Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 935455 - app-emulation/qemu: dependency on ipxe-1.2.1 should be change to allow sys-firmware/ipxe-1.21.1_p20230601
Summary: app-emulation/qemu: dependency on ipxe-1.2.1 should be change to allow sys-fi...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Virtualization Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-04 08:07 UTC by Ronny Boesger
Modified: 2025-02-22 20:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ronny Boesger 2024-07-04 08:07:48 UTC
Qemu, all packages, i use 8.2.3 as stable at the moment, depend on ipxe-1.21.1, so the new snapshot package sys-firmware/ipxe-1.21.1_p20230601 can not be used and forces a downgrade again to the older version.

(I masked the old 1.21.1 version, therefore the message)
==================================================================
!!! The following update has been skipped due to unsatisfied dependencies:
app-emulation/qemu:0

  selected: (app-emulation/qemu-8.2.3:0/0::gentoo, installed)
  skipped: (app-emulation/qemu-8.2.3:0/0::gentoo, ebuild scheduled for merge) (see unsatisfied dependency below)

!!! All ebuilds that could satisfy "~sys-firmware/ipxe-1.21.1[binary,qemu]" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-firmware/ipxe-1.21.1::gentoo (masked by: package.mask)

(dependency required by "app-emulation/qemu-8.2.3::gentoo[qemu_softmmu_targets_x86_64,pin-upstream-blobs,qemu_softmmu_targets_i386]" [ebuild])
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
==================================================================

This change would also fix:
#882393 <sys-firmware/ipxe-1.21.1_p20230601: padding oracle attack vulnerability
Comment 1 Larry the Git Cow gentoo-dev 2025-02-22 20:47:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b066a3e914a63e361dfd03ff285fb2e885567cc

commit 7b066a3e914a63e361dfd03ff285fb2e885567cc
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2025-02-22 20:46:33 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2025-02-22 20:46:33 +0000

    app-emulation/qemu: update ipxe version
    
    Bug: https://bugs.gentoo.org/935455
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 app-emulation/qemu/qemu-9999.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2025-02-22 20:47:58 UTC
The whole point of the pin-upstream-blobs useflag is to have immutable firmware.

So switch that off and be happy?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-02-22 20:52:23 UTC
Perhaps we ought to change its default, though.