Changelog for
shim-debugsource-15+git47-lp152.4.5.1.x86_64.rpm :
* Mon Aug 24 2020 Gary Ching-Pang Lin
- shim-install: install MokManager to \\EFI\\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
* Fri Jul 31 2020 Johannes Segitz - Updated openSUSE signature
* Wed Jul 22 2020 Gary Ching-Pang Lin - Update the path to grub-tpm.efi in shim-install (bsc#1174320)
* Fri Jul 10 2020 Gary Ching-Pang Lin - Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys- Drop shim-opensuse-signed.efi + We don\'t need it anymore
* Fri Jul 10 2020 Gary Ching-Pang Lin - Add shim-bsc1173411-only-check-efi-var-on-sb.patch to only check EFI variable copying when Secure Boot is enabled (bsc#1173411)
* Tue Mar 31 2020 Gary Ching-Pang Lin - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104)
* Mon Mar 30 2020 Gary Ching-Pang Lin - Use \"suse_version\" instead of \"sle_version\" to avoid shim_lib64_share_compat being set in Tumbleweed forever.
* Mon Mar 16 2020 Gary Ching-Pang Lin - Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused by the upgrade of gnu-efi
* Wed Nov 27 2019 Michael Chang - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953)
* Fri Aug 16 2019 Gary Ching-Pang Lin - Fix a typo in shim-install (bsc#1145802)
* Fri Apr 19 2019 Martin Liška - Add gcc9-fix-warnings.patch (bsc#1121268).
* Mon Apr 15 2019 Gary Ching-Pang Lin - Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary (bsc#1113225)
* Fri Apr 12 2019 Gary Ching-Pang Lin - Disable AArch64 build (FATE#325971) + AArch64 machines don\'t use UEFI CA, at least for now.
* Thu Apr 11 2019 jsegitzAATTsuse.com- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026)
* Thu Feb 14 2019 rwAATTsuse.com- Fix conditions for \'/usr/share/efi\'-move (FATE#326960)
* Mon Jan 28 2019 Gary Ching-Pang Lin - Amend shim.spec to remove $RPM_BUILD_ROOT
* Thu Jan 17 2019 rwAATTsuse.com- Move \'efi\'-executables to \'/usr/share/efi\' (FATE#326960) (preparing the move to \'noarch\' for this package)
* Mon Jan 14 2019 Gary Ching-Pang Lin - Update shim-install to handle the partitioned MD devices (bsc#1119762, bsc#1119763)
* Thu Dec 20 2018 Gary Ching-Pang Lin - Update to 15+git47 (bsc#1120026, FATE#325971) + git commit: b3e4d1f7555aabbf5d54de5ea7cd7e839e7bd83d- Retire the old openSUSE 4096 bit certificate + Those programs are already out of maintenance.- Add shim-always-mirror-mok-variables.patch to mirror MOK variables correctly- Add shim-correct-license-in-headers.patch to correct the license declaration- Refresh patches: + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-bsc1092000-fallback-menu.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches: + shim-bsc1088585-handle-mok-allocations-better.patch + shim-httpboot-amend-device-path.patch + shim-httpboot-include-console.h.patch + shim-only-os-name.patch + shim-remove-cryptpem.patch
* Wed Dec 05 2018 Gary Ching-Pang Lin - Update shim-install to specify the target for grub2-install and change the boot efi file name according to the architecture (bsc#1118363, FATE#325971)
* Tue Aug 21 2018 glinAATTsuse.com- Enable AArch64 build (FATE#325971) + Also add the aarch64 signature files and rename the x86_64 signature files
* Tue May 29 2018 glinAATTsuse.com- Add shim-bsc1092000-fallback-menu.patch to show a menu before system reset ((bsc#1092000))
* Tue Apr 10 2018 glinAATTsuse.com- Add shim-bsc1088585-handle-mok-allocations-better.patch to avoid double-freeing after enrolling a key from the disk (bsc#1088585) + Also refresh shim-opensuse-cert-prompt.patch due to the change in MokManager.c
* Tue Apr 03 2018 glinAATTsuse.com- Install the certificates with a shim suffix to avoid conflicting with other packages (bsc#1087847)
* Fri Mar 23 2018 glinAATTsuse.com- Add the missing leading backlash to the DEFAULT_LOADER (bsc#1086589)
* Fri Jan 05 2018 glinAATTsuse.com- Add shim-httpboot-amend-device-path.patch to amend the device path matching rule for httpboot (bsc#1065370)
* Thu Jan 04 2018 glinAATTsuse.com- Update to 14 (bsc#1054712)- Adjust make commands in spec- Drop upstreamed fixes + shim-add-fallback-verbose-print.patch + shim-back-to-openssl-1.0.2e.patch + shim-fallback-workaround-masked-ami-variables.patch + shim-fix-fallback-double-free.patch + shim-fix-httpboot-crash.patch + shim-fix-openssl-flags.patch + shim-more-tpm-measurement.patch- Add shim-httpboot-include-console.h.patch to include console.h in httpboot.c to avoid build failure- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c with the null function- Update SUSE/openSUSE specific patches + shim-only-os-name.patch + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-opensuse-cert-prompt.patch
* Fri Dec 29 2017 ngompa13AATTgmail.com- Fix debuginfo + debugsource subpackage generation for RPM 4.14- Set the RPM groups correctly for debug{info,source} subpackages- Drop deprecated and out of date Authors information in description
* Wed Sep 13 2017 glinAATTsuse.com- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some legit certificates (bsc#1054712)- Add the stderr mask back while compiling MokManager.efi since the warnings in Cryptlib is back after reverting the openssl commits.
* Tue Aug 29 2017 glinAATTsuse.com- Add shim-add-fallback-verbose-print.patch to print the debug messages in fallback.efi dynamically- Refresh shim-fallback-workaround-masked-ami-variables.patch- Add shim-more-tpm-measurement.patch to measure more components and support TPM better
* Wed Aug 23 2017 glinAATTsuse.com- Add upstream fixes + shim-fix-httpboot-crash.patch + shim-fix-openssl-flags.patch + shim-fix-fallback-double-free.patch + shim-fallback-workaround-masked-ami-variables.patch- Remove the stderr mask while compiling MokManager.efi since the warnings in Cryptlib were fixed.
* Tue Aug 22 2017 glinAATTsuse.com- Add shim-arch-independent-names.patch to use the Arch-independent names. (bsc#1054712)- Refresh shim-change-debug-file-path.patch- Disable shim-opensuse-cert-prompt.patch automatically in SLE- Diable AArch64 until we have a real user and aarch64 signature
* Fri Jul 14 2017 bwiedemannAATTsuse.com- Make build reproducible by avoiding race between find and cp
* Thu Jun 22 2017 glinAATTsuse.com- Update to 12- Rename the result EFI images due to the upstream name change + shimx64 -> shim + mmx64 -> MokManager + fbx64 -> fallback- Refresh patches: + shim-only-os-name.patch + shim-change-debug-file-path.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches: + shim-httpboot-support.patch + shim-bsc973496-mokmanager-no-append-write.patch + shim-bsc991885-fix-sig-length.patch + shim-update-openssl-1.0.2g.patch + shim-update-openssl-1.0.2h.patch
* Tue May 23 2017 glinAATTsuse.com- Add the build flag to enable HTTPBoot
* Wed Mar 22 2017 mchangAATTsuse.com- shim-install: add option --suse-enable-tpm (fate#315831)
* Fri Jan 13 2017 mchangAATTsuse.com- Support %posttrans with marcos provided by update-bootloader-rpm-macros package (bsc#997317)
* Fri Nov 18 2016 glinAATTsuse.com- Add SIGNATURE_UPDATE.txt to state the steps to update signature-
*.asc- Update the comment of strip_signature.sh
* Wed Sep 21 2016 mchangAATTsuse.com- shim-install :
* add option --no-nvram (bsc#999818)
* improve removable media and fallback mode handling
* Fri Aug 19 2016 mchangAATTsuse.com- shim-install : fix regression of password prompt (bsc#993764)
* Fri Aug 05 2016 glinAATTsuse.com- Add shim-bsc991885-fix-sig-length.patch to fix the signature length passed to Authenticode (bsc#991885)
* Wed Aug 03 2016 glinAATTsuse.com- Update shim-bsc973496-mokmanager-no-append-write.patch to try append write first
* Tue Aug 02 2016 glinAATTsuse.com- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h- Bump the requirement of gnu-efi due to the HTTPBoot support
* Mon Aug 01 2016 glinAATTsuse.com- Add shim-httpboot-support.patch to support HTTPBoot- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6- Drop patches since they are merged into shim-update-openssl-1.0.2g.patch + shim-update-openssl-1.0.2d.patch + shim-gcc5.patch + shim-bsc950569-fix-cryptlib-va-functions.patch + shim-fix-aarch64.patch- Refresh shim-change-debug-file-path.patch- Add shim-bsc973496-mokmanager-no-append-write.patch to work around the firmware that doesn\'t support APPEND_WRITE (bsc973496)- shim-install : remove \'\
\' from the help message (bsc#991188)- shim-install : print a message if there is no valid EFI partition (bsc#991187)
* Mon May 09 2016 rwAATTsuse.com- shim-install : support simple MD RAID1 target devices (FATE#314829)
* Wed May 04 2016 agrafAATTsuse.com- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438)
* Wed Mar 09 2016 mchangAATTsuse.com- shim-install : fix typing ESC can escape to parent config which is in command mode and cannot return back (bsc#966701)- shim-install : fix no which command for JeOS (bsc#968264)
* Thu Dec 03 2015 jsegitzAATTnovell.com- acquired updated signature from Microsoft
* Mon Nov 09 2015 glinAATTsuse.com- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the definition of va functions to avoid the potential crash (bsc#950569)- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to MokListRT (bsc#950801)- Drop shim-fix-mokmanager-sections.patch as we are using the newer binutils now- Refresh shim-change-debug-file-path.patch
* Thu Oct 08 2015 jsegitzAATTnovell.com- acquired updated signature from Microsoft
* Tue Sep 15 2015 mchangAATTsuse.com- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release if it is empty or not set by user (bsc#942519)
* Thu Jul 16 2015 glinAATTsuse.com- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d- Refresh shim-gcc5.patch and add it back since we really need it- Add shim-change-debug-file-path.patch to change the debug file path in shim.efi + also add the debuginfo and debugsource subpackages- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
* Mon Jul 06 2015 glinAATTsuse.com- Update to 0.9- Refresh patches + shim-fix-gnu-efi-30w.patch + shim-fix-mokmanager-sections.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches + shim-bsc920515-fix-fallback-buffer-length.patch + shim-mokx-support.patch + shim-update-cryptlib.patch- Drop shim-bsc919675-uninstall-shim-protocols.patch since upstream fixed the bug in another way.- Drop shim-gcc5.patch which was fixed in another way
* Wed Apr 08 2015 glinAATTsuse.com- Fix tags in the spec file
* Tue Apr 07 2015 glinAATTsuse.com- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and openssl to 0.9.8zf- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall the shim protocols at Exit (bsc#919675)- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust the buffer size for the boot options (bsc#920515)- Refresh shim-opensuse-cert-prompt.patch
* Thu Apr 02 2015 crrodriguezAATTopensuse.org- shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5
* Tue Feb 17 2015 mchangAATTsuse.com- shim-install : fix cryptodisk installation (boo#917427)
* Tue Nov 11 2014 glinAATTsuse.com- Add shim-fix-mokmanager-sections.patch to fix the objcopy parameters for the EFI files
* Tue Oct 28 2014 glinAATTsuse.com- Update to 0.8- Add shim-fix-gnu-efi-30w.patch to adapt the change in gnu-efi-3.0w- Merge shim-signed-unsigned-compares.patch, shim-mokmanager-support-sha-family.patch and shim-bnc863205-mokmanager-fix-hash-delete.patch into shim-mokx-support.patch- Refresh shim-opensuse-cert-prompt.patch- Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch, bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch- Enable aarch64
* Mon Oct 13 2014 jsegitzAATTnovell.com- Fixed buffer overflow and OOB access in shim trusted code path (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
* added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch- Added new certificate by Microsoft