* [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411
@ 2025-01-09 2:44 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 1/2] ovmf: update from edk2-stable202402 to edk2-stable202408 jiaying.song.cn
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: jiaying.song.cn @ 2025-01-09 2:44 UTC (permalink / raw)
To: openembedded-core; +Cc: liezhi.yang, changqing.li
From: Jiaying Song <jiaying.song.cn@windriver.com>
Due to the invalid URL of gitsm, the do_fetch process failed. The upstream
fixed this issue by modifying the .gitmodules file in the edk2-stable202411
version. Therefore, an upgrade to edk2-stable202411 is required.
Upstream modification:https://github.com/tianocore/edk2/commit/95d8a1c255cfb8e063d679930d08ca6426eb5701
Error log:
WARNING: ovmf-native-edk2-stable202402-r0 do_fetch: Failed to fetch URL gitsm://github.com/Zeex/subhook.git;protocol=https;name=UnitTestFrameworkPkg/Library/SubhookLib/subhook;subpath=UnitTestFrameworkPkg/Library/SubhookLib/subhook;nobranch=1;lfs=True;bareclone=1;nobranch=1, attempting MIRRORS if available
The following changes since commit 01423828248b75e1f5afe2e5959ccd971df875cd:
rust: add reproducibility patch to eliminate host leakage (2024-12-19 05:36:59 -0800)
are available in the Git repository at:
https://github.com/jiajia123-wind/yocto jia_oe-core_ovmf
https://github.com/jiajia123-wind/yocto/tree/jia_oe-core_ovmf
Alexander Kanavin (1):
ovmf: update 202408 -> 202411
Mikko Rapeli (1):
ovmf: update from edk2-stable202402 to edk2-stable202408
...ential-UINT32-overflow-in-S3-ResumeC.patch | 51 -------------------
...-Fix-overflow-issue-in-BasePeCoffLib.patch | 36 -------------
...ovmf-update-path-to-native-BaseTools.patch | 6 +--
...ile-adjust-to-build-in-under-bitbake.patch | 6 +--
.../ovmf/ovmf/0003-debug-prefix-map.patch | 34 ++++++-------
.../ovmf/ovmf/0004-reproducible.patch | 30 +++++------
meta/recipes-core/ovmf/ovmf_git.bb | 4 +-
7 files changed, 40 insertions(+), 127 deletions(-)
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] ovmf: update from edk2-stable202402 to edk2-stable202408
2025-01-09 2:44 [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 jiaying.song.cn
@ 2025-01-09 2:44 ` jiaying.song.cn
2025-01-09 2:44 ` [PATCH 2/2] ovmf: update 202408 -> 202411 jiaying.song.cn
2025-01-09 9:16 ` [OE-core] [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 Alexander Kanavin
2 siblings, 0 replies; 4+ messages in thread
From: jiaying.song.cn @ 2025-01-09 2:44 UTC (permalink / raw)
To: openembedded-core; +Cc: liezhi.yang, changqing.li
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Includes patches for CVE-2023-45236, CVE-2023-45237 and
CVE-2024-25742. Refreshed patches with devtool.
Changes:
https://github.com/tianocore/edk2/releases
edk2-stable202408
Release Date 2024-08-23
New Features & Bug Fixes
CryptoPkg:Add more crypto APIs (AESGCM/PEM/X509/RSA/PKCS5/PKCS7/Authenticode) based on Mbedtls
CryptoPkg: Enable Openssl native instruction support for AARCH64
CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher
UefiCpuPkg: S3 cleanup
MdePkg/BaseLib: Add CRC16 CCITT False Implementation
DynamicTablesPkg: ACPI TPM2 generator
DynamicTablesPkg: Prepare for supporting other archs
BaseTools: Add VS2022 support
OvmfPkg: Add LoongArchVirt instance to OvmfPkg and enable it
edk2-stable202405
Release Date 2024-05-24
New Features & Bug Fixes
SecurityPkg:Add EFI Device Authentication Signature Database and SPDM
CryptoPkg:add additional RSAES-OAEP crypto functions
OvmfPkg:Add 5-level paging support
OvmfPkg:SEV-SNP Support for running under an SVSM
OvmfPkg:RBP register shall be cleared in TDVMCALL
OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742)
Add SPI bus driver stack
NetworkPkg: Predictable TCP ISNs
NetworkPkg: Use of a Weak PseudoRandom Number Generator
UefiCpuPkg: Add new SmmRelocationLib library
Bugzilla List
Update Notes
NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL
(i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since version edk2-stable202408 already contained a fix for
CVE-2024-1298, the patch
0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch was
removed.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
---
...ential-UINT32-overflow-in-S3-ResumeC.patch | 51 -------------------
...ovmf-update-path-to-native-BaseTools.patch | 9 ++--
...ile-adjust-to-build-in-under-bitbake.patch | 5 +-
.../ovmf/ovmf/0003-debug-prefix-map.patch | 27 +++++-----
.../ovmf/ovmf/0004-reproducible.patch | 23 ++++-----
meta/recipes-core/ovmf/ovmf_git.bb | 4 +-
6 files changed, 28 insertions(+), 91 deletions(-)
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch b/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
deleted file mode 100644
index 264820138fa..00000000000
--- a/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 150ea3ea4c821b133a782eeb33ef2a9c8fd8d7c3 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Fri, 22 Nov 2024 13:05:57 +0800
-Subject: [PATCH] MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
-
-REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
-
-Attacker able to modify physical memory and ResumeCount.
-System will crash/DoS when ResumeCount reaches its MAX_UINT32.
-
-Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-Cc: Dandan Bi <dandan.bi@intel.com>
-Cc: Liming Gao <gaoliming@byosoft.com.cn>
-
-Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
-Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-
-CVE: CVE-2024-1298
-Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/284dbac43da752ee34825c8b3f6f9e8281cb5a19]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- .../FirmwarePerformancePei.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-index 2f2b2a8..2ba9215 100644
---- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-@@ -112,11 +112,15 @@ FpdtStatusCodeListenerPei (
- //
- S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
- AcpiS3ResumeRecord->ResumeCount++;
-- AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
-+ if (AcpiS3ResumeRecord->ResumeCount > 0) {
-+ AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
-+ DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
-+ } else {
-+ DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
-+ }
-
-- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = %d\n", AcpiS3ResumeRecord->ResumeCount));
-- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = %ld\n", AcpiS3ResumeRecord->FullResume));
-- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
-+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
-+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = 0x%x\n", AcpiS3ResumeRecord->FullResume));
-
- //
- // Update S3 Suspend Performance Record.
---
-2.34.1
-
diff --git a/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 490d9e8046e..89ef8d91fcf 100644
--- a/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -1,7 +1,7 @@
-From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
+From 5f52c2582ae2226ef324332e352bb4c51b597656 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
-Subject: [PATCH 1/4] ovmf: update path to native BaseTools
+Subject: [PATCH] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
@@ -16,7 +16,7 @@ Upstream-Status: Inappropriate [oe-core cross compile specific]
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
-index b0334fb76e..094f86f096 100755
+index 279f0d099a..285f061bf4 100755
--- a/OvmfPkg/build.sh
+++ b/OvmfPkg/build.sh
@@ -24,7 +24,7 @@ then
@@ -28,6 +28,3 @@ index b0334fb76e..094f86f096 100755
echo $EDK_TOOLS_PATH
source edksetup.sh BaseTools
else
---
-2.30.2
-
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index eeedc9e20f0..01101c24831 100644
--- a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -1,4 +1,4 @@
-From ac9df4fb92965f1f95a5bdbde5f2f86d0c569711 Mon Sep 17 00:00:00 2001
+From 7cf91acf8a19a8052d05e272fad9f7e2f5b9597e Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Fri, 26 Jul 2019 17:34:26 -0400
Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
@@ -64,6 +64,3 @@ index d369908a09..22c670f316 100644
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
---
-2.30.2
-
diff --git a/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
index c0c763c1cf8..08821650fa8 100644
--- a/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
+++ b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
@@ -1,7 +1,7 @@
-From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
+From 415beee5adacae425f725cf9910784a0cdfa17dc Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:56:28 +0200
-Subject: [PATCH 3/4] debug prefix map
+Subject: [PATCH] debug prefix map
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
@@ -22,19 +22,19 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 503a6687c1..10ac38ef9e 100755
+index 76aaae7261..4829d5cd5d 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
-@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
+@@ -894,7 +894,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ENV(GCC_PREFIX_MAP)
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
- DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
+ DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
+@@ -915,8 +915,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 503a6687c1..10ac38ef9e 100755
DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
-@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
+@@ -1069,7 +1069,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
*_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1097,7 +1097,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
+@@ -1206,7 +1206,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1234,7 +1234,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+@@ -1493,7 +1493,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
-@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+@@ -1525,7 +1525,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
*_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
@@ -99,6 +99,3 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO
DEBUG_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
---
-2.30.2
-
diff --git a/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
index c3fdc3d8634..aba5d9e134e 100644
--- a/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
+++ b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
@@ -1,7 +1,7 @@
-From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
+From f4ba093ea8a8a8c333c08605b3a6ff1c82712613 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:57:30 +0200
-Subject: [PATCH 4/4] reproducible
+Subject: [PATCH] reproducible
This patch fixes various things which make the build more reproducible. Some changes
here only change intermediate artefacts but that means when you have two build trees
@@ -35,10 +35,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
4 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
-index 9c17c90b16..fcc7864141 100644
+index 9d04fc612e..83fd6c9c05 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
-@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+@@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __GNUC__
#include <windows.h>
#include <io.h>
@@ -47,7 +47,7 @@ index 9c17c90b16..fcc7864141 100644
#endif
#include <assert.h>
#include <stdio.h>
-@@ -990,7 +992,7 @@ ScanSections64 (
+@@ -988,7 +990,7 @@ ScanSections64 (
}
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
@@ -56,7 +56,7 @@ index 9c17c90b16..fcc7864141 100644
//
// Add more space in the .debug data region for the DllCharacteristicsEx
-@@ -2261,7 +2263,7 @@ WriteDebug64 (
+@@ -2299,7 +2301,7 @@ WriteDebug64 (
EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
@@ -65,7 +65,7 @@ index 9c17c90b16..fcc7864141 100644
NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
-@@ -2294,7 +2296,7 @@ WriteDebug64 (
+@@ -2332,7 +2334,7 @@ WriteDebug64 (
Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
@@ -75,7 +75,7 @@ index 9c17c90b16..fcc7864141 100644
STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
-index 752a1a1f6a..02054cccf8 100644
+index 45b39d7878..3fed7d1736 100644
--- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
+++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
@@ -70,6 +70,9 @@ class TargetDescBlock(object):
@@ -89,7 +89,7 @@ index 752a1a1f6a..02054cccf8 100644
if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
-index daec9c6d54..0e8cc20efe 100755
+index fbd35d4989..5ddd544d17 100755
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
@@ -575,7 +575,7 @@ cleanlib:
@@ -153,7 +153,7 @@ index daec9c6d54..0e8cc20efe 100755
if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
-index d05410b329..99b3f64aba 100755
+index 65a2176ca9..318b9611ce 100755
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
@@ -175,6 +175,3 @@ index d05410b329..99b3f64aba 100755
# Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
---
-2.30.2
-
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index ada6ee72dbc..32f5335fb8c 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -28,8 +28,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch \
"
-PV = "edk2-stable202402"
-SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768"
+PV = "edk2-stable202408"
+SRCREV = "b158dad150bf02879668f72ce306445250838201"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
CVE_PRODUCT = "edk2"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] ovmf: update 202408 -> 202411
2025-01-09 2:44 [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 1/2] ovmf: update from edk2-stable202402 to edk2-stable202408 jiaying.song.cn
@ 2025-01-09 2:44 ` jiaying.song.cn
2025-01-09 9:16 ` [OE-core] [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 Alexander Kanavin
2 siblings, 0 replies; 4+ messages in thread
From: jiaying.song.cn @ 2025-01-09 2:44 UTC (permalink / raw)
To: openembedded-core; +Cc: liezhi.yang, changqing.li
From: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Since version edk2-stable202411 already contained a fix for
CVE-2024-38796, patch
0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch was removed.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
---
...-Fix-overflow-issue-in-BasePeCoffLib.patch | 36 -------------------
...ovmf-update-path-to-native-BaseTools.patch | 7 ++--
...ile-adjust-to-build-in-under-bitbake.patch | 7 ++--
.../ovmf/ovmf/0003-debug-prefix-map.patch | 35 +++++++++---------
.../ovmf/ovmf/0004-reproducible.patch | 25 +++++++------
meta/recipes-core/ovmf/ovmf_git.bb | 4 +--
6 files changed, 45 insertions(+), 69 deletions(-)
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
deleted file mode 100644
index c6e15c5069e..00000000000
--- a/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 5f7bd3f3c4747d5bb2733f017f8c5b93b63a74e3 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Fri, 22 Nov 2024 13:03:33 +0800
-Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
-
-The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
-also a UINT32 value. The current code does not check for overflow when
-adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
-check to ensure that the addition does not overflow.
-
-Signed-off-by: Doug Flick <dougflick@microsoft.com>
-Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
-
-CVE: CVE-2024-38796
-Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-index 86ff2e7..128090d 100644
---- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
- RelocDir = &Hdr.Te->DataDirectory[0];
- }
-
-- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
-+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
- RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
- RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
- ImageContext,
---
-2.34.1
-
diff --git a/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 89ef8d91fcf..cee5042846c 100644
--- a/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -1,7 +1,7 @@
-From 5f52c2582ae2226ef324332e352bb4c51b597656 Mon Sep 17 00:00:00 2001
+From 61583b59620946683551f43c6110e656604a252f Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
-Subject: [PATCH] ovmf: update path to native BaseTools
+Subject: [PATCH 1/4] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
@@ -28,3 +28,6 @@ index 279f0d099a..285f061bf4 100755
echo $EDK_TOOLS_PATH
source edksetup.sh BaseTools
else
+--
+2.39.5
+
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index 01101c24831..11d97c739a0 100644
--- a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -1,7 +1,7 @@
-From 7cf91acf8a19a8052d05e272fad9f7e2f5b9597e Mon Sep 17 00:00:00 2001
+From aacbf7c91732b9959e569e90844cf9de078b2f14 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Fri, 26 Jul 2019 17:34:26 -0400
-Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
+Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake
Prepend the build flags with those of bitbake. This is to build
using the bitbake native sysroot include and library directories.
@@ -64,3 +64,6 @@ index d369908a09..22c670f316 100644
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
+--
+2.39.5
+
diff --git a/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
index 08821650fa8..73910535a71 100644
--- a/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
+++ b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
@@ -1,7 +1,7 @@
-From 415beee5adacae425f725cf9910784a0cdfa17dc Mon Sep 17 00:00:00 2001
+From 96fa2a7f2f54f1e6330275b5eba07e1efdbd865b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:56:28 +0200
-Subject: [PATCH] debug prefix map
+Subject: [PATCH 3/4] debug prefix map
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
@@ -22,19 +22,19 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 76aaae7261..4829d5cd5d 100755
+index 14f3b643c4..4987488e88 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
-@@ -894,7 +894,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
- *_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
+@@ -896,7 +896,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
*_*_*_DTC_PATH = DEF(DTC_BIN)
--DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
-+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ENV(GCC_PREFIX_MAP)
- DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
+ # All supported GCC archs except LOONGARCH64 support -mstack-protector-guard=global, so set that on everything except LOONGARCH64
+-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -fstack-protector
++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -fstack-protector ENV(GCC_PREFIX_MAP)
+ DEFINE GCC_IA32_X64_CC_FLAGS = -mstack-protector-guard=global
+ DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie -mstack-protector-guard=global
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
- DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-@@ -915,8 +915,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
+@@ -918,8 +918,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 76aaae7261..4829d5cd5d 100755
DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
-@@ -1069,7 +1069,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
+@@ -1072,7 +1072,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
*_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -1097,7 +1097,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1100,7 +1100,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -1206,7 +1206,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
+@@ -1209,7 +1209,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -1234,7 +1234,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1237,7 +1237,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -1493,7 +1493,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+@@ -1496,7 +1496,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
-@@ -1525,7 +1525,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+@@ -1528,7 +1528,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
*_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
@@ -99,3 +99,6 @@ index 76aaae7261..4829d5cd5d 100755
DEBUG_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO
DEBUG_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
+--
+2.39.5
+
diff --git a/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
index aba5d9e134e..ae0ca0c15cf 100644
--- a/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
+++ b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
@@ -1,7 +1,7 @@
-From f4ba093ea8a8a8c333c08605b3a6ff1c82712613 Mon Sep 17 00:00:00 2001
+From fc2d3c17ff2a7b39e8d47b788eeaac5e1487cdee Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:57:30 +0200
-Subject: [PATCH] reproducible
+Subject: [PATCH 4/4] reproducible
This patch fixes various things which make the build more reproducible. Some changes
here only change intermediate artefacts but that means when you have two build trees
@@ -35,7 +35,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
4 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
-index 9d04fc612e..83fd6c9c05 100644
+index 897045b2be..a66003f44a 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -56,7 +56,7 @@ index 9d04fc612e..83fd6c9c05 100644
//
// Add more space in the .debug data region for the DllCharacteristicsEx
-@@ -2299,7 +2301,7 @@ WriteDebug64 (
+@@ -2308,7 +2310,7 @@ WriteDebug64 (
EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
@@ -65,7 +65,7 @@ index 9d04fc612e..83fd6c9c05 100644
NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
-@@ -2332,7 +2334,7 @@ WriteDebug64 (
+@@ -2341,7 +2343,7 @@ WriteDebug64 (
Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
@@ -89,10 +89,10 @@ index 45b39d7878..3fed7d1736 100644
if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
-index fbd35d4989..5ddd544d17 100755
+index 6d9c60b702..83ac267647 100755
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
-@@ -575,7 +575,7 @@ cleanlib:
+@@ -576,7 +576,7 @@ cleanlib:
os.remove(RespFileList)
# convert source files and binary files to build targets
@@ -101,7 +101,7 @@ index fbd35d4989..5ddd544d17 100755
if len(self.ResultFileList) == 0 and len(MyAgo.SourceFileList) != 0:
EdkLogger.error("build", AUTOGEN_ERROR, "Nothing to build",
ExtraData="[%s]" % str(MyAgo))
-@@ -726,7 +726,7 @@ cleanlib:
+@@ -727,7 +727,7 @@ cleanlib:
OutputFile = ''
DepsFileList = []
@@ -110,7 +110,7 @@ index fbd35d4989..5ddd544d17 100755
if Cmd[2]:
for CopyCmd in Cmd[2]:
Src, Dst = CopyCmd
-@@ -759,7 +759,7 @@ cleanlib:
+@@ -760,7 +760,7 @@ cleanlib:
self.BuildTargetList.append('\t%s' % CmdString)
self.ParseSecCmd(DepsFileList, Cmd[1])
@@ -119,7 +119,7 @@ index fbd35d4989..5ddd544d17 100755
self.BuildTargetList.append('%s : %s' % (self.ReplaceMacro(SecOutputFile), self.ReplaceMacro(SecDepsFile)))
self.BuildTargetList.append('\t%s' % self.ReplaceMacro(SecCmd))
self.FfsOutputFileList = []
-@@ -798,13 +798,13 @@ cleanlib:
+@@ -799,13 +799,13 @@ cleanlib:
def CommandExceedLimit(self):
FlagDict = {
@@ -140,7 +140,7 @@ index fbd35d4989..5ddd544d17 100755
}
RespDict = {}
-@@ -1007,9 +1007,9 @@ cleanlib:
+@@ -1008,9 +1008,9 @@ cleanlib:
if not self.ObjTargetDict.get(T.Target.SubDir):
self.ObjTargetDict[T.Target.SubDir] = set()
self.ObjTargetDict[T.Target.SubDir].add(NewFile)
@@ -175,3 +175,6 @@ index 65a2176ca9..318b9611ce 100755
# Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
+--
+2.39.5
+
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 32f5335fb8c..58a6828df4b 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -28,8 +28,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch \
"
-PV = "edk2-stable202408"
-SRCREV = "b158dad150bf02879668f72ce306445250838201"
+PV = "edk2-stable202411"
+SRCREV = "0f3867fa6ef0553e26c42f7d71ff6bdb98429742"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
CVE_PRODUCT = "edk2"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411
2025-01-09 2:44 [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 1/2] ovmf: update from edk2-stable202402 to edk2-stable202408 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 2/2] ovmf: update 202408 -> 202411 jiaying.song.cn
@ 2025-01-09 9:16 ` Alexander Kanavin
2 siblings, 0 replies; 4+ messages in thread
From: Alexander Kanavin @ 2025-01-09 9:16 UTC (permalink / raw)
To: Jiaying.Song.CN; +Cc: openembedded-core, liezhi.yang, changqing.li
LTS branches cannot receive major version updates like that. Rather
the patch that updates the git submodule locations needs to be
backported.
Alex
On Thu, 9 Jan 2025 at 03:44, Song, Jiaying (CN) via
lists.openembedded.org
<Jiaying.Song.CN=windriver.com@lists.openembedded.org> wrote:
>
> From: Jiaying Song <jiaying.song.cn@windriver.com>
>
> Due to the invalid URL of gitsm, the do_fetch process failed. The upstream
> fixed this issue by modifying the .gitmodules file in the edk2-stable202411
> version. Therefore, an upgrade to edk2-stable202411 is required.
>
> Upstream modification:https://github.com/tianocore/edk2/commit/95d8a1c255cfb8e063d679930d08ca6426eb5701
>
> Error log:
> WARNING: ovmf-native-edk2-stable202402-r0 do_fetch: Failed to fetch URL gitsm://github.com/Zeex/subhook.git;protocol=https;name=UnitTestFrameworkPkg/Library/SubhookLib/subhook;subpath=UnitTestFrameworkPkg/Library/SubhookLib/subhook;nobranch=1;lfs=True;bareclone=1;nobranch=1, attempting MIRRORS if available
>
> The following changes since commit 01423828248b75e1f5afe2e5959ccd971df875cd:
>
> rust: add reproducibility patch to eliminate host leakage (2024-12-19 05:36:59 -0800)
>
> are available in the Git repository at:
>
> https://github.com/jiajia123-wind/yocto jia_oe-core_ovmf
> https://github.com/jiajia123-wind/yocto/tree/jia_oe-core_ovmf
>
> Alexander Kanavin (1):
> ovmf: update 202408 -> 202411
>
> Mikko Rapeli (1):
> ovmf: update from edk2-stable202402 to edk2-stable202408
>
> ...ential-UINT32-overflow-in-S3-ResumeC.patch | 51 -------------------
> ...-Fix-overflow-issue-in-BasePeCoffLib.patch | 36 -------------
> ...ovmf-update-path-to-native-BaseTools.patch | 6 +--
> ...ile-adjust-to-build-in-under-bitbake.patch | 6 +--
> .../ovmf/ovmf/0003-debug-prefix-map.patch | 34 ++++++-------
> .../ovmf/ovmf/0004-reproducible.patch | 30 +++++------
> meta/recipes-core/ovmf/ovmf_git.bb | 4 +-
> 7 files changed, 40 insertions(+), 127 deletions(-)
> delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
> delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#209612): https://lists.openembedded.org/g/openembedded-core/message/209612
> Mute This Topic: https://lists.openembedded.org/mt/110509930/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-01-09 9:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-09 2:44 [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 1/2] ovmf: update from edk2-stable202402 to edk2-stable202408 jiaying.song.cn
2025-01-09 2:44 ` [PATCH 2/2] ovmf: update 202408 -> 202411 jiaying.song.cn
2025-01-09 9:16 ` [OE-core] [scarthgap][PATCH 0/2] ovmf: update from edk2-stable202402 to edk2-stable202411 Alexander Kanavin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox