All of lore.kernel.org
 help / color / mirror / Atom feed
* [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911
@ 2019-11-12 10:12 Laszlo Ersek (Red Hat)
  2019-11-28 14:52 ` [Bug 1852196] " Philippe Mathieu-Daudé
                   ` (8 more replies)
  0 siblings, 9 replies; 10+ messages in thread
From: Laszlo Ersek (Red Hat) @ 2019-11-12 10:12 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

edk2-stable201911 will be tagged soon:

  https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-
Planning

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
  [upcoming link]

It should be picked up by QEMU, after the v4.2.0 release.

Relevant fixes / features in edk2, since edk2-stable201905 (which is
what QEMU bundles at the moment, from LP#1831477):

- enable UEFI HTTPS Boot in ArmVirtQemu* platforms
  https://bugzilla.tianocore.org/show_bug.cgi?id=1009
  (this is from edk2-stable201908)

- fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
  https://bugzilla.tianocore.org/show_bug.cgi?id=960

- consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
  CVE-2019-1563
  https://bugzilla.tianocore.org/show_bug.cgi?id=2226

** Affects: qemu
     Importance: Undecided
     Assignee: Laszlo Ersek (Red Hat) (lersek)
         Status: New


** Tags: feature-request

** Changed in: qemu
     Assignee: (unassigned) => Laszlo Ersek (Red Hat) (lersek)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable201911

Status in QEMU:
  New

Bug description:
  edk2-stable201911 will be tagged soon:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
    [upcoming link]

  It should be picked up by QEMU, after the v4.2.0 release.

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable201911
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
@ 2019-11-28 14:52 ` Philippe Mathieu-Daudé
  2019-11-28 17:35 ` Laszlo Ersek (Red Hat)
                   ` (7 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-11-28 14:52 UTC (permalink / raw)
  To: qemu-devel

Hi Laszlo,

Do you have a particular reason to update the submodule *after* the v4.2.0 release?
I'd rather see QEMU 4.2 released with edk2-stable201911, as it fixes various CVE (therefore a patch for 4.2-rc4 seems acceptable to me).

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable201911

Status in QEMU:
  New

Bug description:
  edk2-stable201911 will be tagged soon:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
    [upcoming link]

  It should be picked up by QEMU, after the v4.2.0 release.

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable201911
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
  2019-11-28 14:52 ` [Bug 1852196] " Philippe Mathieu-Daudé
@ 2019-11-28 17:35 ` Laszlo Ersek (Red Hat)
  2019-12-04 14:06 ` Philippe Mathieu-Daudé
                   ` (6 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek (Red Hat) @ 2019-11-28 17:35 UTC (permalink / raw)
  To: qemu-devel

Yes, I do have a reason for delaying this LP until after 4.2.0 is out.

When I filed this ticket (on 2019-Nov-12), QEMU had already entered the
4.2.0 soft feature freeze (on 2019-Oct-29). Despite possible
appearances, this LP is actually a feature addition -- that's why I also
set "Tags: feature-request" when I filed this LP.

The reason this is not a fix but a feature addition is the following:
- CVE-2019-14553 is irrelevant (doesn't exist) until we enable HTTPS Boot,
- we have not enabled HTTPS Boot earlier exactly because of CVE-2019-14553,
- the plan is to enable HTTPS Boot now, with CVE-2019-14553 fixed,
- so what remains are CVE-2019-1543, CVE-2019-1552 and CVE-2019-1563, which are native OpenSSL problems.

The upstream edk2 project advanced to OpenSSL 1.1.1d because of the last
point (i.e. because of those three OpenSSL CVEs). That submodule update
was tracked in:

https://bugzilla.tianocore.org/show_bug.cgi?id=2226

As you can see:

(1) there was zero analysis or explanation how those OpenSSL CVEs would
*actually* affect edk2 platforms,

(2) edk2 advanced to OpenSSL 1.1.1d (on 2019-Nov-05) approximately two
months after upstream OpenSSL 1.1.1d was released (on 2019-Sep-10).

Furthermore,

(3) all the listed CVEs are marked "low severity":

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563

(The first two items are declared low severity on cve.mitre.org, while
the last item is declared low severity in
<https://www.openssl.org/news/secadv/20190910.txt>.)

These points (1) through (3) tell me that the edk2 advance was more or
less "better safe than sorry" or "cargo cult".

While that approach is not necessarily wrong, if you have infinite
amounts of time, my capacity falls near the other end of the spectrum.
If someone runs QEMU in production, they should build their firmware
from source anyway -- the bundling of edk2 binaries with QEMU is a
convenience.

If you'd like to submit a QEMU patch set (just for the sake of the CVE
fixes, not the HTTPS Boot feature), and are willing to make the case for
getting that into 4.2-rc4, I won't block it, but I don't think it's
worth the churn, to be honest.

Thanks!
Laszlo

** Bug watch added: bugzilla.tianocore.org/ #2226
   https://bugzilla.tianocore.org/show_bug.cgi?id=2226

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14553

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1543

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1552

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1563

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable201911

Status in QEMU:
  New

Bug description:
  edk2-stable201911 will be tagged soon:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
    [upcoming link]

  It should be picked up by QEMU, after the v4.2.0 release.

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable201911
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
  2019-11-28 14:52 ` [Bug 1852196] " Philippe Mathieu-Daudé
  2019-11-28 17:35 ` Laszlo Ersek (Red Hat)
@ 2019-12-04 14:06 ` Philippe Mathieu-Daudé
  2020-06-04 14:47 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202005 Philippe Mathieu-Daudé
                   ` (5 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-12-04 14:06 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu
     Assignee: Laszlo Ersek (Red Hat) (lersek) => Philippe Mathieu-Daudé (philmd)

** Changed in: qemu
       Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable201911

Status in QEMU:
  In Progress

Bug description:
  edk2-stable201911 will be tagged soon:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
    [upcoming link]

  It should be picked up by QEMU, after the v4.2.0 release.

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202005
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (2 preceding siblings ...)
  2019-12-04 14:06 ` Philippe Mathieu-Daudé
@ 2020-06-04 14:47 ` Philippe Mathieu-Daudé
  2020-09-08  7:10 ` Laszlo Ersek (Red Hat)
                   ` (4 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-04 14:47 UTC (permalink / raw)
  To: qemu-devel

** Summary changed:

- update edk2 submodule & binaries to edk2-stable201911
+ update edk2 submodule & binaries to edk2-stable202005

** Description changed:

- edk2-stable201911 will be tagged soon:
+ edk2-stable202005 has been tagged:
  
-   https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-
+   https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-
  Planning
  
-   https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
-   [upcoming link]
- 
- It should be picked up by QEMU, after the v4.2.0 release.
+   https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
  
  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):
  
  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
-   https://bugzilla.tianocore.org/show_bug.cgi?id=1009
-   (this is from edk2-stable201908)
+   https://bugzilla.tianocore.org/show_bug.cgi?id=1009
+   (this is from edk2-stable201908)
  
  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
-   https://bugzilla.tianocore.org/show_bug.cgi?id=960
+   https://bugzilla.tianocore.org/show_bug.cgi?id=960
  
  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
-   CVE-2019-1563
-   https://bugzilla.tianocore.org/show_bug.cgi?id=2226
+   CVE-2019-1563
+   https://bugzilla.tianocore.org/show_bug.cgi?id=2226

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202005

Status in QEMU:
  In Progress

Bug description:
  edk2-stable202005 has been tagged:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable202005

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202005
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (3 preceding siblings ...)
  2020-06-04 14:47 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202005 Philippe Mathieu-Daudé
@ 2020-09-08  7:10 ` Laszlo Ersek (Red Hat)
  2020-09-08  7:32 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008 Laszlo Ersek (Red Hat)
                   ` (3 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek (Red Hat) @ 2020-09-08  7:10 UTC (permalink / raw)
  To: qemu-devel

** Changed in: qemu
     Assignee: Philippe Mathieu-Daudé (philmd) => Laszlo Ersek (Red Hat) (lersek)

** Summary changed:

- update edk2 submodule & binaries to edk2-stable202005
+ update edk2 submodule & binaries to edk2-stable202008

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202008

Status in QEMU:
  In Progress

Bug description:
  edk2-stable202005 has been tagged:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable202005

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (4 preceding siblings ...)
  2020-09-08  7:10 ` Laszlo Ersek (Red Hat)
@ 2020-09-08  7:32 ` Laszlo Ersek (Red Hat)
  2020-09-08  7:47 ` Laszlo Ersek (Red Hat)
                   ` (2 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek (Red Hat) @ 2020-09-08  7:32 UTC (permalink / raw)
  To: qemu-devel

Posted

* [qemu-devel] [PATCH 00/10] edk2: adopt the edk2-stable202008 release

http://mid.mail-archive.com/20200908072939.30178-1-lersek@redhat.com

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202008

Status in QEMU:
  In Progress

Bug description:
  edk2-stable202005 has been tagged:

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-
  Release-Planning

    https://github.com/tianocore/edk2/releases/tag/edk2-stable202005

  Relevant fixes / features in edk2, since edk2-stable201905 (which is
  what QEMU bundles at the moment, from LP#1831477):

  - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
    https://bugzilla.tianocore.org/show_bug.cgi?id=1009
    (this is from edk2-stable201908)

  - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
    https://bugzilla.tianocore.org/show_bug.cgi?id=960

  - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
    CVE-2019-1563
    https://bugzilla.tianocore.org/show_bug.cgi?id=2226

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (5 preceding siblings ...)
  2020-09-08  7:32 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008 Laszlo Ersek (Red Hat)
@ 2020-09-08  7:47 ` Laszlo Ersek (Red Hat)
  2020-09-14 12:16 ` Philippe Mathieu-Daudé
  2020-12-10  8:53 ` Thomas Huth
  8 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek (Red Hat) @ 2020-09-08  7:47 UTC (permalink / raw)
  To: qemu-devel

** Description changed:

- edk2-stable202005 has been tagged:
+ Consume the following upstream edk2 releases:
  
-   https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-
- Planning
+ https://github.com/tianocore/edk2/releases/tag/edk2-stable201908
+ https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
+ https://github.com/tianocore/edk2/releases/tag/edk2-stable202002
+ https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
+ https://github.com/tianocore/edk2/releases/tag/edk2-stable202008
  
-   https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
+ Worth mentioning (in random order):
  
- Relevant fixes / features in edk2, since edk2-stable201905 (which is
- what QEMU bundles at the moment, from LP#1831477):
+ - various CVE fixes [*]
+ - OpenSSL-1.1.1g
+ - UEFI HTTPS Boot for ARM/AARCH64
+ - TPM2 for ARM/AARCH64
+ - VCPU hotplug with SMI
+ - support for Linux v5.7+ initrd and mixed mode loading
+ - Fusion-MPT SCSI driver in OVMF
+ - VMware PVSCSI driver in OVMF
+ - PXEv4 / PXEv6 boot possible to disable on the QEMU command line
+ - SEV-ES support
  
- - enable UEFI HTTPS Boot in ArmVirtQemu* platforms
-   https://bugzilla.tianocore.org/show_bug.cgi?id=1009
-   (this is from edk2-stable201908)
+ [*] the below list has been collected simply from the subject lines in
+ commit range edk2-stable201905..edk2-stable202008:
  
- - fix CVE-2019-14553 (Invalid server certificate accepted in HTTPS Boot)
-   https://bugzilla.tianocore.org/show_bug.cgi?id=960
+   CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
+   CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
+   CVE-2019-14587
  
- - consume OpenSSL-1.1.1d, for fixing CVE-2019-1543, CVE-2019-1552 and
-   CVE-2019-1563
-   https://bugzilla.tianocore.org/show_bug.cgi?id=2226
+ (Note that any given CVE from the above list may or may not affect the
+ firmware binaries packaged with upstream QEMU; consult the upstream
+ TianoCore bug tracker at <https://bugzilla.tianocore.org/> for details.)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202008

Status in QEMU:
  In Progress

Bug description:
  Consume the following upstream edk2 releases:

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201908
  https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202002
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202008

  Worth mentioning (in random order):

  - various CVE fixes [*]
  - OpenSSL-1.1.1g
  - UEFI HTTPS Boot for ARM/AARCH64
  - TPM2 for ARM/AARCH64
  - VCPU hotplug with SMI
  - support for Linux v5.7+ initrd and mixed mode loading
  - Fusion-MPT SCSI driver in OVMF
  - VMware PVSCSI driver in OVMF
  - PXEv4 / PXEv6 boot possible to disable on the QEMU command line
  - SEV-ES support

  [*] the below list has been collected simply from the subject lines in
  commit range edk2-stable201905..edk2-stable202008:

    CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
    CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
    CVE-2019-14587

  (Note that any given CVE from the above list may or may not affect the
  firmware binaries packaged with upstream QEMU; consult the upstream
  TianoCore bug tracker at <https://bugzilla.tianocore.org/> for details.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (6 preceding siblings ...)
  2020-09-08  7:47 ` Laszlo Ersek (Red Hat)
@ 2020-09-14 12:16 ` Philippe Mathieu-Daudé
  2020-12-10  8:53 ` Thomas Huth
  8 siblings, 0 replies; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-09-14 12:16 UTC (permalink / raw)
  To: qemu-devel

Commit a68694cd1f3.

** Changed in: qemu
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202008

Status in QEMU:
  Fix Committed

Bug description:
  Consume the following upstream edk2 releases:

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201908
  https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202002
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202008

  Worth mentioning (in random order):

  - various CVE fixes [*]
  - OpenSSL-1.1.1g
  - UEFI HTTPS Boot for ARM/AARCH64
  - TPM2 for ARM/AARCH64
  - VCPU hotplug with SMI
  - support for Linux v5.7+ initrd and mixed mode loading
  - Fusion-MPT SCSI driver in OVMF
  - VMware PVSCSI driver in OVMF
  - PXEv4 / PXEv6 boot possible to disable on the QEMU command line
  - SEV-ES support

  [*] the below list has been collected simply from the subject lines in
  commit range edk2-stable201905..edk2-stable202008:

    CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
    CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
    CVE-2019-14587

  (Note that any given CVE from the above list may or may not affect the
  firmware binaries packaged with upstream QEMU; consult the upstream
  TianoCore bug tracker at <https://bugzilla.tianocore.org/> for details.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008
  2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
                   ` (7 preceding siblings ...)
  2020-09-14 12:16 ` Philippe Mathieu-Daudé
@ 2020-12-10  8:53 ` Thomas Huth
  8 siblings, 0 replies; 10+ messages in thread
From: Thomas Huth @ 2020-12-10  8:53 UTC (permalink / raw)
  To: qemu-devel

Released with QEMU v5.2.0.

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1852196

Title:
  update edk2 submodule & binaries to edk2-stable202008

Status in QEMU:
  Fix Released

Bug description:
  Consume the following upstream edk2 releases:

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201908
  https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202002
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202005
  https://github.com/tianocore/edk2/releases/tag/edk2-stable202008

  Worth mentioning (in random order):

  - various CVE fixes [*]
  - OpenSSL-1.1.1g
  - UEFI HTTPS Boot for ARM/AARCH64
  - TPM2 for ARM/AARCH64
  - VCPU hotplug with SMI
  - support for Linux v5.7+ initrd and mixed mode loading
  - Fusion-MPT SCSI driver in OVMF
  - VMware PVSCSI driver in OVMF
  - PXEv4 / PXEv6 boot possible to disable on the QEMU command line
  - SEV-ES support

  [*] the below list has been collected simply from the subject lines in
  commit range edk2-stable201905..edk2-stable202008:

    CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
    CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
    CVE-2019-14587

  (Note that any given CVE from the above list may or may not affect the
  firmware binaries packaged with upstream QEMU; consult the upstream
  TianoCore bug tracker at <https://bugzilla.tianocore.org/> for details.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1852196/+subscriptions


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2020-12-10  9:12 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-12 10:12 [Bug 1852196] [NEW] update edk2 submodule & binaries to edk2-stable201911 Laszlo Ersek (Red Hat)
2019-11-28 14:52 ` [Bug 1852196] " Philippe Mathieu-Daudé
2019-11-28 17:35 ` Laszlo Ersek (Red Hat)
2019-12-04 14:06 ` Philippe Mathieu-Daudé
2020-06-04 14:47 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202005 Philippe Mathieu-Daudé
2020-09-08  7:10 ` Laszlo Ersek (Red Hat)
2020-09-08  7:32 ` [Bug 1852196] Re: update edk2 submodule & binaries to edk2-stable202008 Laszlo Ersek (Red Hat)
2020-09-08  7:47 ` Laszlo Ersek (Red Hat)
2020-09-14 12:16 ` Philippe Mathieu-Daudé
2020-12-10  8:53 ` Thomas Huth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.