diff options
Diffstat (limited to 'meta/recipes-core/ovmf/ovmf_git.bb')
-rw-r--r-- | meta/recipes-core/ovmf/ovmf_git.bb | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 5d54bad473..35ca8d1834 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -15,20 +15,35 @@ PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d) PACKAGECONFIG[secureboot] = ",,," PACKAGECONFIG[tpm] = "-D TPM_ENABLE=TRUE,-D TPM_ENABLE=FALSE,," +# GCC12 trips on it +#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch +BUILD_CFLAGS += "-Wno-error=stringop-overflow" + SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-ovmf-update-path-to-native-BaseTools.patch \ file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ - file://0003-ovmf-Update-to-latest.patch \ - file://0004-Strip-build-paths.patch \ - file://0005-debug-prefix-map.patch \ - file://0006-reproducible.patch \ - file://0001-Fix-VLA-parameter-warning.patch \ + file://0003-debug-prefix-map.patch \ + file://0004-reproducible.patch \ " -PV = "edk2-stable202105" -SRCREV = "e1999b264f1f9d7230edf2448f757c73da567832" +PV = "edk2-stable202402" +SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" +CVE_PRODUCT = "edk2" +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}" + +CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison." +CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." + inherit deploy PARALLEL_MAKE = "" @@ -121,7 +136,7 @@ fix_toolchain:append:class-native() { # --debug-prefix-map to nasm (we carry a patch to nasm for this). The # tools definitions are built by ovmf-native so we need to pass this in # at target build time when we know the right values. -export NASM_PREFIX_MAP = "--debug-prefix-map=${WORKDIR}=/usr/src/debug/ovmf/${EXTENDPE}${PV}-${PR}" +export NASM_PREFIX_MAP = "--debug-prefix-map=${WORKDIR}=${TARGET_DBGSRC_DIR}" export GCC_PREFIX_MAP = "${DEBUG_PREFIX_MAP} -Wno-stringop-overflow -Wno-maybe-uninitialized" GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')" |