2019-11-12 10:12:12 |
Laszlo Ersek (Red Hat) |
bug |
|
|
added bug |
2019-11-12 10:12:33 |
Laszlo Ersek (Red Hat) |
qemu: assignee |
|
Laszlo Ersek (Red Hat) (lersek) |
|
2019-11-28 17:35:56 |
Laszlo Ersek (Red Hat) |
bug watch added |
|
https://bugzilla.tianocore.org/show_bug.cgi?id=2226 |
|
2019-11-28 17:35:56 |
Laszlo Ersek (Red Hat) |
cve linked |
|
2019-14553 |
|
2019-11-28 17:35:56 |
Laszlo Ersek (Red Hat) |
cve linked |
|
2019-1543 |
|
2019-11-28 17:35:56 |
Laszlo Ersek (Red Hat) |
cve linked |
|
2019-1552 |
|
2019-11-28 17:35:56 |
Laszlo Ersek (Red Hat) |
cve linked |
|
2019-1563 |
|
2019-12-04 14:06:43 |
Philippe Mathieu-Daudé |
qemu: assignee |
Laszlo Ersek (Red Hat) (lersek) |
Philippe Mathieu-Daudé (philmd) |
|
2019-12-04 14:07:01 |
Philippe Mathieu-Daudé |
qemu: status |
New |
In Progress |
|
2020-06-04 14:47:22 |
Philippe Mathieu-Daudé |
summary |
update edk2 submodule & binaries to edk2-stable201911 |
update edk2 submodule & binaries to edk2-stable202005 |
|
2020-06-04 14:48:54 |
Philippe Mathieu-Daudé |
description |
edk2-stable201911 will be tagged soon:
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning
https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
[upcoming link]
It should be picked up by QEMU, after the v4.2.0 release.
Relevant fixes / features in edk2, since edk2-stable201905 (which is
what QEMU bundles at the moment, from LP#1831477):
- enable UEFI HTTPS Boot in ArmVirtQemu* platforms
https://bugzilla.tianocore.org/show_bug.cgi?id=1009
(this is from edk2-stable201908)
- fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
https://bugzilla.tianocore.org/show_bug.cgi?id=960
- consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
CVE-2019-1563
https://bugzilla.tianocore.org/show_bug.cgi?id=2226 |
edk2-stable202005 has been tagged:
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning
https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
Relevant fixes / features in edk2, since edk2-stable201905 (which is
what QEMU bundles at the moment, from LP#1831477):
- enable UEFI HTTPS Boot in ArmVirtQemu* platforms
https://bugzilla.tianocore.org/show_bug.cgi?id=1009
(this is from edk2-stable201908)
- fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
https://bugzilla.tianocore.org/show_bug.cgi?id=960
- consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
CVE-2019-1563
https://bugzilla.tianocore.org/show_bug.cgi?id=2226 |
|
2020-09-08 07:10:31 |
Laszlo Ersek (Red Hat) |
qemu: assignee |
Philippe Mathieu-Daudé (philmd) |
Laszlo Ersek (Red Hat) (lersek) |
|
2020-09-08 07:10:41 |
Laszlo Ersek (Red Hat) |
summary |
update edk2 submodule & binaries to edk2-stable202005 |
update edk2 submodule & binaries to edk2-stable202008 |
|
2020-09-08 07:47:23 |
Laszlo Ersek (Red Hat) |
description |
edk2-stable202005 has been tagged:
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning
https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
Relevant fixes / features in edk2, since edk2-stable201905 (which is
what QEMU bundles at the moment, from LP#1831477):
- enable UEFI HTTPS Boot in ArmVirtQemu* platforms
https://bugzilla.tianocore.org/show_bug.cgi?id=1009
(this is from edk2-stable201908)
- fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
https://bugzilla.tianocore.org/show_bug.cgi?id=960
- consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
CVE-2019-1563
https://bugzilla.tianocore.org/show_bug.cgi?id=2226 |
Consume the following upstream edk2 releases:
https://github.com/tianocore/edk2/releases/tag/edk2-stable201908
https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
https://github.com/tianocore/edk2/releases/tag/edk2-stable202002
https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
https://github.com/tianocore/edk2/releases/tag/edk2-stable202008
Worth mentioning (in random order):
- various CVE fixes [*]
- OpenSSL-1.1.1g
- UEFI HTTPS Boot for ARM/AARCH64
- TPM2 for ARM/AARCH64
- VCPU hotplug with SMI
- support for Linux v5.7+ initrd and mixed mode loading
- Fusion-MPT SCSI driver in OVMF
- VMware PVSCSI driver in OVMF
- PXEv4 / PXEv6 boot possible to disable on the QEMU command line
- SEV-ES support
[*] the below list has been collected simply from the subject lines in
commit range edk2-stable201905..edk2-stable202008:
CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
CVE-2019-14587
(Note that any given CVE from the above list may or may not affect the
firmware binaries packaged with upstream QEMU; consult the upstream
TianoCore bug tracker at <https://bugzilla.tianocore.org/> for details.) |
|
2020-09-14 12:16:21 |
Philippe Mathieu-Daudé |
qemu: status |
In Progress |
Fix Committed |
|
2020-12-10 08:53:28 |
Thomas Huth |
qemu: status |
Fix Committed |
Fix Released |
|