-
Tue Feb 20 2024 Darren Archibald <darren.archibald@oracle.com> - 20220126gitbb1bba3d77-6.el8_9.3
- edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch [RHEL-7560]
- Resolves: RHEL-7560
(CVE-2023-3446 edk2: openssl: Excessive time spent checking DH keys and parameters [rhel-8])
-
Wed Nov 22 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-6.el8_9.1
- edk2-add-8.6-machine-type-to-edk2-ovmf-cc.json.patch [RHEL-12626]
- Resolves: RHEL-12626
(Missing firmware descriptor with secureboot disabled in RHEL 8)
-
Fri Aug 04 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-6
- edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch [bz#2150267]
- Resolves: bz#2150267
(ovmf must consider max cpu count not boot cpu count for apic mode [rhel-8])
-
Thu Apr 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-5
- edk2-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch [bz#1861743]
- Resolves: bz#1861743
(CVE-2019-14560 edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() [rhel-8])
-
Wed Feb 15 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-4
- edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
- Resolves: bz#2164531
(CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8])
- Resolves: bz#2164543
(CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8])
- Resolves: bz#2164558
(CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8])
- Resolves: bz#2164581
(CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8])
-
Tue Aug 02 2022 Camilla Conte <cconte@redhat.com> - 20220126gitbb1bba3d77-3
- Bumping OpenSSL version [bz# 2074834]
- Resolves: bz# 2074834
(edk2: sync openssl sources with rhel openssl rpm)
-
Tue Mar 01 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-2
- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2112307]
- Resolves: bz#2112307
(Mark SEV launch secret area as reserved)
-
Wed Feb 02 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-1.el8
- Rebase to latest upstream release [bz#2018386]
- Resolves: bz#2018386
([rebase] update edk2 to nov '21 release (edk2-stable202111xx))
-
Fri Aug 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-3
- edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762]
- Resolves: bz#1988762
(edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec)
-
Fri Jul 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-2
- edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch [bz#1956408]
- edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch [bz#1956408]
- Resolves: bz#1956408
(edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0])