Changelog for
edk2-tools-20231122-6.el9_4.2.x86_64.rpm :
* Tue Jul 23 2024 EL Errata
- 20231122-6.0.1.el9_4.2- Replace upstream references [Orabug:36569119]
* Mon Jul 01 2024 Miroslav Rezanina - 20231122-6.el9_4.2- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]- Resolves: RHEL-40270 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])- Resolves: RHEL-40272 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])
* Wed Apr 10 2024 Miroslav Rezanina - 20231122-6.el9_4.1- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]- Resolves: RHEL-30156 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])
* Thu Feb 22 2024 Miroslav Rezanina - 20231122-6- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9])- Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9])- Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9])- Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9])- Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9])- Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9])- Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9])
* Mon Feb 19 2024 Miroslav Rezanina - 20231122-5- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157]- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157]- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch [RHEL-21157]- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-411-3.patch [RHEL-21157]- edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21157]- edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch [RHEL-21704]- edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch [RHEL-21704]- edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch [RHEL-21704]- edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch [RHEL-21704]- Resolves: RHEL-21157 (CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-9])- Resolves: RHEL-21704 (vGPU VM take several minutes to show tianocore logo if firmware is ovmf)
* Wed Jan 31 2024 Miroslav Rezanina - 20231122-4- edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch [RHEL-20963]- Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error)
* Mon Jan 22 2024 Miroslav Rezanina - 20231122-3- edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21155]- edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21155]- edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21155]- Resolves: RHEL-21155 (CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-9])
* Mon Jan 15 2024 Miroslav Rezanina - 20231122-2- edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963]- edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963]- Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error)
* Fri Dec 15 2023 Miroslav Rezanina - 20231122-1- Rebase to edk2-stable202311 [RHEL-12323]- Switch to OpenSSL 3.0 [RHEL-49]- Resolves: RHEL-12323 (Rebase EDK2 for RHEL 9.4)- Resolves: RHEL-49 (consume / bundle RHEL-9 OpenSSL (version 3.0.x) in RHEL-9 edk2)
* Mon Oct 09 2023 Miroslav Rezanina - 20230524-4- edk2-OvmfPkg-ResetVector-Fix-assembler-bit-test-flag-chec.patch [RHEL-9943]- Resolves: RHEL-9943 ([EDK2][AMDSERVER Bug] OvmfPkg/ResetVector: Fix assembler bit test flag check [rhel-9.3.0.z])
* Thu Aug 24 2023 Miroslav Rezanina - 20230524-3- edk2-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch [bz#2190244]- edk2-OvmfPkg-IoMmuDxe-add-locking-to-IoMmuAllocateBounceB.patch [bz#2211060]- edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch [bz#2218196]- Resolves: bz#2190244 ([EDK2] [AMDSERVER 9.3 Bug] OVMF AP Creation Fixes)- Resolves: bz#2211060 (SEV-es guest randomly stuck at boot to hard drive screen from powerdown and boot again)- Resolves: bz#2218196 (Add vtpm devices with OVMF.amdsev.fd causes VM reset)
* Mon Jul 10 2023 Miroslav Rezanina - 20230524-2- edk2-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch [RHEL-643]- edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch [RHEL-643]- edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch [RHEL-643]- edk2-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch [RHEL-643]- edk2-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch [RHEL-643]- edk2-OvmfPkg-VirtioSerialDxe-Remove-noisy-debug-print-on-.patch [RHEL-643]- edk2-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch [bz#2174749]- edk2-Revert-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174749]- edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch [bz#2124143]- edk2-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch [RHEL-644]- edk2-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch [RHEL-644]- edk2-OvmfPkg-MicrovmX64-enable-1G-pages.patch [RHEL-644]- Resolves: RHEL-643 (add virtio serial support to armvirt)- Resolves: bz#2174749 ([edk2] re-enable dynamic mmio window)- Resolves: bz#2124143 (ovmf must consider max cpu count not boot cpu count for apic mode [rhel-9])- Resolves: RHEL-644 (enable gigabyte pages)
* Tue Jun 27 2023 Oliver Steffen - 20230524-1- Rebase to edk2-stable202305 tag [RHEL-585] Resolves: RHEL-585 ([rhel-9.3] rebase EDK2 to edk2-stable202305)
* Mon May 22 2023 Miroslav Rezanina - 20230301gitf80f052277c8-5- edk2-dbx-update-2023-05-09-black-lotus-edition.patch [RHEL-470]- edk2-json-descriptors-explicitly-set-mode-split.patch [RHEL-469]- Resolves: RHEL-470 (edk2: update variable store with latest dbx updates (may 9, black lotus edition))- Resolves: RHEL-469 (explicitly set mode = split in firmware json description files)
* Tue May 16 2023 Miroslav Rezanina - 20230301gitf80f052277c8-4- edk2-OvmfPkg-Clarify-invariants-for-NestedInterruptTplLib.patch [bz#2189136]- edk2-OvmfPkg-Relax-assertion-that-interrupts-do-not-occur.patch [bz#2189136]- Resolves: bz#2189136 (windows 11 installation broken with edk2-20230301gitf80f052277c8-1.el9)
* Mon May 08 2023 Miroslav Rezanina - 20230301gitf80f052277c8-3- edk2-add-aarch64-qcow2-images.patch [bz#2186754]- edk2-update-json-files.patch [bz#2186754]- edk2-add-libvirt-version-conflict.patch [bz#2186754]- edk2-add-dbx-update-blob-rh-only.patch [RHEL-377]- edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377]- Resolves: bz#2186754 (edk2: Add firmware images in qcow2 format)- Resolves: RHEL-377 (edk2: ship secure build variable store with latest dbx updates)
* Wed Apr 05 2023 Miroslav Rezanina - 20230301gitf80f052277c8-2- edk2-build-script-update.patch [bz#2183230]- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]- Resolves: bz#2183230 ([edk2] Instruction abort exception when booting a VM)
* Wed Mar 22 2023 Miroslav Rezanina - 20230301gitf80f052277c8-1- Rebase to edk2-stable202302 [RHEL-266]- Resolves: RHEL-266 (rebase edk2 to 2023-02 stable tag)
* Fri Mar 17 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-9- edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247]- Resolves: bz#2169247 ([edk2] Install a sev guest with enrolled secure boot failed)
* Fri Mar 10 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-8- edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605]- Resolves: bz#2174605 ([EDK2] disable dynamic mmio window)
* Tue Feb 21 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-7- edk2-Revert-MdeModulePkg-TerminalDxe-add-other-text-resol.patch [bz#2162307]- Resolves: bz#2162307 (Broken GRUB output on a serial console)
* Mon Feb 13 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-6- edk2-update-build-script-rhel-only.patch [bz#2168046]- edk2-update-build-config-rhel-only.patch [bz#2168046]- edk2-add-release-date-to-builds-rh-only.patch [bz#2168046]- edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]- Resolves: bz#2168046 ([SVVP] job \'Check SMBIOS Table Specific Requirements\' failed on win2022)- Resolves: bz#2164534 (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9])- Resolves: bz#2164550 (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9])- Resolves: bz#2164565 (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9])- Resolves: bz#2164583 (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9])
* Mon Feb 06 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-5- edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656]- Resolves: bz#2157656 ([edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares)
* Wed Jan 18 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-4- edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch [bz#2158173]- Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares)
* Mon Jan 16 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-3- edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [bz#2158173]- edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch [bz#1983086]- Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares)- Resolves: bz#1983086 (Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status))
* Thu Jan 05 2023 Miroslav Rezanina - 20221207gitfff6d81270b5-2- edk2-use-rpm-build-flags-rh-only.patch [RHEL-177]- Resolves: RHEL-177 (Enable GNU_RELRO security protection)
* Thu Dec 15 2022 Camilla Conte - 20221207gitfff6d81270b5-1- Rebase to edk2-stable202211 tag Resolves: RHEL-119 (rebase edk2 to edk2-stable202211)- Resolves: RHEL-75 (edk2 builds should show the build version)- Resolves: bz#2132951 (edk2: Sort traditional virtualization builds before Confidential Computing builds)
* Mon Nov 21 2022 Miroslav Rezanina - 20220826gitba0e0e4c6a-2- edk2-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch [bz#1989857]- Resolves: bz#1989857 (CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation [rhel-9.0])
* Tue Oct 11 2022 Miroslav Rezanina - 0220826gitba0e0e4c6a-1- Rebase to edk2-stable202208 tag [RHELX-59] Resolves: RHELX-59 (rebase edk2 to 2022-08 stable tag)
* Fri Sep 16 2022 Miroslav Rezanina - 20220526git16779ede2d36-4- edk2-OvmfPkg-QemuVideoDxe-fix-bochs-mode-init.patch [RHELX-58]- Resolves: RHELX-58 (Guest console turns black with uefi rhel guests and stdvga)
* Mon Aug 01 2022 Miroslav Rezanina - 20220526git16779ede2d36-3- edk2-openssl-jump-to-8.7.0-branch-2022-07-22.patch [bz#2074843]- edk2-ovmf-vars-generator-Use-max-cpu.patch [bz#2111567]- Resolves: bz#2074843 (edk2: sync openssl sources with rhel openssl rpm)- Resolves: bz#2111567 (EDK2 build stuck with qemu-kvm-7.0.0-8.el9 or newer)