edk2 (0~20160408.ffea0a2c-2ubuntu0.2) xenial-security; urgency=medium

  * Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562)
  * CryptoPkg/BaseCryptLib: fix NULL dereference. (CVE-2019-14584)

 -- dann frazier <dannf@ubuntu.com>  Tue, 15 Dec 2020 16:38:25 -0700

edk2 (0~20160408.ffea0a2c-2ubuntu0.1) xenial; urgency=medium

  * Security fixes (LP: #1820764):
    - Fix buffer overflow in BlockIo service (CVE-2018-12180)
    - DNS: Check received packet size before using (CVE-2018-12178)
    - Fix stack overflow with corrupted BMP (CVE-2018-12181)
  * Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
  * Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
  * Clear memory before free to avoid potential password leak.
    (CVE-2019-14558)
  * Fix double-unmap in SdMmcCreateTrb(). This did not impact any
    of the images built from this package. (CVE-2019-14587)
  * Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
  * Fix issue that could allow an efi image with a blacklisted hash in the
    dbx to be loaded. (CVE-2019-14575)
  * Fix a memory leak in the ARP handler. (CVE-2019-14559)

 -- dann frazier <dannf@ubuntu.com>  Thu, 16 Apr 2020 09:05:29 -0600

edk2 (0~20160408.ffea0a2c-2) unstable; urgency=medium

  * Provide split AAVMF_{CODE,VARS}.fd for arm64 in the qemu-efi package,
    for VM-friendly nvram persistence in the same style as Fedora et al.
    and by analogy with the OVMF_{CODE,VARS}.fd on x86.  Thanks to
    William Grant <wgrant@ubuntu.com> for the patch.

 -- Steve Langasek <vorlon@debian.org>  Sat, 16 Apr 2016 00:30:50 +0000

edk2 (0~20160408.ffea0a2c-1) unstable; urgency=medium

  [ dann frazier ]
  * New upstream version.
    - d/p/enable-nvme: Drop; superseded by upstream commit 8ae3832d.
    - d/p/no-missing-braces.diff: Refresh.
    - d/p/FatPkg-AARCH64.diff: Drop; fixed upstream in commit 04a4fdb9.
    - d/p/no-stack-protector-all-archs.diff: Refresh.
    - d/p/arm64-mistrict-align.patch: Drop; superseded by upstream
      commit d764d5984.
  * Move out of non-free as the FAT driver has been replaced with a free
    implementation, Thanks to Microsoft.  Closes: #815618, LP: #1569602.
  * Add SECURE_BOOT_ENABLE flag to aarch64 build to enable support for UEFI
    Secure Boot.  Closes: #819757. Thanks to Linn Crosetto.

 -- Steve Langasek <vorlon@debian.org>  Thu, 14 Apr 2016 20:50:11 +0000

edk2 (0~20160104.c2a892d7-1) unstable; urgency=medium

  * New upstream version.
    - Fixes support for kvm GPU passthrough.  Closes: #810163.
    - Adds GICv3 support.  Closes: #810495.

  [ dann frazier ]
  * Use GCC49 toolchain for all architectures; the ARMGCC toolchain has
    been dropped upstream.
  * Supersede debian/patches/arm64-no-expensive-optimizations.patch
    with debian/patches/arm64-mstrict-align.patch.  Closes LP: #1489460.

 -- Steve Langasek <vorlon@debian.org>  Thu, 28 Jan 2016 01:35:30 +0000

edk2 (0~20150106.5c2d456b-2) unstable; urgency=medium

  [ Steve Langasek ]
  * Build-depend on gcc-aarch64-linux-gnu and make qemu-efi an Arch: all
    package.
  * Ship OVMF_CODE.fd and OVMF_VARS.fd for proper EFI variable support.
    Closes: #764918.  Continue shipping OVMF.fd too for now, for
    compatibility.

  [ dann frazier ]
  * qemu-efi: Switch to Intel BDS. This supports a fallback to the removable
    media path (i.e. \EFI\BOOT\BOOTaa64.EFI) as required by the Linaro VM
    Specification.  Closes: #796928.
  * debian/patches/arm64-no-expensive-optimizations.patch: Workaround
    ARM64 compiler issue by disabling certain optimizations.
    Closes: LP #1489560

 -- Steve Langasek <vorlon@debian.org>  Thu, 03 Sep 2015 22:08:41 +0000

edk2 (0~20150106.5c2d456b-1) unstable; urgency=medium

  * New upstream release, for arm64 support.
  * debian/patches/no-missing-braces.diff: Add -Wno-missing-braces to
    CFLAGS to avoid build failures.  Thanks to dann frazier
    <dannf@debian.org>.
  * debian/patches/FatPkg-AARCH64.diff: AARCH64 support.  Thanks to dann
    frazier <dannf@debian.org>.
  * Drop debian/patches/fix-undefined-behavior-in-vfrcompiler.patch, included
    upstream.
  * Drop debian/patches/gcc-4.9-align.patch in favor of using the GCC49
    upstream toolchain rules.
  * Adjust debian/rules to only build ovmf when building with -b, in
    preparation for enabling other architecture builds (which currently can't
    be Arch: all due to lack of cross-compilers in the Debian archive).

  [ dann frazier ]
  * Add new qemu-efi package for arm64.  Closes: #775308.

  [ Steve Langasek ]
  * Refactor debian/rules to support cross-building.
  * debian/patches/no-stack-protector-all-archs.diff: pass
    -fno-stack-protector to all ARM GCC toolchains.
  * Add XS-Build-Indep-Architecture to debian/control, as a temporary 
    measure pending standardization, to work around Launchpad builder
    behavior which would try to build our arch: all package on an arm64
    builder instead of an x86 one.
  * Fix Vcs-Git URI in debian/control.
  * Standards-Version 3.9.6.

 -- Steve Langasek <vorlon@debian.org>  Thu, 05 Feb 2015 14:57:40 +0000

edk2 (0~20131112.2590861a-3) unstable; urgency=medium

  [ Steve Langasek ]
  * debian/copyright: include a Disclaimer field to document clearly why
    this package is not in main.  Closes: #742589.

  [ Michael Tokarev ]
  * apply gcc-4.9-align.patch kindly provided by dann frazier to fix ftbfs
    with gcc-4.9 (Closes: #771114)
  * apply upstream fix-undefined-behavior-in-vfrcompiler.patch, kindly provided
    by dann frazier, to fix another ftbfs (Closes: #773492)

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 19 Dec 2014 10:16:14 +0300

edk2 (0~20131112.2590861a-2) unstable; urgency=medium

  * debian/ovmf.links: create a OVMF.fd link for qemu
  * debian/control: ovmf Replaces qemu-system-common versions which
    shipped that link in Ubuntu.

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 25 Feb 2014 09:50:04 -0600

edk2 (0~20131112.2590861a-1) unstable; urgency=medium

  * New upstream release, requested by Dimitri Ledkov for persistent nvram
    variable support.
  * Pass -DFD_SIZE_2MB to the build, since we're now over the size limit

 -- Steve Langasek <vorlon@debian.org>  Thu, 30 Jan 2014 11:47:05 +0000

edk2 (0~20131029.2f34e065-1) unstable; urgency=medium

  * New upstream release.  Closes: #714463.
    - update debian/rules to pull a new version of the shell.
    - drop debian/patches/enum-handling, fixed upstream.
    - drop debian/patches/mismatched-enums, fixed upstream.
    - fixes breakage with the EFI shell.  LP: #1223413.
  * debian/patches/enable-nvme: enable the NVMe driver.
    Closes LP: #1267816.
  * debian/post-patches/setup.diff: drop gcc4.7 handling, which is
    sorted upstream.
  * Update debian/copyright

 -- Steve Langasek <vorlon@debian.org>  Sat, 11 Jan 2014 23:34:25 +0000

edk2 (0~20121205.edae8d2d-2) unstable; urgency=low

  * Fix the package section and debian/copyright: the FAT driver has a
    license addendum which makes it non-free instead of BSD.
    Closes: #714322.
  * Make our build friendlier to git checkouts, by making sure our target
    dir exists before copying.

 -- Steve Langasek <vorlon@debian.org>  Wed, 25 Sep 2013 03:35:20 +0000

edk2 (0~20121205.edae8d2d-1) unstable; urgency=low

  * Initial release.

 -- Steve Langasek <vorlon@debian.org>  Sun, 10 Feb 2013 06:45:06 +0000
