<div class="container">
<h1>Recommended update for ipxe</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2025:03264-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-09-18T09:43:09Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1062303">bsc#1062303</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">HPC Module 15-SP6</li>
<li class="list-group-item">HPC Module 15-SP7</li>
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP7</li>
<li class="list-group-item">SUSE Package Hub 15 15-SP6</li>
<li class="list-group-item">SUSE Package Hub 15 15-SP7</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that has one fix can now be installed.</p>
<h2>Description:</h2>
<p>This update for ipxe fixes the following issues:</p>
<ul>
<li>[bios] Provide a multiprocessor API for BIOS</li>
<li>[block] Allow SAN boot device to be identified by filesystem label</li>
<li>[block] Allow SAN boot device to be identified by an extra filename</li>
<li>[block] Allow SAN boot device to be identified by UUID</li>
<li>[block] Allow for additional SAN boot parameters alongside filename</li>
<li>[block] Allow for iteration over SAN device list in drive number order</li>
<li>[block] Use drive number as debug message stream ID</li>
<li>[bnxt] Add support for BCM957608 and additional chip IDs</li>
<li>[build] Fix build failures with random and older versions of gcc</li>
<li>[build] Fix building with newer binutils</li>
<li>[build] Remove unnecessary ".text" directives</li>
<li>[build] Reduce scope of wildcard .gitignore rules</li>
<li>[build] Use SOURCE_DATE_EPOCH for FAT serial number if it exists</li>
<li>[ci] Update action versions to silence GitHub warnings</li>
<li>[cloud] Add utility script to read iPXE output from INT13CON partition</li>
<li>[cloud] Add ability to overwrite existing AMI images</li>
<li>[crypto] Force inlining of trivial wrapper functions</li>
<li>[crypto] Add implementation of MS-CHAPv2 authentication</li>
<li>[crypto] Allow for multiple cross-signed certificate download attempts</li>
<li>[crypto] Add x509_is_self_signed() helper function</li>
<li>[crypto] Add x509_truncate() to truncate a certificate chain</li>
<li>[crypto] Add implementation of the DES cipher</li>
<li>[crypto] Fix stray references to AES</li>
<li>[crypto] Add X25519 OID-identified algorithm and TLS named curve</li>
<li>[crypto] Add an abstraction of an elliptic curve</li>
<li>[crypto] Check for all-zeros result from X25519 key exchange</li>
<li>[crypto] Add X25519 key exchange algorithm</li>
<li>[crypto] Add bigint_swap() to conditionally swap big integers</li>
<li>[crypto] Add bigint_copy() as a convenient wrapper macro</li>
<li>[crypto] Allow multiplicand and multiplier to differ in size</li>
<li>[drivers] Sort PCI_ROM() entries numerically</li>
<li>[eap] Add support for the MS-CHAPv2 authentication method</li>
<li>[eap] Allow MD5-Challenge authentication method to be disabled</li>
<li>[eap] Add progress debug messages</li>
<li>[eap] Add support for the MD5-Challenge authentication type</li>
<li>[eap] Add support for sending an EAP identity</li>
<li>[eap] Ignore any received EAP responses</li>
<li>[eapol] Limit number of EAPoL-Start packets transmitted per attempt</li>
<li>[eapol] Delay EAPoL-Start while waiting for EAP to complete</li>
<li>[efi] Add error table entry for local filesystem EFI_NOT_FOUND error</li>
<li>[efi] Report local file errors during download, rather than on opening</li>
<li>[efi] Extract basic network settings from loaded image device path</li>
<li>[efi] Add efi_path_mac() to parse a MAC address from an EFI device path</li>
<li>[efi] Add support for driving EFI_MANAGED_NETWORK_PROTOCOL devices</li>
<li>[efi] Allow for drivers to be located via child handles</li>
<li>[efi] Add helper functions for service binding protocols</li>
<li>[efi] Match chainloaded device by uppermost matching handle</li>
<li>[efi] Set current working URI from our own device path URI, if present</li>
<li>[efi] Add efi_path_uri() to parse a URI from an EFI device path</li>
<li>[efi] Pad transmit buffer length to work around vendor driver bugs</li>
<li>[efi] Provide a multiprocessor API for EFI</li>
<li>[efi] Update to current EDK2 headers</li>
<li>[efi] Do not report return status from efi_block_local()</li>
<li>[efi] Add efi_path_guid() utility function</li>
<li>[efi] Allow booting from local disks via the "sanboot" command</li>
<li>[efi] Generalise block device boot to support arbitrary EFI handles</li>
<li>[efi] Use file system protocol to check for SAN boot filename existence</li>
<li>[efi] Use long forms of device paths in debug messages</li>
<li>[efi] Work around broken boot services table manipulation by UEFI shim</li>
<li>[efi] Ignore new LoongArch PC-relative relocations and relaxations</li>
<li>[efi] Fix hang during ExitBootServices()</li>
<li>[efi] Add potentially missing relocation types</li>
<li>[efi] Fix Coverity warning about unintended sign extension</li>
<li>[efi] Add relocation types generated by clang</li>
<li>[efi] Allow compiling elf2efi with clang</li>
<li>[efi] Avoid modifying PE/COFF debug filename</li>
<li>[efi] Extend PE header size to cover space up to first section</li>
<li>[efi] Fix dependency list construction in EDK2 header import script</li>
<li>[efi] Maximise image base address</li>
<li>[efi] Do not assume canonical PE section ordering</li>
<li>[efi] Treat 16-bit sections as hidden in hybrid binaries</li>
<li>[efi] Place PE debug information in a hidden section</li>
<li>[efi] Fix recorded overall size of headers in NT optional header</li>
<li>[efi] Write out PE header only after writing sections</li>
<li>[efi] Use load memory address as file offset for hybrid binaries</li>
<li>[efi] Mark PE images as large address aware</li>
<li>[efi] Set NXCOMPAT bit in PE header</li>
<li>[efi] Treat writable sections as data sections</li>
<li>[efi] Update to current EDK2 headers</li>
<li>[golan] Use ETH_HLEN for inline header size</li>
<li>[http] Add error table entry for HTTP 404 Not Found error</li>
<li>[image] Allow opaque URI component to provide image name</li>
<li>[intel] Add PCI ID for I219-LM (23)</li>
<li>[iphone] Add missing va_start()/va_end() around reused argument list</li>
<li>[libc] Allow build_assert() failures to be ignored via NO_WERROR=1</li>
<li>[libc] Replace linker_assert() with build_assert()</li>
<li>[libc] Make static_assert() available via assert.h</li>
<li>[librm] Add support for installing a startup IPI handler</li>
<li>[list] Add list_for_each_entry_safe_continue()</li>
<li>[list] Add list_is_head_entry()</li>
<li>[loong64] Replace broken big integer arithmetic implementations</li>
<li>[mp] Define an API for multiprocessor functions</li>
<li>[parseopt] Add parse_uuid() for parsing UUID command-line arguments</li>
<li>[pci] Require discovery of a PCI device when determining usable PCI APIs</li>
<li>[pci] Check that ECAM configuration space is within reachable memory</li>
<li>[pci] Cache ECAM mapping errors</li>
<li>[pci] Handle non-zero starting bus in ECAM allocations</li>
<li>[pci] Force completion of ECAM configuration space writes</li>
<li>[settings] Expose current working URI and directory URI via settings</li>
<li>[settings] Add parsing for UUID and GUID settings types</li>
<li>[smbios] Support scanning for the 64-bit SMBIOS3 entry point</li>
<li>[snp] Allocate additional padding for receive buffers</li>
<li>[test] Remove dummy initialisation vector for ECB-mode AES tests</li>
<li>[tftp] Add error table entry for TFTP "file not found" error code</li>
<li>[tls] Tidy up error handling flow in tls_send_plaintext()</li>
<li>[tls] Add ECDHE cipher suites</li>
<li>[tls] Make key exchange algorithms selectable via build configuration</li>
<li>[tls] Add support for Ephemeral Elliptic Curve Diffie-Hellman key exchange</li>
<li>[tls] Split out Diffie-Hellman parameter signature verification</li>
<li>[tls] Generate key material after sending ClientKeyExchange</li>
<li>[tls] Restructure construction of ClientHello message</li>
<li>[ucode] Add support for updating x86 microcode</li>
<li>[uuid] Add uuid_aton() to parse a UUID from a string</li>
<li>make ipxe.sdsk build reproducible (bsc#1062303)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch SUSE-2025-3264=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch openSUSE-SLE-15.6-2025-3264=1</code>
</li>
<li class="list-group-item">
HPC Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-3264=1</code>
</li>
<li class="list-group-item">
HPC Module 15-SP7
<br/>
<code>zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2025-3264=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3264=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP7
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3264=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
<li>
HPC Module 15-SP6 (aarch64 x86_64)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
<li>
HPC Module 15-SP7 (aarch64 x86_64)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP6 (aarch64 ppc64le x86_64)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP7 (aarch64 ppc64le x86_64)
<ul>
<li>ipxe-bootimgs-1.21.1+git20240329.764e34f-150500.3.8.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1062303">https://bugzilla.suse.com/show_bug.cgi?id=1062303</a>
</li>
</ul>
</div>