[ol8_appstream] edk2-ovmf-20220126gitbb1bba3d77-6.el8_9.6.noarch

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for
Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU
and KVM.

Changelog (Show File list) (Show related packages)

• Mon Mar 04 2024 Lukáš Lipinský <lukas.lipinsky@oracle.com> - 20220126gitbb1bba3d77-6.el8_9.6

  - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21840 RHEL-21842]
  - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21840 RHEL-21842]
  - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21840 RHEL-21842]
  - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21840 RHEL-21842]
  - Resolves: RHEL-21842
    (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-8])
  - edk2-Apply-uncrustify-changes-to-.c-.h-files-in-the-Netwo.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Apply-uncrustify-changes.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Apply-uncrustify-changes-p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
  - Resolves: RHEL-21840
    (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-8])
  - Resolves: RHEL-21844
    (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-8])
  - Resolves: RHEL-21846
    (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-8])
  - Resolves: RHEL-21848
    (CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-8])
  - Resolves: RHEL-21850
    (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-8])
  - Resolves: RHEL-21852
    (CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-8])

• Tue Feb 20 2024 Darren Archibald <darren.archibald@oracle.com> - 20220126gitbb1bba3d77-6.el8_9.3

  - edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch [RHEL-7560]
  - Resolves: RHEL-7560
    (CVE-2023-3446 edk2: openssl: Excessive time spent checking DH keys and parameters [rhel-8])

• Wed Nov 22 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-6.el8_9.1

  - edk2-add-8.6-machine-type-to-edk2-ovmf-cc.json.patch [RHEL-12626]
  - Resolves: RHEL-12626
    (Missing firmware descriptor with secureboot disabled in RHEL 8)

• Fri Aug 04 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-6

  - edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch [bz#2150267]
  - Resolves: bz#2150267
    (ovmf must consider max cpu count not boot cpu count for apic mode [rhel-8])

• Thu Apr 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-5

  - edk2-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch [bz#1861743]
  - Resolves: bz#1861743
    (CVE-2019-14560 edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() [rhel-8])

• Wed Feb 15 2023 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-4

  - edk2-openssl-update.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
  - edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164531 bz#2164543 bz#2164558 bz#2164581]
  - Resolves: bz#2164531
    (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-8])
  - Resolves: bz#2164543
    (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-8])
  - Resolves: bz#2164558
    (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-8])
  - Resolves: bz#2164581
    (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-8])

• Tue Aug 02 2022 Camilla Conte <cconte@redhat.com> - 20220126gitbb1bba3d77-3

  - Bumping OpenSSL version [bz# 2074834]
  - Resolves: bz# 2074834
    (edk2: sync openssl sources with rhel openssl rpm)

• Tue Mar 01 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-2

  - edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2112307]
  - Resolves: bz#2112307
    (Mark SEV launch secret area as reserved)

• Wed Feb 02 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-1.el8

  - Rebase to latest upstream release [bz#2018386]
  - Resolves: bz#2018386
    ([rebase] update edk2 to nov '21 release (edk2-stable202111xx))

• Fri Aug 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-3

  - edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762]
  - Resolves: bz#1988762
    (edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec)