* Fri Nov 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.6

- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188]
- Resolves: RHEL-66188
  ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])

edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch

@@ -0,0 +1,45 @@
+From a56ec52966412cd44dd2427ba569d1e7b89a6c6d Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 19:00:11 +0100
+Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 106: OvmfPkg: Rerun dispatcher after initializing virtio-rng
+RH-Jira: RHEL-66188
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] a62e445ae8e45d656aaa2ea5f1875541e658f1d8
+
+Since the pixiefail CVE fix the network stack requires a hardware
+random number generator. This can currently be a modern CPU supporting
+the RDRAND instruction or a virtio-rng device.
+The latter is initialized during the BDS phase.
+To ensure all depending (network) modules are also started, we need to
+run the dispatcher once more after the device was initialized.
+Without this, network boot is not available under certain hardware
+configurations.
+
+Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
+
+Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
+Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 70d648c7e3..eb97d67b62 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -558,6 +558,8 @@ ConnectVirtioPciRng (
+     if (EFI_ERROR (Status)) {
+       goto Error;
+     }
++
++    gDS->Dispatch ();
+   }
+   return EFI_SUCCESS;
+ 
+-- 
+2.45.2
+

edk2.spec

@@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    13%{?dist}.5
+Release:    13%{?dist}.6
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@@ -392,6 +392,8 @@ Patch117: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
 Patch118: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
 # For RHEL-66236 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-8.10]
 Patch119: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
+# For RHEL-66188 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10]
+Patch120: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
 
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -838,6 +840,11 @@ true
 %endif
 
 %changelog
+* Fri Nov 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.6
+- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188]
+- Resolves: RHEL-66188
+  ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])
+
 * Thu Nov 14 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.5
 - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]
 - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]