Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
They should be built with native architecture
|
|
Fixes CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233,
CVE-2023-45234, CVE-2023-45235, CVE-2022-36763, CVE-2022-36764 and CVE-2022-36765.
GHSA-hc6x-cw6p-gj7h
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
GHSA-4hcq-p8q8-hj8j
Changelog:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202402
|
|
Without the change the build fails on `staging-next` as
https://hydra.nixos.org/build/248863953/nixlog/2/tail:
/build/edk2-unvendored-src/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c:107:19: error: ‘INT64_MAX’ undeclared (first use in this function)
107 | if (v > ((INT64_MAX - (*s - '0')) / 10)) {
| ^~~~~~~~~
The unbundled version of `openssl` `nixpkgs` injects into `edk2` started
using `INT64_MAX` that `edk2`'s `<stdint.h>` does not provide and relies
on `openssl` to define as a fallback.
Let's pull in `openssl`'s own definition of those.
|
|
EDK2 has a good support of RISC-V nowadays.
|
|
https://github.com/tianocore/edk2/releases/tag/edk2-stable202311
|
|
`libuuid` is actually a dependency of the host platform and
should not be tucked in `depBuildBuild`.
Also, we don't need `buildPackages.util-linux` for the compilation.
|
|
|
|
This bumps EDK2 to latest stable: https://github.com/tianocore/edk2/releases/tag/edk2-stable202308
OpenSSL 3 is unbundled in this version bump because we cannot trust EDK2
to do stable releases at each OpenSSL bump alas.
|
|
|
|
https://github.com/tianocore/edk2/releases/tag/edk2-stable202305
|
|
https://github.com/tianocore/edk2/releases/tag/edk2-stable202302
|
|
|
|
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
|
|
|
|
There's nothing about edk2 specific to the host OS, and it builds fine
with e.g. a NetBSD toolchain, so we should only restrict
meta.platforms by architecture, not by OS.
|
|
|
|
ZHF #199919
|
|
the argument to optional should not be list
|
|
|
|
|
|
|
|
changelog: https://github.com/tianocore/edk2/releases/tag/edk2-stable202205
fixes https://nvd.nist.gov/vuln/detail/CVE-2021-38578.
|
|
|
|
|
|
stdenv.cc being a list does not seem to be such a good thing.
|
|
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
|
|
|
|
|
|
Fixes: CVE-2021-28210, CVE-2021-28211
|
|
|
|
|
|
|
|
|
|
In order to use OVMF firmware with e.g. qemu on macOS, these packages
needed to be made macOS ready. This meant choosing the clang build in
this case, because it is the only one working on macOS.
Unfortunately, just using clang on all platforms doesn't work because
there are hardcoded assumptions in the edk2 build system.
|
|
|
|
|
|
* Move to stable version;
* Refactor `setup` to `mkDerivation`;
* Use flags instead of `sed`;
* Support Secure Boot builds.
|
|
|
|
|
|
And also build in parallel.
I don't understand why we manually tediously link every single directory
from the source, but I don't want to investigate too much.
|
|
- Have only one sed expression per line
- Put the important stuff closer to the command and not hidden in some
continuation line. That is, don't do:
sed \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<IMPORTANT STUFF>
but:
sed <IMPORTANT STUFF> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff>
|
|
as requested by @lukeadams in
https://github.com/NixOS/nixpkgs/pull/32724#issuecomment-352140119
|
|
src was at vUDK2017 tag (2017-06-13), updated to the latest commit in UDK2017 branch.
|
|
|
|
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
|
|
python 2 print statement
|
|
|