* Fri Nov 22 2024 Jon Maloy <jmaloy@redhat.com> - 20240524-10

- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-58631]
- Resolves: RHEL-58631
  ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater)

edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch

@@ -0,0 +1,45 @@
+From 47d6a4638ea73965ce1a43248e27b688dddc26ee Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 19:00:11 +0100
+Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 84: OvmfPkg: Rerun dispatcher after initializing virtio-rng
+RH-Jira: RHEL-58631
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] d663321aab28f000c279bfac6dbaaa378678532e (osteffen/edk2)
+
+Since the pixiefail CVE fix the network stack requires a hardware
+random number generator. This can currently be a modern CPU supporting
+the RDRAND instruction or a virtio-rng device.
+The latter is initialized during the BDS phase.
+To ensure all depending (network) modules are also started, we need to
+run the dispatcher once more after the device was initialized.
+Without this, network boot is not available under certain hardware
+configurations.
+
+Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
+
+Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
+Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 87d1ac3142..1f1298eb0b 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
+     if (EFI_ERROR (Status)) {
+       goto Error;
+     }
++
++    gDS->Dispatch ();
+   }
+ 
+   return EFI_SUCCESS;
+-- 
+2.45.1
+

edk2.spec

@@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    9%{?dist}
+Release:    10%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -111,6 +111,8 @@ Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
 Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
 # For RHEL-66230 - [Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6]
 Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
+# For RHEL-58631 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater
+Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -445,6 +447,11 @@ install -m 0644 \
 
 
 %changelog
+* Fri Nov 22 2024 Jon Maloy <jmaloy@redhat.com> - 20240524-10
+- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-58631]
+- Resolves: RHEL-58631
+  ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater)
+
 * Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9
 - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66230]
 - Resolves: RHEL-66230