[Bug 2126016] [NEW] Merge edk2 from Debian Unstable for r-series

Bryce Harrington 2126016 at bugs.launchpad.net
Tue Sep 30 07:14:57 UTC 2025 

Public bug reported:

Scheduled-For: ubuntu-25.11
Ubuntu: 2025.02-8ubuntu1
Debian Unstable: 2025.02-10

A new release of edk2 is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tagging from ['needs-merge', 'upgrade-software-version'] to ['needs-
sync', 'upgrade-software-version'], and (optionally) update the title as
desired.

### New Debian Changes ###

edk2 (2025.02-10) unstable; urgency=medium

  * debian/tests: DEB_EDK2_ROOT can now be used to specify an
    alternate install tree.
  * Rework build system:
    - Better parallelism. Previously we could do architecures builds
      in parallel, but each architecture variant was built serially.
      We now give each variant its own hardlinked build tree, so
      all images can now be built in parallel. I got a new laptop.
    - Files are now installed to debian/tmp before being moved to
      the individual packages. This gives us a tree we can test
      during the build.
  * d/control: Remove build-deps no longer needed now that we use
    virt-firmware for key enrollment.
  * Run tests at build time. (Closes: #992259).

 -- dann frazier <dannf at debian.org>  Sat, 27 Sep 2025 10:36:37 -0600

edk2 (2025.02-9) unstable; urgency=medium

  * Cherry-pick openssl fix for timing side-channel in ECDSA signature
    computation, CVE-2024-13176.
    - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
  * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
    (Closes: #1111100).
    - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
  * Use virt-firmware to enroll default keys.
  * Initialize the Secure Boot dbx in *.ms.fd with the latest revocations.
    The dbx previously only contained the hash of an empty file.
  * Safe handling of IDT register on SMM entry, CVE-2025-3770.
    (Closes: #1110533).
    - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
  * Add amdsev image. Thanks to Lukas Märdian. (Closes: #1103961).

 -- dann frazier <dannf at debian.org>  Mon, 01 Sep 2025 14:16:19 -0600


### Old Ubuntu Delta ###

edk2 (2025.02-8ubuntu1) questing; urgency=medium

  * d/rules: Build OVMF.amdsev.fd (LP: #2106771)
  * d/descriptors: Add amd-sev JSON
  * d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware

 -- Lukas Märdian <slyon at ubuntu.com>  Wed, 11 Jun 2025 10:03:12 +0200

** Affects: edk2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to edk2 in Ubuntu.
https://bugs.launchpad.net/bugs/2126016

Title:
  Merge edk2 from Debian Unstable for r-series

Status in edk2 package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.11
  Ubuntu: 2025.02-8ubuntu1
  Debian Unstable: 2025.02-10

  A new release of edk2 is available for merging from Debian Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tagging from ['needs-merge', 'upgrade-software-version'] to
  ['needs-sync', 'upgrade-software-version'], and (optionally) update
  the title as desired.

  ### New Debian Changes ###

  edk2 (2025.02-10) unstable; urgency=medium

    * debian/tests: DEB_EDK2_ROOT can now be used to specify an
      alternate install tree.
    * Rework build system:
      - Better parallelism. Previously we could do architecures builds
        in parallel, but each architecture variant was built serially.
        We now give each variant its own hardlinked build tree, so
        all images can now be built in parallel. I got a new laptop.
      - Files are now installed to debian/tmp before being moved to
        the individual packages. This gives us a tree we can test
        during the build.
    * d/control: Remove build-deps no longer needed now that we use
      virt-firmware for key enrollment.
    * Run tests at build time. (Closes: #992259).

   -- dann frazier <dannf at debian.org>  Sat, 27 Sep 2025 10:36:37 -0600

  edk2 (2025.02-9) unstable; urgency=medium

    * Cherry-pick openssl fix for timing side-channel in ECDSA signature
      computation, CVE-2024-13176.
      - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
    * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
      (Closes: #1111100).
      - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
    * Use virt-firmware to enroll default keys.
    * Initialize the Secure Boot dbx in *.ms.fd with the latest revocations.
      The dbx previously only contained the hash of an empty file.
    * Safe handling of IDT register on SMM entry, CVE-2025-3770.
      (Closes: #1110533).
      - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
    * Add amdsev image. Thanks to Lukas Märdian. (Closes: #1103961).

   -- dann frazier <dannf at debian.org>  Mon, 01 Sep 2025 14:16:19 -0600


  ### Old Ubuntu Delta ###

  edk2 (2025.02-8ubuntu1) questing; urgency=medium

    * d/rules: Build OVMF.amdsev.fd (LP: #2106771)
    * d/descriptors: Add amd-sev JSON
    * d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware

   -- Lukas Märdian <slyon at ubuntu.com>  Wed, 11 Jun 2025 10:03:12 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2126016/+subscriptions

More information about the foundations-bugs mailing list