Merge branch 'c9' into a9

SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch

@@ -1,17 +1,35 @@
-From 94961b8817eec6f8d0434555ac50a7aa51c22201 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 14 Jun 2024 11:45:49 +0200
-Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList
+From b8793ffc6a7e7cfe3ecd9bd0da566ffd913a4544 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 20 Jun 2024 10:34:52 -0400
+Subject: [PATCH 7/8] CryptoPkg/Test: call ProcessLibraryConstructorList
 
-Needed to properly initialize BaseRngLib.
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [7/8] 7b09b94bfb56f5b81df2ccf1e6dbe21a7354a723
 
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
+
+commit 94961b8817eec6f8d0434555ac50a7aa51c22201
+Author: Gerd Hoffmann <kraxel@redhat.com>
+Date:   Fri Jun 14 11:45:49 2024 +0200
+
+    CryptoPkg/Test: call ProcessLibraryConstructorList
+
+    Needed to properly initialize BaseRngLib.
+
+    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c      | 7 +++++++
  1 file changed, 7 insertions(+)
 
 diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-index d0c1c7a4f7e0..48d463b8ad49 100644
+index d0c1c7a4f7..48d463b8ad 100644
 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
 +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
 @@ -8,6 +8,12 @@
@@ -34,3 +52,6 @@ index d0c1c7a4f7e0..48d463b8ad49 100644
 +  ProcessLibraryConstructorList ();
    return UefiTestMain ();
  }
+-- 
+2.39.3
+

SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch

@@ -1,36 +1,55 @@
-From aeaee8944f0eaacbf4cdf39279785b9ba4836bb6 Mon Sep 17 00:00:00 2001
-From: Gua Guo <gua.guo@intel.com>
-Date: Thu, 11 Jan 2024 13:07:50 +0800
-Subject: [PATCH] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
+From f01b34eaeff2ccdd0ee7f2cf6371542efc0b13f5 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Sat, 6 Apr 2024 11:00:29 -0400
+Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
 
-REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
+RH-Jira: RHEL-30156
+RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [1/2] 1b851d3ecf23092f7961cd0320221dc56b69adc4
 
-Fix integer overflow in various CreateHob instances.
-Fixes: CVE-2022-36765
+JIRA: https://issues.redhat.com/browse/RHEL-30156
+CVE: CVE-2022-36765
+Upstream: Merged
 
-The CreateHob() function aligns the requested size to 8
-performing the following operation:
-```
-HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-```
+commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
+Author: Gua Guo <gua.guo@intel.com>
+Date:   Thu Jan 11 13:07:50 2024 +0800
 
-No checks are performed to ensure this value doesn't
-overflow, and could lead to CreateHob() returning a smaller
-HOB than requested, which could lead to OOB HOB accesses.
+    EmbeddedPkg/Hob: Integer Overflow in CreateHob()
 
-Reported-by: Marc Beatove <mbeatove@google.com>
-Cc: Leif Lindholm <quic_llindhol@quicinc.com>
-Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-Cc: Abner Chang <abner.chang@amd.com>
-Cc: John Mathew <john.mathews@intel.com>
-Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-Signed-off-by: Gua Guo <gua.guo@intel.com>
+    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
+
+    Fix integer overflow in various CreateHob instances.
+    Fixes: CVE-2022-36765
+
+    The CreateHob() function aligns the requested size to 8
+    performing the following operation:
+    ```
+    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
+    ```
+
+    No checks are performed to ensure this value doesn't
+    overflow, and could lead to CreateHob() returning a smaller
+    HOB than requested, which could lead to OOB HOB accesses.
+
+    Reported-by: Marc Beatove <mbeatove@google.com>
+    Cc: Leif Lindholm <quic_llindhol@quicinc.com>
+    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
+    Cc: Abner Chang <abner.chang@amd.com>
+    Cc: John Mathew <john.mathews@intel.com>
+    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
+    Signed-off-by: Gua Guo <gua.guo@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++++++++++
  1 file changed, 43 insertions(+)
 
 diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-index 8eb175aa96f9..cbc35152ccbc 100644
+index 8eb175aa96..cbc35152cc 100644
 --- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
 +++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
 @@ -110,6 +110,13 @@ CreateHob (
@@ -146,3 +165,6 @@ index 8eb175aa96f9..cbc35152ccbc 100644
  
    ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
    Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
+-- 
+2.39.3
+

SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch

@@ -1,41 +1,60 @@
-From c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a Mon Sep 17 00:00:00 2001
-From: Pedro Falcato <pedro.falcato@gmail.com>
-Date: Tue, 22 Nov 2022 22:31:03 +0000
-Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
+From a0f61781d9d7d816363704823688ba251fe7e0ba Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 20 Jun 2024 10:32:29 -0400
+Subject: [PATCH 4/8] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
+ CPUID
 
-RDRAND has notoriously been broken many times over its lifespan.
-Add a smoketest to RDRAND, in order to better sniff out potential
-security concerns.
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [4/8] 4fe23181254479e4a0f1abd31cedabacaec22944
 
-Also add a proper CPUID test in order to support older CPUs which may
-not have it; it was previously being tested but then promptly ignored.
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
 
-Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
-:x86_init_rdrand() per commit 049f9ae9..
+commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
+Author: Pedro Falcato <pedro.falcato@gmail.com>
+Date:   Tue Nov 22 22:31:03 2022 +0000
 
-Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
-code to MIT and the public domain.
+    MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
 
->On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
+    RDRAND has notoriously been broken many times over its lifespan.
+    Add a smoketest to RDRAND, in order to better sniff out potential
+    security concerns.
+
+    Also add a proper CPUID test in order to support older CPUs which may
+    not have it; it was previously being tested but then promptly ignored.
+
+    Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
+    :x86_init_rdrand() per commit 049f9ae9..
+
+    Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
+    code to MIT and the public domain.
+
+    >On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
       <..>
->    I (re)wrote that function in Linux. I hereby relicense it as MIT, and
->    also place it into public domain. Do with it what you will now.
->
->    Jason
+    >    I (re)wrote that function in Linux. I hereby relicense it as MIT, and
+    >    also place it into public domain. Do with it what you will now.
+    >
+    >    Jason
 
-BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
+    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
 
-Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
-Cc: Michael D Kinney <michael.d.kinney@intel.com>
-Cc: Liming Gao <gaoliming@byosoft.com.cn>
-Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-Cc: Jason A. Donenfeld <Jason@zx2c4.com>
+    Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
+    Cc: Michael D Kinney <michael.d.kinney@intel.com>
+    Cc: Liming Gao <gaoliming@byosoft.com.cn>
+    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
+    Cc: Jason A. Donenfeld <Jason@zx2c4.com>
+
+Signed-off-by: Jon Maloy <jmaloy@gmail.com>
 ---
  MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
  1 file changed, 91 insertions(+), 8 deletions(-)
 
 diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-index 9bd68352f9f7..06d2a6f12d2e 100644
+index 9bd68352f9..06d2a6f12d 100644
 --- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
 +++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
 @@ -3,6 +3,7 @@
@@ -189,3 +208,6 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
  }
  
  /**
+-- 
+2.39.3
+

SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch

@@ -1,18 +1,36 @@
-From 5e776299a2604b336a947e68593012ab2cc16eb4 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 14 Jun 2024 11:45:53 +0200
-Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit
+From 90461020e9b7534dc03baeea7b485045ed5962e9 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 20 Jun 2024 10:35:27 -0400
+Subject: [PATCH 8/8] MdePkg/X86UnitTestHost: set rdrand cpuid bit
 
-Set the rdrand feature bit when faking cpuid for host test cases.
-Needed to make the CryptoPkg test cases work.
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [8/8] 5bacbf3cf6fadd3362dfd6f31743707e65b4f119
 
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
+
+commit 5e776299a2604b336a947e68593012ab2cc16eb4
+Author: Gerd Hoffmann <kraxel@redhat.com>
+Date:   Fri Jun 14 11:45:53 2024 +0200
+
+    MdePkg/X86UnitTestHost: set rdrand cpuid bit
+
+    Set the rdrand feature bit when faking cpuid for host test cases.
+    Needed to make the CryptoPkg test cases work.
+
+    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
  1 file changed, 10 insertions(+), 1 deletion(-)
 
 diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
-index 8ba4f54a385d..7f7276f7f4b8 100644
+index 8ba4f54a38..7f7276f7f4 100644
 --- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
 +++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
 @@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
@@ -40,3 +58,6 @@ index 8ba4f54a385d..7f7276f7f4b8 100644
    }
  
    if (Edx != NULL) {
+-- 
+2.39.3
+

SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch

@@ -1,75 +1,92 @@
-From 4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Wed, 8 May 2024 22:56:28 -0700
-Subject: [PATCH] NetworkPkg: SECURITY PATCH CVE-2023-45237
+From 87165171b47990d6c3a9aea4d7794702df5dd0ea Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Tue, 11 Jun 2024 15:19:39 -0400
+Subject: [PATCH 1/8] NetworkPkg: SECURITY PATCH CVE-2023-45237
 
-REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [1/8] 9ec136cf9042d3b41d01b9caeb66406cee9f23d9
 
-Bug Overview:
-PixieFail Bug #9
-CVE-2023-45237
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
 
-Use of a Weak PseudoRandom Number Generator
+commit 4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345
+Author: Doug Flick <dougflick@microsoft.com>
+Date:   Wed May 8 22:56:28 2024 -0700
 
-Change Overview:
+    NetworkPkg: SECURITY PATCH CVE-2023-45237
 
-Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
+    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
 
->
-> EFI_STATUS
-> EFIAPI
-> PseudoRandomU32 (
->  OUT UINT32  *Output
->  );
->
+    Bug Overview:
+    PixieFail Bug #9
+    CVE-2023-45237
+    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
 
-or (depending on the use case)
+    Use of a Weak PseudoRandom Number Generator
 
->
-> EFI_STATUS
-> EFIAPI
-> PseudoRandom (
->  OUT  VOID   *Output,
->  IN   UINTN  OutputLength
->  );
->
+    Change Overview:
 
-This is because the use of
+    Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
 
-Example:
+    >
+    > EFI_STATUS
+    > EFIAPI
+    > PseudoRandomU32 (
+    >  OUT UINT32  *Output
+    >  );
+    >
 
-The following code snippet PseudoRandomU32 () function is used:
+    or (depending on the use case)
 
->
-> UINT32         Random;
->
-> Status = PseudoRandomU32 (&Random);
-> if (EFI_ERROR (Status)) {
->   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
-__func__, Status));
->   return Status;
-> }
->
+    >
+    > EFI_STATUS
+    > EFIAPI
+    > PseudoRandom (
+    >  OUT  VOID   *Output,
+    >  IN   UINTN  OutputLength
+    >  );
+    >
 
-This also introduces a new PCD to enable/disable the use of the
-secure implementation of algorithms for PseudoRandom () and
-instead depend on the default implementation. This may be required for
-some platforms where the UEFI Spec defined algorithms are not available.
+    This is because the use of
 
->
-> PcdEnforceSecureRngAlgorithms
->
+    Example:
 
-If the platform does not have any one of the UEFI defined
-secure RNG algorithms then the driver will assert.
+    The following code snippet PseudoRandomU32 () function is used:
 
-Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+    >
+    > UINT32         Random;
+    >
+    > Status = PseudoRandomU32 (&Random);
+    > if (EFI_ERROR (Status)) {
+    >   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
+    __func__, Status));
+    >   return Status;
+    > }
+    >
+    This also introduces a new PCD to enable/disable the use of the
+    secure implementation of algorithms for PseudoRandom () and
+    instead depend on the default implementation. This may be required for
+    some platforms where the UEFI Spec defined algorithms are not available.
 
-Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    >
+    > PcdEnforceSecureRngAlgorithms
+    >
+
+    If the platform does not have any one of the UEFI defined
+    secure RNG algorithms then the driver will assert.
+
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c          |  10 +-
  NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c          |  11 +-
@@ -101,7 +118,7 @@ Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
  27 files changed, 410 insertions(+), 83 deletions(-)
 
 diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
-index 8c37e93be3a8..892caee36846 100644
+index 8c37e93be3..892caee368 100644
 --- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
 +++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
 @@ -1,6 +1,7 @@
@@ -136,7 +153,7 @@ index 8c37e93be3a8..892caee36846 100644
      &DhcpSb->ServiceBinding,
      &mDhcp4ServiceBindingTemplate,
 diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
-index b591a4605bc9..e7f2787a98ba 100644
+index b591a4605b..e7f2787a98 100644
 --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
 +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
 @@ -3,7 +3,7 @@
@@ -172,7 +189,7 @@ index b591a4605bc9..e7f2787a98ba 100644
    CopyMem (
      &Dhcp6Srv->ServiceBinding,
 diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c
-index 933565a32df1..9eb3c1d2d81d 100644
+index 933565a32d..9eb3c1d2d8 100644
 --- a/NetworkPkg/DnsDxe/DnsDhcp.c
 +++ b/NetworkPkg/DnsDxe/DnsDhcp.c
 @@ -2,6 +2,7 @@
@@ -214,7 +231,7 @@ index 933565a32df1..9eb3c1d2d81d 100644
    Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
  
 diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
-index d311812800fd..c2629bb8df1f 100644
+index d311812800..c2629bb8df 100644
 --- a/NetworkPkg/DnsDxe/DnsImpl.c
 +++ b/NetworkPkg/DnsDxe/DnsImpl.c
 @@ -2,6 +2,7 @@
@@ -250,7 +267,7 @@ index d311812800fd..c2629bb8df1f 100644
    DnsHeader->Flags.Bits.RD     = 1;
    DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
 diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
-index b22cef4ff587..f964515b0fa6 100644
+index b22cef4ff5..f964515b0f 100644
 --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
 +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
 @@ -2,6 +2,7 @@
@@ -292,7 +309,7 @@ index b22cef4ff587..f964515b0fa6 100644
    Config.SolicitRetransmission = Retransmit;
    Retransmit->Irt              = 4;
 diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
-index b507f11cd45e..bebb1ac29b9c 100644
+index b507f11cd4..bebb1ac29b 100644
 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
 +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
 @@ -3,6 +3,7 @@
@@ -334,7 +351,7 @@ index b507f11cd45e..bebb1ac29b9c 100644
                             (UINT8 *)AuthData->OutChallenge,
                             AuthData->Hash->DigestSize,
 diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
-index 78dc5c73d35a..2159b8494963 100644
+index 78dc5c73d3..2159b84949 100644
 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c
 +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
 @@ -2,6 +2,7 @@
@@ -372,7 +389,7 @@ index 78dc5c73d35a..2159b8494963 100644
  
  /**
 diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
-index a951eee70ec9..91b2cd22613d 100644
+index a951eee70e..91b2cd2261 100644
 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h
 +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
 @@ -2,6 +2,7 @@
@@ -397,7 +414,7 @@ index a951eee70ec9..91b2cd22613d 100644
    IN OUT UINT8  *Rand,
    IN     UINTN  RandLength
 diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h
-index 8c0e62b3889c..e8108b79db8f 100644
+index 8c0e62b388..e8108b79db 100644
 --- a/NetworkPkg/Include/Library/NetLib.h
 +++ b/NetworkPkg/Include/Library/NetLib.h
 @@ -3,6 +3,7 @@
@@ -467,7 +484,7 @@ index 8c0e62b3889c..e8108b79db8f 100644
  
  #define NET_LIST_USER_STRUCT(Entry, Type, Field)        \
 diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c
-index ec483ff01fa9..683423f38dc7 100644
+index ec483ff01f..683423f38d 100644
 --- a/NetworkPkg/Ip4Dxe/Ip4Driver.c
 +++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c
 @@ -2,6 +2,7 @@
@@ -507,7 +524,7 @@ index ec483ff01fa9..683423f38dc7 100644
    return Status;
  
 diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
-index 70e232ce6c4d..4c1354d26cc1 100644
+index 70e232ce6c..4c1354d26c 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
 +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
 @@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
@@ -534,7 +551,7 @@ index 70e232ce6c4d..4c1354d26cc1 100644
      for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
        Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
 diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c
-index b483a7d136d9..cbe011dad472 100644
+index b483a7d136..cbe011dad4 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6Driver.c
 +++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c
 @@ -3,7 +3,7 @@
@@ -588,7 +605,7 @@ index b483a7d136d9..cbe011dad472 100644
    return EFI_SUCCESS;
  
 diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c
-index 4629c05f25a0..f3d11c4d2155 100644
+index 4629c05f25..f3d11c4d21 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6If.c
 +++ b/NetworkPkg/Ip6Dxe/Ip6If.c
 @@ -2,7 +2,7 @@
@@ -625,7 +642,7 @@ index 4629c05f25a0..f3d11c4d2155 100644
    Delay = RShiftU64 (Delay, 32);
  
 diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c
-index e6b2b653e295..498a11854305 100644
+index e6b2b653e2..498a118543 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6Mld.c
 +++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c
 @@ -696,7 +696,15 @@ Ip6UpdateDelayTimer (
@@ -655,7 +672,7 @@ index e6b2b653e295..498a11854305 100644
  
    return EFI_SUCCESS;
 diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
-index c10c7017f88d..72aa45c10f3f 100644
+index c10c7017f8..72aa45c10f 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
 +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c
 @@ -2,7 +2,7 @@
@@ -739,7 +756,7 @@ index c10c7017f88d..72aa45c10f3f 100644
  
    if (RetransTimer != 0) {
 diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
-index bf64e9114e13..5795e23c7d71 100644
+index bf64e9114e..5795e23c7d 100644
 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
 +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
 @@ -2,7 +2,7 @@
@@ -766,7 +783,7 @@ index bf64e9114e13..5795e23c7d71 100644
    IN OUT IP6_SERVICE  *IpSb
    );
 diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-index fd4a9e15a892..01c13c08d203 100644
+index fd4a9e15a8..01c13c08d2 100644
 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
 +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
 @@ -3,6 +3,7 @@
@@ -938,7 +955,7 @@ index fd4a9e15a892..01c13c08d203 100644
  
  /**
 diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
-index 8145d256ec10..a8f534a29358 100644
+index 8145d256ec..a8f534a293 100644
 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
 +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
 @@ -3,6 +3,7 @@
@@ -974,7 +991,7 @@ index 8145d256ec10..a8f534a29358 100644
 +[Depex]
 +  gEfiRngProtocolGuid
 diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
-index e06f35e7747c..7c4289b77b21 100644
+index e06f35e774..7c4289b77b 100644
 --- a/NetworkPkg/NetworkPkg.dec
 +++ b/NetworkPkg/NetworkPkg.dec
 @@ -5,6 +5,7 @@
@@ -999,7 +1016,7 @@ index e06f35e7747c..7c4289b77b21 100644
    ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
    # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
 diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-index fa42025e0d82..20a4555019d9 100644
+index fa42025e0d..20a4555019 100644
 --- a/NetworkPkg/SecurityFixes.yaml
 +++ b/NetworkPkg/SecurityFixes.yaml
 @@ -122,3 +122,42 @@ CVE_2023_45235:
@@ -1046,7 +1063,7 @@ index fa42025e0d82..20a4555019d9 100644
 +    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
 +    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 98a90e02109b..8fe6badd687c 100644
+index 98a90e0210..8fe6badd68 100644
 --- a/NetworkPkg/TcpDxe/TcpDriver.c
 +++ b/NetworkPkg/TcpDxe/TcpDriver.c
 @@ -2,7 +2,7 @@
@@ -1086,7 +1103,7 @@ index 98a90e02109b..8fe6badd687c 100644
  
    return EFI_SUCCESS;
 diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
-index c0acbdca5700..cf5423f4c537 100644
+index c0acbdca57..cf5423f4c5 100644
 --- a/NetworkPkg/TcpDxe/TcpDxe.inf
 +++ b/NetworkPkg/TcpDxe/TcpDxe.inf
 @@ -82,5 +82,8 @@
@@ -1099,7 +1116,7 @@ index c0acbdca5700..cf5423f4c537 100644
  [UserExtensions.TianoCore."ExtraFiles"]
    TcpDxeExtra.uni
 diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c
-index cb917fcfc90f..c7ea16f4cd6f 100644
+index cb917fcfc9..c7ea16f4cd 100644
 --- a/NetworkPkg/Udp4Dxe/Udp4Driver.c
 +++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c
 @@ -1,6 +1,7 @@
@@ -1134,7 +1151,7 @@ index cb917fcfc90f..c7ea16f4cd6f 100644
  
    return Status;
 diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c
-index ae96fb996627..edb758d57ca4 100644
+index ae96fb9966..edb758d57c 100644
 --- a/NetworkPkg/Udp6Dxe/Udp6Driver.c
 +++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c
 @@ -2,7 +2,7 @@
@@ -1170,7 +1187,7 @@ index ae96fb996627..edb758d57ca4 100644
                                 UDP6_PORT_KNOWN
                                 );
 diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
-index 91146b78cb1e..452038c2194c 100644
+index 91146b78cb..452038c219 100644
 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
 +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
 @@ -2,7 +2,7 @@
@@ -1204,7 +1221,7 @@ index 91146b78cb1e..452038c2194c 100644
    Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
    CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
 diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-index 7fd1281c1184..bcabbd221983 100644
+index 7fd1281c11..bcabbd2219 100644
 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
 +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
 @@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
@@ -1240,7 +1257,7 @@ index 7fd1281c1184..bcabbd221983 100644
    RequestOpt              = Request->Dhcp6.Option;
    DiscoverOpt             = Discover->DhcpOptions;
 diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
-index d84aca7e85ab..4cd915b41157 100644
+index d84aca7e85..4cd915b411 100644
 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
 +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
 @@ -3,6 +3,7 @@
@@ -1277,3 +1294,6 @@ index d84aca7e85ab..4cd915b41157 100644
    if (Private->Snp != NULL) {
      for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
        Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
+-- 
+2.39.3
+

SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch

@@ -0,0 +1,74 @@
+From 5e93f6c09a57dd69f1b05654455452c4a0154a79 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 13 Jun 2024 18:35:46 -0400
+Subject: [PATCH 3/8] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
+ iPXE environment
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [3/8] 9307e82e90d6f526d303607255a4c469ebe574d4
+
+JIRA: https://issues.redhat.com/browse/RHEL-40272
+Upstream: Merged
+CVE: CVE-2023-45236
+
+commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
+Author: Sam <Sam_Tsai@wiwynn.com>
+Date:   Wed May 29 07:46:03 2024 +0800
+
+    NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
+
+    This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
+    REF: 1904a64
+
+    Issue Description:
+    An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
+
+    NetworkPkg\TcpDxe\TcpDriver.c
+    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle);
+
+    Root Cause Analysis:
+    The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
+
+    Implemented Solution:
+    To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
+
+    NetworkPkg\TcpDxe\TcpDriver.c
+    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
+
+    This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
+
+    Verification:
+    Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
+
+    Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
+
+    Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
+index 40bba4080c..c6e7c0df54 100644
+--- a/NetworkPkg/TcpDxe/TcpDriver.c
++++ b/NetworkPkg/TcpDxe/TcpDriver.c
+@@ -509,7 +509,7 @@ TcpDestroyService (
+     //
+     // Destroy the instance of the hashing protocol for this controller.
+     //
+-    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
++    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
+     if (EFI_ERROR (Status)) {
+       return EFI_UNSUPPORTED;
+     }
+-- 
+2.39.3
+

SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flow-in.patch

@@ -1,53 +0,0 @@
-From ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3 Mon Sep 17 00:00:00 2001
-From: Sam <Sam_Tsai@wiwynn.com>
-Date: Wed, 29 May 2024 07:46:03 +0800
-Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
- iPXE environment
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
-REF: 1904a64
-
-Issue Description:
-An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
-
-NetworkPkg\TcpDxe\TcpDriver.c
-Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle);
-
-Root Cause Analysis:
-The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
-
-Implemented Solution:
-To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
-
-NetworkPkg\TcpDxe\TcpDriver.c
-Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
-
-This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
-
-Verification:
-Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
-
-Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
-
-Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
-Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
----
- NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 40bba4080c87..c6e7c0df540a 100644
---- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -509,7 +509,7 @@ TcpDestroyService (
-     //
-     // Destroy the instance of the hashing protocol for this controller.
-     //
--    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
-     if (EFI_ERROR (Status)) {
-       return EFI_UNSUPPORTED;
-     }

SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch

@@ -1,27 +1,43 @@
-From 1904a64bcc18199738e5be183d28887ac5d837d7 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Wed, 8 May 2024 22:56:29 -0700
-Subject: [PATCH] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
+From 6f0cf9f14b1abefa62416c1611f01d6fb3353c44 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Tue, 11 Jun 2024 15:20:29 -0400
+Subject: [PATCH 2/8] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
 
-REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
-REF: https://www.rfc-editor.org/rfc/rfc1948.txt
-REF: https://www.rfc-editor.org/rfc/rfc6528.txt
-REF: https://www.rfc-editor.org/rfc/rfc9293.txt
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [2/8] 18e88b5def6b058ecd4ffa565ef6f3bafe6f03ad
 
-Bug Overview:
-PixieFail Bug #8
-CVE-2023-45236
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
-CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
+JIRA: https://issues.redhat.com/browse/RHEL-40272
+Upstream: Merged
+CVE: CVE-2023-45236
 
-Updates TCP ISN generation to use a cryptographic hash of the
-connection's identifying parameters and a secret key.
-This prevents an attacker from guessing the ISN used for some other
-connection.
+commit 1904a64bcc18199738e5be183d28887ac5d837d7
+Author: Doug Flick <dougflick@microsoft.com>
+Date:   Wed May 8 22:56:29 2024 -0700
 
-This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
+    NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
 
-RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection
+    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
+    REF: https://www.rfc-editor.org/rfc/rfc1948.txt
+    REF: https://www.rfc-editor.org/rfc/rfc6528.txt
+    REF: https://www.rfc-editor.org/rfc/rfc9293.txt
+
+    Bug Overview:
+    PixieFail Bug #8
+    CVE-2023-45236
+    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
+
+    Updates TCP ISN generation to use a cryptographic hash of the
+    connection's identifying parameters and a secret key.
+    This prevents an attacker from guessing the ISN used for some other
+    connection.
+
+    This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
+
+    RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection
 
        A TCP implementation MUST use the above type of "clock" for clock-
        driven selection of initial sequence numbers (MUST-8), and SHOULD
@@ -54,11 +70,13 @@ RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection
        picking an initial sequence number and a slightly involved handshake
        to exchange the ISNs.
 
-Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
 
-Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  NetworkPkg/SecurityFixes.yaml |  22 +++
  NetworkPkg/TcpDxe/TcpDriver.c |  92 ++++++++++++-
@@ -71,7 +89,7 @@ Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
  8 files changed, 415 insertions(+), 49 deletions(-)
 
 diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-index 20a4555019d9..4305328425d0 100644
+index 20a4555019..4305328425 100644
 --- a/NetworkPkg/SecurityFixes.yaml
 +++ b/NetworkPkg/SecurityFixes.yaml
 @@ -122,6 +122,28 @@ CVE_2023_45235:
@@ -104,7 +122,7 @@ index 20a4555019d9..4305328425d0 100644
    commit_titles:
      - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
 diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 8fe6badd687c..40bba4080c87 100644
+index 8fe6badd68..40bba4080c 100644
 --- a/NetworkPkg/TcpDxe/TcpDriver.c
 +++ b/NetworkPkg/TcpDxe/TcpDriver.c
 @@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL  gTcpServiceBinding = {
@@ -257,7 +275,7 @@ index 8fe6badd687c..40bba4080c87 100644
                    NicHandle,
                    ServiceBindingGuid,
 diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
-index cf5423f4c537..76de4cf9ec3d 100644
+index cf5423f4c5..76de4cf9ec 100644
 --- a/NetworkPkg/TcpDxe/TcpDxe.inf
 +++ b/NetworkPkg/TcpDxe/TcpDxe.inf
 @@ -6,6 +6,7 @@
@@ -290,7 +308,7 @@ index cf5423f4c537..76de4cf9ec3d 100644
  [Depex]
    gEfiHash2ServiceBindingProtocolGuid
 diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
-index a7af01fff246..c707bee3e548 100644
+index a7af01fff2..c707bee3e5 100644
 --- a/NetworkPkg/TcpDxe/TcpFunc.h
 +++ b/NetworkPkg/TcpDxe/TcpFunc.h
 @@ -2,7 +2,7 @@
@@ -347,7 +365,7 @@ index a7af01fff246..c707bee3e548 100644
    IN OUT TCP_CB  *Tcb
    );
 diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
-index 97633a3908be..a5d575ccafeb 100644
+index 7b329be64d..86dd7c4907 100644
 --- a/NetworkPkg/TcpDxe/TcpInput.c
 +++ b/NetworkPkg/TcpDxe/TcpInput.c
 @@ -724,6 +724,7 @@ TcpInput (
@@ -378,7 +396,7 @@ index 97633a3908be..a5d575ccafeb 100644
  
        TcpSetState (Tcb, TCP_SYN_RCVD);
 diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
-index c0c9b7f46ebe..4d5566ab9379 100644
+index c0c9b7f46e..4d5566ab93 100644
 --- a/NetworkPkg/TcpDxe/TcpMain.h
 +++ b/NetworkPkg/TcpDxe/TcpMain.h
 @@ -3,7 +3,7 @@
@@ -474,7 +492,7 @@ index c0c9b7f46ebe..4d5566ab9379 100644
 +
  #endif
 diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
-index c93212d47ded..3310306f639c 100644
+index c93212d47d..3310306f63 100644
 --- a/NetworkPkg/TcpDxe/TcpMisc.c
 +++ b/NetworkPkg/TcpDxe/TcpMisc.c
 @@ -3,7 +3,7 @@
@@ -798,7 +816,7 @@ index c93212d47ded..3310306f639c 100644
  
  /**
 diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
-index 5d2e124977d9..065b1bdf5feb 100644
+index 5d2e124977..065b1bdf5f 100644
 --- a/NetworkPkg/TcpDxe/TcpTimer.c
 +++ b/NetworkPkg/TcpDxe/TcpTimer.c
 @@ -2,7 +2,7 @@
@@ -818,3 +836,6 @@ index 5d2e124977d9..065b1bdf5feb 100644
  
    //
    // Don't use LIST_FOR_EACH, which isn't delete safe.
+-- 
+2.39.3
+

SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch

@@ -1,18 +1,38 @@
-From 0aa96c512c689426838ec1cf4aa78ff088c03a1e Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 24 May 2024 12:51:17 +0200
-Subject: [PATCH] OvmfPkg: wire up RngDxe
+From e22e11cc37c3bf3530ea8db1d18371c47c9e4440 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 20 Jun 2024 10:34:22 -0400
+Subject: [PATCH 6/8] OvmfPkg: wire up RngDxe
 
-Add OvmfRng include snippets with the random number generator
-configuration for OVMF.  Include RngDxe, build with BaseRngLib,
-so the rdrand instruction is used (if available).
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [6/8] 4adf88888386923ee824469cf836b4f63117807d
 
-Also move VirtioRng to the include snippets.
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
+Conflicts: Cherry pick wanted to add include files from the
+           missing 'add ShellComponents' (commit 2cb466cc2cbf...)
+	   series. This had to be handled manually.
 
-Use the new include snippets for OVMF builds.
+commit 712797cf19acd292bf203522a79e40e7e13d268b
+Author: Gerd Hoffmann <kraxel@redhat.com>
+Date:   Fri May 24 12:51:17 2024 +0200
 
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b)
+    OvmfPkg: wire up RngDxe
+
+    Add OvmfRng include snippets with the random number generator
+    configuration for OVMF.  Include RngDxe, build with BaseRngLib,
+    so the rdrand instruction is used (if available).
+
+    Also move VirtioRng to the include snippets.
+
+    Use the new include snippets for OVMF builds.
+
+    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  OvmfPkg/AmdSev/AmdSevX64.dsc                  | 2 +-
  OvmfPkg/AmdSev/AmdSevX64.fdf                  | 3 ++-
@@ -33,7 +53,7 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
  create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index cf1ad83e09..4edc2a9069 100644
+index 7bb6ffb3f0..5d50e77002 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
 @@ -651,7 +651,6 @@
@@ -53,7 +73,7 @@ index cf1ad83e09..4edc2a9069 100644
    OvmfPkg/PlatformDxe/Platform.inf
    OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
-index c56c98dc85..480837b0fa 100644
+index 0e3d7bea2b..c94f2d34ee 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
 +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
 @@ -220,7 +220,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
@@ -101,7 +121,7 @@ index 0000000000..99cb4a32b1
 +INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 +INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-index 9f49b60ff0..4b7e1596fc 100644
+index fd6722499a..d38fed2171 100644
 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
 +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
 @@ -641,7 +641,6 @@
@@ -121,7 +141,7 @@ index 9f49b60ff0..4b7e1596fc 100644
  !if $(SECURE_BOOT_ENABLE) == TRUE
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
-index ce5d542048..88d0f75ae2 100644
+index 69ed7a9bc6..077a5c8637 100644
 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
 +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
 @@ -285,7 +285,6 @@ READ_LOCK_STATUS   = TRUE
@@ -142,7 +162,7 @@ index ce5d542048..88d0f75ae2 100644
  
  [FV.FVMAIN_COMPACT]
 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
-index fb73f2e089..9206f01816 100644
+index 79f14b5c05..ca6902971f 100644
 --- a/OvmfPkg/Microvm/MicrovmX64.dsc
 +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
 @@ -754,7 +754,6 @@
@@ -162,7 +182,7 @@ index fb73f2e089..9206f01816 100644
  !if $(SECURE_BOOT_ENABLE) == TRUE
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
-index 055e659a35..c8268d7e8c 100644
+index eda24a3ec9..767ee4b338 100644
 --- a/OvmfPkg/Microvm/MicrovmX64.fdf
 +++ b/OvmfPkg/Microvm/MicrovmX64.fdf
 @@ -204,7 +204,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
@@ -183,7 +203,7 @@ index 055e659a35..c8268d7e8c 100644
  
  [FV.FVMAIN_COMPACT]
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 65a866ae0c..b64c215585 100644
+index 83adecc374..4074aa382d 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
 @@ -804,7 +804,6 @@
@@ -203,7 +223,7 @@ index 65a866ae0c..b64c215585 100644
  !if $(SECURE_BOOT_ENABLE) == TRUE
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 10eb6fe72b..c31276e4a3 100644
+index 88c57ff5ff..20cfd2788e 100644
 --- a/OvmfPkg/OvmfPkgIa32.fdf
 +++ b/OvmfPkg/OvmfPkgIa32.fdf
 @@ -236,7 +236,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
@@ -224,7 +244,7 @@ index 10eb6fe72b..c31276e4a3 100644
  INF  OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
  !endif
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 679e25501b..ececac3757 100644
+index b47cdf63e7..75ef19bc85 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
 @@ -822,7 +822,6 @@
@@ -244,7 +264,7 @@ index 679e25501b..ececac3757 100644
  !if $(SECURE_BOOT_ENABLE) == TRUE
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index ff06bbfc6f..a7b4aeac08 100644
+index ab5a9bc306..8517c79ba2 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.fdf
 +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
 @@ -237,7 +237,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
@@ -265,7 +285,7 @@ index ff06bbfc6f..a7b4aeac08 100644
  
  [FV.FVMAIN_COMPACT]
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d294fd4625..0ab4d3df06 100644
+index be3824ec1e..631ff0c788 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
 @@ -890,7 +890,6 @@
@@ -285,7 +305,7 @@ index d294fd4625..0ab4d3df06 100644
  !if $(SECURE_BOOT_ENABLE) == TRUE
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index f3b787201f..ae08ac4fe9 100644
+index 851399888f..7ecde357ce 100644
 --- a/OvmfPkg/OvmfPkgX64.fdf
 +++ b/OvmfPkg/OvmfPkgX64.fdf
 @@ -262,7 +262,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
@@ -305,3 +325,6 @@ index f3b787201f..ae08ac4fe9 100644
  ################################################################################
  
  [FV.FVMAIN_COMPACT]
+-- 
+2.39.3
+

SOURCES/edk2-SecurityPkg-RngDxe-add-rng-test.patch

@@ -1,7 +1,33 @@
-From a61bc0accb8a76edba4f073fdc7bafc908df045d Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 31 May 2024 09:49:13 +0200
-Subject: [PATCH] SecurityPkg/RngDxe: add rng test
+From 7719d41979ef6e376d183c70cd47951ff5bf6ef1 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 20 Jun 2024 10:33:43 -0400
+Subject: [PATCH 5/8] SecurityPkg/RngDxe: add rng test
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
+RH-Jira: RHEL-40270 RHEL-40272
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [5/8] 84a58daaed0ee81ebed501392be33338da575df6
+
+JIRA: https://issues.redhat.com/browse/RHEL-40270
+Upstream: Merged
+CVE: CVE-2023-45237
+
+commit a61bc0accb8a76edba4f073fdc7bafc908df045d
+Author: Gerd Hoffmann <kraxel@redhat.com>
+Date:   Fri May 31 09:49:13 2024 +0200
+
+    SecurityPkg/RngDxe: add rng test
+
+    Check whenever RngLib actually returns random numbers, only return
+    a non-zero number of Algorithms if that is the case.
+
+    This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
+    only in case it can actually deliver random numbers.
+
+    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 
 Check whenever RngLib actually returns random numbers, only return
 a non-zero number of Algorithms if that is the case.
@@ -15,7 +41,7 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-index 5723ed695747..8b0742bab6c4 100644
+index 7e06e16e4b..285b5f46e7 100644
 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
 +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
 @@ -23,6 +23,7 @@
@@ -40,3 +66,6 @@ index 5723ed695747..8b0742bab6c4 100644
    return EFI_SUCCESS;
  }
  
+-- 
+2.39.3
+

SOURCES/edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch

@@ -1,36 +1,55 @@
-From 9a75b030cf27d2530444e9a2f9f11867f79bf679 Mon Sep 17 00:00:00 2001
-From: Gua Guo <gua.guo@intel.com>
-Date: Thu, 11 Jan 2024 13:03:26 +0800
-Subject: [PATCH] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
+From 0ef57f5f435ee1909d14da24cd1c3edc91fef405 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Sat, 6 Apr 2024 11:00:29 -0400
+Subject: [PATCH 2/2] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
 
-REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
+RH-Jira: RHEL-30156
+RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [2/2] 3c3454688975f62041dd8d3393f0bba5ec3b71f1
 
-Fix integer overflow in various CreateHob instances.
-Fixes: CVE-2022-36765
+JIRA: https://issues.redhat.com/browse/RHEL-30156
+CVE: CVE-2022-36765
+Upstream: Merged
 
-The CreateHob() function aligns the requested size to 8
-performing the following operation:
-```
-HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-```
+commit 9a75b030cf27d2530444e9a2f9f11867f79bf679
+Author: Gua Guo <gua.guo@intel.com>
+Date:   Thu Jan 11 13:03:26 2024 +0800
 
-No checks are performed to ensure this value doesn't
-overflow, and could lead to CreateHob() returning a smaller
-HOB than requested, which could lead to OOB HOB accesses.
+    StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
 
-Reported-by: Marc Beatove <mbeatove@google.com>
-Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-Cc: Sami Mujawar <sami.mujawar@arm.com>
-Reviewed-by: Ray Ni <ray.ni@intel.com>
-Cc: John Mathew <john.mathews@intel.com>
-Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-Signed-off-by: Gua Guo <gua.guo@intel.com>
+    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
+
+    Fix integer overflow in various CreateHob instances.
+    Fixes: CVE-2022-36765
+
+    The CreateHob() function aligns the requested size to 8
+    performing the following operation:
+    ```
+    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
+    ```
+
+    No checks are performed to ensure this value doesn't
+    overflow, and could lead to CreateHob() returning a smaller
+    HOB than requested, which could lead to OOB HOB accesses.
+
+    Reported-by: Marc Beatove <mbeatove@google.com>
+    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
+    Cc: Sami Mujawar <sami.mujawar@arm.com>
+    Reviewed-by: Ray Ni <ray.ni@intel.com>
+    Cc: John Mathew <john.mathews@intel.com>
+    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
+    Signed-off-by: Gua Guo <gua.guo@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
 ---
  .../Arm/StandaloneMmCoreHobLib.c              | 35 +++++++++++++++++++
  1 file changed, 35 insertions(+)
 
 diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
-index 1550e1babc83..59473e28fe59 100644
+index 1550e1babc..59473e28fe 100644
 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
 +++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
 @@ -34,6 +34,13 @@ CreateHob (
@@ -124,3 +143,6 @@ index 1550e1babc83..59473e28fe59 100644
  
    ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
    Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
+-- 
+2.39.3
+

SPECS/edk2.spec

@@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    6%{?dist}.2.alma.1
+Release:    6%{?dist}.2
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -50,6 +50,7 @@ Source80: edk2-build.py
 Source82: edk2-build.rhel-9
 
 Source90: DBXUpdate-%{DBXDATE}.x64.bin
+
 Patch1: 0001-ignore-build-artifacts-generated-files-session-setti.patch
 Patch2: 0002-Remove-submodules.patch
 Patch3: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@@ -264,27 +265,33 @@ Patch69: edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch
 # For RHEL-21851 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]
 # For RHEL-21853 - TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]
 Patch70: edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch
-
-# Patches were taken from:
-# https://github.com/tianocore/edk2/commit/aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
+# For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
 Patch71: edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
-# https://github.com/tianocore/edk2/commit/9a75b030cf27d2530444e9a2f9f11867f79bf679
+# For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
 Patch72: edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
-# https://github.com/tianocore/edk2/commit/4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch73: edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
-# https://github.com/tianocore/edk2/commit/1904a64bcc18199738e5be183d28887ac5d837d7
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch74: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
-# https://github.com/tianocore/edk2/commit/ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
-Patch75: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flow-in.patch
-# https://github.com/tianocore/edk2/commit/c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
-Patch76: edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-check-CPUID.patch
-# https://github.com/tianocore/edk2/commit/a61bc0accb8a76edba4f073fdc7bafc908df045d
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
+Patch75: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
+Patch76: edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch77: edk2-SecurityPkg-RngDxe-add-rng-test.patch
-# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/5872fb18b4e645856614429dfffbb704858a9ea7
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch78: edk2-OvmfPkg-wire-up-RngDxe.patch
-# https://github.com/tianocore/edk2/commit/94961b8817eec6f8d0434555ac50a7aa51c22201
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
-# https://github.com/tianocore/edk2/commit/5e776299a2604b336a947e68593012ab2cc16eb4
+# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
+# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -619,18 +626,28 @@ install -m 0644 \
 
 
 %changelog
-* Wed Jul 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 20231122-6.2.alma.1
-- CryptoPkg/Test: call ProcessLibraryConstructorList
-- EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-- MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
-- MdePkg/X86UnitTestHost: set rdrand cpuid bit
-- NetworkPkg: SECURITY PATCH CVE-2023-45237
-- NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
- iPXE environment
-- NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-- OvmfPkg: wire up RngDxe
-- SecurityPkg/RngDxe: add rng test
-- StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
+* Tue Jul 23 2024 EL Errata <el-errata_ww@oracle.com> - 20231122-6.0.1.el9_4.2
+- Replace upstream references [Orabug:36569119]
+
+* Mon Jul 01 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.2
+- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]
+- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]
+- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]
+- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]
+- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]
+- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]
+- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]
+- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]
+- Resolves: RHEL-40270
+  (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])
+- Resolves: RHEL-40272
+  (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])
+
+* Wed Apr 10 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.1
+- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
+- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
+- Resolves: RHEL-30156
+  (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])
 
 * Thu Feb 22 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6
 - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]