{"bugs":[{"bugid":867772,"firstseen":"2022-08-31T23:57:11.360898","severity":"normal","status":"UNCONFIRMED","summary":"sys-cluster\/minikube: kvm2 driver uses wrong hardcoded paths for aarch64 efi firmware (sys-firmware\/edk2)"},{"bugid":921729,"firstseen":"2024-01-10T23:52:26.553903","severity":"normal","status":"CONFIRMED","summary":"sys-firmware\/edk2{,-bin}: multiple vulnerabilities"},{"bugid":922253,"firstseen":"2024-01-17T00:00:11.216575","severity":"normal","status":"CONFIRMED","summary":"sys-firmware\/edk2{-bin,}: multiple vulnerabilities"}],"categories":[{"categoryid":338,"name":"app-admin","summary":"The app-admin category contains non-core applications which relate to system administration."},{"categoryid":321,"name":"app-emulation","summary":"The app-emulation category contains emulation software."},{"categoryid":470,"name":"sys-firmware","summary":"The sys-firmware category contains misc. firmware and microcode."},{"categoryid":382,"name":"x11-misc","summary":"The x11-misc category contains miscellaneous X11 applications which do not belong elsewhere."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"3ec3a07ec624d02338f4af512fb877880d03862b","committime":"2025-03-19T10:04:01","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"It fails to build due to a DT_TEXTREL and linker warnings now being fatal. I\nwill investigate soon.\n\nSigned-off-by: James Le Cuirot ","commitid":"4d11adf1145471e4bbba7d66d45c324a2bcd4e24","committime":"2025-03-19T09:47:21","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Drop arm64 from 202502 for now"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"9d71c6a1bf7e0463446410b91eb5cdd2ca6b4883","committime":"2025-03-15T23:48:17","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Signed-off-by: James Le Cuirot ","commitid":"bc8236adf12a026d5c0f6434b604e4dd50313bec","committime":"2025-03-15T23:39:29","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add python3_13t to 202502"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Signed-off-by: James Le Cuirot ","commitid":"dea3499a64ac9fcd9c56ea2e1368c3b366345c35","committime":"2025-03-15T23:30:15","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Drop unused flag-o-matic eclass inherit"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"The previous crash observed on 202411 simply disappeared on 202502\nwithout any apparent relevant code change.\n\nSigned-off-by: WANG Xuerui \nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/41014\nSigned-off-by: James Le Cuirot ","commitid":"d65ee7410b458128ceb9d00423a65dec250c5d2b","committime":"2025-03-12T06:35:36","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: re-enable loong network TLS support for 202502"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"Actually they work fine.\n\nSigned-off-by: WANG Xuerui \nSigned-off-by: James Le Cuirot ","commitid":"46e58144679435eade83ab1cc8ba104ebfbb81a0","committime":"2025-03-11T18:46:31","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: convert loong firmware images to QCOW2"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"Signed-off-by: WANG Xuerui \nSigned-off-by: James Le Cuirot ","commitid":"c070507c6669dfb113f985974fae0e8a38e443b2","committime":"2025-03-11T09:38:30","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: add 202502"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d2915fb86c94370302c40782398edd59cd440ca4","committime":"2025-03-11T09:18:36","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"Reviewed-by: Sam James \nSigned-off-by: WANG Xuerui ","commitid":"41295cf393006f6c513fcdedaa08d9e1383c0b7f","committime":"2025-03-11T08:34:41","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: fix build with GCC 15"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"b11b9a0076b7d9cf12b271df8c39cb4d7148fd62","committime":"2025-03-03T21:03:26","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James ","commitid":"697ce6434169aa527a4d9d923f7accee1b26f8bd","committime":"2025-03-03T20:51:23","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Stabilize 202411 arm64, #950518"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"Closes: https:\/\/github.com\/gentoo\/gentoo\/pull\/40681\nReviewed-by: Sam James \nSigned-off-by: WANG Xuerui ","commitid":"72e85f19cab8448a44c456837431d6e09fe49e71","committime":"2025-02-18T11:18:04","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: keyword 202411 for ~loong"},{"authoremail":"xen0n@gentoo.org","authorname":"WANG Xuerui","body":"Reviewed-by: Sam James \nSigned-off-by: WANG Xuerui ","commitid":"b98badc24aed1dde0f891f34fa52029bf972d9f4","committime":"2025-02-18T11:17:45","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: add build support for loong"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"0264c49d887f12ac4030bea890d427b144d18fff","committime":"2025-02-09T19:33:23","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Signed-off-by: James Le Cuirot ","commitid":"880253a0c6acecd64ae58d0bb718d56e64bf0587","committime":"2025-02-09T19:20:46","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Drop old 202405"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"c55ac34eb001a6972844892ffde661b8f157244e","committime":"2025-02-08T01:33:22","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James ","commitid":"02640861029de627e73621556672e8eb30c97671","committime":"2025-02-08T01:28:09","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Stabilize 202408 amd64, #947251"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"b1272b859496958b06f5683100699e1615cf49e4","committime":"2025-01-07T23:33:17","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Signed-off-by: James Le Cuirot ","commitid":"582da995df2eabb2cf75cbf5e0e6b3bdfce8ecc1","committime":"2025-01-07T23:21:24","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Keyword 202411 for ~riscv"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"bbd738340133a8e5ae58dab526d3051987c9ef54","committime":"2025-01-07T12:03:26","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Can't keyword it yet though because of unkeyworded dependencies. Use\nedk2-bin instead.\n\nSigned-off-by: James Le Cuirot ","commitid":"e8a2877218db0a79e0b05c78b17afabf534d556b","committime":"2025-01-06T14:17:26","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add riscv support to 202411"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Signed-off-by: James Le Cuirot ","commitid":"390f345dc5fc208b4d0d5354291bd4c9a722ba01","committime":"2025-01-06T10:50:53","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Version bump to 202411"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"6b40715dcdd3624a904f4424dfe11d3db6a18379","committime":"2025-01-06T04:33:29","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James ","commitid":"d8e702512e163a0e0f33923333b141faa9838a49","committime":"2025-01-06T04:16:00","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Stabilize 202408 arm64, #947251"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"2224ae471ea5214d2731b1ba19883dea2c7f3dc6","committime":"2024-10-10T16:48:46","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The source package now supports other platforms so follow suit.\n\nSigned-off-by: James Le Cuirot ","commitid":"32958cecf72d3efd9c1c47a239faaba1f17ed26e","committime":"2024-09-27T16:29:45","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2-ovmf-bin: Rename to edk2-bin to support other platforms"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The filenames used here differ from Fedora, which ships far more\nvariants. I felt it unnecessary to include the raw and unpadded images\nwhen the padded QCOW2 images should be all you need.\n\nQEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot enabled, but it\nmust not be used in production. The lack of an SMM implementation for\narm64 in this firmware means that the EFI variable store is unprotected,\nmaking the firmware unsafe.\n\nSigned-off-by: James Le Cuirot ","commitid":"33a4360bc3b6c40315c4e36380839b489e72f9d5","committime":"2024-09-26T16:47:52","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add arm64 VM support to 202408"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The new version bump won't use this.\n\nCloses: https:\/\/bugs.gentoo.org\/853271\nSigned-off-by: James Le Cuirot ","commitid":"14804cc2b74bb38b68677ab2727d374be0cad71b","committime":"2024-09-25T16:42:44","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add missing BDEPEND on sys-apps\/which"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Closes: https:\/\/bugs.gentoo.org\/937610\nSigned-off-by: James Le Cuirot ","commitid":"94a911f6b4a29c7187ee9a60a96239a2ee77b869","committime":"2024-09-25T16:39:52","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Apply missing -Werror and hardened patches to 202405"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"I don't think using UefiShell.img actually works any more, but the new version\nbump will automatically create OVMF_VARS.secboot.fd for you.\n\nCloses: https:\/\/bugs.gentoo.org\/926630\nSigned-off-by: James Le Cuirot ","commitid":"21806a819cc79eb9f19415f7b5ed29393c2a3f43","committime":"2024-09-25T15:17:24","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Drop obsolete reference to USE=binary and update URL"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"There is a lot of overlap in building firmware for other platforms from\nsource, so it makes sense to have one source package.\n\nSigned-off-by: James Le Cuirot ","commitid":"fa0b11750c1993b03e87a4180789f5342660fb8e","committime":"2024-09-25T13:56:27","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2-ovmf: Rename to edk2 to support other platforms"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The ebuild has been largely rewritten. It now:\n\n* Respects CC, CXX, and flags when building the base tools.\n* Doesn't use gcc\/cc when building the firmware, enabling cross.\n* Prepares the ground for supporting platforms other than OVMF for x64.\n* Installs OVMF_VARS.secboot.fd prepared with virt-fw-vars.\n* Includes the latest UEFI DBX update in OVMF_VARS.secboot.fd.\n* Adds 4MB variants of the .fd images (in QCOW2 format).\n* Fixes network support broken by a recent bump.\n* Drops EnrollDefaultKeys.efi and UefiShell.img\n The enrollment tool hasn't actually worked for a while and is no longer needed\n now that we provide OVMF_VARS.secboot.fd. UefiShell.img is therefore of little\n use, and other distros now provide UefiShell.iso instead anyway. We can do the\n same if there is sufficient interest.\n\nThis moves us closer to Fedora, but they ship far more variants. They\nhave a large Python wrapper around upstream's build system, which is\nunusual in itself. Building all these would make the ebuild much more\ncomplex, take a long time, and use up more disk space. Perhaps USE flags\ncould help here, but I'm not sure what all these variants are for.\n\nI also decided to install to paths based on upstream's names, e.g.\nedk2\/ArmVirtQemu-AARCH64 as opposed to Fedora's edk2\/aarch64 because\nmixing QEMU with Xen and others would be confusing when there are many\nsimilarly named files, even within a single architecture.\n\nCloses: https:\/\/bugs.gentoo.org\/891191\nCloses: https:\/\/bugs.gentoo.org\/921819\nCloses: https:\/\/bugs.gentoo.org\/929838\nSigned-off-by: James Le Cuirot ","commitid":"261679779725bee6e18de4b66f0674796a2d1278","committime":"2024-09-25T13:50:28","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Bump to 202408, Python 3.13, many other improvements"}],"dependencies":[],"depending":[{"block":false,"categoryid":321,"description":"QEMU + Kernel-based Virtual Machine userland tools","ebuildids":[337271,337271,862369,862369,862370,862370,862371,862371,862372,862372,862373,862373,862374,862374,862375,862375,862376,862376,862377,862377,862554,862554,862575,862575],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"qemu@gentoo.org","maintainername":"Gentoo QEMU Project","name":"qemu","packageid":54810},{"block":false,"categoryid":382,"description":"Preview a GRUB 2.x theme using KVM\/QEMU","ebuildids":[840158,842806,842932,851974],"firstseen":"2015-05-03T13:38:19.528443","maintainer":"sping@gentoo.org","maintainername":"Sebastian Pipping","name":"grub2-theme-preview","packageid":63428},{"block":false,"categoryid":338,"description":"Build Bespoke OS Images","ebuildids":[836327],"firstseen":"2021-11-29T15:56:52.924950","name":"mkosi","packageid":73684},{"block":true,"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","ebuildids":[840582,840583,850205],"firstseen":"2024-10-10T17:55:36.563855","name":"edk2-bin","packageid":77764}],"ebuilds":[{"archs":["-*","~amd64","~loong","~riscv"],"ebuildid":857659,"firstseen":"2025-03-15T23:51:16.721373","license":"BSD-2 MIT","moddate":"2025-05-08T13:14:29","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202502"},{"archs":["-*","arm64","~amd64","~loong","~riscv"],"ebuildid":850204,"firstseen":"2025-01-07T12:10:11.071594","license":"BSD-2 MIT","moddate":"2025-05-08T13:14:29","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202411"},{"archs":["-*","amd64","arm64"],"ebuildid":840581,"firstseen":"2024-10-10T17:55:36.563855","license":"BSD-2 MIT","moddate":"2025-05-08T13:14:29","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202408"},{"archs":["-*","amd64"],"ebuildid":840579,"firstseen":"2024-10-10T17:55:36.563855","license":"BSD-2 MIT","moddate":"2025-05-08T13:14:29","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202202"}],"masks":[],"package":{"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","firstseen":"2024-10-10T17:55:36.563855","name":"edk2","packageid":77763},"rdependencies":[{"block":true,"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","ebuildids":[840579,840581,850204,857659],"firstseen":"2024-10-10T17:55:36.563855","name":"edk2-bin","packageid":77764}],"repos":[{"branch":"master","lastcommit":"83b1268c5aac6ae9b0760d1fb99a3cf736f62f25","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/github.com\/tianocore\/edk2"],"uses":[{"description":"Automatically sign efi executables using user specified key","isdefault":false,"use":"secureboot"}]}