edk2 (2022.11-6+deb12u1) bookworm-security; urgency=medium * Cherry-pick security fixes from upstream: - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch - Fix build failure due to symbol collision in above patches: + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch - Fix integer overflow in CreateHob(), CVE-2022-36765 + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch - Fix a buffer overflow via a long server ID option in DHCPv6 client, CVE-2023-45230: + 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch + 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch + 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch - Fix an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229: + 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch + 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch - Fix an out-of-bounds read when processing Neighbor Discovery Redirect messages, CVE-2023-45231: + 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch + 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch - Avoid an infinite loop when parsing unknown options in the Destination Options header of IPv6, CVE-2023-45232: + 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch + 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch - Avoid an infinite loop when parsing a PadN option in the Destination Options header of IPv6, CVE-2023-45233: + 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch + 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when processing a DNS Servers option from a DHCPv6 Advertise message, CVE-2023-45234: + 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Fix a potential buffer overflow when handling a Server ID option from a DHCPv6 proxy Advertise message, CVE-2023-45235: + 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch - Record fixes in a SecurityFix.yaml file: + 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch - (Closes: #1060408, #1061256) * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733. Thanks to Mate Kukri. LP: #2040137. - Disable the built-in Shell when SecureBoot is enabled: + Disable-the-Shell-when-SecureBoot-is-enabled.patch - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active. - d/tests: Update run_cmd_check_secure_boot() to not expect shell interaction. -- dann frazier <dannf@debian.org> Mon, 12 Feb 2024 13:43:50 -0700 edk2 (2022.11-6) unstable; urgency=medium * autopkgtest: Set an encoding in pexpect.spawn() calls so we can log to sys.stdout instead of using sys.stdout.buffer as a workaround. * autopkgtest: Also fail secure boot tests if QEMU process exits non-zero. * autopkgtest: Output test runtimes to help debug timeout issues like the one fixed in the last upload. * autopkgtest: Bump test timeout from 60s to 120s. We've hit the 60s timeout on Ubuntu infrastructure with QEMU 7.2. -- dann frazier <dannf@debian.org> Sun, 05 Mar 2023 13:36:02 -0700 edk2 (2022.11-5) unstable; urgency=medium * autopkgtest: Use 1 CPU QEMU models instead of 2. This avoids a performance issue on s390x instances with 1 host CPU that can result in timeouts. LP: #2008865. -- dann frazier <dannf@debian.org> Wed, 01 Mar 2023 21:55:27 -0700 edk2 (2022.11-4) unstable; urgency=medium * debian/rules: various improvements from Glenn Washburn: - Create OVMF*_INSTALL_DIR variables to replace literals. - Create BUILD_TYPE variable to make it easier to select other build types. - Explicitly use python3 to run ./debian/edk2-vars-generator.py in case the file does not have the executable bit set. * autopkgtest: Fail if QEMU process exits non-zero, which can catch issues such as passing incorrect arguments to qemu-system-*. * qemu-efi-(arm,ia32): Fix indention in README.Debian. -- dann frazier <dannf@debian.org> Tue, 21 Feb 2023 18:38:29 -0700 edk2 (2022.11-3) unstable; urgency=medium * qemu-efi-aarch64: Fix regression for VMs running on Cavium ThunderX SoCs: - Add d/p/0001-ArmVirtPkg-ArmPlatformLibQemu-Ensure-that-VFP-is-on-.patch - Add d/p/0002-ArmVirtPkg-ArmVirtQemu-Avoid-early-ID-map-on-Thunder.patch - debian/rules: Set -DCAVIUM_ERRATUM_27456=TRUE -- dann frazier <dannf@debian.org> Mon, 09 Jan 2023 15:09:39 -0700 edk2 (2022.11-2) unstable; urgency=medium * d/p/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch: Continue to allow bootloaders to execute memory allocated as EFI_LOADER_DATA until GRUB fixes are more generally available. (Closes: #1025656) -- dann frazier <dannf@debian.org> Thu, 29 Dec 2022 11:14:52 -0700 edk2 (2022.11-1) unstable; urgency=medium * New upstream release, based on edk2-stable202211 tag. -- dann frazier <dannf@debian.org> Fri, 25 Nov 2022 15:00:25 -0700 edk2 (2022.08-1) unstable; urgency=medium * New upstream release, based on edk2-stable202208 tag. -- dann frazier <dannf@debian.org> Sun, 11 Sep 2022 11:33:08 -0600 edk2 (2022.05-4) unstable; urgency=medium * autopkgtest: Fix regression in test_aavmf_ms_secure_boot_unsigned by porting it to the new GrubShellBootableIsoImage interface. -- dann frazier <dannf@debian.org> Wed, 07 Sep 2022 07:23:15 -0600 edk2 (2022.05-3) unstable; urgency=medium * Enroll snakeoil keys w/ EnrollDefaultKeys.efi --no-default, fixing a regression introduced with the transition to edk2-vars-generator.py. LP: #1986692. * Clear the BootOrder EFI variable after enrolling keys. (Closes: #1015759) * autopkgtest: Move bootloader selection logic out of Filesystems.py. * autopkgtest: Add snakeoil regression tests. -- dann frazier <dannf@debian.org> Tue, 06 Sep 2022 09:18:46 -0600 edk2 (2022.05-2) unstable; urgency=medium * d/p/x64-baseline-abi.patch: Override microarchitecture ABI for x64 to retain compatibility with generic x86-64 platforms. LP: #1976267. -- dann frazier <dannf@debian.org> Mon, 06 Jun 2022 18:48:56 +0100 edk2 (2022.05-1) unstable; urgency=medium * New upstream release, based on edk2-stable202205 tag. * Drop patches merged upstream: - d/p/0001-OvmfPkg-OvmfPkgX64-Use-different-CcProbeLib-when-SMM.patch -- dann frazier <dannf@debian.org> Fri, 03 Jun 2022 10:29:46 +0100 edk2 (2022.05~rc1-1) unstable; urgency=medium * New upstream release, based on edk2-stable202205-rc1 tag. * Drop patches merged upstream: - d/p/0001-MdeModulePkg-NvmExpressDxe-fix-check-for-Cap.Css.patch - d/p/0002-MdeModulePkg-NvmExpressPei-fix-check-for-NVM-command.patch * ovmf: Fix boot hang with SMM enabled: - d/p/0001-OvmfPkg-OvmfPkgX64-Use-different-CcProbeLib-when-SMM.patch -- dann frazier <dannf@debian.org> Tue, 17 May 2022 09:59:17 -0600 edk2 (2022.02-3) unstable; urgency=medium * Fix NVMe controller support in QEMU (Closes: #1007793). - d/p/0001-MdeModulePkg-NvmExpressDxe-fix-check-for-Cap.Css.patch - d/p/0002-MdeModulePkg-NvmExpressPei-fix-check-for-NVM-command.patch Thanks to Mara Sophie Grosch! -- dann frazier <dannf@debian.org> Mon, 28 Mar 2022 14:59:17 -0600 edk2 (2022.02-2) unstable; urgency=medium * Fix TPM support which regressed due to an upstream build flag rename. (Closes: #1006842) -- dann frazier <dannf@debian.org> Tue, 08 Mar 2022 07:43:32 -0700 edk2 (2022.02-1) unstable; urgency=medium * New upstream release, based on edk2-stable202202 tag. * Drop patch merged upstream: - 0001-OvmfPkg-FvbServicesSmm-use-the-VmgExitLibNull.patch * qemu-efi-arm: Build with non-hard-float ARM compiler, allowing us to stop carrying debian/patches/ftbfs-gcc-11.patch. -- dann frazier <dannf@debian.org> Fri, 25 Feb 2022 12:12:36 -0700 edk2 (2022.02~rc1-1) unstable; urgency=medium * New upstream release, based on edk2-stable202202-rc1 tag. * d/p/0001-OvmfPkg-FvbServicesSmm-use-the-VmgExitLibNull.patch: Fix regression causing OVMF builds w/ SMM to crash. -- dann frazier <dannf@debian.org> Tue, 15 Feb 2022 09:20:52 -0700 edk2 (2021.11-2) unstable; urgency=medium * Set NETWORK_IP6_ENABLE to support IPv6 PXE. (Closes: #1004147) * Move descriptions for OVMF32 images to ovmf-ia32's README.Debian. * qemu-efi-*: Add README.Debian files with image descriptions. -- dann frazier <dannf@debian.org> Fri, 04 Feb 2022 17:23:13 -0700 edk2 (2021.11-1) unstable; urgency=medium * New upstream release, based on edk2-stable202111 tag. * d/find-binaries.py: Cleanup pyflake issues * Inclusivity cleanup: - Rename d/binary-check.blacklist -> d/binary-check.remove - Rename d/binary-check.whitelist -> d/binary-check.allow -- dann frazier <dannf@debian.org> Wed, 01 Dec 2021 18:30:09 -0700 edk2 (2021.11~rc1-1) unstable; urgency=medium * New upstream release, based on edk2-stable202111-rc1 tag. - d/binary-check.blacklist: Update ResetVector file list to match upstream. * d/rules: Use shallow clones to save time when initializing submodules. -- dann frazier <dannf@debian.org> Mon, 15 Nov 2021 15:03:21 -0700 edk2 (2021.08-3) unstable; urgency=medium * d/p/ftbfs-gcc-11.patch: Resurrect, since gcc-11 has changed defaults again. Use -march=armv7-a+fp instead of -march=armv7-a to fix FTBFS. (Closes: #997200) -- dann frazier <dannf@debian.org> Mon, 25 Oct 2021 10:49:28 -0600 edk2 (2021.08-2) unstable; urgency=medium * README.Debian: Document OVMF.fd image. * autopkgtest: Only run AAVMF Secure Boot test on distributions that derive from Ubuntu. Debian's shim-signed on arm64 is currently, in fact, not signed (see #992073). (Closes: #995656) -- dann frazier <dannf@debian.org> Fri, 08 Oct 2021 14:49:45 -0600 edk2 (2021.08-1) unstable; urgency=medium * New upstream release, based on edk2-stable202108 tag. * d/p/ftbfs-gcc-11.patch: Drop; no longer needed now that gcc-11 has restored its previous behavior. -- dann frazier <dannf@debian.org> Tue, 07 Sep 2021 11:27:26 -0600 edk2 (2021.08~rc0-2) experimental; urgency=medium * d/p/ftbfs-gcc-11.patch: Use -march=armv7-a+fp instead of -march=armv7-a to fix FTBFS w/ the new gcc-11 defaults. (Closes: #992100) -- dann frazier <dannf@debian.org> Wed, 11 Aug 2021 11:24:42 -0600 edk2 (2021.08~rc0-1) experimental; urgency=medium * New upstream release, based on edk2-stable202108-rc0 tag. * qemu-efi: Set Multi-Arch: foreign, thanks to the Multiarch hinter. -- dann frazier <dannf@debian.org> Mon, 09 Aug 2021 16:13:04 -0600 edk2 (2021.05-1) experimental; urgency=medium * New upstream release, based on edk2-stable202105 tag. * debian/rules: Only embed required git submodules. -- dann frazier <dannf@debian.org> Fri, 28 May 2021 13:56:57 -0600 edk2 (2021.02-1) experimental; urgency=medium * New upstream release, based on edk2-stable202102 tag. * Drop qemu-ovmf-secureboot which is no longer used. * debian/control: Make versioned build-dep on qemu-system-x86 backport safe. * Add pre-enrolled "ms" and "snakeoil" variants of AAVMF templates. * d/p/BaseTools-Fix-the-lib-order-in-static_library_files..patch: Remove orphaned patch. * debian/control: Drop unnecessary Testsuite field. -- dann frazier <dannf@debian.org> Tue, 09 Mar 2021 13:23:59 -0700 edk2 (2020.11-4) unstable; urgency=medium * UEFI/Filesystems.py: Force "/sbin" into $PATH before calling mkdosfs, fixing autopkgtest failures. -- dann frazier <dannf@debian.org> Tue, 09 Mar 2021 09:20:12 -0700 edk2 (2020.11-3) unstable; urgency=medium * autopkgtest: Avoid needing to use 'atexit' callbacks to cleanup uefi variable flash images by implementing a PflashParams object that cleans itself up when deleted. * autopkgtest: Add missing carriage return to 'reset -s' command that is intended to shutdown the guest. * autopkgtest: Require guest shutdown to complete. * autopkgtest: Add tests to validate secureboot. * autopkgtest: Refactor create_efi_bootable_iso() into a subclass of EfiBootableIsoImage. * autopkgtest: Introduce a series of QemuUefi*Command classes. * autopkgtest: Reorganize code into a python package. * autopkgtest: Test booting to shell w/ snakeoil vars. * Add edk2-vars-generator.py and use it instead of ovmf-vars-generator. This tool reuses the UEFI python package, which should allow us to more easily add pre-enrolled images for additional architectures. * debian/rules: Consolidate list of files to cleanup into debian/clean. * Add a OVMF_CODE_4M.snakeoil.fd symlink to help users discover the appropriate image to use with OVMF_VARS_4M.snakeoil.fd. * debian/rules: Update PkKek-1 selection to allow for derivative distributions. * autopkgtest: Enable debug output to make it easier to diagnose failures. * qemu-efi-arm, qemu-efi-aarch64: Enable TPM support. LP: #1901014. -- dann frazier <dannf@debian.org> Mon, 08 Mar 2021 15:31:22 -0700 edk2 (2020.11-2) unstable; urgency=medium * autopkgtest: Add allow-stderr to Restrictions to fix failure. -- dann frazier <dannf@debian.org> Tue, 15 Dec 2020 11:42:37 -0700 edk2 (2020.11-1) unstable; urgency=medium * New upstream release, based on edk2-stable202011 tag. * Version the build-dep on qemu-system-x86 to ensure it is new enough to support setting smbios OEM strings on the command line. Thanks to Christian Ehrhardt. LP: #1900846. * Introduce ovmf-ia32 package. (Closes: #842683) * Switch OVMF_CODE_4M images to use a 32-bit PEI phase which supports S3 suspend. This avoids having to disable S3 in QEMU to use the SMM-enforcing secboot variant. Non-4M images are for backwards compatibility only, and remain with a 64-bit PEI phase. LP: #1903681. (Closes: #973783) * Rework autopkgtests to cover all provided images. -- dann frazier <dannf@debian.org> Sat, 12 Dec 2020 17:57:02 -0700 edk2 (2020.08-1) unstable; urgency=medium * New upstream release, based on edk2-stable202008 tag. * Drop patches merged upstream: - d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch - d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch - d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch * Drop patch no longer required due to upstream fixes: - d/p/no-missing-braces.diff * Refresh patch: - d/p/no-stack-protector-all-archs.diff -- dann frazier <dannf@debian.org> Mon, 28 Sep 2020 13:40:05 -0600 edk2 (2020.05-5) unstable; urgency=medium * Update snakeoil keys. Previous one expired 2019-12-01. New one expires 2120-08-14. -- dann frazier <dannf@debian.org> Mon, 07 Sep 2020 13:23:29 -0600 edk2 (2020.05-4) unstable; urgency=medium * Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562) (Closes: #968819) - d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch - d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch - d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch * Re-enable TPM support, which was accidentally disabled due to an upstream build flag rename in 2020.05-1. LP: #1890646. -- dann frazier <dannf@debian.org> Wed, 02 Sep 2020 10:26:10 -0600 edk2 (2020.05-3) unstable; urgency=medium * Provide 4MB OVMF images as the existing 2MB images no longer have sufficient variable space for the current Secure Boot Forbidden Signature Database. LP: #1885662. * Update fw descriptors to reference 4M images instead of their 2M counterparts. This will migrate tools that use the descriptor interface (like libvirt) over to the 4M images when creating new VMs. Existing 2M VMs will require manual migration. * Add a 4M snakeoil variable template and drop the 2M version. This will break existing snakeoil VMs, but that should be OK for a test/devel facility. * Increase autopkgtest timeout from 30s to 60s. LP: #1885186. -- dann frazier <dannf@debian.org> Wed, 05 Aug 2020 18:33:22 -0600 edk2 (2020.05-2) unstable; urgency=medium * Enable https boot support, thanks to Dimitri John Ledkov. LP: #1883114. -- dann frazier <dannf@debian.org> Thu, 11 Jun 2020 08:40:31 -0600 edk2 (2020.05-1) unstable; urgency=medium * New upstream release, based on edk2-stable202005 tag. -- dann frazier <dannf@debian.org> Wed, 03 Jun 2020 15:39:40 -0600 edk2 (0.0~20200229-2) unstable; urgency=medium * Actually install the new "ms" descriptor. -- dann frazier <dannf@debian.org> Sat, 11 Apr 2020 09:17:23 -0600 edk2 (0.0~20200229-1) unstable; urgency=medium * Reintroduce OVMF_CODE.ms.fd symlink, but now it points to OVMF_CODE.secboot.fd instead of OVMF_CODE.fd, which enforces SMM. * Update firmware descriptor JSON files: - Update the existing secboot descriptor to use an empty variable store. This makes it Secure Boot-capable, but with Secure Boot disabled. Previously it used a store w/ keys pre-enrolled, without advertising that feature. - Add a new "ms" descriptor which has keys pre-enrolled and Secure Boot enabled, and advertises the "enrolled-keys" feature. - Provide more details in "description" fields. * README.Debian: Improve the use-case description for each image. * Mark ovmf, qemu-efi-aarch64 and qemu-efi-arm as Multi-Arch: foreign. Thanks to the Multiarch hinter. * Change versioning scheme to reflect usage of edk2-stable<YYYYMM> tag releases over git snapshots. * Bump Standards-Version from 4.1.3 to 4.5.0. * Add a debian/watch file. -- dann frazier <dannf@debian.org> Tue, 31 Mar 2020 16:46:58 -0600 edk2 (0~20200229.4c0f6e34-1) unstable; urgency=medium * New upstream release, based on edk2-stable202002 tag. - Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563) (Closes: #952934) - Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586) - Clear memory before free to avoid potential password leak. (CVE-2019-14558) - Fix double-unmap in SdMmcCreateTrb(). This did not impact any of the images built from this package. (CVE-2019-14587) - Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559) - Fix issue that could allow an efi image with a blacklisted hash in the dbx to be loaded. (CVE-2019-14575) (Closes: #952935) - Fix a memory leak in the ARP handler. (CVE-2019-14559) (Closes: #952926) - Refresh patches: + debian/patches/no-missing-braces.diff + debian/patches/no-stack-protector-all-archs.diff -- dann frazier <dannf@debian.org> Fri, 13 Mar 2020 16:05:49 -0600 edk2 (0~20191122.bd85bf54-2) unstable; urgency=medium * Bump debhelper compatibility level to 12. * Provide an OVMF_VARS.snakeoil.fd image and matching private key for development testing. LP: #1850848. * Drop OVMF_CODE.ms.fd symlink. LP: #1864535. -- dann frazier <dannf@debian.org> Thu, 27 Feb 2020 07:23:16 -0700 edk2 (0~20191122.bd85bf54-1) unstable; urgency=medium * New upstream release, based on edk2-stable201911 tag. * Drop patches merged upstream: - BaseTools-Fix-the-lib-order-in-static_library_files..patch - 0001-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch - 0002-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch - 0003-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch - 0004-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch - 0005-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch - 0006-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch - 0007-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch - 0008-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch * Compile the liblto plugins for ARM & AARCH64, allowing us to move our toolchain config from GCC49 to GCC5. Move to GCC5. -- dann frazier <dannf@debian.org> Sun, 08 Dec 2019 09:16:40 -0700 edk2 (0~20190828.37eef910-4) unstable; urgency=medium * Support server identify validation in HTTPS Boot (CVE-2019-14553). Closes: #941775. -- dann frazier <dannf@debian.org> Mon, 11 Nov 2019 19:37:52 +0100 edk2 (0~20190828.37eef910-3) unstable; urgency=medium * Don't require an SMM for the OVMF.fd image. Closes: #939928. -- dann frazier <dannf@debian.org> Tue, 01 Oct 2019 11:23:42 -0600 edk2 (0~20190828.37eef910-2) unstable; urgency=medium * debian/control: Correct Maintainer field. -- dann frazier <dannf@debian.org> Sat, 28 Sep 2019 06:52:05 -0600 edk2 (0~20190828.37eef910-1) unstable; urgency=medium * New upstream release, based on edk2-stable201908 tag. - debian/rules: Use git archive in get-orig-source to take advantage of openssl .gitattributes that will trim cruft from the source tarball. - d/binary-check.blacklist: Drop binary removed upstream. - debian/find-binaries.py: Add to the list of heuristically "OK" file extensions. * d/p/BaseTools-Fix-the-lib-order-in-static_library_files..patch: Fix ARM image FTBFS. -- dann frazier <dannf@debian.org> Fri, 27 Sep 2019 18:05:34 -0600 edk2 (0~20190606.20d2e5a1-4) unstable; urgency=medium * Fix up remaining references to python. -- Steve Langasek <vorlon@debian.org> Sun, 01 Sep 2019 05:31:40 +0000 edk2 (0~20190606.20d2e5a1-3) unstable; urgency=medium [ dann frazier ] * d/p/ovmf-vars-generator-ignore-qemu-warnings.patch: Avoid build hang in Ubuntu resulting from unexpected QEMU warnings in output while enrolling keys. [ Steve Langasek ] * debian/patches/python3.patch: Use python3 syntax. * Drop python from Build-Depends. Closes: #936470. -- Steve Langasek <vorlon@debian.org> Fri, 30 Aug 2019 21:59:55 -0700 edk2 (0~20190606.20d2e5a1-2) unstable; urgency=medium * debian/tests/control: Add missing dependencies on ovmf, qemu-efi-aarch64, and qemu-efi-arm. * debian/rules: Fix a comment typo in the get-orig-source rules. * debian/rules: Introduce a setup-build-stamp to avoid unnecessary BuildTools rebuilds. * ovmf: Add SecureBoot enabled variant: - debian/control: add xorriso, qemu-utils, qemu-system-x86, python3 to Build-Depends for the automatic key enrollment process. - debian/rules: - build a SecureBoot/SMM enabled variant of OVMF_CODE too. - build OVMF_VARS.ms.fd with embedded Microsoft keys from the binary EnrollDefaultKeys.efi - debian/ovmf.links: add OVMF_CODE.ms.fd. - debian/ovmf.install: install OVMF_VARS.ms.fd. - d/p/ovmf-vars-generator-Pass-OEM-Strings-to-the-guest.patch: Support passing in the PK/KEK via QEMU's --oemstring. * Reenable HTTP Boot, which was accidentally disabled due to an upstream macro rename. * Add firmware descriptor files. Closes: #932269, LP: #1836859. -- dann frazier <dannf@debian.org> Wed, 31 Jul 2019 13:44:42 -0600 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog ovmf`.
Generated by dwww version 1.15 on Wed Jun 26 04:24:28 CEST 2024.