Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2026-04-25 21:35:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Sat Apr 25 21:35:21 2026 rev:136 rq:1349097 version:202602 Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2026-04-16 18:46:10.539412168 +0200 +++ /work/SRC/openSUSE:Factory/.ovmf.new.11940/ovmf.changes 2026-04-25 21:35:30.417221716 +0200 @@ -2 +2,16 @@ -Wed Apr 15 07:19:01 UTC 2026 - YI HSIN Lyu <[email protected]> +Thu Apr 23 05:58:58 UTC 2026 - Richard Lyu <[email protected]> + +- Update mbedtls to 3.6.6 to fix CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, + CVE-2026-34874 (bsc#1261476, bsc#1261477, bsc#1261478, bsc#1261469) + - Requires Mbed TLS 3.6.6 or higher to mitigate vulnerability. + +------------------------------------------------------------------- +Tue Apr 21 06:20:05 UTC 2026 - Richard Lyu <[email protected]> + +- Add qcow2 format firmware images for snapshot support (jsc#PED-14634, bsc#1262549) + - Convert all -code.bin and -vars.bin to qcow2 format via qemu-img to + enable backing file and snapshot support; unified and special-purpose + images (e.g., SEV, TDX, Xen) remain in raw format only. + +------------------------------------------------------------------- +Wed Apr 15 07:19:01 UTC 2026 - Richard Lyu <[email protected]> +++ only whitespace diff in changes, re-diffing Old: ---- mbedtls-3.6.5.tar.gz New: ---- mbedtls-3.6.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf.spec ++++++ --- /var/tmp/diff_new_pack.EKuu8F/_old 2026-04-25 21:35:31.681273151 +0200 +++ /var/tmp/diff_new_pack.EKuu8F/_new 2026-04-25 21:35:31.685273314 +0200 @@ -48,7 +48,7 @@ # public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t Source9: public-mipi-sys-t-1.1-edk2.tar.gz # mbedtls: https://github.com/Mbed-TLS/mbedtls -Source10: mbedtls-3.6.5.tar.gz +Source10: mbedtls-3.6.6.tar.gz # brotli: https://github.com/google/brotli Source11: brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz # libspdm: https://github.com/DMTF/libspdm.git @@ -114,6 +114,7 @@ BuildRequires: nasm BuildRequires: openssl BuildRequires: python3 +BuildRequires: qemu-img BuildRequires: unzip BuildRequires: virt-firmware %ifnarch aarch64 @@ -538,6 +539,11 @@ rename "4m-$key" "$key-4m" *"4m-$key"*.bin done +# Convert code/vars bin files to qcow2 format for snapshot support +for raw in *-code.bin *-vars.bin; do + qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "${raw%.bin}.qcow2" +done + %install cp %{SOURCE2} README @@ -555,6 +561,8 @@ install -m 0644 -D ovmf-*.bin -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D qemu-uefi-*.bin -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D aavmf-*.bin -t %{buildroot}/%{_datadir}/qemu/ +install -m 0644 -D ovmf-*.qcow2 -t %{buildroot}/%{_datadir}/qemu/ +install -m 0644 -D aavmf-*.qcow2 -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D descriptors/*.json \ -t %{buildroot}/%{_datadir}/qemu/firmware @@ -587,6 +595,7 @@ %license License.txt License-ovmf.txt %dir %{_datadir}/qemu/ %{_datadir}/qemu/ovmf-x86_64*.bin +%{_datadir}/qemu/ovmf-x86_64*.qcow2 %dir %{_datadir}/qemu/firmware %{_datadir}/qemu/firmware/*-x86_64*.json @@ -605,6 +614,8 @@ %{_datadir}/qemu/qemu-uefi-aarch64*.bin %{_datadir}/qemu/aavmf-aarch64-*code.bin %{_datadir}/qemu/aavmf-aarch64-*vars.bin +%{_datadir}/qemu/aavmf-aarch64-*code.qcow2 +%{_datadir}/qemu/aavmf-aarch64-*vars.qcow2 %dir %{_datadir}/qemu/firmware %{_datadir}/qemu/firmware/*-aarch64*.json @@ -614,6 +625,8 @@ %dir %{_datadir}/qemu/ %{_datadir}/qemu/ovmf-riscv64-code.bin %{_datadir}/qemu/ovmf-riscv64-vars.bin +%{_datadir}/qemu/ovmf-riscv64-code.qcow2 +%{_datadir}/qemu/ovmf-riscv64-vars.qcow2 %dir %{_datadir}/qemu/firmware %{_datadir}/qemu/firmware/*-riscv64*.json %endif ++++++ uefi-shell.spec ++++++ --- /var/tmp/diff_new_pack.EKuu8F/_old 2026-04-25 21:35:31.725274942 +0200 +++ /var/tmp/diff_new_pack.EKuu8F/_new 2026-04-25 21:35:31.725274942 +0200 @@ -47,7 +47,7 @@ # public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t Source9: public-mipi-sys-t-1.1-edk2.tar.gz # mbedtls: https://github.com/Mbed-TLS/mbedtls -Source10: mbedtls-3.6.5.tar.gz +Source10: mbedtls-3.6.6.tar.gz # brotli: https://github.com/google/brotli Source11: brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz # libspdm: https://github.com/DMTF/libspdm.git ++++++ descriptors.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/50-ovmf-x86_64-secure-ms-qcow2.json new/descriptors/50-ovmf-x86_64-secure-ms-qcow2.json --- old/descriptors/50-ovmf-x86_64-secure-ms-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/50-ovmf-x86_64-secure-ms-qcow2.json 2026-04-21 09:15:30.000000000 +0200 @@ -0,0 +1,37 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, SMM, and MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-smm-ms-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-smm-ms-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "requires-smm", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/50-ovmf-x86_64-secure-opensuse-qocw2.json new/descriptors/50-ovmf-x86_64-secure-opensuse-qocw2.json --- old/descriptors/50-ovmf-x86_64-secure-opensuse-qocw2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/50-ovmf-x86_64-secure-opensuse-qocw2.json 2026-04-21 09:15:50.000000000 +0200 @@ -0,0 +1,36 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, SMM, and openSUSE certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-smm-opensuse-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-smm-opensuse-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "requires-smm", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/50-ovmf-x86_64-secure-qcow2.json new/descriptors/50-ovmf-x86_64-secure-qcow2.json --- old/descriptors/50-ovmf-x86_64-secure-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/50-ovmf-x86_64-secure-qcow2.json 2026-04-21 09:16:03.000000000 +0200 @@ -0,0 +1,35 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot and SMM", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-smm-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-smm-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/50-ovmf-x86_64-secure-suse-qcow2.json new/descriptors/50-ovmf-x86_64-secure-suse-qcow2.json --- old/descriptors/50-ovmf-x86_64-secure-suse-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/50-ovmf-x86_64-secure-suse-qcow2.json 2026-04-21 09:16:16.000000000 +0200 @@ -0,0 +1,36 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, SMM, and SUSE certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-smm-suse-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-smm-suse-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "requires-smm", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-aavmf-aarch64-qcow2.json new/descriptors/60-aavmf-aarch64-qcow2.json --- old/descriptors/60-aavmf-aarch64-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-aavmf-aarch64-qcow2.json 2026-04-21 09:16:31.000000000 +0200 @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for aarch64", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/aavmf-aarch64-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/aavmf-aarch64-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-ovmf-riscv64-qcow2.json new/descriptors/60-ovmf-riscv64-qcow2.json --- old/descriptors/60-ovmf-riscv64-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-ovmf-riscv64-qcow2.json 2026-04-21 09:16:40.000000000 +0200 @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for riscv (riscv64)", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-riscv64-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-riscv64-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "riscv64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-ms-qcow2.json new/descriptors/60-ovmf-x86_64-ms-qcow2.json --- old/descriptors/60-ovmf-x86_64-ms-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-ovmf-x86_64-ms-qcow2.json 2026-04-21 09:16:50.000000000 +0200 @@ -0,0 +1,36 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, and MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-ms-4m-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-ms-4m-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-opensuse-qcow2.json new/descriptors/60-ovmf-x86_64-opensuse-qcow2.json --- old/descriptors/60-ovmf-x86_64-opensuse-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-ovmf-x86_64-opensuse-qcow2.json 2026-04-21 09:16:59.000000000 +0200 @@ -0,0 +1,36 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, and openSUSE certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-opensuse-4m-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-opensuse-4m-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-qcow2.json new/descriptors/60-ovmf-x86_64-qcow2.json --- old/descriptors/60-ovmf-x86_64-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-ovmf-x86_64-qcow2.json 2026-04-21 09:17:11.000000000 +0200 @@ -0,0 +1,34 @@ +{ + "description": "UEFI firmware for x86_64", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-4m-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-4m-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/descriptors/60-ovmf-x86_64-suse-qcow2.json new/descriptors/60-ovmf-x86_64-suse-qcow2.json --- old/descriptors/60-ovmf-x86_64-suse-qcow2.json 1970-01-01 01:00:00.000000000 +0100 +++ new/descriptors/60-ovmf-x86_64-suse-qcow2.json 2026-04-21 09:17:22.000000000 +0200 @@ -0,0 +1,36 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot, and SUSE certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/ovmf-x86_64-suse-4m-code.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "@DATADIR@/ovmf-x86_64-suse-4m-vars.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "acpi-s4", + "secure-boot", + "enrolled-keys", + "verbose-dynamic" + ], + "tags": [ + + ] +} ++++++ mbedtls-3.6.5.tar.gz -> mbedtls-3.6.6.tar.gz ++++++ ++++ 11862 lines of diff (skipped)
