1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
|
edk2 (0~20181115.85588389-3+deb10u3) buster; urgency=medium
* CryptoPkg/BaseCryptLib: fix NULL dereference. (CVE-2019-14584)
(Closes: #977300)
- d/p/CryptoPkg-BaseCryptLib-fix-NULL-dereference-CVE-2019.patch
-- dann frazier <dannf@debian.org> Tue, 15 Dec 2020 12:30:28 -0700
edk2 (0~20181115.85588389-3+deb10u2) buster; urgency=medium
* Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562)
(Closes: #968819)
- d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch
- d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch
- d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch
-- dann frazier <dannf@debian.org> Thu, 17 Sep 2020 13:45:52 -0600
edk2 (0~20181115.85588389-3+deb10u1) buster; urgency=medium
* Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
* Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
* Clear memory before free to avoid potential password leak.
(CVE-2019-14558)
* Fix double-unmap in SdMmcCreateTrb(). This did not impact any
of the images built from this package. (CVE-2019-14587)
* Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
* Fix issue that could allow an efi image with a blacklisted hash in the
dbx to be loaded. (CVE-2019-14575) (Closes: 952935)
* Fix a memory leak in the ARP handler. (CVE-2019-14559) (Closes: #952926)
-- dann frazier <dannf@debian.org> Thu, 23 Apr 2020 13:33:06 -0600
edk2 (0~20181115.85588389-3) unstable; urgency=medium
* Security fixes (Closes: #924615):
- Fix buffer overflow in BlockIo service (CVE-2018-12180)
- DNS: Check received packet size before using (CVE-2018-12178)
- Fix stack overflow with corrupted BMP (CVE-2018-12181)
-- dann frazier <dannf@debian.org> Fri, 15 Mar 2019 18:37:44 -0600
edk2 (0~20181115.85588389-2) unstable; urgency=medium
* debian/rules: Factor out common feature flags across builds.
* ovmf: Enable TPM2 device support. Closes: #914722.
-- dann frazier <dannf@debian.org> Mon, 26 Nov 2018 16:34:54 -0700
edk2 (0~20181115.85588389-1) unstable; urgency=medium
* New upstream release, based on edk2-stable201811 tag.
-- dann frazier <dannf@debian.org> Thu, 15 Nov 2018 11:28:06 -0700
edk2 (0~20180812.cb5f4f45-1) unstable; urgency=medium
* New upstream release, based on edk2-stable201808 tag.
-- dann frazier <dannf@debian.org> Thu, 06 Sep 2018 16:12:41 -0600
edk2 (0~20180803.dd4cae4d-1) unstable; urgency=medium
* New upstream release.
* debian/control: Point the Vcs-* links to the new location on salsa.
* d/p/ShellPkg-dp-Correct-case-of-included-file.patch: Drop;
now upstream.
-- dann frazier <dannf@debian.org> Fri, 03 Aug 2018 15:35:01 -0600
edk2 (0~20180626.e5735040-1) unstable; urgency=medium
* New upstream release.
* d/p/ShellPkg-dp-Correct-case-of-included-file.patch: Add; fixes FTBFS.
* debian/control: Point the Vcs-* links to the edk2 project in my
namespace on salsa until we identify a more permanent location.
-- dann frazier <dannf@debian.org> Tue, 26 Jun 2018 17:06:59 -0600
edk2 (0~20180503.ebafede9-1) unstable; urgency=medium
* New upstream release.
-- dann frazier <dannf@debian.org> Thu, 03 May 2018 17:00:35 -0600
edk2 (0~20180328.c27c0003-1) unstable; urgency=medium
* New upstream release.
* Bump openssl up to latest upstream version, 1.1.0h.
-- dann frazier <dannf@debian.org> Wed, 28 Mar 2018 11:06:08 -0600
edk2 (0~20180205.c0d9813c-2) unstable; urgency=medium
* Enable HTTP Boot. LP: #1750481.
-- dann frazier <dannf@debian.org> Tue, 20 Feb 2018 13:14:10 -0700
edk2 (0~20180205.c0d9813c-1) unstable; urgency=medium
* New upstream release.
-- dann frazier <dannf@debian.org> Mon, 05 Feb 2018 12:03:01 -0700
edk2 (0~20180105.0bc94c74-1) unstable; urgency=medium
* New upstream release.
- d/p/Revert-BaseTools-Update-Gensec-to-set-PROCESSING_REQ.patch: Drop;
superseded by upstream fix:
1e6e6e18 BaseTools: Fix GenSec GCC make failure
* Bump Standards-Version from 4.1.1 to 4.1.3.
- Use https instead of http in Vcs-Browser URL.
-- dann frazier <dannf@debian.org> Fri, 05 Jan 2018 12:33:43 -0700
edk2 (0~20171205.a9212288-1) unstable; urgency=medium
* New upstream release.
- Fix Windows Server 2012 BSOD during installation. Closes: #881219.
Thanks to Jeff Ketchum.
- Bump openssl up to latest upstream version, 1.1.0g.
* d/p/Revert-BaseTools-Update-Gensec-to-set-PROCESSING_REQ.patch: Add;
fixes FTBFS.
* Change package priorities from extra (now deprecated) to optional.
-- dann frazier <dannf@debian.org> Tue, 05 Dec 2017 15:04:06 -0700
edk2 (0~20171027.76fd5a66-1) unstable; urgency=medium
* New upstream release.
- Fix Win10 guests booting from IDE drives. LP: #1725560.
-- dann frazier <dannf@debian.org> Fri, 27 Oct 2017 16:10:29 -0600
edk2 (0~20171010.234dbcef-1) unstable; urgency=medium
* New upstream release.
- d/p/demote-maybe-uninitialized-to-warning.patch: Drop; issue resolved
upstream.
* Bump Standards-Version from 3.9.8 to 4.1.1.
* Bump debhelper compatibility level to 10.
-- dann frazier <dannf@debian.org> Tue, 10 Oct 2017 14:28:01 -0600
edk2 (0~20170911.5dfba97c-1) unstable; urgency=medium
* New upstream release.
- Now builds with gcc-7. Closes: #853382.
- d/p/no-missing-braces.diff: Refresh.
- d/p/no-stack-protector-all-archs.diff: Refresh.
- d/p/no-pie-for-arm.diff: Drop; superseded by upstream commit
a6b53806.
- OpenSSL: Switch to the new openssl-1.1-based system, which no
longer requires patching.
- d/p/demote-maybe-uninitialized-to-warning.patch: Workaround compiler
error until upstream code is fixed.
* Unset environment variables that are used internally by edk2.
* Avoid the need for "post-patches" by explicitly setting the
ACTIVE_PLATFORM and TARGET_ARCH variables on the build commandline
for ovmf, like we already do for qemu-efi-{arm,aarch64}.
-- dann frazier <dannf@debian.org> Tue, 12 Sep 2017 13:17:42 -0600
edk2 (0~20161202.7bbe0b3e-2) experimental; urgency=medium
* debian/rules: Replace hardcoded "AARCH64" strings with $(EDK2_HOST_ARCH).
* debian/rules: AAVMF image generation doesn't require the edksetup
environment, so move that code outside of it.
* debian/rules: Refactor build-qemu-efi into common and aarch64-specific
targets, so that the common target can be used by a future arm-specific
target.
* d/p/arm64-no-pie-for-you.diff -> d/p/no-pie-for-arm.diff: Update patch
to also apply to arm builds.
* Rename qemu-efi to qemu-efi-aarch64 to open the namespace for
qemu-efi-arm. qemu-efi is now a transitional package with a compatibility
symlink.
* Add qemu-efi-arm package. Closes: #857858.
-- dann frazier <dannf@debian.org> Thu, 18 May 2017 10:17:41 -0600
edk2 (0~20161202.7bbe0b3e-1) unstable; urgency=medium
* New upstream release.
- GOP driver for the VirtIo GPU (virtio-gpu-pci). Closes: #842680.
- Drop precompiled binaries from Vlv2TbltDevicePkg/.
- Drop precompiled liblto-*.a binaries from ArmPkg/.
* Add myself to Uploaders.
* debian/rules: Set OpenSSL version in one place.
* d/p/arm64-reorder-blocks-algorithm.diff: Drop; superseded by
upstream commit 8866d337.
* d/p/arm64-no-pie-for-you.diff: Fix FTBFS w/ GCC that has PIE
enabled by default (now the case in Debian). Closes: #846690.
* debian/control: Clarify the package/guest architecture mapping.
Closes: #837092.
* d/p/no-missing-braces.diff: Refresh.
* d/p/no-stack-protector-all-archs.diff: Refresh.
* debian/copyright: Update.
-- dann frazier <dannf@debian.org> Fri, 09 Dec 2016 09:09:39 +0100
edk2 (0~20160813.de74668f-2) unstable; urgency=medium
[ dann frazier ]
* d/p/arm64-reorder-blocks-algorithm.diff: Workaround to fix
booting in KVM mode. LP: #1632875.
* debian/rules: Export compiler prefix variable to simplify
build-qemu-efi target.
* debian/rules: Make the target dependencies on setup-build explicit.
* debian/rules: Set the aarch64 toolchain prefix agnostically of the
toolchain tag being used.
* debian/rules: Respect EDK2_TOOLCHAIN tag when building ovmf.
-- Steve Langasek <vorlon@debian.org> Wed, 19 Oct 2016 13:07:08 -0700
edk2 (0~20160813.de74668f-1) unstable; urgency=medium
* New upstream release.
- fixes build failure with gcc-6. Closes: #834467.
- increases variable size for arm64 build, to support SecureBoot.
Closes: #830488.
* debian/patches/shell-proper-valist.patch: use VA_COPY() in Shell.
* update Standards Version.
-- Steve Langasek <vorlon@debian.org> Tue, 16 Aug 2016 06:20:28 +0000
edk2 (0~20160408.ffea0a2c-2) unstable; urgency=medium
* Provide split AAVMF_{CODE,VARS}.fd for arm64 in the qemu-efi package,
for VM-friendly nvram persistence in the same style as Fedora et al.
and by analogy with the OVMF_{CODE,VARS}.fd on x86. Thanks to
William Grant <wgrant@ubuntu.com> for the patch.
-- Steve Langasek <vorlon@debian.org> Sat, 16 Apr 2016 00:30:50 +0000
edk2 (0~20160408.ffea0a2c-1) unstable; urgency=medium
[ dann frazier ]
* New upstream version.
- d/p/enable-nvme: Drop; superseded by upstream commit 8ae3832d.
- d/p/no-missing-braces.diff: Refresh.
- d/p/FatPkg-AARCH64.diff: Drop; fixed upstream in commit 04a4fdb9.
- d/p/no-stack-protector-all-archs.diff: Refresh.
- d/p/arm64-mistrict-align.patch: Drop; superseded by upstream
commit d764d5984.
* Move out of non-free as the FAT driver has been replaced with a free
implementation, Thanks to Microsoft. Closes: #815618, LP: #1569602.
* Add SECURE_BOOT_ENABLE flag to aarch64 build to enable support for UEFI
Secure Boot. Closes: #819757. Thanks to Linn Crosetto.
-- Steve Langasek <vorlon@debian.org> Thu, 14 Apr 2016 20:50:11 +0000
edk2 (0~20160104.c2a892d7-1) unstable; urgency=medium
* New upstream version.
- Fixes support for kvm GPU passthrough. Closes: #810163.
- Adds GICv3 support. Closes: #810495.
[ dann frazier ]
* Use GCC49 toolchain for all architectures; the ARMGCC toolchain has
been dropped upstream.
* Supersede debian/patches/arm64-no-expensive-optimizations.patch
with debian/patches/arm64-mstrict-align.patch. Closes LP: #1489460.
-- Steve Langasek <vorlon@debian.org> Thu, 28 Jan 2016 01:35:30 +0000
edk2 (0~20150106.5c2d456b-2) unstable; urgency=medium
[ Steve Langasek ]
* Build-depend on gcc-aarch64-linux-gnu and make qemu-efi an Arch: all
package.
* Ship OVMF_CODE.fd and OVMF_VARS.fd for proper EFI variable support.
Closes: #764918. Continue shipping OVMF.fd too for now, for
compatibility.
[ dann frazier ]
* qemu-efi: Switch to Intel BDS. This supports a fallback to the removable
media path (i.e. \EFI\BOOT\BOOTaa64.EFI) as required by the Linaro VM
Specification. Closes: #796928.
* debian/patches/arm64-no-expensive-optimizations.patch: Workaround
ARM64 compiler issue by disabling certain optimizations.
Closes: LP #1489560
-- Steve Langasek <vorlon@debian.org> Thu, 03 Sep 2015 22:08:41 +0000
edk2 (0~20150106.5c2d456b-1) unstable; urgency=medium
* New upstream release, for arm64 support.
* debian/patches/no-missing-braces.diff: Add -Wno-missing-braces to
CFLAGS to avoid build failures. Thanks to dann frazier
<dannf@debian.org>.
* debian/patches/FatPkg-AARCH64.diff: AARCH64 support. Thanks to dann
frazier <dannf@debian.org>.
* Drop debian/patches/fix-undefined-behavior-in-vfrcompiler.patch, included
upstream.
* Drop debian/patches/gcc-4.9-align.patch in favor of using the GCC49
upstream toolchain rules.
* Adjust debian/rules to only build ovmf when building with -b, in
preparation for enabling other architecture builds (which currently can't
be Arch: all due to lack of cross-compilers in the Debian archive).
[ dann frazier ]
* Add new qemu-efi package for arm64. Closes: #775308.
[ Steve Langasek ]
* Refactor debian/rules to support cross-building.
* debian/patches/no-stack-protector-all-archs.diff: pass
-fno-stack-protector to all ARM GCC toolchains.
* Add XS-Build-Indep-Architecture to debian/control, as a temporary
measure pending standardization, to work around Launchpad builder
behavior which would try to build our arch: all package on an arm64
builder instead of an x86 one.
* Fix Vcs-Git URI in debian/control.
* Standards-Version 3.9.6.
-- Steve Langasek <vorlon@debian.org> Thu, 05 Feb 2015 14:57:40 +0000
edk2 (0~20131112.2590861a-3) unstable; urgency=medium
[ Steve Langasek ]
* debian/copyright: include a Disclaimer field to document clearly why
this package is not in main. Closes: #742589.
[ Michael Tokarev ]
* apply gcc-4.9-align.patch kindly provided by dann frazier to fix ftbfs
with gcc-4.9 (Closes: #771114)
* apply upstream fix-undefined-behavior-in-vfrcompiler.patch, kindly provided
by dann frazier, to fix another ftbfs (Closes: #773492)
-- Michael Tokarev <mjt@tls.msk.ru> Fri, 19 Dec 2014 10:16:14 +0300
edk2 (0~20131112.2590861a-2) unstable; urgency=medium
* debian/ovmf.links: create a OVMF.fd link for qemu
* debian/control: ovmf Replaces qemu-system-common versions which
shipped that link in Ubuntu.
-- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 25 Feb 2014 09:50:04 -0600
edk2 (0~20131112.2590861a-1) unstable; urgency=medium
* New upstream release, requested by Dimitri Ledkov for persistent nvram
variable support.
* Pass -DFD_SIZE_2MB to the build, since we're now over the size limit
-- Steve Langasek <vorlon@debian.org> Thu, 30 Jan 2014 11:47:05 +0000
edk2 (0~20131029.2f34e065-1) unstable; urgency=medium
* New upstream release. Closes: #714463.
- update debian/rules to pull a new version of the shell.
- drop debian/patches/enum-handling, fixed upstream.
- drop debian/patches/mismatched-enums, fixed upstream.
- fixes breakage with the EFI shell. LP: #1223413.
* debian/patches/enable-nvme: enable the NVMe driver.
Closes LP: #1267816.
* debian/post-patches/setup.diff: drop gcc4.7 handling, which is
sorted upstream.
* Update debian/copyright
-- Steve Langasek <vorlon@debian.org> Sat, 11 Jan 2014 23:34:25 +0000
edk2 (0~20121205.edae8d2d-2) unstable; urgency=low
* Fix the package section and debian/copyright: the FAT driver has a
license addendum which makes it non-free instead of BSD.
Closes: #714322.
* Make our build friendlier to git checkouts, by making sure our target
dir exists before copying.
-- Steve Langasek <vorlon@debian.org> Wed, 25 Sep 2013 03:35:20 +0000
edk2 (0~20121205.edae8d2d-1) unstable; urgency=low
* Initial release.
-- Steve Langasek <vorlon@debian.org> Sun, 10 Feb 2013 06:45:06 +0000
|
