SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shim-unsigned-x64-15-9.el7.x86_64.rpm :
Tue Sep 29 14:00:00 2020 Scientific Linux Auto Patch Process
- Added Source: shim-spec_efidir.patch
--> hardcode efidir for compat with 7.0-7.5
- Replaced Source: securebootca.cer
--> Use the FNAL SL signing certificate
- Added Source: shim.ini
--> Config file for automated patch script

Wed Sep 9 14:00:00 2020 Peter Jones - 15-9.el7
- Fix an incorrect allocation size.
Related: rhbz#1875486

Thu Jul 30 14:00:00 2020 Peter Jones - 15-8.el7
- Fix a load-address-dependent forever loop.
Resolves: rhbz#1862045
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
Related: CVE-2020-15705
Related: CVE-2020-15706
Related: CVE-2020-15707

Sat Jul 25 14:00:00 2020 Peter Jones - 15-7
- Implement Lenny\'s workaround.
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311

Thu Jul 23 14:00:00 2020 Peter Jones - 15-6
- Rebuild for bug fixes and new signing keys
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311

Mon Mar 18 13:00:00 2019 Peter Jones - 15-5
- Fix a couple more things that are breaking reproducability, and thus
breaking external review.
Related: rhbz#1649270

Fri Mar 15 13:00:00 2019 Peter Jones - 15-4
- Fight with binutils to try to get a binary without timestamps in it.
Again, but without breaking aarch64 this time.
Related: rhbz#1649270

Fri Mar 15 13:00:00 2019 Peter Jones - 15-3
- Fight with binutils to try to get a binary without timestamps in it. Again.
Related: rhbz#1649270

Tue Feb 12 13:00:00 2019 Peter Jones - 15-2
- Fix MoK mirroring issue which breaks kdump without intervention
Related: rhbz#1649270

Mon Jun 18 14:00:00 2018 Peter Jones - 15-1
- Update to shim 15
Resolves: rhbz#1589961

Thu Apr 27 14:00:00 2017 Peter Jones - 12-1
- Update to 12-1 to work around a signtool.exe bug
Related: rhbz#1445393

Mon Apr 3 14:00:00 2017 Peter Jones - 11-1
- Update to 11-1
Related: rhbz#1310766
- Fix regression in PE loader
Related: rhbz#1310766
- Fix case where BDS invokes us wrong and we exec shim again as a result
Related: rhbz#1310766

Tue Mar 21 13:00:00 2017 Peter Jones - 10-1
- Update to 10-1
- Support ia32
Resolves: rhbz#1310766
- Handle various different load option implementation differences
- TPM 1 and TPM 2 support.
- Update to OpenSSL 1.0.2k

Mon Jun 22 14:00:00 2015 Peter Jones - 0.9-1
- Update to 0.9-1
- Fix early call to BS->Exit()
Resolves: rhbz#1115843
- Implement shim on aarch64
Resolves: rhbz#1100048
Resolves: rhbz#1190191

Mon Jun 22 14:00:00 2015 Peter Jones - 0.7-14
- Excise mokutil.
Related: rhbz#1100048

Mon Jun 22 14:00:00 2015 Peter Jones - 0.7-13
- Do a build for Aarch64 to make the tree composable.
Related: rhbz#1100048

Wed Feb 25 13:00:00 2015 Peter Jones - 0.7-10
- Fix a couple more minor bugs aavmf has found in fallback.
Related: rhbz#1190191
- Build lib/ with the right CFLAGS
Related: rhbz#1190191

Tue Feb 24 13:00:00 2015 Peter Jones - 0.7-9
- Fix aarch64 section loading.
Related: rhbz#1190191

Tue Sep 30 14:00:00 2014 Peter Jones - 0.7-8
- Build -8 for arm as well.
Related: rhbz#1100048
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677

Tue Sep 23 14:00:00 2014 Peter Jones - 0.7-7
- Use the right key for ARM Aarch64.

Sun Sep 21 14:00:00 2014 Peter Jones - 0.7-6
- Preliminary build for ARM Aarch64.

Tue Feb 18 13:00:00 2014 Peter Jones - 0.7-5
- Update for production signing
Resolves: rhbz#1064424
Related: rhbz#1064449

Thu Nov 21 13:00:00 2013 Peter Jones - 0.7-4
- Make dhcpv4 paths work better when netbooting.
Resolves: rhbz#1032583

Thu Nov 14 13:00:00 2013 Peter Jones - 0.7-3
- Make lockdown include UEFI and other KEK/DB entries.
Resolves: rhbz#1030492

Fri Nov 8 13:00:00 2013 Peter Jones - 0.7-2
- Update lockdown to reflect SetupMode better as well
Related: rhbz#996863

Wed Nov 6 13:00:00 2013 Peter Jones - 0.7-1
- Fix logic to handle SetupMode efi variable.
Related: rhbz#996863

Thu Oct 31 13:00:00 2013 Peter Jones - 0.6-1
- Fix a FreePool(NULL) call on machines too old for SB

Fri Oct 4 14:00:00 2013 Peter Jones - 0.5-1
- Update to 0.5

Tue Aug 6 14:00:00 2013 Peter Jones - 0.4-3
- Build with early RHEL test keys.
Related: rhbz#989442

Thu Jul 25 14:00:00 2013 Peter Jones - 0.4-2
- Fix minor RHEL 7.0 build issues
Resolves: rhbz#978766
- Be less verbose by default

Tue Jun 11 14:00:00 2013 Peter Jones - 0.4-1
- Update to 0.4

Fri Jun 7 14:00:00 2013 Peter Jones - 0.3-2
- Require gnu-efi-3.0q for now.
- Don\'t allow mmx or sse during compilation.
- Re-organize this so all real signing happens in shim-signed instead.
- Split out mokutil

Wed Dec 12 13:00:00 2012 Peter Jones - 0.2-3
- Fix mokutil\'s idea of signature sizes.

Wed Nov 28 13:00:00 2012 Matthew Garrett - 0.2-2
- Fix secure_mode() always returning true

Mon Nov 26 13:00:00 2012 Matthew Garrett - 0.2-1
- Update shim
- Include mokutil
- Add debuginfo package since mokutil is a userspace executable

Mon Oct 22 14:00:00 2012 Peter Jones - 0.1-4
- Produce an unsigned shim

Tue Aug 14 14:00:00 2012 Peter Jones - 0.1-3
- Update how embedded cert and signing work.

Mon Aug 13 14:00:00 2012 Josh Boyer - 0.1-2
- Add patch to fix image size calculation

Mon Aug 13 14:00:00 2012 Matthew Garrett - 0.1-1
- initial release


  
ICM