Your message dated Tue, 13 May 2025 02:45:10 +0000
with message-id <e1uefdm-0082oo...@fasolo.debian.org>
and subject line Bug#1103906: fixed in edk2 2025.02-8
has caused the Debian Bug report #1103906,
regarding qemu-efi-aarch64: Secure Boot regression for some arm64 VMs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1103906: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103906
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: incus
Version: 6.0.4-1
Severity: important
Dear Maintainer,
On arm64 an up to date trixie/arm64 system, I cannot get a shell after
launching a VM. No longer how much I wait, the agent is never currently
running:
$ incus launch images:debian/12 --vm foobar
Launching foobar
$ incus shell foobar
Error while executing alias expansion: incus exec foobar -- su -l
Error: VM agent isn't currently running
$ incus shell foobar
Error while executing alias expansion: incus exec foobar -- su -l
Error: VM agent isn't currently running
$ incus shell foobar
Error while executing alias expansion: incus exec foobar -- su -l
Error: VM agent isn't currently running
$ incus shell foobar
Error while executing alias expansion: incus exec foobar -- su -l
Error: VM agent isn't currently running
$ incus shell foobar
Error while executing alias expansion: incus exec foobar -- su -l
Error: VM agent isn't currently running
I tried debian/13 and it worked fine.
I tried debian/12 on an up to date trixie/amd64 (x86_64) and it also works.
What else can I provide to help debug this?
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'stable-security'), (500, 'unstable'),
(500, 'stable'), (1, 'experimental')
Architecture: arm64 (aarch64)
Kernel: Linux 6.1.0-33-arm64 (SMP w/32 CPU threads)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages incus depends on:
ii incus-agent 6.0.4-1
ii incus-base 6.0.4-1
ii qemu-system-arm 1:10.0.0~rc2+ds-2
ii swtpm 0.7.1-1.5
ii virtiofsd 1.13.0-5
incus recommends no packages.
Versions of packages incus suggests:
ii gdisk 1.0.10-2+b1
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: edk2
Source-Version: 2025.02-8
Done: dann frazier <da...@debian.org>
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <da...@debian.org> (supplier of updated edk2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 12 May 2025 20:18:11 -0600
Source: edk2
Architecture: source
Version: 2025.02-8
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: dann frazier <da...@debian.org>
Closes: 1102519 1103906
Changes:
edk2 (2025.02-8) unstable; urgency=medium
.
* ovmf, ovmf-ia32, qemu-efi-aarch64: Uninstall the EFI_MEMORY_ATTRIBUTE
protocol by default in the *.secboot.fd variants to avoid boot crashes
with incompatible guest operating systems. This is to give virtual
machine managers like libvirt and incus a release cycle to determine how
to handle these guests. Add new *.secboot.strictnx.fd variants that users
can opt-in to to benefit from NX security features. EFI_MEMORY_ATTRIBUTE
support will be restored for all *.secboot.fd images at the start of
the next devel cycle, at which point *.secboot.strictnx.fd will become
symlink aliases. Note this in NEWS.Debian and README.Debian files.
(Closes: #1103906).
* Fix out-of-bounds read in HashPeImageByType(), CVE-2024-38797.
(Closes: #1102519):
- d/p/0001-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
- d/p/0002-SecurityPkg-Improving-HashPeImageByType-logic.patch
- d/p/0003-SecurityPkg-Improving-SecureBootConfigImpl-HashPeIma.patch
- d/p/0004-SecurityPkg-Update-SecurityFixes.yaml-for-CVE-2024-3.patch
Checksums-Sha1:
691ad9dae9c4f38a2b1323d4e96309170936b0cc 2551 edk2_2025.02-8.dsc
6228f4da544a9036f2f65f35e1c651fecb7f96c3 50944 edk2_2025.02-8.debian.tar.xz
be394e61d4fdfccaf952c2cbf2f0999a2ae6f576 11690 edk2_2025.02-8_source.buildinfo
Checksums-Sha256:
890b781c03b92aa316cd08aebebb34981057df404f9ffcdd22fac26c15c33ba0 2551
edk2_2025.02-8.dsc
1b3fdc9b557ed3e040f3a68aef13817c266ce11a010db3e8d371d3c1092a4e5f 50944
edk2_2025.02-8.debian.tar.xz
f833eb256b8da4c02d421f029350a0c06210f0b4f204474dc8c744fdac36f33a 11690
edk2_2025.02-8_source.buildinfo
Files:
13feed63d20882df46bde482d9b4a096 2551 misc optional edk2_2025.02-8.dsc
ba761096bec85e6c9598aacfd16c812d 50944 misc optional
edk2_2025.02-8.debian.tar.xz
1cfbe6ba50a774d2cf1594c7e84409d9 11690 misc optional
edk2_2025.02-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIcEARYKAC8WIQQoGlxLiiPDxHQh9i5UW4ZA9GI6WAUCaCKsJhEcZGFubmZAZGVi
aWFuLm9yZwAKCRBUW4ZA9GI6WBLOAP9YvlgAoIQW1+kxkYkZ1Odciet2BJeWL6JH
dMqJ1/OAOwEAvAVPbMb6Q9LnARB2izg0FTIPrTTKoHYsvXsVZztlRAM=
=2Djz
-----END PGP SIGNATURE-----
pgpE97mtgpvi5.pgp
Description: PGP signature
--- End Message ---
