tools. -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ Logo-OpenSSL.bmp -+ Logo.c -+ Logo-OpenSSL.idf -+ -+[Packages] -+ MdeModulePkg/MdeModulePkg.dec -+ MdePkg/MdePkg.dec -+ -+[LibraryClasses] -+ UefiBootServicesTableLib -+ UefiDriverEntryPoint -+ DebugLib -+ -+[Protocols] -+ gEfiHiiDatabaseProtocolGuid ## CONSUMES -+ gEfiHiiImageExProtocolGuid ## CONSUMES -+ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES -+ gEdkiiPlatformLogoProtocolGuid ## PRODUCES -+ -+[Depex] -+ gEfiHiiDatabaseProtocolGuid AND -+ gEfiHiiImageExProtocolGuid -+ -+[UserExtensions.TianoCore."ExtraFiles"] -+ LogoDxeExtra.uni -diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni -new file mode 100644 -index 0000000000..6439502b6a ---- /dev/null -+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni -@@ -0,0 +1,17 @@ -+// /** @file -+// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen. -+// -+// This module provides the logo bitmap picture (with OpenSSL advertisment) -+// shown on setup screen, through EDKII Platform Logo protocol. -+// -+// Copyright (c) 2016, Intel Corporation. All rights reserved.
-+// -+// SPDX-License-Identifier: BSD-2-Clause-Patent -+// -+// **/ -+ -+ -+#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen." -+ -+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." -+ -diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 66bbbc80cd..52bcae6cf6 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.dsc -+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -688,7 +688,7 @@ - PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index dd0030dbf1..fa5e484e63 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.fdf -+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -279,7 +279,7 @@ INF OvmfPkg/AmdSev/Grub/Grub.inf - INF ShellPkg/Application/Shell/Shell.inf - !endif - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Usb Support -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 33fbd76790..d8f03caa30 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -777,7 +777,7 @@ - NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index b3c8b56f3b..e3b1d74ce2 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -300,7 +300,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index b13e5cfd90..312577ebae 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -791,7 +791,7 @@ - NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 86592c2364..f7732382d4 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -301,7 +301,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 999738dc39..d72a00e6b4 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -789,7 +789,7 @@ - NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index d6be798fca..137ed6bceb 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -313,7 +313,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules --- -2.27.0 - diff --git a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch similarity index 98% rename from SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch rename to SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch index 73d2995..1ff85cd 100644 --- a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +++ b/SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -1,4 +1,4 @@ -From 6901201d2cd1d943ebd41f3d65102f787540d3c4 Mon Sep 17 00:00:00 2001 +From 8ea4ac38206664e1d833085a0b7d4e0736870c2b Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 18:40:35 +0100 Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) diff --git a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch similarity index 97% rename from SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch rename to SOURCES/0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 5fe8ff6..0e74204 100644 --- a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/SOURCES/0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,4 +1,4 @@ -From 9485b38e5dbfd2e23ea6ad0585e773d7842a1903 Mon Sep 17 00:00:00 2001 +From fbfd113142f594c4f257b5a044a6e17ef7f66505 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH @@ -87,10 +87,10 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index ba2d0290e7..ff70d6e6eb 100644 +index 9d69fb86ed..08d59dfb3e 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -2046,6 +2046,10 @@ +@@ -2076,6 +2076,10 @@ # @Prompt Enable PCIe Resizable BAR Capability support. gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024 diff --git a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch similarity index 90% rename from SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch rename to SOURCES/0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 6e2689a..ae76f7c 100644 --- a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/SOURCES/0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,4 +1,4 @@ -From 1165bbcec94a97cf1d1509df8210feb2e1db00c5 Mon Sep 17 00:00:00 2001 +From 9ea7b3f689bf7d21b869adb829139be7eb91bb33 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) @@ -71,11 +71,11 @@ Signed-off-by: Laszlo Ersek OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/PlatformPei/Platform.c | 1 + - OvmfPkg/PlatformPei/PlatformPei.inf | 1 + - 6 files changed, 6 insertions(+) + OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ + 6 files changed, 7 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 52bcae6cf6..0a8cb7fd3b 100644 +index 5ee5445116..6ea3621225 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -534,6 +534,7 @@ @@ -87,7 +87,7 @@ index 52bcae6cf6..0a8cb7fd3b 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d8f03caa30..e6df324c7c 100644 +index 6a5be97c05..4cacf0ea94 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -594,6 +594,7 @@ @@ -99,7 +99,7 @@ index d8f03caa30..e6df324c7c 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 312577ebae..8104fe0218 100644 +index 71227d1b70..6225f8e095 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -600,6 +600,7 @@ @@ -111,7 +111,7 @@ index 312577ebae..8104fe0218 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d72a00e6b4..3c8b2649a8 100644 +index 52f7598cf1..b66fc67563 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -600,6 +600,7 @@ @@ -123,10 +123,10 @@ index d72a00e6b4..3c8b2649a8 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index 96468701e3..14efbabe39 100644 +index df2d9ad015..d0e2c08de9 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c -@@ -748,6 +748,7 @@ InitializePlatform ( +@@ -752,6 +752,7 @@ InitializePlatform ( MemTypeInfoInitialization (); MemMapInitialization (); NoexecDxeInitialization (); @@ -135,13 +135,14 @@ index 96468701e3..14efbabe39 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index 6ef77ba7bb..22425d34c0 100644 +index 67eb7aa716..7d26b43680 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -97,6 +97,7 @@ +@@ -93,6 +93,8 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved - gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration ++ gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable diff --git a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch similarity index 88% rename from SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch rename to SOURCES/0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index aeb9736..31d88dc 100644 --- a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/SOURCES/0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,4 +1,4 @@ -From 3f9662c435278564640be672f0c4e17e535f1765 Mon Sep 17 00:00:00 2001 +From b846a65eeb926a483cff3e35242097eb6d21ceab Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) @@ -90,15 +90,16 @@ Signed-off-by: Laszlo Ersek ArmVirtPkg/ArmVirtQemu.dsc | 7 +++- .../TerminalPcdProducerLib.c | 34 +++++++++++++++++++ .../TerminalPcdProducerLib.inf | 33 ++++++++++++++++++ - 3 files changed, 73 insertions(+), 1 deletion(-) + OvmfPkg/PlatformPei/PlatformPei.inf | 1 - + 4 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 54d637163c..41a26c8d18 100644 +index 891e065311..e0476ede4f 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -280,6 +280,8 @@ +@@ -282,6 +282,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 !endif @@ -107,7 +108,7 @@ index 54d637163c..41a26c8d18 100644 [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS -@@ -382,7 +384,10 @@ +@@ -384,7 +386,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf @@ -198,6 +199,18 @@ index 0000000000..a51dbd1670 + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES +diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf +index 7d26b43680..69eb3edad3 100644 +--- a/OvmfPkg/PlatformPei/PlatformPei.inf ++++ b/OvmfPkg/PlatformPei/PlatformPei.inf +@@ -93,7 +93,6 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved +- gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable -- 2.27.0 diff --git a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch similarity index 93% rename from SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch rename to SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch index 165dd67..03a185b 100644 --- a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ b/SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -1,4 +1,4 @@ -From e9d9e73c317b256c0bdc6530b82a6a625d7d54db Mon Sep 17 00:00:00 2001 +From e8e12cb7d3a47e5823cf2cb12c9bfe5901d3b100 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:53 +0100 Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH @@ -111,10 +111,10 @@ Signed-off-by: Laszlo Ersek 3 files changed, 6 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index e3b1d74ce2..969524cf3b 100644 +index 775ea2d710..00ea14adf0 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -293,12 +293,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -290,12 +290,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf @@ -127,10 +127,10 @@ index e3b1d74ce2..969524cf3b 100644 INF ShellPkg/Application/Shell/Shell.inf +!endif - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index f7732382d4..36f078556f 100644 +index 9d8695922f..e33a40c44e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -294,12 +294,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf @@ -146,13 +146,13 @@ index f7732382d4..36f078556f 100644 INF ShellPkg/Application/Shell/Shell.inf +!endif - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 137ed6bceb..a5900d8377 100644 +index b6cc3cabdd..85b4b23857 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -306,12 +306,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -310,12 +310,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf @@ -165,7 +165,7 @@ index 137ed6bceb..a5900d8377 100644 INF ShellPkg/Application/Shell/Shell.inf +!endif - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + INF MdeModulePkg/Logo/LogoDxe.inf -- 2.27.0 diff --git a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch similarity index 97% rename from SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch rename to SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch index 590baed..2019fb9 100644 --- a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +++ b/SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -1,4 +1,4 @@ -From 6d968342cbfa40a8192cee7c685e1c794e6053df Mon Sep 17 00:00:00 2001 +From eba5ecf4b2611d593a978ccac804314ab7848754 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:49:43 +0200 Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) diff --git a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch similarity index 98% rename from SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch rename to SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch index affbde1..258c56d 100644 --- a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +++ b/SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -1,4 +1,4 @@ -From e46d1e3f4c9b301acfa15fa4089661947e8742a4 Mon Sep 17 00:00:00 2001 +From 8be1d7253ba8a7d30bb54835ef1fc866aa62e216 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:59:20 +0200 Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial diff --git a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch similarity index 95% rename from SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch rename to SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch index 5e4f5c9..23137c2 100644 --- a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch +++ b/SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -1,4 +1,4 @@ -From b14a92fafb171ad4a47598076bd028e5cf33ac28 Mon Sep 17 00:00:00 2001 +From 12873d08db00e113ef28eb4552f478cd4ffb3393 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 14:07:17 +0200 Subject: ArmVirtPkg: set early hello message (RH only) @@ -66,10 +66,10 @@ Signed-off-by: Laszlo Ersek 1 file changed, 1 insertion(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 41a26c8d18..971422411d 100644 +index e0476ede4f..ec0edf6e7b 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -132,6 +132,7 @@ +@@ -134,6 +134,7 @@ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) [PcdsFixedAtBuild.common] diff --git a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch similarity index 95% rename from SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch rename to SOURCES/0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 51c0342..070ecc4 100644 --- a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/SOURCES/0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,4 +1,4 @@ -From 1771ff7479664c05884dab5a34d128cf8b01086f Mon Sep 17 00:00:00 2001 +From 02687f83845b9ae8455655e117f0b7cdaa18ba5c Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) @@ -65,7 +65,7 @@ Signed-off-by: Paolo Bonzini 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 0a8cb7fd3b..6e8defe5c7 100644 +index 6ea3621225..366fa79f62 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -486,7 +486,7 @@ @@ -78,7 +78,7 @@ index 0a8cb7fd3b..6e8defe5c7 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index e6df324c7c..52cd87f698 100644 +index 4cacf0ea94..2aacf1a5ff 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -534,7 +534,7 @@ @@ -91,7 +91,7 @@ index e6df324c7c..52cd87f698 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 8104fe0218..214195a594 100644 +index 6225f8e095..2613c83adb 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -538,7 +538,7 @@ @@ -104,7 +104,7 @@ index 8104fe0218..214195a594 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 3c8b2649a8..02aad65b00 100644 +index b66fc67563..d7d34eeef2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -540,7 +540,7 @@ diff --git a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch similarity index 94% rename from SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch rename to SOURCES/0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index 4cea103..3ec8a64 100644 --- a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/SOURCES/0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,4 +1,4 @@ -From 4b2a35ab1d659068d47baaf1dd5b2918ba8a2573 Mon Sep 17 00:00:00 2001 +From a5dd9e06c570b2c003a2b6aea681f0d93bfbfdc4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -82,10 +82,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 32 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 6e8defe5c7..568ca369e6 100644 +index 366fa79f62..a289d8a573 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -747,8 +747,14 @@ +@@ -750,8 +750,14 @@ MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf @@ -103,10 +103,10 @@ index 6e8defe5c7..568ca369e6 100644 # diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 52cd87f698..52fd057c90 100644 +index 2aacf1a5ff..1a5cfa4c6d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -842,9 +842,15 @@ +@@ -846,9 +846,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -125,10 +125,10 @@ index 52cd87f698..52fd057c90 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 214195a594..653849cc7a 100644 +index 2613c83adb..11002ffd95 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -856,9 +856,15 @@ +@@ -860,9 +860,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -147,10 +147,10 @@ index 214195a594..653849cc7a 100644 # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 02aad65b00..5275f2502b 100644 +index d7d34eeef2..f176aa4061 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -854,9 +854,15 @@ +@@ -858,9 +858,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) diff --git a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch similarity index 94% rename from SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch rename to SOURCES/0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index 18d30be..7160188 100644 --- a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/SOURCES/0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,4 +1,4 @@ -From 251653ccf48a973481bb8c90161cccde50c78ad5 Mon Sep 17 00:00:00 2001 +From ccc2c9c85f43662f942bf5c303f4a1a9f964c36d Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH @@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 971422411d..d2a2fdac8e 100644 +index ec0edf6e7b..e6fad9f066 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -504,7 +504,10 @@ +@@ -509,7 +509,10 @@ # # Video support # @@ -77,10 +77,10 @@ index 971422411d..d2a2fdac8e 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index f598ac6a85..7e50ce8b3b 100644 +index a8bb83b288..656c9d99a3 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -434,7 +434,10 @@ +@@ -438,7 +438,10 @@ # # Video support # diff --git a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch similarity index 97% rename from SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch rename to SOURCES/0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index e75701e..9cf8fe5 100644 --- a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/SOURCES/0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,4 +1,4 @@ -From bacf42ebf768aebb8c2b36fb52d154daf19c0c74 Mon Sep 17 00:00:00 2001 +From b3147a5ce92a149532ef1ec47cdf14082a56654d Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent diff --git a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch similarity index 93% rename from SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch rename to SOURCES/0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index d08e6fd..fd57bb6 100644 --- a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/SOURCES/0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,4 +1,4 @@ -From 41c61737a6ead56c36edabd1b2e685a04c2e81c6 Mon Sep 17 00:00:00 2001 +From a663867a4a99b97d0e1c5fdfed0389312fecd767 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH @@ -63,10 +63,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 568ca369e6..fb00b12f8c 100644 +index a289d8a573..ccdf9b8ce0 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -741,7 +741,10 @@ +@@ -744,7 +744,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -79,10 +79,10 @@ index 568ca369e6..fb00b12f8c 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 52fd057c90..119267e3c8 100644 +index 1a5cfa4c6d..a0666930d6 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -835,7 +835,10 @@ +@@ -839,7 +839,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -95,10 +95,10 @@ index 52fd057c90..119267e3c8 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 653849cc7a..166c9f1fef 100644 +index 11002ffd95..5efeb42bf3 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -849,7 +849,10 @@ +@@ -853,7 +853,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -111,10 +111,10 @@ index 653849cc7a..166c9f1fef 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 5275f2502b..19d0944a72 100644 +index f176aa4061..10fb7d7069 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -847,7 +847,10 @@ +@@ -851,7 +851,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf diff --git a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch b/SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch similarity index 97% rename from SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch rename to SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch index 9310962..8546eb5 100644 --- a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch +++ b/SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch @@ -1,4 +1,4 @@ -From 7e6817e96a15f9ce32f0c9cf6326bb682672724c Mon Sep 17 00:00:00 2001 +From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sat, 16 Nov 2019 17:11:27 +0100 Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs @@ -131,7 +131,7 @@ Signed-off-by: Laszlo Ersek 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index b00bb74ce6..71e32f26ea 100644 +index d84bde056a..19913a4ac6 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -570,6 +570,17 @@ @@ -153,7 +153,7 @@ index b00bb74ce6..71e32f26ea 100644 ossl_store.c rand_pool.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index 3557711bd8..003dcbad7a 100644 +index cdeed0d073..5057857e8d 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -519,6 +519,17 @@ diff --git a/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/SOURCES/0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch similarity index 92% rename from SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch rename to SOURCES/0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 1533000..1ee9e11 100644 --- a/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/SOURCES/0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,4 +1,4 @@ -From 29be717a1ae0a2617a7ae95698940286201d1612 Mon Sep 17 00:00:00 2001 +From d9416e3015cadb3214d5ca409e57fd2352ae1961 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in @@ -32,18 +32,18 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -index b09ff6a359..ec0244d61b 100644 +index 6832d563bc..08ed67f5ff 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -@@ -18,6 +18,7 @@ - #include +@@ -19,6 +19,7 @@ #include + #include #include +#include #include #include #include -@@ -1039,6 +1040,22 @@ QemuKernelLoaderFsDxeEntrypoint ( +@@ -1054,6 +1055,22 @@ QemuKernelLoaderFsDxeEntrypoint ( if (KernelBlob->Data == NULL) { Status = EFI_NOT_FOUND; diff --git a/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/SOURCES/0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch similarity index 96% rename from SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch rename to SOURCES/0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 3cc5803..1db7c47 100644 --- a/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/SOURCES/0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,4 +1,4 @@ -From dc27035d2a8ca09dc5b0113c97a643341f286c08 Mon Sep 17 00:00:00 2001 +From fd19e4e33d52e843e6e35adde2c1e266497e8a7b Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build diff --git a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch deleted file mode 100644 index 321d5c4..0000000 --- a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 9596c779a27b4ae2261aadd91b8dac8ed7546f38 Mon Sep 17 00:00:00 2001 -From: Neal Gompa -Date: Mon, 5 Jul 2021 05:36:03 -0400 -Subject: [PATCH] MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI - spec -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Philippe Mathieu-Daudé -RH-MergeRequest: 6: MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec [rhel-8.5.0, post-rebase] -RH-Commit: [1/1] 1fef74489947c81e26e5afb7c933c80beb641751 -RH-Bugzilla: 1988762 -RH-Acked-by: Miroslav Rezanina - -Per UEFI Spec 2.8 (UEFI_Spec_2_8_final.pdf, page 114) -5.2.3 Protective MBR -Table 20. Protective MBR Partition Record protecting the entire disk - -The description for BootIndicator states the following: - -> Set to 0x00 to indicate a non-bootable partition. If set to any -> value other than 0x00 the behavior of this flag on non-UEFI -> systems is undefined. Must be ignored by UEFI implementations. - -Unfortunately, we have been incorrectly assuming that the -BootIndicator value must be 0x00, which leads to problems -when the 'pmbr_boot' flag is set on a disk containing a GPT -(such as with GNU parted). When the flag is set, the value -changes to 0x01, causing this check to fail and the system -is rendered unbootable despite it being valid from the -perspective of the UEFI spec. - -To resolve this, we drop the check for the BootIndicator -so that we stop caring about the value set there, which -restores the capability to boot such disks. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3474 - -Cc: Chris Murphy -Cc: David Duncan -Cc: Lazlo Ersek -Cc: Hao A Wu -Cc: Ray Ni -Cc: Zhichao Gao - -Signed-off-by: Neal Gompa -Message-Id: <20210705093603.575707-1-ngompa@fedoraproject.org> -Reviewed-by: Laszlo Ersek -Reviewed-by: Hao A Wu -(cherry picked from commit b3db0cb1f8d163f22b769c205c6347376a315dcd) -Signed-off-by: Philippe Mathieu-Daude ---- - MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -index aefb2d6ecb..efaff5e080 100644 ---- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -@@ -264,8 +264,7 @@ PartitionInstallGptChildHandles ( - // Verify that the Protective MBR is valid - // - for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) { -- if (ProtectiveMbr->Partition[Index].BootIndicator == 0x00 && -- ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && -+ if (ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && - UNPACK_UINT32 (ProtectiveMbr->Partition[Index].StartingLBA) == 1 - ) { - break; --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch deleted file mode 100644 index 6828cd7..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 1e6a8c43241febbec56ffc2141c55d8de34e13e6 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:55 +0200 -Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always - succeeds -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [6/10] 2f697819ce0731f99f95f29a3b30c777b754db37 -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -IScsiBinToHex() is called for encoding: - -- the answer to the target's challenge; that is, CHAP_R; - -- the challenge for the target, in case mutual authentication is enabled; - that is, CHAP_C. - -The initiator controls the size of both blobs, the sizes of their hex -encodings are correctly calculated in "RspLen" and "ChallengeLen". -Therefore the IScsiBinToHex() calls never fail; assert that. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Maciej Rabeda -Message-Id: <20210608121259.32451-7-lersek@redhat.com> -(cherry picked from commit d90fff40cb2502b627370a77f5608c8a178c3f78) ---- - NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------ - 1 file changed, 15 insertions(+), 12 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c -index 9e192ce292..dbe3c8ef46 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.c -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c -@@ -391,6 +391,7 @@ IScsiCHAPToSendReq ( - UINT32 RspLen; - CHAR8 *Challenge; - UINT32 ChallengeLen; -+ EFI_STATUS BinToHexStatus; - - ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); - -@@ -471,12 +472,13 @@ IScsiCHAPToSendReq ( - // - // CHAP_R= - // -- IScsiBinToHex ( -- (UINT8 *) AuthData->CHAPResponse, -- ISCSI_CHAP_RSP_LEN, -- Response, -- &RspLen -- ); -+ BinToHexStatus = IScsiBinToHex ( -+ (UINT8 *) AuthData->CHAPResponse, -+ ISCSI_CHAP_RSP_LEN, -+ Response, -+ &RspLen -+ ); -+ ASSERT_EFI_ERROR (BinToHexStatus); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); - - if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { -@@ -490,12 +492,13 @@ IScsiCHAPToSendReq ( - // CHAP_C= - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); -- IScsiBinToHex ( -- (UINT8 *) AuthData->OutChallenge, -- ISCSI_CHAP_RSP_LEN, -- Challenge, -- &ChallengeLen -- ); -+ BinToHexStatus = IScsiBinToHex ( -+ (UINT8 *) AuthData->OutChallenge, -+ ISCSI_CHAP_RSP_LEN, -+ Challenge, -+ &ChallengeLen -+ ); -+ ASSERT_EFI_ERROR (BinToHexStatus); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); - - Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch deleted file mode 100644 index dad94ad..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5171f67062e606a4e606780ff5a5787bde7198eb Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:59 +0200 -Subject: [PATCH 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return - values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [10/10] 1c65763fef57cfd9b1bd55779ec6eba4e086e100 -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -IScsiDxe (that is, the initiator) receives two hex-encoded strings from -the iSCSI target: - -- CHAP_C, where the target challenges the initiator, - -- CHAP_R, where the target answers the challenge from the initiator (in - case the initiator wants mutual authentication). - -Accordingly, we have two IScsiHexToBin() call sites: - -- At the CHAP_C decoding site, check whether the decoding succeeds. The - decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes, - which is a permissible restriction on the target, per - . Shorter challenges - from the target are acceptable. - -- At the CHAP_R decoding site, enforce that the decoding both succeed, and - provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest - calculated by the target, therefore it must be of fixed size. We may - only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Maciej Rabeda -Message-Id: <20210608121259.32451-11-lersek@redhat.com> -(cherry picked from commit b8649cf2a3e673a4a8cb6c255e394b354b771550) ---- - NetworkPkg/IScsiDxe/IScsiCHAP.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c -index dbe3c8ef46..7e930c0d1e 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.c -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c -@@ -290,11 +290,15 @@ IScsiCHAPOnRspReceived ( - - AuthData->InIdentifier = (UINT32) Result; - AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); -- IScsiHexToBin ( -- (UINT8 *) AuthData->InChallenge, -- &AuthData->InChallengeLength, -- Challenge -- ); -+ Status = IScsiHexToBin ( -+ (UINT8 *) AuthData->InChallenge, -+ &AuthData->InChallengeLength, -+ Challenge -+ ); -+ if (EFI_ERROR (Status)) { -+ Status = EFI_PROTOCOL_ERROR; -+ goto ON_EXIT; -+ } - Status = IScsiCHAPCalculateResponse ( - AuthData->InIdentifier, - AuthData->AuthConfig->CHAPSecret, -@@ -337,7 +341,11 @@ IScsiCHAPOnRspReceived ( - } - - RspLen = ISCSI_CHAP_RSP_LEN; -- IScsiHexToBin (TargetRsp, &RspLen, Response); -+ Status = IScsiHexToBin (TargetRsp, &RspLen, Response); -+ if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) { -+ Status = EFI_PROTOCOL_ERROR; -+ goto ON_EXIT; -+ } - - // - // Check the CHAP Name and Response replied by Target. --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch deleted file mode 100644 index 2f199b3..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +++ /dev/null @@ -1,102 +0,0 @@ -From fca7e61fa3ba21cbf6e89d75b23fea03af5d517e Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:52 +0200 -Subject: [PATCH 03/10] NetworkPkg/IScsiDxe: clean up - "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [3/10] cc7118399f64979f2d81fe9fc381ed22c3815f9e -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array -with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge -is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used -in the array. - -Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused) -ISCSI_CHAP_AUTH_MAX_LEN macro. - -Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is -superfluous too. - -Most importantly, explain in a new comment *why* tying the challenge size -to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also -Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge -length to the hash digest size", 2019-11-06.) For sure, the motivation -that the new comment now explains has always been there, and has always -been the same, for IScsiDxe; it's just that now we spell it out too. - -No change in peer-visible behavior. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daud -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daud -Reviewed-by: Maciej Rabeda -Message-Id: <20210608121259.32451-4-lersek@redhat.com> -(cherry picked from commit 95616b866187b00355042953efa5c198df07250f) ---- - NetworkPkg/IScsiDxe/IScsiCHAP.c | 3 +-- - NetworkPkg/IScsiDxe/IScsiCHAP.h | 9 ++++++--- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c -index df3c2eb120..9e192ce292 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.c -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c -@@ -122,7 +122,7 @@ IScsiCHAPAuthTarget ( - AuthData->AuthConfig->ReverseCHAPSecret, - SecretSize, - AuthData->OutChallenge, -- AuthData->OutChallengeLength, -+ ISCSI_CHAP_RSP_LEN, // ChallengeLength - VerifyRsp - ); - -@@ -490,7 +490,6 @@ IScsiCHAPToSendReq ( - // CHAP_C= - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); -- AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; - IScsiBinToHex ( - (UINT8 *) AuthData->OutChallenge, - ISCSI_CHAP_RSP_LEN, -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h -index 1fc1d96ea3..35d5d6ec29 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.h -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h -@@ -19,7 +19,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - #define ISCSI_CHAP_ALGORITHM_MD5 5 - --#define ISCSI_CHAP_AUTH_MAX_LEN 1024 - /// - /// MD5_HASHSIZE - /// -@@ -59,9 +58,13 @@ typedef struct _ISCSI_CHAP_AUTH_DATA { - // - // Auth-data to be sent out for mutual authentication. - // -+ // While the challenge size is technically independent of the hashing -+ // algorithm, it is good practice to avoid hashing *fewer bytes* than the -+ // digest size. In other words, it's good practice to feed *at least as many -+ // bytes* to the hashing algorithm as the hashing algorithm will output. -+ // - UINT32 OutIdentifier; -- UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; -- UINT32 OutChallengeLength; -+ UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN]; - } ISCSI_CHAP_AUTH_DATA; - - /** --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch deleted file mode 100644 index 5be4e12..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 176366aba5680537ee8249e9b3b182677d95feb8 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:53 +0200 -Subject: [PATCH 04/10] NetworkPkg/IScsiDxe: clean up library class - dependencies -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [4/10] 77ab82d2308848613325317c267bf5954d2c7a7c -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -Sort the library class dependencies in the #include directives and in the -INF file. Remove the DpcLib class from the #include directives -- it is -not listed in the INF file, and IScsiDxe doesn't call either DpcLib API -(QueueDpc(), DispatchDpc()). No functional changes. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daud -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daud -Reviewed-by: Maciej Rabeda -Message-Id: <20210608121259.32451-5-lersek@redhat.com> -(cherry picked from commit e8f28b09e63dfdbb4169969a43c65f86c44b035a) ---- - NetworkPkg/IScsiDxe/IScsiDxe.inf | 6 +++--- - NetworkPkg/IScsiDxe/IScsiImpl.h | 17 ++++++++--------- - 2 files changed, 11 insertions(+), 12 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf -index 0ffb340ce0..543c408302 100644 ---- a/NetworkPkg/IScsiDxe/IScsiDxe.inf -+++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf -@@ -65,6 +65,7 @@ - NetworkPkg/NetworkPkg.dec - - [LibraryClasses] -+ BaseCryptLib - BaseLib - BaseMemoryLib - DebugLib -@@ -72,14 +73,13 @@ - HiiLib - MemoryAllocationLib - NetLib -- TcpIoLib - PrintLib -+ TcpIoLib - UefiBootServicesTableLib - UefiDriverEntryPoint -+ UefiHiiServicesLib - UefiLib - UefiRuntimeServicesTableLib -- UefiHiiServicesLib -- BaseCryptLib - - [Protocols] - gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## SystemTable -diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h -index 387ab9765e..d895c7feb9 100644 ---- a/NetworkPkg/IScsiDxe/IScsiImpl.h -+++ b/NetworkPkg/IScsiDxe/IScsiImpl.h -@@ -35,21 +35,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - #include - #include - --#include --#include --#include --#include -+#include - #include - #include -+#include -+#include -+#include - #include -+#include - #include -+#include - #include --#include -+#include - #include --#include --#include --#include --#include -+#include - - #include - #include --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch deleted file mode 100644 index b85ccb8..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +++ /dev/null @@ -1,113 +0,0 @@ -From f423b7078d291b84952464aca6930a9d772319b0 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:58 +0200 -Subject: [PATCH 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer - overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [9/10] acf102203198d575a12e5257c12b8e43ccdfc589 -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return -condition, but never actually checks whether the decoded buffer fits into -the caller-provided room (i.e., the input value of "BinLength"), and -EFI_BUFFER_TOO_SMALL is never returned. The decoding of "HexStr" can -overflow "BinBuffer". - -This is remotely exploitable, as shown in a subsequent patch, which adds -error checking to the IScsiHexToBin() call sites. This issue allows the -target to compromise the initiator. - -Introduce EFI_BAD_BUFFER_SIZE, in addition to the existent -EFI_BUFFER_TOO_SMALL, for reporting a special case of the buffer overflow, -plus actually catch the buffer overflow. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210608121259.32451-10-lersek@redhat.com> -(cherry picked from commit 54e90edaed0d7c15230902ac4d74f4304bad2ebd) ---- - NetworkPkg/IScsiDxe/IScsiMisc.c | 20 +++++++++++++++++--- - NetworkPkg/IScsiDxe/IScsiMisc.h | 3 +++ - 2 files changed, 20 insertions(+), 3 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c -index f0f4992b07..4069547867 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.c -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c -@@ -377,6 +377,9 @@ IScsiBinToHex ( - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. - @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. -+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: -+ the decoded size cannot be expressed in -+ BinLength on output. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ -@@ -387,6 +390,8 @@ IScsiHexToBin ( - IN CHAR8 *HexStr - ) - { -+ UINTN BinLengthMin; -+ UINT32 BinLengthProvided; - UINTN Index; - UINTN Length; - UINT8 Digit; -@@ -409,6 +414,18 @@ IScsiHexToBin ( - if (Length == 0 || Length % 2 != 0) { - return EFI_INVALID_PARAMETER; - } -+ // -+ // Check if the caller provides enough room for the decoded blob. -+ // -+ BinLengthMin = Length / 2; -+ if (BinLengthMin > MAX_UINT32) { -+ return EFI_BAD_BUFFER_SIZE; -+ } -+ BinLengthProvided = *BinLength; -+ *BinLength = (UINT32)BinLengthMin; -+ if (BinLengthProvided < BinLengthMin) { -+ return EFI_BUFFER_TOO_SMALL; -+ } - - for (Index = 0; Index < Length; Index ++) { - TemStr[0] = HexStr[Index]; -@@ -425,9 +442,6 @@ IScsiHexToBin ( - BinBuffer [Index/2] = (UINT8) ((BinBuffer [Index/2] << 4) + Digit); - } - } -- -- *BinLength = (UINT32) ((Index + 1)/2); -- - return EFI_SUCCESS; - } - -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h -index 404a482e57..fddef4f466 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.h -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h -@@ -172,6 +172,9 @@ IScsiBinToHex ( - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. - @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. -+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: -+ the decoded size cannot be expressed in -+ BinLength on output. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch deleted file mode 100644 index 15f671d..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 2f0e51dcfea6d9101c4694636a948eb4b6e6d4d4 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:57 +0200 -Subject: [PATCH 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [8/10] febb96c07dbd0e4a191e855742cb47fc6e39dfba -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -The IScsiHexToBin() function has the following parser issues: - -(1) If the *subject sequence* in "HexStr" is empty, the function returns - EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should - be rejected. - -(2) The function mis-handles a "HexStr" that ends with a stray nibble. For - example, if "HexStr" is "0xABC", the function decodes it to the bytes - {0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns - EFI_SUCCESS. Such inputs should be rejected. - -(3) If an invalid hex char is found in "HexStr", the function treats it as - end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be - rejected. - -All of the above cases are remotely triggerable, as shown in a subsequent -patch, which adds error checking to the IScsiHexToBin() call sites. While -the initiator is not immediately compromised, incorrectly parsing CHAP_R -from the target, in case of mutual authentication, is not great. - -Extend the interface contract of IScsiHexToBin() with -EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement -the new checks. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210608121259.32451-9-lersek@redhat.com> -(cherry picked from commit 47b76780b487dbfde4efb6843b16064c4a97e94d) ---- - NetworkPkg/IScsiDxe/IScsiMisc.c | 12 ++++++++++-- - NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + - 2 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c -index 014700e87a..f0f4992b07 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.c -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c -@@ -376,6 +376,7 @@ IScsiBinToHex ( - - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. -+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ -@@ -402,14 +403,21 @@ IScsiHexToBin ( - - Length = AsciiStrLen (HexStr); - -+ // -+ // Reject an empty hex string; reject a stray nibble. -+ // -+ if (Length == 0 || Length % 2 != 0) { -+ return EFI_INVALID_PARAMETER; -+ } -+ - for (Index = 0; Index < Length; Index ++) { - TemStr[0] = HexStr[Index]; - Digit = (UINT8) AsciiStrHexToUint64 (TemStr); - if (Digit == 0 && TemStr[0] != '0') { - // -- // Invalid Lun Char. -+ // Invalid Hex Char. - // -- break; -+ return EFI_INVALID_PARAMETER; - } - if ((Index & 1) == 0) { - BinBuffer [Index/2] = Digit; -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h -index 28cf408cd5..404a482e57 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.h -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h -@@ -171,6 +171,7 @@ IScsiBinToHex ( - - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. -+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch deleted file mode 100644 index 72f9e44..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 4171bd515a2dcfec59513d3a83adce7ed2903d50 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:54 +0200 -Subject: [PATCH 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in - IScsiBinToHex() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [5/10] f52aaaa03b15280eb4a821eeb378d8051ea5ec2a -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -Considering IScsiBinToHex(): - -> if (((*HexLength) - 3) < BinLength * 2) { -> *HexLength = BinLength * 2 + 3; -> } - -the following subexpressions are problematic: - - (*HexLength) - 3 - BinLength * 2 - BinLength * 2 + 3 - -The first one may wrap under zero, the latter two may wrap over -MAX_UINT32. - -Rewrite the calculation using SafeIntLib. - -While at it, change the type of the "Index" variable from UINTN to UINT32. -The largest "Index"-based value that we calculate is - - Index * 2 + 2 (with (Index == BinLength)) - -Because the patch makes - - BinLength * 2 + 3 - -safe to calculate in UINT32, using UINT32 for - - Index * 2 + 2 (with (Index == BinLength)) - -is safe too. Consistently using UINT32 improves readability. - -This patch is best reviewed with "git show -W". - -The integer overflows that this patch fixes are theoretical; a subsequent -patch in the series will audit the IScsiBinToHex() call sites, and show -that none of them can fail. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210608121259.32451-6-lersek@redhat.com> -(cherry picked from commit cf01b2dc8fc3ff9cf49fb891af5703dc03e3193e) ---- - NetworkPkg/IScsiDxe/IScsiDxe.inf | 1 + - NetworkPkg/IScsiDxe/IScsiImpl.h | 1 + - NetworkPkg/IScsiDxe/IScsiMisc.c | 19 +++++++++++++++---- - NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + - 4 files changed, 18 insertions(+), 4 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf -index 543c408302..1dde56d00c 100644 ---- a/NetworkPkg/IScsiDxe/IScsiDxe.inf -+++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf -@@ -74,6 +74,7 @@ - MemoryAllocationLib - NetLib - PrintLib -+ SafeIntLib - TcpIoLib - UefiBootServicesTableLib - UefiDriverEntryPoint -diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h -index d895c7feb9..ac3a25730e 100644 ---- a/NetworkPkg/IScsiDxe/IScsiImpl.h -+++ b/NetworkPkg/IScsiDxe/IScsiImpl.h -@@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - #include - #include - #include -+#include - #include - #include - #include -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c -index b8fef3ff6f..42988e15cb 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.c -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c -@@ -316,6 +316,7 @@ IScsiMacAddrToStr ( - @retval EFI_SUCCESS The binary data is converted to the hexadecimal string - and the length of the string is updated. - @retval EFI_BUFFER_TOO_SMALL The string is too small. -+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. - @retval EFI_INVALID_PARAMETER The IP string is malformatted. - - **/ -@@ -327,18 +328,28 @@ IScsiBinToHex ( - IN OUT UINT32 *HexLength - ) - { -- UINTN Index; -+ UINT32 HexLengthMin; -+ UINT32 HexLengthProvided; -+ UINT32 Index; - - if ((HexStr == NULL) || (BinBuffer == NULL) || (BinLength == 0)) { - return EFI_INVALID_PARAMETER; - } - -- if (((*HexLength) - 3) < BinLength * 2) { -- *HexLength = BinLength * 2 + 3; -+ // -+ // Safely calculate: HexLengthMin := BinLength * 2 + 3. -+ // -+ if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) || -+ RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) { -+ return EFI_BAD_BUFFER_SIZE; -+ } -+ -+ HexLengthProvided = *HexLength; -+ *HexLength = HexLengthMin; -+ if (HexLengthProvided < HexLengthMin) { - return EFI_BUFFER_TOO_SMALL; - } - -- *HexLength = BinLength * 2 + 3; - // - // Prefix for Hex String. - // -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h -index 46c725aab3..231413993b 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.h -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h -@@ -150,6 +150,7 @@ IScsiAsciiStrToIp ( - @retval EFI_SUCCESS The binary data is converted to the hexadecimal string - and the length of the string is updated. - @retval EFI_BUFFER_TOO_SMALL The string is too small. -+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. - @retval EFI_INVALID_PARAMETER The IP string is malformatted. - - **/ --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch deleted file mode 100644 index 23b2601..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 172b2928c24c0ab955127afcdc9e3a52b3913ba5 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:56 +0200 -Subject: [PATCH 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading - comment block -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [7/10] 4f867fa4ad8f7305961b83224107c1452a7d44ed -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -We'll need further return values for IScsiHexToBin() in a subsequent -patch; make room for them in the leading comment block of the function. -While at it, rewrap the comment block to 80 characters width. - -No functional changes. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daud -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daud -Message-Id: <20210608121259.32451-8-lersek@redhat.com> -(cherry picked from commit dc469f137110fe79704b8b92c552972c739bb915) ---- - NetworkPkg/IScsiDxe/IScsiMisc.c | 16 ++++++++-------- - NetworkPkg/IScsiDxe/IScsiMisc.h | 16 ++++++++-------- - 2 files changed, 16 insertions(+), 16 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c -index 42988e15cb..014700e87a 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.c -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c -@@ -370,14 +370,14 @@ IScsiBinToHex ( - /** - Convert the hexadecimal string into a binary encoded buffer. - -- @param[in, out] BinBuffer The binary buffer. -- @param[in, out] BinLength Length of the binary buffer. -- @param[in] HexStr The hexadecimal string. -- -- @retval EFI_SUCCESS The hexadecimal string is converted into a binary -- encoded buffer. -- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. -- -+ @param[in, out] BinBuffer The binary buffer. -+ @param[in, out] BinLength Length of the binary buffer. -+ @param[in] HexStr The hexadecimal string. -+ -+ @retval EFI_SUCCESS The hexadecimal string is converted into a -+ binary encoded buffer. -+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the -+ converted data. - **/ - EFI_STATUS - IScsiHexToBin ( -diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h -index 231413993b..28cf408cd5 100644 ---- a/NetworkPkg/IScsiDxe/IScsiMisc.h -+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h -@@ -165,14 +165,14 @@ IScsiBinToHex ( - /** - Convert the hexadecimal string into a binary encoded buffer. - -- @param[in, out] BinBuffer The binary buffer. -- @param[in, out] BinLength Length of the binary buffer. -- @param[in] HexStr The hexadecimal string. -- -- @retval EFI_SUCCESS The hexadecimal string is converted into a binary -- encoded buffer. -- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. -- -+ @param[in, out] BinBuffer The binary buffer. -+ @param[in, out] BinLength Length of the binary buffer. -+ @param[in] HexStr The hexadecimal string. -+ -+ @retval EFI_SUCCESS The hexadecimal string is converted into a -+ binary encoded buffer. -+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the -+ converted data. - **/ - EFI_STATUS - IScsiHexToBin ( --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch deleted file mode 100644 index 96256cb..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0dac937f2845a1bc4943a0cfed3392d35afba733 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:51 +0200 -Subject: [PATCH 02/10] NetworkPkg/IScsiDxe: simplify - "ISCSI_CHAP_AUTH_DATA.InChallenge" size -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [2/10] 8b57211651e13185a636daa5369993054bd7334b -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. - -The usage of this macro currently involves a semantic (not functional) -bug, which we're going to fix in a subsequent patch, eliminating -ISCSI_CHAP_AUTH_MAX_LEN altogether. - -For now, remove the macro's usage from all -"ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without -duplicating open-coded constants. - -No changes in functionality. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daud -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daud -Reviewed-by: Maciej Rabeda -Message-Id: <20210608121259.32451-3-lersek@redhat.com> -(cherry picked from commit 29cab43bb7912a12efa5a78dac15394aee866e4c) ---- - NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +- - NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c -index cbbc56ae5b..df3c2eb120 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.c -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c -@@ -289,7 +289,7 @@ IScsiCHAPOnRspReceived ( - } - - AuthData->InIdentifier = (UINT32) Result; -- AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; -+ AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); - IScsiHexToBin ( - (UINT8 *) AuthData->InChallenge, - &AuthData->InChallengeLength, -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h -index 5e59fb678b..1fc1d96ea3 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.h -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h -@@ -49,7 +49,7 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { - typedef struct _ISCSI_CHAP_AUTH_DATA { - ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; - UINT32 InIdentifier; -- UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; -+ UINT8 InChallenge[1024]; - UINT32 InChallengeLength; - // - // Calculated CHAP Response (CHAP_R) value. --- -2.27.0 - diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch deleted file mode 100644 index 768e9e7..0000000 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +++ /dev/null @@ -1,251 +0,0 @@ -From 28e260828557340709ef14e8132e96b54128c5a3 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 8 Jun 2021 14:12:50 +0200 -Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 - characters -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] -RH-Commit: [1/10] 7ae9c45fbc0ffd807a95fad802619cd838257cc8 -RH-Bugzilla: 1956408 -RH-Acked-by: Philippe Mathieu-Daudé - -Working with overlong lines is difficult for me; rewrap the CHAP-related -source files in IScsiDxe to 80 characters width. No functional changes. - -Cc: Jiaxin Wu -Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daud -Cc: Siyuan Fu -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 -Signed-off-by: Laszlo Ersek -Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daud -Message-Id: <20210608121259.32451-2-lersek@redhat.com> -(cherry picked from commit 83761337ec91fbd459c55d7d956fcc25df3bfa50) ---- - NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++-------- - NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +- - 2 files changed, 71 insertions(+), 22 deletions(-) - -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c -index 355c6f129f..cbbc56ae5b 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.c -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c -@@ -1,5 +1,6 @@ - /** @file -- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration. -+ This file is for Challenge-Handshake Authentication Protocol (CHAP) -+ Configuration. - - Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent -@@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - @param[in] ChallengeLength The length of iSCSI CHAP challenge message. - @param[out] ChapResponse The calculation of the expected hash value. - -- @retval EFI_SUCCESS The expected hash value was calculatedly successfully. -- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the -- length of the hash value for the hashing algorithm chosen. -+ @retval EFI_SUCCESS The expected hash value was calculatedly -+ successfully. -+ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least -+ the length of the hash value for the hashing -+ algorithm chosen. - @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. - @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5. - -@@ -94,8 +97,10 @@ Exit: - @param[in] AuthData iSCSI CHAP authentication data. - @param[in] TargetResponse The response from target. - -- @retval EFI_SUCCESS The response from target passed authentication. -- @retval EFI_SECURITY_VIOLATION The response from target was not expected value. -+ @retval EFI_SUCCESS The response from target passed -+ authentication. -+ @retval EFI_SECURITY_VIOLATION The response from target was not expected -+ value. - @retval Others Other errors as indicated. - - **/ -@@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived ( - // - // The first Login Response. - // -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG -+ ); - if (Value == NULL) { - goto ON_EXIT; - } -@@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived ( - - Session->TargetPortalGroupTag = (UINT16) Result; - -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_AUTH_METHOD -+ ); - if (Value == NULL) { - goto ON_EXIT; - } - // -- // Initiator mandates CHAP authentication but target replies without "CHAP", or -- // initiator suggets "None" but target replies with some kind of auth method. -+ // Initiator mandates CHAP authentication but target replies without -+ // "CHAP", or initiator suggets "None" but target replies with some kind of -+ // auth method. - // - if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) { - if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) { -@@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived ( - // - // The Target replies with CHAP_A= CHAP_I= CHAP_C= - // -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_ALGORITHM -+ ); - if (Value == NULL) { - goto ON_EXIT; - } -@@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived ( - goto ON_EXIT; - } - -- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER); -+ Identifier = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_IDENTIFIER -+ ); - if (Identifier == NULL) { - goto ON_EXIT; - } - -- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE); -+ Challenge = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_CHALLENGE -+ ); - if (Challenge == NULL) { - goto ON_EXIT; - } -@@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived ( - - AuthData->InIdentifier = (UINT32) Result; - AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; -- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge); -+ IScsiHexToBin ( -+ (UINT8 *) AuthData->InChallenge, -+ &AuthData->InChallengeLength, -+ Challenge -+ ); - Status = IScsiCHAPCalculateResponse ( - AuthData->InIdentifier, - AuthData->AuthConfig->CHAPSecret, -@@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived ( - goto ON_EXIT; - } - -- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE); -+ Response = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_RESPONSE -+ ); - if (Response == NULL) { - goto ON_EXIT; - } -@@ -341,7 +369,8 @@ ON_EXIT: - @param[in, out] Pdu The PDU to send out. - - @retval EFI_SUCCESS All check passed and the phase-related CHAP -- authentication info is filled into the iSCSI PDU. -+ authentication info is filled into the iSCSI -+ PDU. - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. - @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. - -@@ -392,7 +421,11 @@ IScsiCHAPToSendReq ( - // It's the initial Login Request. Fill in the key=value pairs mandatory - // for the initial Login Request. - // -- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName); -+ IScsiAddKeyValuePair ( -+ Pdu, -+ ISCSI_KEY_INITIATOR_NAME, -+ mPrivate->InitiatorName -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); - IScsiAddKeyValuePair ( - Pdu, -@@ -413,7 +446,8 @@ IScsiCHAPToSendReq ( - - case ISCSI_CHAP_STEP_ONE: - // -- // First step, send the Login Request with CHAP_A= key-value pair. -+ // First step, send the Login Request with CHAP_A= key-value -+ // pair. - // - AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); -@@ -429,11 +463,20 @@ IScsiCHAPToSendReq ( - // - // CHAP_N= - // -- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName); -+ IScsiAddKeyValuePair ( -+ Pdu, -+ ISCSI_KEY_CHAP_NAME, -+ (CHAR8 *) &AuthData->AuthConfig->CHAPName -+ ); - // - // CHAP_R= - // -- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen); -+ IScsiBinToHex ( -+ (UINT8 *) AuthData->CHAPResponse, -+ ISCSI_CHAP_RSP_LEN, -+ Response, -+ &RspLen -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); - - if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { -@@ -448,7 +491,12 @@ IScsiCHAPToSendReq ( - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); - AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; -- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen); -+ IScsiBinToHex ( -+ (UINT8 *) AuthData->OutChallenge, -+ ISCSI_CHAP_RSP_LEN, -+ Challenge, -+ &ChallengeLen -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); - - Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; -diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h -index 140bba0dcd..5e59fb678b 100644 ---- a/NetworkPkg/IScsiDxe/IScsiCHAP.h -+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h -@@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived ( - @param[in, out] Pdu The PDU to send out. - - @retval EFI_SUCCESS All check passed and the phase-related CHAP -- authentication info is filled into the iSCSI PDU. -+ authentication info is filled into the iSCSI -+ PDU. - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. - @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. - --- -2.27.0 - diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 7daf5b5..a536ac5 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -1,20 +1,20 @@ ExclusiveArch: x86_64 aarch64 -%define GITDATE 20210527 -%define GITCOMMIT e1999b264f1f +%define GITDATE 20220126 +%define GITCOMMIT bb1bba3d77 %define TOOLCHAIN GCC5 %define OPENSSL_VER 1.1.1k Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 3%{?dist} +Release: 1%{?dist}.test Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT URL: http://www.tianocore.org # The source tarball is created using following commands: -# COMMIT=e1999b264f1f +# COMMIT=bb1bba3d77 # git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \ # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz @@ -32,46 +32,23 @@ Source14: edk2-ovmf-cc.json Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch Patch0009: 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch -Patch0010: 0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch -Patch0011: 0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch -Patch0012: 0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch -Patch0013: 0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch -Patch0014: 0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch -Patch0015: 0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch -Patch0016: 0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch -Patch0017: 0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch -Patch0018: 0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch -Patch0019: 0019-ArmVirtPkg-set-early-hello-message-RH-only.patch -Patch0020: 0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch -Patch0021: 0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch -Patch0022: 0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch -Patch0023: 0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch -Patch0024: 0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch -Patch0025: 0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch -Patch0026: 0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch -Patch0027: 0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch28: edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch29: edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch30: edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch31: edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch32: edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch33: edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch34: edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch35: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch36: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch -# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] -Patch37: edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch -# For bz#1988762 - edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec -Patch38: edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch +Patch0010: 0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +Patch0011: 0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +Patch0012: 0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +Patch0013: 0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +Patch0014: 0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +Patch0015: 0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +Patch0016: 0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +Patch0017: 0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +Patch0018: 0018-ArmVirtPkg-set-early-hello-message-RH-only.patch +Patch0019: 0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +Patch0020: 0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +Patch0021: 0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +Patch0022: 0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +Patch0023: 0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch0024: 0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch +Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch # python3-devel and libuuid-devel are required for building tools. @@ -516,6 +493,11 @@ true %endif %changelog +* Wed Feb 02 2022 Jon Maloy - 20220126gitbb1bba3d77-1.el8 +- Rebase to latest upstream release [bz#2018386] +- Resolves: bz#2018386 + ([rebase] update edk2 to nov '21 release (edk2-stable202111xx)) + * Fri Aug 06 2021 Miroslav Rezanina - 20210527gite1999b264f1f-3 - edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762] - Resolves: bz#1988762