Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2026-03-17 19:03:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Tue Mar 17 19:03:09 2026 rev:132 rq:1339632 version:202602 Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2026-03-13 21:16:05.647557893 +0100 +++ /work/SRC/openSUSE:Factory/.ovmf.new.8177/ovmf.changes 2026-03-17 19:04:55.481733814 +0100 @@ -2 +2 @@ -Thu Mar 12 06:31:49 UTC 2026 - YI HSIN Lyu <[email protected]> +Tue Mar 17 02:47:54 UTC 2026 - Richard Lyu <[email protected]> @@ -4,3 +4,17 @@ -- Deprecate the 2MB OVMF image (jsc#PED-12652) - - Remove ovmf-x86_64 - - Remove ovmf-x86_64-xen +- Update mbedtls to 3.6.5 to fix CVE-2025-59438 (bsc#1252441) + - Requires Mbed TLS 3.6.5 or higher to mitigate vulnerability. + +------------------------------------------------------------------- +Thu Mar 12 06:31:49 UTC 2026 - Richard Lyu <[email protected]> + +- Deprecate the 2MB OVMF image (jsc#PED-12652): + As the EDK II code base continues to grow, the 2MB OVMF image is no + longer sufficient to accommodate the full set of features and + up-to-date libraries. This limitation poses a potential security + risk, as critical components such as OpenSSL cannot be upgraded + to their latest secure versions within the constraints of the + 2MB image size. To ensure long-term maintainability, feature + completeness, and security compliance, we deprecate the 2MB OVMF + image and transition fully to the 4MB version. + - Remove ovmf-x86_64 (users should migrate to ovmf-x86_64-4m) + - Remove ovmf-x86_64-xen (users should migrate to ovmf-x86_64-xen-4m) +++ only whitespace diff in changes, re-diffing Old: ---- mbedtls-3.3.0.tar.gz New: ---- mbedtls-3.6.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf.spec ++++++ --- /var/tmp/diff_new_pack.OqVYwM/_old 2026-03-17 19:04:56.861791006 +0100 +++ /var/tmp/diff_new_pack.OqVYwM/_new 2026-03-17 19:04:56.865791171 +0100 @@ -48,7 +48,7 @@ # public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t Source9: public-mipi-sys-t-1.1-edk2.tar.gz # mbedtls: https://github.com/Mbed-TLS/mbedtls -Source10: mbedtls-3.3.0.tar.gz +Source10: mbedtls-3.6.5.tar.gz # brotli: https://github.com/google/brotli Source11: brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz # libspdm: https://github.com/DMTF/libspdm.git uefi-shell.spec: same change ++++++ mbedtls-3.3.0.tar.gz -> mbedtls-3.6.5.tar.gz ++++++ ++++ 701633 lines of diff (skipped)
