| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| no-stack-protector-all-archs.diff | pass -fno-stack-protector to all GCC toolchains The upstream build rules inexplicably pass -fno-stack-protector only when building for i386 and amd64. Add this essential argument to the generic rules for gcc 4.8 and later. =================================================================== |
Steve Langasek <steve.langasek@ubuntu.com> | no | |||
| brotlicompress-disable.diff | Do not attempt to compile removed BrotliCompress source BrotliCompress is not currently used, and including an embedded copy of its source could cause false-positives when scanning for security issues. This code is stripped from our orig.tar (at the request of the Ubuntu security team), so we also need to disable the build. |
dann frazier <dannf@debian.org> | not-needed | 2019-06-25 | ||
| ovmf-vars-generator-Pass-OEM-Strings-to-the-guest.patch | [PATCH] Pass OEM Strings to the guest Fixes #25 As a stop-gap solution to #25, expose the feature added in QEMU commit 2d6dcbf93fb0 ("smbios: support setting OEM strings table", 2017-12-05) with the new option "--oemstring". The caller of "ovmf-vars-generator" can format the PK/KEK1 certificate that is the subject of #25 as a base64-encoded string, preceded by an application prefix. This string can now be passed to "EnrollDefaultKeys.efi" with "--oemstring". |
Laszlo Ersek <lersek@redhat.com> | no | 2019-05-17 | ||
| ovmf-vars-generator-ignore-qemu-warnings.patch | Skip any warnings from QEMU while waiting for UEFI output =================================================================== |
dann frazier <dannf@ubuntu.com> | no | 2019-08-01 | ||
| ovmf-vars-generator-no-defaults.patch | =================================================================== | no | ||||
| UefiCpuPkg-Move-MigrateGdt-from-DiscoverMemory-to-Te.patch | [PATCH] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to TempRamDone. (CVE-2019-11098) The GDT still in flash with commit 60b12e69fb1c8c7180fdda92f008248b9ec83db1 after TempRamDone So move the action to TempRamDone event to avoid reading GDT from flash. diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c index 40729a09b9..3c1bad6470 100644 |
Guomin Jiang <guomin.jiang@intel.com> | yes | debian upstream | upstream, https://github.com/tianocore/edk2/commit/f6ec1dd34fb6b9757b5ead465ee2ea20c182b0ac | 2021-01-13 |