SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shim-0.7-15.1.2.x86_64.rpm :
Wed Oct 1 14:00:00 2014 jsegitzAATTsuse.com
- Update signature-sles.asc: shim signed by UEFI signing service

Mon Sep 29 14:00:00 2014 jsegitzAATTsuse.com
- Fixed buffer overflow and OOB access in shim trusted code path
(bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)

* added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch

Mon Aug 4 14:00:00 2014 mchangAATTsuse.com
- shim-install: fix GRUB shows broken letters at boot by calling
grub2-install to initialize /boot/grub2 directory with files
needed by grub.cfg (bnc#889765)

Tue Jun 10 14:00:00 2014 glinAATTsuse.com
- Update signature-sles.asc: shim signed by UEFI signing service,
based on code from \"Wed May 28 04:13:33 UTC 2014\"

Wed May 28 14:00:00 2014 glinAATTsuse.com
- Add shim-remove-unused-variables.patch to remove the unused
variables
- Add shim-bnc872503-check-key-encoding.patch to check the encoding
of the keys (bnc#872503)
- Add shim-bnc877003-fetch-from-the-same-device.patch to fetch the
netboot image from the same device (bnc#877003)

Wed May 14 14:00:00 2014 glinAATTsuse.com
- Use --reinit instead of --refresh in %post to update the files
in /boot

Thu May 8 14:00:00 2014 glinAATTsuse.com
- Update signature-sles.asc: shim signed by UEFI signing service,
based on code from \"Thu Apr 10 08:26:15 UTC 2014\".

Tue Apr 29 14:00:00 2014 mchangAATTsuse.com
- shim-install: fix boot partition and rollback support kluge
(bnc#875385)

Thu Apr 10 14:00:00 2014 glinAATTsuse.com
- Add shim-allow-fallback-use-system-loadimage.patch to handle the
shim protocol properly to keep only one protocol entity
(bnc#868342)
- Add shim-mokmanager-support-sha-family.patch to support SHA
family

Mon Mar 31 14:00:00 2014 mchangAATTsuse.com
- snapper rollback support (fate#317062)
- refresh shim-install

Thu Mar 13 13:00:00 2014 glinAATTsuse.com
- Insert the right signature (bnc#867974)

Wed Mar 12 13:00:00 2014 glinAATTsuse.com
- Merge Michael\'s fix for shim-install: fix the $prefix to use
grub2-mkrelpath for paths on btrfs subvolume (bnc#866690).

Mon Mar 10 13:00:00 2014 glinAATTsuse.com
- Add shim-fix-uninitialized-variable.patch to fix the use of
uninitialzed variables in lib

Fri Mar 7 13:00:00 2014 glinAATTsuse.com
- Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV
variables the right way

Thu Mar 6 13:00:00 2014 glinAATTsuse.com
- Add shim-fallback-avoid-duplicate-bootorder.patch to fix the
duplicate entries in BootOrder

Tue Mar 4 13:00:00 2014 glinAATTsuse.com
- FATE#315002: Update shim-install to install shim.efi as the EFI
default bootloader when none exists in \\EFI\\boot.

Thu Feb 27 13:00:00 2014 fcrozatAATTsuse.com
- Update signature-sles.asc: shim signed by UEFI signing service,
based on code from \"Fri Feb 21 02:36:49 UTC 2014\".

Fri Feb 21 13:00:00 2014 glinAATTsuse.com
- always clean up generated files that embed certificates
(shim_cert.h shim.cer shim.crt) to make sure next build loop
rebuilds them properly
- allow package to carry multiple signatures
- check correct certificate is embedded

Mon Feb 17 13:00:00 2014 glinAATTsuse.com
- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
hash deletion operation to avoid ruining the whole list
(bnc#863205)

Tue Feb 11 13:00:00 2014 glinAATTsuse.com
- Update shim-mokx-support.patch to enable the resetting of MOK
blacklist
- Add shim-get-variable-check.patch to fix the variable checking
in get_variable_attr
- Add shim-improve-fallback-entries-creation.patch to improve the
boot entry pathes and avoid generating the boot entries that
are already there
- Restore attach_signature.sh, show_hash.sh, and strip_signature.sh
since those scripts could be useful to generate the EFI image for
the UEFI signing service
- Match the the prefix of the project name properly by escaping the
percent sign.

Fri Jan 24 13:00:00 2014 glinAATTsuse.com
- Update SUSE certificate
- Drop attach_signature.sh and show_hash.sh since pesign now can
proceed the commands without a nss database
- Drop unused script strip_signature.sh
- Update extract_signature.sh and show_signatures.sh to remove the
creation of the temporary nss database
- Add shim-only-os-name.patch: remove the kernel version of the
build server
- Enable signature assertion also in SUSE: hierarchy

Fri Dec 6 13:00:00 2013 glinAATTsuse.com
- Add shim-mokmanager-handle-keystroke-error.patch to handle the
error status from ReadKeyStroke to avoid unexpected keys

Thu Dec 5 13:00:00 2013 glinAATTsuse.com
- Update to 0.7
- Add upstream patches:
+ shim-fix-verify-mok.patch
+ shim-improve-error-messages.patch
+ shim-correct-user_insecure-usage.patch
+ shim-fix-dhcpv4-path-generation.patch
- Add shim-mokx-support.patch to support the MOK blacklist
(Fate#316531)
- Drop upstreamed patches
+ shim-fix-pointer-casting.patch
+ shim-merge-lf-loader-code.patch
+ shim-fix-simple-file-selector.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
+ shim-netboot-fixes.patch
+ shim-mokmanager-disable-gfx-console.patch
- Drop shim-suse-build.patch: it\'s not necessary anymore
- Drop shim-bnc841426-silence-shim-protocols.patch: shim is not
verbose by default

Thu Oct 31 13:00:00 2013 fcrozatAATTsuse.com
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from \"Tue Oct 1 04:29:29 UTC 2013\".

Tue Oct 1 14:00:00 2013 glinAATTsuse.com
- Add shim-netboot-fixes.patch to include upstream netboot fixes
- Add shim-mokmanager-disable-gfx-console.patch to disable the
graphics console to avoid system hang on some machines
- Add shim-bnc841426-silence-shim-protocols.patch to silence the
shim protocols (bnc#841426)

Wed Sep 25 14:00:00 2013 glinAATTsuse.com
- Create boot.csv in ESP for fallback.efi to restore the boot entry

Tue Sep 17 14:00:00 2013 fcrozatAATTsuse.com
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from \"Fri Sep 6 13:57:36 UTC 2013\".
- Improve extract_signature.sh to work on current path.

Fri Sep 6 14:00:00 2013 lnusselAATTsuse.de
- set timestamp of PE file to time of the binary the signature was
made for.
- make sure cert.o get\'s rebuilt for each target

Fri Sep 6 14:00:00 2013 fcrozatAATTsuse.com
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from \"Wed Aug 28 15:54:38 UTC 2013\"

Wed Aug 28 14:00:00 2013 lnusselAATTsuse.de
- always build a shim that embeds the distro\'s certificate (e.g.
shim-opensuse.efi). If the package is built in the devel project
additionally shim-devel.efi is created. That allows us to either
load grub2/kernel signed by the distro or signed by the devel
project, depending on use case. Also shim-$distro.efi from the
devel project can be used to request additional signatures.

Wed Aug 28 14:00:00 2013 lnusselAATTsuse.de
- also include old openSUSE 4096 bit certificate to be able to still
boot kernels signed with that key.
- add show_signatures script

Tue Aug 27 14:00:00 2013 lnusselAATTsuse.de
- replace the 4096 bit openSUSE UEFI CA certificate with new a
standard compliant 2048 bit one.

Tue Aug 20 14:00:00 2013 lnusselAATTsuse.de
- fix shell syntax error

Wed Aug 7 14:00:00 2013 lnusselAATTsuse.de
- don\'t include binary in the sources. Instead package the raw
signature and attach it during build (bnc#813448).

Tue Jul 30 14:00:00 2013 glinAATTsuse.com
- Update shim-mokmanager-ui-revamp.patch to include fixes for
MokManager
+ reboot the system after clearing MOK password
+ fetch more info from X509 name
+ check the suffix of the key file

Tue Jul 23 14:00:00 2013 glinAATTsuse.com
- Update to 0.4
- Rebase patches
+ shim-suse-build.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
- Add patches
+ shim-merge-lf-loader-code.patch: merge the Linux Foundation
loader UI code
+ shim-fix-pointer-casting.patch: fix a casting issue and the
size of an empty vendor cert
+ shim-fix-simple-file-selector.patch: fix the buffer allocation
in the simple file selector
- Remove upstreamed patches
+ shim-support-mok-delete.patch
+ shim-reboot-after-changes.patch
+ shim-clear-queued-key.patch
+ shim-local-key-sign-mokmanager.patch
+ shim-get-2nd-stage-loader.patch
+ shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs

Wed May 8 14:00:00 2013 glinAATTsuse.com
- Add shim-mokmanager-ui-revamp.patch to update the MokManager UI

Wed Apr 3 14:00:00 2013 glinAATTsuse.com
- Call update-bootloader in %post to update
*.efi in \\efi\\opensuse
(bnc#813079)

Fri Mar 8 13:00:00 2013 glinAATTsuse.com
- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the
PXE 2nd stage loader name (bnc#807760)
- Add shim-bnc808106-correct-certcount.patch to correct the
certificate count of the signature list (bnc#808106)

Fri Mar 1 13:00:00 2013 glinAATTsuse.com
- Add shim-bnc798043-no-doulbe-separators.patch to remove double
seperators from the bootpath (bnc#798043#c4)

Thu Feb 28 13:00:00 2013 lnusselAATTsuse.de
- sign shim also with openSUSE certificate

Wed Feb 27 13:00:00 2013 mlsAATTsuse.de
- identify project, export certificate as DER file
- don\'t create an unused extra keypair

Thu Feb 21 13:00:00 2013 glinAATTsuse.com
- Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken
bootpath generated in generate_path(). (bnc#804631)

Mon Feb 11 13:00:00 2013 fcrozatAATTsuse.com
- Update with shim signed by UEFI signing service, based on code
from \"Thu Feb 7 06:56:19 UTC 2013\".

Thu Feb 7 13:00:00 2013 lnusselAATTsuse.de
- prepare for having a signed shim from the UEFI signing service

Thu Feb 7 13:00:00 2013 glinAATTsuse.com
- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
MokManager and sign it later.

Wed Feb 6 13:00:00 2013 mchangAATTsuse.com
- Add shim-install utility
- Add Recommends to grub2-efi

Wed Jan 30 13:00:00 2013 glinAATTsuse.com
- Add shim-mokmanager-support-crypt-hash-method.patch to support
password hash from /etc/shadow (FATE#314506)

Tue Jan 29 13:00:00 2013 glinAATTsuse.com
- Embed openSUSE-UEFI-CA-Certificate.crt in shim
- Rename shim-unsigned.efi to shim-opensuse.efi.

Fri Jan 18 13:00:00 2013 glinAATTsuse.com
- Update shim-mokmanager-new-pw-hash.patch to extend the password
hash format
- Rename shim.efi as shim-unsigned.efi

Wed Jan 16 13:00:00 2013 glinAATTsuse.com
- Merge patches for FATE#314506
+ Add shim-support-mok-delete.patch to add support for deleting
specific keys
+ Add shim-mokmanager-new-pw-hash.patch to support the new
password hash.
- Drop shim-correct-mok-size.patch which is included in
shim-support-mok-delete.patch
- Merge shim-remove-debug-code.patch and
shim-local-sign-mokmanager.patch into
shim-local-key-sign-mokmanager.patch
- Install COPYRIGHT

Tue Jan 15 13:00:00 2013 glinAATTsuse.com
- Add shim-fix-loadoptions.patch to adopt the UEFI shell style
LoadOptions (bnc#798043)
- Drop shim-check-pk-kek.patch since upstream rejected the patch
due to violation of SPEC.
- Install EFI binaries to /usr/lib64/efi

Wed Dec 26 13:00:00 2012 glinAATTsuse.com
- Update shim-reboot-after-changes.patch to avoid rebooting the
system after enrolling keys/hashes from the file system
- Add shim-correct-mok-size.patch to correct the size of MOK
- Add shim-clear-queued-key.patch to clear the queued key and show
the menu properly

Wed Dec 12 13:00:00 2012 fcrozatAATTsuse.com
- Remove shim-rpmlintrc, it wasn\'t fixing the error, hide error
stdout to prevent post build check to get triggered by cast
warnings in openSSL code
- Add shim-remove-debug-code.patch: remove debug code

Wed Dec 12 13:00:00 2012 glinAATTsuse.com
- Add shim-rpmlintrc to filter 64bit portability errors

Tue Dec 11 13:00:00 2012 glinAATTsuse.com
- Add shim-local-sign-mokmanager.patch to create a local certicate
to sign MokManager
- Add shim-get-2nd-stage-loader.patch to get the second stage
loader path from the load options
- Add shim-check-pk-kek.patch to verify EFI images with PK and KEK
- Add shim-reboot-after-changes.patch to reboot the system after
enrolling or erasing keys
- Install the EFI images to /usr/lib64/shim instead of the EFI
partition
- Update the mail address of the author

Fri Nov 2 13:00:00 2012 glinAATTsuse.com
- Add new package shim 0.2 (FATE#314484)
+ It\'s in fact git 2fd180a92 since there is no tag for 0.2


  
ICM